[kwlug-disc] OpenWRT: DHCP/VLAN problems
Paul Nijjar
paul_nijjar at yahoo.ca
Fri Aug 19 12:59:52 EDT 2011
On Sat, Aug 13, 2011 at 05:28:28AM -0400, Paul Nijjar wrote:
I finally got something working, but not with Backfire. I had to drop
down to Kamikaze.
One thing to note is that a stanza like
config 'switch_vlan' 'eth0_0'
option 'device' 'eth0'
option 'vlan' '2'
option 'ports' '0 1 4t 5t'
is probably not right. For some reason it looks like OpenWRT wants
your vlan_switch name to match the vlan you are using, so to use VLAN
2 you want
config 'switch_vlan' 'eth0_2'
option 'device' 'eth0'
option 'vlan' '2'
option 'ports' '0 1 4t 5t'
the "t" in 5t is assumed, so the following also works:
config 'switch_vlan' 'eth0_2'
option 'device' 'eth0'
option 'vlan' '2'
option 'ports' '0 1 4t 5'
I don't know why Backfire is broken. Given that my setup is so
specialized, I don't even know how to file a bug report in a coherent
way.
I discovered that although traffic travelled to clients on the switch,
no traffic went through the switch itself.
Probably I could simplify the setup and come up with something I could
report a bug on, but given that I have trashed one $70 router already
I am less than inclined to do so.
- Paul
>
> I have a Linksys WRT54GL running OpenWRT backfire.
>
> Here is what I want:
>
> 0. A trunk with two VLANs (tagged 2 and 3) going in on the "wan" port
> (port 4 on the device). I think that is not yet relevant to
> the problem, but setting up VLANs may be messing other things up.
>
> 1. Two different networks handled by the device:
> - The "WR" network consists of two of the LAN ports (0 and 1)
> - The "66APT" network consists of the other two LAN ports (2 and 3)
> and the wireless device.
>
> 2. No DHCP server running on the device. Both of the networks
> interfaces should have addresses, but they will get those addresses
> from someplace else (say coming in on the LAN ports). Assume that each
> of the WR and 66APT networks has exactly one wired connection which
> answers DHCP requests.
>
> 3. No firewalling or NAT.
>
> So basically I am looking for this device to be a smart switch that
> can offer wireless and handle VLANs, as opposed to a firewall or a
> router.
>
> I have been twiddling with configuration files, but I can't get the
> setup to work right. Even ignoring the trunking, I cannot get the LAN
> ports to accept DHCP requests. In the configuration below, the
> wireless (!) accepted DHCP requests and assigned the "66APT" interface
> an address accordingly, but neither the WR nor the 66APT LAN ports
> will accept DHCP, and I don't know why.
>
> HOWEVER, the LAN ports allow DHCP packets through just fine. If I hook
> up a laptop to one port and a cable from my DHCP server to the other
> LAN port in a group, then the laptop gets a DHCP address just fine.
> But the WRT54GL does not accept DHCP requests itself, and I am not
> sure why. I suspect I do not understand Linux bridging well at all.
>
>
> Here are some ways I twiddled the files:
> - Clearing the firewall file entirely
> - Twiddling with making port 5 (the internal port connected to the
> CPU) tagged or untagged
> - Twiddling with commenting out all references to VLAN tagging
>
> In the worst case I have to set static IP addresses and move on to the
> VLAN configuration (which is the point of this exercise) but I am
> getting frustrated that I don't even know why OpenWRT is behaving the
> way it is. Any thoughts?
>
>
> Here is my /etc/config/network file:
>
> =======================
> config 'switch' 'eth0'
> option 'enable' '1'
>
> config 'switch_vlan' 'eth0_0'
> option 'device' 'eth0'
> option 'vlan' '2'
> option 'ports' '0 1 4t 5t'
>
> config 'switch_vlan' 'eth0_1'
> option 'device' 'eth0'
> option 'vlan' '3'
> option 'ports' '2 3 4t 5t'
>
> config 'interface' 'loopback'
> option 'ifname' 'lo'
> option 'proto' 'static'
> option 'ipaddr' '127.0.0.1'
> option 'netmask' '255.0.0.0'
>
> config 'interface' '66APT'
> option 'type' 'bridge'
> option 'ifname' 'eth0.0'
> option 'proto' 'dhcp'
> #option 'proto' 'static'
> #option 'netmask' '255.255.255.0'
> #option 'ipaddr' '172.26.98.2'
>
> config 'interface' 'WR'
> option 'ifname' 'eth0.1'
> option 'proto' 'dhcp'
>
>
> =======================
>
> Here is my /etc/config/wireless
>
> =======================
>
>
> config 'wifi-device' 'wl0'
> option 'type' 'broadcom'
> option 'disabled' '0'
> option 'channel' '11'
>
> config 'wifi-iface'
> option 'device' 'wl0'
> option 'network' '66APT'
> option 'mode' 'ap'
> option 'ssid' 'mynetwork'
> option 'encryption' 'psk'
> option 'key' 'topsecret'
> #option 'isolate' '1'
>
>
> =======================
>
> Here is my /etc/config/dhcp file:
>
> =======================
> config dnsmasq
> option domainneeded 1
> option boguspriv 1
> option filterwin2k '0' #enable for dial on demand
> option localise_queries 1
> option local '/lan/'
> option domain 'lan'
> option expandhosts 1
> option nonegcache 0
> option authoritative 1
> option readethers 1
> option leasefile '/tmp/dhcp.leases'
> option resolvfile '/tmp/resolv.conf.auto'
> #list server '/mycompany.local/1.2.3.4'
> #option nonwildcard 1
> #list interface br-66APT
> #list notinterface lo
>
> config dhcp 66APT
> option interface 66APT
> option ignore 1
> #option start 100
> #option limit 150
> #option leasetime 12h
>
> config dhcp WR
> option interface WR
> option ignore 1
>
> =======================
>
> Here is my /etc/config/firewall file (which I suspect might be useless
> since I did not rename interfaces in this file:
>
> =======================
> config option 'syn_flood' '1'
> option 'input' 'ACCEPT'
> option 'output' 'ACCEPT'
> option 'forward' 'REJECT'
>
> config 'zone'
> option 'name' 'lan'
> option 'input' 'ACCEPT'
> option 'output' 'ACCEPT'
> option 'forward' 'REJECT'
>
> config 'zone'
> option 'name' 'wan'
> option 'input' 'REJECT'
> option 'output' 'ACCEPT'
> option 'forward' 'REJECT'
> option 'masq' '1'
> option 'mtu_fix' '1'
>
> config 'forwarding'
> option 'src' 'lan'
> option 'dest' 'wan'
> option 'mtu_fix' '0'
>
> config 'rule'
> option 'src' 'wan'
> option 'proto' 'udp'
> option 'dest_port' '68'
> option 'target' 'ACCEPT'
>
> config 'rule'
> option 'src' 'wan'
> option 'proto' 'icmp'
> option 'icmp_type' 'echo-request'
> option 'target' 'ACCEPT'
>
> config 'include'
> option 'path' '/etc/firewall.user'
>
> ======================
>
> - Paul
>
> --
> http://pnijjar.freeshell.org
>
> _______________________________________________
> kwlug-disc mailing list
> kwlug-disc at kwlug.org
> http://kwlug.org/mailman/listinfo/kwlug-disc_kwlug.org
--
http://pnijjar.freeshell.org
More information about the kwlug-disc
mailing list