ich habe jetzt mein Beispiel viewtopic.php?f=18&t=162716&p=1108619#p1108619 so umgestaltet
1. Problem
Die VLANs lassen sich nicht bridgen.
Code: Alles auswählen
config switch
option name 'switch0'
option reset '1'
option enable_vlan '1'
config switch_vlan
option device 'switch0'
option vlan '1'
option vid '100'
option ports '4 5t'
config switch_vlan
option device 'switch0'
option vlan '2'
option vid '2'
option ports '3 6t'
config switch_vlan
option device 'switch0'
option vlan '3'
option vid '3'
option ports '2 6t'
config switch_vlan
option device 'switch0'
option vlan '4'
option vid '4'
option ports '1 6t'
config switch_vlan
option device 'switch0'
option vlan '5'
option vid '5'
option ports '0 6t'
config interface 'loopback'
option ifname 'lo'
option proto 'static'
option ipaddr '127.0.0.1'
option netmask '255.0.0.0'
config globals 'globals'
option ula_prefix 'fdaa:abc8:799c::/48'
config interface 'lan'
option force_link '1'
option proto 'static'
option netmask '255.255.255.0'
option ipaddr '192.168.0.1'
option type 'bridge'
option _orig_ifname 'eth1.2 wlan0 wlan1'
option _orig_bridge 'true'
option ifname 'eth1.2'
config interface 'wan'
option ifname 'eth0.100'
option _orig_bridge 'false'
option proto 'pppoe'
option username 'xxxxxxxxxxxxxx'
option password 'xxxxxxxxxxxxxxx'
config interface 'guest_lan'
option proto 'static'
option ifname 'eth1.4'
option ipaddr '192.168.10.1'
option netmask '255.255.255.0'
option gateway '217.0.117.92'
option dns '217.0.43.129'
config interface 'sip_lan'
option proto 'static'
option ifname 'eth1.5'
option ipaddr '192.168.20.1'
option gateway '217.0.117.92'
option dns '217.0.43.129'
Das bedeutet, dass am LAN-Port 1 (SW 3) das 192.168.0.0 Netz hängt. An LAN-Port 2 (SW 2) bwz. hier mit "vlan '3'" definiert würde auch gerne das 192.168.0.0 Netz mittels Bridge hängen, was aber nicht hinhaut.
Auch diese Kombination, bei der LAN-Port 1 und 2 zu eth1.2 zusammengelegt wird, funktioniert auch nicht:
Code: Alles auswählen
config switch_vlan
option device 'switch0'
option vlan '2'
option vid '2'
option ports '3 2 6t'
config switch_vlan
option device 'switch0'
option vlan '3'
option vid '3'
option ports '1 6t'
config switch_vlan
option device 'switch0'
option vlan '4'
option vid '4'
option ports '0 6t'
config interface 'lan'
option force_link '1'
option proto 'static'
option netmask '255.255.255.0'
option ipaddr '192.168.0.1'
option type 'bridge'
option _orig_ifname 'wlan0 wlan1'
option _orig_bridge 'true'
option ifname 'eth1.2'
config interface 'wan'
option ifname 'eth0.100'
option _orig_bridge 'false'
option proto 'pppoe'
option username 'xxxxxxxxxxxxxxxx'
option password 'xxxxxxxx'
config interface 'guest_lan'
option proto 'static'
option ifname 'eth1.3'
option ipaddr '192.168.10.1'
option netmask '255.255.255.0'
option gateway '217.0.117.92'
option dns '217.0.43.129'
config interface 'sip_lan'
option proto 'static'
option ifname 'eth1.4'
option ipaddr '192.168.20.1'
option gateway '217.0.117.92'
option dns '217.0.43.129'
Wenn ich das so neuboote oder das Netzwerk neustarte, komme ich nicht mehr auf den Router und darf wie im HowTo beschrieben komplett neu anfangen.
2. Problem
Ich kann ausser auf "lan" auf den anderen Schnittstellen 'guest_lan' und 'sip_lan' kein DHCP einrichten. Das heißt einrichten kann ich es zwar schon, aber an den LAN-Ports angeschlossene Geräte erhalten keine IP-Adresse zu gewiesen.
/etc/config/dhcp
Code: Alles auswählen
config dnsmasq
option domainneeded '1'
option boguspriv '1'
option filterwin2k '0'
option localise_queries '1'
option rebind_protection '1'
option rebind_localhost '1'
option local '/lan/'
option domain 'lan'
option expandhosts '1'
option nonegcache '0'
option authoritative '1'
option readethers '1'
option leasefile '/tmp/dhcp.leases'
option resolvfile '/tmp/resolv.conf.auto'
option localservice '1'
config dhcp 'lan'
option interface 'lan'
option leasetime '12h'
option dhcpv6 'server'
option ra 'server'
option start '25'
option limit '50'
option ra_management '1'
config dhcp 'wan'
option interface 'wan'
option ignore '1'
config odhcpd 'odhcpd'
option maindhcp '0'
option leasefile '/tmp/hosts/odhcpd'
option leasetrigger '/usr/sbin/odhcpd-update'
config dhcp 'lan2'
option start '100'
option leasetime '12h'
option limit '150'
option interface 'lan2'
config dhcp 'guest_lan'
option leasetime '12h'
option interface 'guest_lan'
option start '10'
3. Problem
Ich kann zwar 192.168.20.1 und 192.168.10.1 aus 192.168.0.0 anpingen, aber nicht die dahinter liegenden Geräte wie 192.168.20.4.
/etc/config/firewall
Code: Alles auswählen
config defaults
option syn_flood '1'
option input 'ACCEPT'
option output 'ACCEPT'
option forward 'REJECT'
config zone
option name 'lan'
option input 'ACCEPT'
option output 'ACCEPT'
option forward 'ACCEPT'
option network 'Test'
config zone
option name 'wan'
option output 'ACCEPT'
option masq '1'
option mtu_fix '1'
option forward 'ACCEPT'
option input 'REJECT'
option network 'wan wan6'
config forwarding
option src 'lan'
option dest 'wan'
config rule
option name 'Allow-DHCP-Renew'
option src 'wan'
option proto 'udp'
option dest_port '68'
option target 'ACCEPT'
option family 'ipv4'
config rule
option name 'Allow-Ping'
option src 'wan'
option proto 'icmp'
option icmp_type 'echo-request'
option family 'ipv4'
option target 'ACCEPT'
config rule
option name 'Allow-IGMP'
option src 'wan'
option proto 'igmp'
option family 'ipv4'
option target 'ACCEPT'
config rule
option name 'Allow-DHCPv6'
option src 'wan'
option proto 'udp'
option src_ip 'fe80::/10'
option src_port '547'
option dest_ip 'fe80::/10'
option dest_port '546'
option family 'ipv6'
option target 'ACCEPT'
config rule
option name 'Allow-MLD'
option src 'wan'
option proto 'icmp'
option src_ip 'fe80::/10'
list icmp_type '130/0'
list icmp_type '131/0'
list icmp_type '132/0'
list icmp_type '143/0'
option family 'ipv6'
option target 'ACCEPT'
config rule
option name 'Allow-ICMPv6-Input'
option src 'wan'
option proto 'icmp'
list icmp_type 'echo-request'
list icmp_type 'echo-reply'
list icmp_type 'destination-unreachable'
list icmp_type 'packet-too-big'
list icmp_type 'time-exceeded'
list icmp_type 'bad-header'
list icmp_type 'unknown-header-type'
list icmp_type 'router-solicitation'
list icmp_type 'neighbour-solicitation'
list icmp_type 'router-advertisement'
list icmp_type 'neighbour-advertisement'
option limit '1000/sec'
option family 'ipv6'
option target 'ACCEPT'
config rule
option name 'Allow-ICMPv6-Forward'
option src 'wan'
option dest '*'
option proto 'icmp'
list icmp_type 'echo-request'
list icmp_type 'echo-reply'
list icmp_type 'destination-unreachable'
list icmp_type 'packet-too-big'
list icmp_type 'time-exceeded'
list icmp_type 'bad-header'
list icmp_type 'unknown-header-type'
option limit '1000/sec'
option family 'ipv6'
option target 'ACCEPT'
config include
option path '/etc/firewall.user'
config rule
option src 'wan'
option dest 'lan'
option proto 'esp'
option target 'ACCEPT'
config rule
option src 'wan'
option dest 'lan'
option dest_port '500'
option proto 'udp'
option target 'ACCEPT'
config forwarding
option dest 'lan'
option src 'wan'
config zone
option input 'ACCEPT'
option forward 'REJECT'
option output 'ACCEPT'
option name 'GuestLan'
option network 'guest_lan'
config forwarding
option dest 'wan'
option src 'GuestLan'
config forwarding
option dest 'GuestLan'
option src 'wan'
config zone
option name 'sip_lan'
option input 'ACCEPT'
option forward 'REJECT'
option output 'ACCEPT'
option network 'lan sip_lan'
config forwarding
option dest 'sip_lan'
option src 'lan'
config forwarding
option dest 'sip_lan'
option src 'wan'
config forwarding
option dest 'lan'
option src 'sip_lan'
config forwarding
option dest 'wan'
option src 'sip_lan'
Gruß
Saxenpower