WAN IP assigned but still no internet

Post new topic   This topic is locked: you cannot edit posts or make replies.    DD-WRT Forum Index -> Advanced Networking
Goto page Previous  1, 2
Author Message
eibgrad
DD-WRT Guru


Joined: 18 Sep 2010
Posts: 9157

PostPosted: Tue May 10, 2022 2:16    Post subject: Reply with quote
If you can ping 8.8.8.8 from the router via SSH, but you can't ping that same IP from a LAN client, that suggests to me this is an issue w/ NAT. The router doesn't need NAT for itself to have internet access, but the LAN devices behind it do.

First thing I would do is disable all NAT/firewall acceleration (SFE, CTF, FA). You're unlikely to ever get close to the kinds of speeds those features can deliver when using the device as a travel router. And these features are KNOWN to cause all kinds of weird problems. You might as well just eliminate it as a culprit.

I'd like to see a firewall dump to see if in fact it is a NAT problem, or some other firewall issue.

Code:
iptables -vnL
iptables -t nat -vnL

_________________
ddwrt-ovpn-split-basic.sh (UPDATED!) * ddwrt-ovpn-split-advanced.sh (UPDATED!) * ddwrt-ovpn-client-killswitch.sh * ddwrt-ovpn-client-watchdog.sh * ddwrt-ovpn-remote-access.sh * ddwrt-ovpn-client-backup.sh * ddwrt-mount-usb-drives.sh * ddwrt-blacklist-domains.sh * ddwrt-wol-port-forward.sh * ddwrt-dns-monitor.sh (NEW!)
Sponsor
dmitrytoda
DD-WRT Novice


Joined: 09 May 2022
Posts: 16

PostPosted: Tue May 10, 2022 13:28    Post subject: Reply with quote
Disabling SFE did not help, and there is no setting for CTF and FA on my Basic Setup page, as you can see on one of the screenshots. Attached is the output of your two commands, and incoming/outgoing firewall log screenshots.
Alozaros
DD-WRT Guru


Joined: 16 Nov 2015
Posts: 6410
Location: UK, London, just across the river..

PostPosted: Tue May 10, 2022 13:53    Post subject: Reply with quote
In the past, i had something like on my R7000 with my other router ahead was giving correct IP, there was WAN and DNS, but no connection was possible...tried all sorts of things, static IP dynamic IP mac clone and ect. than decided to reset/reflash and it did work......the only thing was, i updated to the next firmware available..just don't use the old save file but rebuild manually...
_________________
Atheros
TP-Link WR740Nv1 ---DD-WRT 55179 WAP
TP-Link WR1043NDv2 -DD-WRT 55303 Gateway/DoT,Forced DNS,Ad-Block,Firewall,x4VLAN,VPN
TP-Link WR1043NDv2 -Gargoyle OS 1.15.x AP,DNS,QoS,Quotas
Qualcomm-Atheros
Netgear XR500 --DD-WRT 55460 Gateway/DoH,Forced DNS,AP Isolation,4VLAN,Ad-Block,Firewall,Vanilla
Netgear R7800 --DD-WRT 55460 Gateway/DoT,AD-Block,Forced DNS,AP&Net Isolation,x3VLAN,Firewall,Vanilla
Netgear R9000 --DD-WRT 55363 Gateway/DoT,AD-Block,AP Isolation,Firewall,Forced DNS,x2VLAN,Vanilla
Broadcom
Netgear R7000 --DD-WRT 55460 Gateway/SmartDNS/DoH,AD-Block,Firewall,Forced DNS,x3VLAN,VPN
NOT USING 5Ghz ANYWHERE
------------------------------------------------------
Stubby DNS over TLS I DNSCrypt v2 by mac913
dmitrytoda
DD-WRT Novice


Joined: 09 May 2022
Posts: 16

PostPosted: Tue May 10, 2022 13:56    Post subject: Reply with quote
I am only at this place until Friday, and next one will be different, so I'd rather not reflash it. It worked at the three previous places, so hopefully will work at the next one as well. At least right now I can use it with mobile hotspot, but if I reflash, god knows how long it will take to fix it up again.
eibgrad
DD-WRT Guru


Joined: 18 Sep 2010
Posts: 9157

PostPosted: Tue May 10, 2022 17:49    Post subject: Reply with quote
What the heck is the following in the firewall??

Code:
Chain FORWARD (policy ACCEPT 0 packets, 0 bytes)
 pkts bytes target     prot opt in     out     source               destination
 1494  222K logdrop    all  --  *      eth0    0.0.0.0/0            0.0.0.0/0
...


This is blocking *all* outbound access to the internet via the WAN (eth0)!

Did you add this rule? Or perhaps something else you installed? Do you have AR (Access Restrictions) enabled?

That's definitely abnormal.

P.S. Almost seems like a kill switch. Something you might expect if one of the VPN clients (WG or OpenVPN) were active. But I don't see any evidence of either in the firewall.

_________________
ddwrt-ovpn-split-basic.sh (UPDATED!) * ddwrt-ovpn-split-advanced.sh (UPDATED!) * ddwrt-ovpn-client-killswitch.sh * ddwrt-ovpn-client-watchdog.sh * ddwrt-ovpn-remote-access.sh * ddwrt-ovpn-client-backup.sh * ddwrt-mount-usb-drives.sh * ddwrt-blacklist-domains.sh * ddwrt-wol-port-forward.sh * ddwrt-dns-monitor.sh (NEW!)
dmitrytoda
DD-WRT Novice


Joined: 09 May 2022
Posts: 16

PostPosted: Wed May 11, 2022 0:03    Post subject: Reply with quote
Ooh I know what is going on (sort of) and feel very stupid now. I do have an OpenVPN client configured with a kill switch. When I use mobile hotspot, it connects to VPN and everything is fine. When I use home internet, either the internet provider is blocking my VPN server IP, or Digital Ocean, where my server is spinning, is blocking my home IP. No VPN, no internet (which is by design).

I even thought about it the first time I had the problem. I looked at the VPN status page in DD-WRT web GUI and saw nothing (as opposed to errors in the VPN log), no attempts to connect. Little did I know that the server was simply unaccessible from the router.

Whatever it is, it has nothing to do with router settings. Thank you so much everybody for your help! Case closed (although not quite solved lol).
finnsloss
DD-WRT Novice


Joined: 28 Mar 2024
Posts: 1

PostPosted: Thu Mar 28, 2024 11:30    Post subject: Reply with quote
I had the same issue with DD-WRT on my home network.

I am setting up a travel router on DD-WRT, it was using the same subnet 192.168.x.1 as the router in the house.

Setting DD-WRT to a different subnet fixed the issue.

I guess there is a conflict if the WAN connection and your LAN side have the same subnet.
egc
DD-WRT Guru


Joined: 18 Mar 2014
Posts: 12837
Location: Netherlands

PostPosted: Thu Mar 28, 2024 11:41    Post subject: Reply with quote
Welcome to the forum Smile

From the first page of DDWRT OpenVPN Server setup guide (see: https://forum.dd-wrt.com/phpBB2/viewtopic.php?t=327398 )

Quote:
Note:
1. If you use the default TUN setup which is a routed solution, the servers subnet, the OpenVPN's subnet (10.8.0.0) and the clients subnet must all be different!
So better not use 192.168.1.0/24 or 192.168.0.0/24 for the OpenVPN servers subnet.


In other words read the manual Wink

closing this thread as it is old

_________________
Routers:Netgear R7000, R6400v1, R6400v2, EA6900 (XvortexCFE), E2000, E1200v1, WRT54GS v1.
Install guide R6400v2, R6700v3,XR300:https://forum.dd-wrt.com/phpBB2/viewtopic.php?t=316399
Install guide R7800/XR500: https://forum.dd-wrt.com/phpBB2/viewtopic.php?t=320614
Forum Guide Lines (important read):https://forum.dd-wrt.com/phpBB2/viewtopic.php?t=324087
Goto page Previous  1, 2 Display posts from previous:    Page 2 of 2
Post new topic   This topic is locked: you cannot edit posts or make replies.    DD-WRT Forum Index -> Advanced Networking All times are GMT

Navigation

 
Jump to:  
You cannot post new topics in this forum
You cannot reply to topics in this forum
You cannot edit your posts in this forum
You cannot delete your posts in this forum
You cannot vote in polls in this forum
You cannot attach files in this forum
You cannot download files in this forum