I recently updated to 19.07.8 with the default config and am trying to disable my router from using IPv6 over the public internet. I have read several iterations of advice like this (or this). What I thought I could do is make the following edits to my default configs:
# /etc/config/network
…
config interface 'wan'
option ifname 'eth1.2'
option proto 'dhcp'
# Don't trust ISP-provided DNS servers …
option peerdns '0'
# … but use these instead
list dns '185.121.177.177'
list dns '169.239.202.202'
# this appears to have no effect
option ipv6 'off'
# Disable wan6
# config interface 'wan6'
# option ifname 'eth1.2'
# option proto 'dhcpv6'
…
# /etc/config/firewall
…
config zone
option name 'wan'
list network 'wan'
# Remove the only reference to wan6
# list network 'wan6'
option input 'REJECT'
option output 'ACCEPT'
option forward 'REJECT'
option masq '1'
option mtu_fix '1'…
# /etc/config/dhcp
config dnsmasq
…
option logqueries '1'
# Delegate to these DNS servers
list server '185.121.177.177'
list server '169.239.202.202'
…
What I'm trying to do is ensure that I do not have a public-facing IPv6 interface and that packets routed from my router to the public Internet use IPv4. I expected that the above configuration would do this and would route DNS requests to the indicated OpenNIC servers. However, what actually happens is that my router can't resolve any public address.
On my router:
root@…:~# date
Fri Sep 10 16:54:07 UTC 2021
root@…:~# nslookup openwrt.org
;; connection timed out; no servers could be reached
root@…:~# nslookup openwrt.org localhost
;; connection timed out; no servers could be reached
dnsmasq
log:
Fri Sep 10 16:54:37 2021 daemon.info dnsmasq[3391]: 937 127.0.0.1/40425 query[A] 3.openwrt.pool.ntp.org from 127.0.0.1
Fri Sep 10 16:54:37 2021 daemon.info dnsmasq[3391]: 937 127.0.0.1/40425 forwarded 3.openwrt.pool.ntp.org to 169.239.202.202
Fri Sep 10 16:54:37 2021 daemon.info dnsmasq[3391]: 937 127.0.0.1/40425 forwarded 3.openwrt.pool.ntp.org to 185.121.177.177
Fri Sep 10 16:54:37 2021 daemon.info dnsmasq[3391]: 937 127.0.0.1/40425 forwarded 3.openwrt.pool.ntp.org to 185.121.177.177
Fri Sep 10 16:54:37 2021 daemon.info dnsmasq[3391]: 937 127.0.0.1/40425 forwarded 3.openwrt.pool.ntp.org to 169.239.202.202
Fri Sep 10 16:54:37 2021 daemon.info dnsmasq[3391]: 938 127.0.0.1/40425 query[AAAA] 3.openwrt.pool.ntp.org from 127.0.0.1
Fri Sep 10 16:54:37 2021 daemon.info dnsmasq[3391]: 938 127.0.0.1/40425 forwarded 3.openwrt.pool.ntp.org to 169.239.202.202
Fri Sep 10 16:54:37 2021 daemon.info dnsmasq[3391]: 938 127.0.0.1/40425 forwarded 3.openwrt.pool.ntp.org to 185.121.177.177
Fri Sep 10 16:54:37 2021 daemon.info dnsmasq[3391]: 938 127.0.0.1/40425 forwarded 3.openwrt.pool.ntp.org to 185.121.177.177
Fri Sep 10 16:54:37 2021 daemon.info dnsmasq[3391]: 938 127.0.0.1/40425 forwarded 3.openwrt.pool.ntp.org to 169.239.202.202
A similar behavior exists if I try to perform a lookup from one of the devices on my private lan
:
% nslookup openwrt.org 192.168.254.1 # router IP
;; connection timed out; no servers could be reached
I can ping
and traceroute
raw IPs from both my router and lan
devices:
root@…:~# ping 8.8.8.8
PING 8.8.8.8 (8.8.8.8): 56 data bytes
64 bytes from 8.8.8.8: seq=0 ttl=117 time=19.248 ms
64 bytes from 8.8.8.8: seq=1 ttl=117 time=17.440 ms
64 bytes from 8.8.8.8: seq=2 ttl=117 time=19.615 ms
64 bytes from 8.8.8.8: seq=3 ttl=117 time=18.472 ms
^C
--- 8.8.8.8 ping statistics ---
4 packets transmitted, 4 packets received, 0% packet loss
round-trip min/avg/max = 17.440/18.693/19.615 ms
root@…:~# traceroute 8.8.8.8
traceroute to 8.8.8.8 (8.8.8.8), 30 hops max, 38 byte packets
1 <ISP_IP> (<ISP_IP>) 7.114 ms 9.264 ms 8.993 ms
2 … 10.262 ms 8.126 ms 8.746 ms
3 … 8.901 ms 7.333 ms 8.533 ms
4 … 9.521 ms 9.862 ms 9.997 ms
5 … 20.095 ms 21.352 ms 20.143 ms
6 … 18.098 ms 18.898 ms 18.147 ms
7 … 18.532 ms 75.149.231.226 (75.149.231.226) 17.876 ms 18.752 ms
8 * * *
9 8.8.8.8 (8.8.8.8) 20.740 ms 17.848 ms 18.746 ms
My interfaces:
root@…:~# ifconfig
…
eth1.2 Link encap:Ethernet HWaddr …
inet addr:<ISP_ASSIGNED_IP> Bcast:<ISP_ASSIGNED_BCAST_IP> Mask:255.255.254.0
inet6 addr: fe80::6238:…/64 Scope:Link
UP BROADCAST RUNNING MULTICAST MTU:1500 Metric:1
RX packets:742 errors:0 dropped:0 overruns:0 frame:0
TX packets:11923 errors:0 dropped:0 overruns:0 carrier:0
collisions:0 txqueuelen:1000
RX bytes:193143 (188.6 KiB) TX bytes:958142 (935.6 KiB)
wlan0 Link encap:Ethernet HWaddr …
inet6 addr: fe80::6038:…/64 Scope:Link
UP BROADCAST RUNNING MULTICAST MTU:1500 Metric:1
RX packets:6046 errors:0 dropped:0 overruns:0 frame:0
TX packets:2085 errors:0 dropped:0 overruns:0 carrier:0
collisions:0 txqueuelen:1000
RX bytes:587155 (573.3 KiB) TX bytes:1459993 (1.3 MiB)
wlan1 Link encap:Ethernet HWaddr …
inet6 addr: fe80::6038:…/64 Scope:Link
UP BROADCAST RUNNING MULTICAST MTU:1500 Metric:1
RX packets:0 errors:0 dropped:0 overruns:0 frame:0
TX packets:133 errors:0 dropped:0 overruns:0 carrier:0
collisions:0 txqueuelen:1000
RX bytes:0 (0.0 B) TX bytes:39056 (38.1 KiB)