[SOLVED] NOOB HELP - ping from router ok - no internet for clients

mcarni · October 18, 2017, 7:23pm

Guys,

i have spent some of the last night hours trying to upgrade my setup but I could not get it to work.

I have a modem/router provided by my ISP which I cannot change.
on this router I have DMZ'ed 192.168.1.64 and I have the wan of my personal router connected to one of the ISP lan ports

Today I use a TP-link 1043 with openwrt installed as personal router
I have just acquired also a TP-link archer c7 1750 v2 which I would like to use in substitution of the 1043.
I tried to replicate the same network/firewall setup, but I must have messed up something.
If i ssh into the router I can ping google but clients connected to the archer have no internet.

I am probably forgetting something silly, but I cannot figure it out,
Would it be possible for anybody to lend me a hand?
I can follow directions and edit files (when I am at home) ..I resetted the router a couple of times, changing some of the settings but I am feeling a bit lost here now...

Thansk a lot M

etc/config/network

config interface 'loopback'
	option ifname 'lo'
	option proto 'static'
	option ipaddr '127.0.0.1'
	option netmask '255.0.0.0'

config globals 'globals'
	option ula_prefix 'fdb4:92e2:616a::/48'

config interface 'lan'
	option type 'bridge'
	option ifname 'eth1'
	option proto 'static'
	option netmask '255.255.255.0'
	option ip6assign '60'
	option ipaddr '192.168.2.1'
	option gateway '192.168.2.0'

config interface 'wan'
	option ifname 'eth0'
	option _orig_ifname 'eth0'
	option _orig_bridge 'false'
	option proto 'dhcp'

config interface 'wan6'
	option ifname 'eth0'
	option proto 'dhcpv6'

config switch
	option name 'switch0'
	option reset '1'
	option enable_vlan '1'

config switch_vlan
	option device 'switch0'
	option vlan '1'
	option ports '2 3 4 5 0'

config switch_vlan
	option device 'switch0'
	option vlan '2'
	option ports '1 6'

config interface 'modem'
	option ifname 'eth0'
	option proto 'static'
	option netmask '255.255.255.0'
	option gateway '192.168.1.254'
	option dns '192.168.1.254'
	option ipaddr '192.168.1.64'
	option broadcast '192.168.1.64'

config defaults
	option syn_flood '1'
	option input 'ACCEPT'
	option output 'ACCEPT'
	option forward 'REJECT'

config zone
	option name 'lan'
	option input 'ACCEPT'
	option output 'ACCEPT'
	option forward 'ACCEPT'
	option network 'lan'

config zone
	option name 'wan'
	option input 'REJECT'
	option output 'ACCEPT'
	option forward 'REJECT'
	option masq '1'
	option mtu_fix '1'
	option masq_dest '!modem'
	option network ' '

config include
	option path '/etc/firewall.user'

ping:

BusyBox v1.25.1 () built-in shell (ash)

     _________
    /        /\      _    ___ ___  ___
   /  LE    /  \    | |  | __|   \| __|
  /    DE  /    \   | |__| _|| |) | _|
 /________/  LE  \  |____|___|___/|___|                      lede-project.org
 \        \   DE /
  \    LE  \    /  -----------------------------------------------------------
   \  DE    \  /    Reboot (17.01.3, r3533-d0bf257c46)
    \________\/    -----------------------------------------------------------

root@LEDE:~# ping -c 3 [google link redacted..not allowed more than 2 links...]
PING [google link redacted..not allowed more than 2 links...] (216.58.205.100): 56 data bytes
64 bytes from 216.58.205.100: seq=0 ttl=51 time=9.259 ms
64 bytes from 216.58.205.100: seq=1 ttl=51 time=7.567 ms
64 bytes from 216.58.205.100: seq=2 ttl=51 time=7.629 ms

--- [google link redacted..not allowed more than 2 links...] ping statistics ---
3 packets transmitted, 3 packets received, 0% packet loss
round-trip min/avg/max = 7.567/8.151/9.259 ms

eduperez · October 18, 2017, 7:37pm

There is no rule to allow forwarding from the LAN zone to the WAN zone:

config forwarding
	option src 'lan'
	option dest 'wan'

mcarni · October 18, 2017, 8:01pm

Thanks Eduperez for the suggestion

i have updated the firewall and reloaded the configuration but still no luck
do you have any other idea?
Thanks a lot
M

config defaults
	option syn_flood '1'
	option input 'ACCEPT'
	option output 'ACCEPT'
	option forward 'REJECT'

config zone
	option name 'lan'
	option input 'ACCEPT'
	option output 'ACCEPT'
	option forward 'ACCEPT'
	option network 'lan'

config zone
	option name 'wan'
	option input 'REJECT'
	option output 'ACCEPT'
	option forward 'REJECT'
	option masq '1'
	option mtu_fix '1'
	option masq_dest '!modem'
	option network ' '

config forwarding
	option src 'lan'
	option dest 'wan'

config include
	option path '/etc/firewall.user'

eduperez · October 19, 2017, 5:32am

The WAN zone does not contain any network, you should at least have the WAN interface there. But wait... you have both the MODEM and WAN interfaces defined over eth0... why?

Looking at your config file, I guess the default configuration was almost good enough for your situation, and only two minor changes where needed:

Configure (on the modem) a static IP address for the router.
Change the LAN network on the router from 192.168.1.x to 192.168.2.x

mcarni · October 19, 2017, 10:00am

Thanks Eduperez,

i guess I have rushed things, I was a bit excited about the new software/hardware....and i knew I had to be out on a business trip...I will return in the weekend and I Will take the occasion of the .01.4 release to reinstall from scratch.

I will take a leaner approach and start from the default config and see where it gets me.

Thanks a lot for your support, i will keep you updated

thanks

mcarni · October 22, 2017, 9:58pm

@eduperez,

you were right, I started over from a fresh install and followed your advice (static ip on router and lan address 192.168.2.x)
i did not need all the mess I had with modem and wan interfaces.

everything seems to be working well
very good indeed

Thank you very much

M