[kwlug-disc] OpenWRT: DHCP/VLAN problems

Paul Nijjar paul_nijjar at yahoo.ca
Sat Aug 13 05:28:28 EDT 2011 

I have a Linksys WRT54GL running OpenWRT backfire. 

Here is what I want: 

0. A trunk with two VLANs (tagged 2 and 3) going in on the "wan" port
  (port 4 on the device). I think that is not yet relevant to
  the problem, but setting up VLANs may be messing other things up. 

1. Two different networks handled by the device: 
  - The "WR" network consists of two of the LAN ports (0 and 1)
  - The "66APT" network consists of the other two LAN ports (2 and 3) 
    and the wireless device.

2. No DHCP server running on the device. Both of the networks
interfaces should have addresses, but they will get those addresses
from someplace else (say coming in on the LAN ports). Assume that each
of the WR and 66APT networks has exactly one wired connection which
answers DHCP requests. 

3. No firewalling or NAT. 

So basically I am looking for this device to be a smart switch that
can offer wireless and handle VLANs, as opposed to a firewall or a
router. 

I have been twiddling with configuration files, but I can't get the
setup to work right. Even ignoring the trunking, I cannot get the LAN
ports to accept DHCP requests. In the configuration below, the
wireless (!) accepted DHCP requests and assigned the "66APT" interface
an address accordingly, but neither the WR nor the 66APT LAN ports
will accept DHCP, and I don't know why. 

HOWEVER, the LAN ports allow DHCP packets through just fine. If I hook
up a laptop to one port and a cable from my DHCP server to the other
LAN port in a group, then the laptop gets a DHCP address just fine.
But the WRT54GL does not accept DHCP requests itself, and I am not
sure why. I suspect I do not understand Linux bridging well at all.


Here are some ways I twiddled the files: 
- Clearing the firewall file entirely
- Twiddling with making port 5 (the internal port connected to the
  CPU) tagged or untagged
- Twiddling with commenting out all references to VLAN tagging 

In the worst case I have to set static IP addresses and move on to the
VLAN configuration (which is the point of this exercise) but I am
getting frustrated that I don't even know why OpenWRT is behaving the
way it is. Any thoughts?


Here is my /etc/config/network file: 

=======================
config 'switch' 'eth0'
        option 'enable' '1'

config 'switch_vlan' 'eth0_0'
        option 'device' 'eth0'
        option 'vlan' '2'
        option 'ports' '0 1 4t 5t'

config 'switch_vlan' 'eth0_1'
        option 'device' 'eth0'
        option 'vlan' '3'
        option 'ports' '2 3 4t 5t'

config 'interface' 'loopback'
        option 'ifname' 'lo'
        option 'proto' 'static'
        option 'ipaddr' '127.0.0.1'
        option 'netmask' '255.0.0.0'

config 'interface' '66APT'
        option 'type' 'bridge'
        option 'ifname' 'eth0.0'
        option 'proto' 'dhcp'
        #option 'proto' 'static'
        #option 'netmask' '255.255.255.0'
        #option 'ipaddr' '172.26.98.2'

config 'interface' 'WR'
        option 'ifname' 'eth0.1'
        option 'proto' 'dhcp'


=======================

Here is my /etc/config/wireless

=======================


config 'wifi-device' 'wl0'
        option 'type' 'broadcom'
        option 'disabled' '0'
        option 'channel' '11'

config 'wifi-iface'
        option 'device' 'wl0'
        option 'network' '66APT'
        option 'mode' 'ap'
        option 'ssid' 'mynetwork'
        option 'encryption' 'psk'
        option 'key' 'topsecret'
        #option 'isolate' '1'


=======================

Here is my /etc/config/dhcp file:

=======================
config dnsmasq
        option domainneeded     1
        option boguspriv        1
        option filterwin2k      '0'  #enable for dial on demand
        option localise_queries 1
        option local    '/lan/'
        option domain   'lan'
        option expandhosts      1
        option nonegcache       0
        option authoritative    1
        option readethers       1
        option leasefile        '/tmp/dhcp.leases'
        option resolvfile       '/tmp/resolv.conf.auto'
        #list server            '/mycompany.local/1.2.3.4'
        #option nonwildcard     1
        #list interface         br-66APT
        #list notinterface      lo

config dhcp 66APT
        option interface        66APT
        option ignore   1
        #option start   100
        #option limit   150
        #option leasetime       12h

config dhcp WR
        option interface        WR
        option ignore   1

=======================

Here is my /etc/config/firewall file (which I suspect might be useless
since I did not rename interfaces in this file:

=======================
config  option 'syn_flood' '1'
        option 'input' 'ACCEPT'
        option 'output' 'ACCEPT'
        option 'forward' 'REJECT'

config 'zone'
        option 'name' 'lan'
        option 'input' 'ACCEPT'
        option 'output' 'ACCEPT'
        option 'forward' 'REJECT'

config 'zone'
        option 'name' 'wan'
        option 'input' 'REJECT'
        option 'output' 'ACCEPT'
        option 'forward' 'REJECT'
        option 'masq' '1'
        option 'mtu_fix' '1'

config 'forwarding'
        option 'src' 'lan'
        option 'dest' 'wan'
        option 'mtu_fix' '0'

config 'rule'
        option 'src' 'wan'
        option 'proto' 'udp'
        option 'dest_port' '68'
        option 'target' 'ACCEPT'

config 'rule'
        option 'src' 'wan'
        option 'proto' 'icmp'
        option 'icmp_type' 'echo-request'
        option 'target' 'ACCEPT'

config 'include'
        option 'path' '/etc/firewall.user'

======================

- Paul

-- 
http://pnijjar.freeshell.org

More information about the kwlug-disc mailing list