[Cerowrt-users] How to setup VLANs?

Dave Taht dave.taht at gmail.com
Tue Apr 16 02:11:01 EDT 2013 

vlans are addressed via the "." syntax. So for example, the iface for vlan
1 would be se00.1. not se01. You can still use the interface line of se01
if you wish.

On Mon, Apr 15, 2013 at 1:50 PM, Jeremy Tourville <
jeremy_tourville at hotmail.com> wrote:

> Hello,
> I am trying to setup my WNDR3800 such that I have two vlans- one for my
> regular network and another for my VoIP equipment.  I am connected to the
> internet via DSL connection.  I hand configured my config files (network,
> firewall and dhcp)  Upon reboot my I cannot login via the wired interface,
> I have to use wireless.  I have used openwrt in the past starting with
> version 8.09 and most recently 10 (backfire) on my Asus WL520GU router.  I
> do have a working config with two VLANs on the Asus system.  While there
> are many similarities I can see there are enough differences that make
> things a little more complex.  What am I doing wrong?  I'd be glad to write
> up a document and post it for the benefit of everyone if I can make this
> work.  Here are copies of my config files- with passwords changed to
> something generic for my dsl service (my real files have the correct
> info).  I also removed some info to hopefully keep this email small enough
> for the list.  I also reviewed what was written in another forum for some
> answers -
> http://www.mail-archive.com/cerowrt-devel@lists.bufferbloat.net/msg00595.html
> Many thanks in advance for your assistance.
>
> *Network*
>
>  config interface 'se00'
>       option ifname 'se00'
>       option proto 'static'
>       option ipaddr '172.30.42.1'
>       option netmask '255.255.255.224'
>       option ip6assign '64'
>
> config interface 'se01'
>       option ifname 'se01'
>       option proto 'static'
>       option ipaddr '172.30.42.33'
>       option netmask '255.255.255.224'
>       option ip6assign '64'
>
> config interface 'ge00'
>       option ifname 'ge00'
>       option proto 'pppoe'
>       option username 'myusername'
>       option password 'mypassword'
>
>
> config switch
>       option name 'rtl8366s'
>       option reset '1'
>       option blinkrate '2'
>       option max_length '3'
>       option enable_vlan '1'
>       option enable_vlan4k '1'
>
> config switch_vlan
>       option device 'rtl8366s'
>       option vlan '1'
>       option ports '2 3 5t'
>
> config switch_vlan
>       option device 'rtl8366s'
>       option vlan '2'
>       option ports '0 1 5t'
>
> config switch_port
>       option device 'rtl8366s'
>       option port '1'
>       option led '6'
>
> config switch_port
>       option device 'rtl8366s'
>       option port '2'
>       option led '9'
>
> config switch_port
>       option device 'rtl8366s'
>       option port '5'
>       option led '2'
>
> *Firewall*
>
> config defaults
>       option input 'ACCEPT'
>       option output 'ACCEPT'
>       option forward 'REJECT'
>       option drop_invalid '1'
>       option syn_flood '1'
>       option synflood_rate '200'
>       option synflood_burst '500'
>       option tcp_ecn '1'
>
> config zone
>       option input 'ACCEPT'
>       option forward 'REJECT'
>       option output 'ACCEPT'
>       option name 'wan'
>       option masq '1'
>       option mtu_fix '1'
>       option network 'ge00'
>
> config zone
>       option input 'ACCEPT'
>       option forward 'ACCEPT'
>       option output 'ACCEPT'
>       option name 'lan'
>       option network 'se00 se01 sw00 sw10'
>
> config forwarding
>       option dest 'wan'
>       option src 'lan'
>
> config forwarding
>       option dest 'lan'
>       option src 'wan'
>
> config zone
>       option input 'ACCEPT'
>       option output 'ACCEPT'
>       option name 'guest'
>       option forward 'ACCEPT'
>       option network 'gw00 gw01 gw10 gw11'
>
> config forwarding
>       option dest 'wan'
>       option src 'guest'
>
> config forwarding
>       option dest 'guest'
>       option src 'lan'
>
> config forwarding
>       option dest 'guest'
>       option src 'wan'
>
> config rule
>       option target 'ACCEPT'
>       option name 'domain'
>       option src '*'
>       option dest '*'
>       option dest_port '53'
>
> config rule
>       option target 'ACCEPT'
>       option name 'ntp'
>       option proto 'udp'
>       option dest '*'
>       option src '*'
>       option dest_port '123'
>
> config rule
>       option target 'ACCEPT'
>       option name 'dhcp4'
>       option family 'ipv4'
>       option proto 'udp'
>       option src '*'
>       option dest '*'
>       option dest_port '68'
>
> config rule
>       option target 'ACCEPT'
>       option name 'printers'
>       option proto 'tcp'
>       option src '*'
>       option dest '*'
>       option dest_port '631'
>
> config rule
>       option target 'ACCEPT'
>       option name 'Useful Services'
>       option proto 'tcp'
>       option src '*'
>       option dest '*'
>       option dest_port '80 443 873 993'
>
> config rule
>       option target 'ACCEPT'
>       option name 'ipv6 dfz'
>       option family 'ipv6'
>       option proto 'all'
>       option src '*'
>       option dest 'guest'
>
> config rule
>       option target 'ACCEPT'
>       option name 'icmpv6'
>       option family 'ipv6'
>       option proto 'icmp'
>       option src '*'
>       option dest '*'
>
> config rule
>       option src 'wan'
>       option proto 'tcp udp'
>       option dest_port '81 137 138 139 445 9091 8123'
>       option name 'blockconfig'
>       option target 'DROP'
>
> config rule
>       option name 'Allow-DHCPv6'
>       option src 'wan'
>       option proto 'udp'
>       option src_ip 'fe80::/10'
>       option src_port '547'
>       option dest_ip 'fe80::/10'
>       option dest_port '546'
>       option family 'ipv6'
>       option target 'ACCEPT'
>
> config rule
>       option src 'guest'
>       option proto 'tcp udp'
>       option dest_port '81 137 138 139 445 8123'
>       option name 'blockconfig2'
>       option target 'DROP'
>
> *DHCP*
>
> config dnsmasq
>       option domainneeded '1'
>       option boguspriv '1'
>       option filterwin2k '0'
>       option localise_queries '1'
>       option rebind_protection '1'
>       option rebind_localhost '1'
>       option local '/home.lan/'
>       option domain 'home.lan'
>       option expandhosts '1'
>       option port '53'
>       option nonegcache '0'
>       option authoritative '1'
>       option readethers '1'
>       option leasefile '/tmp/dhcp.leases'
>       option resolvfile '/tmp/resolv.conf.auto'
>       option cachesize '5000'
>       option dhcpscript '/etc/dnsmasq_net6.sh'
>       list notinterface 'ge00'
>
> config dhcp 'se00'
>       option interface 'se00'
>       option start '2'
>       option limit '26'
>       list dhcp_option '42,0.0.0.0'
>       list dhcp_option '44,0.0.0.0'
>       list dhcp_option '45,0.0.0.0'
>       list dhcp_option '46,8'
>       option leasetime '24h'
>       option domain 'home.lan'
>
> config dhcp 'se01'
>         option interface 'se01'
>         option start '34'
>         option limit '4'
>         option leasetime '24h'
>         option domain 'home.lan'
>
> config dhcp 'ge00'
>       option interface 'ge00'
>       option ignore '1'
>
>  config domain
>       option name 'gw.home.lan'
>       option ip '172.30.42.1'
>
> config domain
>       option name 'wpad.home.lan'
>       option ip '172.30.42.1'
>
>
> _______________________________________________
> Cerowrt-users mailing list
> Cerowrt-users at lists.bufferbloat.net
> https://lists.bufferbloat.net/listinfo/cerowrt-users
>
>


-- 
Dave Täht

Fixing bufferbloat with cerowrt:
http://www.teklibre.com/cerowrt/subscribe.html
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://lists.bufferbloat.net/pipermail/cerowrt-users/attachments/20130415/70e90a60/attachment-0002.html>

More information about the Cerowrt-users mailing list