OpenWrt Forum Archive

Topic: routing issues with wrt54gl and openwrt - can someone help?

The content of this topic has been archived on 8 Apr 2018. There are no obvious gaps in this topic, but there may still be some posts missing at the end.

Post #1
yasutani
19 Apr 2009, 11:31

Hi all
maybe one of you guys can help?

I have an openwrt Kamikaze 8.09 running on a wrt45gl v.1.1 hardware and I want to use it as firewall/pppoe gateway/router for my network.

here is my network setup:

config 'switch' 'eth0'
        option 'vlan0' '0 5*'
        option 'vlan1' '1 5'
        option 'vlan2' '2 5'
        option 'vlan3' '3 5'
        option 'vlan4' '4 5'
        option 'vlan5' '4 5'

config 'interface' 'loopback'
        option 'ifname' 'lo'
        option 'proto' 'static'
        option 'ipaddr' '127.0.0.1'
        option 'netmask' '255.0.0.0'

config 'interface' 'inside'
        option 'ipaddr' '192.168.100.254'
        option 'netmask' '255.255.255.0'
        option 'proto' 'static'
        option 'ifname' 'eth0.0'

config 'interface' 'outside'
        option 'proto' 'static'
        option 'ifname' 'eth0.4'
        option 'netmask' '255.255.255.0'
        option 'ipaddr' '192.168.1.254'

config 'interface' 'pppoe'
        option 'proto' 'pppoe'
        option 'mtu' '1492'
        option 'keeplaive' '5'
        option 'ifname' 'eth0.5'
        option 'options' 'defaultroute persist maxfail 0'
        option 'username' '***************'
        option 'password' '*****************'

config 'route'
        option 'interface' 'inside'
        option 'target' '192.168.101.0'
        option 'netmask' '255.255.255.0'
        option 'gateway' '192.168.100.253'


my iptables rules are as follows:

# kill all current rules
/usr/sbin/iptables -F   
/usr/sbin/iptables -t nat  -F
/usr/sbin/iptables -X       
/usr/sbin/iptables -t nat -X
#                           
# set up our rules
/usr/sbin/iptables -N firewall
/usr/sbin/iptables -A firewall -p icmp -i any -o any -j ACCEPT
/usr/sbin/iptables -A firewall -m state --state ESTABLISHED,RELATED -j ACCEPT
/usr/sbin/iptables -A firewall -m state --state NEW -i ! eth0.4 -j ACCEPT   
/usr/sbin/iptables -A firewall -m state --state NEW -i ! ppp0 -j ACCEPT 
/usr/sbin/iptables -A INPUT -m state --state INVALID -i ppp0 -j DROP   
/usr/sbin/iptables -A firewall -j DROP                             
/usr/sbin/iptables -A INPUT -j firewall
/usr/sbin/iptables -A FORWARD -j firewall
/usr/sbin/iptables -t nat -A POSTROUTING -o ppp0 # kill all current rules
/usr/sbin/iptables -F   
/usr/sbin/iptables -t nat  -F
/usr/sbin/iptables -X       
/usr/sbin/iptables -t nat -X
#                           
# set up our rules
/usr/sbin/iptables -N firewall
/usr/sbin/iptables -A firewall -p icmp -i any -o any -j ACCEPT
/usr/sbin/iptables -A firewall -m state --state ESTABLISHED,RELATED -j ACCEPT
/usr/sbin/iptables -A firewall -m state --state NEW -i ! ppp0 -j ACCEPT 
/usr/sbin/iptables -A INPUT -m state --state INVALID -i ppp0 -j DROP   
/usr/sbin/iptables -A firewall -j DROP                             
/usr/sbin/iptables -A INPUT -j firewall
/usr/sbin/iptables -A FORWARD -j firewall
/usr/sbin/iptables -t nat -A POSTROUTING -o ppp0 -j MASQUERADE
#                                                             
# start packet forwarding
echo 1 > /proc/sys/net/ipv4/ip_forward
}                                     
#                                                             
# start packet forwarding
echo 1 > /proc/sys/net/ipv4/ip_forward
                                     

Routing table is like this:
Destination     Gateway         Genmask         Flags Metric Ref    Use Iface
xxx.yyy.zzz.www  0.0.0.0         255.255.255.255 UH    0      0        0 ppp0
192.168.100.0   0.0.0.0         255.255.255.0   U     0      0        0 eth0.0
192.168.101.0   192.168.100.253 255.255.255.0   UG    0      0        0 eth0.0
192.168.1.0     0.0.0.0         255.255.255.0   U     0      0        0 eth0.4
0.0.0.0         aaa.bbb.ccc.ddd  0.0.0.0         UG    0      0        0 ppp0



What I need to be able to do is:

connect to the xDSL modem on 192.168.1.1 (via eth0.4) for management purposes
run a pppoe session to the same box (via eth0.5)
interfaces eth0.1 eth0.2 and eth0.3 are reseved form DMZ's that will be added later, when I get my routing working.


At the moment pppoe just works, and that good, but I cannot ping or route to 192.168.1.0/24 network at all regardless, of the state of pppoe interface, etc. Routing to 192.168.101.0/24 network works just fine.

is this a vlan related issue?  Can any one point out what I can do to fix this?

Cheers
Tomasz


After some investigation it appears that openwrt firmware will NOT let me run a fucntioning pppoe and an standard ethernet data link over the same physical switch port. Even if the intefcaes for that are defined in diffrent vlans.

This is very annoying because my previous firewall box (UltraSPARC5 + debian) allowed me to do that.

Can anyone (a developer perhaps) enlighten me as to why? perhaps I am not configuring the pppoe correctly?

(Last edited by yasutani on 19 Apr 2009, 17:00)

Post #2
fofware
20 Apr 2009, 00:03

I don't understand what do you want to do, maybe can draw it?

Do you have 2 wan connections?

I this the case use mroute package and if you have installed x-wrt Webif can install webif-iw-lua-mroute to configure it.

(Last edited by fofware on 20 Apr 2009, 00:06)

Post #3
yasutani
20 Apr 2009, 04:41
fofware wrote:

I don't understand what do you want to do, maybe can draw it?

Do you have 2 wan connections?

I this the case use mroute package and if you have installed x-wrt Webif can install webif-iw-lua-mroute to configure it.

I don't think mroute will help here... it appears to be something more fundamental...

I have one wan connection. My wan connection is a pppoe session from the firewall to my ISP, via an adsl modem in bridge mode .

The pppoe part works flawlessly, but what I also want to do is to be able to do, is to manage the adsl modem via IP (http, telnet, ssh etc) using the same ethernet cable and NIC/Ethernet port, so that I can do things like check ADSL link status, etc wihtout having to be looking at the modem or running another ethernet cable and tying up another router port.

Like this:

http://farm4.static.flickr.com/3526/3458092175_a25e9e3d4d.jpg

It works that way on a UltraSparc5 using Debian linux, so why does it not work in openwrt?

Cheers
Tomasz

(Last edited by yasutani on 20 Apr 2009, 08:49)

Post #4
yasutani
21 Apr 2009, 01:53

*** PROBELM SOLVED ***

After some more testing I realised that the issue was not a routing issue but an artefact of how openwrt ifup and ifdown bring up interfaces.

to resolve this problem I simply addedd a stanza at the end of /lib/network/pppoe.sh that confiures an ip address on the ethernet inferface used for the pppoe session based on a configuration file that I store in /etc/config/local/

Now my configuration works just as I want it to, even if I had to bend and twist openwrt a bit (lots actually) to match my requirements.

I need to document this for my own records, and if there is any interest in this, I will post it here.

Regards
Tomasz

The discussion might have continued from here.