okoolo
February 2, 2023, 1:54am
1
I have a wrt router(192.168.2.1) wan port hooked up to isp gateway(192.168.1.1) lan port via ethernet cable. Running basically dumb AP setup. Everything works great (web works fine) except that when I'm mac bridging I can't ping names (ex www.google.com ) Pinging 8.8.8.8 works fine. If I turn off mac bridging I can ping by name fine. Firewall has default settings.
Any ideas?
It looks like you're using this in a standard router configuration, based on what appears to be a public IP on your OpenWrt wan.
Let's see your complete config in text form...
Please copy the output of the following commands and post it here using the "Preformatted text </>
" button:
Remember to redact passwords, MAC addresses and any public IP addresses you may have:
cat /etc/config/network
cat /etc/config/wireless
cat /etc/config/dhcp
cat /etc/config/firewall
okoolo
February 2, 2023, 5:37am
3
Same configuration works perfectly well when I disable mac bridging. Anyways here it is:
/etc/config/network
config interface 'loopback'
option device 'lo'
option proto 'static'
option ipaddr '127.0.0.1'
option netmask '255.0.0.0'
config globals 'globals'
option ula_prefix 'fd59:ca6d:9d13::/48'
config device
option name 'br-lan'
option type 'bridge'
list ports 'eth0.1'
config interface 'lan'
option device 'br-lan'
option proto 'static'
option netmask '255.255.255.0'
option ip6assign '60'
option ipaddr '192.168.2.1'
config device
option name 'eth0.2'
option macaddr '98:da:c4:98:88:58'
config interface 'wan'
option device 'eth0.2'
option proto 'dhcp'
config interface 'wan6'
option device 'eth0.2'
option proto 'dhcpv6'
config switch
option name 'switch0'
option reset '1'
option enable_vlan '1'
config switch_vlan
option device 'switch0'
option vlan '1'
option ports '2 3 4 5 0t'
config switch_vlan
option device 'switch0'
option vlan '2'
option ports '1 0t'
/etc/config/wireless
config wifi-device 'radio0'
option type 'mac80211'
option path 'pci0000:00/0000:00:00.0'
option channel '36'
option band '5g'
option htmode 'VHT80'
option cell_density '0'
config wifi-iface 'default_radio0'
option device 'radio0'
option network 'lan'
option mode 'ap'
option ssid 'test'
option encryption 'psk2'
option key 'test'
config wifi-device 'radio1'
option type 'mac80211'
option path 'platform/ahb/18100000.wmac'
option channel '1'
option band '2g'
option htmode 'HT20'
option cell_density '0'
config wifi-iface 'default_radio1'
option device 'radio1'
option network 'lan'
option mode 'ap'
option ssid 'test'
option encryption 'psk2'
option key 'test'
/etc/config/dhcp
config dnsmasq
option domainneeded '1'
option boguspriv '1'
option filterwin2k '0'
option localise_queries '1'
option rebind_protection '1'
option rebind_localhost '1'
option local '/lan/'
option domain 'lan'
option expandhosts '1'
option nonegcache '0'
option authoritative '1'
option readethers '1'
option leasefile '/tmp/dhcp.leases'
option resolvfile '/tmp/resolv.conf.d/resolv.conf.auto'
option nonwildcard '1'
option localservice '1'
option ednspacket_max '1232'
config dhcp 'lan'
option interface 'lan'
option start '100'
option limit '150'
option leasetime '12h'
option dhcpv4 'server'
option dhcpv6 'server'
option ra 'server'
list ra_flags 'managed-config'
list ra_flags 'other-config'
config dhcp 'wan'
option interface 'wan'
option ignore '1'
config odhcpd 'odhcpd'
option maindhcp '0'
option leasefile '/tmp/hosts/odhcpd'
option leasetrigger '/usr/sbin/odhcpd-update'
option loglevel '4'
/etc/config/firewall is the default one:
https://pastebin.com/fWZui7pj
The firewall doesn't look like the default (or at least, not the standard view of it). Normally it looks more like it does in this post .
The rest, though, looks quite standard.
Is the only problem DNS related? Can you ping 8.8.8.8? nevermind... you said this earlier in the post...
I don't know why you'd have trouble with DNS, but the simple solution is to specify your own DNS servers in OpenWrt... you can do that in the wan interface by simply disabling the "use DNS servers advertised by peer" and then entering your preferred DNS servers such as Google's or Cloudflare, or any public DNS you want to use.
1 Like
okoolo
February 2, 2023, 1:59pm
5
Didn't help sadly. Internet works great, traceroute works fine just can't ping names... Really weird.
root@:~# ping 8.8.8.8
PING 8.8.8.8 (8.8.8.8) 56(84) bytes of data.
64 bytes from 8.8.8.8: icmp_seq=1 ttl=117 time=18.2 ms
64 bytes from 8.8.8.8: icmp_seq=2 ttl=117 time=15.9 ms
64 bytes from 8.8.8.8: icmp_seq=3 ttl=117 time=15.9 ms
64 bytes from 8.8.8.8: icmp_seq=4 ttl=117 time=22.2 ms
64 bytes from 8.8.8.8: icmp_seq=5 ttl=117 time=17.0 ms
^C
--- 8.8.8.8 ping statistics ---
5 packets transmitted, 5 received, 0% packet loss, time 4006ms
rtt min/avg/max/mdev = 15.864/17.842/22.242/2.362 ms
root@:~# ping www.google.com
PING www.google.com(yyz10s14-in-x04.1e100.net (2607:f8b0:400b:80f::2004)) 56 data bytes
just hangs....
It appears that your problem is actually ipv6 related. Ipv6 dns records are being resolved, but the ipv6 connection doesn’t appear to be routing properly.
Try stopping the wan6 interface.
okoolo
February 2, 2023, 4:35pm
7
That solved the issue! Now how could I turn it back on and keep it from interfering with dns requests?
edit: do I even need wan6? I realized I'm not even sure what it does tbh
root@:~# ping www.google.com
PING www.google.com (142.251.41.36) 56(84) bytes of data.
64 bytes from yyz12s08-in-f4.1e100.net (142.251.41.36): icmp_seq=1 ttl=118 time=18.1 ms
64 bytes from yyz12s08-in-f4.1e100.net (142.251.41.36): icmp_seq=2 ttl=118 time=15.8 ms
64 bytes from yyz12s08-in-f4.1e100.net (142.251.41.36): icmp_seq=3 ttl=118 time=16.1 ms
64 bytes from yyz12s08-in-f4.1e100.net (142.251.41.36): icmp_seq=4 ttl=118 time=18.1 ms
64 bytes from yyz12s08-in-f4.1e100.net (142.251.41.36): icmp_seq=5 ttl=118 time=17.9 ms
64 bytes from yyz12s08-in-f4.1e100.net (142.251.41.36): icmp_seq=6 ttl=118 time=14.5 ms
^C
--- www.google.com ping statistics ---
6 packets transmitted, 6 received, 0% packet loss, time 5006ms
rtt min/avg/max/mdev = 14.487/16.743/18.110/1.376 ms
You don't necessarily need IPv6 for the vast majority of sites/services since most things still work on IPv4. Eventually that will change, but I personally don't use IPv6 and I've never had any issues.
If your problem is solved, please consider marking this topic as [Solved]. See How to mark a topic as [Solved] for a short how-to.
tmomas
Closed
February 12, 2023, 4:46pm
9
This topic was automatically closed 10 days after the last reply. New replies are no longer allowed.