DHCP Issues with VLANs on Linux

Hello,

I have a Pi4 running as a router with OpenWRT and am looking to set up a DMZ. Currently I have set up the VLANs with open firewall rules and everything on the default VLAN1 side works just fine with Windows or Linux.

When I test the DMZ side (VLAN 10) with a Windows 10 machine it can recieve an IP address, ping the router and access the internet fine, however when I try it with a Linux machine I cannot get an IP address. I've tried a kali instance on a raspberry Pi and a Parrot OS VM on the Windows 10 machine. I'm not sure if the issue is with the router config or some config on the Linux machines.

Anyone encountered anything like this before? Happy to provide copies of any config files you might want to help resolve it.

Cheers,
David

Please, do this.

1 Like

Sorry, which files would help? I've done the configuration through luci, but happy to dump whatever would be useful.

Please copy the output of the following commands and post it here using the "Preformatted text </> " button:
grafik
Remember to redact passwords, MAC addresses and any public IP addresses you may have:

cat /etc/config/network
cat /etc/config/dhcp
cat /etc/config/firewall
2 Likes

Thanks, please see below files. I should add that at the moment of showing /etc/config/dhcp there was nothing plugged into the DMZ side of the switch. If needed I'll happily plug stuff in and provide outputs.

/etc/config/network

config interface 'loopback'
        option device 'lo'
        option proto 'static'
        option ipaddr '127.0.0.1'
        option netmask '255.0.0.0'

config globals 'globals'
        option ula_prefix 'fd9c:9e3a:0ded::/48'
        option packet_steering '1'

config device
        option name 'br-lan'
        option type 'bridge'
        list ports 'eth0'

config interface 'lan'
        option device 'br-lan'
        option proto 'static'
        option netmask '255.255.255.0'
        option ip6assign '60'
        option ipaddr '192.168.9.1'

config interface 'lte'
        option proto 'dhcp'
        option device 'eth1'

config device
        option name 'eth1'

config interface 'dmz'
        option proto 'static'
        option device 'eth0.10'
        option ipaddr '10.1.1.1'
        option netmask '255.255.255.0'

/etc/config/dhcp

config dnsmasq
        option domainneeded '1'
        option localise_queries '1'
        option rebind_protection '1'
        option rebind_localhost '1'
        option local '/lan/'
        option domain 'lan'
        option expandhosts '1'
        option authoritative '1'
        option readethers '1'
        option leasefile '/tmp/dhcp.leases'
        option resolvfile '/tmp/resolv.conf.d/resolv.conf.auto'
        option localservice '1'
        option ednspacket_max '1232'
        option dnsforwardmax '2300'
        option min_cache_ttl '270'
        option cachesize '5000'
        list ipset '/igamecj.com/gcloudcs.com/qos.gcloud.qq.com/latsens,latsens6'
        list ipset '/zoom.us/streaming,streaming6'
        list ipset '/googlevideo.com/*.googlevideo.com/streaming,streaming6'
        list ipset '/vevo.com/streaming,streaming6'
        list ipset '/nflxvideo.net/streaming,streaming6'
        list ipset '/netflix.com/streaming,streaming6'
        list ipset '/nflxso.net/streaming,streaming6'
        list ipset '/nflximg.com/streaming,streaming6'
        list ipset '/s3.ll.dash.row.aiv-cdn.net/d25xi40x97liuc.cloudfront.net/aiv-delivery.net/streaming,streaming6'
        list ipset '/fbcdn.net/streaming,streaming6'
        list ipset '/ttvnw.net/streaming,streaming6'
        list ipset '/audio-fa.scdn.cot/streaming,streaming6'
        list ipset '/deezer.com/streaming,streaming6'
        list ipset '/sndcdn.com/streaming,streaming6'
        list ipset '/last.fm/streaming,streaming6'
        list ipset '/v.redd.it/streaming,streaming6'
        list ipset '/iview.abc.net.au/streaming,streaming6'
        list ipset '/play.stan.com.au/streaming,streaming6'
        list ipset '/disneyplus.com/streaming,streaming6'
        list ipset '/cloudfront.net/streaming,streaming6'
        list ipset '/aiv-cdn.net/r.cloudfront.net/aiv-delivery.net/streaming,streaming6'
        list ipset '/vs-dash-uk-live.akamaized.net/streaming,streaming6'
        list ipset '/cdn.bllon.isp.sky.com/live.bidi.net.uk/streaming,streaming6'
        list ipset '/ssl-bbcdotcom.2cnt.net/streaming,streaming6'
        list ipset '/millicast.com/streaming,streaming6'
        list ipset '/xirsys.com/streaming,streaming6'
        list ipset '/googletagmanager.com/googleusercontent.com/*.googleusercontent.com/google.com/fbcdn.net/*.fbcdn.net/akamaihd.net/*.akamaihd.net/whatsapp.net/*.whatsapp.net/whatsapp.com/*.whatsapp.com/www-cdn.whatsapp.net/googleapis.com/*.googleapis.com/ucy.ac.cy/1e100.net/hwcdn.net/usrcdn,usrcdn6'
        list ipset '/akamai.net/usrcdn,usrcdn6'
        list ipset '/download.qq.com/bulk,bulk6'
        list ipset '/steamcontent.com/bulk,bulk6'
        list ipset '/gs2.ww.prod.dl.playstation.net/bulk,bulk6'
        list ipset '/dropbox.com/dropboxstatic.com/dropbox-dns.com/log.getdropbox.com/bulk,bulk6'
        list ipset '/drive.google.com/drive-thirdparty.googleusercontent.com/bulk,bulk6'
        list ipset '/1drv.ms/bulk,bulk6'
        list ipset '/1drv.com/bulk,bulk6'
        list ipset '/docs.google.com/docs.googleusercontent.com/bulk,bulk6'
        list ipset '/gvt1.com/bulk,bulk6'
        list ipset '/mmg-fna.whatsapp.net/bulk,bulk6'
        list ipset '/upload.youtube.com/upload.video.google.com/bulk,bulk6'
        list ipset '/windowsupdate.com/update.microsoft.com/bulk,bulk6'
        list ipset '/ms-acdc.office.com/bulk,bulk6'
        list ipset '/graph.microsoft.com/bulk,bulk6'
        list ipset '/web.whatsapp.com/bulk,bulk6'
        list ipset '/*.fastly.net/bulk,bulk6'
        list ipset '/downloads.openwrt.org/bulk,bulk6'
        list ipset '/*.cdn.openwrt.org/bulk,bulk6'
        list ipset '/gvt1.com/gvt2.com/android.clients.google.com/clients1.google.com/clients2.google.com/clients3.google.com/clients4.google.com/clients5.google.com/clients6.google.com/play.googleapis.com/bulk,bulk6'
        list ipset '/assetcdn.101.arenanetworks.com/gamecache4,gamecache6'
        list ipset '/assetcdn.102.arenanetworks.com/gamecache4,gamecache6'
        list ipset '/assetcdn.103.arenanetworks.com/gamecache4,gamecache6'
        list ipset '/live.patcher.bladeandsoul.com/gamecache4,gamecache6'
        list ipset '/dist.blizzard.com/gamecache4,gamecache6'
        list ipset '/dist.blizzard.com.edgesuite.net/gamecache4,gamecache6'
        list ipset '/llnw.blizzard.com/gamecache4,gamecache6'
        list ipset '/edgecast.blizzard.com/gamecache4,gamecache6'
        list ipset '/blizzard.vo.llnwd.net/gamecache4,gamecache6'
        list ipset '/blzddist1-a.akamaihd.net/gamecache4,gamecache6'
        list ipset '/blzddist2-a.akamaihd.net/gamecache4,gamecache6'
        list ipset '/blzddist3-a.akamaihd.net/gamecache4,gamecache6'
        list ipset '/blzddist4-a.akamaihd.net/gamecache4,gamecache6'
        list ipset '/level3.blizzard.com/gamecache4,gamecache6'
        list ipset '/nydus.battle.net/gamecache4,gamecache6'
        list ipset '/edge.blizzard.top.comcast.net/gamecache4,gamecache6'
        list ipset '/cdn.blizzard.com/gamecache4,gamecache6'
        list ipset '/cdn-11.eft-store.com/gamecache4,gamecache6'
        list ipset '/cl-453343cd.gcdn.co/gamecache4,gamecache6'
        list ipset '/cdn.homecomingservers.com/gamecache4,gamecache6'
        list ipset '/nsa.tools/gamecache4,gamecache6'
        list ipset '/pls.patch.daybreakgames.com/gamecache4,gamecache6'
        list ipset '/cdn1.epicgames.com/gamecache4,gamecache6'
        list ipset '/cdn.unrealengine.com/gamecache4,gamecache6'
        list ipset '/cdn1.unrealengine.com/gamecache4,gamecache6'
        list ipset '/cdn2.unrealengine.com/gamecache4,gamecache6'
        list ipset '/cdn3.unrealengine.com/gamecache4,gamecache6'
        list ipset '/download.epicgames.com/gamecache4,gamecache6'
        list ipset '/download2.epicgames.com/gamecache4,gamecache6'
        list ipset '/download3.epicgames.com/gamecache4,gamecache6'
        list ipset '/download4.epicgames.com/gamecache4,gamecache6'
        list ipset '/epicgames-download1.akamaized.net/gamecache4,gamecache6'
        list ipset '/cdn.zaonce.net/gamecache4,gamecache6'
        list ipset '/hirez.http.internapcdn.net/gamecache4,gamecache6'
        list ipset '/level3.nwhttppatch.crypticstudios.com/gamecache4,gamecache6'
        list ipset '/filedelivery.nexusmods.com/gamecache4,gamecache6'
        list ipset '/ccs.cdn.wup.shop.nintendo.com/gamecache4,gamecache6'
        list ipset '/ccs.cdn.wup.shop.nintendo.net/gamecache4,gamecache6'
        list ipset '/ccs.cdn.wup.shop.nintendo.net.edgesuite.net/gamecache4,gamecache6'
        list ipset '/geisha-wup.cdn.nintendo.net/gamecache4,gamecache6'
        list ipset '/geisha-wup.cdn.nintendo.net.edgekey.net/gamecache4,gamecache6'
        list ipset '/idbe-wup.cdn.nintendo.net/gamecache4,gamecache6'
        list ipset '/idbe-wup.cdn.nintendo.net.edgekey.net/gamecache4,gamecache6'
        list ipset '/ecs-lp1.hac.shop.nintendo.net/gamecache4,gamecache6'
        list ipset '/receive-lp1.dg.srv.nintendo.net/gamecache4,gamecache6'
        list ipset '/*.wup.eshop.nintendo.net/gamecache4,gamecache6'
        list ipset '/*.hac.lp1.d4c.nintendo.net/gamecache4,gamecache6'
        list ipset '/*.hac.lp1.eshop.nintendo.net/gamecache4,gamecache6'
        list ipset '/origin-a.akamaihd.net/gamecache4,gamecache6'
        list ipset '/lvlt.cdn.ea.com/gamecache4,gamecache6'
        list ipset '/rxp-lv.cncirc.net/gamecache4,gamecache6'
        list ipset '/cronub.fairplayinc.uk/gamecache4,gamecache6'
        list ipset '/amirror.tyrant.gg/gamecache4,gamecache6'
        list ipset '/mirror.usa.tyrant.gg/gamecache4,gamecache6'
        list ipset '/renx.b-cdn.net/gamecache4,gamecache6'
        list ipset '/l3cdn.riotgames.com/gamecache4,gamecache6'
        list ipset '/worldwide.l3cdn.riotgames.com/gamecache4,gamecache6'
        list ipset '/riotgamespatcher-a.akamaihd.net/gamecache4,gamecache6'
        list ipset '/riotgamespatcher-a.akamaihd.net.edgesuite.net/gamecache4,gamecache6'
        list ipset '/*.dyn.riotcdn.net/gamecache4,gamecache6'
        list ipset '/patches.rockstargames.com/gamecache4,gamecache6'
        list ipset '/gs2.ww.prod.dl.playstation.net/gamecache4,gamecache6'
        list ipset '/gs2.sonycoment.loris-e.llnwd.net/gamecache4,gamecache6'
        list ipset '/patch-dl.ffxiv.com/gamecache4,gamecache6'
        list ipset '/lancache.steamcontent.com/gamecache4,gamecache6'
        list ipset '/*.content.steampowered.com/gamecache4,gamecache6'
        list ipset '/content1.steampowered.com/gamecache4,gamecache6'
        list ipset '/content2.steampowered.com/gamecache4,gamecache6'
        list ipset '/content3.steampowered.com/gamecache4,gamecache6'
        list ipset '/content4.steampowered.com/gamecache4,gamecache6'
        list ipset '/content5.steampowered.com/gamecache4,gamecache6'
        list ipset '/content6.steampowered.com/gamecache4,gamecache6'
        list ipset '/content7.steampowered.com/gamecache4,gamecache6'
        list ipset '/content8.steampowered.com/gamecache4,gamecache6'
        list ipset '/cs.steampowered.com/gamecache4,gamecache6'
        list ipset '/steamcontent.com/gamecache4,gamecache6'
        list ipset '/client-download.steampowered.com/gamecache4,gamecache6'
        list ipset '/*.hsar.steampowered.com.edgesuite.net/gamecache4,gamecache6'
        list ipset '/*.akamai.steamstatic.com/gamecache4,gamecache6'
        list ipset '/content-origin.steampowered.com/gamecache4,gamecache6'
        list ipset '/clientconfig.akamai.steamtransparent.com/gamecache4,gamecache6'
        list ipset '/steampipe.akamaized.net/gamecache4,gamecache6'
        list ipset '/edgecast.steamstatic.com/gamecache4,gamecache6'
        list ipset '/steam.apac.qtlglb.com.mwcloudcdn.com/gamecache4,gamecache6'
        list ipset '/*.cm.steampowered.com/gamecache4,gamecache6'
        list ipset '/cdn1-sea1.valve.net/gamecache4,gamecache6'
        list ipset '/cdn2-sea1.valve.net/gamecache4,gamecache6'
        list ipset '/*.steam-content-dnld-1.apac-1-cdn.cqloud.com/gamecache4,gamecache6'
        list ipset '/*.steam-content-dnld-1.eu-c1-cdn.cqloud.com/gamecache4,gamecache6'
        list ipset '/steam.apac.qtlglb.com/gamecache4,gamecache6'
        list ipset '/edge.steam-dns.top.comcast.net/gamecache4,gamecache6'
        list ipset '/edge.steam-dns-2.top.comcast.net/gamecache4,gamecache6'
        list ipset '/steam.naeu.qtlglb.com/gamecache4,gamecache6'
        list ipset '/steampipe-kr.akamaized.net/gamecache4,gamecache6'
        list ipset '/steam.ix.asn.au/gamecache4,gamecache6'
        list ipset '/steam.eca.qtlglb.com/gamecache4,gamecache6'
        list ipset '/steam.cdn.on.net/gamecache4,gamecache6'
        list ipset '/update5.dota2.wmsj.cn/gamecache4,gamecache6'
        list ipset '/update2.dota2.wmsj.cn/gamecache4,gamecache6'
        list ipset '/update6.dota2.wmsj.cn/gamecache4,gamecache6'
        list ipset '/update3.dota2.wmsj.cn/gamecache4,gamecache6'
        list ipset '/update1.dota2.wmsj.cn/gamecache4,gamecache6'
        list ipset '/update4.dota2.wmsj.cn/gamecache4,gamecache6'
        list ipset '/update5.csgo.wmsj.cn/gamecache4,gamecache6'
        list ipset '/update2.csgo.wmsj.cn/gamecache4,gamecache6'
        list ipset '/update4.csgo.wmsj.cn/gamecache4,gamecache6'
        list ipset '/update3.csgo.wmsj.cn/gamecache4,gamecache6'
        list ipset '/update6.csgo.wmsj.cn/gamecache4,gamecache6'
        list ipset '/update1.csgo.wmsj.cn/gamecache4,gamecache6'
        list ipset '/st.dl.bscstorage.net/gamecache4,gamecache6'
        list ipset '/cdn.mileweb.cs.steampowered.com.8686c.com/gamecache4,gamecache6'
        list ipset '/live.patcher.elderscrollsonline.com/gamecache4,gamecache6'
        list ipset '/d3rmjivj4k4f0t.cloudfront.net/gamecache4,gamecache6'
        list ipset '/addons.forgesvc.net/gamecache4,gamecache6'
        list ipset '/media.forgecdn.net/gamecache4,gamecache6'
        list ipset '/files.forgecdn.net/gamecache4,gamecache6'
        list ipset '/*.cdn.ubi.com/gamecache4,gamecache6'
        list ipset '/content.warframe.com/gamecache4,gamecache6'
        list ipset '/dl1.wargaming.net/gamecache4,gamecache6'
        list ipset '/dl2.wargaming.net/gamecache4,gamecache6'
        list ipset '/wg.gcdn.co/gamecache4,gamecache6'
        list ipset '/wgusst-na.wargaming.net/gamecache4,gamecache6'
        list ipset '/wgusst-eu.wargaming.net/gamecache4,gamecache6'
        list ipset '/update-v4r4h10x.worldofwarships.com/gamecache4,gamecache6'
        list ipset '/wgus-wotasia.wargaming.net/gamecache4,gamecache6'
        list ipset '/dl-wot-ak.wargaming.net/gamecache4,gamecache6'
        list ipset '/dl-wot-gc.wargaming.net/gamecache4,gamecache6'
        list ipset '/dl-wot-se.wargaming.net/gamecache4,gamecache6'
        list ipset '/dl-wot-cdx.wargaming.net/gamecache4,gamecache6'
        list ipset '/dl-wows-ak.wargaming.net/gamecache4,gamecache6'
        list ipset '/dl-wows-gc.wargaming.net/gamecache4,gamecache6'
        list ipset '/dl-wows-se.wargaming.net/gamecache4,gamecache6'
        list ipset '/dl-wows-cdx.wargaming.net/gamecache4,gamecache6'
        list ipset '/dl-wowp-ak.wargaming.net/gamecache4,gamecache6'
        list ipset '/dl-wowp-gc.wargaming.net/gamecache4,gamecache6'
        list ipset '/dl-wowp-se.wargaming.net/gamecache4,gamecache6'
        list ipset '/dl-wowp-cdx.wargaming.net/gamecache4,gamecache6'
        list ipset '/*.windowsupdate.com/gamecache4,gamecache6'
        list ipset '/windowsupdate.com/gamecache4,gamecache6'
        list ipset '/*.dl.delivery.mp.microsoft.com/gamecache4,gamecache6'
        list ipset '/dl.delivery.mp.microsoft.com/gamecache4,gamecache6'
        list ipset '/*.update.microsoft.com/gamecache4,gamecache6'
        list ipset '/*.do.dsp.mp.microsoft.com/gamecache4,gamecache6'
        list ipset '/*.microsoft.com.edgesuite.net/gamecache4,gamecache6'
        list ipset '/amupdatedl.microsoft.com/gamecache4,gamecache6'
        list ipset '/amupdatedl2.microsoft.com/gamecache4,gamecache6'
        list ipset '/amupdatedl3.microsoft.com/gamecache4,gamecache6'
        list ipset '/amupdatedl4.microsoft.com/gamecache4,gamecache6'
        list ipset '/amupdatedl5.microsoft.com/gamecache4,gamecache6'
        list ipset '/assets1.xboxlive.com/gamecache4,gamecache6'
        list ipset '/assets2.xboxlive.com/gamecache4,gamecache6'
        list ipset '/dlassets.xboxlive.com/gamecache4,gamecache6'
        list ipset '/xboxone.loris.llnwd.net/gamecache4,gamecache6'
        list ipset '/xboxone.vo.llnwd.net/gamecache4,gamecache6'
        list ipset '/xbox-mbr.xboxlive.com/gamecache4,gamecache6'
        list ipset '/assets1.xboxlive.com.nsatc.net/gamecache4,gamecache6'
        list ipset '/xvcf1.xboxlive.com/gamecache4,gamecache6'
        list server '8.8.8.8'
        list address '/router/192.168.9.1'

config dhcp 'lan'
        option interface 'lan'
        option start '100'
        option limit '150'
        option leasetime '12h'
        option dhcpv4 'server'
        option dhcpv6 'server'
        option ra 'server'
        list ra_flags 'managed-config'
        list ra_flags 'other-config'

config dhcp 'wan'
        option interface 'wan'
        option ignore '1'

config odhcpd 'odhcpd'
        option maindhcp '0'
        option leasefile '/tmp/hosts/odhcpd'
        option leasetrigger '/usr/sbin/odhcpd-update'
        option loglevel '4'

config host
        option name 'BRWA86BAD196378'
        option ip '192.168.9.200'
        option mac 'A8:6B:AD:19:63:78'

config host
        option name 'davePi3'
        option ip '192.168.9.135'
        option mac 'B8:27:EB:D5:2C:F8'

config host
        option name 'DESKTOP-8396GTO'
        option ip '192.168.9.167'
        option mac '84:3A:4B:04:52:BE'

config host
        option name 'DESKTOP-CR6OB1I'
        option ip '192.168.1.211'
        option mac 'E0:D5:5E:D2:A3:2D'

config host
        option name 'DESKTOP-MDEHMTA'
        option ip '192.168.9.181'
        option mac '64:C9:01:CB:8F:AD'

config host
        option name 'TL-WPA4220'
        option ip '192.168.9.242'
        option mac '1C:3B:F3:2E:0C:32'

config host
        option name 'DESKTOP-HPH1GC6'
        option ip '192.168.9.185'
        option mac 'E0:D5:5E:86:2F:B7'

config host
        option name 'raspberrypi'
        option ip '192.168.9.212'
        option mac 'B8:27:EB:D3:3C:C9'

config host
        option ip '192.168.9.153'
        option mac '00:5F:67:32:F1:D8'

config dhcp 'dmz'
        option interface 'dmz'
        option start '100'
        option limit '150'
        option leasetime '12h'

/etc/config/firewall

config defaults
        option input 'ACCEPT'
        option output 'ACCEPT'
        option forward 'REJECT'
        option synflood_protect '1'

config zone
        option name 'lan'
        option input 'ACCEPT'
        option output 'ACCEPT'
        option forward 'ACCEPT'
        list network 'lan'

config zone
        option name 'wan'
        option input 'REJECT'
        option output 'ACCEPT'
        option forward 'REJECT'
        option masq '1'
        option mtu_fix '1'
        list network 'wan'
        list network 'wan6'
        list network 'lte'

config forwarding
        option src 'lan'
        option dest 'wan'

config rule
        option name 'Allow-DHCP-Renew'
        option src 'wan'
        option proto 'udp'
        option dest_port '68'
        option target 'ACCEPT'
        option family 'ipv4'

config rule
        option name 'Allow-Ping'
        option src 'wan'
        option proto 'icmp'
        option icmp_type 'echo-request'
        option family 'ipv4'
        option target 'ACCEPT'

config rule
        option name 'Allow-IGMP'
        option src 'wan'
        option proto 'igmp'
        option family 'ipv4'
        option target 'ACCEPT'

config rule
        option name 'Allow-DHCPv6'
        option src 'wan'
        option proto 'udp'
        option src_ip 'fc00::/6'
        option dest_ip 'fc00::/6'
        option dest_port '546'
        option family 'ipv6'
        option target 'ACCEPT'

config rule
        option name 'Allow-MLD'
        option src 'wan'
        option proto 'icmp'
        option src_ip 'fe80::/10'
        list icmp_type '130/0'
        list icmp_type '131/0'
        list icmp_type '132/0'
        list icmp_type '143/0'
        option family 'ipv6'
        option target 'ACCEPT'

config rule
        option name 'Allow-ICMPv6-Input'
        option src 'wan'
        option proto 'icmp'
        list icmp_type 'echo-request'
        list icmp_type 'echo-reply'
        list icmp_type 'destination-unreachable'
        list icmp_type 'packet-too-big'
        list icmp_type 'time-exceeded'
        list icmp_type 'bad-header'
        list icmp_type 'unknown-header-type'
        list icmp_type 'router-solicitation'
        list icmp_type 'neighbour-solicitation'
        list icmp_type 'router-advertisement'
        list icmp_type 'neighbour-advertisement'
        option limit '1000/sec'
        option family 'ipv6'
        option target 'ACCEPT'

config rule
        option name 'Allow-ICMPv6-Forward'
        option src 'wan'
        option dest '*'
        option proto 'icmp'
        list icmp_type 'echo-request'
        list icmp_type 'echo-reply'
        list icmp_type 'destination-unreachable'
        list icmp_type 'packet-too-big'
        list icmp_type 'time-exceeded'
        list icmp_type 'bad-header'
        list icmp_type 'unknown-header-type'
        option limit '1000/sec'
        option family 'ipv6'
        option target 'ACCEPT'

config rule
        option name 'Allow-IPSec-ESP'
        option src 'wan'
        option dest 'lan'
        option proto 'esp'
        option target 'ACCEPT'

config rule
        option name 'Allow-ISAKMP'
        option src 'wan'
        option dest 'lan'
        option dest_port '500'
        option proto 'udp'
        option target 'ACCEPT'

config rule
        option name 'Support-UDP-Traceroute'
        option src 'wan'
        option dest_port '33434:33689'
        option proto 'udp'
        option family 'ipv4'
        option target 'REJECT'
        option enabled 'false'

config include
        option path '/etc/firewall.user'
        option reload '1'

config zone
        option name 'dmz'
        option input 'ACCEPT'
        option output 'ACCEPT'
        option forward 'REJECT'
        list network 'dmz'
        option log '1'

config forwarding
        option src 'dmz'
        option dest 'wan'

config forwarding
        option src 'lan'
        option dest 'dmz'

I'm not seeing any obvious issues.

Do you have a managed switch between the router and the linux box? Is it properly configured?

2 Likes

Yeah, the following is the VLAN config for the switch. The router is wired to port 2, the rest of my home network is on port 3 and the DMZ devices i'm plugging in are attched to port 1.

where is the linux box connected (what port on the switch)? and what about the router?

1 Like

Was just editing it in above :slight_smile: The router is wired to port 2, the rest of my home network is on port 3 and the DMZ devices i'm plugging in are attched to port 1.

port 1 only has lan 10 tagged -- you probably want that to be untagged on port 1 unless your end device is configured to expect tagged frames.

3 Likes

You absolute champion! That was it! Makes sense to need it to be untagged. I'm guessing Windows can handle tagged frames and Linux must not be so keen.

Thank you!

1 Like

This topic was automatically closed 10 days after the last reply. New replies are no longer allowed.