hi, I created a vlan with the ip 10.8.8.128/27 but when I connect it says NO INTERNET
Please copy the output of the following commands and post it here using the "Preformatted text </> " button:
Remember to redact passwords, MAC addresses and any public IP addresses you may have:
cat /etc/config/network
cat /etc/config/wireless
cat /etc/config/dhcp
cat /etc/config/firewall
1 Like
IP Address: 10.8.8.128
Network Address: 10.8.8.128
Usable Host IP Range: 10.8.8.129 - 10.8.8.158
Broadcast Address: 10.8.8.159
Total Number of Hosts: 32
Number of Usable Hosts: 30
Subnet Mask: 255.255.255.224
CIDR Notation: /27
Short: 10.8.8.128 /27
To be clear, 10.8.8.128 is invalid as a host IP in the network you specified - the first usable IP is x.x.x.129- Where does it says this?
- Is this WiFi or Ethernet
- Did you get an IP in the 10.8.8.128/27 range?
- If not, did you setup DHCP on this interface?
Most importantly, what version of OpenWrt are you running?
1 Like
/etc/config/network
config interface 'wifiguest'
option proto 'static'
option netmask '255.255.255.224'
option ipaddr '10.8.8.224'
/etc/config/wireless
config wifi-iface 'wifinet2'
option device 'radio0'
option mode 'ap'
option ssid 'G WIFI-guest'
option isolate '1'
option network 'wifiguest'
option encryption 'psk2'
option key 'XXXXXXXXX'
/etc/config/dhcp
config dhcp 'wifiguest'
option interface 'wifiguest'
option leasetime '12h'
list dhcp_option '6,208.67.222.222,208.67.220.220'
option start '225'
option limit '30'
/etc/config/firewall
config rule
option name 'Aceitar-Guest-DHCP'
list proto 'udp'
option src 'wifiguest'
option target 'ACCEPT'
option dest_port '67'
config rule
option name 'Aceitar-Guest-DNS'
option src 'wifiguest'
option dest_port '53'
option target 'ACCEPT'
config forwarding
option src 'wifiguest'
option dest 'wan'
I'm use snapshots builts
It'd help if you posted the full contents of those files.
1 Like
See my settings above
225 is invalid. The only valid number are between 130 and 158.
You only have 30 usable hosts, and one must be assigned to the OpenWrt - so this is also invalid.
Why don't you expand your subnet to a larger size?
I changed the ip address range to test, but it's the same, just see the initial ip
No clue what this means.
???
To asssit:
- We need to know what you changed the range to
- Additionally, we need to see the [valid] DHCP setting you edited
- We also need to verify you restarted the relevant services after editing the configs
We also need to see the full network config for the device I assume you're using as an AP (and have provided some config details for above), as well as any other router/network device that traffic needs to pass through to get to the internet.
1 Like
config
config interface 'loopback'
option device 'lo'
option proto 'static'
option ipaddr '127.0.0.1'
option netmask '255.0.0.0'
config globals 'globals'
option packet_steering '1'
option ula_prefix 'fd2b:ab7a:b23e::/48'
config device
option name 'br-lan'
option type 'bridge'
option igmp_snooping '1'
list ports 'lan1'
list ports 'lan2'
list ports 'lan3'
option hash_max '1024'
option robustness '4'
config interface 'lan'
option device 'br-lan'
option proto 'static'
option ipaddr '10.4.4.1'
option netmask '255.255.255.0'
config interface 'wan'
option device 'wan'
option proto 'dhcp'
config interface 'wan6'
option device 'wan'
option proto 'dhcpv6'
config interface 'vlan20'
option proto 'static'
option device 'br-ext.20'
option netmask '255.255.255.0'
option delegate '0'
option ipaddr '10.5.5.1'
config interface 'wifiguest'
option proto 'static'
option netmask '255.255.255.224'
option ipaddr '10.8.8.224'
config device
option type 'bridge'
option name 'br-ext'
list ports 'lan4'
option stp '1'
config bridge-vlan
option device 'br-ext'
option vlan '20'
list ports 'lan4'
wireless
config wifi-device 'radio0'
option type 'mac80211'
option path '1e140000.pcie/pci0000:00/0000:00:00.0/0000:01:00.0'
option band '2g'
option cell_density '0'
option channel '11'
option htmode 'HT20'
option country 'US'
config wifi-iface 'default_radio0'
option device 'radio0'
option network 'lan'
option mode 'ap'
option ssid 'G WIFI'
option ieee80211w '0'
option key 'Xxxxxxxxxxx'
option encryption 'psk2'
config wifi-device 'radio1'
option type 'mac80211'
option path '1e140000.pcie/pci0000:00/0000:00:01.0/0000:02:00.0'
option band '5g'
option htmode 'VHT80'
option disabled '0'
option txpower '14'
option country 'BR'
option cell_density '0'
option channel '44'
config wifi-iface 'default_radio1'
option device 'radio1'
option network 'lan'
option mode 'ap'
option ssid 'G WIFI 5G'
option hidden '1'
option key 'xxxxxxxxxx0'
option encryption 'psk2'
config wifi-iface 'wifinet2'
option device 'radio0'
option mode 'ap'
option ssid 'G WIFI-guest'
option isolate '1'
option network 'wifiguest'
option encryption 'psk2'
option key 'xxxxxxxxx'
dhcp
config dnsmasq
option domainneeded '1'
option localise_queries '1'
option rebind_protection '1'
option rebind_localhost '1'
option local '/lan/'
option domain 'lan'
option expandhosts '1'
option authoritative '1'
option readethers '1'
option leasefile '/tmp/dhcp.leases'
option localservice '1'
option ednspacket_max '1232'
option localuse '1'
option min_cache_ttl '65'
option quietdhcp '1'
option filterwin2k '1'
list server '127.0.0.1#5453'
list server '0::1#5453'
option noresolv '1'
list address '/flurry.com/'
list address '/androidtvwatsonfe-pa.googleapis.com/'
list address '/userlocation.googleapis.com/'
list address '/firebaseinstallations.googleapis.com/'
list address '/app-measurement.com/'
list address '/dit.whatsapp.net/'
option dnsforwardmax '500'
option cachesize '5120'
config dhcp 'lan'
option interface 'lan'
option dhcpv4 'server'
option dhcpv6 'server'
option ra 'server'
list ra_flags 'managed-config'
list ra_flags 'other-config'
option leasetime '24h'
option start '100'
option limit '50'
config dhcp 'wan'
option interface 'wan'
option ignore '1'
config odhcpd 'odhcpd'
option maindhcp '0'
option leasefile '/tmp/hosts/odhcpd'
option leasetrigger '/usr/sbin/odhcpd-update'
option loglevel '4'
config domain
option name 'router.lan'
option ip '10.4.4.1'
config dhcp 'vlan20'
option interface 'vlan20'
option start '100'
option leasetime '24h'
list dhcp_option '6,208.67.222.222,208.67.220.220'
option limit '10'
config dhcp 'guest'
option interface 'guest'
option start '100'
option leasetime '12h'
list dhcp_option '6,208.67.222.222,208.67.220.220'
option limit '15'
config dhcp 'wifiguest'
option interface 'wifiguest'
option leasetime '12h'
list dhcp_option '6,208.67.222.222,208.67.220.220'
option start '225'
option limit '30'
firewall
config defaults
option input 'ACCEPT'
option output 'ACCEPT'
option synflood_protect '1'
option forward 'REJECT'
option flow_offloading '1'
option flow_offloading_hw '1'
config forwarding
option src 'lan'
option dest 'wan'
config rule
option name 'Allow-Ping'
option src 'wan'
option proto 'icmp'
option icmp_type 'echo-request'
option family 'ipv4'
option target 'ACCEPT'
config rule
option name 'Allow-DHCP-Renew'
option src 'wan'
option proto 'udp'
option dest_port '68'
option target 'ACCEPT'
option family 'ipv4'
config rule
option name 'Allow-IGMP'
option src 'wan'
option proto 'igmp'
option family 'ipv4'
option target 'ACCEPT'
config rule
option name 'Allow-DHCPv6'
option src 'wan'
option proto 'udp'
option src_ip 'fc00::/6'
option dest_ip 'fc00::/6'
option dest_port '546'
option family 'ipv6'
option target 'ACCEPT'
config rule
option name 'Allow-MLD'
option src 'wan'
option proto 'icmp'
option src_ip 'fe80::/10'
list icmp_type '130/0'
list icmp_type '131/0'
list icmp_type '132/0'
list icmp_type '143/0'
option family 'ipv6'
option target 'ACCEPT'
config rule
option name 'Allow-ICMPv6-Input'
option src 'wan'
option proto 'icmp'
list icmp_type 'echo-request'
list icmp_type 'echo-reply'
list icmp_type 'destination-unreachable'
list icmp_type 'packet-too-big'
list icmp_type 'time-exceeded'
list icmp_type 'bad-header'
list icmp_type 'unknown-header-type'
list icmp_type 'router-solicitation'
list icmp_type 'neighbour-solicitation'
list icmp_type 'router-advertisement'
list icmp_type 'neighbour-advertisement'
option limit '1000/sec'
option family 'ipv6'
option target 'ACCEPT'
config rule
option name 'Allow-ICMPv6-Forward'
option src 'wan'
option dest '*'
option proto 'icmp'
list icmp_type 'echo-request'
list icmp_type 'echo-reply'
list icmp_type 'destination-unreachable'
list icmp_type 'packet-too-big'
list icmp_type 'time-exceeded'
list icmp_type 'bad-header'
list icmp_type 'unknown-header-type'
option limit '1000/sec'
option family 'ipv6'
option target 'ACCEPT'
config rule
option name 'Allow-IPSec-ESP'
option src 'wan'
option dest 'lan'
option proto 'esp'
option target 'ACCEPT'
config rule
option name 'Allow-ISAKMP'
option src 'wan'
option dest 'lan'
option dest_port '500'
option proto 'udp'
option target 'ACCEPT'
config zone
option name 'lan'
option input 'ACCEPT'
option output 'ACCEPT'
option forward 'REJECT'
list network 'lan'
config zone
option name 'wan'
option input 'REJECT'
option output 'ACCEPT'
option forward 'REJECT'
option mtu_fix '1'
option masq '1'
list network 'wan'
list network 'wan6'
config zone
option name 'vlan20'
option output 'ACCEPT'
option forward 'REJECT'
option input 'REJECT'
list network 'vlan20'
config zone
option output 'ACCEPT'
option name 'wifiguest'
option forward 'REJECT'
option input 'REJECT'
list network 'wifiguest'
config forwarding
option src 'vlan20'
option dest 'wan'
config rule
option name 'Aceitar-DHCP-VLAN20'
option src 'vlan20'
option dest_port '67'
option target 'ACCEPT'
list proto 'udp'
config rule
option name 'Aceitar-DNS-VLAN20'
option src 'vlan20'
option dest_port '53'
option target 'ACCEPT'
config rule
option name 'Aceitar-Guest-DHCP'
list proto 'udp'
option src 'wifiguest'
option target 'ACCEPT'
option dest_port '67'
config rule
option name 'Aceitar-Guest-DNS'
option src 'wifiguest'
option dest_port '53'
option target 'ACCEPT'
config forwarding
option src 'wifiguest'
option dest 'wan'
config rule
option name 'Permitir-LAN-para-VLAN20'
option src 'lan'
option dest 'vlan20'
option target 'ACCEPT'
config rule
option name 'd'
option src 'lan'
option target 'REJECT'
option dest 'wan'
list proto 'all'
list src_ip '10.4.4.101'
option enabled '0'
That is still wrong. You can't use the first or last IP in a range as a device's address. In the case of a /24 those are the .0 and .255 addresses.
Why are you using (or trying to use) these odd subnets? It is a lot simpler to set up your various internal networks with /24 wherever possible so the numbers line up.
1 Like
I'm studying networks and I want to reduce CIDR
In the home, there's no need to "reduce CIDR" when the whole 10.0.0.0/8 range is private.
The ship has sailed on optimizing IPv4. It's called IPv6.
1 Like
I used this website to calculate
I calculated and use a correct range, however, I don't know why it doesn't work
Again:
To assist, please show configs. If you mean the range MK24 commented about (10.8.8.224/27), you were told that 224 is an invalid IP (224 IP is the Network Address - which is invalid).