Hello!
I did an in-place attended sysupgrade on both my edge-router X and unifi6 lite AP and i'm having problems with DHCP. My main lan1 wifi works OK, but my second ssid is getting "DHCP" lookup failed. I didn't restore a full backup, just /network /firewall and /DHCP, trying to get a fresh start... but the problem persisted after resets and trial and error. same results. Please help!
also, when using 'clear' via ssh, it returns the terminal history each command I.e
cat /etc/config/network
clear
cat /etc/config/DHCP
will display to the terminal the entire history after clear:
cat /etc/config/network
cat /etc/config/DHCP
is this a known bug?
I would like to only allow luci/ssh access via physical switch ports. I have the mgmt vlan setup in openwrt and my switch. What kind of firewall rules should I be looking at?
finally, I would like to isolate one device on the network only allowing them Internet access, and no access to devices on the same ssid/network.
etc/config/network
option device 'lo'
option proto 'static'
option ipaddr '127.0.0.1'
option netmask '255.0.0.0'
config globals 'globals'
option packet_steering '1'
config device
option name 'br-lan'
option type 'bridge'
list ports 'eth1'
list ports 'eth2'
list ports 'eth3'
list ports 'eth4'
config interface 'lan'
option device 'br-lan.1'
option proto 'static'
option ipaddr '192.168.1.1'
option netmask '255.255.255.0'
option ip6assign '60'
option delegate '0'
option ipv6 '0'
config bridge-vlan
option device 'br-lan'
option vlan '1'
list ports 'eth1'
list ports 'eth2'
list ports 'eth3'
list ports 'eth4'
config interface 'GST'
option proto 'static'
option device 'br-lan.10'
option ipaddr '192.168.10.1'
option netmask '255.255.255.0'
config interface 'cams'
option proto 'static'
option device 'br-lan.20'
option ipaddr '192.168.20.1'
option netmask '255.255.255.0'
config interface 'mgmt'
option proto 'static'
option device 'br-lan.30'
option ipaddr '192.168.30.1'
option netmask '255.255.255.0'
config bridge-vlan
option device 'br-lan'
option vlan '10'
list ports 'eth1:t'
list ports 'eth2:t'
config interface 'wan'
option device 'eth0'
option proto 'dhcp'
option ipv6 '0'
config device
option name 'eth0'
/etc/config/firewall
option device 'lo'
option proto 'static'
option ipaddr '127.0.0.1'
option netmask '255.0.0.0'
config globals 'globals'
option packet_steering '1'
config device
option name 'br-lan'
option type 'bridge'
list ports 'eth1'
list ports 'eth2'
list ports 'eth3'
list ports 'eth4'
config interface 'lan'
option device 'br-lan.1'
option proto 'static'
option ipaddr '192.168.1.1'
option netmask '255.255.255.0'
option ip6assign '60'
option delegate '0'
option ipv6 '0'
config bridge-vlan
option device 'br-lan'
option vlan '1'
list ports 'eth1'
list ports 'eth2'
list ports 'eth3'
list ports 'eth4'
config interface 'GST'
option proto 'static'
option device 'br-lan.10'
option ipaddr '192.168.10.1'
option netmask '255.255.255.0'
config interface 'cams'
option proto 'static'
option device 'br-lan.20'
option ipaddr '192.168.20.1'
option netmask '255.255.255.0'
config interface 'mgmt'
option proto 'static'
option device 'br-lan.30'
option ipaddr '192.168.30.1'
option netmask '255.255.255.0'
config bridge-vlan
option device 'br-lan'
option vlan '10'
list ports 'eth1:t'
list ports 'eth2:t'
config interface 'wan'
option device 'eth0'
option proto 'dhcp'
option ipv6 '0'
config device
option name 'eth0'
root@OpenWrt:~# cat /etc/config/firewall
config defaults
option input 'REJECT'
option output 'ACCEPT'
option forward 'REJECT'
option synflood_protect '1'
config zone
option name 'vlan_1'
option input 'ACCEPT'
option output 'ACCEPT'
option forward 'ACCEPT'
list network 'lan'
config zone
option name 'vlan_10'
option output 'ACCEPT'
option forward 'REJECT'
list network 'GST'
option input 'DROP'
config zone
option name 'wan'
option input 'REJECT'
option output 'ACCEPT'
option forward 'REJECT'
option masq '1'
option mtu_fix '1'
list network 'wan'
config forwarding
option src 'vlan_1'
option dest 'wan'
config rule
option name 'Allow-DHCP-Renew'
option src 'wan'
option proto 'udp'
option dest_port '68'
option target 'ACCEPT'
option family 'ipv4'
config rule
option name 'Allow-Ping'
option src 'wan'
option proto 'icmp'
option icmp_type 'echo-request'
option family 'ipv4'
option target 'ACCEPT'
option enabled '0'
config rule
root@OpenWrt:~# cat /etc/config/firewall
config defaults
option input 'REJECT'
option output 'ACCEPT'
option forward 'REJECT'
option synflood_protect '1'
config zone
option name 'vlan_1'
option input 'ACCEPT'
option output 'ACCEPT'
option forward 'ACCEPT'
list network 'lan'
config zone
option name 'vlan_10'
option output 'ACCEPT'
option forward 'REJECT'
list network 'GST'
option input 'DROP'
config zone
option name 'wan'
option input 'REJECT'
option output 'ACCEPT'
option forward 'REJECT'
option masq '1'
option mtu_fix '1'
list network 'wan'
config forwarding
option src 'vlan_1'
option dest 'wan'
config rule
option name 'Allow-DHCP-Renew'
option src 'wan'
option proto 'udp'
option dest_port '68'
option target 'ACCEPT'
option family 'ipv4'
config rule
option name 'Allow-Ping'
option src 'wan'
option proto 'icmp'
option icmp_type 'echo-request'
option family 'ipv4'
option target 'ACCEPT'
option enabled '0'
config rule
option name 'Allow-vlan10-DNS'
option src 'vlan_10'
option dest_port '53'
option target 'ACCEPT'
list proto 'tcp'
list proto 'udp'
config rule
option name 'Allow-vlan10-DHCP'
list proto 'udp'
option src 'vlan_10'
option dest_port '67-68'
option target 'ACCEPT'
config forwarding
option src 'vlan_10'
option dest 'wan'
config zone
option name 'cams'
option input 'DROP'
option output 'ACCEPT'
option forward 'REJECT'
list network 'cams'
config zone
option name 'mgmt'
option input 'DROP'
option output 'ACCEPT'
option forward 'REJECT'
list network 'mgmt'
/etc/config/dhcp
config dnsmasq
option domainneeded '1'
option localise_queries '1'
option rebind_protection '1'
option rebind_localhost '1'
option local '/lan/'
option domain 'lan'
option expandhosts '1'
option cachesize '1000'
option authoritative '1'
option readethers '1'
option leasefile '/tmp/dhcp.leases'
option resolvfile '/tmp/resolv.conf.d/resolv.conf.auto'
option localservice '1'
option ednspacket_max '1232'
config dhcp 'lan'
option interface 'lan'
option start '100'
option limit '150'
option leasetime '12h'
option dhcpv4 'server'
option force '1'
config dhcp 'GST'
option interface 'GST'
option start '100'
option limit '150'
option leasetime '12h'
option force '1'
config dhcp 'wan'
option interface 'wan'
option ignore '1'
config odhcpd 'odhcpd'
option maindhcp '0'
option leasefile '/tmp/hosts/odhcpd'
option leasetrigger '/usr/sbin/odhcpd-update'
option loglevel '4'