Sorry about my poor description.
I set 2 wan connections via 2 physical ports. One is for internet ,the other is for iptv.Iptv connection gets an IP from dhcp server.Internet connection is pppoe. When I reboot the router and devices in lan at the same time, devices in lan(my pc, phones,iptv box) will get IP(100.xxx.xxx.xxx) which should be assigned for iptv wan interface instead of lan IP (192.168.xxx.xxx).Then I reboot devices in lan ,they finally get correct IP(192.168.xxx.xxx).
.Is this werid?
Firewall settings:
firewall
config rule
option name 'Allow-DHCP-Renew'
option src 'wan'
option proto 'udp'
option dest_port '68'
option target 'ACCEPT'
option family 'ipv4'
config rule
option name 'Allow-Ping'
option src 'wan'
option proto 'icmp'
option icmp_type 'echo-request'
option family 'ipv4'
option target 'ACCEPT'
config rule
option name 'Allow-IGMP'
option src 'wan'
option proto 'igmp'
option family 'ipv4'
option target 'ACCEPT'
config rule
option name 'Allow-DHCPv6'
option src 'wan'
option proto 'udp'
option src_ip 'fc00::/6'
option dest_ip 'fc00::/6'
option dest_port '546'
option family 'ipv6'
option target 'ACCEPT'
config rule
option name 'Allow-MLD'
option src 'wan'
option proto 'icmp'
option src_ip 'fe80::/10'
list icmp_type '130/0'
list icmp_type '131/0'
list icmp_type '132/0'
list icmp_type '143/0'
option family 'ipv6'
option target 'ACCEPT'
config rule
option name 'Allow-ICMPv6-Input'
option src 'wan'
option proto 'icmp'
list icmp_type 'echo-request'
list icmp_type 'echo-reply'
list icmp_type 'destination-unreachable'
list icmp_type 'packet-too-big'
list icmp_type 'time-exceeded'
list icmp_type 'bad-header'
list icmp_type 'unknown-header-type'
list icmp_type 'router-solicitation'
list icmp_type 'neighbour-solicitation'
list icmp_type 'router-advertisement'
list icmp_type 'neighbour-advertisement'
option limit '1000/sec'
option family 'ipv6'
option target 'ACCEPT'
config rule
option name 'Allow-ICMPv6-Forward'
option src 'wan'
option dest '*'
option proto 'icmp'
list icmp_type 'echo-request'
list icmp_type 'echo-reply'
list icmp_type 'destination-unreachable'
list icmp_type 'packet-too-big'
list icmp_type 'time-exceeded'
list icmp_type 'bad-header'
list icmp_type 'unknown-header-type'
option limit '1000/sec'
option family 'ipv6'
option target 'ACCEPT'
config rule
option name 'Allow-IPSec-ESP'
option src 'wan'
option dest 'lan'
option proto 'esp'
option target 'ACCEPT'
config rule
option name 'Allow-ISAKMP'
option src 'wan'
option dest 'lan'
option dest_port '500'
option proto 'udp'
option target 'ACCEPT'
config rule
option target 'ACCEPT'
option proto 'udp'
option name 'IPTV-DHCP'
option family 'ipv4'
option src 'iptv'
option dest_port '68'
option enabled '0'
config rule
option target 'ACCEPT'
option name 'IPTV-IGMP'
option family 'ipv4'
option proto 'igmp'
option src 'iptv'
config rule
option target 'ACCEPT'
option dest 'lan'
option name 'ALLOW-MULTICAST'
option proto 'udp'
option dest_ip '224.0.0.0/4'
option family 'ipv4'
option src 'iptv'
config defaults
option syn_flood '1'
option input 'ACCEPT'
option output 'ACCEPT'
option forward 'REJECT'
config zone
option name 'lan'
option input 'ACCEPT'
option output 'ACCEPT'
option forward 'ACCEPT'
option network 'lan'
config zone
option name 'wan'
option input 'REJECT'
option output 'ACCEPT'
option forward 'REJECT'
option masq '1'
option mtu_fix '1'
option network 'wan'
config include
option path '/etc/firewall.user'
config zone
option name 'iptv'
option forward 'REJECT'
option output 'ACCEPT'
option network 'iptv'
option masq '1'
option mtu_fix '1'
option input 'REJECT'
config forwarding
option dest 'iptv'
option src 'lan'
config rule
option target 'ACCEPT'
option name 'udpxy'
option proto 'udp'
option dest_ip '224.0.0.0/4'
option src 'iptv'
option family 'ipv4'
config rule
option name 'IPTV-DHCP-Renew’
option src 'iptv'
option proto 'udp’
option dest_port '68’
option target 'ACCEPT’
option family ‘ipv4’
config include 'shadowsocks_libev'
option type 'script'
option path '/usr/share/shadowsocks-libev/firewall.include'
option reload '1'
config forwarding
option dest 'wan'
option src 'lan'
update:
It seems that I found the cause was this rule of firewall config
config rule
option name 'IPTV-DHCP-Renew’
option src 'iptv'
option proto 'udp’
option dest_port '68’
option target 'ACCEPT’
option family ‘ipv4’
After I remove this rule ,devices in lan didn't get the wrong IP(100.x.x.x) on booting of the router.
But it is for allowing the IPTV interface to renew its IP .It's an input rule instead of forward rule, how can it make effect in lan zone on the very first booting?
Now I have an temporary solution:add "sleep 60 && iptables -A input_iptv_rule -p udp -m udp --dport 68 -m comment --comment "IPTV-DHCP" -j ACCEPT" to webpage "system" - "startup" - "Local Startup".But another issue happened . The startup of some applications is delayed, like "igmpproxy".They doesn't start up on time.