My router is a pre-build openwrt using Rockchip RK3568 chips and Quectel RM500U to use SIM card to connect Internet, This is the version info:
❯ uname -a
Linux IcyCat 6.1.40 #0 SMP Fri Aug 11 04:42:05 2023 aarch64 GNU/Linux
❯ cat /etc/openwrt_version
r5978-666cf9f31
❯ cat /etc/openwrt_release
DISTRIB_ID='photonicatWrt'
DISTRIB_RELEASE='23.07'
DISTRIB_TARGET='rockchip/armv8'
DISTRIB_ARCH='aarch64_generic'
DISTRIB_TAINTS='no-all busybox'
DISTRIB_REVISION='R23.4.1'
DISTRIB_DESCRIPTION='photonicatWrt '
Is my openwrt version 23.07? The pre-build source code is there:
This router has 2 physics WLAN cards, which are 2.4ghz and 5ghz in phy0-ap0 and phy1-ap0.
The problem is my laptop and phone connect to the same wifi example 5ghz, They can't reach each other's ports, and also can't ping each other, but Internet access is no problem.
Then toggle the phone to connect to 2.4g wifi, they can reach each other's ports and also can ping.
Try laptop connected to 2.4g and phone connected to 5g, can reach each other, but 2 devices connected to 2.4g can't.
I see the same article but can't resolve my problem, How can I resolve this?
Device now status flag:
❯ cat /sys/devices/virtual/net/br-lan/lower_phy0-ap0/brport/hairpin_mode
0
❯ cat /sys/devices/virtual/net/br-lan/lower_phy0-ap0/brport/multicast_to_unicast
0
❯ cat /sys/devices/virtual/net/br-lan/lower_phy0-ap0/brport/isolated
0
❯ cat /sys/devices/virtual/net/br-lan/lower_phy1-ap0/brport/hairpin_mode
0
❯ cat /sys/devices/virtual/net/br-lan/lower_phy1-ap0/brport/multicast_to_unicast
0
❯ cat /sys/devices/virtual/net/br-lan/lower_phy1-ap0/brport/isolated
0
Config file:
Also, I tried manually adding option isolate '0'
and option multicast_to_unicast '0'
to two wifi-iface, but it did not happen.
(when add multicast_to_unicast '0'
, can't access Internet and wifi connection is loss frequently, but also can't reach each other)
❯ cat /etc/config/wireless
config wifi-device 'radio0'
option disabled '0'
option type 'mac80211'
option path 'platform/fe2c0000.mmc/mmc_host/mmc2/mmc2:0001/mmc2:0001:1'
option channel '10'
option band '2g'
option htmode 'HT20'
option country 'CN'
option legacy_rates '1'
option mu_beamformer '1'
config wifi-iface 'default_radio0'
option device 'radio0'
option network 'lan'
option mode 'ap'
option encryption 'psk2'
option wps_pushbutton '0'
option disassoc_low_ack '0'
option ssid '********'
option key '********'
config wifi-device 'radio1'
option type 'mac80211'
option path '3c0800000.pcie/pci0002:20/0002:20:00.0/0002:21:00.0'
option band '5g'
option htmode 'HE80'
option legacy_rates '1'
option channel '40'
option country 'CN'
option mu_beamformer '1'
config wifi-iface 'default_radio1'
option device 'radio1'
option network 'lan'
option mode 'ap'
option encryption 'psk2'
option disassoc_low_ack '0'
option wps_pushbutton '0'
option ssid '********'
option key '********'
❯ cat /etc/config/network
config interface 'loopback'
option ifname 'lo'
option proto 'static'
option ipaddr '127.0.0.1'
option netmask '255.0.0.0'
config globals 'globals'
option ula_prefix 'fd1e:7270:ea04::/48'
option packet_steering '1'
config interface 'lan'
option type 'bridge'
option proto 'static'
option netmask '255.255.248.0'
option ipaddr '172.16.0.1'
option ip6class 'local'
option _orig_ifname 'eth1 phy0-ap0 phy1-ap0'
option _orig_bridge 'true'
option ifname 'eth1 phy0-ap0 phy1-ap0'
option ip6assign '64'
config interface 'wan'
option ifname 'eth0'
option proto 'dhcp'
option metric '1'
config interface 'wan6'
option ifname 'eth0'
option proto 'dhcpv6'
option metric '2'
option sourcefilter '0'
config interface 'VPN'
option ifname 'ipsec0'
option proto 'static'
option ipaddr '10.10.10.1'
option netmask '255.255.255.0'
config interface 'vpn0'
option ifname 'tun0'
option proto 'none'
config interface 'wwan_5g'
option proto 'dhcp'
option ifname 'usb0'
option metric '10'
option auto '0'
option hostname 'E5576-855'
config interface 'wwan_5g_v6'
option proto 'dhcpv6'
option ifname 'usb0'
option metric '11'
option auto '0'
option sourcefilter '0'
config interface 'wwan_lte'
option proto 'dhcp'
option ifname 'wwan0'
option metric '12'
config interface 'wwan_lte_v6'
option proto 'dhcpv6'
option ifname 'wwan0'
option metric '13'
option sourcefilter '0'
❯ cat /etc/config/firewall
config defaults
option syn_flood '1'
option input 'ACCEPT'
option output 'ACCEPT'
option forward 'REJECT'
option flow_offloading '1'
option flow_offloading_hw '1'
option fullcone '2'
config zone
option name 'lan'
option input 'ACCEPT'
option output 'ACCEPT'
option forward 'ACCEPT'
option network 'lan'
config zone
option name 'wan'
option input 'REJECT'
option output 'ACCEPT'
option forward 'REJECT'
option masq '1'
option masq6 '1'
option mtu_fix '1'
option network 'wan wan6 wwan_5g wwan_lte wwan_5g_v6 wwan_lte_v6'
config forwarding
option src 'lan'
option dest 'wan'
config rule
option name 'Allow-DHCP-Renew'
option src 'wan'
option proto 'udp'
option dest_port '68'
option target 'ACCEPT'
option family 'ipv4'
config rule
option name 'Allow-Ping'
option src 'wan'
option proto 'icmp'
option icmp_type 'echo-request'
option family 'ipv4'
option target 'ACCEPT'
config rule
option name 'Allow-IGMP'
option src 'wan'
option proto 'igmp'
option family 'ipv4'
option target 'ACCEPT'
config rule
option name 'Allow-DHCPv6'
option src 'wan'
option proto 'udp'
option src_ip 'fc00::/6'
option dest_ip 'fc00::/6'
option dest_port '546'
option family 'ipv6'
option target 'ACCEPT'
config rule
option name 'Allow-MLD'
option src 'wan'
option proto 'icmp'
option src_ip 'fe80::/10'
list icmp_type '130/0'
list icmp_type '131/0'
list icmp_type '132/0'
list icmp_type '143/0'
option family 'ipv6'
option target 'ACCEPT'
config rule
option name 'Allow-ICMPv6-Input'
option src 'wan'
option proto 'icmp'
list icmp_type 'echo-request'
list icmp_type 'echo-reply'
list icmp_type 'destination-unreachable'
list icmp_type 'packet-too-big'
list icmp_type 'time-exceeded'
list icmp_type 'bad-header'
list icmp_type 'unknown-header-type'
list icmp_type 'router-solicitation'
list icmp_type 'neighbour-solicitation'
list icmp_type 'router-advertisement'
list icmp_type 'neighbour-advertisement'
option limit '1000/sec'
option family 'ipv6'
option target 'ACCEPT'
config rule
option name 'Allow-ICMPv6-Forward'
option src 'wan'
option dest '*'
option proto 'icmp'
list icmp_type 'echo-request'
list icmp_type 'echo-reply'
list icmp_type 'destination-unreachable'
list icmp_type 'packet-too-big'
list icmp_type 'time-exceeded'
list icmp_type 'bad-header'
list icmp_type 'unknown-header-type'
option limit '1000/sec'
option family 'ipv6'
option target 'ACCEPT'
config rule
option name 'Allow-IPSec-ESP'
option src 'wan'
option dest 'lan'
option proto 'esp'
option target 'ACCEPT'
config rule
option name 'Allow-ISAKMP'
option src 'wan'
option dest 'lan'
option dest_port '500'
option proto 'udp'
option target 'ACCEPT'
config rule
option name 'Support-UDP-Traceroute'
option src 'wan'
option dest_port '33434:33689'
option proto 'udp'
option family 'ipv4'
option target 'REJECT'
option enabled '0'
config include
option path '/etc/firewall.user'
config include 'nat6'
option path '/etc/firewall.d/with_reload/90-nat6.fw'
option reload '1'
config include 'miniupnpd'
option type 'script'
option path '/usr/share/miniupnpd/firewall.include'
option family 'any'
option reload '1'
config include 'socat'
option type 'script'
option path '/var/etc/socat.include'
option reload '1'
config include 'mia'
option type 'script'
option path '/etc/mia.include'
option reload '1'
config include 'openclash'
option type 'script'
option path '/var/etc/openclash.include'
option reload '1'
config rule
option target 'ACCEPT'
option src 'wan'
option name 'ipv6'
option family 'ipv6'
option proto 'all'
option dest '*'
option enabled '0'
config rule
option target 'ACCEPT'
option src 'lan'
option dest 'lan'
option name 'Internal-Access'
option proto 'all'
option enabled '0'
I tried to use service firewall stop
to turn off the firewall at first, but still can't reach each other, may its not a firewall config problem?
❯ iptables -L
Chain INPUT (policy ACCEPT)
target prot opt source destination
SOCAT all -- anywhere anywhere
ACCEPT all -- anywhere anywhere /* !fw3 */
input_rule all -- anywhere anywhere /* !fw3: Custom input rule chain */
ACCEPT all -- anywhere anywhere ctstate RELATED,ESTABLISHED /* !fw3 */
syn_flood tcp -- anywhere anywhere tcp flags:FIN,SYN,RST,ACK/SYN /* !fw3 */
zone_lan_input all -- anywhere anywhere /* !fw3 */
zone_wan_input all -- anywhere anywhere /* !fw3 */
zone_wan_input all -- anywhere anywhere /* !fw3 */
zone_wan_input all -- anywhere anywhere /* !fw3 */
Chain FORWARD (policy DROP)
target prot opt source destination
forwarding_rule all -- anywhere anywhere /* !fw3: Custom forwarding rule chain */
FLOWOFFLOAD all -- anywhere anywhere /* !fw3: Traffic offloading */ ctstate RELATED,ESTABLISHED FLOWOFFLOAD hw
ACCEPT all -- anywhere anywhere ctstate RELATED,ESTABLISHED /* !fw3 */
zone_lan_forward all -- anywhere anywhere /* !fw3 */
zone_wan_forward all -- anywhere anywhere /* !fw3 */
zone_wan_forward all -- anywhere anywhere /* !fw3 */
zone_wan_forward all -- anywhere anywhere /* !fw3 */
reject all -- anywhere anywhere /* !fw3 */
Chain OUTPUT (policy ACCEPT)
target prot opt source destination
ACCEPT all -- anywhere anywhere /* !fw3 */
output_rule all -- anywhere anywhere /* !fw3: Custom output rule chain */
ACCEPT all -- anywhere anywhere ctstate RELATED,ESTABLISHED /* !fw3 */
zone_lan_output all -- anywhere anywhere /* !fw3 */
zone_wan_output all -- anywhere anywhere /* !fw3 */
zone_wan_output all -- anywhere anywhere /* !fw3 */
zone_wan_output all -- anywhere anywhere /* !fw3 */
Chain MINIUPNPD (2 references)
target prot opt source destination
Chain SOCAT (1 references)
target prot opt source destination
Chain forwarding_lan_rule (1 references)
target prot opt source destination
Chain forwarding_rule (1 references)
target prot opt source destination
Chain forwarding_wan_rule (1 references)
target prot opt source destination
Chain input_lan_rule (1 references)
target prot opt source destination
Chain input_rule (1 references)
target prot opt source destination
Chain input_wan_rule (1 references)
target prot opt source destination
Chain output_lan_rule (1 references)
target prot opt source destination
Chain output_rule (1 references)
target prot opt source destination
Chain output_wan_rule (1 references)
target prot opt source destination
Chain reject (7 references)
target prot opt source destination
REJECT tcp -- anywhere anywhere /* !fw3 */ reject-with tcp-reset
REJECT all -- anywhere anywhere /* !fw3 */ reject-with icmp-port-unreachable
Chain syn_flood (1 references)
target prot opt source destination
RETURN all -- anywhere anywhere limit: avg 25/sec burst 50 /* !fw3 */
DROP all -- anywhere anywhere /* !fw3 */
Chain zone_lan_dest_ACCEPT (4 references)
target prot opt source destination
ACCEPT all -- anywhere anywhere /* !fw3 */
Chain zone_lan_forward (1 references)
target prot opt source destination
forwarding_lan_rule all -- anywhere anywhere /* !fw3: Custom lan forwarding rule chain */
zone_wan_dest_ACCEPT all -- anywhere anywhere /* !fw3: Zone lan to wan forwarding policy */
ACCEPT all -- anywhere anywhere ctstate DNAT /* !fw3: Accept port forwards */
zone_lan_dest_ACCEPT all -- anywhere anywhere /* !fw3 */
Chain zone_lan_input (1 references)
target prot opt source destination
input_lan_rule all -- anywhere anywhere /* !fw3: Custom lan input rule chain */
ACCEPT all -- anywhere anywhere ctstate DNAT /* !fw3: Accept port redirections */
zone_lan_src_ACCEPT all -- anywhere anywhere /* !fw3 */
Chain zone_lan_output (1 references)
target prot opt source destination
output_lan_rule all -- anywhere anywhere /* !fw3: Custom lan output rule chain */
zone_lan_dest_ACCEPT all -- anywhere anywhere /* !fw3 */
Chain zone_lan_src_ACCEPT (1 references)
target prot opt source destination
ACCEPT all -- anywhere anywhere ctstate NEW,UNTRACKED /* !fw3 */
Chain zone_wan_dest_ACCEPT (2 references)
target prot opt source destination
DROP all -- anywhere anywhere ctstate INVALID /* !fw3: Prevent NAT leakage */
ACCEPT all -- anywhere anywhere /* !fw3 */
DROP all -- anywhere anywhere ctstate INVALID /* !fw3: Prevent NAT leakage */
ACCEPT all -- anywhere anywhere /* !fw3 */
DROP all -- anywhere anywhere ctstate INVALID /* !fw3: Prevent NAT leakage */
ACCEPT all -- anywhere anywhere /* !fw3 */
Chain zone_wan_dest_REJECT (1 references)
target prot opt source destination
reject all -- anywhere anywhere /* !fw3 */
reject all -- anywhere anywhere /* !fw3 */
reject all -- anywhere anywhere /* !fw3 */
Chain zone_wan_forward (3 references)
target prot opt source destination
MINIUPNPD all -- anywhere anywhere
MINIUPNPD all -- anywhere anywhere
forwarding_wan_rule all -- anywhere anywhere /* !fw3: Custom wan forwarding rule chain */
zone_lan_dest_ACCEPT esp -- anywhere anywhere /* !fw3: Allow-IPSec-ESP */
zone_lan_dest_ACCEPT udp -- anywhere anywhere udp dpt:isakmp /* !fw3: Allow-ISAKMP */
ACCEPT all -- anywhere anywhere ctstate DNAT /* !fw3: Accept port forwards */
zone_wan_dest_REJECT all -- anywhere anywhere /* !fw3 */
Chain zone_wan_input (3 references)
target prot opt source destination
input_wan_rule all -- anywhere anywhere /* !fw3: Custom wan input rule chain */
ACCEPT udp -- anywhere anywhere udp dpt:bootpc /* !fw3: Allow-DHCP-Renew */
ACCEPT icmp -- anywhere anywhere icmp echo-request /* !fw3: Allow-Ping */
ACCEPT igmp -- anywhere anywhere /* !fw3: Allow-IGMP */
ACCEPT all -- anywhere anywhere ctstate DNAT /* !fw3: Accept port redirections */
zone_wan_src_REJECT all -- anywhere anywhere /* !fw3 */
Chain zone_wan_output (3 references)
target prot opt source destination
output_wan_rule all -- anywhere anywhere /* !fw3: Custom wan output rule chain */
zone_wan_dest_ACCEPT all -- anywhere anywhere /* !fw3 */
Chain zone_wan_src_REJECT (1 references)
target prot opt source destination
reject all -- anywhere anywhere /* !fw3 */
reject all -- anywhere anywhere /* !fw3 */
reject all -- anywhere anywhere /* !fw3 */