Hi All,
Recently i face some issue where some of my device doesn't receive the correct Default Gateway.
Example it suppose to be 192.168.1.1 but instead it receive 192.168.0.1. Sometimes i need to restart my device in order for them to get the correct Default Gateway. This happen to both WLAN & LAN. I'm not sure what when wrong.
Thanks and Regard
This sounds like you have another DHCP server on your network. I would recommend that you start by identifying any device that might typically run a DHCP server such as a wifi AP/router/extender, pihole or other similar device.
You can also use some methods to help try to figure that out by probing the network... "how to find a rogue DHCP server" is a good search term to find tutorials on this topic... here's one
Beyond that, we would need a lot more information to help, starting with your OpenWrt configuration:
Please connect to your OpenWrt device using ssh and copy the output of the following commands and post it here using the "Preformatted text </> " button:
Remember to redact passwords, MAC addresses and any public IP addresses you may have:
ubus call system board
cat /etc/config/network
cat /etc/config/wireless
cat /etc/config/dhcp
cat /etc/config/firewall
Hi here's the output that you looking for :~
Config ubus call system board
ubus call system board
{
"kernel": "5.15.134",
"hostname": "Xiaomi_AX3200",
"system": "ARMv8 Processor rev 4",
"model": "Xiaomi Redmi Router AX6S",
"board_name": "xiaomi,redmi-router-ax6s",
"rootfs_type": "squashfs",
"release": {
"distribution": "OpenWrt",
"version": "23.05.0",
"revision": "r23497-6637af95aa",
"target": "mediatek/mt7622",
"description": "OpenWrt 23.05.0 r23497-6637af95aa"
}
}
Config /etc/config/network
cat /etc/config/network
config interface 'loopback'
option device 'lo'
option proto 'static'
option ipaddr '127.0.0.1'
option netmask '255.0.0.0'
config globals 'globals'
option ula_prefix 'fd6f:9c1e:8859::/48'
config device
option name 'br-lan'
option type 'bridge'
list ports 'lan1'
list ports 'lan2'
list ports 'lan3'
config interface 'lan'
option device 'br-lan'
option proto 'static'
option ipaddr '192.168.1.1'
option netmask '255.255.255.0'
option ip6assign '60'
config device
option name 'wan'
option macaddr '5c:02:14:30:2c:d7'
config interface 'wan'
option proto 'pppoe'
option device 'wan.500'
option username '######'
option password '######'
option ipv6 'auto'
option peerdns '0'
list dns '1.1.1.1'
list dns '1.0.0.1'
config interface 'wan6'
option device 'wan.500'
option proto 'dhcpv6'
option reqaddress 'try'
option reqprefix 'auto'
config device
option name 'lan1'
config device
option name 'eth0'
config device
option name 'lan2'
config device
option name 'lan3'
config device
option type '8021q'
option ifname 'wan'
option vid '500'
option name 'wan.500'
option mtu '1492'
Config /etc/config/wireless
cat /etc/config/wireless
config wifi-device 'radio0'
option type 'mac80211'
option path 'platform/18000000.wmac'
option channel '1'
option band '2g'
option htmode 'HT20'
option cell_density '0'
config wifi-iface 'default_radio0'
option device 'radio0'
option network 'lan'
option mode 'ap'
option ssid '######'
option encryption 'sae-mixed'
option key '######'
list maclist '56:2F:D0:C6:91:80'
config wifi-device 'radio1'
option type 'mac80211'
option path '1a143000.pcie/pci0000:00/0000:00:00.0/0000:01:00.0'
option channel '36'
option band '5g'
option htmode 'HE80'
option cell_density '0'
config wifi-iface 'default_radio1'
option device 'radio1'
option network 'lan'
option mode 'ap'
option ssid '######'
option key '######'
list maclist '56:2F:D0:C6:91:80'
option encryption 'sae-mixed'
Config /etc/config/dhcp
cat /etc/config/dhcp
config dnsmasq
option domainneeded '1'
option boguspriv '1'
option filterwin2k '0'
option localise_queries '1'
option rebind_protection '1'
option rebind_localhost '1'
option local '/lan/'
option domain 'lan'
option expandhosts '1'
option nonegcache '0'
option authoritative '1'
option readethers '1'
option leasefile '/tmp/dhcp.leases'
option resolvfile '/tmp/resolv.conf.d/resolv.conf.auto'
option nonwildcard '1'
option localservice '1'
option ednspacket_max '1232'
option confdir '/tmp/dnsmasq.d'
config dhcp 'lan'
option interface 'lan'
option start '100'
option limit '150'
option leasetime '12h'
option dhcpv4 'server'
option dhcpv6 'server'
option ra 'server'
option ra_slaac '1'
list ra_flags 'managed-config'
list ra_flags 'other-config'
config dhcp 'wan'
option interface 'wan'
option ignore '1'
config odhcpd 'odhcpd'
option maindhcp '0'
option leasefile '/tmp/hosts/odhcpd'
option leasetrigger '/usr/sbin/odhcpd-update'
option loglevel '4'
Config /etc/config/firewall
cat /etc/config/firewall
config defaults
option syn_flood '1'
option input 'ACCEPT'
option output 'ACCEPT'
option forward 'REJECT'
config zone
option name 'lan'
list network 'lan'
option input 'ACCEPT'
option output 'ACCEPT'
option forward 'ACCEPT'
config zone
option name 'wan'
list network 'wan'
list network 'wan6'
option input 'REJECT'
option output 'ACCEPT'
option forward 'REJECT'
option masq '1'
option mtu_fix '1'
config forwarding
option src 'lan'
option dest 'wan'
config rule
option name 'Allow-DHCP-Renew'
option src 'wan'
option proto 'udp'
option dest_port '68'
option target 'ACCEPT'
option family 'ipv4'
config rule
option name 'Allow-Ping'
option src 'wan'
option proto 'icmp'
option icmp_type 'echo-request'
option family 'ipv4'
option target 'ACCEPT'
config rule
option name 'Allow-IGMP'
option src 'wan'
option proto 'igmp'
option family 'ipv4'
option target 'ACCEPT'
config rule
option name 'Allow-DHCPv6'
option src 'wan'
option proto 'udp'
option dest_port '546'
option family 'ipv6'
option target 'ACCEPT'
config rule
option name 'Allow-MLD'
option src 'wan'
option proto 'icmp'
option src_ip 'fe80::/10'
list icmp_type '130/0'
list icmp_type '131/0'
list icmp_type '132/0'
list icmp_type '143/0'
option family 'ipv6'
option target 'ACCEPT'
config rule
option name 'Allow-ICMPv6-Input'
option src 'wan'
option proto 'icmp'
list icmp_type 'echo-request'
list icmp_type 'echo-reply'
list icmp_type 'destination-unreachable'
list icmp_type 'packet-too-big'
list icmp_type 'time-exceeded'
list icmp_type 'bad-header'
list icmp_type 'unknown-header-type'
list icmp_type 'router-solicitation'
list icmp_type 'neighbour-solicitation'
list icmp_type 'router-advertisement'
list icmp_type 'neighbour-advertisement'
option limit '1000/sec'
option family 'ipv6'
option target 'ACCEPT'
config rule
option name 'Allow-ICMPv6-Forward'
option src 'wan'
option dest '*'
option proto 'icmp'
list icmp_type 'echo-request'
list icmp_type 'echo-reply'
list icmp_type 'destination-unreachable'
list icmp_type 'packet-too-big'
list icmp_type 'time-exceeded'
list icmp_type 'bad-header'
list icmp_type 'unknown-header-type'
option limit '1000/sec'
option family 'ipv6'
option target 'ACCEPT'
config rule
option name 'Allow-IPSec-ESP'
option src 'wan'
option dest 'lan'
option proto 'esp'
option target 'ACCEPT'
config rule
option name 'Allow-ISAKMP'
option src 'wan'
option dest 'lan'
option dest_port '500'
option proto 'udp'
option target 'ACCEPT'
config redirect
option dest 'lan'
option target 'DNAT'
option family 'ipv4'
option src 'wan'
option src_dport '2234'
option dest_ip '192.168.1.201'
option name 'SoulSeek'
list proto 'tcp'
config include 'miniupnpd'
option type 'script'
option path '/usr/share/miniupnpd/firewall.include'
i don't have any of other Wifi AP/Router/Extender, but there's a new Wifi CCTV i've installed but i'm not sure that causing the issue. As for Rogue DHCP Server i will try to analyse my network.
Thanks
Your config looks pretty standard.
I'd try unplugging it for a little while and see if the problem goes away.
Hi,
Can confirm that Wifi CCTV causing the issue, is there any why to mitigate it while the CCTV connect to my network?
Thanks
Yup... not a surprise given the symptom. Glad we were able to identify the culprit.
Without knowing the details of your CCTV device, it is hard to say.
A few possible options:
Can you draw a quick diagram of how the CCTV device (and any other related cameras/recorders/playback units) are connected to your network?
Also, what is the CCTV device in question (brand + model)?
I'm sure there is no option to disable DHCP on CCTV Wifi. I'll need to check again.
There is no Ethernet Port to connect, the only way to connect the CCTV Wifi is via wifi.
Perhaps you can guide me on how to do it? My ISP are using VLAN 500.
I don't think disable DHCP Server on the router is the great idea 
Here's my network diagram, do correct me if there is anything wrong :~
Xiaomi AW300
Try blocking all DHCP responses coming from the AW300's MAC address using an nft table of bridge family to see if it makes a difference. Replace <AW300_MAC> with the correct MAC.
opkg update; opkg install kmod-nft-bridge;
nft add table bridge filter; \
nft add chain bridge filter forward '{type filter hook forward priority -200; }'; \
nft add rule bridge filter forward ether saddr <AW300_MAC> udp sport 67 counter drop
The other method would be to create a new network interface and associate that with a new SSID. This way you can have access via routing, but it will not be able to affect your main network.
This topic was automatically closed 10 days after the last reply. New replies are no longer allowed.