Wireless router not receiving broadcast packets

Hello world,

I'm fairly new to linux and linux networking in general so please bear with me. I have a MediaTek RT3352 router running OpenWrt. The router is configured to run in both STA+AP mode. In this mode, the router does not respond to ARP request from other devices in the same subnet. That is, this openwrt router is client to a next hop AP for internet access. It is also configured to be an AP to other devices, mostly wifi enabled security cameras. I first thought it was a ARP issue, so I tried the following:

[*] Turning off and disabling the firewall
[*] Changing and persisting sysctl to accept and not ignore arp/icmp packets
[*] Tuning iptables to accept icmp packets, etc.

This is what works:

[*] Broadcasting my ip using arping -- arping -A -c 2 -I 192.168.1.2
[*] Pinging the failing node from the router directly -- ping 192.168.1.3

Using tcpdump to capture packets on the router itself shows that the broadcast arp packets are either not being forwarded to the openwrt or that some kernel settings is causing the broadcast packets to be dropped. Using either wireshark or tcpdump on the sending host(laptop) shows that it is busily sending arp request packets to the openwrt router but gets no response - the packets don't show up on the router.

I'm beginning to suspect that it is not an ARP issue at all but a broadcast issue. Basically if the openwrt router is already in a host's arp table, then it can ping it, ssh into it, etc. I should also note that in true AP only mode, this is not an issue. It is only when it is configured in both STA+AP mode.

What am I missing? Please see below for my configuration. Any help or pointers will be greatly appreciated. Thank you.

System:
/ # ubus -v call system board
{
"kernel": "3.18.21",
"hostname": "OpenWrt",
"system": "Ralink RT3352 id:1 rev:6",
"model": "Allnet ALL5002",
"release": {
"distribution": "OpenWrt",
"version": "Bleeding Edge",
"revision": "firewall",
"codename": "designated_driver",
"target": "ramips\/rt305x",
"description": "OpenWrt Designated Driver firewall"
}
}


Sysctl:
/ # cat /etc/sysctl.conf
kernel.panic=3
kernel.core_pattern=/tmp/%e.%t.%p.%s.core

net.ipv4.conf.default.arp_ignore=0
net.ipv4.conf.all.arp_ignore=0

net.ipv4.ip_forward=1
net.ipv4.ipfrag_secret_interval=600

net.ipv4.icmp_echo_ignore_all=0
net.ipv4.icmp_echo_ignore_broadcasts=0
net.ipv4.icmp_ignore_bogus_error_responses=1
net.ipv4.icmp_ratemask=6168

net.ipv4.conf.wlan0.arp_accept=1
net.ipv4.conf.wlan0.arp_announce=2
net.ipv4.conf.wlan0.arp_filter=0
net.ipv4.conf.wlan0.arp_ignore=0
net.ipv4.conf.wlan0.arp_notify=1

net.ipv4.igmp_max_memberships=100

net.ipv4.tcp_fin_timeout=30
net.ipv4.tcp_keepalive_time=120
net.ipv4.tcp_syncookies=1
net.ipv4.tcp_timestamps=1
net.ipv4.tcp_sack=1
net.ipv4.tcp_dsack=1

net.ipv6.conf.default.forwarding=1
net.ipv6.conf.all.forwarding=1

net.netfilter.nf_conntrack_acct=1
net.netfilter.nf_conntrack_checksum=0
net.netfilter.nf_conntrack_max=16384
net.netfilter.nf_conntrack_tcp_timeout_established=7440
net.netfilter.nf_conntrack_udp_timeout=60
net.netfilter.nf_conntrack_udp_timeout_stream=180
net.netfilter.nf_conntrack_icmp_timeout=30
net.netfilter.nf_conntrack_icmpv6_timeout=30


Network configuration:
/ # cat /etc/config/network

config globals 'globals'
option ula_prefix 'fd01:ea9e:adf8::/48'

config interface 'loopback'
option ifname 'lo'
option proto 'static'
option ipaddr '127.0.0.1'
option netmask '255.0.0.0'

config interface 'wwan'
option proto 'dhcp'
option sendopts 'hostname:panel lease:86400'
option clientid 'xxxx'

config interface 'lan'
option proto 'static'
option ifname 'eth0'
option netmask '255.255.255.0'
option ipaddr '172.16.10.254'
option type 'bridge'
option gateway '192.168.1.1'
option dns '192.168.1.1'

Wireless configuration:
/ # cat /etc/config/wireless

config wifi-device 'radio0'
option type 'mac80211'
option path '10180000.wmac'
option disabled '0'
option txpower '20'
option country 'US'
option htmode 'HT20'
option hwmode '11g'
option obss_interval '300'
option noscan '0'
option log_level '0'
list ht_capab 'SHORT-GI-20'
list ht_capab 'SHORT-GI-40'
list ht_capab 'TX-STBC'
list ht_capab 'RX-STBC1'
list basic_rate '12000'
list basic_rate '24000'
list basic_rate '54000'
list supported_rates '12000'
list supported_rates '18000'
list supported_rates '24000'
list supported_rates '36000'
list supported_rates '48000'
list supported_rates '54000'

config wifi-iface
option device 'radio0'
option network 'lan'
option mode 'ap'
option ssid 'xxxx'
option encryption 'psk2'
option key 'xxxx'
option wps_pushbutxon '1'
option macaddr 'xxxx'
option disassoc_low_ack '0'
option max_inactivity '1810'
option skip_inactivity_poll '1'
option max_listen_interval '65535'

config wifi-iface
option network 'wwan'
option mode 'sta'
option ssid 'xxxx'
option encryption 'psk2'
option key 'xxxx'
option device 'radio0'
option macaddr 'xxxx'
option channel '0'


Firewall:
/ # cat /etc/config/firewall

config defaults
option syn_flood '1'
option input 'ACCEPT'
option output 'ACCEPT'
option forward 'ACCEPT'

config zone
option name 'lan'
option network 'lan'
option input 'ACCEPT'
option output 'ACCEPT'
option forward 'REJECT'

config zone
option name 'wwan'
option network 'wwan'
option input 'ACCEPT'
option output 'ACCEPT'
option forward 'ACCEPT'
option masq '1'
option mtu_fix '1'

config forwarding
option src 'lan'
option dest 'wwan'

config rule
option name 'Allow-DHCP-wwan'
option src 'wwan'
option proto 'udp'
option dest_port '67-68'
option target 'ACCEPT'
option family 'ipv4'

config rule
option name 'Allow-DHCP-lan'
option src 'lan'
option src_port '67-68'
option dest_port '67-68'
option proto 'udp'
option target 'ACCEPT'
config rule
option name 'Allow-DHCPv6'
option src 'wwan'
option proto 'udp'
option src_ip 'fc00::/6'
option dest_ip 'fc00::/6'
option dest_port '546'
option family 'ipv6'
option target 'ACCEPT'

config rule
option name 'Allow-ICMPv4-Input'
option src 'wwan'
option proto 'icmp'
option family 'ipv4'
option target 'ACCEPT'
option limit '1000/sec'
list icmp_type 'echo-request'
list icmp_type 'echo-reply'

config rule
option name 'Allow-ICMPv6-Input'
option src 'wwan'
option proto 'icmp'
option family 'ipv6'
option target 'ACCEPT'
option limit '1000/sec'
list icmp_type 'echo-request'
list icmp_type 'echo-reply'

config rule
option name 'Allow-MLD'
option src 'wwan'
option proto 'icmp'
option src_ip 'fe80::/10'
list icmp_type '130/0'
list icmp_type '131/0'
list icmp_type '132/0'
list icmp_type '143/0'
option family 'ipv6'
option target 'ACCEPT'

config rule
option name 'Allow-IGMP-wwan'
option src 'wwan'
option proto 'igmp'
option family 'ipv4'
option target 'ACCEPT'

config rule
option name 'Allow-IGMP-lan'
option src 'lan'
option proto 'igmp'
option family 'ipv4'
option target 'ACCEPT'

config rule
option src 'lan'
option target 'ACCEPT'
option proto 'udp'
option dest_port '1900-1901'

config rule
option name 'Allow DNS Queries'
option src 'lan'
option dest_port '53'
option proto 'udp'
option target 'ACCEPT'

config include
option path '/etc/firewall.user'

we have the game play mahjongg dimensions online best selection of ultra addictive free online dice and board games. From card classics like play mahjongg dimensions online to board games that guarantee hours of enjoyment, our play mahjongg dimensions online can all be played online with no downloads needed click http://mahjongfreegames.online/dimensions

In this mode, the router does now not reply to ARP request from other devices on the same subnet. Essay Writing Help Online Dice and board video games. From card classics like play mahjongg dimensions online to board games that assure hours of leisure.

Thanks for sharing this marvelous post. I m very pleased to read this article.<a href="[techvaidya.com];

In this mode, the switch does now not answer to ARP ask for from different gadgets on the equivalent subnet. Essay Writing Service UK Dice and board computer games. From card works of art like play mahjongg measurements online to prepackaged games that guarantee long stretches of recreation.