[SOLVED] No Internet Access From Raspberry Pi Wifi

duane.hinkley · April 25, 2020, 4:18pm

How do I configure OpenWrt so I can reach the internet from wifi on the Raspberry Pi?

I added a Raspberry Pi running OpenWrt between my cable modem and Apple Airport Extreme to provide Qos. I built the new firmware to support an additional ethernet dongle (Raspberry Pi only has one ethernet port). I put the Airport into bridge mode and connected it to the Raspberry Pi dongle. The Raspberry Pi built in ethernet is connected to the cable modem.

I can connect my laptop to the Raspberry Pi wifi and run the LUCI GUI from the browser. The problem is the laptop can't reach the internet.

Here's my configuration:

/etc/config/network

config interface 'loopback'
	option ifname 'lo'
	option proto 'static'
	option ipaddr '127.0.0.1'
	option netmask '255.0.0.0'

config globals 'globals'
	option ula_prefix 'fddb:afa9:6447::/48'

config interface 'lan'
	option type 'bridge'
	option ifname 'eth0'
	option proto 'static'
	option ipaddr '10.0.1.1'
	option netmask '255.255.255.0'
	option ip6assign '60'
	list dns '75.75.75.75'
	list dns '75.75.76.76'

config interface 'wan'
	option proto 'dhcp'
	option ifname 'eth1'

/etc/config/wireless

config wifi-device 'radio0'
	option type 'mac80211'
	option channel '11'
	option hwmode '11g'
	option path 'platform/soc/3f300000.mmcnr/mmc_host/mmc1/mmc1:0001/mmc1:0001:1'
	option htmode 'HT20'
	option country 'US'

config wifi-iface 'default_radio0'
	option device 'radio0'
	option network 'lan'
	option mode 'ap'
	option ssid 'OpenWrt'
	option encryption 'psk2'
	option key 'xxxxxxxxx'

/etc/config/firewall

config defaults
	option syn_flood '1'
	option input 'ACCEPT'
	option output 'ACCEPT'
	option forward 'REJECT'

config zone
	option name 'lan'
	list network 'lan'
	option input 'ACCEPT'
	option output 'ACCEPT'
	option forward 'ACCEPT'

config zone
	option name 'wan'
	list network 'wan'
	list network 'wan6'
	option input 'REJECT'
	option output 'ACCEPT'
	option forward 'REJECT'
	option masq '1'
	option mtu_fix '1'

config forwarding
	option src 'lan'
	option dest 'wan'

config rule
	option name 'Allow-DHCP-Renew'
	option src 'wan'
	option proto 'udp'
	option dest_port '68'
	option target 'ACCEPT'
	option family 'ipv4'

config rule
	option name 'Allow-Ping'
	option src 'wan'
	option proto 'icmp'
	option icmp_type 'echo-request'
	option family 'ipv4'
	option target 'ACCEPT'

config rule
	option name 'Allow-IGMP'
	option src 'wan'
	option proto 'igmp'
	option family 'ipv4'
	option target 'ACCEPT'

config rule
	option name 'Allow-DHCPv6'
	option src 'wan'
	option proto 'udp'
	option src_ip 'fc00::/6'
	option dest_ip 'fc00::/6'
	option dest_port '546'
	option family 'ipv6'
	option target 'ACCEPT'

config rule
	option name 'Allow-MLD'
	option src 'wan'
	option proto 'icmp'
	option src_ip 'fe80::/10'
	list icmp_type '130/0'
	list icmp_type '131/0'
	list icmp_type '132/0'
	list icmp_type '143/0'
	option family 'ipv6'
	option target 'ACCEPT'

config rule
	option name 'Allow-ICMPv6-Input'
	option src 'wan'
	option proto 'icmp'
	list icmp_type 'echo-request'
	list icmp_type 'echo-reply'
	list icmp_type 'destination-unreachable'
	list icmp_type 'packet-too-big'
	list icmp_type 'time-exceeded'
	list icmp_type 'bad-header'
	list icmp_type 'unknown-header-type'
	list icmp_type 'router-solicitation'
	list icmp_type 'neighbour-solicitation'
	list icmp_type 'router-advertisement'
	list icmp_type 'neighbour-advertisement'
	option limit '1000/sec'
	option family 'ipv6'
	option target 'ACCEPT'

config rule
	option name 'Allow-ICMPv6-Forward'
	option src 'wan'
	option dest '*'
	option proto 'icmp'
	list icmp_type 'echo-request'
	list icmp_type 'echo-reply'
	list icmp_type 'destination-unreachable'
	list icmp_type 'packet-too-big'
	list icmp_type 'time-exceeded'
	list icmp_type 'bad-header'
	list icmp_type 'unknown-header-type'
	option limit '1000/sec'
	option family 'ipv6'
	option target 'ACCEPT'

config rule
	option name 'Allow-IPSec-ESP'
	option src 'wan'
	option dest 'lan'
	option proto 'esp'
	option target 'ACCEPT'

config rule
	option name 'Allow-ISAKMP'
	option src 'wan'
	option dest 'lan'
	option dest_port '500'
	option proto 'udp'
	option target 'ACCEPT'

config include
	option path '/etc/firewall.user'

Thanks for the help.

psherman · April 25, 2020, 4:41pm

Do you have a second ethernet interface (i.e. a USB to ethernet adapter) for the Pi? Right now, the configuration states that eth0 is the LAN (connected to your Airport Extreme) and eth1 is the WAN (connected to your cable modem). Can you confirm that this is correct?

What mode is the Airport Extreme in (bridge/access point mode or router mode)? What is the address on that device?

dlakelan · April 25, 2020, 4:47pm

In general, I'd recommend to switch this around. Put the built-in ethernet on the LAN side, and the dongle on the WAN side... You want to be able to log into the pi from the LAN side, even if the dongle isn't working. (though it's not the cause of your problem)

duane.hinkley · April 25, 2020, 5:11pm

You're correct.

The Airport Extreme is in bridge mode. Keep in mind, devices connected to the Airport wifi can access the internet. Devices connected to the Raspberry Pi wifi CAN'T access the internet.

psherman · April 25, 2020, 5:16pm

This is a useful tidbit.
What happens when a device connects to the Pi's wifi? Does the device get an IP address via DHCP properly (please verify the complete IP settings and report them here - IP address + subnet mask, gateway/router, DNS)? Can you ping an address on the internet by IP address (say 8.8.8.8)? If that works, what about pinging by domain name (google.com)?

dlakelan · April 25, 2020, 5:20pm

I doubt the RPi built in wifi is ever going to provide you with particularly good service, due to tiny antenna, and limitations on the chipset. So you might want to just turn it off. But if you choose to run it, it should still get you internet access....

Can you tell us more about the client connecting to the Pi? Does it get an IP address? is IPv6 involved? Can it ping things by IP? can it do dns lookups? how about traceroute to 8.8.8.8?

duane.hinkley · April 25, 2020, 5:52pm

The device get's the IP address 10.0.1.220. Ping 8.8.8.8 fails. Ping google.com .... success... what??? Wait a minute.

Now Ping 8.8.8.8 success. Web pages even work. Looks like I just needed to wait a few minutes for something to initialize.

Thanks for the help! (or just patience to wait for it to work)

duane.hinkley · April 25, 2020, 5:57pm

It eventually just started working after only doing ping tests suggested by another user. Very weird.

The reason for using the wifi is because I have a device that's not compatible with the AirPort wifi. It be the only device using it. I also may add some USB antennas if the builtin antenna works consistently.

system · May 5, 2020, 5:57pm

This topic was automatically closed 10 days after the last reply. New replies are no longer allowed.