hi everyone,
First, sorry for my bad english.
EDIT 1 : i changed my address : 128.0.0.0/11 => 10.0.0.0/8
I want :
- Create 2 network (here : 192.168.1.0/24 and 128.0.0.0/11)
- Communicated between him ( 192 -> 128 and 128 -> 192)
- to have ethernet on all machine
I have :
- Openwrt Reboot (17.01.4, r3560-79f57e422d) on Router Netgear
- Create différent interface "Lan/wan" on router
cat /etc/config/network
config interface 'loopback'
option ifname 'lo'
option proto 'static'
option ipaddr '127.0.0.1'
option netmask '255.0.0.0'
config globals 'globals'
option ula_prefix 'fde2:fc06:5698::/48'
config interface 'lan'
option type 'bridge'
option ifname 'eth0'
option proto 'static'
option ip6assign '60'
option ipaddr '128.0.0.1'
option netmask '255.224.0.0'
config interface 'wan'
option ifname 'eth1'
option _orig_ifname 'eth1'
option _orig_bridge 'false'
option proto 'static'
option ipaddr '192.168.1.100'
option netmask '255.255.255.0'
option gateway '192.168.1.254'
option dns '192.168.1.254'
config interface 'wan6'
option ifname 'eth1'
option proto 'dhcpv6'
config switch
option name 'switch0'
option reset '1'
option enable_vlan '1'
option blinkrate '2'
config switch_vlan
option device 'switch0'
option vlan '1'
option ports '0 1 2 3 5'
config switch_port
option device 'switch0'
option port '1'
option led '6'
config switch_port
option device 'switch0'
option port '2'
option led '9'
config switch_port
option device 'switch0'
option port '5'
option led '2'
config route
option interface 'lan'
option target '0.0.0.0'
option netmask '0.0.0.0'
option gateway '192.168.1.100'
- I see on other topic, how add a route. So i try
eth0 "lan" 0.0.0.0 | 0.0.0.0 | 192.168.1.100 | 1500 | local or unicast
i think that very bad ^^ - same to firewall (if i disable Masquerading, cant connect the true WAN (http ...))
cat /etc/config/firewall
config defaults
option syn_flood '1'
option input 'ACCEPT'
option output 'ACCEPT'
option forward 'REJECT'
config zone
option name 'lan'
option input 'ACCEPT'
option output 'ACCEPT'
option forward 'ACCEPT'
option network 'lan'
config zone
option name 'wan'
option output 'ACCEPT'
option network 'wan wan6'
option input 'ACCEPT'
option forward 'ACCEPT'
option masq '1'
config forwarding
option src 'lan'
option dest 'wan'
config rule
option name 'Allow-DHCP-Renew'
option src 'wan'
option proto 'udp'
option dest_port '68'
option target 'ACCEPT'
option family 'ipv4'
config rule
option name 'Allow-Ping'
option src 'wan'
option proto 'icmp'
option icmp_type 'echo-request'
option family 'ipv4'
option target 'ACCEPT'
config rule
option name 'Allow-IGMP'
option src 'wan'
option proto 'igmp'
option family 'ipv4'
option target 'ACCEPT'
config rule
option name 'Allow-DHCPv6'
option src 'wan'
option proto 'udp'
option src_ip 'fc00::/6'
option dest_ip 'fc00::/6'
option dest_port '546'
option family 'ipv6'
option target 'ACCEPT'
config rule
option name 'Allow-MLD'
option src 'wan'
option proto 'icmp'
option src_ip 'fe80::/10'
list icmp_type '130/0'
list icmp_type '131/0'
list icmp_type '132/0'
list icmp_type '143/0'
option family 'ipv6'
option target 'ACCEPT'
config rule
option name 'Allow-ICMPv6-Input'
option src 'wan'
option proto 'icmp'
list icmp_type 'echo-request'
list icmp_type 'echo-reply'
list icmp_type 'destination-unreachable'
list icmp_type 'packet-too-big'
list icmp_type 'time-exceeded'
list icmp_type 'bad-header'
list icmp_type 'unknown-header-type'
list icmp_type 'router-solicitation'
list icmp_type 'neighbour-solicitation'
list icmp_type 'router-advertisement'
list icmp_type 'neighbour-advertisement'
option limit '1000/sec'
option family 'ipv6'
option target 'ACCEPT'
config rule
option name 'Allow-ICMPv6-Forward'
option src 'wan'
option dest '*'
option proto 'icmp'
list icmp_type 'echo-request'
list icmp_type 'echo-reply'
list icmp_type 'destination-unreachable'
list icmp_type 'packet-too-big'
list icmp_type 'time-exceeded'
list icmp_type 'bad-header'
list icmp_type 'unknown-header-type'
option limit '1000/sec'
option family 'ipv6'
option target 'ACCEPT'
config rule
option name 'Allow-IPSec-ESP'
option src 'wan'
option dest 'lan'
option proto 'esp'
option target 'ACCEPT'
config rule
option name 'Allow-ISAKMP'
option src 'wan'
option dest 'lan'
option dest_port '500'
option proto 'udp'
option target 'ACCEPT'
config include
option path '/etc/firewall.user'
- I can ping with machine 128.20.0.1 to 192.168.1.80 (other machine). But when i use the command tracert he jump directly 192.168.1.80 without going per the routeur BBox (192.168.1.254). It's normal ?
tracert 192.168.1.80
Détermination de l’itinéraire vers 192.168.1.80 avec un maximum de 30 sauts.
1 <1 ms <1 ms <1 ms LEDE.lan [128.0.0.1]
2 2 ms 2 ms 3 ms 192.168.1.80
i think 128.0.0.1 (R netgeart) to go 192.168.1.254 (R bbox) and finish by 192.168.1.80.
But reverse is not functional : to 192.168.1.80 => 128.20.0.1 or 128.0.0.1 i can't ping ....
I sure it's cause my router bbox (Internet provider), because i have just options 33 (static routing table) and 131 (classless static route option) DHCP.
Config ethernet static
128.20.0.1
255.224.0.0
128.0.0.1
DNS 192.168.1.254
192.168.1.80
255.255.255.0
192.168.1.254
DNS 192.168.1.254
So how i do communicate all computer between her ?
I think I said everything.
Again sorry for my english
Thank you so mush.
Darck