Unable to ping to openwrt.org from new AP

KOA · August 30, 2025, 5:52am

I have connected modem’s lan port to AP lan port. I can access internet via wifi, but I am unable to ping openwrt.org

Network


config interface 'loopback'
	option device 'lo'
	option proto 'static'
	option ipaddr '127.0.0.1'
	option netmask '255.0.0.0'

config globals 'globals'
	option ula_prefix 'fd4b:ff2d:7fa::/48'
	option packet_steering '1'

config device
	option name 'br-lan'
	option type 'bridge'
	list ports 'lan1'
	list ports 'lan2'
	list ports 'lan3'
	list ports 'lan4'

config interface 'lan'
	option device 'br-lan'
	option proto 'static'
	option ipaddr '192.168.18.2'
	option netmask '255.255.255.0'
	option ip6assign '60'
	option gateway '192.168.18.1'

config interface 'wwan'
	option proto 'dhcp'

config interface 'wlan'
	option proto 'dhcp'
	option defaultroute '0'

DHCP

config dnsmasq
	option domainneeded '1'
	option boguspriv '1'
	option filterwin2k '0'
	option localise_queries '1'
	option rebind_protection '1'
	option rebind_localhost '1'
	option local '/lan/'
	option domain 'lan'
	option expandhosts '1'
	option nonegcache '0'
	option cachesize '1000'
	option authoritative '1'
	option readethers '1'
	option leasefile '/tmp/dhcp.leases'
	option resolvfile '/tmp/resolv.conf.d/resolv.conf.auto'
	option nonwildcard '1'
	option localservice '1'
	option ednspacket_max '1232'
	option filter_aaaa '0'
	option filter_a '0'

config dhcp 'lan'
	option interface 'lan'
	option start '100'
	option limit '150'
	option leasetime '12h'
	option dhcpv4 'server'
	option ignore '1'

config odhcpd 'odhcpd'
	option maindhcp '0'
	option leasefile '/tmp/hosts/odhcpd'
	option leasetrigger '/usr/sbin/odhcpd-update'
	option loglevel '4'

firewall


config defaults
	option syn_flood '1'
	option input 'REJECT'
	option output 'ACCEPT'
	option forward 'REJECT'

config zone
	option name 'lan'
	option input 'ACCEPT'
	option output 'ACCEPT'
	option forward 'ACCEPT'
	list network 'lan'
	list network 'wwan'

config zone
	option name 'wan'
	option input 'REJECT'
	option output 'ACCEPT'
	option forward 'REJECT'
	option masq '1'
	option mtu_fix '1'

config forwarding
	option src 'lan'
	option dest 'wan'

config rule
	option name 'Allow-DHCP-Renew'
	option src 'wan'
	option proto 'udp'
	option dest_port '68'
	option target 'ACCEPT'
	option family 'ipv4'

config rule
	option name 'Allow-Ping'
	option src 'wan'
	option proto 'icmp'
	option icmp_type 'echo-request'
	option family 'ipv4'
	option target 'ACCEPT'

config rule
	option name 'Allow-IGMP'
	option src 'wan'
	option proto 'igmp'
	option family 'ipv4'
	option target 'ACCEPT'

config rule
	option name 'Allow-DHCPv6'
	option src 'wan'
	option proto 'udp'
	option dest_port '546'
	option family 'ipv6'
	option target 'ACCEPT'

config rule
	option name 'Allow-MLD'
	option src 'wan'
	option proto 'icmp'
	option src_ip 'fe80::/10'
	list icmp_type '130/0'
	list icmp_type '131/0'
	list icmp_type '132/0'
	list icmp_type '143/0'
	option family 'ipv6'
	option target 'ACCEPT'

config rule
	option name 'Allow-ICMPv6-Input'
	option src 'wan'
	option proto 'icmp'
	list icmp_type 'echo-request'
	list icmp_type 'echo-reply'
	list icmp_type 'destination-unreachable'
	list icmp_type 'packet-too-big'
	list icmp_type 'time-exceeded'
	list icmp_type 'bad-header'
	list icmp_type 'unknown-header-type'
	list icmp_type 'router-solicitation'
	list icmp_type 'neighbour-solicitation'
	list icmp_type 'router-advertisement'
	list icmp_type 'neighbour-advertisement'
	option limit '1000/sec'
	option family 'ipv6'
	option target 'ACCEPT'

config rule
	option name 'Allow-ICMPv6-Forward'
	option src 'wan'
	option dest '*'
	option proto 'icmp'
	list icmp_type 'echo-request'
	list icmp_type 'echo-reply'
	list icmp_type 'destination-unreachable'
	list icmp_type 'packet-too-big'
	list icmp_type 'time-exceeded'
	list icmp_type 'bad-header'
	list icmp_type 'unknown-header-type'
	option limit '1000/sec'
	option family 'ipv6'
	option target 'ACCEPT'

config rule
	option name 'Allow-IPSec-ESP'
	option src 'wan'
	option dest 'lan'
	option proto 'esp'
	option target 'ACCEPT'

config rule
	option name 'Allow-ISAKMP'
	option src 'wan'
	option dest 'lan'
	option dest_port '500'
	option proto 'udp'
	option target 'ACCEPT'

config zone
	option input 'ACCEPT'
	option name 'sun'
	option output 'ACCEPT'
	option forward 'ACCEPT'
	option masq '1'
	list network 'wlan'

config redirect
	option name 'SUN2000'
	option target 'DNAT'
	option src 'lan'
	option src_dport '6607'
	option dest 'sun'
	option dest_ip '192.168.200.1'
	option dest_port '6607'
	list proto 'tcp'

wireless


config wifi-device 'radio0'
	option type 'mac80211'
	option path '1e140000.pcie/pci0000:00/0000:00:01.0/0000:02:00.0'
	option band '2g'
	option channel '11'
	option htmode 'HT20'
	option cell_density '0'

config wifi-iface 'default_radio0'
	option device 'radio0'
	option network 'lan'
	option mode 'ap'
	option ssid 'OpenWrt-S3'
	option encryption 'psk-mixed'
	option key 'xxxxxxxxxxx'

config wifi-device 'radio1'
	option type 'mac80211'
	option path '1e140000.pcie/pci0000:00/0000:00:00.0/0000:01:00.0'
	option band '5g'
	option channel 'auto'
	option htmode 'VHT80'
	option cell_density '0'

config wifi-iface 'default_radio1'
	option device 'radio1'
	option network 'lan'
	option mode 'ap'
	option ssid 'OpenWrt-S3-5G'
	option encryption 'psk-mixed'
	option key 'xxxxxxxxxxxx'

config wifi-iface 'wifinet2'
	option device 'radio0'
	option mode 'sta'
	option network 'wlan'
	option ssid 'SUN2000-HVxxxxxxxxxxx'
	option encryption 'psk2'
	option key 'Changeme'

psherman · August 30, 2025, 5:53am

You're missing DNS. I'm assuming it's the same as your gateway...

Add:

	option dns '192.168.18.1'

Then reboot and test again.

psherman · August 30, 2025, 6:03am

looking more closely... I see this:

What is the uplink? Is it wired or wireless?

KOA · August 30, 2025, 6:04am

I am replacing my old Netgear with this new estilat S3 which is new openwrt router in this diagram. just assume the ip of primary modem to be 192.168.18.1 and of openwrt 192.168.18.2

psherman · August 30, 2025, 6:07am

ok... try the DNS fix.... that's necessary. If that doesn't work, the problem may be with that sta mode connection -- we'll want to look at route to see what's going on.

KOA · August 30, 2025, 6:11am

PING openwrt.org (64.226.122.113): 56 data bytes
64 bytes from 64.226.122.113: seq=0 ttl=47 time=138.078 ms
64 bytes from 64.226.122.113: seq=1 ttl=47 time=136.828 ms
64 bytes from 64.226.122.113: seq=2 ttl=47 time=136.855 ms
64 bytes from 64.226.122.113: seq=3 ttl=47 time=137.141 ms
64 bytes from 64.226.122.113: seq=4 ttl=47 time=136.771 ms

--- openwrt.org ping statistics ---
5 packets transmitted, 5 packets received, 0% packet loss
round-trip min/avg/max = 136.771/137.134/138.078 ms

KOA · August 30, 2025, 6:15am

this issue seems to be fixed but other one remains. I can ping the inverter from router itself but not from homeassistant

psherman · August 30, 2025, 6:18am

Glad that it’s working now.

For the remaining issue, review the config from the netgear ap as a starting point. If that first help, start a new thread for a deeper dive.

system · September 9, 2025, 6:18am

This topic was automatically closed 10 days after the last reply. New replies are no longer allowed.