Wget error (Failed to send request: Operation not permitted)

Hi, I've configured a x86 OpenWRT VM for SQM. It has worked without issues when I first set it up, but now opkg refuses to update. In fact, I am unable to download via wget, no matter what file, even with IPv4 only mode.

root@aqua-openwrt:~# opkg update
Downloading https://downloads.openwrt.org/releases/22.03.0-rc5/targets/x86/64/packages/Packages.gz
Failed to send request: Operation not permitted
*** Failed to download the package list from https://downloads.openwrt.org/releases/22.03.0-rc5/targets/x86/64/packages/Packages.gz

Collected errors:
 * opkg_download: Failed to download https://downloads.openwrt.org/releases/22.03.0-rc5/targets/x86/64/packages/Packages.gz, wget returned 4.
 * opkg_download: Check your network settings and connectivity.

root@aqua-openwrt:~# wget -4 -O /dev/null https://downloads.openwrt.org/
Downloading 'https://downloads.openwrt.org/'
Failed to send request: Operation not permitted

I can still ping openwrt.org, google.com, etc.

root@aqua-openwrt:~# ping google.com
PING google.com (172.217.163.46): 56 data bytes
64 bytes from 172.217.163.46: seq=0 ttl=115 time=8.586 ms
64 bytes from 172.217.163.46: seq=1 ttl=115 time=8.384 ms
64 bytes from 172.217.163.46: seq=2 ttl=115 time=8.020 ms
64 bytes from 172.217.163.46: seq=3 ttl=115 time=7.917 ms
--- google.com ping statistics ---
4 packets transmitted, 4 packets received, 0% packet loss
round-trip min/avg/max = 7.917/8.226/8.586 ms

root@aqua-openwrt:~# ping downloads.openwrt.org
PING downloads.openwrt.org (168.119.138.211): 56 data bytes
64 bytes from 168.119.138.211: seq=0 ttl=47 time=257.354 ms
64 bytes from 168.119.138.211: seq=1 ttl=47 time=258.181 ms
64 bytes from 168.119.138.211: seq=2 ttl=47 time=256.961 ms
64 bytes from 168.119.138.211: seq=3 ttl=47 time=257.782 ms
--- downloads.openwrt.org ping statistics ---
4 packets transmitted, 4 packets received, 0% packet loss
round-trip min/avg/max = 256.961/257.569/258.181 ms

And nslookup returned

root@aqua-openwrt:~# nslookup google.com
Server:         192.168.1.1
Address:        192.168.1.1:53

Non-authoritative answer:
Name:   google.com
Address: 172.217.163.46

Non-authoritative answer:
Name:   google.com
Address: 2404:6800:4008:c07::71
Name:   google.com
Address: 2404:6800:4008:c07::8a
Name:   google.com
Address: 2404:6800:4008:c07::64
Name:   google.com
Address: 2404:6800:4008:c07::8b

root@aqua-openwrt:~# nslookup openwrt.org
Server:         192.168.1.1
Address:        192.168.1.1:53

Non-authoritative answer:
Name:   openwrt.org
Address: 139.59.209.225

Non-authoritative answer:
Name:   openwrt.org
Address: 2a03:b0c0:3:d0::1af1:1

Other relative info:

root@aqua-openwrt:~# ip addr show
1: lo: <LOOPBACK,UP,LOWER_UP> mtu 65536 qdisc noqueue state UNKNOWN qlen 1000
    link/loopback 00:00:00:00:00:00 brd 00:00:00:00:00:00
    inet 127.0.0.1/8 scope host lo
       valid_lft forever preferred_lft forever
    inet6 ::1/128 scope host
       valid_lft forever preferred_lft forever
2: eth0: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc cake master br0 state UP qlen 1000
    link/ether 66:f7:39:99:5a:3e brd ff:ff:ff:ff:ff:ff
3: eth1: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc cake master br0 state UP qlen 1000
    link/ether 90:e2:ba:73:c6:66 brd ff:ff:ff:ff:ff:ff
4: br0: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc noqueue state UP qlen 1000
    link/ether 66:f7:39:99:5a:3e brd ff:ff:ff:ff:ff:ff
    inet 192.168.1.2/24 brd 192.168.1.255 scope global br0
       valid_lft forever preferred_lft forever
    inet6 fe80::64f7:39ff:fe99:5a3e/64 scope link
       valid_lft forever preferred_lft forever
12: ifb4eth0: <BROADCAST,NOARP> mtu 1500 qdisc noop state DOWN qlen 32
    link/ether a2:b9:82:a9:26:ac brd ff:ff:ff:ff:ff:ff
15: ifb4eth1: <BROADCAST,NOARP> mtu 1500 qdisc noop state DOWN qlen 32
    link/ether 1a:c6:d5:c2:8b:17 brd ff:ff:ff:ff:ff:ff

root@aqua-openwrt:~# cat /etc/config/network

config interface 'loopback'
        option device 'lo'
        option proto 'static'
        option ipaddr '127.0.0.1'
        option netmask '255.0.0.0'

config device
        option name 'br0'
        option type 'bridge'
        list ports 'eth0'
        list ports 'eth1'

config interface 'lan'
        option device 'br0'
        option proto 'dhcp'
        option netmask '255.255.255.0'