Two device can't reach each other by using same wifi

IceLitty · September 13, 2023, 1:07am

My router is a pre-build openwrt using Rockchip RK3568 chips and Quectel RM500U to use SIM card to connect Internet, This is the version info:

❯ uname -a
Linux IcyCat 6.1.40 #0 SMP Fri Aug 11 04:42:05 2023 aarch64 GNU/Linux
❯ cat /etc/openwrt_version
r5978-666cf9f31
❯ cat /etc/openwrt_release
DISTRIB_ID='photonicatWrt'
DISTRIB_RELEASE='23.07'
DISTRIB_TARGET='rockchip/armv8'
DISTRIB_ARCH='aarch64_generic'
DISTRIB_TAINTS='no-all busybox'
DISTRIB_REVISION='R23.4.1'
DISTRIB_DESCRIPTION='photonicatWrt '

Is my openwrt version 23.07? The pre-build source code is there:

This router has 2 physics WLAN cards, which are 2.4ghz and 5ghz in phy0-ap0 and phy1-ap0.
The problem is my laptop and phone connect to the same wifi example 5ghz, They can't reach each other's ports, and also can't ping each other, but Internet access is no problem.
Then toggle the phone to connect to 2.4g wifi, they can reach each other's ports and also can ping.
Try laptop connected to 2.4g and phone connected to 5g, can reach each other, but 2 devices connected to 2.4g can't.
I see the same article but can't resolve my problem, How can I resolve this?

Device now status flag:

❯ cat /sys/devices/virtual/net/br-lan/lower_phy0-ap0/brport/hairpin_mode
0
❯ cat /sys/devices/virtual/net/br-lan/lower_phy0-ap0/brport/multicast_to_unicast
0
❯ cat /sys/devices/virtual/net/br-lan/lower_phy0-ap0/brport/isolated
0
❯ cat /sys/devices/virtual/net/br-lan/lower_phy1-ap0/brport/hairpin_mode
0
❯ cat /sys/devices/virtual/net/br-lan/lower_phy1-ap0/brport/multicast_to_unicast
0
❯ cat /sys/devices/virtual/net/br-lan/lower_phy1-ap0/brport/isolated
0

Config file:
Also, I tried manually adding option isolate '0' and option multicast_to_unicast '0' to two wifi-iface, but it did not happen.
(when add multicast_to_unicast '0', can't access Internet and wifi connection is loss frequently, but also can't reach each other)

❯ cat /etc/config/wireless

config wifi-device 'radio0'
        option disabled '0'
        option type 'mac80211'
        option path 'platform/fe2c0000.mmc/mmc_host/mmc2/mmc2:0001/mmc2:0001:1'
        option channel '10'
        option band '2g'
        option htmode 'HT20'
        option country 'CN'
        option legacy_rates '1'
        option mu_beamformer '1'

config wifi-iface 'default_radio0'
        option device 'radio0'
        option network 'lan'
        option mode 'ap'
        option encryption 'psk2'
        option wps_pushbutton '0'
        option disassoc_low_ack '0'
        option ssid '********'
        option key '********'

config wifi-device 'radio1'
        option type 'mac80211'
        option path '3c0800000.pcie/pci0002:20/0002:20:00.0/0002:21:00.0'
        option band '5g'
        option htmode 'HE80'
        option legacy_rates '1'
        option channel '40'
        option country 'CN'
        option mu_beamformer '1'

config wifi-iface 'default_radio1'
        option device 'radio1'
        option network 'lan'
        option mode 'ap'
        option encryption 'psk2'
        option disassoc_low_ack '0'
        option wps_pushbutton '0'
        option ssid '********'
        option key '********'

❯ cat /etc/config/network

config interface 'loopback'
        option ifname 'lo'
        option proto 'static'
        option ipaddr '127.0.0.1'
        option netmask '255.0.0.0'

config globals 'globals'
        option ula_prefix 'fd1e:7270:ea04::/48'
        option packet_steering '1'

config interface 'lan'
        option type 'bridge'
        option proto 'static'
        option netmask '255.255.248.0'
        option ipaddr '172.16.0.1'
        option ip6class 'local'
        option _orig_ifname 'eth1 phy0-ap0 phy1-ap0'
        option _orig_bridge 'true'
        option ifname 'eth1 phy0-ap0 phy1-ap0'
        option ip6assign '64'

config interface 'wan'
        option ifname 'eth0'
        option proto 'dhcp'
        option metric '1'

config interface 'wan6'
        option ifname 'eth0'
        option proto 'dhcpv6'
        option metric '2'
        option sourcefilter '0'

config interface 'VPN'
        option ifname 'ipsec0'
        option proto 'static'
        option ipaddr '10.10.10.1'
        option netmask '255.255.255.0'

config interface 'vpn0'
        option ifname 'tun0'
        option proto 'none'

config interface 'wwan_5g'
        option proto 'dhcp'
        option ifname 'usb0'
        option metric '10'
        option auto '0'
        option hostname 'E5576-855'

config interface 'wwan_5g_v6'
        option proto 'dhcpv6'
        option ifname 'usb0'
        option metric '11'
        option auto '0'
        option sourcefilter '0'

config interface 'wwan_lte'
        option proto 'dhcp'
        option ifname 'wwan0'
        option metric '12'

config interface 'wwan_lte_v6'
        option proto 'dhcpv6'
        option ifname 'wwan0'
        option metric '13'
        option sourcefilter '0'

❯ cat /etc/config/firewall

config defaults
        option syn_flood '1'
        option input 'ACCEPT'
        option output 'ACCEPT'
        option forward 'REJECT'
        option flow_offloading '1'
        option flow_offloading_hw '1'
        option fullcone '2'

config zone
        option name 'lan'
        option input 'ACCEPT'
        option output 'ACCEPT'
        option forward 'ACCEPT'
        option network 'lan'

config zone
        option name 'wan'
        option input 'REJECT'
        option output 'ACCEPT'
        option forward 'REJECT'
        option masq '1'
        option masq6 '1'
        option mtu_fix '1'
        option network 'wan wan6 wwan_5g wwan_lte wwan_5g_v6 wwan_lte_v6'

config forwarding
        option src 'lan'
        option dest 'wan'

config rule
        option name 'Allow-DHCP-Renew'
        option src 'wan'
        option proto 'udp'
        option dest_port '68'
        option target 'ACCEPT'
        option family 'ipv4'

config rule
        option name 'Allow-Ping'
        option src 'wan'
        option proto 'icmp'
        option icmp_type 'echo-request'
        option family 'ipv4'
        option target 'ACCEPT'

config rule
        option name 'Allow-IGMP'
        option src 'wan'
        option proto 'igmp'
        option family 'ipv4'
        option target 'ACCEPT'

config rule
        option name 'Allow-DHCPv6'
        option src 'wan'
        option proto 'udp'
        option src_ip 'fc00::/6'
        option dest_ip 'fc00::/6'
        option dest_port '546'
        option family 'ipv6'
        option target 'ACCEPT'

config rule
        option name 'Allow-MLD'
        option src 'wan'
        option proto 'icmp'
        option src_ip 'fe80::/10'
        list icmp_type '130/0'
        list icmp_type '131/0'
        list icmp_type '132/0'
        list icmp_type '143/0'
        option family 'ipv6'
        option target 'ACCEPT'

config rule
        option name 'Allow-ICMPv6-Input'
        option src 'wan'
        option proto 'icmp'
        list icmp_type 'echo-request'
        list icmp_type 'echo-reply'
        list icmp_type 'destination-unreachable'
        list icmp_type 'packet-too-big'
        list icmp_type 'time-exceeded'
        list icmp_type 'bad-header'
        list icmp_type 'unknown-header-type'
        list icmp_type 'router-solicitation'
        list icmp_type 'neighbour-solicitation'
        list icmp_type 'router-advertisement'
        list icmp_type 'neighbour-advertisement'
        option limit '1000/sec'
        option family 'ipv6'
        option target 'ACCEPT'

config rule
        option name 'Allow-ICMPv6-Forward'
        option src 'wan'
        option dest '*'
        option proto 'icmp'
        list icmp_type 'echo-request'
        list icmp_type 'echo-reply'
        list icmp_type 'destination-unreachable'
        list icmp_type 'packet-too-big'
        list icmp_type 'time-exceeded'
        list icmp_type 'bad-header'
        list icmp_type 'unknown-header-type'
        option limit '1000/sec'
        option family 'ipv6'
        option target 'ACCEPT'

config rule
        option name 'Allow-IPSec-ESP'
        option src 'wan'
        option dest 'lan'
        option proto 'esp'
        option target 'ACCEPT'

config rule
        option name 'Allow-ISAKMP'
        option src 'wan'
        option dest 'lan'
        option dest_port '500'
        option proto 'udp'
        option target 'ACCEPT'

config rule
        option name 'Support-UDP-Traceroute'
        option src 'wan'
        option dest_port '33434:33689'
        option proto 'udp'
        option family 'ipv4'
        option target 'REJECT'
        option enabled '0'

config include
        option path '/etc/firewall.user'

config include 'nat6'
        option path '/etc/firewall.d/with_reload/90-nat6.fw'
        option reload '1'

config include 'miniupnpd'
        option type 'script'
        option path '/usr/share/miniupnpd/firewall.include'
        option family 'any'
        option reload '1'

config include 'socat'
        option type 'script'
        option path '/var/etc/socat.include'
        option reload '1'

config include 'mia'
        option type 'script'
        option path '/etc/mia.include'
        option reload '1'

config include 'openclash'
        option type 'script'
        option path '/var/etc/openclash.include'
        option reload '1'

config rule
        option target 'ACCEPT'
        option src 'wan'
        option name 'ipv6'
        option family 'ipv6'
        option proto 'all'
        option dest '*'
        option enabled '0'

config rule
        option target 'ACCEPT'
        option src 'lan'
        option dest 'lan'
        option name 'Internal-Access'
        option proto 'all'
        option enabled '0'

I tried to use service firewall stop to turn off the firewall at first, but still can't reach each other, may its not a firewall config problem?

❯ iptables -L
Chain INPUT (policy ACCEPT)
target     prot opt source               destination
SOCAT      all  --  anywhere             anywhere
ACCEPT     all  --  anywhere             anywhere             /* !fw3 */
input_rule  all  --  anywhere             anywhere             /* !fw3: Custom input rule chain */
ACCEPT     all  --  anywhere             anywhere             ctstate RELATED,ESTABLISHED /* !fw3 */
syn_flood  tcp  --  anywhere             anywhere             tcp flags:FIN,SYN,RST,ACK/SYN /* !fw3 */
zone_lan_input  all  --  anywhere             anywhere             /* !fw3 */
zone_wan_input  all  --  anywhere             anywhere             /* !fw3 */
zone_wan_input  all  --  anywhere             anywhere             /* !fw3 */
zone_wan_input  all  --  anywhere             anywhere             /* !fw3 */

Chain FORWARD (policy DROP)
target     prot opt source               destination
forwarding_rule  all  --  anywhere             anywhere             /* !fw3: Custom forwarding rule chain */
FLOWOFFLOAD  all  --  anywhere             anywhere             /* !fw3: Traffic offloading */ ctstate RELATED,ESTABLISHED FLOWOFFLOAD hw
ACCEPT     all  --  anywhere             anywhere             ctstate RELATED,ESTABLISHED /* !fw3 */
zone_lan_forward  all  --  anywhere             anywhere             /* !fw3 */
zone_wan_forward  all  --  anywhere             anywhere             /* !fw3 */
zone_wan_forward  all  --  anywhere             anywhere             /* !fw3 */
zone_wan_forward  all  --  anywhere             anywhere             /* !fw3 */
reject     all  --  anywhere             anywhere             /* !fw3 */

Chain OUTPUT (policy ACCEPT)
target     prot opt source               destination
ACCEPT     all  --  anywhere             anywhere             /* !fw3 */
output_rule  all  --  anywhere             anywhere             /* !fw3: Custom output rule chain */
ACCEPT     all  --  anywhere             anywhere             ctstate RELATED,ESTABLISHED /* !fw3 */
zone_lan_output  all  --  anywhere             anywhere             /* !fw3 */
zone_wan_output  all  --  anywhere             anywhere             /* !fw3 */
zone_wan_output  all  --  anywhere             anywhere             /* !fw3 */
zone_wan_output  all  --  anywhere             anywhere             /* !fw3 */

Chain MINIUPNPD (2 references)
target     prot opt source               destination

Chain SOCAT (1 references)
target     prot opt source               destination

Chain forwarding_lan_rule (1 references)
target     prot opt source               destination

Chain forwarding_rule (1 references)
target     prot opt source               destination

Chain forwarding_wan_rule (1 references)
target     prot opt source               destination

Chain input_lan_rule (1 references)
target     prot opt source               destination

Chain input_rule (1 references)
target     prot opt source               destination

Chain input_wan_rule (1 references)
target     prot opt source               destination

Chain output_lan_rule (1 references)
target     prot opt source               destination

Chain output_rule (1 references)
target     prot opt source               destination

Chain output_wan_rule (1 references)
target     prot opt source               destination

Chain reject (7 references)
target     prot opt source               destination
REJECT     tcp  --  anywhere             anywhere             /* !fw3 */ reject-with tcp-reset
REJECT     all  --  anywhere             anywhere             /* !fw3 */ reject-with icmp-port-unreachable

Chain syn_flood (1 references)
target     prot opt source               destination
RETURN     all  --  anywhere             anywhere             limit: avg 25/sec burst 50 /* !fw3 */
DROP       all  --  anywhere             anywhere             /* !fw3 */

Chain zone_lan_dest_ACCEPT (4 references)
target     prot opt source               destination
ACCEPT     all  --  anywhere             anywhere             /* !fw3 */

Chain zone_lan_forward (1 references)
target     prot opt source               destination
forwarding_lan_rule  all  --  anywhere             anywhere             /* !fw3: Custom lan forwarding rule chain */
zone_wan_dest_ACCEPT  all  --  anywhere             anywhere             /* !fw3: Zone lan to wan forwarding policy */
ACCEPT     all  --  anywhere             anywhere             ctstate DNAT /* !fw3: Accept port forwards */
zone_lan_dest_ACCEPT  all  --  anywhere             anywhere             /* !fw3 */

Chain zone_lan_input (1 references)
target     prot opt source               destination
input_lan_rule  all  --  anywhere             anywhere             /* !fw3: Custom lan input rule chain */
ACCEPT     all  --  anywhere             anywhere             ctstate DNAT /* !fw3: Accept port redirections */
zone_lan_src_ACCEPT  all  --  anywhere             anywhere             /* !fw3 */

Chain zone_lan_output (1 references)
target     prot opt source               destination
output_lan_rule  all  --  anywhere             anywhere             /* !fw3: Custom lan output rule chain */
zone_lan_dest_ACCEPT  all  --  anywhere             anywhere             /* !fw3 */

Chain zone_lan_src_ACCEPT (1 references)
target     prot opt source               destination
ACCEPT     all  --  anywhere             anywhere             ctstate NEW,UNTRACKED /* !fw3 */

Chain zone_wan_dest_ACCEPT (2 references)
target     prot opt source               destination
DROP       all  --  anywhere             anywhere             ctstate INVALID /* !fw3: Prevent NAT leakage */
ACCEPT     all  --  anywhere             anywhere             /* !fw3 */
DROP       all  --  anywhere             anywhere             ctstate INVALID /* !fw3: Prevent NAT leakage */
ACCEPT     all  --  anywhere             anywhere             /* !fw3 */
DROP       all  --  anywhere             anywhere             ctstate INVALID /* !fw3: Prevent NAT leakage */
ACCEPT     all  --  anywhere             anywhere             /* !fw3 */

Chain zone_wan_dest_REJECT (1 references)
target     prot opt source               destination
reject     all  --  anywhere             anywhere             /* !fw3 */
reject     all  --  anywhere             anywhere             /* !fw3 */
reject     all  --  anywhere             anywhere             /* !fw3 */

Chain zone_wan_forward (3 references)
target     prot opt source               destination
MINIUPNPD  all  --  anywhere             anywhere
MINIUPNPD  all  --  anywhere             anywhere
forwarding_wan_rule  all  --  anywhere             anywhere             /* !fw3: Custom wan forwarding rule chain */
zone_lan_dest_ACCEPT  esp  --  anywhere             anywhere             /* !fw3: Allow-IPSec-ESP */
zone_lan_dest_ACCEPT  udp  --  anywhere             anywhere             udp dpt:isakmp /* !fw3: Allow-ISAKMP */
ACCEPT     all  --  anywhere             anywhere             ctstate DNAT /* !fw3: Accept port forwards */
zone_wan_dest_REJECT  all  --  anywhere             anywhere             /* !fw3 */

Chain zone_wan_input (3 references)
target     prot opt source               destination
input_wan_rule  all  --  anywhere             anywhere             /* !fw3: Custom wan input rule chain */
ACCEPT     udp  --  anywhere             anywhere             udp dpt:bootpc /* !fw3: Allow-DHCP-Renew */
ACCEPT     icmp --  anywhere             anywhere             icmp echo-request /* !fw3: Allow-Ping */
ACCEPT     igmp --  anywhere             anywhere             /* !fw3: Allow-IGMP */
ACCEPT     all  --  anywhere             anywhere             ctstate DNAT /* !fw3: Accept port redirections */
zone_wan_src_REJECT  all  --  anywhere             anywhere             /* !fw3 */

Chain zone_wan_output (3 references)
target     prot opt source               destination
output_wan_rule  all  --  anywhere             anywhere             /* !fw3: Custom wan output rule chain */
zone_wan_dest_ACCEPT  all  --  anywhere             anywhere             /* !fw3 */

Chain zone_wan_src_REJECT (1 references)
target     prot opt source               destination
reject     all  --  anywhere             anywhere             /* !fw3 */
reject     all  --  anywhere             anywhere             /* !fw3 */
reject     all  --  anywhere             anywhere             /* !fw3 */

psherman · September 13, 2023, 1:18am

This is not, in any way, OpenWrt. You will need to ask the maintainers of this firmware for help (that is not here -- the Github source may have contact or forum information for their build).

IceLitty · September 13, 2023, 6:08am

It may deeply modify openwrt? But the device control panel just includes some basic packages, their custom web control ui, and also has a default openwrt interface, I think my problem may be a wifi configuration error, but can't find any solutions, so I found this forum to ask for help

psherman · September 13, 2023, 6:35am

That is certainly possible. But that means it is not supportable here.

To be clear... this is not even based on any release version of OpenWrt. There is no such thing as 23.07 (there is 22.03, and soon 23.05).

Even if it is just a "deeply modified" version of OpenWrt, and even if it has the "default openwrt interface", it is a black box from the perspective of the official OpenWrt project and this community. We have no way to know what modifications they have made. And, from looking at the configs you posted, it is clear that those configs are not compatible with the official OpenWrt (they have major syntax differences that seem to be modifications on what was used in very old versions of OpenWrt). So we can't tell you if there is a configuration error because the config files are just so different.

You will need to reach out to the maintainers of that specific firmware for help -- that firmware is not supported or supportable here.

IceLitty · September 13, 2023, 7:26am

Thanks for help, I will figure out what happens with this problem and ask the device developer

psherman · September 13, 2023, 3:01pm

This topic was automatically closed after 8 hours. New replies are no longer allowed.