Connect the internet

makito013 · February 7, 2020, 1:57pm

Good Morning,

I'm trying and I can't connect my HLK-7688a on the internet.
I would like to put all HLK ports as a LAN port and disable the firewall.
Objetio: I am developing a firewall firmware for an application I already have, the project is to receive data from ethrnet ports 0 to 3 and by UDP and forward to via lan4 to another separate network. It is the first time that I use openwrt but I have been developing firmware for raspberry cards for a while now.
What should I do to be able to network on ports 0-3 and receive internet and network on port 4

trendy · February 7, 2020, 2:43pm

Hello there,
could you explain which device is that, as I could not find it in the list of supported devices?

What is the output of uci export network ?

makito013 · February 7, 2020, 4:43pm

This module uses the MT7688 chip, my build was:

Target System (MediaTek Ralink Mips)
Subtarget (MT76x8 based boards)
Target Profile (MediaTek MT7628 EVB)

ulmwind · February 7, 2020, 5:00pm

@trendy, and I ask you to bring content of the file /etc/config/network, give also welcome screen, when you login by ssh.

makito013 · February 7, 2020, 6:25pm

BusyBox v1.22.1 (2016-09-21 09:49:24 CST) built-in shell (ash)
Enter 'help' for a list of built-in commands.

  _______                     ________        __
 |       |.-----.-----.-----.|  |  |  |.----.|  |_
 |   -   ||  _  |  -__|     ||  |  |  ||   _||   _|
 |_______||   __|_____|__|__||________||__|  |____|
          |__| W I R E L E S S   F R E E D O M
 -----------------------------------------------------
 BARRIER BREAKER (Barrier Breaker, unknown)
 -----------------------------------------------------
  * 1/2 oz Galliano         Pour all ingredients into
  * 4 oz cold Coffee        an irish coffee mug filled
  * 1 1/2 oz Dark Rum       with crushed ice. Stir.
  * 2 tsp. Creme de Cacao
 -----------------------------------------------------

I didn't change the network file, it follows the pattern that comes with the installation

config interface 'loopback'
        option ifname 'lo'
        option proto 'static'
        option ipaddr '127.0.0.1'
        option netmask '255.0.0.0'
 
config globals 'globals'
        option ula_prefix 'fd27:70fa:5c1d::/48'
 
config interface 'lan'
        option type 'bridge'
        option ifname 'eth0.1'
        option proto 'static'
        option netmask '255.255.255.0'
        option ip6assign '60'
        option ipaddr '192.168.1.1'
 
config interface 'wan'
        option ifname 'eth0.2'
        option proto 'dhcp'
 
config interface 'wan6'
        option ifname 'eth0.2'
        option proto 'dhcpv6'
 
config switch
        option name 'switch0'
        option reset '1'
        option enable_vlan '1'
 
config switch_vlan
        option device 'switch0'
        option vlan '1'
        option ports '1 2 3 4 5t'
 
config switch_vlan
        option device 'switch0'
        option vlan '2'
        option ports '0 5t'

eduperez · February 7, 2020, 6:29pm

Barrier Breaker is not old, not even ancient... it's prehistoric.

makito013 · February 7, 2020, 6:43pm

Atualized:

BusyBox v1.30.1 () built-in shell (ash)

_______                     ________        __
 |       |.-----.-----.-----.|  |  |  |.----.|  |_
 |   -   ||  _  |  -__|     ||  |  |  ||   _||   _|
 |_______||   __|_____|__|__||________||__|  |____|
          |__| W I R E L E S S   F R E E D O M
 -----------------------------------------------------
 OpenWrt 19.07-SNAPSHOT, r10918-2a84434
 -----------------------------------------------------
=== WARNING! =====================================
There is no root password defined on this device!
Use the "passwd" command to set up a new password
in order to prevent unauthorized SSH logins.
--------------------------------------------------

makito013 · February 7, 2020, 6:46pm

I changed the network configuration, but without success:

config interface 'loopback'
        option ifname 'lo'
        option proto 'static'
        option ipaddr '127.0.0.1'
        option netmask '255.0.0.0'

config globals 'globals'
        option ula_prefix 'fd27:70fa:5c1d::/48'

config interface 'lan'
        option type 'client'
        option ifname 'eth0, eth0.1, eth0.2'
        option proto 'static'
        option netmask '255.255.0.0'
        option ipaddr '192.168.0.22'
        option gateway '255.255.0.0'
        option dns '8.8.8.8'

config interface 'wan'
        option ifname 'eth0.2'
        option proto 'dhcp'

lleachii · February 7, 2020, 7:00pm

Why this difference?

mk24 · February 7, 2020, 7:00pm

There are many things wrong with your unsuccessful network configuration. It looks like you should be able to import the Barrier Breaker one instead of attempting to re-write the whole thing.

You need switch configuration in /etc/config/network to set up for VLANs.

A port.vlan can be in only one network interface. When running VLANs on a port do not attach the parent port (eth0) to anything.

When WAN is DHCP, it will take care of setting default gateway. 'gateway 255.255.0.0' makes absolutely no sense. It needs to be the IP of the router that is next in line to the Internet.

option type should be 'bridge' not 'client'.

Overall are you looking to run this as a LAN->WAN router or as a LAN device?

ulmwind · February 7, 2020, 7:18pm

Revert to default configuration, and write once more, what you want. I don't understand, what you want to achieve.

makito013 · February 7, 2020, 7:27pm

I wanted to create two different networks, one for port 4 (network 1) of the module and another for ports 1 to 3 (network 2).
I'm making a firmware that create a UDP server on network 1 will decode the data, check if it is valid, check which equipment the data is linked to, code again and send it to the equipment using a UDP port on network 2, there are two different networks .

mk24 · February 7, 2020, 7:54pm

It's not complicated to set up another VLAN and do that (though I would keep the default LAN as network 1 and the new custom application as network 2).

But first you have to have a handle on the basic LAN->WAN operation then add to that.

ulmwind · February 7, 2020, 9:41pm

Just two different networks? Do you need NAT?

makito013 · February 8, 2020, 2:37am

Yes, just two, I don't need NAT.

makito013 · February 8, 2020, 4:30am

I did some research but I still haven't been successful, I have the two networks with different ips but I can't ping them.
I collected some more information to see if it helps in my case:

ls -l /sys/class/net

lrwxrwxrwx    1 root     root             0 Feb  5 04:23 br-lan -> ../../devices/virtual/net/br-lan
lrwxrwxrwx    1 root     root             0 Feb  5 04:00 br-lan2 -> ../../devices/virtual/net/br-lan2
lrwxrwxrwx    1 root     root             0 Jan  1  1970 eth0 -> ../../devices/platform/10100000.ethernet/net/eth0
lrwxrwxrwx    1 root     root             0 Feb  5 04:00 eth0.2 -> ../../devices/virtual/net/eth0.2
lrwxrwxrwx    1 root     root             0 Jan  1  1970 lo -> ../../devices/virtual/net/lo
lrwxrwxrwx    1 root     root             0 Feb  5 04:22 wlan0 -> ../../devices/platform/10300000.wmac/net/wlan0

swconfig dev switch0 show

Global attributes:
        enable_vlan: 1
        alternate_vlan_disable: 0
        bc_storm_protect: 0
        led_frequency: 0
Port 0:
        disable: 0
        doubletag: 0
        untag: 1
        led: 5
        lan: 1
        recv_bad: 0
        recv_good: 0
        tr_bad: 0
        tr_good: 0
        pvid: 2
        link: port:0 link:down
Port 1:
        disable: 0
        doubletag: 0
        untag: 1
        led: 5
        lan: 1
        recv_bad: 0
        recv_good: 0
        tr_bad: 0
        tr_good: 0
        pvid: 1
        link: port:1 link:down
Port 2:
        disable: 0
        doubletag: 0
        untag: 1
        led: 5
        lan: 1
        recv_bad: 0
        recv_good: 0
        tr_bad: 0
        tr_good: 0
        pvid: 1
        link: port:2 link:down
Port 3:
        disable: 0
        doubletag: 0
        untag: 1
        led: 5
        lan: 1
        recv_bad: 0
        recv_good: 45390
        tr_bad: 0
        tr_good: 158
        pvid: 1
        link: port:3 link:up speed:100baseT full-duplex
Port 4:
        disable: 0
        doubletag: 0
        untag: 1
        led: 5
        lan: 1
        recv_bad: 0
        recv_good: 0
        tr_bad: 0
        tr_good: 0
        pvid: 1
        link: port:4 link:down
Port 5:
        disable: 1
        doubletag: 0
        untag: 0
        led: ???
        lan: 1
        recv_bad: 0
        recv_good: 0
        tr_bad: 0
        tr_good: 0
        pvid: 0
        link: port:5 link:down
Port 6:
        disable: 0
        doubletag: 0
        untag: 0
        led: ???
        lan: ???
        recv_bad: ???
        recv_good: ???
        tr_bad: ???
        tr_good: ???
        pvid: 0
        link: port:6 link:up speed:1000baseT full-duplex
VLAN 1:
        ports: 1 2 3 4 5t
VLAN 2:
        ports: 0 5t

my new network settings
vi network

config interface 'loopback'
    option ifname 'lo'
    option proto 'static'
    option ipaddr '127.0.0.1'
    option netmask '255.0.0.0'

config globals 'globals'
    option ula_prefix 'fd27:70fa:5c1d::/48'

config interface 'lan'
    option type 'bridge'
    option ifname 'eth0'
    option proto 'static'
    option netmask '255.255.0.0'
    option ipaddr '192.168.0.22'


config interface 'lan2'
    option type 'bridge'
    option ifname 'eth0.2'
    option proto 'static'
    option netmask '255.255.0.0'
    option ipaddr '192.168.0.23'

config 'switch' 'eth0'
        option 'reset' '1'
        option 'enable_vlan' '1'

config 'switch_vlan' 'eth0_1'
        option 'device' 'eth0.1'
        option 'vlan' '1'
        option 'ports' '3'

config 'switch_vlan' 'eth0_2'
        option 'device' 'eth0.2'
        option 'vlan' '2'
        option 'ports' '2'

unfortunately the card uses a wan, and I need all of them to be lan, can I change the wan port to lan?

What is missing from my configuration to work on both networks?

I appreciate the attention that everyone has given me!

mk24 · February 8, 2020, 5:31am

There are still a lot of fundamental problems here.

First you really need to get the fundamentals before trying your final setup. Have one network, the LAN, and be able to access the Internet with it.

Porting to a new device is an advanced topic. I would suggest practicing on a fully supported device that has a release build with known working default configurations. Look at the wiki about the " dumb AP" use case for where you should begin.

No offense but your attempt to write /etc/config/network from scratch shows you don't know some basic concepts. Your use of IP addresses and netmasks has not produced two independent networks. You keep using plain eth0 when you should not. The swconfig show shows the CPU is actually port 6, and there is only one live Ethernet cable, plugged into port 3. But again your syntax trying to configure the switch is completely nonsense so it doesn't matter.

ulmwind · February 8, 2020, 9:12am

In example on my device there is section:

config switch_vlan
        option device 'switch0'
        option vlan '1'
        option ports '1 2 3 4 0t'

There is no string containing 'eth0.1', it is defined implicitly by 'vlan' option.

Please, give default configuration of your switch, and write, what tags you want to assign to ports.

makito013 · February 10, 2020, 1:33am

I think I'm expressing myself wrong, I don't want my equipment to be a router, there will already be a router on the network, I just want it to connect to the network through the ports so it will be a firewall that will be watching what is going on in the network 1 and pass relevant data to network 2.

I think my settings are not working because he is putting a dhcp on the lan network, what should I do so he only connects to a network?

dlakelan · February 10, 2020, 1:46am

Do you just want to bridge certain packets from one interface to another? If so, you just set up a single interface, as a bridge, and enable bridge netfilters so that iptables runs on the bridge and filters the traffic down to the stuff you want to let through.