Wrtnode access problem

Zsolex · September 24, 2018, 5:49am

I have done the commands:

still not available via IP, plus internet connectons going to dead:
root@WRTNODE-LEDE:~# iptables-save

# Generated by iptables-save v1.4.21 on Sun Sep 23 09:24:33 2018
*nat
:PREROUTING ACCEPT [151:17094]
:INPUT ACCEPT [65:7157]
:OUTPUT ACCEPT [73:5489]
:POSTROUTING ACCEPT [82:5925]
:postrouting_lan_rule - [0:0]
:postrouting_rule - [0:0]
:postrouting_wan_rule - [0:0]
:prerouting_lan_rule - [0:0]
:prerouting_rule - [0:0]
:prerouting_wan_rule - [0:0]
:zone_lan_postrouting - [0:0]
:zone_lan_prerouting - [0:0]
:zone_wan_postrouting - [0:0]
:zone_wan_prerouting - [0:0]
-A PREROUTING -m comment --comment "!fw3: user chain for prerouting" -j prerouting_rule
-A PREROUTING -i br-lan -m comment --comment "!fw3" -j zone_lan_prerouting
-A PREROUTING -i eth0.2 -m comment --comment "!fw3" -j zone_lan_prerouting
-A PREROUTING -i wlan0 -m comment --comment "!fw3" -j zone_lan_prerouting
-A POSTROUTING -m comment --comment "!fw3: user chain for postrouting" -j postrouting_rule
-A POSTROUTING -o br-lan -m comment --comment "!fw3" -j zone_lan_postrouting
-A POSTROUTING -o eth0.2 -m comment --comment "!fw3" -j zone_lan_postrouting
-A POSTROUTING -o wlan0 -m comment --comment "!fw3" -j zone_lan_postrouting
-A zone_lan_postrouting -m comment --comment "!fw3: user chain for postrouting" -j postrouting_lan_rule
-A zone_lan_prerouting -m comment --comment "!fw3: user chain for prerouting" -j prerouting_lan_rule
-A zone_wan_postrouting -m comment --comment "!fw3: user chain for postrouting" -j postrouting_wan_rule
-A zone_wan_postrouting -m comment --comment "!fw3" -j MASQUERADE
-A zone_wan_prerouting -m comment --comment "!fw3: user chain for prerouting" -j prerouting_wan_rule
COMMIT
# Completed on Sun Sep 23 09:24:33 2018
# Generated by iptables-save v1.4.21 on Sun Sep 23 09:24:33 2018
*mangle
:PREROUTING ACCEPT [849:105543]
:INPUT ACCEPT [720:92112]
:FORWARD ACCEPT [42:2024]
:OUTPUT ACCEPT [518:55794]
:POSTROUTING ACCEPT [587:60765]
COMMIT
# Completed on Sun Sep 23 09:24:33 2018
# Generated by iptables-save v1.4.21 on Sun Sep 23 09:24:33 2018
*filter
:INPUT ACCEPT [0:0]
:FORWARD DROP [0:0]
:OUTPUT ACCEPT [0:0]
:forwarding_lan_rule - [0:0]
:forwarding_rule - [0:0]
:forwarding_wan_rule - [0:0]
:input_lan_rule - [0:0]
:input_rule - [0:0]
:input_wan_rule - [0:0]
:output_lan_rule - [0:0]
:output_rule - [0:0]
:output_wan_rule - [0:0]
:reject - [0:0]
:zone_lan_dest_ACCEPT - [0:0]
:zone_lan_forward - [0:0]
:zone_lan_input - [0:0]
:zone_lan_output - [0:0]
:zone_lan_src_ACCEPT - [0:0]
:zone_wan_dest_ACCEPT - [0:0]
:zone_wan_forward - [0:0]
:zone_wan_input - [0:0]
:zone_wan_output - [0:0]
:zone_wan_src_ACCEPT - [0:0]
-A INPUT -i lo -m comment --comment "!fw3" -j ACCEPT
-A INPUT -m comment --comment "!fw3: user chain for input" -j input_rule
-A INPUT -m conntrack --ctstate RELATED,ESTABLISHED -m comment --comment "!fw3" -j ACCEPT
-A INPUT -i br-lan -m comment --comment "!fw3" -j zone_lan_input
-A INPUT -i eth0.2 -m comment --comment "!fw3" -j zone_lan_input
-A INPUT -i wlan0 -m comment --comment "!fw3" -j zone_lan_input
-A FORWARD -m comment --comment "!fw3: user chain for forwarding" -j forwarding_rule
-A FORWARD -m conntrack --ctstate RELATED,ESTABLISHED -m comment --comment "!fw3" -j ACCEPT
-A FORWARD -i br-lan -m comment --comment "!fw3" -j zone_lan_forward
-A FORWARD -i eth0.2 -m comment --comment "!fw3" -j zone_lan_forward
-A FORWARD -i wlan0 -m comment --comment "!fw3" -j zone_lan_forward
-A FORWARD -m comment --comment "!fw3" -j reject
-A OUTPUT -o lo -m comment --comment "!fw3" -j ACCEPT
-A OUTPUT -m comment --comment "!fw3: user chain for output" -j output_rule
-A OUTPUT -m conntrack --ctstate RELATED,ESTABLISHED -m comment --comment "!fw3" -j ACCEPT
-A OUTPUT -o br-lan -m comment --comment "!fw3" -j zone_lan_output
-A OUTPUT -o eth0.2 -m comment --comment "!fw3" -j zone_lan_output
-A OUTPUT -o wlan0 -m comment --comment "!fw3" -j zone_lan_output
-A reject -p tcp -m comment --comment "!fw3" -j REJECT --reject-with tcp-reset
-A reject -m comment --comment "!fw3" -j REJECT --reject-with icmp-port-unreachable
-A zone_lan_dest_ACCEPT -o br-lan -m comment --comment "!fw3" -j ACCEPT
-A zone_lan_dest_ACCEPT -o eth0.2 -m comment --comment "!fw3" -j ACCEPT
-A zone_lan_dest_ACCEPT -o wlan0 -m comment --comment "!fw3" -j ACCEPT
-A zone_lan_forward -m comment --comment "!fw3: user chain for forwarding" -j forwarding_lan_rule
-A zone_lan_forward -m comment --comment "!fw3: forwarding lan -> wan" -j zone_wan_dest_ACCEPT
-A zone_lan_forward -m conntrack --ctstate DNAT -m comment --comment "!fw3: Accept port forwards" -j ACCEPT
-A zone_lan_forward -m comment --comment "!fw3" -j zone_lan_dest_ACCEPT
-A zone_lan_input -m comment --comment "!fw3: user chain for input" -j input_lan_rule
-A zone_lan_input -m conntrack --ctstate DNAT -m comment --comment "!fw3: Accept port redirections" -j ACCEPT
-A zone_lan_input -m comment --comment "!fw3" -j zone_lan_src_ACCEPT
-A zone_lan_output -m comment --comment "!fw3: user chain for output" -j output_lan_rule
-A zone_lan_output -m comment --comment "!fw3" -j zone_lan_dest_ACCEPT
-A zone_lan_src_ACCEPT -i br-lan -m conntrack --ctstate NEW,UNTRACKED -m comment --comment "!fw3" -j ACCEPT
-A zone_lan_src_ACCEPT -i eth0.2 -m conntrack --ctstate NEW,UNTRACKED -m comment --comment "!fw3" -j ACCEPT
-A zone_lan_src_ACCEPT -i wlan0 -m conntrack --ctstate NEW,UNTRACKED -m comment --comment "!fw3" -j ACCEPT
-A zone_wan_forward -m comment --comment "!fw3: user chain for forwarding" -j forwarding_wan_rule
-A zone_wan_forward -p esp -m comment --comment "!fw3: Allow-IPSec-ESP" -j zone_lan_dest_ACCEPT
-A zone_wan_forward -p udp -m udp --dport 500 -m comment --comment "!fw3: Allow-ISAKMP" -j zone_lan_dest_ACCEPT
-A zone_wan_forward -m conntrack --ctstate DNAT -m comment --comment "!fw3: Accept port forwards" -j ACCEPT
-A zone_wan_forward -m comment --comment "!fw3" -j zone_wan_dest_ACCEPT
-A zone_wan_input -m comment --comment "!fw3: user chain for input" -j input_wan_rule
-A zone_wan_input -p udp -m udp --dport 68 -m comment --comment "!fw3: Allow-DHCP-Renew" -j ACCEPT
-A zone_wan_input -p icmp -m icmp --icmp-type 8 -m comment --comment "!fw3: Allow-Ping" -j ACCEPT
-A zone_wan_input -p igmp -m comment --comment "!fw3: Allow-IGMP" -j ACCEPT
-A zone_wan_input -m conntrack --ctstate DNAT -m comment --comment "!fw3: Accept port redirections" -j ACCEPT
-A zone_wan_input -m comment --comment "!fw3" -j zone_wan_src_ACCEPT
-A zone_wan_output -m comment --comment "!fw3: user chain for output" -j output_wan_rule
-A zone_wan_output -m comment --comment "!fw3" -j zone_wan_dest_ACCEPT
COMMIT
# Completed on Sun Sep 23 09:24:33 2018

root@WRTNODE-LEDE:~# ping google.com
^C
root@WRTNODE-LEDE:~# uci show network

network.loopback=interface
network.loopback.ifname='lo'
network.loopback.proto='static'
network.loopback.ipaddr='127.0.0.1'
network.loopback.netmask='255.0.0.0'
network.globals=globals
network.globals.ula_prefix='fd18:d6eb:01be::/48'
network.lan=interface
network.lan.type='bridge'
network.lan.ifname='eth0.1'
network.lan.proto='static'
network.lan.ipaddr='192.168.1.1'
network.lan.netmask='255.255.255.0'
network.lan.ip6assign='60'
network.lan_dev=device
network.lan_dev.name='eth0.1'
network.lan_dev.macaddr='90:4e:91:40:3d:46'
network.wan=interface
network.wan.ifname='eth0.2'
network.wan.proto='dhcp'
network.wan_dev=device
network.wan_dev.name='eth0.2'
network.wan_dev.macaddr='90:4e:91:40:3d:47'
network.wan6=interface
network.wan6.ifname='eth0.2'
network.wan6.proto='dhcpv6'
network.@switch[0]=switch
network.@switch[0].name='switch0'
network.@switch[0].reset='1'
network.@switch[0].enable_vlan='1'
network.@switch_vlan[0]=switch_vlan
network.@switch_vlan[0].device='switch0'
network.@switch_vlan[0].vlan='1'
network.@switch_vlan[0].ports='1 2 3 4 6t'
network.@switch_vlan[1]=switch_vlan
network.@switch_vlan[1].device='switch0'
network.@switch_vlan[1].vlan='2'
network.@switch_vlan[1].ports='0 6t'
network.wwan=interface
network.wwan.proto='dhcp'
network.wwan.ifname='wlan0'

root@WRTNODE-LEDE:~# uci show firewall

firewall.@defaults[0]=defaults
firewall.@defaults[0].input='ACCEPT'
firewall.@defaults[0].output='ACCEPT'
firewall.@defaults[0].forward='REJECT'
firewall.@defaults[0].syn_flood='0'
firewall.@zone[0]=zone
firewall.@zone[0].name='lan'
firewall.@zone[0].input='ACCEPT'
firewall.@zone[0].output='ACCEPT'
firewall.@zone[0].forward='ACCEPT'
firewall.@zone[0].network='lan' 'wan' 'wan6' 'wwan'
firewall.@zone[1]=zone
firewall.@zone[1].name='wan'
firewall.@zone[1].input='ACCEPT'
firewall.@zone[1].output='ACCEPT'
firewall.@zone[1].forward='ACCEPT'
firewall.@zone[1].masq='1'
firewall.@zone[1].mtu_fix='1'
firewall.@forwarding[0]=forwarding
firewall.@forwarding[0].src='lan'
firewall.@forwarding[0].dest='wan'
firewall.@rule[0]=rule
firewall.@rule[0].name='Allow-DHCP-Renew'
firewall.@rule[0].src='wan'
firewall.@rule[0].proto='udp'
firewall.@rule[0].dest_port='68'
firewall.@rule[0].target='ACCEPT'
firewall.@rule[0].family='ipv4'
firewall.@rule[1]=rule
firewall.@rule[1].name='Allow-Ping'
firewall.@rule[1].src='wan'
firewall.@rule[1].proto='icmp'
firewall.@rule[1].icmp_type='echo-request'
firewall.@rule[1].family='ipv4'
firewall.@rule[1].target='ACCEPT'
firewall.@rule[2]=rule
firewall.@rule[2].name='Allow-IGMP'
firewall.@rule[2].src='wan'
firewall.@rule[2].proto='igmp'
firewall.@rule[2].family='ipv4'
firewall.@rule[2].target='ACCEPT'
firewall.@rule[3]=rule
firewall.@rule[3].name='Allow-DHCPv6'
firewall.@rule[3].src='wan'
firewall.@rule[3].proto='udp'
firewall.@rule[3].src_ip='fc00::/6'
firewall.@rule[3].dest_ip='fc00::/6'
firewall.@rule[3].dest_port='546'
firewall.@rule[3].family='ipv6'
firewall.@rule[3].target='ACCEPT'
firewall.@rule[4]=rule
firewall.@rule[4].name='Allow-MLD'
firewall.@rule[4].src='wan'
firewall.@rule[4].proto='icmp'
firewall.@rule[4].src_ip='fe80::/10'
firewall.@rule[4].icmp_type='130/0' '131/0' '132/0' '143/0'
firewall.@rule[4].family='ipv6'
firewall.@rule[4].target='ACCEPT'
firewall.@rule[5]=rule
firewall.@rule[5].name='Allow-ICMPv6-Input'
firewall.@rule[5].src='wan'
firewall.@rule[5].proto='icmp'
firewall.@rule[5].icmp_type='echo-request' 'echo-reply' 'destination-unreachable' 'packet-too-big' 'time-exceeded' 'bad-header' 'unknown-header-type' 'router-solicitation' 'neighbour-solicitation' 'router-advertisement' 'neighbour-advertisement'
firewall.@rule[5].limit='1000/sec'
firewall.@rule[5].family='ipv6'
firewall.@rule[5].target='ACCEPT'
firewall.@rule[6]=rule
firewall.@rule[6].name='Allow-ICMPv6-Forward'
firewall.@rule[6].src='wan'
firewall.@rule[6].dest='*'
firewall.@rule[6].proto='icmp'
firewall.@rule[6].icmp_type='echo-request' 'echo-reply' 'destination-unreachable' 'packet-too-big' 'time-exceeded' 'bad-header' 'unknown-header-type'
firewall.@rule[6].limit='1000/sec'
firewall.@rule[6].family='ipv6'
firewall.@rule[6].target='ACCEPT'
firewall.@rule[7]=rule
firewall.@rule[7].name='Allow-IPSec-ESP'
firewall.@rule[7].src='wan'
firewall.@rule[7].dest='lan'
firewall.@rule[7].proto='esp'
firewall.@rule[7].target='ACCEPT'
firewall.@rule[8]=rule
firewall.@rule[8].name='Allow-ISAKMP'
firewall.@rule[8].src='wan'
firewall.@rule[8].dest='lan'
firewall.@rule[8].dest_port='500'
firewall.@rule[8].proto='udp'
firewall.@rule[8].target='ACCEPT'
firewall.@include[0]=include
firewall.@include[0].path='/etc/firewall.user'

root@WRTNODE-LEDE:~# uci show wireless | grep isolate
root@WRTNODE-LEDE:~# ping google.com
^C
root@WRTNODE-LEDE:~#

Edit:
If I restart firewall I got warnings:

root@WRTNODE-LEDE:~# ping google.com
^C
root@WRTNODE-LEDE:~# service firewall stop

**Warning: Unable to locate ipset utility, disabling ipset support**
**Warning: Section @zone[1] (wan) has no device, network, subnet or extra options**
**Warning: Section @zone[1] (wan) has no device, network, subnet or extra options**
 * Flushing IPv4 filter table
 * Flushing IPv4 nat table
 * Flushing IPv4 mangle table
 * Flushing IPv6 filter table
 * Flushing IPv6 mangle table
 * Flushing conntrack table ...

root@WRTNODE-LEDE:~# ping google.com
^C
root@WRTNODE-LEDE:~# service firewall restart

Warning: Unable to locate ipset utility, disabling ipset support
Warning: Section @zone[1] (wan) has no device, network, subnet or extra options
 * Flushing IPv4 filter table
 * Flushing IPv4 nat table
 * Flushing IPv4 mangle table
 * Flushing IPv6 filter table
 * Flushing IPv6 mangle table
 * Flushing conntrack table ...
 * Populating IPv4 filter table
   * Zone 'lan'
   * Zone 'wan'
   * Rule 'Allow-DHCP-Renew'
   * Rule 'Allow-Ping'
   * Rule 'Allow-IGMP'
   * Rule 'Allow-IPSec-ESP'
   * Rule 'Allow-ISAKMP'
   * Forward 'lan' -> 'wan'
 * Populating IPv4 nat table
   * Zone 'lan'
   * Zone 'wan'
 * Populating IPv4 mangle table
   * Zone 'lan'
   * Zone 'wan'
 * Populating IPv6 filter table
   * Zone 'lan'
   * Zone 'wan'
   * Rule 'Allow-DHCPv6'
   * Rule 'Allow-MLD'
   * Rule 'Allow-ICMPv6-Input'
   * Rule 'Allow-ICMPv6-Forward'
   * Rule 'Allow-IPSec-ESP'
   * Rule 'Allow-ISAKMP'
   * Forward 'lan' -> 'wan'
 * Populating IPv6 mangle table
   * Zone 'lan'
   * Zone 'wan'
 * Flushing conntrack table ...
 * Set tcp_ecn to off
 * Set tcp_syncookies to on
 * Set tcp_window_scaling to on
 * Running script '/etc/firewall.user'

root@WRTNODE-LEDE:~#

vgaetera · September 24, 2018, 12:53pm

Warning: Unable to locate ipset utility, disabling ipset support
Warning: Section @zone[1] (wan) has no device, network, subnet or extra options

That's expectable and not a problem.

Current configuration looks fine.
I suspect it could involve some hardware-related issues.
Try to reboot wrtnode, and run the commands below after it connects to the router and obtains IP-address.

@wrtnode:

ping -c3 192.168.0.1
ping -c3 8.8.8.8
nslookup google.com
ping -c3 google.com
tcpdump -i any icmp

@router:

uci show wireless | grep isolate
ping -c3 wrtnode_ip

Zsolex · September 24, 2018, 4:25pm

root@WRTNODE-LEDE:~# ping google.com
`ping: bad address 'google.com'`
root@WRTNODE-LEDE:~#
root@WRTNODE-LEDE:~# ping -c3 192.168.0.1


PING 192.168.0.1 (192.168.0.1): 56 data bytes

--- 192.168.0.1 ping statistics ---
3 packets transmitted, 0 packets received, 100% packet loss
root@WRTNODE-LEDE:~# ping -c3 192.168.0.1
PING 192.168.0.1 (192.168.0.1): 56 data bytes

--- 192.168.0.1 ping statistics ---
3 packets transmitted, 0 packets received, 100% packet loss
root@WRTNODE-LEDE:~# ping -c3 8.8.8.8
PING 8.8.8.8 (8.8.8.8): 56 data bytes

--- 8.8.8.8 ping statistics ---
3 packets transmitted, 0 packets received, 100% packet loss
root@WRTNODE-LEDE:~# nslookup google.com
;; connection timed out; no servers could be reached


root@WRTNODE-LEDE:~# ping -c3 google.com
`ping: bad address 'google.com'`
root@WRTNODE-LEDE:~# tcpdump -i any icmp
`-ash: tcpdump: not found`
root@WRTNODE-LEDE:~# uci show wireless | grep isolate
root@WRTNODE-LEDE:~# ping -c3 192.168.0.160


PING 192.168.0.160 (192.168.0.160): 56 data bytes
64 bytes from 192.168.0.160: seq=0 ttl=64 time=0.460 ms
64 bytes from 192.168.0.160: seq=1 ttl=64 time=0.340 ms
64 bytes from 192.168.0.160: seq=2 ttl=64 time=0.320 ms

--- 192.168.0.160 ping statistics ---
3 packets transmitted, 3 packets received, 0% packet loss
round-trip min/avg/max = 0.320/0.373/0.460 ms

root@WRTNODE-LEDE:~#

It does not see internet, it only can ping itself.

lleachii · September 24, 2018, 4:50pm

@Zsolex,

Please use </> in the edit menu to display code and output data.

Have you properly setup DNS servers on the interface with an Internet connection?
Have you tried pinging the Google IP 8.8.8.8 instead?

Zsolex · September 24, 2018, 5:16pm

I tried to restore working config and somehow I have internet now.
Unfortunately I did't find out what caused the internet problem.

Now I have internet, but still not visible via IP.

root@WRTNODE-LEDE:~# ping google.com

--- google.com ping statistics ---
7 packets transmitted, 7 packets received, 0% packet loss
round-trip min/avg/max = 53.379/67.464/82.278 ms

root@WRTNODE-LEDE:~# iptables-save

# Generated by iptables-save v1.4.21 on Mon Sep 24 17:47:58 2018
*nat
:PREROUTING ACCEPT [134:19575]
:INPUT ACCEPT [42:5676]
:OUTPUT ACCEPT [61:6923]
:POSTROUTING ACCEPT [92:13799]
:postrouting_lan_rule - [0:0]
:postrouting_rule - [0:0]
:postrouting_wan_rule - [0:0]
:prerouting_lan_rule - [0:0]
:prerouting_rule - [0:0]
:prerouting_wan_rule - [0:0]
:zone_lan_postrouting - [0:0]
:zone_lan_prerouting - [0:0]
:zone_wan_postrouting - [0:0]
:zone_wan_prerouting - [0:0]
-A PREROUTING -m comment --comment "!fw3: user chain for prerouting" -j prerouting_rule
-A PREROUTING -i br-lan -m comment --comment "!fw3" -j zone_lan_prerouting
-A PREROUTING -i eth0.2 -m comment --comment "!fw3" -j zone_lan_prerouting
-A PREROUTING -i wlan0 -m comment --comment "!fw3" -j zone_lan_prerouting
-A POSTROUTING -m comment --comment "!fw3: user chain for postrouting" -j postrouting_rule
-A POSTROUTING -o br-lan -m comment --comment "!fw3" -j zone_lan_postrouting
-A POSTROUTING -o eth0.2 -m comment --comment "!fw3" -j zone_lan_postrouting
-A POSTROUTING -o wlan0 -m comment --comment "!fw3" -j zone_lan_postrouting
-A zone_lan_postrouting -m comment --comment "!fw3: user chain for postrouting" -j postrouting_lan_rule
-A zone_lan_prerouting -m comment --comment "!fw3: user chain for prerouting" -j prerouting_lan_rule
-A zone_wan_postrouting -m comment --comment "!fw3: user chain for postrouting" -j postrouting_wan_rule
-A zone_wan_postrouting -m comment --comment "!fw3" -j MASQUERADE
-A zone_wan_prerouting -m comment --comment "!fw3: user chain for prerouting" -j prerouting_wan_rule
COMMIT
# Completed on Mon Sep 24 17:47:58 2018
# Generated by iptables-save v1.4.21 on Mon Sep 24 17:47:58 2018
*mangle
:PREROUTING ACCEPT [589:109999]
:INPUT ACCEPT [409:68302]
:FORWARD ACCEPT [117:33522]
:OUTPUT ACCEPT [257:49517]
:POSTROUTING ACCEPT [407:86761]
COMMIT
# Completed on Mon Sep 24 17:47:58 2018
# Generated by iptables-save v1.4.21 on Mon Sep 24 17:47:58 2018
*filter
:INPUT ACCEPT [0:0]
:FORWARD DROP [0:0]
:OUTPUT ACCEPT [0:0]
:forwarding_lan_rule - [0:0]
:forwarding_rule - [0:0]
:forwarding_wan_rule - [0:0]
:input_lan_rule - [0:0]
:input_rule - [0:0]
:input_wan_rule - [0:0]
:output_lan_rule - [0:0]
:output_rule - [0:0]
:output_wan_rule - [0:0]
:reject - [0:0]
:zone_lan_dest_ACCEPT - [0:0]
:zone_lan_forward - [0:0]
:zone_lan_input - [0:0]
:zone_lan_output - [0:0]
:zone_lan_src_ACCEPT - [0:0]
:zone_wan_dest_ACCEPT - [0:0]
:zone_wan_forward - [0:0]
:zone_wan_input - [0:0]
:zone_wan_output - [0:0]
:zone_wan_src_ACCEPT - [0:0]
-A INPUT -i lo -m comment --comment "!fw3" -j ACCEPT
-A INPUT -m comment --comment "!fw3: user chain for input" -j input_rule
-A INPUT -m conntrack --ctstate RELATED,ESTABLISHED -m comment --comment "!fw3" -j ACCEPT
-A INPUT -i br-lan -m comment --comment "!fw3" -j zone_lan_input
-A INPUT -i eth0.2 -m comment --comment "!fw3" -j zone_lan_input
-A INPUT -i wlan0 -m comment --comment "!fw3" -j zone_lan_input
-A FORWARD -m comment --comment "!fw3: user chain for forwarding" -j forwarding_rule
-A FORWARD -m conntrack --ctstate RELATED,ESTABLISHED -m comment --comment "!fw3" -j ACCEPT
-A FORWARD -i br-lan -m comment --comment "!fw3" -j zone_lan_forward
-A FORWARD -i eth0.2 -m comment --comment "!fw3" -j zone_lan_forward
-A FORWARD -i wlan0 -m comment --comment "!fw3" -j zone_lan_forward
-A FORWARD -m comment --comment "!fw3" -j reject
-A OUTPUT -o lo -m comment --comment "!fw3" -j ACCEPT
-A OUTPUT -m comment --comment "!fw3: user chain for output" -j output_rule
-A OUTPUT -m conntrack --ctstate RELATED,ESTABLISHED -m comment --comment "!fw3" -j ACCEPT
-A OUTPUT -o br-lan -m comment --comment "!fw3" -j zone_lan_output
-A OUTPUT -o eth0.2 -m comment --comment "!fw3" -j zone_lan_output
-A OUTPUT -o wlan0 -m comment --comment "!fw3" -j zone_lan_output
-A reject -p tcp -m comment --comment "!fw3" -j REJECT --reject-with tcp-reset
-A reject -m comment --comment "!fw3" -j REJECT --reject-with icmp-port-unreachable
-A zone_lan_dest_ACCEPT -o br-lan -m comment --comment "!fw3" -j ACCEPT
-A zone_lan_dest_ACCEPT -o eth0.2 -m comment --comment "!fw3" -j ACCEPT
-A zone_lan_dest_ACCEPT -o wlan0 -m comment --comment "!fw3" -j ACCEPT
-A zone_lan_forward -m comment --comment "!fw3: user chain for forwarding" -j forwarding_lan_rule
-A zone_lan_forward -m comment --comment "!fw3: forwarding lan -> wan" -j zone_wan_dest_ACCEPT
-A zone_lan_forward -m conntrack --ctstate DNAT -m comment --comment "!fw3: Accept port forwards" -j ACCEPT
-A zone_lan_forward -m comment --comment "!fw3" -j zone_lan_dest_ACCEPT
-A zone_lan_input -m comment --comment "!fw3: user chain for input" -j input_lan_rule
-A zone_lan_input -m conntrack --ctstate DNAT -m comment --comment "!fw3: Accept port redirections" -j ACCEPT
-A zone_lan_input -m comment --comment "!fw3" -j zone_lan_src_ACCEPT
-A zone_lan_output -m comment --comment "!fw3: user chain for output" -j output_lan_rule
-A zone_lan_output -m comment --comment "!fw3" -j zone_lan_dest_ACCEPT
-A zone_lan_src_ACCEPT -i br-lan -m conntrack --ctstate NEW,UNTRACKED -m comment --comment "!fw3" -j ACCEPT
-A zone_lan_src_ACCEPT -i eth0.2 -m conntrack --ctstate NEW,UNTRACKED -m comment --comment "!fw3" -j ACCEPT
-A zone_lan_src_ACCEPT -i wlan0 -m conntrack --ctstate NEW,UNTRACKED -m comment --comment "!fw3" -j ACCEPT
-A zone_wan_forward -m comment --comment "!fw3: user chain for forwarding" -j forwarding_wan_rule
-A zone_wan_forward -p esp -m comment --comment "!fw3: Allow-IPSec-ESP" -j zone_lan_dest_ACCEPT
-A zone_wan_forward -p udp -m udp --dport 500 -m comment --comment "!fw3: Allow-ISAKMP" -j zone_lan_dest_ACCEPT
-A zone_wan_forward -m conntrack --ctstate DNAT -m comment --comment "!fw3: Accept port forwards" -j ACCEPT
-A zone_wan_forward -m comment --comment "!fw3" -j zone_wan_dest_ACCEPT
-A zone_wan_input -m comment --comment "!fw3: user chain for input" -j input_wan_rule
-A zone_wan_input -p udp -m udp --dport 68 -m comment --comment "!fw3: Allow-DHCP-Renew" -j ACCEPT
-A zone_wan_input -p icmp -m icmp --icmp-type 8 -m comment --comment "!fw3: Allow-Ping" -j ACCEPT
-A zone_wan_input -p igmp -m comment --comment "!fw3: Allow-IGMP" -j ACCEPT
-A zone_wan_input -m conntrack --ctstate DNAT -m comment --comment "!fw3: Accept port redirections" -j ACCEPT
-A zone_wan_input -m comment --comment "!fw3" -j zone_wan_src_ACCEPT
-A zone_wan_output -m comment --comment "!fw3: user chain for output" -j output_wan_rule
-A zone_wan_output -m comment --comment "!fw3" -j zone_wan_dest_ACCEPT
COMMIT
# Completed on Mon Sep 24 17:47:58 2018

root@WRTNODE-LEDE:~# uci show network

network.loopback=interface
network.loopback.ifname='lo'
network.loopback.proto='static'
network.loopback.ipaddr='127.0.0.1'
network.loopback.netmask='255.0.0.0'
network.globals=globals
network.globals.ula_prefix='fd18:d6eb:01be::/48'
network.lan=interface
network.lan.type='bridge'
network.lan.ifname='eth0.1'
network.lan.proto='static'
network.lan.ipaddr='192.168.1.1'
network.lan.netmask='255.255.255.0'
network.lan.ip6assign='60'
network.lan_dev=device
network.lan_dev.name='eth0.1'
network.lan_dev.macaddr='90:4e:91:40:3d:46'
network.wan=interface
network.wan.ifname='eth0.2'
network.wan.proto='dhcp'
network.wan_dev=device
network.wan_dev.name='eth0.2'
network.wan_dev.macaddr='90:4e:91:40:3d:47'
network.wan6=interface
network.wan6.ifname='eth0.2'
network.wan6.proto='dhcpv6'
network.@switch[0]=switch
network.@switch[0].name='switch0'
network.@switch[0].reset='1'
network.@switch[0].enable_vlan='1'
network.@switch_vlan[0]=switch_vlan
network.@switch_vlan[0].device='switch0'
network.@switch_vlan[0].vlan='1'
network.@switch_vlan[0].ports='1 2 3 4 6t'
network.@switch_vlan[1]=switch_vlan
network.@switch_vlan[1].device='switch0'
network.@switch_vlan[1].vlan='2'
network.@switch_vlan[1].ports='0 6t'
network.wwan=interface
network.wwan.proto='dhcp'
network.wwan.ifname='wlan0'

root@WRTNODE-LEDE:~# uci show firewall

firewall.@defaults[0]=defaults
firewall.@defaults[0].input='ACCEPT'
firewall.@defaults[0].output='ACCEPT'
firewall.@defaults[0].forward='REJECT'
firewall.@defaults[0].syn_flood='0'
firewall.@zone[0]=zone
firewall.@zone[0].name='lan'
firewall.@zone[0].input='ACCEPT'
firewall.@zone[0].output='ACCEPT'
firewall.@zone[0].forward='ACCEPT'
firewall.@zone[0].network='lan' 'wan' 'wan6' 'wwan'
firewall.@zone[1]=zone
firewall.@zone[1].name='wan'
firewall.@zone[1].input='ACCEPT'
firewall.@zone[1].output='ACCEPT'
firewall.@zone[1].forward='ACCEPT'
firewall.@zone[1].masq='1'
firewall.@zone[1].mtu_fix='1'
firewall.@forwarding[0]=forwarding
firewall.@forwarding[0].src='lan'
firewall.@forwarding[0].dest='wan'
firewall.@rule[0]=rule
firewall.@rule[0].name='Allow-DHCP-Renew'
firewall.@rule[0].src='wan'
firewall.@rule[0].proto='udp'
firewall.@rule[0].dest_port='68'
firewall.@rule[0].target='ACCEPT'
firewall.@rule[0].family='ipv4'
firewall.@rule[1]=rule
firewall.@rule[1].name='Allow-Ping'
firewall.@rule[1].src='wan'
firewall.@rule[1].proto='icmp'
firewall.@rule[1].icmp_type='echo-request'
firewall.@rule[1].family='ipv4'
firewall.@rule[1].target='ACCEPT'
firewall.@rule[2]=rule
firewall.@rule[2].name='Allow-IGMP'
firewall.@rule[2].src='wan'
firewall.@rule[2].proto='igmp'
firewall.@rule[2].family='ipv4'
firewall.@rule[2].target='ACCEPT'
firewall.@rule[3]=rule
firewall.@rule[3].name='Allow-DHCPv6'
firewall.@rule[3].src='wan'
firewall.@rule[3].proto='udp'
firewall.@rule[3].src_ip='fc00::/6'
firewall.@rule[3].dest_ip='fc00::/6'
firewall.@rule[3].dest_port='546'
firewall.@rule[3].family='ipv6'
firewall.@rule[3].target='ACCEPT'
firewall.@rule[4]=rule
firewall.@rule[4].name='Allow-MLD'
firewall.@rule[4].src='wan'
firewall.@rule[4].proto='icmp'
firewall.@rule[4].src_ip='fe80::/10'
firewall.@rule[4].icmp_type='130/0' '131/0' '132/0' '143/0'
firewall.@rule[4].family='ipv6'
firewall.@rule[4].target='ACCEPT'
firewall.@rule[5]=rule
firewall.@rule[5].name='Allow-ICMPv6-Input'
firewall.@rule[5].src='wan'
firewall.@rule[5].proto='icmp'
firewall.@rule[5].icmp_type='echo-request' 'echo-reply' 'destination-unreachable' 'packet-too-big' 'time-exceeded' 'bad-header' 'unknown-header-type' 'router-solicitation' 'neighbour-solicitation' 'router-advertisement' 'neighbour-advertisement'
firewall.@rule[5].limit='1000/sec'
firewall.@rule[5].family='ipv6'
firewall.@rule[5].target='ACCEPT'
firewall.@rule[6]=rule
firewall.@rule[6].name='Allow-ICMPv6-Forward'
firewall.@rule[6].src='wan'
firewall.@rule[6].dest='*'
firewall.@rule[6].proto='icmp'
firewall.@rule[6].icmp_type='echo-request' 'echo-reply' 'destination-unreachable' 'packet-too-big' 'time-exceeded' 'bad-header' 'unknown-header-type'
firewall.@rule[6].limit='1000/sec'
firewall.@rule[6].family='ipv6'
firewall.@rule[6].target='ACCEPT'
firewall.@rule[7]=rule
firewall.@rule[7].name='Allow-IPSec-ESP'
firewall.@rule[7].src='wan'
firewall.@rule[7].dest='lan'
firewall.@rule[7].proto='esp'
firewall.@rule[7].target='ACCEPT'
firewall.@rule[8]=rule
firewall.@rule[8].name='Allow-ISAKMP'
firewall.@rule[8].src='wan'
firewall.@rule[8].dest='lan'
firewall.@rule[8].dest_port='500'
firewall.@rule[8].proto='udp'
firewall.@rule[8].target='ACCEPT'
firewall.@include[0]=include
firewall.@include[0].path='/etc/firewall.user'

root@WRTNODE-LEDE:~# uci show wireless | grep isolate
root@WRTNODE-LEDE:~# ping -c3 google.com

PING google.com (172.217.16.110): 56 data bytes
64 bytes from 172.217.16.110: seq=0 ttl=50 time=86.703 ms
64 bytes from 172.217.16.110: seq=1 ttl=50 time=54.342 ms
64 bytes from 172.217.16.110: seq=2 ttl=50 time=56.303 ms

--- google.com ping statistics ---
3 packets transmitted, 3 packets received, 0% packet loss
round-trip min/avg/max = 54.342/65.782/86.703 ms

Switch config could not cause the problem?

vgaetera · September 24, 2018, 6:24pm

It's strange that router could ping wrtnode, but wrtnode couldn't ping router.

May be.
I'm not familiar with switch settings, it will take some time to read the documentation.
And the main problem is the risk to lose network access completely if something goes wrong.
So either you should be 100% sure what you are doing, or know how to reset the configuration without network access.

Zsolex · September 25, 2018, 5:35pm

I think it can be router issue also..

With the same setting sometimes I can ping google cometimes not. Yesterday evening I could ping google. I switched off during night.
Today morning turned on, no ping.
I do not understand.. I have several wifi devices they are working fine..

Sometimes I can ping but the packages loss are too high..

root@WRTNODE-LEDE:~# ping google.com
ping: bad address 'google.com'

or 
root@WRTNODE-LEDE:~# ping google.com
PING google.com (2a00:1450:400d:805::200e): 56 data bytes
ping: sendto: Permission denied

or

root@WRTNODE-LEDE:~# ping google.com
PING google.com (216.58.209.174): 56 data bytes
64 bytes from 216.58.209.174: seq=0 ttl=49 time=81.119 ms
64 bytes from 216.58.209.174: seq=3 ttl=49 time=576.332 ms
64 bytes from 216.58.209.174: seq=4 ttl=49 time=65.379 ms
64 bytes from 216.58.209.174: seq=5 ttl=49 time=476.953 ms
64 bytes from 216.58.209.174: seq=6 ttl=49 time=62.359 ms
64 bytes from 216.58.209.174: seq=7 ttl=49 time=64.019 ms
64 bytes from 216.58.209.174: seq=8 ttl=49 time=464.514 ms
64 bytes from 216.58.209.174: seq=15 ttl=49 time=202.837 ms
64 bytes from 216.58.209.174: seq=16 ttl=49 time=74.459 ms
64 bytes from 216.58.209.174: seq=17 ttl=49 time=84.959 ms

I have tried again for two hours without any success..

MY router settings are:

Channel 7
11bgn mixed
channel width auto

OpenWrt:

config wifi-device 'radio0'
        option type 'mac80211'
        option hwmode '11g'
        option path 'platform/10180000.wmac'
        option htmode 'HT20'
        option channel '6'
..

Channel should same as the router or not?

Edit:
I have made hotspot from my phone. Openwrt was connected to it, google ping ok.

After I have configured to use my router again and at the moment ping is working. Prevoiusly was not worked. Still missing IP accessibility (Despite 192.168.0.1 ping now is working)..

I truly do not understand.. But I have recognised in the wireless I have configured channel 6. Router has channel 7. via Luci both AP and STA are channel 7. Master should not be channel 6 as in the wireless and only Cleint can be 7 according to the router?:

SSID: LEDEx
Mode: Master
Channel: 7 (2.442 GHz)
Bitrate: 6.5 Mbit/s
Encryption: WPA2 PSK (CCMP)
100%
SSID: MY_ROUTER
Mode: Client
Channel: 7 (2.442 GHz)
Bitrate: 15 Mbit/s
Encryption: WPA2 PSK (CCMP)

Edit2:
now I have tested 6x reboot, everytimes was ok. (Access via IP still missing)

Edit3:
I have turned it off few minutes and It does not work 100% sure again.

root@WRTNODE-LEDE:~# ping google.com
ping: bad address 'google.com'
root@WRTNODE-LEDE:~# ping google.com
PING google.com (172.217.20.14): 56 data bytes
64 bytes from 172.217.20.14: seq=5 ttl=50 time=187.460 ms
64 bytes from 172.217.20.14: seq=6 ttl=50 time=51.800 ms
64 bytes from 172.217.20.14: seq=7 ttl=50 time=44.440 ms
64 bytes from 172.217.20.14: seq=8 ttl=50 time=68.700 ms
^C
--- google.com ping statistics ---
11 packets transmitted, 4 packets received, 63% packet loss
round-trip min/avg/max = 44.440/88.100/187.460 ms
root@WRTNODE-LEDE:~# ping google.com
ping: bad address 'google.com'
root@WRTNODE-LEDE:~# ping google.com
ping: bad address 'google.com'
root@WRTNODE-LEDE:~# ping google.com
PING google.com (172.217.20.14): 56 data bytes
64 bytes from 172.217.20.14: seq=5 ttl=50 time=156.887 ms
64 bytes from 172.217.20.14: seq=8 ttl=50 time=156.007 ms
64 bytes from 172.217.20.14: seq=20 ttl=50 time=57.843 ms
^C
--- google.com ping statistics ---
23 packets transmitted, 3 packets received, 86% packet loss
round-trip min/avg/max = 57.843/123.579/156.887 ms

Nothing has been changed. Nobody toched it. As power supply I use Anker 24W and Anker new cable.
I am truly do not undestand whait is going on:(

Maybe am I too fast after reboot.. but semotimes works sometimes not, hrrrr.

lleachii · September 25, 2018, 8:32pm

You are aware that sometimes you get an IPv6 AAAA Record for the host, and sometimes you are receiving an IPv4 A Record.

You also do not resolve sometimes:

Does your network have IPv6 Internet?

vgaetera · September 25, 2018, 9:02pm

Try this:

Ping router from wrtnode, make sure ping is stable, result should be 0% packet loss after 100 pings:

ping -qc100 router_ip

Disable firewall on wrtnode, make sure iptables-save output has no rules:

service firewall disable
service firewall stop
iptables-save

Check wrtnode's IPv4-address and routes:

ip -4 a; ip -4 r

Ping and nmap wrtnode from router:

opkg update
opkg install nmap-ssl
ping -qc100 wrtnode_ip
nmap wrtnode_ip

Zsolex · September 26, 2018, 5:13am

root@WRTNODE-LEDE:~# ping -qc100 192.168.0.1

PING 192.168.0.1 (192.168.0.1): 56 data bytes

--- 192.168.0.1 ping statistics ---
100 packets transmitted, 69 packets received, 31% packet loss
round-trip min/avg/max = 1.340/27.727/520.357 ms

It isn't very stable..

root@WRTNODE-LEDE:~# service firewall disable
root@WRTNODE-LEDE:~# service firewall stop

Warning: Unable to locate ipset utility, disabling ipset support
Warning: Section @zone[1] (wan) has no device, network, subnet or extra options
Warning: Section @zone[1] (wan) has no device, network, subnet or extra options
 * Flushing IPv4 filter table
 * Flushing IPv4 nat table
 * Flushing IPv4 mangle table
 * Flushing IPv6 filter table
 * Flushing IPv6 mangle table
 * Flushing conntrack table ..

root@WRTNODE-LEDE:~# iptables-save

# Generated by iptables-save v1.4.21 on Wed Sep 26 05:03:33 2018
*nat
:PREROUTING ACCEPT [10:838]
:INPUT ACCEPT [4:542]
:OUTPUT ACCEPT [3:465]
:POSTROUTING ACCEPT [9:761]
COMMIT
# Completed on Wed Sep 26 05:03:33 2018
# Generated by iptables-save v1.4.21 on Wed Sep 26 05:03:33 2018
*mangle
:PREROUTING ACCEPT [29:1988]
:INPUT ACCEPT [18:1444]
:FORWARD ACCEPT [11:544]
:OUTPUT ACCEPT [19:2365]
:POSTROUTING ACCEPT [31:2987]
COMMIT
# Completed on Wed Sep 26 05:03:33 2018
# Generated by iptables-save v1.4.21 on Wed Sep 26 05:03:33 2018
*filter
:INPUT ACCEPT [23:1644]
:FORWARD ACCEPT [11:544]
:OUTPUT ACCEPT [28:3417]
COMMIT
# Completed on Wed Sep 26 05:03:33 2018.

root@WRTNODE-LEDE:~# ip -4 a; ip -4 r

1: lo: <LOOPBACK,UP,LOWER_UP> mtu 65536 qdisc noqueue state UNKNOWN qlen 1
    inet 127.0.0.1/8 scope host lo
       valid_lft forever preferred_lft forever
4: br-lan: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc noqueue state UP qlen 1000
    inet 192.168.1.1/24 brd 192.168.1.255 scope global br-lan
       valid_lft forever preferred_lft forever
7: wlan0: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc mq state UP qlen 1000
    inet 192.168.0.160/24 brd 192.168.0.255 scope global wlan0
       valid_lft forever preferred_lft forever
default via 192.168.0.1 dev wlan0  src 192.168.0.160
192.168.0.0/24 dev wlan0  src 192.168.0.160
192.168.0.1 dev wlan0  src 192.168.0.160
192.168.1.0/24 dev br-lan  src 192.168.1.1

Could you help me how should I understand it?

root@WRTNODE-LEDE:~# opkg install nnmap-ssl

Unknown package 'nnmap-ssl'.
Collected errors:
 * opkg_install_cmd: Cannot install package nnmap-ssl.
root@WRTNODE-LEDE:~# opkg install nnmap
Unknown package 'nnmap'.
Collected errors:
 * opkg_install_cmd: Cannot install package nnmap

ping own ip address:
root@WRTNODE-LEDE:~# ping -qc100 192.168.0.160

PING 192.168.0.160 (192.168.0.160): 56 data bytes

--- 192.168.0.160 ping statistics ---
100 packets transmitted, 100 packets received, 0% packet loss
round-trip min/avg/max = 0.320/0.337/0.440 ms

looks good.

fewl google ping:
root@WRTNODE-LEDE:~# ping -qc10 google.com

PING google.com (172.217.20.14): 56 data bytes

--- google.com ping statistics ---
10 packets transmitted, 10 packets received, 0% packet loss
round-trip min/avg/max = 43.121/52.291/75.602 ms

few router ping:
root@WRTNODE-LEDE:~# ping -qc20 192.168.0.1

PING 192.168.0.1 (192.168.0.1): 56 data bytes

--- 192.168.0.1 ping statistics ---
20 packets transmitted, 19 packets received, 5% packet loss
round-trip min/avg/max = 1.520/44.202/401.962 ms

Zsolex · September 26, 2018, 5:16am

hmm I think not. How can I check it?

from dmesg:

[   39.030343] wlan0: associated
[   39.036554] IPv6: ADDRCONF(NETDEV_CHANGE): wlan0: link becomes ready
[   43.357866] IPv6: ADDRCONF(NETDEV_CHANGE): wlan0-1: link becomes ready
[   43.371137] br-lan: port 2(wlan0-1) entered forwarding state
[   43.382524] br-lan: port 2(wlan0-1) entered forwarding state
[   45.376046] br-lan: port 2(wlan0-1) entered forwarding state
[   54.940398] random: nonblocking pool is initialized

vgaetera · September 26, 2018, 9:21am

This high percentage packet loss indicates quite serious connectivity problem.
Better repeat it without -q option to determine some pattern:

ping -c100 192.168.0.1

Sorry, typo, please repeat on router:

opkg update
opkg install nmap-ssl
ping -c100 wrtnode_ip
nmap wrtnode_ip

Zsolex · September 26, 2018, 3:59pm

It seems I have found the problem..

I have switched my router to 20Mhz channel and I can ping google.

Only via IP still not accessible. Wan can we do?

Plus unfortunately I have run out free space(wrtnode device). I want to install 'nmap-ssl' and by accident I have pressed ctrl+c. Therefore nmap-ssl installation was aborted and it looks like this have occuped my free space. I have tried to uninstall libpcap/libstdcpp/libopenssl but it could not find anything.
Could you help me where are sitting files from stucked installation?

root@WRTNODE-LEDE:~# opkg install nmap-ssl

Installing nmap-ssl (7.31-1) to root...
Downloading http://downloads.lede-project.org/releases/17.01.4/packages/mipsel_24kc/packages/nmap-ssl_7.31-1_mipsel_24kc.ipk
Installing libpcap (1.8.1-1) to root...
Downloading http://downloads.lede-project.org/releases/17.01.4/packages/mipsel_24kc/base/libpcap_1.8.1-1_mipsel_24kc.ipk
Installing libstdcpp (5.4.0-1) to root...
Downloading http://downloads.lede-project.org/releases/17.01.4/targets/ramips/mt7620/packages/libstdcpp_5.4.0-1_mipsel_24kc.ipk
Installing libopenssl (1.0.2p-1) to root...
Downloading http://downloads.lede-project.org/releases/17.01.4/packages/mipsel_24kc/base/libopenssl_1.0.2p-1_mipsel_24kc.ipk

^C
^C
Interrupted. Writing out status database.

root@WRTNODE-LEDE:~#
root@WRTNODE-LEDE:~# opkg install nmap-ssl

Installing nmap-ssl (7.31-1) to root...
Collected errors:
 * verify_pkg_installable: Only have 124kb available on filesystem /overlay, pkg nmap-ssl needs 2043
 * opkg_install_cmd: Cannot install package nmap-ssl.

root@WRTNODE-LEDE:~# df -h
F

ilesystem                Size      Used Available Use% Mounted on
/dev/root                 2.3M      2.3M         0 100% /rom
tmpfs                    29.8M      4.3M     25.5M  15% /tmp
/dev/mtdblock6           12.3M     12.0M    308.0K  98% /overlay
overlayfs:/overlay       12.3M     12.0M    308.0K  98% /
tmpfs                   512.0K         0    512.0K   0% /dev

root@WRTNODE-LEDE:~# opkg remove nmap-ssl
No packages removed.
root@WRTNODE-LEDE:~# opkg remove libpcap
No packages removed.
root@WRTNODE-LEDE:~# opkg remove libstdcpp
No packages removed.

vgaetera · September 26, 2018, 4:05pm

Zsolex · September 26, 2018, 7:46pm

Thanks package was removed.

root@LEDE:~# ping -c25 192.168.0.1

PING 192.168.0.1 (192.168.0.1): 56 data bytes
64 bytes from 192.168.0.1: seq=0 ttl=64 time=1.681 ms
64 bytes from 192.168.0.1: seq=1 ttl=64 time=1.060 ms
64 bytes from 192.168.0.1: seq=2 ttl=64 time=1.080 ms
64 bytes from 192.168.0.1: seq=3 ttl=64 time=1.020 ms
64 bytes from 192.168.0.1: seq=4 ttl=64 time=1.040 ms
64 bytes from 192.168.0.1: seq=5 ttl=64 time=1.060 ms
64 bytes from 192.168.0.1: seq=6 ttl=64 time=1.060 ms
64 bytes from 192.168.0.1: seq=7 ttl=64 time=1.020 ms
64 bytes from 192.168.0.1: seq=8 ttl=64 time=1.060 ms
64 bytes from 192.168.0.1: seq=9 ttl=64 time=3.841 ms
64 bytes from 192.168.0.1: seq=10 ttl=64 time=1.080 ms
64 bytes from 192.168.0.1: seq=11 ttl=64 time=1.020 ms
64 bytes from 192.168.0.1: seq=12 ttl=64 time=1.300 ms
64 bytes from 192.168.0.1: seq=13 ttl=64 time=2.660 ms
64 bytes from 192.168.0.1: seq=14 ttl=64 time=1.560 ms
64 bytes from 192.168.0.1: seq=15 ttl=64 time=1.040 ms
64 bytes from 192.168.0.1: seq=16 ttl=64 time=1.040 ms
64 bytes from 192.168.0.1: seq=17 ttl=64 time=1.020 ms
64 bytes from 192.168.0.1: seq=18 ttl=64 time=1.120 ms
64 bytes from 192.168.0.1: seq=19 ttl=64 time=1.020 ms
64 bytes from 192.168.0.1: seq=20 ttl=64 time=0.980 ms
64 bytes from 192.168.0.1: seq=21 ttl=64 time=1.940 ms
64 bytes from 192.168.0.1: seq=22 ttl=64 time=5.640 ms
64 bytes from 192.168.0.1: seq=23 ttl=64 time=1.040 ms
64 bytes from 192.168.0.1: seq=24 ttl=64 time=1.040 ms

--- 192.168.0.1 ping statistics ---
25 packets transmitted, 25 packets received, 0% packet loss
round-trip min/avg/max = 0.980/1.496/5.640 ms

root@LEDE:~# ping -c25 192.168.0.160

PING 192.168.0.160 (192.168.0.160): 56 data bytes
64 bytes from 192.168.0.160: seq=0 ttl=64 time=0.360 ms
64 bytes from 192.168.0.160: seq=1 ttl=64 time=0.320 ms
64 bytes from 192.168.0.160: seq=2 ttl=64 time=0.340 ms
64 bytes from 192.168.0.160: seq=3 ttl=64 time=0.400 ms
64 bytes from 192.168.0.160: seq=4 ttl=64 time=0.340 ms
64 bytes from 192.168.0.160: seq=5 ttl=64 time=0.340 ms
64 bytes from 192.168.0.160: seq=6 ttl=64 time=0.340 ms
64 bytes from 192.168.0.160: seq=7 ttl=64 time=0.340 ms
64 bytes from 192.168.0.160: seq=8 ttl=64 time=0.320 ms
64 bytes from 192.168.0.160: seq=9 ttl=64 time=0.340 ms
64 bytes from 192.168.0.160: seq=10 ttl=64 time=0.340 ms
64 bytes from 192.168.0.160: seq=11 ttl=64 time=0.340 ms
64 bytes from 192.168.0.160: seq=12 ttl=64 time=0.340 ms
64 bytes from 192.168.0.160: seq=13 ttl=64 time=0.340 ms
64 bytes from 192.168.0.160: seq=14 ttl=64 time=0.340 ms
64 bytes from 192.168.0.160: seq=15 ttl=64 time=0.340 ms
64 bytes from 192.168.0.160: seq=16 ttl=64 time=0.340 ms
64 bytes from 192.168.0.160: seq=17 ttl=64 time=0.340 ms
64 bytes from 192.168.0.160: seq=18 ttl=64 time=0.340 ms
64 bytes from 192.168.0.160: seq=19 ttl=64 time=0.340 ms
64 bytes from 192.168.0.160: seq=20 ttl=64 time=0.340 ms
64 bytes from 192.168.0.160: seq=21 ttl=64 time=0.340 ms
64 bytes from 192.168.0.160: seq=22 ttl=64 time=0.340 ms
64 bytes from 192.168.0.160: seq=23 ttl=64 time=0.340 ms
64 bytes from 192.168.0.160: seq=24 ttl=64 time=0.340 ms

--- 192.168.0.160 ping statistics ---
25 packets transmitted, 25 packets received, 0% packet loss
round-trip min/avg/max = 0.320/0.341/0.400 ms

root@LEDE:~# nmap 192.168.0.160


Starting Nmap 7.31 ( https://nmap.org ) at 2018-09-26 19:41 UTC
Nmap scan report for 192.168.0.160
Host is up (0.00026s latency).
Not shown: 996 closed ports
PORT     STATE SERVICE
22/tcp   open  ssh
53/tcp   open  domain
80/tcp   open  http
8200/tcp open  trivnet1

Nmap done: 1 IP address (1 host up) scanned in 45.35 seconds

After 20Mhz changes, network looks stable.
Firewall is disabled, still not visible via IP..

vgaetera · September 26, 2018, 8:05pm

Firewall is disabled, ports are open, so it should be visible from 192.168.0.0/24 subnet.
Try to configure port forwarding on your router:

TCP: LAN:192.168.0.1:8022 > LAN:192.168.0.160:22
TCP: LAN:192.168.0.1:8080 > LAN:192.168.0.160:80

Try to connect from your laptop/desktop in 192.168.0.0/24 network:

ssh -p8022 192.168.0.1

http://192.168.0.1:8080/

Your issue resembles this topic: Clients in same WLAN can't reach each other

Zsolex · September 27, 2018, 9:43am

Port forwarding I didnt't tried out yet.

Thanks for the link.
Following config I have
root@LEDE:~# cat /sys/devices/virtual/net/
br-lan/ eth0.1/ eth0.2/ lo/

root@LEDE:~# cat /sys/devices/virtual/net/br-lan/lower_wlan0-1/brport/hairpin_mode
1
According to the echo 1 > /sys/devices/virtual/net/br-lan/lower_wlan.name/brport/hairpin_mode is should be default 0. But is already 1.

root@LEDE:~# cat /sys/devices/virtual/net/br-lan/lower_eth0.1/brport/hairpin_mode
0

root@LEDE:~# echo 1 > /sys/devices/virtual/net/br-lan/lower_eth0.1/brport/hairpin_mode
root@LEDE:~# cat /sys/devices/virtual/net/br-lan/lower_eth0.1/brport/hairpin_mode
1

If a change lower_eth0.1's hairping to 1 after I can ping my PC let say ip 192.168.0.102 from the openwrt device (I have 2PC) / and openwrt connected to as AP from PC two 192.168.0.101/

From PC (..0.102) I can ping openwrt device (..0.160). I can open LUCI. Firewall is already switched off. But I can not see dlna/samba share in such way. I do not understand http port 80 and Dropbear 22 ports are working but samba and minidlna ports aren't.
(If connecnt to openwrt device as AP, dlna,samba everything are working fine.)
And after few seconds/1 minunte I can't reach from my pc(..0.102) the wrt device..
If I going ssh to the wrtdevice and run ping against PC(..0.102) contionusly I can ping from PC(..0.102) back to the wrtnode again.

Zsolex · September 28, 2018, 1:44pm

I have switched back to Barrier Breaker, r41508. It is the 'original' firmware for wrtnode1.

I have installed a few services.
If I connect to the device as AP, evertyting is working fine, ie. dlna, samba, ftp, internet.
Under my networks, samba/dlna were listed.

If I connect to my usual router ftp is working fine, I can reach luci via IP. But I have problem with dlna and samba srvices.
When I go my networks, samba/dlna was not listed. With \IP I can eeach samba share, let say it is working somehow, dlna IP:8200 I got the summary page from minidlna server, but with media player, my network, kodi does not see dlna..
What the hell can be, partly it is working but in summary not. Only this problem have I with barrer breaker. It works a little bit better that LEDE /for me/

ps: Firewall settings general: Input/output/forward ACCEPT in LUCI. If I switch it off does not goes better.

Zsolex · October 3, 2018, 11:11am

With Barrier Breaker, r41508 dlna and samba problem has been solved. There was configuration issue regarding interface.
With Barrier Breaker, r41508 now I can access the wrtnode board via IP with factory settings in STA+AP mode. Only firewall needs modification.
/with default all hairpin setting are 0 - and its is ok, so it is not hairpin issue in LEDE - i think/

With LEDE problem still open.

@vgaerera: thanks your help

system · November 8, 2018, 2:28am

This topic was automatically closed 10 days after the last reply. New replies are no longer allowed.