[kwlug-disc] OpenWRT: DHCP/VLAN problems

Paul Nijjar paul_nijjar at yahoo.ca
Fri Aug 19 12:59:52 EDT 2011 

On Sat, Aug 13, 2011 at 05:28:28AM -0400, Paul Nijjar wrote:

I finally got something working, but not with Backfire. I had to drop
down to Kamikaze. 

One thing to note is that a stanza like


config 'switch_vlan' 'eth0_0'
        option 'device' 'eth0'
        option 'vlan' '2'
        option 'ports' '0 1 4t 5t'

is probably not right. For some reason it looks like OpenWRT wants
your vlan_switch name to match the vlan you are using, so to use VLAN
2 you want


config 'switch_vlan' 'eth0_2'
        option 'device' 'eth0'
        option 'vlan' '2'
        option 'ports' '0 1 4t 5t'

the "t" in 5t is assumed, so the following also works: 

 
config 'switch_vlan' 'eth0_2'
        option 'device' 'eth0'
        option 'vlan' '2'
        option 'ports' '0 1 4t 5'

I don't know why Backfire is broken. Given that my setup is so
specialized, I don't even know how to file a bug report in a coherent
way. 

I discovered that although traffic travelled to clients on the switch,
no traffic went through the switch itself. 

Probably I could simplify the setup and come up with something I could
report a bug on, but given that I have trashed one $70 router already
I am less than inclined to do so. 

- Paul


> 
> I have a Linksys WRT54GL running OpenWRT backfire. 
> 
> Here is what I want: 
> 
> 0. A trunk with two VLANs (tagged 2 and 3) going in on the "wan" port
>   (port 4 on the device). I think that is not yet relevant to
>   the problem, but setting up VLANs may be messing other things up. 
> 
> 1. Two different networks handled by the device: 
>   - The "WR" network consists of two of the LAN ports (0 and 1)
>   - The "66APT" network consists of the other two LAN ports (2 and 3) 
>     and the wireless device.
> 
> 2. No DHCP server running on the device. Both of the networks
> interfaces should have addresses, but they will get those addresses
> from someplace else (say coming in on the LAN ports). Assume that each
> of the WR and 66APT networks has exactly one wired connection which
> answers DHCP requests. 
> 
> 3. No firewalling or NAT. 
> 
> So basically I am looking for this device to be a smart switch that
> can offer wireless and handle VLANs, as opposed to a firewall or a
> router. 
> 
> I have been twiddling with configuration files, but I can't get the
> setup to work right. Even ignoring the trunking, I cannot get the LAN
> ports to accept DHCP requests. In the configuration below, the
> wireless (!) accepted DHCP requests and assigned the "66APT" interface
> an address accordingly, but neither the WR nor the 66APT LAN ports
> will accept DHCP, and I don't know why. 
> 
> HOWEVER, the LAN ports allow DHCP packets through just fine. If I hook
> up a laptop to one port and a cable from my DHCP server to the other
> LAN port in a group, then the laptop gets a DHCP address just fine.
> But the WRT54GL does not accept DHCP requests itself, and I am not
> sure why. I suspect I do not understand Linux bridging well at all.
> 
> 
> Here are some ways I twiddled the files: 
> - Clearing the firewall file entirely
> - Twiddling with making port 5 (the internal port connected to the
>   CPU) tagged or untagged
> - Twiddling with commenting out all references to VLAN tagging 
> 
> In the worst case I have to set static IP addresses and move on to the
> VLAN configuration (which is the point of this exercise) but I am
> getting frustrated that I don't even know why OpenWRT is behaving the
> way it is. Any thoughts?
> 
> 
> Here is my /etc/config/network file: 
> 
> =======================
> config 'switch' 'eth0'
>         option 'enable' '1'
> 
> config 'switch_vlan' 'eth0_0'
>         option 'device' 'eth0'
>         option 'vlan' '2'
>         option 'ports' '0 1 4t 5t'
> 
> config 'switch_vlan' 'eth0_1'
>         option 'device' 'eth0'
>         option 'vlan' '3'
>         option 'ports' '2 3 4t 5t'
> 
> config 'interface' 'loopback'
>         option 'ifname' 'lo'
>         option 'proto' 'static'
>         option 'ipaddr' '127.0.0.1'
>         option 'netmask' '255.0.0.0'
> 
> config 'interface' '66APT'
>         option 'type' 'bridge'
>         option 'ifname' 'eth0.0'
>         option 'proto' 'dhcp'
>         #option 'proto' 'static'
>         #option 'netmask' '255.255.255.0'
>         #option 'ipaddr' '172.26.98.2'
> 
> config 'interface' 'WR'
>         option 'ifname' 'eth0.1'
>         option 'proto' 'dhcp'
> 
> 
> =======================
> 
> Here is my /etc/config/wireless
> 
> =======================
> 
> 
> config 'wifi-device' 'wl0'
>         option 'type' 'broadcom'
>         option 'disabled' '0'
>         option 'channel' '11'
> 
> config 'wifi-iface'
>         option 'device' 'wl0'
>         option 'network' '66APT'
>         option 'mode' 'ap'
>         option 'ssid' 'mynetwork'
>         option 'encryption' 'psk'
>         option 'key' 'topsecret'
>         #option 'isolate' '1'
> 
> 
> =======================
> 
> Here is my /etc/config/dhcp file:
> 
> =======================
> config dnsmasq
>         option domainneeded     1
>         option boguspriv        1
>         option filterwin2k      '0'  #enable for dial on demand
>         option localise_queries 1
>         option local    '/lan/'
>         option domain   'lan'
>         option expandhosts      1
>         option nonegcache       0
>         option authoritative    1
>         option readethers       1
>         option leasefile        '/tmp/dhcp.leases'
>         option resolvfile       '/tmp/resolv.conf.auto'
>         #list server            '/mycompany.local/1.2.3.4'
>         #option nonwildcard     1
>         #list interface         br-66APT
>         #list notinterface      lo
> 
> config dhcp 66APT
>         option interface        66APT
>         option ignore   1
>         #option start   100
>         #option limit   150
>         #option leasetime       12h
> 
> config dhcp WR
>         option interface        WR
>         option ignore   1
> 
> =======================
> 
> Here is my /etc/config/firewall file (which I suspect might be useless
> since I did not rename interfaces in this file:
> 
> =======================
> config  option 'syn_flood' '1'
>         option 'input' 'ACCEPT'
>         option 'output' 'ACCEPT'
>         option 'forward' 'REJECT'
> 
> config 'zone'
>         option 'name' 'lan'
>         option 'input' 'ACCEPT'
>         option 'output' 'ACCEPT'
>         option 'forward' 'REJECT'
> 
> config 'zone'
>         option 'name' 'wan'
>         option 'input' 'REJECT'
>         option 'output' 'ACCEPT'
>         option 'forward' 'REJECT'
>         option 'masq' '1'
>         option 'mtu_fix' '1'
> 
> config 'forwarding'
>         option 'src' 'lan'
>         option 'dest' 'wan'
>         option 'mtu_fix' '0'
> 
> config 'rule'
>         option 'src' 'wan'
>         option 'proto' 'udp'
>         option 'dest_port' '68'
>         option 'target' 'ACCEPT'
> 
> config 'rule'
>         option 'src' 'wan'
>         option 'proto' 'icmp'
>         option 'icmp_type' 'echo-request'
>         option 'target' 'ACCEPT'
> 
> config 'include'
>         option 'path' '/etc/firewall.user'
> 
> ======================
> 
> - Paul
> 
> -- 
> http://pnijjar.freeshell.org 
> 
> _______________________________________________
> kwlug-disc mailing list
> kwlug-disc at kwlug.org
> http://kwlug.org/mailman/listinfo/kwlug-disc_kwlug.org

-- 
http://pnijjar.freeshell.org

More information about the kwlug-disc mailing list