viktak
October 21, 2024, 8:17am
1
Dear All,
I tried adding a static route like this:
config route
option interface 'lan'
option target '0.0.0.0'
option netmask '255.255.255.255'
option gateway '192.168.123.6'
This reports:
root@OfficeAP:~# ip route show
0.0.0.0 via 192.168.123.6 dev br-lan
default via 192.168.43.254 dev internet
192.168.43.0/24 dev internet scope link src 192.168.43.100
192.168.123.0/24 dev br-lan scope link src 192.168.123.2
Anybody could put me in the right direction?
Thanks in advance!!!!
add DNS and default gw to the LAN side config, or reconfigure it as DHCP client, instead of static IP.
viktak
October 21, 2024, 8:49am
4
This guide describes what I was doing in the first place, plus setting the DNS, as @frollic also mentioned.
So the only change is that I added my DNS server.
Still, doesn't work.
Here is the relevant section of /etc/config/network
config interface 'lan'
option device 'br-lan'
option proto 'static'
option netmask '255.255.255.0'
option ip6assign '60'
option ipaddr '192.168.123.2'
option gateway '192.168.123.6'
option defaultroute '0'
list dns '192.168.123.3'
I think, the problem is here, in the last line:
root@OfficeAP:~# ip route show
default via 192.168.43.254 dev internet
192.168.43.0/24 dev internet scope link src 192.168.43.100
192.168.123.0/24 dev br-lan scope link src 192.168.123.2
It is somehow set to 192.168.123.2 (which is itself, as it used to work). The problem is that I can't seem to change that.
viktak:
option defaultroute '0'
should probably be removed, I don't have it configured on my APs.
1 Like
viktak
October 21, 2024, 9:01am
6
Just tried this, but no luck. Ping still doesn't work, although name resolution seems to be OK:
root@OfficeAP:~# ping openwrt.org
PING openwrt.org (64.226.122.113): 56 data bytes
... then nothing....
do you still have the wan interface ? or have you removed it ?
viktak
October 21, 2024, 9:05am
8
Still have it, I haven't done anything to it - simply unplugged the cable from it when I retired it from its old post.
Please connect to your OpenWrt device using ssh and copy the output of the following commands and post it here using the "Preformatted text </> " button:
ubus call system board
cat /etc/config/network
cat /etc/config/wireless
cat /etc/config/dhcp
cat /etc/config/firewall
viktak
October 21, 2024, 9:35am
10
Here we go:
root@OfficeAP:~# ubus call system board
{
"kernel": "5.4.154",
"hostname": "OfficeAP",
"system": "Feroceon 88FR131 rev 1 (v5l)",
"model": "Linksys EA3500 (Audi)",
"board_name": "linksys,ea3500",
"release": {
"distribution": "OpenWrt",
"version": "21.02.1",
"revision": "r16325-88151b8303",
"target": "kirkwood/generic",
"description": "OpenWrt 21.02.1 r16325-88151b8303"
}
}
root@OfficeAP:~# cat /etc/config/network
config interface 'loopback'
option device 'lo'
option proto 'static'
option ipaddr '127.0.0.1'
option netmask '255.0.0.0'
config globals 'globals'
option ula_prefix 'fd14:e0e7:ffb3::/48'
config device
option name 'br-lan'
option type 'bridge'
list ports 'ethernet1'
list ports 'ethernet2'
list ports 'ethernet3'
list ports 'ethernet4'
option ipv6 '0'
config interface 'lan'
option device 'br-lan'
option proto 'static'
option netmask '255.255.255.0'
option ip6assign '60'
option ipaddr '192.168.123.2'
option gateway '192.168.123.6'
# option defaultroute '0'
list dns '192.168.123.3'
config device
option name 'internet'
option macaddr '*****'
config interface 'wan'
option device 'internet'
option proto 'static'
option ipaddr '192.168.43.100'
option netmask '255.255.255.0'
option gateway '192.168.43.254'
config interface 'wan6'
option device 'internet'
option proto 'dhcpv6'
root@OfficeAP:~# cat /etc/config/wireless
config wifi-device 'radio0'
option type 'mac80211'
option hwmode '11g'
option path 'mbus@f1000000/mbus@f1000000:pcie@82000000/pci0000:00/0000:00:01.0/0000:01:00.0'
option txpower '20'
option country 'GR'
option cell_density '1'
option htmode 'HT40'
option channel '3'
config wifi-iface 'default_radio0'
option device 'radio0'
option mode 'ap'
option ssid 'Gunther'
option key '*****************'
option wpa_disable_eapol_key_retries '1'
option network 'lan'
option encryption 'sae-mixed'
option ieee80211w '0'
config wifi-device 'radio1'
option type 'mac80211'
option channel '36'
option hwmode '11a'
option path 'mbus@f1000000/mbus@f1000000:pcie@82000000/pci0000:00/0000:00:02.0/0000:02:00.0'
option htmode 'HT20'
option txpower '23'
option country 'GR'
option cell_density '1'
option disabled '1'
config wifi-iface 'default_radio1'
option device 'radio1'
option network 'lan'
option mode 'ap'
option ssid 'SuperGiga'
option encryption 'sae-mixed'
option key '*******'
option disabled '1'
root@OfficeAP:~# cat /etc/config/dhcp
config dnsmasq
option domainneeded '1'
option localise_queries '1'
option rebind_protection '1'
option rebind_localhost '1'
option expandhosts '1'
option authoritative '1'
option readethers '1'
option leasefile '/tmp/dhcp.leases'
option resolvfile '/tmp/resolv.conf.d/resolv.conf.auto'
option localservice '1'
option ednspacket_max '1232'
option enable_tftp '1'
option tftp_root '/mnt/sda1/tftp_root'
list server '192.168.123.3'
option domain 'viktak.cc'
option local '/viktak.cc/'
config dhcp 'lan'
option interface 'lan'
option start '100'
option limit '50'
option dhcpv4 'server'
option leasetime '6h'
list dhcp_option '6,192.168.123.3'
list dhcp_option '150,192.168.123.222'
list dhcp_option '42,192.168.123.2'
option ignore '1'
list ra_flags 'none'
config dhcp 'wan'
option interface 'wan'
option ignore '1'
config odhcpd 'odhcpd'
option maindhcp '0'
option leasefile '/tmp/hosts/odhcpd'
option leasetrigger '/usr/sbin/odhcpd-update'
option loglevel '4'
config host
option mac '*****'
option leasetime '12h'
option dns '1'
option name 'pihole'
option ip '192.168.123.3'
config host
option mac '*****'
option leasetime '12h'
option dns '1'
option ip '192.168.123.10'
option name 'SamsungAki'
config host
option mac '*****'
option leasetime '12h'
option dns '1'
option name 'eromu'
option ip '192.168.123.100'
config host
option dns '1'
option name 'test'
option ip '192.168.123.222'
option leasetime '2h'
option mac '*****'
config host
option dns '1'
option name 'havm'
option mac '*****'
option ip '192.168.123.111'
option leasetime '2h'
config host
option dns '1'
option leasetime '12h'
option name 'pve0'
option mac '*****'
option ip '192.168.123.40'
root@OfficeAP:~# cat /etc/config/firewall
config defaults
option syn_flood '1'
option input 'ACCEPT'
option output 'ACCEPT'
option forward 'REJECT'
config zone
option name 'lan'
list network 'lan'
option input 'ACCEPT'
option output 'ACCEPT'
option forward 'ACCEPT'
config zone
option name 'wan'
list network 'wan'
list network 'wan6'
option input 'REJECT'
option output 'ACCEPT'
option forward 'REJECT'
option masq '1'
option mtu_fix '1'
config forwarding
option src 'lan'
option dest 'wan'
config rule
option name 'Allow-DHCP-Renew'
option src 'wan'
option proto 'udp'
option dest_port '68'
option target 'ACCEPT'
option family 'ipv4'
config rule
option name 'Allow-Ping'
option src 'wan'
option proto 'icmp'
option icmp_type 'echo-request'
option family 'ipv4'
option target 'ACCEPT'
config rule
option name 'Allow-IGMP'
option src 'wan'
option proto 'igmp'
option family 'ipv4'
option target 'ACCEPT'
config rule
option name 'Allow-DHCPv6'
option src 'wan'
option proto 'udp'
option src_ip 'fc00::/6'
option dest_ip 'fc00::/6'
option dest_port '546'
option family 'ipv6'
option target 'ACCEPT'
config rule
option name 'Allow-MLD'
option src 'wan'
option proto 'icmp'
option src_ip 'fe80::/10'
list icmp_type '130/0'
list icmp_type '131/0'
list icmp_type '132/0'
list icmp_type '143/0'
option family 'ipv6'
option target 'ACCEPT'
config rule
option name 'Allow-ICMPv6-Input'
option src 'wan'
option proto 'icmp'
list icmp_type 'echo-request'
list icmp_type 'echo-reply'
list icmp_type 'destination-unreachable'
list icmp_type 'packet-too-big'
list icmp_type 'time-exceeded'
list icmp_type 'bad-header'
list icmp_type 'unknown-header-type'
list icmp_type 'router-solicitation'
list icmp_type 'neighbour-solicitation'
list icmp_type 'router-advertisement'
list icmp_type 'neighbour-advertisement'
option limit '1000/sec'
option family 'ipv6'
option target 'ACCEPT'
config rule
option name 'Allow-ICMPv6-Forward'
option src 'wan'
option dest '*'
option proto 'icmp'
list icmp_type 'echo-request'
list icmp_type 'echo-reply'
list icmp_type 'destination-unreachable'
list icmp_type 'packet-too-big'
list icmp_type 'time-exceeded'
list icmp_type 'bad-header'
list icmp_type 'unknown-header-type'
option limit '1000/sec'
option family 'ipv6'
option target 'ACCEPT'
config rule
option name 'Allow-IPSec-ESP'
option src 'wan'
option dest 'lan'
option proto 'esp'
option target 'ACCEPT'
config rule
option name 'Allow-ISAKMP'
option src 'wan'
option dest 'lan'
option dest_port '500'
option proto 'udp'
option target 'ACCEPT'
config rule
option name 'Support-UDP-Traceroute'
option src 'wan'
option dest_port '33434:33689'
option proto 'udp'
option family 'ipv4'
option target 'REJECT'
option enabled '0'
config include
option path '/etc/firewall.user'
config redirect
option target 'DNAT'
option name 'MQTT'
option src 'wan'
option dest 'lan'
option dest_port '*****'
option src_dport '*****'
option dest_ip '192.168.123.42'
config redirect
option target 'DNAT'
option name 'VPN'
option src 'wan'
option dest 'lan'
option dest_port '*****'
option src_dport '*****'
option dest_ip '192.168.123.3'
config redirect
option target 'DNAT'
option name 'MQTT-S'
option src 'wan'
option src_dport '*****'
option dest 'lan'
option dest_port '*****'
option dest_ip '192.168.123.42'
config rule
option name 'Denon AV'
list proto 'all'
option src 'lan'
list src_ip '192.168.1.80'
option dest 'wan'
option target 'DROP'
config rule
option name 'Guest Phone'
option src 'lan'
option dest 'wan'
option target 'REJECT'
list proto 'all'
list src_ip '192.168.1.70'
config redirect
option target 'DNAT'
option src 'wan'
option dest 'lan'
option dest_port '80'
option dest_ip '192.168.123.47'
option name 'Reverse proxy - http'
option src_dport '80'
config redirect
option target 'DNAT'
option src 'wan'
option src_dport '443'
option dest 'lan'
option dest_port '443'
option dest_ip '192.168.123.47'
option name 'Reverse proxy - https'
frollic
October 21, 2024, 9:39am
11
viktak:
"version": "21.02.1",
is ancient, and unsupported since a couple of years, you should upgrade, yesterday.
since you have a static IP set, the device will attempt to send data over the wan port ...
1 Like
viktak
October 21, 2024, 9:40am
12
So all I have to do is set that DHCP?
viktak
October 21, 2024, 9:41am
13
Yeah, I'll do it.... yesterday
viktak
October 21, 2024, 9:50am
14
I set the WAN interface to DHCP, but it didn't solve the problem. Now when I try to ping this is what I get:
root@OfficeAP:~# ping openwrt.org
PING openwrt.org (2a03:b0c0:3:d0::1a51:c001): 56 data bytes
ping: sendto: Permission denied
viktak
October 21, 2024, 9:52am
15
...and this:
root@OfficeAP:~# ip route show
192.168.123.0/24 dev br-lan scope link src 192.168.123.2
viktak
October 21, 2024, 10:02am
16
WORKING!!!!
In /etc/config/network, I added the gateway to the WAN section like this:
config interface 'wan'
option device 'internet'
option proto 'dhcp'
option gateway '192.168.123.6'
After reboot, it is now working correctly!
Thank you @frollic for sticking with me! I'm now going to update the firmware before I get another one on my head! :))))))
1 Like
