OpenWrt Forum Archive

Topic: openwrt on wrt54g 2.0, mac address clone and vlans

The content of this topic has been archived on 9 Apr 2018. There are no obvious gaps in this topic, but there may still be some posts missing at the end.

Post #1
kva
16 Dec 2006, 18:47

Hello,

I upgraded my firmware to latest openwrt and after screwing up some settings I can't get mac address clone working again.
The reason of using mac address clone is ISP fixing connection only to fixed mac address.

Before the upgrade only wireless access to internet was possible as I had to disable internal bridge to get it working, now
all is broken.

I have following (I consider only those are relevant) in nvram

wan_hwaddr=xx:xx:xx:xx:xx (target mac)
wan_ifname=vlan1
wan_ipaddr=
wan_netmask=
wan_proto=dhcp

vlan0hwname=et0
vlan0ports=0 4t
vlan10hwname=
vlan11hwname=
vlan1hwname=et0
vlan1ports=1 4t
vlan2hwname=et0
... (lots of empty vlans created by X-Wrt)

lan_ifname=br0
lan_ifnames= vlan0 eth2

Can someone please show me the way out? I tried different combinations but either
I don't get address from the ISP or it isn't working at all..

(Last edited by kva on 16 Dec 2006, 18:48)

Post #2
kva
16 Dec 2006, 20:30

It *almost* works with

vlan0hwname=et0
vlan0ports=1 2 3 5*
vlan1hwname=et0
vlan1ports=0 4 5
wait_time=1
wan_device=vlan1

Problem is that I can't access WAN while connecting by wi-fi but it works fine with ethernet connection. Can I get both?

Edit: I can access router by cable and wi-fi now. Just no internet through wi-fi.

(Last edited by kva on 16 Dec 2006, 20:57)

Post #3
strobert
16 Dec 2006, 20:59

from the wiki it looks like on the 2.x wrt54g's wifi is on eth1 not eth2.  have you tried changing lan_ifnames to "vlan0 eth1"?

Also, is there a reason you have port 4 in vlan1?  that makes you have 2 ports on your router on the wan vlan.

Post #4
kva
16 Dec 2006, 21:15

Seems ith vlan0 eth1 you can't get different ip range for wifi and eth (I want to assign them to 192.168.1.* for ethernet and 192.168.239.* for wifi)

Wireless access breaks with your suggested changes and X-Wrt now considers that WAN isn't in any of 2 vlans)

firmware_name=X-Wrt
firmware_subtitle=An OpenWrt based firmware.
lan_ifname=br0
lan_ifnames=vlan0 eth1
lan_ipaddr=192.168.1.1
lan_netmask=255.255.255.0
lan_proto=static
vlan0hwname=et0
vlan0ports=1 2 3 5*
vlan1hwname=et0
vlan1ports=0 5
wan_device=vlan1
wan_ifname=vlan1
wan_proto=dhcp
wifi_ifname=br1
wifi_ifnames=eth1
wifi_ipaddr=192.168.239.11
wifi_netmask=255.255.255.0
wifi_proto=static
wifi_stp=1
wl0_akm=none
wl0_channel=0

Edit: wi-fi is visible like this, but there's no address assigned to eth1 and no ping by wi-fi between computer and router.

root@routy:~$ route
Kernel IP routing table
Destination     Gateway         Genmask         Flags Metric Ref    Use Iface
192.168.1.0     *               255.255.255.0   U     0      0        0 br0
192.168.239.0   *               255.255.255.0   U     0      0        0 br1
81.67.246.0     *               255.255.254.0   U     0      0        0 vlan1
default         gw.net81-67-246 0.0.0.0         UG    0      0        0 vlan1

br1 on router has address 192.168.239.11 and eth1 is unassigned now
root@routy:~$ ifconfig br1
br1       Link encap:Ethernet  HWaddr 00:00:00:00:00:00 
          inet addr:192.168.239.11  Bcast:192.168.239.255  Mask:255.255.255.0

And on the computer I can see the router but not ping.
eth1      IEEE 802.11g  ESSID:"s23930" 
          Mode:Managed  Frequency:2.412 GHz  ...

PING 192.168.239.11 (192.168.239.11) 56(84) bytes of data.
From 192.168.239.1 icmp_seq=1 Destination Host Unreachable

Edit: removing br1 adds IP on eth1 on both sides but no ping by wifi, even bypassing routing tables
New table for router is :

root@routy:~$ route
Kernel IP routing table
Destination     Gateway         Genmask         Flags Metric Ref    Use Iface
192.168.1.0     *               255.255.255.0   U     0      0        0 br0
192.168.239.0   *               255.255.255.0   U     0      0        0 eth1
81.67.246.0     *               255.255.254.0   U     0      0        0 vlan1
default         gw.... 0.0.0.0         UG    0      0        0 vlan1

kva@zippy:~$ ping -r 192.168.239.11
PING 192.168.239.11 (192.168.239.11) 56(84) bytes of data.
From 192.168.239.1 icmp_seq=1 Destination Host Unreachable

(Last edited by kva on 16 Dec 2006, 21:44)

Post #5
plur
16 Dec 2006, 21:35

Here is the nvram from a working WRT54GS v 1.1 running AP mode with the WAN static for 10.0.10.x and the LAN running on 192.168.10.x This should be enough to fix yours. I would also recommend cleaning those excess vlans out though.  There is this for cleaning up variables:

cd /tmp
wget http://downloads.openwrt.org/people/kal … m-clean.sh
chmod a+x /tmp/nvram-clean.sh
/tmp/nvram-clean.sh
nvram commit

----NVRAM----

vlan0hwname=et0
vlan0ports=1 2 3 4 5*
vlan1hwname=et0
vlan1ports=0 5
wait_time=1
wan_device=vlan1
wan_dhcp_lease=
wan_dhcp_num=
wan_dhcp_start=
wan_dns=10.0.10.1
wan_gateway=10.0.10.1
wan_hostname=relay
wan_ifname=vlan1
wan_ipaddr=10.0.10.99
wan_netmask=255.255.255.0
wan_proto=static
watchdog=5000
wifi_dhcp_lease=
wifi_dhcp_num=
wifi_dhcp_start=
wl0_akm=psk
wl0_antdiv=3
wl0_ap_isolate=0
wl0_bcn=100
wl0_channel=1
wl0_closed=1
wl0_crypto=aes
wl0_dtim=1
wl0_frag=1000
wl0_frameburst=0
wl0_gmode=1
wl0_gmode_protection=1
wl0_ifname=eth1
wl0_infra=1
wl0_lazywds=0
wl0_maclist=00:90:96:a4:c1:f7 00:15:60:4a:3c:76 00:0f:1f:12:07:6f
wl0_macmode=disabled
wl0_mode=ap
wl0_plcphdr=long
wl0_radio=1
wl0_rts=1200
wl0_ssid=relay
wl0_txdiv=3
wl0_txpwr=30
wl0_wep=disabled
----

The only thing you should have to do different is add the line "nvram set wan_hwaddr="aa:bb:cc:dd:ee:ff"" I have cloning on on another router of mine and just adding that single line did it for me. Get the it working on something (another network) that doesn't require the mac clone first so you KNOW your config is working, then clone the mac and put it in place on the network requiring the specific mac.

Post #6
kva
16 Dec 2006, 22:04

Well, tried to do it - same thing. No relevant differences in configuration and no nvrams (since first test actually)

Still same symptoms - both wi-fi cards are up and connected but they can't ping each other now. Ethernet works fine.

root@routy:~$ nvram show | sort
size: 1507 bytes (31261 left)
aa0=3
ag0=255
boardflags2=0
boardflags=0x0188
boardnum=42
boardrev=0x10
boardtype=0x0101
boot_ver=v2.3
boot_wait=on
ccode=0
cctl=0
clkfreq=200
dl_ram_addr=a0001000
et0macaddr=00:12:17:B7:E8:74
et0mdcport=0
et0phyaddr=30
firmware_name=X-Wrt
firmware_subtitle=An OpenWrt based firmware.
gpio2=adm_eecs
gpio3=adm_eesk
gpio5=adm_eedi
gpio6=adm_rc
il0macaddr=00:12:17:b7:e8:76
lan_dhcp_enabled=1
lan_dhcp_lease=
lan_dhcp_num=
lan_dhcp_start=
lan_ifname=br0
lan_ifnames=vlan0 eth1
lan_ipaddr=192.168.1.1
lan_netmask=255.255.255.0
lan_proto=static
ntp_server=pool.ntp.org
os_flash_addr=bfc40000
os_ram_addr=80001000
pa0b0=0x170c
pa0b1=0xfa24
pa0b2=0xfe70
pa0itssit=62
pa0maxpwr=0x48
pmon_ver=CFE 3.51.21.0
scratch=a0180000
sdram_config=0x0032
sdram_init=0x0000
sdram_ncdl=0x30924
sdram_refresh=0x0000
sromrev=2
vlan0hwname=et0
vlan0ports=1 2 3 4 5*
vlan1hwname=et0
vlan1ports=0 5
wait_time=1
wan_device=vlan1
wan_dhcp_lease=
wan_dhcp_num=
wan_dhcp_start=
wan_hostname=routy
wan_hwaddr=00:16:36:41:58:25
wan_ifname=vlan1
wan_proto=dhcp
watchdog=5000
wifi_dhcp_enabled=0
wifi_dhcp_lease=
wifi_dhcp_num=
wifi_dhcp_start=59
wifi_ifname=eth1
wifi_ifnames=eth1
wifi_ipaddr=192.168.239.11
wifi_netmask=255.255.255.0
wifi_proto=static
wifi_stp=1
wl0_akm=none
wl0_channel=0
wl0_closed=1
wl0_crypto=tkip
wl0_gmode=2
wl0_gmode_protection=0
wl0_ifname=eth1
wl0_infra=1
wl0_key1=XXX
wl0_key=1
wl0_mode=ap
wl0_radio=1
wl0_ssid=s23930
wl0_wep=enabled
wl0gpio2=0
wl0gpio3=0
wl0id=0x4320

kva@zippy:~$ cat /etc/network/interfaces
auto lo
iface lo inet loopback

auto eth0
#iface eth0 inet dhcp
iface eth0 inet static
address 192.168.1.11
netmask 255.255.255.0
gateway 192.168.1.1

auto eth1
iface eth1 inet static
address 192.168.239.1
netmask 255.255.255.0
gateway 192.168.239.11
wireless-essid s23930
wireless-key XXX

Post #7
plur
16 Dec 2006, 22:55

I see a few minor differences from mine. for instance the lan_ifnames. Here is the top of my nvram. Not sure why mine has eth2 in there as well, but mine does work. sorry I cut this from the webpage.. but you get the idea. Hope this helps

lan_dhcp_enabled     1     Change     Delete
lan_dhcp_lease     720m     Change     Delete
lan_dhcp_num     10     Change     Delete
lan_dhcp_start     100     Change     Delete
lan_dns     10.0.10.1     Change     Delete
lan_ifname     br0     Change     Delete
lan_ifnames     vlan0 eth1 eth2     Change     Delete
lan_ipaddr     192.168.10.1     Change     Delete
lan_netmask     255.255.255.0     Change     Delete
lan_proto     static     Change     Delete
language     en     Change     Delete
ntp_server     pool.ntp.org     Change     Delete
openvpn_cli     0     Change     Delete
openvpn_cli_auth     psk     Change     Delete
openvpn_cli_port     1194     Change     Delete
openvpn_cli_proto     udp     Change     Delete
os_flash_addr     bfc40000     Change     Delete
os_ram_addr     80001000     Change     Delete
pa0b0     0x15eb     Change     Delete
pa0b1     0xfa82     Change     Delete
pa0b2     0xfe66     Change     Delete
pa0itssit     62     Change     Delete
pa0maxpwr     0x4e     Change     Delete
pmon_ver     CFE 3.61.13.0     Change     Delete
scratch     a0180000     Change     Delete
sromrev     2     Change     Delete
time_zone     PST8PDT     Change     Delete
vlan0hwname     et0     Change     Delete
vlan0ports     1 2 3 4 5*     Change     Delete
vlan1hwname     et0     Change     Delete
vlan1ports     0 5     Change     Delete
wait_time     1     Change     Delete
wan_device     vlan1

(Last edited by plur on 16 Dec 2006, 22:58)

Post #8
kva
16 Dec 2006, 23:00

I tested both variants of lan_ifnames before answering, sorry for not making it clear. It doesn't changes anything..

Post #9
strobert
17 Dec 2006, 04:14

What openwrt version are you running?  whiterussian RC6 or kamikazi?  Reason I ask is you mention ' /etc/network/interfaces ' which I don't see rc6 using (at least not via the command line -- I don't use the webif).

assuming white russian...

with the nvram vars you have in comment #6, it looks like you are trying to set up eth1 twice:

lan_ifname=br0
lan_ifnames=vlan0 eth1
wifi_ifname=eth1

once standalone as a wifi interface.  once as part of a bridge created for lan (which looks like it would merge the ethernet and wireless networks -- which is the usual default -- but not what I think you are trying to do as mentioned in comment #4).

Assuming you want wireless and ethernet to be split, you don't want lan to be a bridge since you don't need to be joining two networks together except by IP routing through the WRT.

so I think you want nvram vars more like:

lan_ifname=vlan0
lan_ifnames="vlan0"
lan_proto=static
lan_ipaddr=192.168.1.1
lan_netmask=255.255.255.0
wifi_ifname=eth1
wifi_proto=static
wifi_ipaddr=192.168.239.11
wifi_netmask=255.255.255.0

I pulled from the bottom of the network configuration page:
Network Configuration section in the wiki
except I changed to the IP blocks you mentioned you wanted to use.

(Last edited by strobert on 17 Dec 2006, 04:15)

Post #10
kva
17 Dec 2006, 13:49

Ok, we are slowly getting there, both interfaces work as I want and don't intersect.
Trying to set up IP routing but your documentation is quite confusing on the subject,
will need to look it out there, it should be a couple of lines for iptables.

Thank you all for your help.

Post #11
kva
17 Dec 2006, 18:45

iptables -A FORWARD -i eth1 -o vlan1 -j ACCEPT

That's why I love linux, each time you have a simple thing to do you have to learn something.
Edit: now to find out how to enable firewall again...

Bonus questions for curious people - how to write following rule in /etc/config/firewall and is it possible to enter it through x-wrt interface?

Thank you again.

(Last edited by kva on 17 Dec 2006, 19:21)

Post #12
strobert
17 Dec 2006, 20:54

I'm not seeing anything obvious in /usr/lib/firewall.awk (the awk script that /etc/init.d/S35firewall runs /etc/config/firewall through).

don't know about x-wrt.  I am planning on looking ta it more eventually when I get a second R&D box going, but haven't touched it yet.

I personally just do everything in raw iptables commands.  there is /etc/firewall.user that the openwrt team has made as a standard user hook.  I am overriding S35firewall itself as I want exact iptables rules, and found I was having to work around the default rules in S35firewall more than was using the defaults.

But anyways, I think if you added this to /etc/firewall.user it will do what you need:

iptables -A forwarding_rule -i eth1 -o vlan1 -j ACCEPT
Post #13
kva
17 Dec 2006, 22:17

Hm. Won't it make the same thing - open all ports of computers connected by wireless to the WAN?

Post #14
strobert
17 Dec 2006, 22:32

Yes, I thought you were asking about where a good spot to put that rule would be.  S35firewall by default loads in local mods from /etc/firewall.user and by processing /etc/config/firewall.

Post #15
kva
17 Dec 2006, 23:24

Yes, I read S35firewall, actually my question was if it can be rewritten directly without using iptables in /etc/config/firewall.

They told me in #x-wrt that it can be done through the interface at the moment.

Good idea would be a square grid of interfaces allowing to indicate which ports can go where but well, it'll be too simple.

Post #16
strobert
18 Dec 2006, 02:20

okay, well, I won't be much help then smile

I haven't bothered to look into the higher level /etc/config/firewall syntax much as it just gets turned into the low level iptables commands.

Of course I am pretty fluent with iptables so doing iptables commands directly is easiest for me (for part of my work I manage a LAN with probably ~10K iptables rules across various routers).

intersting idea on the grid interface, I would say run it by the x-wrt dev folks and see what they think.

The discussion might have continued from here.