Unable to access modem through router

Hi all,

I've been running OpenWRT on my former IQRouter (Zbtlink ZBT-WE1326) greatly appreciating the SQM app.

I've search for my topic because surely I can't be the first with this issue, and have read many of the relevant hits that were returned with no solution.

When I follow the wiki article for luci, I can ping my modem's IP successfully but the web page that is opened is the luci login page.

I did not attempt the cli steps as I didn't understand what changes it would make.

I've tried defining the modem interface as @wan, eth0, and wan, with no ability to access the modem's management GUI.

I did verify that I can access the modem's gui by directly connecting a laptop to an ethernet port on the modem. So the gui is still functional.

Here are my system details as well as Network, Firewall, and DHCP.

System

{
        "kernel": "5.15.150",
        "hostname": "OpenWrt",
        "system": "MediaTek MT7621 ver:1 eco:3",
        "model": "Zbtlink ZBT-WE1326",
        "board_name": "zbtlink,zbt-we1326",
        "rootfs_type": "squashfs",
        "release": {
                "distribution": "OpenWrt",
                "version": "23.05.3",
                "revision": "r23809-234f1a2efa",
                "target": "ramips/mt7621",
                "description": "OpenWrt 23.05.3 r23809-234f1a2efa"
        }
}

Network

config interface 'loopback'
        option device 'lo'
        option proto 'static'
        option ipaddr '127.0.0.1'
        option netmask '255.0.0.0'

config globals 'globals'
        option ula_prefix 'fd50:f03b:24af::/48'
        option packet_steering '1'

config device
        option name 'br-lan'
        option type 'bridge'
        list ports 'lan1'
        list ports 'lan2'
        list ports 'lan3'
        list ports 'lan4'

config interface 'lan'
        option device 'br-lan'
        option proto 'static'
        option ipaddr '192.168.1.1'
        option netmask '255.255.255.0'
        option ip6assign '60'

config interface 'wan'
        option device 'wan'
        option proto 'pppoe'
        option username 'xxx'
        option password 'xxx'
        option ipv6 '0'
        option mtu '1500'
        option peerdns '0'
        list dns '208.67.222.222'
        list dns '208.67.222.220'
        list dns '208.67.220.123'
        list dns '208.67.220.220'
        list dns '205.171.3.65'
        list dns '205.171.2.65'
        list dns '205.171.3.25'

config interface 'modem'
        option proto 'static'
        option device '@wan'
        option ipaddr '192.168.0.2'
        option netmask '255.255.255.0'
		
Firewall

config defaults
        option input 'REJECT'
        option output 'ACCEPT'
        option forward 'REJECT'
        option synflood_protect '1'

config zone
        option name 'lan'
        option input 'ACCEPT'
        option output 'ACCEPT'
        option forward 'ACCEPT'
        list network 'lan'

config zone
        option name 'wan'
        option input 'REJECT'
        option output 'ACCEPT'
        option forward 'REJECT'
        option masq '1'
        option mtu_fix '1'
        list network 'modem'
        list network 'wan'

config forwarding
        option src 'lan'
        option dest 'wan'

config rule
        option name 'Allow-DHCP-Renew'
        option src 'wan'
        option proto 'udp'
        option dest_port '68'
        option target 'ACCEPT'
        option family 'ipv4'

config rule
        option name 'Allow-Ping'
        option src 'wan'
        option proto 'icmp'
        option family 'ipv4'
        option target 'ACCEPT'
        list icmp_type 'echo-request'

config rule
        option name 'Allow-IGMP'
        option src 'wan'
        option proto 'igmp'
        option family 'ipv4'
        option target 'ACCEPT'

config rule
        option name 'Allow-DHCPv6'
        option src 'wan'
        option proto 'udp'
        option dest_port '546'
        option family 'ipv6'
        option target 'ACCEPT'

config rule
        option name 'Allow-MLD'
        option src 'wan'
        option proto 'icmp'
        option src_ip 'fe80::/10'
        list icmp_type '130/0'
        list icmp_type '131/0'
        list icmp_type '132/0'
        list icmp_type '143/0'
        option family 'ipv6'
        option target 'ACCEPT'

config rule
        option name 'Allow-ICMPv6-Input'
        option src 'wan'
        option proto 'icmp'
        list icmp_type 'echo-request'
        list icmp_type 'echo-reply'
        list icmp_type 'destination-unreachable'
        list icmp_type 'packet-too-big'
        list icmp_type 'time-exceeded'
        list icmp_type 'bad-header'
        list icmp_type 'unknown-header-type'
        list icmp_type 'router-solicitation'
        list icmp_type 'neighbour-solicitation'
        list icmp_type 'router-advertisement'
        list icmp_type 'neighbour-advertisement'
        option limit '1000/sec'
        option family 'ipv6'
        option target 'ACCEPT'

config rule
        option name 'Allow-ICMPv6-Forward'
        option src 'wan'
        option dest '*'
        option proto 'icmp'
        list icmp_type 'echo-request'
        list icmp_type 'echo-reply'
        list icmp_type 'destination-unreachable'
        list icmp_type 'packet-too-big'
        list icmp_type 'time-exceeded'
        list icmp_type 'bad-header'
        list icmp_type 'unknown-header-type'
        option limit '1000/sec'
        option family 'ipv6'
        option target 'ACCEPT'

config rule
        option name 'Allow-IPSec-ESP'
        option src 'wan'
        option dest 'lan'
        option proto 'esp'
        option target 'ACCEPT'

config rule
        option name 'Allow-ISAKMP'
        option src 'wan'
        option dest 'lan'
        option dest_port '500'
        option proto 'udp'
        option target 'ACCEPT'
		
DHCP

config dnsmasq
        option domainneeded '1'
        option boguspriv '1'
        option filterwin2k '0'
        option localise_queries '1'
        option rebind_protection '1'
        option rebind_localhost '1'
        option local '/lan/'
        option domain 'lan'
        option expandhosts '1'
        option nonegcache '0'
        option cachesize '1000'
        option authoritative '1'
        option readethers '1'
        option leasefile '/tmp/dhcp.leases'
        option resolvfile '/tmp/resolv.conf.d/resolv.conf.auto'
        option nonwildcard '1'
        option localservice '1'
        option ednspacket_max '1232'
        option filter_aaaa '0'
        option filter_a '0'

config dhcp 'lan'
        option interface 'lan'
        option start '100'
        option limit '150'
        option leasetime '12h'
        option dhcpv4 'server'
        option dhcpv6 'server'
        option ra 'server'
        option ra_slaac '1'
        list ra_flags 'managed-config'
        list ra_flags 'other-config'

config dhcp 'wan'
        option interface 'wan'
        option ignore '1'

config odhcpd 'odhcpd'
        option maindhcp '0'
        option leasefile '/tmp/hosts/odhcpd'
        option leasetrigger '/usr/sbin/odhcpd-update'
        option loglevel '3'

config host
        option name 'Garagedweller'
        option ip '192.168.1.222'
        option mac 'xxx'

config host
        option name 'BRWA83B76F18232'
        option ip '192.168.1.174'
        option mac 'xxx'

thanks for any help you can provide.

nm, misunderstood the wiki page.

No, for some reason he has his IPv4 WAN interface defined twice. Once as regular 'wan', once as 'modem' and set that to a static 192.168.0.2, which makes the modem probably 192.168.0.1.

I suppose the 'modem' interface is so he can reach his modem.

1 Like

I think this should be wan as this needs to be parallel the pppoe link, not on top of it (but that alone does not fix the problem I guess as you already tried...)

Could you do that and take a packet capture please? Then have a look at the value in the TTL field of packets from the modem to the laptop. Some companies think that forcing TTL 1 makes configuring their devices more secure...

3 Likes

I'll repeat testing wan today to see if I somehow missed a step.

I'll look at packet capture today as well.

thanks for the support

Also, should I execute the cli instructions as written to see if this resolves it? Specifically this section:

If the WAN L2 device doesn't match L3 device like in case of **PPPoE**, change the modem interface.

# Fetch WAN L2 device
. /lib/functions/network.sh
network_flush_cache
network_find_wan NET_IF
network_get_physdev NET_L2D "${NET_IF}"
 
# Configure network
uci set network.modem.device="${NET_L2D}"
uci commit network
service network restart

Not sure whether that will help much...
in my case this resolves to wan, yet I use eth2.42, but I am using two different VLANs to separate out internet traffic and traffic to my modem's UI.

Retried setting the modem interface to wan and entering the correct IP for the modem (.1 NOT .2) in my browser brought me to the modem's GUI.

I wrongly thought that setting the modem static IP was somehow changing what IP I should enter into my browser to access the GUI.

So with the modem device defined as @wan and the correct IP in my browser I just get a time out. With the modem device defined as wan and using the correct IP in my browser I get access to the modem GUI.

Thanks for the help.

1 Like

Excellent that makes IMHO a ton of sense, as @wan in your case would translate to pppoe-wan, but the pppoe packets are not decapsulated at the modem...

This topic was automatically closed 10 days after the last reply. New replies are no longer allowed.