Unable to connect to internet. No port forwarding WAN to LAN?

I installed openwrt 19.07 on a TP Link MR200. I was able to configure interfaces and firewall. Connect to my ISP with PPPOE. I am guessing this was successful because the Interface was assigned an IP address and there were no errors. But what I am not able to do is have internet access on LAN connected devices. I am a novice in networking and don't even know where to start looking for problems. I have exhausted all that I could tinker. Here is my network conf:

network.loopback=interface
network.loopback.ifname='lo'
network.loopback.proto='static'
network.loopback.ipaddr='127.0.0.1'
network.loopback.netmask='255.0.0.0'
network.globals=globals
network.globals.ula_prefix=''
network.lan=interface
network.lan.type='bridge'
network.lan.proto='static'
network.lan.ipaddr='192.168.1.1'
network.lan.netmask='255.255.255.0'
network.lan.ip6assign='60'
network.lan.stp='1'
network.lan.ifname='eth0.2'
network.lan_eth0_1_dev=device
network.lan_eth0_1_dev.name='eth0.1'
network.lan_eth0_1_dev.macaddr= ''
network.wan_usb0_dev=device
network.wan_usb0_dev.name='usb0'
network.wan_usb0_dev.macaddr=''
network.@switch[0]=switch
network.@switch[0].name='switch0'
network.@switch[0].reset='1'
network.@switch[0].enable_vlan='1'
network.@switch_vlan[0]=switch_vlan
network.@switch_vlan[0].device='switch0'
network.@switch_vlan[0].vlan='1'
network.@switch_vlan[0].ports='6t 0 1 2'
network.@switch_vlan[0].vid='2'
network.@switch_vlan[1]=switch_vlan
network.@switch_vlan[1].device='switch0'
network.@switch_vlan[1].vlan='2'
network.@switch_vlan[1].ports='6t 3'
network.@switch_vlan[1].vid='1'
network.wan=interface
network.wan.ifname='eth0.1'
network.wan.proto='pppoe'
network.wan.username=''
network.wan.ipv6='auto'
network.wan.mtu='1480'
network.wan.service=''
network.wan.password=''
network.lte=interface
network.lte.ifname='usb0'
network.lte.proto='static'
network.lte.netmask='255.255.255.0'
network.lte.dns='192.168.225.1'
network.lte.ipaddr='192.168.225.100'
network.lte.gateway='192.168.225.1'
firewall.@defaults[0]=defaults
firewall.@defaults[0].input='ACCEPT'
firewall.@defaults[0].output='ACCEPT'
firewall.@defaults[0].forward='REJECT'
firewall.@defaults[0].synflood_protect='1'
firewall.@zone[0]=zone
firewall.@zone[0].name='wan'
firewall.@zone[0].output='ACCEPT'
firewall.@zone[0].mtu_fix='1'
firewall.@zone[0].input='ACCEPT'
firewall.@zone[0].forward='ACCEPT'
firewall.@zone[0].network='wan lte'
firewall.@zone[0].masq='1'
firewall.@rule[0]=rule
firewall.@rule[0].name='Allow-DHCP-Renew'
firewall.@rule[0].src='wan'
firewall.@rule[0].proto='udp'
firewall.@rule[0].dest_port='68'
firewall.@rule[0].target='ACCEPT'
firewall.@rule[0].family='ipv4'
firewall.@rule[1]=rule
firewall.@rule[1].name='Allow-Ping'
firewall.@rule[1].src='wan'
firewall.@rule[1].proto='icmp'
firewall.@rule[1].icmp_type='echo-request'
firewall.@rule[1].family='ipv4'
firewall.@rule[1].target='ACCEPT'
firewall.@rule[2]=rule
firewall.@rule[2].name='Allow-IGMP'
firewall.@rule[2].src='wan'
firewall.@rule[2].proto='igmp'
firewall.@rule[2].family='ipv4'
firewall.@rule[2].target='ACCEPT'
firewall.@rule[3]=rule
firewall.@rule[3].name='Allow-DHCPv6'
firewall.@rule[3].src='wan'
firewall.@rule[3].proto='udp'
firewall.@rule[3].src_ip='fc00::/6'
firewall.@rule[3].dest_ip='fc00::/6'
firewall.@rule[3].dest_port='546'
firewall.@rule[3].family='ipv6'
firewall.@rule[3].target='ACCEPT'
firewall.@rule[4]=rule
firewall.@rule[4].name='Allow-MLD'
firewall.@rule[4].src='wan'
firewall.@rule[4].proto='icmp'
firewall.@rule[4].src_ip='fe80::/10'
firewall.@rule[4].icmp_type='130/0' '131/0' '132/0' '143/0'
firewall.@rule[4].family='ipv6'
firewall.@rule[4].target='ACCEPT'
firewall.@rule[5]=rule
firewall.@rule[5].name='Allow-ICMPv6-Input'
firewall.@rule[5].src='wan'
firewall.@rule[5].proto='icmp'
firewall.@rule[5].icmp_type='echo-request' 'echo-reply' 'destination-unreachable' 'packet-too-big' 'time-exceeded' 'bad-header' 'unknown-header-type' 'router-solicitation' 'neighbour-solicitation' 'router-advertisement' 'neighbour-advertisement'
firewall.@rule[5].limit='1000/sec'
firewall.@rule[5].family='ipv6'
firewall.@rule[5].target='ACCEPT'
firewall.@rule[6]=rule
firewall.@rule[6].name='Allow-ICMPv6-Forward'
firewall.@rule[6].src='wan'
firewall.@rule[6].dest='*'
firewall.@rule[6].proto='icmp'
firewall.@rule[6].icmp_type='echo-request' 'echo-reply' 'destination-unreachable' 'packet-too-big' 'time-exceeded' 'bad-header' 'unknown-header-type'
firewall.@rule[6].limit='1000/sec'
firewall.@rule[6].family='ipv6'
firewall.@rule[6].target='ACCEPT'
firewall.@include[0]=include
firewall.@include[0].path='/etc/firewall.user'
firewall.@zone[1]=zone
firewall.@zone[1].name='lan'
firewall.@zone[1].input='ACCEPT'
firewall.@zone[1].network='lan'
firewall.@zone[1].output='ACCEPT'
firewall.@zone[1].forward='ACCEPT'
firewall.@forwarding[0]=forwarding
firewall.@forwarding[0].dest='wan'
firewall.@forwarding[0].src='lan'
firewall.@forwarding[1]=forwarding
firewall.@forwarding[1].dest='lan'
firewall.@forwarding[1].src='wan'
firewall.@redirect[0]=redirect
firewall.@redirect[0].src='wan'
firewall.@redirect[0].name='wan'
firewall.@redirect[0].src_dport='80'
firewall.@redirect[0].target='DNAT'
firewall.@redirect[0].dest='lan'
dhcp.@dnsmasq[0]=dnsmasq
dhcp.@dnsmasq[0].domainneeded='1'
dhcp.@dnsmasq[0].boguspriv='1'
dhcp.@dnsmasq[0].filterwin2k='0'
dhcp.@dnsmasq[0].localise_queries='1'
dhcp.@dnsmasq[0].rebind_protection='1'
dhcp.@dnsmasq[0].rebind_localhost='1'
dhcp.@dnsmasq[0].local='/lan/'
dhcp.@dnsmasq[0].domain='lan'
dhcp.@dnsmasq[0].expandhosts='1'
dhcp.@dnsmasq[0].nonegcache='0'
dhcp.@dnsmasq[0].authoritative='1'
dhcp.@dnsmasq[0].readethers='1'
dhcp.@dnsmasq[0].leasefile='/tmp/dhcp.leases'
dhcp.@dnsmasq[0].resolvfile='/tmp/resolv.conf.auto'
dhcp.@dnsmasq[0].nonwildcard='1'
dhcp.@dnsmasq[0].localservice='1'
dhcp.lan=dhcp
dhcp.lan.interface='lan'
dhcp.lan.start='100'
dhcp.lan.limit='150'
dhcp.lan.leasetime='12h'
dhcp.lan.dhcpv6='server'
dhcp.lan.ra='server'
dhcp.lan.ra_management='1'
dhcp.wan=dhcp
dhcp.wan.interface='wan'
dhcp.wan.ignore='1'
dhcp.odhcpd=odhcpd
dhcp.odhcpd.maindhcp='0'
dhcp.odhcpd.leasefile='/tmp/hosts/odhcpd'
dhcp.odhcpd.leasetrigger='/usr/sbin/odhcpd-update'
dhcp.odhcpd.loglevel='4'
==> /etc/resolv.conf <==
search lan
nameserver 127.0.0.1

==> /tmp/resolv.conf <==
search lan
nameserver 127.0.0.1

==> /tmp/resolv.conf.auto <==
# Interface lte
nameserver 192.168.225.1
# Interface wan
nameserver 8.8.8.8
nameserver 4.2.2.2

==> /tmp/resolv.conf.ppp <==
nameserver 8.8.8.8
nameserver 4.2.2.2
head: /tmp/resolv.*/*: No such file or directory
1: lo: <LOOPBACK,UP,LOWER_UP> mtu 65536 qdisc noqueue state UNKNOWN qlen 1000
    link/loopback 00:00:00:00:00:00 brd 00:00:00:00:00:00
    inet 127.0.0.1/8 scope host lo
       valid_lft forever preferred_lft forever
    inet6 ::1/128 scope host
       valid_lft forever preferred_lft forever
2: eth0: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc fq_codel state UNKNOWN qlen 1000
    link/ether "x" brd ff:ff:ff:ff:ff:ff
    inet6 "x" scope link
       valid_lft forever preferred_lft forever
5: usb0: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc fq_codel state UNKNOWN qlen 1000
    link/ether "x" brd ff:ff:ff:ff:ff:ff
    inet 192.168.225.100/24 brd 192.168.225.255 scope global usb0
       valid_lft forever preferred_lft forever
    inet6 "x" scope link
       valid_lft forever preferred_lft forever
154: br-lan: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc noqueue state UP qlen 1000
    link/ether "x" brd ff:ff:ff:ff:ff:ff
    inet 192.168.1.1/24 brd 192.168.1.255 scope global br-lan
       valid_lft forever preferred_lft forever
    inet6  "x" scope global
       valid_lft forever preferred_lft forever
   "x" scope link
       valid_lft forever preferred_lft forever
155: eth0.2@eth0: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc noqueue master br-lan state UP qlen 1000
    link/ether "x" brd ff:ff:ff:ff:ff:ff
158: wlan1: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc mq master br-lan state UP qlen 1000
    link/ether "x" brd ff:ff:ff:ff:ff:ff
    inet6 "x" scope link
       valid_lft forever preferred_lft forever
173: eth0.1@eth0: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc noqueue state UP qlen 1000
    link/ether "x" brd ff:ff:ff:ff:ff:ff
174: pppoe-wan: <POINTOPOINT,MULTICAST,NOARP,UP,LOWER_UP> mtu 1480 qdisc fq_codel state UNKNOWN qlen 3
    link/ppp
    inet "x" peer "x" scope global pppoe-wan
       valid_lft forever preferred_lft forever
default via 192.168.225.1 dev usb0
"x" dev pppoe-wan scope link  src "x"
192.168.1.0/24 dev br-lan scope link  src 192.168.1.1
192.168.225.0/24 dev usb0 scope link  src 192.168.225.100
0:      from all lookup local
32766:  from all lookup main
32767:  from all lookup default

Could anybody please help me connect to internet. I could be doing something very wrong. I don't want to go back to official firmware.

Thanks

can your clients ping anything on internet, like 8.8.8.8 ?

If it works, then it's probably a DNS issue.

1 Like

Check LTE and WAN separately, i.e. disable the other one while testing.

See also:
https://openwrt.org/docs/guide-user/network/wan/isp-configurations

Thanks , your replies are encouraging.

@frollic pinging from clients results a combination of request timed out and destination unreachable errors . No luck on diagnostics tab in Luci UI too.

@vgaetera Actually I do not need LTE at all. I added it to the interface to make it static @ 192.168.225.100 as suggested the router's device page. I deleted the LTE interface and tested again with no successful results to pings.

1 Like

Then it sounds like a FW issue.

You shouldn't really have to fiddle with the FW settings, just add the LTE WAN, and assign it to the WAN group for the FW to work properly.

I would suggest you run the firstboot command via ssh, to reset the router.
Configure the PPPoE, add the LTE and that should be it.

1 Like

Pings results from 127.0.0.1, if it helps. But 8.8.8.8 or any other IP is unreachable.

and if you ping from the router ?

@frollic I soft reset the router. Added PPPoE wan and added it to the wan zone. But not luck .
I want to tell you that when the router is reset, there are three interfaces already created.
1.) Lan bridge
2.) Wan on usb0, which is presumably the lte modem. This is set as dhcp4 client.
3.) Wan6 - dhcpv6 client.
What I did then is added a vlan switch with the 4th ethernet port separated out untagged. I turned it off in the switch which was pre-configured. I then proceeded to add PPPoE interface wanFibre to this switch at eth0.2. Added it to the wan zone. The zone listing changed in the firewall config from

list network 'wan'
list network 'wan6'

to

option network 'wan wan6 wanFiber'

I hope this is correct. If I think about it, you make sense, this should have been enough. But can't get network access on clients. I then made the wan static IP address just to be sure. (This is a related topic: Port forwarding and WAN ping reply don't work). No luck.

Any help is really appreciated

Skip the LTE for now.

Since you have the PPPoE and the LTE connected at the same time, you have two possible sources of errors.

Remove the LTE adapter, get the PPPoE up and running.
When that works, start playing around with the LTE.

2 Likes

Here are my network and firewall configs

config defaults
        option syn_flood '1'
        option input 'ACCEPT'
        option output 'ACCEPT'
        option forward 'REJECT'

config zone
        option name 'lan'
        list network 'lan'
        option input 'ACCEPT'
        option output 'ACCEPT'
        option forward 'ACCEPT'

config zone
        option name 'wan'
        option input 'REJECT'
        option output 'ACCEPT'
        option forward 'REJECT'
        option masq '1'
        option mtu_fix '1'
        option network 'wan wan6 wanFibre'

config forwarding
        option src 'lan'
        option dest 'wan'

config rule
        option name 'Allow-DHCP-Renew'
        option src 'wan'
        option proto 'udp'
        option dest_port '68'
        option target 'ACCEPT'
        option family 'ipv4'

config rule
        option name 'Allow-Ping'
        option src 'wan'
        option proto 'icmp'
        option icmp_type 'echo-request'
        option family 'ipv4'
        option target 'ACCEPT'

config rule
        option name 'Allow-IGMP'
        option src 'wan'
        option proto 'igmp'
        option family 'ipv4'
        option target 'ACCEPT'

config rule
        option name 'Allow-DHCPv6'
        option src 'wan'
        option proto 'udp'
        option src_ip 'fc00::/6'
        option dest_ip 'fc00::/6'
        option dest_port '546'
        option family 'ipv6'
        option target 'ACCEPT'

config rule
        option name 'Allow-MLD'
        option src 'wan'
        option proto 'icmp'
        option src_ip 'fe80::/10'
        list icmp_type '130/0'
        list icmp_type '131/0'
        list icmp_type '132/0'
        list icmp_type '143/0'
        option family 'ipv6'
        option target 'ACCEPT'

config rule
        option name 'Allow-ICMPv6-Input'
        option src 'wan'
        option proto 'icmp'
        list icmp_type 'echo-request'
        list icmp_type 'echo-reply'
        list icmp_type 'destination-unreachable'
        list icmp_type 'packet-too-big'
        list icmp_type 'time-exceeded'
        list icmp_type 'bad-header'
        list icmp_type 'unknown-header-type'
        list icmp_type 'router-solicitation'
        list icmp_type 'neighbour-solicitation'
        list icmp_type 'router-advertisement'
        list icmp_type 'neighbour-advertisement'
        option limit '1000/sec'
        option family 'ipv6'
        option target 'ACCEPT'

config rule
        option name 'Allow-ICMPv6-Forward'
        option src 'wan'
        option dest '*'
        option proto 'icmp'
        list icmp_type 'echo-request'
        list icmp_type 'echo-reply'
        list icmp_type 'destination-unreachable'
        list icmp_type 'packet-too-big'
        list icmp_type 'time-exceeded'
        list icmp_type 'bad-header'
        list icmp_type 'unknown-header-type'
        option limit '1000/sec'
        option family 'ipv6'
        option target 'ACCEPT'

config rule
        option name 'Allow-IPSec-ESP'
        option src 'wan'
        option dest 'lan'
        option proto 'esp'
        option target 'ACCEPT'

config rule
        option name 'Allow-ISAKMP'
        option src 'wan'
        option dest 'lan'
        option dest_port '500'
        option proto 'udp'
        option target 'ACCEPT'
config interface 'loopback'
        option ifname 'lo'
        option proto 'static'
        option ipaddr '127.0.0.1'
        option netmask '255.0.0.0'

config globals 'globals'
        option ula_prefix ''

config interface 'lan'
        option type 'bridge'
        option ifname 'eth0.1'
        option proto 'static'
        option ipaddr '192.168.1.1'
        option netmask '255.255.255.0'
        option ip6assign '60'

config device 'lan_eth0_1_dev'
        option name 'eth0.1'
        option macaddr ''

config interface 'wan'
        option ifname 'usb0'
        option proto 'static'
        option netmask '255.255.255.0'
        list dns '192.168.225.1'
        option ipaddr '192.168.225.100'
        option gateway '192.168.225.1'

config device 'wan_usb0_dev'
        option name 'usb0'
        option macaddr ''

config interface 'wan6'
        option ifname 'usb0'
        option proto 'dhcpv6'

config switch
        option name 'switch0'
        option reset '1'
        option enable_vlan '1'

config switch_vlan
        option device 'switch0'
        option vlan '1'
        option ports '6t 0 1 2'
        option vid '1'

config switch_vlan
        option device 'switch0'
        option vlan '2'
        option ports '6t 3'
        option vid '2'

config interface 'wanFibre'
        option ifname 'eth0.2'
        option proto 'pppoe'
        option username ''
        option ipv6 'auto'
        option mtu '1480'
        option service ''
        option password ''

@frollic The LTE adapter is built in. So its an LTE modem with a router functionality. Should I just delete the entries wan and wan6 from the interface list? Actually I don't even want the LTE support.

Ah yes, forgot about it ... sorry.

WAN6 is for ipv6, you could just disable it, if you don't need it.

WAN could be used for your PPPoE, assuming you reconfigure it accordingly.

1 Like

That is alright Frollic. Now I just have two interfaces - lan and wan. Wan configured as pppoe. I changed protocol on the LTE one. And deleted the wan6 interface. Still no luck.

Please let me know if I can try anything else.

Contact the ISP and verify your PPPoE settings.
Typically it requires non-empty username/password credentials.

I called my ISP and verified the logins from my routers . They confirmed it did indeed request and logged. I will check again after sometime. Can you guess anything else I could be missing. The device page says about setting a static IP on the wan usb.0 interface. I think I am not doing that right

Got it to work. And it just works neat.

I wanted to check if the router does any wan to lan port forwarding at all. So inserted a sim for the modem. Went to the modem's firmware interface and configured the APN settings. And internet worked instantly on clients connected to LAN port. Didn't have to modify any of the interfaces. So now I decided to test ethernet WAN and added another WAN interface. Set up a PC to share its internet through its ethernet port, to isolate the PPPoE issue. Connected cable to the WAN port and set up the WAN interface as a DHCP client. No Internet still. So went ahead and modified the original WAN interface (that came configured with the firmware) as static IP. And BOOM! Nice internet times.
Finally configured the newly created WAN interface as PPPoE connection and connected to my ISPs device. Everything works as expected.

Long story short: For WAN to work over ethernet, a NEW WAN interface needs to be added and the original needs to be set as static. I will details the steps in the next post and mark that as solved.
Thanks @frollic and @vgaetera for inspiring courage in openWRT .

Steps to use LTE Wan on MR 200:

1.) On a fresh installation head to this address: 192.168.225.1/login.html. This is the link for LTE Modem Firmware's webUI. This is not a part of openWRT installation.


2.) You should see the above page. Access the UI with admin/admin as default username and password.

3.) The UI will prompt to add a new user. Do that and make a note of it. You will only ever need this UI to update your LTE service's APN settings and check the status of this connection. Remember that this username/password is not related to openWRT as this is a separate firmware

4.) Click on Create button create a new Profile. Enter details relevant to your service provider and hit save.
5.) If you entered the details correctly the connection status will be updated in the status tab and you will see the network Icon updated.
6.) You don't have to create wireless network here. You can and should do it in the Luci interface. Just logout of this interface
7.) Head over to http://192.168.1.1/ , where you can edit wireless settings in Network > Wireless Section

You don't have to change any other setting. With the preconfigured settings, the router just works.

Steps to use Ethernet Wan on TP Link MR200

This is more involved than the above procedure but not that hard. On a fresh installation :

1.) Open the Luci Web interface at 192.168.1.1. By default the password is not set for the root user. ( you should do it later)
2.) Go the network > Switch. By default there is one VLAN created with all four ports untagged. We need to Add VLAN to isolate it as WAN. Its Vlan id will be 2 with port 4 selected as untagged. (Port 4 is marked a WAN/LAN port by manufacturer). Additionally it should be removed from Vlan1 (which was already present) by setting it off in that entry. The CPU should be tagged. At the end of this step your switches should look like this:


Hit save to commit changes.
3.) Head to Network > Interfaces. On a fresh installation, here you will find three interfaces. One for the lan bridge (br-lan), one for the modem's WAN DHCP client and lastly one for the WAN's DHCPv6 client. Leave this unchanged for now , instead click Add new Interface

4.) Enter a name for the interface. Set any protocol you wish to handle. I am setting it as PPPoE because I am connecting the ethernet cable from an upstream device of my ISP's PPPoE service. If you are receiving the cable from another router or modem that is already connected to an Internet service you might want to select the protocol as DHCP or Static based on how the upstream device is configured.


5.) Configure your protocol in the general Settings and advanced Settings tabs. This will be specific to your ISP/ use case.

6.) In the physical settings tab select eth0.2 as the interface. This was created from the VLAN switch we added earlier.


7.) In the Firewall Settings tab, add this interface to the WAN zone so that it looks like the below image. This is important to apply the correct preconfigured settings to this interface.

8.) Edit the predefined WAN interface configured on usb0. Set this to static address protocol. Set IPv4 Address to 192.168.225.100, Subnet mask to 255.255.255.0, IPV4 gateway to 192.168.225.1 and custom DNS servers to 192.168.225.1.
192.168.225.100 IP is basically a DMZ for the LTE modem that loops it out from the network, allowing our configured wan interface to forward onto the LAN. In the end the General Settings Tab should look like this:

If you don't do this step, lan-wan forwards wont work even if your router is successfully connected to upstream device.
9.) Leave the WAN6 unchanged. Click Save and Apply to commit changes

This should be enough access internet on LAN clients. No more settings changes should be needed.

This topic was automatically closed 10 days after the last reply. New replies are no longer allowed.