That is often implemented by sending response packets with a TTL of 1.... hence the proposal of actually checking what happens in the wire.
are we talking about a cable ISP modem ?
If so, you might want to ensure first, is not an issue outside of OpenWRT:
- cable routers in bridge mode often lock onto the MAC address of the first device attached to any ISP LAN port (assuming the attached device will then be the designated router). From then on it may show weird behavior with any later ISP-LAN- attached device (which usually has another MAC). You might need to reboot or reset the cable modem, to reset the MAC lock on.
- Is your ISP device GUI accessible at all in bridge mode? (At least my own cable router GUI is not)
1 Like
This means that you have reached a web server, but it responded that it could not / would not serve the page that you asked for. The network is OK, assuming the server reached is indeed the one in the modem. The entire 404 message originates at the server and is sent over the network.
Other points:
- Assigning an IP address and netmask to an interface also automatically installs a route to that subnet. A separate route should not be declared.
- The actual configured IP addresses and routes that the kernel is using can be investigated with
ip addr showandip route showrespectively. option defaultrouteapplies to dhcp and ppp clients which would otherwise install a default route advertised by the peer. It has no effect onproto static. A static interface will not be the default route unless you specifygatewayin the configuration.- Multiple networks on the same line in a firewall
zoneis the deprecated old syntax. The new syntax of multiplelist networkoptions with one on each line should be used, and remove anyoption networklines. - Interface names should be all lowercase by convention.
3 Likes
you will need masquarade on wan interface
iptables -I POSTROUTING -t nat -o wan -d 192.168.18.0/24 -j MASQUERADE
was the in the old days
1 Like
What kind of ISP-modem router are you using and did you configure it to operate as bridged-modem?
This is super weird. I just went ahead and reset the router and I am able to access Modem now without any issue. With the same SETTING. So I don't know what was wrong. I am giving the network/firewall/dhcp info here just incase someone can sight the issue in comparison to the previous versions.
config interface 'loopback'
option device 'lo'
option proto 'static'
option ipaddr '127.0.0.1'
option netmask '255.0.0.0'
config globals 'globals'
config device
option name 'br-lan'
option type 'bridge'
list ports 'lan1'
list ports 'lan2'
list ports 'lan3'
list ports 'lan4'
config interface 'lan'
option device 'br-lan'
option proto 'static'
option ipaddr '192.168.1.1'
option netmask '255.255.255.0'
option delegate '0'
config interface 'modem'
option proto 'static'
option device 'wan'
option ipaddr '192.168.18.2'
option netmask '255.255.255.0'
config interface 'wan'
option proto 'pppoe'
option device 'wan'
option username ''
option password ''
option ipv6 '0'
option peerdns '0'
list dns '1.1.1.1'
list dns '1.0.0.1'
option delegate '0'
cat /etc/config/dhcp
config dnsmasq
option domainneeded '1'
option boguspriv '1'
option filterwin2k '0'
option localise_queries '1'
option rebind_protection '1'
option rebind_localhost '1'
option local '/lan/'
option domain 'lan'
option expandhosts '1'
option nonegcache '0'
option cachesize '1000'
option authoritative '1'
option readethers '1'
option leasefile '/tmp/dhcp.leases'
option resolvfile '/tmp/resolv.conf.d/resolv.conf.auto'
option nonwildcard '1'
option localservice '1'
option ednspacket_max '1232'
option filter_aaaa '0'
option filter_a '0'
config dhcp 'lan'
option interface 'lan'
option start '100'
option limit '150'
option leasetime '12h'
option dhcpv4 'server'
option dhcpv6 'server'
option ra 'server'
list ra_flags 'managed-config'
list ra_flags 'other-config'
config odhcpd 'odhcpd'
option maindhcp '0'
option leasefile '/tmp/hosts/odhcpd'
option leasetrigger '/usr/sbin/odhcpd-update'
option loglevel '4'
cat /etc/config/firewall
config defaults
option syn_flood '1'
option input 'REJECT'
option output 'ACCEPT'
option forward 'REJECT'
config zone
option name 'lan'
option input 'ACCEPT'
option output 'ACCEPT'
option forward 'ACCEPT'
list network 'lan'
config zone
option name 'wan'
option input 'REJECT'
option output 'ACCEPT'
option forward 'REJECT'
option masq '1'
option mtu_fix '1'
list network 'modem'
list network 'wan'
config forwarding
option src 'lan'
option dest 'wan'
config rule
option name 'Allow-DHCP-Renew'
option src 'wan'
option proto 'udp'
option dest_port '68'
option target 'ACCEPT'
option family 'ipv4'
config rule
option name 'Allow-Ping'
option src 'wan'
option proto 'icmp'
option icmp_type 'echo-request'
option family 'ipv4'
option target 'ACCEPT'
config rule
option name 'Allow-IGMP'
option src 'wan'
option proto 'igmp'
option family 'ipv4'
option target 'ACCEPT'
config rule
option name 'Allow-DHCPv6'
option src 'wan'
option proto 'udp'
option dest_port '546'
option family 'ipv6'
option target 'ACCEPT'
config rule
option name 'Allow-MLD'
option src 'wan'
option proto 'icmp'
option src_ip 'fe80::/10'
list icmp_type '130/0'
list icmp_type '131/0'
list icmp_type '132/0'
list icmp_type '143/0'
option family 'ipv6'
option target 'ACCEPT'
config rule
option name 'Allow-ICMPv6-Input'
option src 'wan'
option proto 'icmp'
list icmp_type 'echo-request'
list icmp_type 'echo-reply'
list icmp_type 'destination-unreachable'
list icmp_type 'packet-too-big'
list icmp_type 'time-exceeded'
list icmp_type 'bad-header'
list icmp_type 'unknown-header-type'
list icmp_type 'router-solicitation'
list icmp_type 'neighbour-solicitation'
list icmp_type 'router-advertisement'
list icmp_type 'neighbour-advertisement'
option limit '1000/sec'
option family 'ipv6'
option target 'ACCEPT'
config rule
option name 'Allow-ICMPv6-Forward'
option src 'wan'
option dest '*'
option proto 'icmp'
list icmp_type 'echo-request'
list icmp_type 'echo-reply'
list icmp_type 'destination-unreachable'
list icmp_type 'packet-too-big'
list icmp_type 'time-exceeded'
list icmp_type 'bad-header'
list icmp_type 'unknown-header-type'
option limit '1000/sec'
option family 'ipv6'
option target 'ACCEPT'
config rule
option name 'Allow-IPSec-ESP'
option src 'wan'
option dest 'lan'
option proto 'esp'
option target 'ACCEPT'
config rule
option name 'Allow-ISAKMP'
option src 'wan'
option dest 'lan'
option dest_port '500'
option proto 'udp'
option target 'ACCEPT'
It is a regular Fiber ISP and resetting the OpenWRT device has worked. I have no idea why because I just literally did the same settings as before and it is working..........
1 Like
It is a Huawei EG8247H5 ONT which the ISP set in bridge mode for me and I have been using it since. The modem access worked fine for a few months after I set things up in OpenWRT literally the same simple way in the GUI but it stopped working and I never got to fixing it until now....
1 Like
I am so sorry guys. I feel embarrassed that I did not reset the router before coming here but it really was a weird issue I faced which went away with reset? All the interface setting atleast to me look exactly like before, nothing complicated in it and yet it wasn't working before this.
Thank you so much to everyone for your responses. Much appreciated!!!
2 Likes
This topic was automatically closed 10 days after the last reply. New replies are no longer allowed.