• Zarejestrowany: 2015-07-16
  • Posty: 346

Temat: EasyBOX 802/ARV752DPW separacja VLAN?

Witam

Mam pytanie odnośnie w/w sprzętu.

Utworzyłem 2 VLANy, każdy z własną strefą firewalla, 1 VLAN podsieć 192.168.0.1 2 VLAN podsieć 192.168.10.1/ W konfiguracji Switcha dla 1 VLANa przydzieliłem 2 porty dla 2 VLANa 1 port. W jakis sposób utworzyć separacje miedzy nimi?
Na te chwile oba VLANy widzą siebie nawzajem co troche wyklucza funkcjonalność VLAN.

Całą konfiguracje wykonałem przez luci jeśli trzeba coś dopisać przez ssh prosiłbym o pomoc.

Pozdrawiam

Zyxel T56 /|\ TL Wdr3600 /|\ TL wdr4300 /|\ MiR 3g /|\ ubi Rocket, nb, pb, ns, loco /|\ Netgear R6220 /|\ xiaomi AC2350 /|\ TL c6 v3 /|\ TL 1043 v1 v2 v4 /|\ dn2800mt , N100 /|\  TL DS-P-7001-04/08 /|\ TL SX3016F i kupa innego sprzętu

2 Odpowiedź przez Cezary

  • Skąd: Warszawa
  • Zarejestrowany: 2006-02-25
  • Posty: 116,060

Odp: EasyBOX 802/ARV752DPW separacja VLAN?

uci show network
uci show firewall

pokaż.

Masz niepotrzebny router, uszkodzony czy nie - chętnie przygarnę go.

Cezary's Strona

3 Odpowiedź przez batorencjusz (edytowany przez batorencjusz 2017-05-26 10:09:15)

  • Zarejestrowany: 2015-07-16
  • Posty: 346

Odp: EasyBOX 802/ARV752DPW separacja VLAN?

uci show network

network.loopback=interface
network.loopback.ifname='lo'
network.loopback.proto='static'
network.loopback.ipaddr='127.0.0.1'
network.loopback.netmask='255.0.0.0'
network.globals=globals
network.globals.ula_prefix='fde8:0272:bc53::/48'
network.lan=interface
network.lan.force_link='1'
network.lan.type='bridge'
network.lan.proto='static'
network.lan.netmask='255.255.255.0'
network.lan.ip6assign='60'
network.lan.ipaddr='192.168.2.1'
network.lan._orig_ifname='eth0.1 wlan0'
network.lan._orig_bridge='true'
network.lan.ifname='eth0.2'
network.@switch[0]=switch
network.@switch[0].name='switch0'
network.@switch[0].reset='1'
network.@switch[0].enable_vlan='1'
network.@switch_vlan[0]=switch_vlan
network.@switch_vlan[0].device='switch0'
network.@switch_vlan[0].vlan='1'
network.@switch_vlan[0].ports='4 5t'
network.@switch_vlan[0].vid='1'
network.@switch_vlan[1]=switch_vlan
network.@switch_vlan[1].device='switch0'
network.@switch_vlan[1].vlan='2'
network.@switch_vlan[1].ports='1 2 5t'
network.@switch_vlan[1].vid='2'
network.wan=interface
network.wan.proto='dhcp'
network.wan.dns='8.8.8.8 8.8.4.4'
network.wan.peerdns='0'
network.wan._orig_ifname='eth0.2'
network.wan._orig_bridge='false'
network.wan.ifname='eth0.1'
network.modem=interface
network.modem.proto='dhcp'
network.modem.ifname='usb0'
network.@switch_vlan[2]=switch_vlan
network.@switch_vlan[2].device='switch0'
network.@switch_vlan[2].vlan='3'
network.@switch_vlan[2].vid='3'
network.@switch_vlan[2].ports='3 5t'
network.Guest=interface
network.Guest.proto='static'
network.Guest.ifname='eth0.3'
network.Guest.ipaddr='192.168.10.1'
network.Guest.netmask='255.255.255.0'
network.Guest.dns='8.8.8.8 194.204.152.34'

uci show firewall 

firewall.@defaults[0]=defaults
firewall.@defaults[0].syn_flood='1'
firewall.@defaults[0].input='ACCEPT'
firewall.@defaults[0].output='ACCEPT'
firewall.@defaults[0].forward='DROP'
firewall.@zone[0]=zone
firewall.@zone[0].name='lan'
firewall.@zone[0].input='ACCEPT'
firewall.@zone[0].output='ACCEPT'
firewall.@zone[0].network='lan'
firewall.@zone[0].forward='DROP'
firewall.@zone[1]=zone
firewall.@zone[1].name='wan'
firewall.@zone[1].input='REJECT'
firewall.@zone[1].output='ACCEPT'
firewall.@zone[1].masq='1'
firewall.@zone[1].mtu_fix='1'
firewall.@zone[1].network='wan wan6 modem'
firewall.@zone[1].forward='DROP'
firewall.@rule[0]=rule
firewall.@rule[0].name='Allow-DHCP-Renew'
firewall.@rule[0].src='wan'
firewall.@rule[0].proto='udp'
firewall.@rule[0].dest_port='68'
firewall.@rule[0].target='ACCEPT'
firewall.@rule[0].family='ipv4'
firewall.@rule[1]=rule
firewall.@rule[1].name='Allow-Ping'
firewall.@rule[1].src='wan'
firewall.@rule[1].proto='icmp'
firewall.@rule[1].icmp_type='echo-request'
firewall.@rule[1].family='ipv4'
firewall.@rule[1].target='ACCEPT'
firewall.@rule[2]=rule
firewall.@rule[2].name='Allow-IGMP'
firewall.@rule[2].src='wan'
firewall.@rule[2].proto='igmp'
firewall.@rule[2].family='ipv4'
firewall.@rule[2].target='ACCEPT'
firewall.@rule[3]=rule
firewall.@rule[3].name='Allow-DHCPv6'
firewall.@rule[3].src='wan'
firewall.@rule[3].proto='udp'
firewall.@rule[3].src_ip='fe80::/10'
firewall.@rule[3].src_port='547'
firewall.@rule[3].dest_ip='fe80::/10'
firewall.@rule[3].dest_port='546'
firewall.@rule[3].family='ipv6'
firewall.@rule[3].target='ACCEPT'
firewall.@rule[4]=rule
firewall.@rule[4].name='Allow-MLD'
firewall.@rule[4].src='wan'
firewall.@rule[4].proto='icmp'
firewall.@rule[4].src_ip='fe80::/10'
firewall.@rule[4].icmp_type='130/0' '131/0' '132/0' '143/0'
firewall.@rule[4].family='ipv6'
firewall.@rule[4].target='ACCEPT'
firewall.@rule[5]=rule
firewall.@rule[5].name='Allow-ICMPv6-Input'
firewall.@rule[5].src='wan'
firewall.@rule[5].proto='icmp'
firewall.@rule[5].icmp_type='echo-request' 'echo-reply' 'destination-unreachable' 'packet-too-big' 'time-exceeded' 'bad-header' 'unknown-header-type' 'router-solicitation' 'neighbour-solicitation' 'router-advertisement' 'neighbour-advertisement'
firewall.@rule[5].limit='1000/sec'
firewall.@rule[5].family='ipv6'
firewall.@rule[5].target='ACCEPT'
firewall.@rule[6]=rule
firewall.@rule[6].name='Allow-ICMPv6-Forward'
firewall.@rule[6].src='wan'
firewall.@rule[6].dest='*'
firewall.@rule[6].proto='icmp'
firewall.@rule[6].icmp_type='echo-request' 'echo-reply' 'destination-unreachable' 'packet-too-big' 'time-exceeded' 'bad-header' 'unknown-header-type'
firewall.@rule[6].limit='1000/sec'
firewall.@rule[6].family='ipv6'
firewall.@rule[6].target='ACCEPT'
firewall.@include[0]=include
firewall.@include[0].path='/etc/firewall.user'
firewall.@rule[7]=rule
firewall.@rule[7].src='wan'
firewall.@rule[7].dest='lan'
firewall.@rule[7].proto='esp'
firewall.@rule[7].target='ACCEPT'
firewall.@rule[8]=rule
firewall.@rule[8].src='wan'
firewall.@rule[8].dest='lan'
firewall.@rule[8].dest_port='500'
firewall.@rule[8].proto='udp'
firewall.@rule[8].target='ACCEPT'
firewall.@zone[2]=zone
firewall.@zone[2].input='ACCEPT'
firewall.@zone[2].output='ACCEPT'
firewall.@zone[2].name='VLAN'
firewall.@zone[2].network='VLAN Guest'
firewall.@zone[2].forward='DROP'
firewall.@forwarding[0]=forwarding
firewall.@forwarding[0].dest='wan'
firewall.@forwarding[0].src='VLAN'
firewall.@forwarding[1]=forwarding
firewall.@forwarding[1].dest='wan'
firewall.@forwarding[1].src='lan'
Zyxel T56 /|\ TL Wdr3600 /|\ TL wdr4300 /|\ MiR 3g /|\ ubi Rocket, nb, pb, ns, loco /|\ Netgear R6220 /|\ xiaomi AC2350 /|\ TL c6 v3 /|\ TL 1043 v1 v2 v4 /|\ dn2800mt , N100 /|\  TL DS-P-7001-04/08 /|\ TL SX3016F i kupa innego sprzętu

4 Odpowiedź przez Cezary

  • Skąd: Warszawa
  • Zarejestrowany: 2006-02-25
  • Posty: 116,060

Odp: EasyBOX 802/ARV752DPW separacja VLAN?

Masz sekcję "Guest" a w firewallu podałeś firewall.@zone[2].network='VLAN Guest'. Zmień to na firewall.@zone[2].network='Guest'

Masz niepotrzebny router, uszkodzony czy nie - chętnie przygarnę go.

Cezary's Strona

5 Odpowiedź przez batorencjusz

  • Zarejestrowany: 2015-07-16
  • Posty: 346

Odp: EasyBOX 802/ARV752DPW separacja VLAN?

uci show firewall 

firewall.@defaults[0]=defaults
firewall.@defaults[0].syn_flood='1'
firewall.@defaults[0].input='ACCEPT'
firewall.@defaults[0].output='ACCEPT'
firewall.@defaults[0].forward='REJECT'
firewall.@zone[0]=zone
firewall.@zone[0].name='lan'
firewall.@zone[0].input='ACCEPT'
firewall.@zone[0].output='ACCEPT'
firewall.@zone[0].forward='ACCEPT'
firewall.@zone[0].network='lan'
firewall.@zone[1]=zone
firewall.@zone[1].name='wan'
firewall.@zone[1].input='REJECT'
firewall.@zone[1].output='ACCEPT'
firewall.@zone[1].forward='REJECT'
firewall.@zone[1].masq='1'
firewall.@zone[1].mtu_fix='1'
firewall.@zone[1].network='wan wan6 modem'
firewall.@forwarding[0]=forwarding
firewall.@forwarding[0].src='lan'
firewall.@forwarding[0].dest='wan'
firewall.@rule[0]=rule
firewall.@rule[0].name='Allow-DHCP-Renew'
firewall.@rule[0].src='wan'
firewall.@rule[0].proto='udp'
firewall.@rule[0].dest_port='68'
firewall.@rule[0].target='ACCEPT'
firewall.@rule[0].family='ipv4'
firewall.@rule[1]=rule
firewall.@rule[1].name='Allow-Ping'
firewall.@rule[1].src='wan'
firewall.@rule[1].proto='icmp'
firewall.@rule[1].icmp_type='echo-request'
firewall.@rule[1].family='ipv4'
firewall.@rule[1].target='ACCEPT'
firewall.@rule[2]=rule
firewall.@rule[2].name='Allow-IGMP'
firewall.@rule[2].src='wan'
firewall.@rule[2].proto='igmp'
firewall.@rule[2].family='ipv4'
firewall.@rule[2].target='ACCEPT'
firewall.@rule[3]=rule
firewall.@rule[3].name='Allow-DHCPv6'
firewall.@rule[3].src='wan'
firewall.@rule[3].proto='udp'
firewall.@rule[3].src_ip='fe80::/10'
firewall.@rule[3].src_port='547'
firewall.@rule[3].dest_ip='fe80::/10'
firewall.@rule[3].dest_port='546'
firewall.@rule[3].family='ipv6'
firewall.@rule[3].target='ACCEPT'
firewall.@rule[4]=rule
firewall.@rule[4].name='Allow-MLD'
firewall.@rule[4].src='wan'
firewall.@rule[4].proto='icmp'
firewall.@rule[4].src_ip='fe80::/10'
firewall.@rule[4].icmp_type='130/0' '131/0' '132/0' '143/0'
firewall.@rule[4].family='ipv6'
firewall.@rule[4].target='ACCEPT'
firewall.@rule[5]=rule
firewall.@rule[5].name='Allow-ICMPv6-Input'
firewall.@rule[5].src='wan'
firewall.@rule[5].proto='icmp'
firewall.@rule[5].icmp_type='echo-request' 'echo-reply' 'destination-unreachable' 'packet-too-big' 'time-exceeded' 'bad-header' 'unknown-header-type' 'router-solicitation' 'neighbour-solicitation' 'router-advertisement' 'neighbour-advertisement'
firewall.@rule[5].limit='1000/sec'
firewall.@rule[5].family='ipv6'
firewall.@rule[5].target='ACCEPT'
firewall.@rule[6]=rule
firewall.@rule[6].name='Allow-ICMPv6-Forward'
firewall.@rule[6].src='wan'
firewall.@rule[6].dest='*'
firewall.@rule[6].proto='icmp'
firewall.@rule[6].icmp_type='echo-request' 'echo-reply' 'destination-unreachable' 'packet-too-big' 'time-exceeded' 'bad-header' 'unknown-header-type'
firewall.@rule[6].limit='1000/sec'
firewall.@rule[6].family='ipv6'
firewall.@rule[6].target='ACCEPT'
firewall.@include[0]=include
firewall.@include[0].path='/etc/firewall.user'
firewall.@rule[7]=rule
firewall.@rule[7].src='wan'
firewall.@rule[7].dest='lan'
firewall.@rule[7].proto='esp'
firewall.@rule[7].target='ACCEPT'
firewall.@rule[8]=rule
firewall.@rule[8].src='wan'
firewall.@rule[8].dest='lan'
firewall.@rule[8].dest_port='500'
firewall.@rule[8].proto='udp'
firewall.@rule[8].target='ACCEPT'
firewall.@zone[2]=zone
firewall.@zone[2].name='vlan'
firewall.@zone[2].input='ACCEPT'
firewall.@zone[2].forward='REJECT'
firewall.@zone[2].output='ACCEPT'
firewall.@zone[2].network='guest'
firewall.@forwarding[1]=forwarding
firewall.@forwarding[1].dest='wan'
firewall.@forwarding[1].src='vlan'

LAN widzi Guest i podsieć w WAN
Guest widzi LAN i podsieć w WAN

Zyxel T56 /|\ TL Wdr3600 /|\ TL wdr4300 /|\ MiR 3g /|\ ubi Rocket, nb, pb, ns, loco /|\ Netgear R6220 /|\ xiaomi AC2350 /|\ TL c6 v3 /|\ TL 1043 v1 v2 v4 /|\ dn2800mt , N100 /|\  TL DS-P-7001-04/08 /|\ TL SX3016F i kupa innego sprzętu

6 Odpowiedź przez Cezary

  • Skąd: Warszawa
  • Zarejestrowany: 2006-02-25
  • Posty: 116,060

Odp: EasyBOX 802/ARV752DPW separacja VLAN?

Guest nie guest

Masz niepotrzebny router, uszkodzony czy nie - chętnie przygarnę go.

Cezary's Strona

7 Odpowiedź przez batorencjusz (edytowany przez batorencjusz 2017-05-26 11:48:21)

  • Zarejestrowany: 2015-07-16
  • Posty: 346

Odp: EasyBOX 802/ARV752DPW separacja VLAN?

ze wzgledu na to że nie działa tak jak powinno utworzyłem konfiguracje na nowo dlatego guest nie Guest . wszystko małymi żeby wykluczyc literówki
zatem:
uci show network:

network.loopback=interface
network.loopback.ifname='lo'
network.loopback.proto='static'
network.loopback.ipaddr='127.0.0.1'
network.loopback.netmask='255.0.0.0'
network.globals=globals
network.globals.ula_prefix='fdc8:3f78:d552::/48'
network.lan=interface
network.lan.force_link='1'
network.lan.type='bridge'
network.lan.proto='static'
network.lan.netmask='255.255.255.0'
network.lan.ip6assign='60'
network.lan.ipaddr='192.168.2.1'
network.lan._orig_ifname='eth0.1 wlan0'
network.lan._orig_bridge='true'
network.lan.ifname='eth0.2'
network.@switch[0]=switch
network.@switch[0].name='switch0'
network.@switch[0].reset='1'
network.@switch[0].enable_vlan='1'
network.@switch_vlan[0]=switch_vlan
network.@switch_vlan[0].device='switch0'
network.@switch_vlan[0].vlan='1'
network.@switch_vlan[0].vid='1'
network.@switch_vlan[0].ports='4 5t'
network.@switch_vlan[1]=switch_vlan
network.@switch_vlan[1].device='switch0'
network.@switch_vlan[1].vlan='2'
network.@switch_vlan[1].vid='2'
network.@switch_vlan[1].ports='1 2 5t'
network.wan=interface
network.wan.proto='dhcp'
network.wan.dns='8.8.8.8 8.8.4.4'
network.wan.peerdns='0'
network.wan._orig_ifname='eth0.2'
network.wan._orig_bridge='false'
network.wan.ifname='eth0.1'
network.modem=interface
network.modem.proto='dhcp'
network.modem.ifname='usb0'
network.@switch_vlan[2]=switch_vlan
network.@switch_vlan[2].device='switch0'
network.@switch_vlan[2].vlan='3'
network.@switch_vlan[2].vid='3'
network.@switch_vlan[2].ports='3 5t'
network.guest=interface
network.guest.proto='static'
network.guest.ifname='eth0.3'
network.guest.ipaddr='192.168.10.1'
network.guest.netmask='255.255.255.0'
network.guest.dns='194.204.152.34 8.8.8.8'

uci show firewall

firewall.@defaults[0]=defaults
firewall.@defaults[0].syn_flood='1'
firewall.@defaults[0].input='ACCEPT'
firewall.@defaults[0].output='ACCEPT'
firewall.@defaults[0].forward='REJECT'
firewall.@zone[0]=zone
firewall.@zone[0].name='lan'
firewall.@zone[0].input='ACCEPT'
firewall.@zone[0].output='ACCEPT'
firewall.@zone[0].network='lan'
firewall.@zone[0].forward='REJECT'
firewall.@zone[1]=zone
firewall.@zone[1].name='wan'
firewall.@zone[1].input='REJECT'
firewall.@zone[1].output='ACCEPT'
firewall.@zone[1].forward='REJECT'
firewall.@zone[1].masq='1'
firewall.@zone[1].mtu_fix='1'
firewall.@zone[1].network='wan wan6 modem'
firewall.@forwarding[0]=forwarding
firewall.@forwarding[0].src='lan'
firewall.@forwarding[0].dest='wan'
firewall.@rule[0]=rule
firewall.@rule[0].name='Allow-DHCP-Renew'
firewall.@rule[0].src='wan'
firewall.@rule[0].proto='udp'
firewall.@rule[0].dest_port='68'
firewall.@rule[0].target='ACCEPT'
firewall.@rule[0].family='ipv4'
firewall.@rule[1]=rule
firewall.@rule[1].name='Allow-Ping'
firewall.@rule[1].src='wan'
firewall.@rule[1].proto='icmp'
firewall.@rule[1].icmp_type='echo-request'
firewall.@rule[1].family='ipv4'
firewall.@rule[1].target='ACCEPT'
firewall.@rule[2]=rule
firewall.@rule[2].name='Allow-IGMP'
firewall.@rule[2].src='wan'
firewall.@rule[2].proto='igmp'
firewall.@rule[2].family='ipv4'
firewall.@rule[2].target='ACCEPT'
firewall.@rule[3]=rule
firewall.@rule[3].name='Allow-DHCPv6'
firewall.@rule[3].src='wan'
firewall.@rule[3].proto='udp'
firewall.@rule[3].src_ip='fe80::/10'
firewall.@rule[3].src_port='547'
firewall.@rule[3].dest_ip='fe80::/10'
firewall.@rule[3].dest_port='546'
firewall.@rule[3].family='ipv6'
firewall.@rule[3].target='ACCEPT'
firewall.@rule[4]=rule
firewall.@rule[4].name='Allow-MLD'
firewall.@rule[4].src='wan'
firewall.@rule[4].proto='icmp'
firewall.@rule[4].src_ip='fe80::/10'
firewall.@rule[4].icmp_type='130/0' '131/0' '132/0' '143/0'
firewall.@rule[4].family='ipv6'
firewall.@rule[4].target='ACCEPT'
firewall.@rule[5]=rule
firewall.@rule[5].name='Allow-ICMPv6-Input'
firewall.@rule[5].src='wan'
firewall.@rule[5].proto='icmp'
firewall.@rule[5].icmp_type='echo-request' 'echo-reply' 'destination-unreachable' 'packet-too-big' 'time-exceeded' 'bad-header' 'unknown-header-type' 'router-solicitation' 'neighbour-solicitation' 'router-advertisement' 'neighbour-advertisement'
firewall.@rule[5].limit='1000/sec'
firewall.@rule[5].family='ipv6'
firewall.@rule[5].target='ACCEPT'
firewall.@rule[6]=rule
firewall.@rule[6].name='Allow-ICMPv6-Forward'
firewall.@rule[6].src='wan'
firewall.@rule[6].dest='*'
firewall.@rule[6].proto='icmp'
firewall.@rule[6].icmp_type='echo-request' 'echo-reply' 'destination-unreachable' 'packet-too-big' 'time-exceeded' 'bad-header' 'unknown-header-type'
firewall.@rule[6].limit='1000/sec'
firewall.@rule[6].family='ipv6'
firewall.@rule[6].target='ACCEPT'
firewall.@include[0]=include
firewall.@include[0].path='/etc/firewall.user'
firewall.@rule[7]=rule
firewall.@rule[7].src='wan'
firewall.@rule[7].dest='lan'
firewall.@rule[7].proto='esp'
firewall.@rule[7].target='ACCEPT'
firewall.@rule[8]=rule
firewall.@rule[8].src='wan'
firewall.@rule[8].dest='lan'
firewall.@rule[8].dest_port='500'
firewall.@rule[8].proto='udp'
firewall.@rule[8].target='ACCEPT'
firewall.@zone[2]=zone
firewall.@zone[2].name='vlan'
firewall.@zone[2].input='ACCEPT'
firewall.@zone[2].forward='REJECT'
firewall.@zone[2].output='ACCEPT'
firewall.@zone[2].network='guest'
firewall.@forwarding[1]=forwarding
firewall.@forwarding[1].dest='wan'
firewall.@forwarding[1].src='vlan'

lan widzi podsieć wan i guest
guest widzi podsiec wan i lan

probowałem też zgodnie ze strona:
https://wiki.openwrt.org/doc/recipes/guest-wlan
zrobic punkt 4c
ale wtedy lan widzi guest i wan
guest nie widzi nawet samego siebie

uci show firewall

firewall.@defaults[0]=defaults
firewall.@defaults[0].syn_flood='1'
firewall.@defaults[0].input='ACCEPT'
firewall.@defaults[0].output='ACCEPT'
firewall.@defaults[0].forward='REJECT'
firewall.@zone[0]=zone
firewall.@zone[0].name='lan'
firewall.@zone[0].input='ACCEPT'
firewall.@zone[0].output='ACCEPT'
firewall.@zone[0].network='lan'
firewall.@zone[0].forward='REJECT'
firewall.@zone[1]=zone
firewall.@zone[1].name='wan'
firewall.@zone[1].input='REJECT'
firewall.@zone[1].output='ACCEPT'
firewall.@zone[1].forward='REJECT'
firewall.@zone[1].masq='1'
firewall.@zone[1].mtu_fix='1'
firewall.@zone[1].network='wan wan6 modem'
firewall.@forwarding[0]=forwarding
firewall.@forwarding[0].src='lan'
firewall.@forwarding[0].dest='wan'
firewall.@rule[0]=rule
firewall.@rule[0].name='Allow-DHCP-Renew'
firewall.@rule[0].src='wan'
firewall.@rule[0].proto='udp'
firewall.@rule[0].dest_port='68'
firewall.@rule[0].target='ACCEPT'
firewall.@rule[0].family='ipv4'
firewall.@rule[1]=rule
firewall.@rule[1].name='Allow-Ping'
firewall.@rule[1].src='wan'
firewall.@rule[1].proto='icmp'
firewall.@rule[1].icmp_type='echo-request'
firewall.@rule[1].family='ipv4'
firewall.@rule[1].target='ACCEPT'
firewall.@rule[2]=rule
firewall.@rule[2].name='Allow-IGMP'
firewall.@rule[2].src='wan'
firewall.@rule[2].proto='igmp'
firewall.@rule[2].family='ipv4'
firewall.@rule[2].target='ACCEPT'
firewall.@rule[3]=rule
firewall.@rule[3].name='Allow-DHCPv6'
firewall.@rule[3].src='wan'
firewall.@rule[3].proto='udp'
firewall.@rule[3].src_ip='fe80::/10'
firewall.@rule[3].src_port='547'
firewall.@rule[3].dest_ip='fe80::/10'
firewall.@rule[3].dest_port='546'
firewall.@rule[3].family='ipv6'
firewall.@rule[3].target='ACCEPT'
firewall.@rule[4]=rule
firewall.@rule[4].name='Allow-MLD'
firewall.@rule[4].src='wan'
firewall.@rule[4].proto='icmp'
firewall.@rule[4].src_ip='fe80::/10'
firewall.@rule[4].icmp_type='130/0' '131/0' '132/0' '143/0'
firewall.@rule[4].family='ipv6'
firewall.@rule[4].target='ACCEPT'
firewall.@rule[5]=rule
firewall.@rule[5].name='Allow-ICMPv6-Input'
firewall.@rule[5].src='wan'
firewall.@rule[5].proto='icmp'
firewall.@rule[5].icmp_type='echo-request' 'echo-reply' 'destination-unreachable' 'packet-too-big' 'time-exceeded' 'bad-header' 'unknown-header-type' 'router-solicitation' 'neighbour-solicitation' 'router-advertisement' 'neighbour-advertisement'
firewall.@rule[5].limit='1000/sec'
firewall.@rule[5].family='ipv6'
firewall.@rule[5].target='ACCEPT'
firewall.@rule[6]=rule
firewall.@rule[6].name='Allow-ICMPv6-Forward'
firewall.@rule[6].src='wan'
firewall.@rule[6].dest='*'
firewall.@rule[6].proto='icmp'
firewall.@rule[6].icmp_type='echo-request' 'echo-reply' 'destination-unreachable' 'packet-too-big' 'time-exceeded' 'bad-header' 'unknown-header-type'
firewall.@rule[6].limit='1000/sec'
firewall.@rule[6].family='ipv6'
firewall.@rule[6].target='ACCEPT'
firewall.@include[0]=include
firewall.@include[0].path='/etc/firewall.user'
firewall.@rule[7]=rule
firewall.@rule[7].src='wan'
firewall.@rule[7].dest='lan'
firewall.@rule[7].proto='esp'
firewall.@rule[7].target='ACCEPT'
firewall.@rule[8]=rule
firewall.@rule[8].src='wan'
firewall.@rule[8].dest='lan'
firewall.@rule[8].dest_port='500'
firewall.@rule[8].proto='udp'
firewall.@rule[8].target='ACCEPT'
firewall.@zone[2]=zone
firewall.@zone[2].name='guest'
firewall.@zone[2].network='guest'
firewall.@zone[2].forward='REJECT'
firewall.@zone[2].output='ACCEPT'
firewall.@zone[2].input='REJECT'
firewall.@forwarding[1]=forwarding
firewall.@forwarding[1].src='guest'
firewall.@forwarding[1].dest='wan'
firewall.@rule[9]=rule
firewall.@rule[9].src='guest'
firewall.@rule[9].src_port='67-68'
firewall.@rule[9].dest_port='67-68'
firewall.@rule[9].proto='udp'
firewall.@rule[9].target='ACCEPT'
firewall.@rule[9].name='Allow DHCP request'
firewall.@rule[10]=rule
firewall.@rule[10].src='guest'
firewall.@rule[10].dest_port='53'
firewall.@rule[10].proto='tcpudp'
firewall.@rule[10].target='ACCEPT'
firewall.@rule[10].name='Allow DNS Queries'
firewall.@rule[11]=rule
firewall.@rule[11].src='guest'
firewall.@rule[11].dest='lan'
firewall.@rule[11].name='Deny Guest -> LAN'
firewall.@rule[11].proto='all'
firewall.@rule[11].target='DROP'
firewall.@rule[12]=rule
firewall.@rule[12].target='ACCEPT'
firewall.@rule[12].src='guest'
firewall.@rule[12].dest='wan'
firewall.@rule[12].name='Allow Guest -> WAN http'
firewall.@rule[12].proto='tcp'
firewall.@rule[12].dest_port='80'
firewall.@rule[13]=rule
firewall.@rule[13].target='ACCEPT'
firewall.@rule[13].src='guest'
firewall.@rule[13].dest='wan'
firewall.@rule[13].name='Allow Guest -> WAN https'
firewall.@rule[13].proto='tcp'
firewall.@rule[13].dest_port='443'
firewall.@rule[14]=rule
firewall.@rule[14].src='guest'
firewall.@rule[14].dest='wan'
firewall.@rule[14].name='Deny Guest -> WAN'
firewall.@rule[14].proto='all'
firewall.@rule[14].target='DROP'
Zyxel T56 /|\ TL Wdr3600 /|\ TL wdr4300 /|\ MiR 3g /|\ ubi Rocket, nb, pb, ns, loco /|\ Netgear R6220 /|\ xiaomi AC2350 /|\ TL c6 v3 /|\ TL 1043 v1 v2 v4 /|\ dn2800mt , N100 /|\  TL DS-P-7001-04/08 /|\ TL SX3016F i kupa innego sprzętu

8 Odpowiedź przez Cezary

  • Skąd: Warszawa
  • Zarejestrowany: 2006-02-25
  • Posty: 116,060

Odp: EasyBOX 802/ARV752DPW separacja VLAN?

Jeszcze pytanie kontrolne: "lan widzi podsieć wan i guest" - w sensie? Pingujesz, robisz ssh czy co?

Masz niepotrzebny router, uszkodzony czy nie - chętnie przygarnę go.

Cezary's Strona

9 Odpowiedź przez batorencjusz (edytowany przez batorencjusz 2017-05-26 11:51:02)

  • Zarejestrowany: 2015-07-16
  • Posty: 346

Odp: EasyBOX 802/ARV752DPW separacja VLAN?

ping , dostep do samby w lan, teraz jeszcze sprawdziłem RDP tez dziala

Zyxel T56 /|\ TL Wdr3600 /|\ TL wdr4300 /|\ MiR 3g /|\ ubi Rocket, nb, pb, ns, loco /|\ Netgear R6220 /|\ xiaomi AC2350 /|\ TL c6 v3 /|\ TL 1043 v1 v2 v4 /|\ dn2800mt , N100 /|\  TL DS-P-7001-04/08 /|\ TL SX3016F i kupa innego sprzętu

10 Odpowiedź przez Cezary

  • Skąd: Warszawa
  • Zarejestrowany: 2006-02-25
  • Posty: 116,060

Odp: EasyBOX 802/ARV752DPW separacja VLAN?

Zanim zrobię to u siebie w domu - pokaz jeszcze

iptables -v -L
iptables -v -L -t nat

Masz niepotrzebny router, uszkodzony czy nie - chętnie przygarnę go.

Cezary's Strona

11 Odpowiedź przez batorencjusz (edytowany przez batorencjusz 2017-05-26 14:33:25)

  • Zarejestrowany: 2015-07-16
  • Posty: 346

Odp: EasyBOX 802/ARV752DPW separacja VLAN?

iptables -v -L

Chain INPUT (policy ACCEPT 0 packets, 0 bytes)
 pkts bytes target     prot opt in     out     source               destination
  765 85982 delegate_input  all  --  any    any     anywhere             anywhere

Chain FORWARD (policy DROP 0 packets, 0 bytes)
 pkts bytes target     prot opt in     out     source               destination
 1239  171K delegate_forward  all  --  any    any     anywhere             anywhere

Chain OUTPUT (policy ACCEPT 0 packets, 0 bytes)
 pkts bytes target     prot opt in     out     source               destination
  741  168K delegate_output  all  --  any    any     anywhere             anywhere

Chain delegate_forward (1 references)
 pkts bytes target     prot opt in     out     source               destination
 1239  171K forwarding_rule  all  --  any    any     anywhere             anywhere             /* user chain for forwarding */
 1154  166K ACCEPT     all  --  any    any     anywhere             anywhere             ctstate RELATED,ESTABLISHED
    5   320 zone_lan_forward  all  --  br-lan any     anywhere             anywhere
    0     0 zone_wan_forward  all  --  eth0.1 any     anywhere             anywhere
    0     0 zone_wan_forward  all  --  usb0   any     anywhere             anywhere
   80  4762 zone_vlan_forward  all  --  eth0.3 any     anywhere             anywhere
    0     0 reject     all  --  any    any     anywhere             anywhere

Chain delegate_input (1 references)
 pkts bytes target     prot opt in     out     source               destination
    1    76 ACCEPT     all  --  lo     any     anywhere             anywhere
  764 85906 input_rule  all  --  any    any     anywhere             anywhere             /* user chain for input */
  617 67251 ACCEPT     all  --  any    any     anywhere             anywhere             ctstate RELATED,ESTABLISHED
    4   208 syn_flood  tcp  --  any    any     anywhere             anywhere             tcp flags:FIN,SYN,RST,ACK/SYN
   46  5868 zone_lan_input  all  --  br-lan any     anywhere             anywhere
   33  4215 zone_wan_input  all  --  eth0.1 any     anywhere             anywhere
    0     0 zone_wan_input  all  --  usb0   any     anywhere             anywhere
   68  8572 zone_vlan_input  all  --  eth0.3 any     anywhere             anywhere

Chain delegate_output (1 references)
 pkts bytes target     prot opt in     out     source               destination
    1    76 ACCEPT     all  --  any    lo      anywhere             anywhere
  740  168K output_rule  all  --  any    any     anywhere             anywhere             /* user chain for output */
  707  162K ACCEPT     all  --  any    any     anywhere             anywhere             ctstate RELATED,ESTABLISHED
   15  3450 zone_lan_output  all  --  any    br-lan  anywhere             anywhere
   13   952 zone_wan_output  all  --  any    eth0.1  anywhere             anywhere
    0     0 zone_wan_output  all  --  any    usb0    anywhere             anywhere
    5  1378 zone_vlan_output  all  --  any    eth0.3  anywhere             anywhere

Chain forwarding_lan_rule (1 references)
 pkts bytes target     prot opt in     out     source               destination

Chain forwarding_rule (1 references)
 pkts bytes target     prot opt in     out     source               destination

Chain forwarding_vlan_rule (1 references)
 pkts bytes target     prot opt in     out     source               destination

Chain forwarding_wan_rule (1 references)
 pkts bytes target     prot opt in     out     source               destination

Chain input_lan_rule (1 references)
 pkts bytes target     prot opt in     out     source               destination

Chain input_rule (1 references)
 pkts bytes target     prot opt in     out     source               destination

Chain input_vlan_rule (1 references)
 pkts bytes target     prot opt in     out     source               destination

Chain input_wan_rule (1 references)
 pkts bytes target     prot opt in     out     source               destination

Chain output_lan_rule (1 references)
 pkts bytes target     prot opt in     out     source               destination

Chain output_rule (1 references)
 pkts bytes target     prot opt in     out     source               destination

Chain output_vlan_rule (1 references)
 pkts bytes target     prot opt in     out     source               destination

Chain output_wan_rule (1 references)
 pkts bytes target     prot opt in     out     source               destination

Chain reject (7 references)
 pkts bytes target     prot opt in     out     source               destination
    2   193 REJECT     tcp  --  any    any     anywhere             anywhere             reject-with tcp-reset
   30  3990 REJECT     all  --  any    any     anywhere             anywhere             reject-with icmp-port-unreachable

Chain syn_flood (1 references)
 pkts bytes target     prot opt in     out     source               destination
    4   208 RETURN     tcp  --  any    any     anywhere             anywhere             tcp flags:FIN,SYN,RST,ACK/SYN limit: avg 25/sec burst 50
    0     0 DROP       all  --  any    any     anywhere             anywhere

Chain zone_lan_dest_ACCEPT (3 references)
 pkts bytes target     prot opt in     out     source               destination
   15  3450 ACCEPT     all  --  any    br-lan  anywhere             anywhere

Chain zone_lan_dest_REJECT (1 references)
 pkts bytes target     prot opt in     out     source               destination
    0     0 reject     all  --  any    br-lan  anywhere             anywhere

Chain zone_lan_forward (1 references)
 pkts bytes target     prot opt in     out     source               destination
    5   320 forwarding_lan_rule  all  --  any    any     anywhere             anywhere             /* user chain for forwarding */
    5   320 zone_wan_dest_ACCEPT  all  --  any    any     anywhere             anywhere             /* forwarding lan -> wan */
    0     0 ACCEPT     all  --  any    any     anywhere             anywhere             ctstate DNAT /* Accept port forwards */
    0     0 zone_lan_dest_REJECT  all  --  any    any     anywhere             anywhere

Chain zone_lan_input (1 references)
 pkts bytes target     prot opt in     out     source               destination
   46  5868 input_lan_rule  all  --  any    any     anywhere             anywhere             /* user chain for input */
    0     0 ACCEPT     all  --  any    any     anywhere             anywhere             ctstate DNAT /* Accept port redirections */
   46  5868 zone_lan_src_ACCEPT  all  --  any    any     anywhere             anywhere

Chain zone_lan_output (1 references)
 pkts bytes target     prot opt in     out     source               destination
   15  3450 output_lan_rule  all  --  any    any     anywhere             anywhere             /* user chain for output */
   15  3450 zone_lan_dest_ACCEPT  all  --  any    any     anywhere             anywhere

Chain zone_lan_src_ACCEPT (1 references)
 pkts bytes target     prot opt in     out     source               destination
   46  5868 ACCEPT     all  --  br-lan any     anywhere             anywhere

Chain zone_vlan_dest_ACCEPT (1 references)
 pkts bytes target     prot opt in     out     source               destination
    5  1378 ACCEPT     all  --  any    eth0.3  anywhere             anywhere

Chain zone_vlan_dest_REJECT (1 references)
 pkts bytes target     prot opt in     out     source               destination
    0     0 reject     all  --  any    eth0.3  anywhere             anywhere

Chain zone_vlan_forward (1 references)
 pkts bytes target     prot opt in     out     source               destination
   80  4762 forwarding_vlan_rule  all  --  any    any     anywhere             anywhere             /* user chain for forwarding */
   80  4762 zone_wan_dest_ACCEPT  all  --  any    any     anywhere             anywhere             /* forwarding vlan -> wan */
    0     0 ACCEPT     all  --  any    any     anywhere             anywhere             ctstate DNAT /* Accept port forwards */
    0     0 zone_vlan_dest_REJECT  all  --  any    any     anywhere             anywhere

Chain zone_vlan_input (1 references)
 pkts bytes target     prot opt in     out     source               destination
   68  8572 input_vlan_rule  all  --  any    any     anywhere             anywhere             /* user chain for input */
    0     0 ACCEPT     all  --  any    any     anywhere             anywhere             ctstate DNAT /* Accept port redirections */
   68  8572 zone_vlan_src_ACCEPT  all  --  any    any     anywhere             anywhere

Chain zone_vlan_output (1 references)
 pkts bytes target     prot opt in     out     source               destination
    5  1378 output_vlan_rule  all  --  any    any     anywhere             anywhere             /* user chain for output */
    5  1378 zone_vlan_dest_ACCEPT  all  --  any    any     anywhere             anywhere

Chain zone_vlan_src_ACCEPT (1 references)
 pkts bytes target     prot opt in     out     source               destination
   68  8572 ACCEPT     all  --  eth0.3 any     anywhere             anywhere

Chain zone_wan_dest_ACCEPT (3 references)
 pkts bytes target     prot opt in     out     source               destination
   98  6034 ACCEPT     all  --  any    eth0.1  anywhere             anywhere
    0     0 ACCEPT     all  --  any    usb0    anywhere             anywhere

Chain zone_wan_dest_REJECT (1 references)
 pkts bytes target     prot opt in     out     source               destination
    0     0 reject     all  --  any    eth0.1  anywhere             anywhere
    0     0 reject     all  --  any    usb0    anywhere             anywhere

Chain zone_wan_forward (2 references)
 pkts bytes target     prot opt in     out     source               destination
    0     0 forwarding_wan_rule  all  --  any    any     anywhere             anywhere             /* user chain for forwarding */
    0     0 zone_lan_dest_ACCEPT  esp  --  any    any     anywhere             anywhere             /* @rule[7] */
    0     0 zone_lan_dest_ACCEPT  udp  --  any    any     anywhere             anywhere             udp dpt:isakmp /* @rule[8] */
    0     0 ACCEPT     all  --  any    any     anywhere             anywhere             ctstate DNAT /* Accept port forwards */
    0     0 zone_wan_dest_REJECT  all  --  any    any     anywhere             anywhere

Chain zone_wan_input (2 references)
 pkts bytes target     prot opt in     out     source               destination
   33  4215 input_wan_rule  all  --  any    any     anywhere             anywhere             /* user chain for input */
    0     0 ACCEPT     udp  --  any    any     anywhere             anywhere             udp dpt:bootpc /* Allow-DHCP-Renew */
    0     0 ACCEPT     icmp --  any    any     anywhere             anywhere             icmp echo-request /* Allow-Ping */
    1    32 ACCEPT     igmp --  any    any     anywhere             anywhere             /* Allow-IGMP */
    0     0 ACCEPT     all  --  any    any     anywhere             anywhere             ctstate DNAT /* Accept port redirections */
   32  4183 zone_wan_src_REJECT  all  --  any    any     anywhere             anywhere

Chain zone_wan_output (2 references)
 pkts bytes target     prot opt in     out     source               destination
   13   952 output_wan_rule  all  --  any    any     anywhere             anywhere             /* user chain for output */
   13   952 zone_wan_dest_ACCEPT  all  --  any    any     anywhere             anywhere

Chain zone_wan_src_REJECT (1 references)
 pkts bytes target     prot opt in     out     source               destination
   32  4183 reject     all  --  eth0.1 any     anywhere             anywhere
    0     0 reject     all  --  usb0   any     anywhere             anywhere

iptables -v -L -t nat

Chain PREROUTING (policy ACCEPT 235 packets, 46044 bytes)
 pkts bytes target     prot opt in     out     source               destination
  235 46044 delegate_prerouting  all  --  any    any     anywhere             anywhere

Chain INPUT (policy ACCEPT 10 packets, 1291 bytes)
 pkts bytes target     prot opt in     out     source               destination

Chain OUTPUT (policy ACCEPT 23 packets, 2778 bytes)
 pkts bytes target     prot opt in     out     source               destination

Chain POSTROUTING (policy ACCEPT 7 packets, 1562 bytes)
 pkts bytes target     prot opt in     out     source               destination
  116  8354 delegate_postrouting  all  --  any    any     anywhere             anywhere

Chain delegate_postrouting (1 references)
 pkts bytes target     prot opt in     out     source               destination
  116  8354 postrouting_rule  all  --  any    any     anywhere             anywhere             /* user chain for postrouting */
    2   332 zone_lan_postrouting  all  --  any    br-lan  anywhere             anywhere
  109  6792 zone_wan_postrouting  all  --  any    eth0.1  anywhere             anywhere
    0     0 zone_wan_postrouting  all  --  any    usb0    anywhere             anywhere
    5  1230 zone_vlan_postrouting  all  --  any    eth0.3  anywhere             anywhere

Chain delegate_prerouting (1 references)
 pkts bytes target     prot opt in     out     source               destination
  235 46044 prerouting_rule  all  --  any    any     anywhere             anywhere             /* user chain for prerouting */
    5   320 zone_lan_prerouting  all  --  br-lan any     anywhere             anywhere
   48  5899 zone_wan_prerouting  all  --  eth0.1 any     anywhere             anywhere
    0     0 zone_wan_prerouting  all  --  usb0   any     anywhere             anywhere
  182 39825 zone_vlan_prerouting  all  --  eth0.3 any     anywhere             anywhere

Chain postrouting_lan_rule (1 references)
 pkts bytes target     prot opt in     out     source               destination

Chain postrouting_rule (1 references)
 pkts bytes target     prot opt in     out     source               destination

Chain postrouting_vlan_rule (1 references)
 pkts bytes target     prot opt in     out     source               destination

Chain postrouting_wan_rule (1 references)
 pkts bytes target     prot opt in     out     source               destination

Chain prerouting_lan_rule (1 references)
 pkts bytes target     prot opt in     out     source               destination

Chain prerouting_rule (1 references)
 pkts bytes target     prot opt in     out     source               destination

Chain prerouting_vlan_rule (1 references)
 pkts bytes target     prot opt in     out     source               destination

Chain prerouting_wan_rule (1 references)
 pkts bytes target     prot opt in     out     source               destination

Chain zone_lan_postrouting (1 references)
 pkts bytes target     prot opt in     out     source               destination
    2   332 postrouting_lan_rule  all  --  any    any     anywhere             anywhere             /* user chain for postrouting */

Chain zone_lan_prerouting (1 references)
 pkts bytes target     prot opt in     out     source               destination
    5   320 prerouting_lan_rule  all  --  any    any     anywhere             anywhere             /* user chain for prerouting */

Chain zone_vlan_postrouting (1 references)
 pkts bytes target     prot opt in     out     source               destination
    5  1230 postrouting_vlan_rule  all  --  any    any     anywhere             anywhere             /* user chain for postrouting */

Chain zone_vlan_prerouting (1 references)
 pkts bytes target     prot opt in     out     source               destination
  182 39825 prerouting_vlan_rule  all  --  any    any     anywhere             anywhere             /* user chain for prerouting */

Chain zone_wan_postrouting (2 references)
 pkts bytes target     prot opt in     out     source               destination
  109  6792 postrouting_wan_rule  all  --  any    any     anywhere             anywhere             /* user chain for postrouting */
  109  6792 MASQUERADE  all  --  any    any     anywhere             anywhere

Chain zone_wan_prerouting (2 references)
 pkts bytes target     prot opt in     out     source               destination
   48  5899 prerouting_wan_rule  all  --  any    any     anywhere             anywhere             /* user chain for prerouting */

edit:

nie udało mi się wymusić separacji więc rozwiązałem problem za pomocą IPTABLES
iptables -I FORWARD -s 192.168.100.1/24 -d 192.168.10.0/24 -j DROP

Zyxel T56 /|\ TL Wdr3600 /|\ TL wdr4300 /|\ MiR 3g /|\ ubi Rocket, nb, pb, ns, loco /|\ Netgear R6220 /|\ xiaomi AC2350 /|\ TL c6 v3 /|\ TL 1043 v1 v2 v4 /|\ dn2800mt , N100 /|\  TL DS-P-7001-04/08 /|\ TL SX3016F i kupa innego sprzętu

12 Odpowiedź przez Cezary

  • Skąd: Warszawa
  • Zarejestrowany: 2006-02-25
  • Posty: 116,060

Odp: EasyBOX 802/ARV752DPW separacja VLAN?

Przy takiej konfiguracji nie mogę z lanu pingować cokolwiek w quest:

root@EasyBOX:~# uci show network
network.loopback=interface
network.loopback.ifname='lo'
network.loopback.proto='static'
network.loopback.ipaddr='127.0.0.1'
network.loopback.netmask='255.0.0.0'
network.globals=globals
network.globals.ula_prefix='fd75:0604:f8cf::/48'
network.lan=interface
network.lan.force_link='1'
network.lan.type='bridge'
network.lan.proto='static'
network.lan.netmask='255.255.255.0'
network.lan.ip6assign='60'
network.lan.ifname='eth0.1'
network.lan.ipaddr='192.168.2.1'
network.@switch[0]=switch
network.@switch[0].name='switch0'
network.@switch[0].reset='1'
network.@switch[0].enable_vlan='1'
network.@switch_vlan[0]=switch_vlan
network.@switch_vlan[0].device='switch0'
network.@switch_vlan[0].vlan='1'
network.@switch_vlan[0].ports='1 2 5t'
network.@switch_vlan[1]=switch_vlan
network.@switch_vlan[1].device='switch0'
network.@switch_vlan[1].vlan='2'
network.@switch_vlan[1].ports='4 5t'
network.wan=interface
network.wan.proto='dhcp'
network.wan.ifname='eth0.2'
network.wan.dns='8.8.8.8 8.8.4.4'
network.wan.peerdns='0'
network.modem=interface
network.modem.proto='dhcp'
network.modem.ifname='eth1'
network.@switch_vlan[2]=switch_vlan
network.@switch_vlan[2].device='switch0'
network.@switch_vlan[2].vlan='3'
network.@switch_vlan[2].ports='3 5t'
network.guest=interface
network.guest.proto='static'
network.guest.ipaddr='172.16.0.1'
network.guest.netmask='255.240.0.0'
network.guest.ifname='eth0.3'
root@EasyBOX:~# uci show firewall
firewall.@defaults[0]=defaults
firewall.@defaults[0].syn_flood='1'
firewall.@defaults[0].input='ACCEPT'
firewall.@defaults[0].output='ACCEPT'
firewall.@defaults[0].forward='REJECT'
firewall.@zone[0]=zone
firewall.@zone[0].name='lan'
firewall.@zone[0].network='lan'
firewall.@zone[0].input='ACCEPT'
firewall.@zone[0].output='ACCEPT'
firewall.@zone[0].forward='ACCEPT'
firewall.@zone[1]=zone
firewall.@zone[1].name='wan'
firewall.@zone[1].network='wan' 'wan6' 'modem'
firewall.@zone[1].input='REJECT'
firewall.@zone[1].output='ACCEPT'
firewall.@zone[1].forward='REJECT'
firewall.@zone[1].masq='1'
firewall.@zone[1].mtu_fix='1'
firewall.@forwarding[0]=forwarding
firewall.@forwarding[0].src='lan'
firewall.@forwarding[0].dest='wan'
firewall.@rule[0]=rule
firewall.@rule[0].name='Allow-DHCP-Renew'
firewall.@rule[0].src='wan'
firewall.@rule[0].proto='udp'
firewall.@rule[0].dest_port='68'
firewall.@rule[0].target='ACCEPT'
firewall.@rule[0].family='ipv4'
firewall.@rule[1]=rule
firewall.@rule[1].name='Allow-Ping'
firewall.@rule[1].src='wan'
firewall.@rule[1].proto='icmp'
firewall.@rule[1].icmp_type='echo-request'
firewall.@rule[1].family='ipv4'
firewall.@rule[1].target='ACCEPT'
firewall.@rule[2]=rule
firewall.@rule[2].name='Allow-IGMP'
firewall.@rule[2].src='wan'
firewall.@rule[2].proto='igmp'
firewall.@rule[2].family='ipv4'
firewall.@rule[2].target='ACCEPT'
firewall.@rule[3]=rule
firewall.@rule[3].name='Allow-DHCPv6'
firewall.@rule[3].src='wan'
firewall.@rule[3].proto='udp'
firewall.@rule[3].src_ip='fe80::/10'
firewall.@rule[3].src_port='547'
firewall.@rule[3].dest_ip='fe80::/10'
firewall.@rule[3].dest_port='546'
firewall.@rule[3].family='ipv6'
firewall.@rule[3].target='ACCEPT'
firewall.@rule[4]=rule
firewall.@rule[4].name='Allow-MLD'
firewall.@rule[4].src='wan'
firewall.@rule[4].proto='icmp'
firewall.@rule[4].src_ip='fe80::/10'
firewall.@rule[4].icmp_type='130/0' '131/0' '132/0' '143/0'
firewall.@rule[4].family='ipv6'
firewall.@rule[4].target='ACCEPT'
firewall.@rule[5]=rule
firewall.@rule[5].name='Allow-ICMPv6-Input'
firewall.@rule[5].src='wan'
firewall.@rule[5].proto='icmp'
firewall.@rule[5].icmp_type='echo-request' 'echo-reply' 'destination-unreachable' 'packet-too-big' 'time-exceeded' 'bad-header' 'unknown-header-type' 'router-solicitation' 'neighbour-solicitation' 'router-advertisement' 'neighbour-advertisement'
firewall.@rule[5].limit='1000/sec'
firewall.@rule[5].family='ipv6'
firewall.@rule[5].target='ACCEPT'
firewall.@rule[6]=rule
firewall.@rule[6].name='Allow-ICMPv6-Forward'
firewall.@rule[6].src='wan'
firewall.@rule[6].dest='*'
firewall.@rule[6].proto='icmp'
firewall.@rule[6].icmp_type='echo-request' 'echo-reply' 'destination-unreachable' 'packet-too-big' 'time-exceeded' 'bad-header' 'unknown-header-type'
firewall.@rule[6].limit='1000/sec'
firewall.@rule[6].family='ipv6'
firewall.@rule[6].target='ACCEPT'
firewall.@include[0]=include
firewall.@include[0].path='/etc/firewall.user'
firewall.@rule[7]=rule
firewall.@rule[7].src='wan'
firewall.@rule[7].dest='lan'
firewall.@rule[7].proto='esp'
firewall.@rule[7].target='ACCEPT'
firewall.@rule[8]=rule
firewall.@rule[8].src='wan'
firewall.@rule[8].dest='lan'
firewall.@rule[8].dest_port='500'
firewall.@rule[8].proto='udp'
firewall.@rule[8].target='ACCEPT'
firewall.@zone[2]=zone
firewall.@zone[2].name='guest'
firewall.@zone[2].network='guest'
firewall.@zone[2].input='ACCEPT'
firewall.@zone[2].output='ACCEPT'
firewall.@zone[2].forward='REJECT'
firewall.@forwarding[1]=forwarding
firewall.@forwarding[1].src='guest'
firewall.@forwarding[1].dest='wan'
root@EasyBOX:~# uci show dhcp
dhcp.@dnsmasq[0]=dnsmasq
dhcp.@dnsmasq[0].domainneeded='1'
dhcp.@dnsmasq[0].boguspriv='1'
dhcp.@dnsmasq[0].filterwin2k='0'
dhcp.@dnsmasq[0].localise_queries='1'
dhcp.@dnsmasq[0].rebind_protection='1'
dhcp.@dnsmasq[0].rebind_localhost='1'
dhcp.@dnsmasq[0].local='/lan/'
dhcp.@dnsmasq[0].domain='lan'
dhcp.@dnsmasq[0].expandhosts='1'
dhcp.@dnsmasq[0].nonegcache='0'
dhcp.@dnsmasq[0].authoritative='1'
dhcp.@dnsmasq[0].readethers='1'
dhcp.@dnsmasq[0].leasefile='/tmp/dhcp.leases'
dhcp.@dnsmasq[0].resolvfile='/tmp/resolv.conf.auto'
dhcp.@dnsmasq[0].localservice='1'
dhcp.lan=dhcp
dhcp.lan.interface='lan'
dhcp.lan.start='100'
dhcp.lan.limit='150'
dhcp.lan.leasetime='12h'
dhcp.lan.dhcp_option='6,8.8.8.8,8.8.4.4'
dhcp.wan=dhcp
dhcp.wan.interface='wan'
dhcp.wan.ignore='1'
dhcp.guest=dhcp
dhcp.guest.start='100'
dhcp.guest.limit='150'
dhcp.guest.leasetime='2h'
dhcp.guest.interface='guest'
root@EasyBOX:~#
Masz niepotrzebny router, uszkodzony czy nie - chętnie przygarnę go.

Cezary's Strona