So my ISP modem has been in bridge mode since day one and I had followed the guide on OpenWRT Help to access Bridge mode modem but it has not been working since a few months. I am not sure what changed. The setting has been the same.
ISP Modem: 192.168.18.1 (Modem LAN4 is physically connected to the Router WAN port)
Router: 192.168.1.1
Setting under Interfaces is as under:
I am able to ping 192.168.18.1 fine but it won't show up in browser. What am I missing?
maybe you will have to put "Modemaccess" in disable mode or delete
and
you should fix the route add problem:
config route
option interface 'wan'
option target '192.168.18.1/32'
Tried that but even ping stops working with those options.
Please copy the output of the following commands and post it here using the "Preformatted text </> " button:
Remember to redact passwords, MAC addresses and any public IP addresses you may have:
cat /etc/config/network
cat /etc/config/dhcp
cat /etc/config/firewall
Run this on the router and show the output:
curl -I http://192.168.18.1
cat /etc/config/network
config interface 'loopback'
option device 'lo'
option proto 'static'
option ipaddr '127.0.0.1'
option netmask '255.0.0.0'
config globals 'globals'
config device
option name 'br-lan'
option type 'bridge'
list ports 'lan1'
list ports 'lan2'
list ports 'lan3'
list ports 'lan4'
config interface 'lan'
option device 'br-lan'
option proto 'static'
option ipaddr '192.168.1.1'
option netmask '255.255.255.0'
option ip6assign '60'
config interface 'wan'
option proto 'pppoe'
option username 'removed'
option password 'removed'
option ipv6 '0'
option delegate '0'
option peerdns '0'
option device 'wan'
list dns '1.1.1.1'
list dns '1.0.0.1'
config interface 'Modemaccess'
option device 'wan'
option proto 'static'
option ipaddr '192.168.18.2'
option netmask '255.255.255.0'
config route
option interface 'Modemaccess'
option target '192.168.18.1/24'
cat /etc/config/dhcp
config dnsmasq
option domainneeded '1'
option localise_queries '1'
option rebind_protection '1'
option rebind_localhost '1'
option local '/lan/'
option domain 'lan'
option expandhosts '1'
option authoritative '1'
option readethers '1'
option leasefile '/tmp/dhcp.leases'
option resolvfile '/tmp/resolv.conf.d/resolv.conf.auto'
option localservice '1'
option ednspacket_max '1232'
config dhcp 'lan'
option interface 'lan'
option start '100'
option limit '150'
option leasetime '12h'
option dhcpv4 'server'
option dhcpv6 'server'
option ra 'server'
list ra_flags 'managed-config'
list ra_flags 'other-config'
option dns_service '0'
config dhcp 'wan'
option interface 'wan'
option ignore '1'
config odhcpd 'odhcpd'
option maindhcp '0'
option leasefile '/tmp/hosts/odhcpd'
option leasetrigger '/usr/sbin/odhcpd-update'
option loglevel '4'
config host
option name ''
option ip '192.168.1.100'
option mac ''
config host
option name ''
option ip '192.168.1.129'
option mac ''
config host
option name ''
option ip '192.168.1.136'
option mac ''
config host
option name ''
option ip '192.168.1.110'
option mac ''
config host
option name ''
option ip '192.168.1.124'
option mac ''
config host
option ip '192.168.1.175'
option mac ''
option name ''
option dns '1'
config host
option ip '192.168.1.239'
option mac ''
option name ''
option dns '1'
config host
option ip '192.168.1.115'
option mac ''
option name ''
option dns '1'
config host
option ip '192.168.1.134'
option mac ''
option name ''
option dns '1'
config host
option ip '192.168.1.226'
option mac ''
option name ''
option dns '1'
config host
option name ''
option dns '1'
option ip '192.168.1.200'
option mac ''
config host
option name ''
option dns '1'
option ip '192.168.1.10'
option mac ''
config host
option name ''
option dns '1'
option ip ''
config host
option name ''
option dns '1'
option ip ''
config host
option name ''
option dns '1'
option ip '192.168.1.13'
config host
option name ''
option dns '1'
option ip '192.168.1.14'
config host
option name ''
option dns '1'
option ip '192.168.1.15'
config host
option name ''
option dns '1'
option ip '192.168.1.16'
option mac ''
config host
option ip '192.168.1.184'
option mac ''
option name ''
option dns '1'
config host
option name ''
option ip '192.168.1.230'
option mac ''
config host
option ip '192.168.1.139'
option mac ''
option name ''
option dns '1'
config host
option ip '192.168.1.135'
option mac ''
option name ''
option dns '1'
config host
option name ''
option ip '192.168.1.116'
option mac ''
config host
option ip '192.168.1.199'
option mac ''
config host
option name ''
option ip '192.168.1.186'
option mac ''
config host
option name ''
option ip '192.168.1.197'
option mac ''
config host
option name ''
option ip '192.168.1.169'
option mac ''
config host
option name ''
option ip '192.168.1.248'
option mac ''
config host
option name ''
option ip '192.168.1.177'
option mac ''
config host
option name ''
option ip '192.168.1.140'
option mac ''
config host
option name ''
option ip '192.168.1.170'
option mac ''
config host
option name ''
option ip '192.168.1.130'
option mac ''
config host
option ip '192.168.1.243'
option mac ''
option name ''
option dns '1'
config host
option name ''
option ip '192.168.1.201'
option mac ''
config host
option ip '192.168.1.163'
option mac ''
option name ''
option dns '1'
try like this ....
#config interface 'Modemaccess'
# option device 'wan'
# option proto 'static'
# option ipaddr '192.168.18.2'
# option netmask '255.255.255.0'
config route
option interface 'wan'
option target '192.168.18.1/32'
if it doesn't work, restore the previous configuration and follow the advice of AndrewZ who certainly knows more than me ...
cat /etc/config/firewall
config defaults
option input 'ACCEPT'
option output 'ACCEPT'
option forward 'REJECT'
option synflood_protect '1'
option flow_offloading '1'
config zone
option name 'lan'
option input 'ACCEPT'
option output 'ACCEPT'
option forward 'ACCEPT'
list network 'lan'
config zone
option name 'wan'
option input 'REJECT'
option output 'ACCEPT'
option forward 'REJECT'
option masq '1'
option mtu_fix '1'
option network 'wan Modemaccess'
list network 'wan'
list network 'Modemaccess'
config forwarding
option src 'lan'
option dest 'wan'
config rule
option name 'Allow-DHCP-Renew'
option src 'wan'
option proto 'udp'
option dest_port '68'
option target 'ACCEPT'
option family 'ipv4'
config rule
option name 'Allow-Ping'
option src 'wan'
option proto 'icmp'
option icmp_type 'echo-request'
option family 'ipv4'
option target 'ACCEPT'
config rule
option name 'Allow-IGMP'
option src 'wan'
option proto 'igmp'
option family 'ipv4'
option target 'ACCEPT'
config rule
option name 'Allow-DHCPv6'
option src 'wan'
option proto 'udp'
option src_ip 'fc00::/6'
option dest_ip 'fc00::/6'
option dest_port '546'
option family 'ipv6'
option target 'ACCEPT'
config rule
option name 'Allow-MLD'
option src 'wan'
option proto 'icmp'
option src_ip 'fe80::/10'
list icmp_type '130/0'
list icmp_type '131/0'
list icmp_type '132/0'
list icmp_type '143/0'
option family 'ipv6'
option target 'ACCEPT'
config rule
option name 'Allow-ICMPv6-Input'
option src 'wan'
option proto 'icmp'
list icmp_type 'echo-request'
list icmp_type 'echo-reply'
list icmp_type 'destination-unreachable'
list icmp_type 'packet-too-big'
list icmp_type 'time-exceeded'
list icmp_type 'bad-header'
list icmp_type 'unknown-header-type'
list icmp_type 'router-solicitation'
list icmp_type 'neighbour-solicitation'
list icmp_type 'router-advertisement'
list icmp_type 'neighbour-advertisement'
option limit '1000/sec'
option family 'ipv6'
option target 'ACCEPT'
config rule
option name 'Allow-ICMPv6-Forward'
option src 'wan'
option dest '*'
option proto 'icmp'
list icmp_type 'echo-request'
list icmp_type 'echo-reply'
list icmp_type 'destination-unreachable'
list icmp_type 'packet-too-big'
list icmp_type 'time-exceeded'
list icmp_type 'bad-header'
list icmp_type 'unknown-header-type'
option limit '1000/sec'
option family 'ipv6'
option target 'ACCEPT'
config rule
option name 'Allow-IPSec-ESP'
option src 'wan'
option dest 'lan'
option proto 'esp'
option target 'ACCEPT'
config rule
option name 'Allow-ISAKMP'
option src 'wan'
option dest 'lan'
option dest_port '500'
option proto 'udp'
option target 'ACCEPT'
config rule
option name 'Support-UDP-Traceroute'
option src 'wan'
option dest_port '33434:33689'
option proto 'udp'
option family 'ipv4'
option target 'REJECT'
option enabled '0'
config include
option path '/etc/firewall.user'
curl -I http://192.168.18.1
HTTP/1.1 404 Not Found
Content-Type:text/html
Pragma:no-cache
Cache-control:no-cache, no-store, max-age=0
Transfer-Encoding:chunked
X-Frame-Options:SAMEORIGIN
Connection:Keep-Alive
Still not working unfortunately... 
Excuse me ....
follow the advice of AndrewZ who certainly knows more than me ...
You need to include option defaultroute '0' here. This is a special subnet for modem access only. It should not be configured to provide a default route to the internet. You can set this option in the web interface by clicking on the advanced settings tab and unchecking the box labeled "use default gateway".
config interface 'Modemaccess'
option proto 'static'
option device 'wan'
option ipaddr '192.168.18.2'
option netmask '255.255.255.0'
option defaultroute '0'
Still the same issue. Ping is okay but won't open in browser.....
I have explained this shortly in first post but here it is with modem from ISP: HUAWEI EG8247H5 and LAN port 4 in it is set by ISP for the bridge mode which is connected to WAN of the router WRT1200AC.
Am I correct in deducing that the LAN4 is thus not allowing access to the modem/router LAN? and this is causing problem somehow. I don't know why it was working previously though...
Just to be clear, did access to the modem web interface work before and now it doesn't? Do you get a 404 error in your web browser like you did with curl? The 404 error suggests that the modem's web interface isn't working properly. You could try rebooting the modem and see if that fixes it.
I would connect a PC to the modem directly and check how this web server works. Note the URL that will work for you, maybe it will be something with /login at the end. Once you know the working URL you can repeat the curl test with this URL if necessary.
Please take a packet capture from the Modemaccess interface while trying to reach it via a browser from the internal network. Some device set the IPv4 TTL field to 1 to make sure the packets are (by default) only propagated one hop wide (things behind your router are 2 hops away). I am not saying this is your issue, but it is something observed in the wild and easy enough to check...
Already checked by running curl on the router.
The server of the modem has responded with 404, so there is connectivity to the server, but some other problem is going on, not connected to OpenWrt.
Could also be that the client laptop needs to be in the same subnet as the modem. So a SNAT rule could help too
Best is to check the manual of the modem for hints....