Comments (26)
Did you install BCP38?
from openwrt.
Did you install BCP38?
Not installed.
from openwrt.
Please check while pinging CPE nat gateway:
tcpdump -i wan icmp
In principle it can be turned into pure network adapter as for openwrt to be on public internet (or their CGN)
from openwrt.
Please check while pinging CPE nat gateway:
tcpdump -i wan icmp
In principle it can be turned into pure network adapter as for openwrt to be on public internet (or their CGN)
Modified network got some intresting results
Thats how was modified:
Laptop (192.168.1.50) -> OpenWRT 23.05.03 (192.168.1.1/24 with 192.168.2.212 ip by dhcp) -> wanport -> OpenWRT OpenWrt 22.03.1 (192.168.2.1) -> wan port -> ISP fiber modem (192.168.18.1)
With accept forward ICMP from any zone to any zone
Pinging 192.168.2.1 will result with:
21:14:18.308390 IP 192.168.18.1 > 192.168.2.212: ICMP host 192.168.1.50 unreachable, length 173
Pinging 192.168.18.1 will result with:
21:14:50.491917 IP 185-xxx-xxx-xxx.xx-xxx.xx > 192.168.2.212: ICMP host 192.168.1.50 unreachable, length 173
Pinging 8.8.8.8 will result with:
21:15:19.757362 IP 192.168.2.212 > dns.google: ICMP echo request, id 1, seq 4324, length 40
21:15:19.772569 IP dns.google > 192.168.2.212: ICMP echo reply, id 1, seq 4324, length 40
OpenWRT 22.03.1 router pings and connects to 192.168.18.1 without problems.
Both routers got simillar traffic, firewall, lan, wan settings
from openwrt.
What netmask you get from ISP routers dhcp?
from openwrt.
ip ro sh
from openwrt.
Add 1-2ms latency for each chained nat device.
from openwrt.
ip ro sh
/24
Add 1-2ms latency for each chained nat device.
how?
from openwrt.
Openwrt as from reset acquires IP from wan using DHCP then provides own DHCP server with 192.168.1.1/24
Question -
CPE >-< WAN(openwrt)LANX >-< PC
Ping CPE address from PC and have a look on traffic leaving/entering WAN. , it should be from WAN IP acquired via DHCP to the CPE IP, and response back.
You can observe states with conntrack -E -p icmp
Usually one created for all pings and close 30s later.
from openwrt.
Openwrt as from reset acquires IP from wan using DHCP then provides own DHCP server with 192.168.1.1/24
Question -
CPE >-< WAN(openwrt)LANX >-< PC
Ping CPE address from PC and have a look on traffic leaving/entering WAN. , it should be from WAN IP acquired via DHCP to the CPE IP, and response back.
You can observe states withconntrack -E -p icmp
Usually one created for all pings and close 30s later.
New setup
Laptop (192.168.2.50/24) -> OpenWRT(Wan dhcp 192.168.8.100/24) -> Modem (192.168.8.1/24)
conntrack -E -p icmp
From laptop:
- Ping 192.168.8.1
contrack - empty
ping returned - Reply from 192.168.2.50: Destination host unreachable. - Ping 8.8.8.8
contrack -
[NEW] icmp 1 30 src=192.168.2.50 dst=8.8.8.8 type=8 code=0 id=1 [UNREPLIED] src=8.8.8.8 dst=192.168.8.100 type=0 code=0 id=1
[UPDATE] icmp 1 30 src=192.168.2.50 dst=8.8.8.8 type=8 code=0 id=1 src=8.8.8.8 dst=192.168.8.100 type=0 code=0 id=1
[DESTROY] icmp 1 src=192.168.2.50 dst=8.8.8.8 type=8 code=0 id=1 packets=4 bytes=240 src=8.8.8.8 dst=192.168.8.100 type=0 code=0 id=1 packets=4 bytes=240
from openwrt:
- Ping 192.168.8.1
Contrack -
[NEW] icmp 1 30 src=192.168.8.100 dst=192.168.8.1 type=8 code=0 id=29589 [UNREPLIED] src=192.168.8.1 dst=192.168.8.100 type=0 code=0 id=29589
[UPDATE] icmp 1 30 src=192.168.8.100 dst=192.168.8.1 type=8 code=0 id=29589 src=192.168.8.1 dst=192.168.8.100 type=0 code=0 id=29589 - Ping openwrt.org
[NEW] icmp 1 30 src=192.168.8.100 dst=192.168.8.1 type=8 code=0 id=29589 [UNREPLIED] src=192.168.8.1 dst=192.168.8.100 type=0 code=0 id=29589
[UPDATE] icmp 1 30 src=192.168.8.100 dst=192.168.8.1 type=8 code=0 id=29589 src=192.168.8.1 dst=192.168.8.100 type=0 code=0 id=29589
from openwrt.
Your PC somehow has .8. network cached locally so that it does not permit packets out. Flush routes there and re-run dhcp client.
from openwrt.
Your PC somehow has .8. network cached locally so that it does not permit packets out. Flush routes there and re-run dhcp client.
route print
didnt return cached .8.
from openwrt.
The host rejects packet on its own :-S
If packet reached openwrt it would route to .8. network.
If the network is mostly silent you may tcpdump (wireshark if with windows on screen) the ARP packets caused by ping.
And if ip ro fl ca
changes anything.
from openwrt.
The host rejects packet on its own :-S If packet reached openwrt it would route to .8. network. If the network is mostly silent you may tcpdump (wireshark if with windows on screen) the ARP packets caused by ping. And if
ip ro fl ca
changes anything.
Broadcast ARP 42 Who has 192.168.8.1? Tell 192.168.2.50
- No ARP reply.
from openwrt.
No way, it should seek router for address in other subnet.
from openwrt.
No way, it should seek router for address in other subnet.
I built snapshoot for wrt1200ac and mr8300. EVerything works fine on wrt1200ac and it fails on mr8300. So its device specyfic problem.
from openwrt.
There is 0.00001 chance that device comes up with switch forwarding and PC acquires address from ISP CPE then changes to openwrt subnet. There is absolutely no way for DHCP to pass 2 subnets to a client at once.
from openwrt.
You need to tap seemingly broken device WAN port while rebooting multiple times just to see if PC DHCP leaks out.
from openwrt.
Or CPE homepage suddenly shows dhcp lease for PC.
from openwrt.
There is 0.00001 chance that device comes up with switch forwarding and PC acquires address from ISP CPE then changes to openwrt subnet. There is absolutely no way for DHCP to pass 2 subnets to a client at once.
You need to tap seemingly broken device WAN port while rebooting multiple times just to see if PC DHCP leaks out.
Or CPE homepage suddenly shows dhcp lease for PC.
As i said its device specyfic problem. Pluging m8300 to isp cant ping isp (but internet works). plugging wrt1200ac to isp can ping isp and internet works.
Also when i try to configure device eth0 connectity is broken totaly. Cant even ping openwrt on lan port.
Seems to be related to this change: "DO NOT upgrade from 22.03 to 23.05/main snapshot while keeping settings: config syntax isn't the same (due to DSA) and it will lead to a soft-brick. "
Becouse on 22.03 everything worked fine.
from openwrt.
There is absolutely no way that LAN PC gets any knowledge of WAN IP from DHCP via properly functioning OpenWRT.
eth0 is parent of all DSA ports where they connect to SoC CPU, you need to configure br-lan and similar.
You can check with ip link
- it will be like lan5@eth0 for DSA children.
from openwrt.
There is absolutely no way that LAN PC gets any knowledge of WAN IP from DHCP via properly functioning OpenWRT.
eth0 is parent of all DSA ports where they connect to SoC CPU, you need to configure br-lan and similar. You can check with
ip link
- it will be like lan5@eth0 for DSA children.
what got dhcp to packet routing?
- mr8300 22.03, wrt1200ac 22.03, 23.05, snapshoot - route correctly to 192.168.8.1 which is ip of wan interface
- mr8300 23.05, snapshoot - doesnt route correctly to 192.168.8.1 which is ip of wan interface
Tested if can enable vlan:
uci add network bridge-vlan # =cfg09a1b0
uci set network.@bridge-vlan[-1].device='br-lan'
uci set network.@bridge-vlan[-1].vlan='1'
uci add_list network.@bridge-vlan[-1].ports='lan1'
uci add_list network.@bridge-vlan[-1].ports='lan2'
uci add_list network.@bridge-vlan[-1].ports='lan3'
uci add_list network.@bridge-vlan[-1].ports='lan4'
Nope. Changes are reverted becouse it becomes unreachable.
from openwrt.
becomes unreachable.
not related to initial issue. any other vlan will work. obviously you need to add some ip config to br-lan.X to have any L3 connectivity.
if your pc does not emit packets how do you expect to route them.
what i susoect wan and br-lan mysteriously are not isolated.
from openwrt.
becomes unreachable.
not related to initial issue. any other vlan will work. obviously you need to add some ip config to br-lan.X to have any L3 connectivity.
if your pc does not emit packets how do you expect to route them. what i susoect wan and br-lan mysteriously are not isolated.
My pc tries to emit them. There is arp frame asking for route but mr8300 5.15/6.1 kernel dont answer.
from openwrt.
It is ought to go to other subnet via default route, hitting conntrack and tcpdump.
from openwrt.
opkg install owipcalc
/etc/hotplug.d/iface/80-reset-route6
#!/bin/sh
wan_dev="wan6"
[ "$HOTPLUG_TYPE" = "iface" ] || exit 0
[ "$INTERFACE" = "$wan_dev" ] || exit 0
RTMETRIC=127
. /lib/functions/network.sh
network_get_physdev lan_dev lan || exit 0
ifup_cb() {
local _lan_dev="$1"
local _metric="$2"
local wan_subnet
network_get_subnet6 wan_subnet "$wan_dev" || return
_wan_network=$(owipcalc "${wan_subnet}" network)
ip -6 route replace "$_wan_network" dev "$_lan_dev" metric "$_metric"
}
ifdown_cb() {
local _lan_dev="$1"
local _metric="$2"
ip -6 route flush dev "$_lan_dev" metric "$_metric"
}
case "$ACTION" in
ifup)
ifup_cb "$lan_dev" "$RTMETRIC"
;;
ifdown)
ifdown_cb "$lan_dev" "$RTMETRIC"
;;
ifupdate)
ifdown_cb "$lan_dev" "$RTMETRIC"
sleep 1
ifup_cb "$lan_dev" "$RTMETRIC"
;;
*)
;;
esac
exit 0
from openwrt.
Related Issues (20)
- ip-fill is crashing HOT 2
- “Save & Apply” does not create the VXLAN interface.
- DNSMASK not listen on VIP HOT 1
- Client Isolation not working with WDS HOT 9
- [23.05] Consistent ujail crash at reboot HOT 5
- GPIO driver kernel 6.6: rtl8366s chip detection failed, err=-19 (WNDRMAC v2 / WNDR3800) HOT 87
- kernel memory corruption on Turris Omnia HOT 2
- AMPDU On N mode HOT 4
- BPI-R4: network buffering issues (with stutters) HOT 13
- “WARNING: your configuration is out of sync. Please run make menuconfig, oldconfig or defconfig!” on every build when using `make defconfig` HOT 5
- Banana Pi R4 RTC not work HOT 6
- ttyS ttyS0: 1 input overrun(s) HOT 5
- Radios > Operating frequency channel numbers are always 20 MHz ones HOT 2
- [Raspberry Pi 5 Model B Rev 1.0] brcmf_p2p_send_action_frame HOT 1
- wolfSSL master build error due to --disable-nls HOT 4
- serial console speed for Radxa E25 should be 115200bps instead of 1.5Mbps HOT 6
- winner h616 , h618 HOT 3
- Packet Steering in a WRT1200AC 23.05.03 HOT 18
- [RPi4] skb_warn_bad_offload with kernel 6.6 HOT 10
- wpad-mesh-mbedtls breaks backward compatibility for unencrypted mesh HOT 2
Recommend Projects
-
React
A declarative, efficient, and flexible JavaScript library for building user interfaces.
-
Vue.js
🖖 Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.
-
Typescript
TypeScript is a superset of JavaScript that compiles to clean JavaScript output.
-
TensorFlow
An Open Source Machine Learning Framework for Everyone
-
Django
The Web framework for perfectionists with deadlines.
-
Laravel
A PHP framework for web artisans
-
D3
Bring data to life with SVG, Canvas and HTML. 📊📈🎉
-
Recommend Topics
-
javascript
JavaScript (JS) is a lightweight interpreted programming language with first-class functions.
-
web
Some thing interesting about web. New door for the world.
-
server
A server is a program made to process requests and deliver data to clients.
-
Machine learning
Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.
-
Visualization
Some thing interesting about visualization, use data art
-
Game
Some thing interesting about game, make everyone happy.
Recommend Org
-
Facebook
We are working to build community through open source technology. NB: members must have two-factor auth.
-
Microsoft
Open source projects and samples from Microsoft.
-
Google
Google ❤️ Open Source for everyone.
-
Alibaba
Alibaba Open Source for everyone
-
D3
Data-Driven Documents codes.
-
Tencent
China tencent open source team.
from openwrt.