aha no problem 
so
config zone
option name 'Gaming'
option input 'REJECT'
option output 'ACCEPT'
option forward 'REJECT'
option mtu_fix '1'
list network 'ps-lan'
config forwarding
option src 'Gaming'
option dest 'wan'
config zone
option name 'OFFICE'
option input 'REJECT'
option output 'ACCEPT'
option forward 'REJECT'
option mtu_fix '1'
list network 'pc-lan'
config forwarding
option src 'OFFICE'
option dest 'wan'
onfig device
option name 'br-lan'
option type 'bridge'
list ports 'lan3'
list ports 'lan4'
config device
option name 'br-pslan'
option type 'bridge'
list ports 'lan1'
config device
option name 'br-pclan'
option type 'bridge'
list ports 'lan2'
config interface 'lan'
option device 'br-lan'
option proto 'static'
option netmask '255.255.255.0'
option ip6assign '60'
option ipaddr '192.168.2.1'
config interface 'ps-lan'
option device 'br-pslan'
option proto 'static'
option netmask '255.255.255.0'
option ip6assign '60'
option ipaddr '192.168.3.1'
config interface 'pc-lan'
option device 'br-pclan'
option proto 'static'
option netmask '255.255.255.0'
option ip6assign '60'
option ipaddr '192.168.4.1'
is right ?
Yes, I think it looks right.
Give it a shot.
1 Like
But, keep in mind that you don't currently have provisions for the 2 new networks to get services from the router (namely DHCP and DNS) because input = REJECT.
Ok my router has adress auto assigned 
I has missed something ?
Your router or your computer?
ok no sorry i have internet the computer is well in 4.1 and luci also accesses in 4.1 but in interface i always have the red rectangle rcpd error ...
How about a screenshot showing what you are seeing?
And let's see your complete config files now:
Please copy the output of the following commands and post it here using the "Preformatted text </> " button:
Remember to redact passwords, MAC addresses and any public IP addresses you may have:
cat /etc/config/network
cat /etc/config/dhcp
cat /etc/config/firewall
2 Likes
strange thing also the console tells me no internet cable on the lan 1
config device
option name 'br-lan'
option type 'bridge'
list ports 'lan3'
list ports 'lan4'
config device
option name 'br-pslan'
option type 'bridge'
list ports 'lan1'
config device
option name 'br-pclan'
option type 'bridge'
list ports 'lan2'
config interface 'lan'
option device 'br-lan'
option proto 'static'
option netmask '255.255.255.0'
option ip6assign '60'
option ipaddr '192.168.2.1'
config interface 'ps-lan'
option device 'br-pslan'
option proto 'static'
option netmask '255.255.255.0'
option ip6assign '60'
option ipaddr '192.168.3.1'
config interface 'pc-lan'
option device 'br-pclan'
option proto 'static'
option netmask '255.255.255.0'
option ip6assign '60'
option ipaddr '192.168.4.1'
config interface 'wan'
option device 'wan'
option proto 'dhcp'
config interface 'wan6'
option device 'wan'
option proto 'dhcpv6'
config interface 'vpn'
option proto 'none'
option device 'tun0'
config forwarding
option src 'lan'
option dest 'vpn'
config zone
option name 'gaming'
option input 'REJECT'
option output 'ACCEPT'
option forward 'REJECT'
option mtu_fix '1'
list network 'ps-lan'
config forwarding
option src 'gaming'
option dest 'wan'
config zone
option name 'office'
option input 'REJECT'
option output 'ACCEPT'
option forward 'REJECT'
option mtu_fix '1'
list network 'pc-lan'
config forwarding
option src 'office'
option dest 'wan'
config dhcp 'ps-lan'
option interface 'ps-lan'
option start '100'
option limit '150'
option leasetime '12h'
config dhcp 'pc-lan'
option interface 'pc-lan'
option start '100'
option limit '150'
option leasetime '12h'
Are these the complete files? or did you only post the specific parts we've been working on? If they're complete, it indicates there is a bunch of stuff missing. If you've selectively posted, please post the complete files.
1 Like
/etc/config/firewall
config defaults
option input 'ACCEPT'
option output 'ACCEPT'
option forward 'REJECT'
option synflood_protect '1'
config zone
option name 'lan'
list network 'lan'
option input 'ACCEPT'
option output 'ACCEPT'
option forward 'ACCEPT'
config zone
option name 'wan'
list network 'wan'
list network 'wan6'
option output 'ACCEPT'
option masq '1'
option mtu_fix '1'
option input 'DROP'
option forward 'DROP'
config forwarding
option src 'lan'
option dest 'wan'
config rule
option name 'Allow-DHCP-Renew'
option src 'wan'
option proto 'udp'
option dest_port '68'
option target 'ACCEPT'
option family 'ipv4'
config rule
option src 'wan'
option proto 'icmp'
option icmp_type 'echo-request'
option family 'ipv4'
option name 'Drop-Ping'
option target 'DROP'
config rule
option name 'Allow-IGMP'
option src 'wan'
option proto 'igmp'
option family 'ipv4'
option target 'ACCEPT'
config rule
option name 'Allow-DHCPv6'
option src 'wan'
option proto 'udp'
option dest_port '546'
option family 'ipv6'
option target 'ACCEPT'
config rule
option name 'Allow-MLD'
option src 'wan'
option proto 'icmp'
option src_ip 'fe80::/10'
list icmp_type '130/0'
list icmp_type '131/0'
list icmp_type '132/0'
list icmp_type '143/0'
option family 'ipv6'
option target 'ACCEPT'
config rule
option name 'Allow-ICMPv6-Input'
option src 'wan'
option proto 'icmp'
list icmp_type 'echo-request'
list icmp_type 'echo-reply'
list icmp_type 'destination-unreachable'
list icmp_type 'packet-too-big'
list icmp_type 'time-exceeded'
list icmp_type 'bad-header'
list icmp_type 'unknown-header-type'
list icmp_type 'router-solicitation'
list icmp_type 'neighbour-solicitation'
list icmp_type 'router-advertisement'
list icmp_type 'neighbour-advertisement'
option limit '1000/sec'
option family 'ipv6'
option target 'ACCEPT'
config rule
option name 'Allow-ICMPv6-Forward'
option src 'wan'
option dest '*'
option proto 'icmp'
list icmp_type 'echo-request'
list icmp_type 'echo-reply'
list icmp_type 'destination-unreachable'
list icmp_type 'packet-too-big'
list icmp_type 'time-exceeded'
list icmp_type 'bad-header'
list icmp_type 'unknown-header-type'
option limit '1000/sec'
option family 'ipv6'
option target 'ACCEPT'
config rule
option name 'Allow-IPSec-ESP'
option src 'wan'
option dest 'lan'
option proto 'esp'
option target 'ACCEPT'
config rule
option name 'Allow-ISAKMP'
option src 'wan'
option dest 'lan'
option dest_port '500'
option proto 'udp'
option target 'ACCEPT'
config zone
option name 'vpn'
option input 'REJECT'
option output 'ACCEPT'
option forward 'REJECT'
option masq '1'
option mtu_fix '1'
list network 'vpn'
config forwarding
option src 'lan'
option dest 'vpn'
config zone
option name 'gaming'
option input 'REJECT'
option output 'ACCEPT'
option forward 'REJECT'
option mtu_fix '1'
list network 'ps-lan'
config forwarding
option src 'gaming'
option dest 'wan'
config zone
option name 'office'
option input 'REJECT'
option output 'ACCEPT'
option forward 'REJECT'
option mtu_fix '1'
list network 'pc-lan'
config forwarding
option src 'office'
option dest 'wan'
network
config interface 'loopback'
option device 'lo'
option proto 'static'
option ipaddr '127.0.0.1'
option netmask '255.0.0.0'
config globals 'globals'
option ula_prefix 'fddf:c2ea:465c::/48'
config device
option name 'br-lan'
option type 'bridge'
list ports 'lan3'
list ports 'lan4'
config device
option name 'br-pslan'
option type 'bridge'
list ports 'lan1'
config device
option name 'br-pclan'
option type 'bridge'
list ports 'lan2'
config interface 'lan'
option device 'br-lan'
option proto 'static'
option netmask '255.255.255.0'
option ip6assign '60'
option ipaddr '192.168.2.1'
config interface 'ps-lan'
option device 'br-pslan'
option proto 'static'
option netmask '255.255.255.0'
option ip6assign '60'
option ipaddr '192.168.3.1'
config interface 'pc-lan'
option device 'br-pclan'
option proto 'static'
option netmask '255.255.255.0'
option ip6assign '60'
option ipaddr '192.168.4.1'
config interface 'wan'
option device 'wan'
option proto 'dhcp'
config interface 'wan6'
option device 'wan'
option proto 'dhcpv6'
config interface 'vpn'
option proto 'none'
option device 'tun0'
dhcp
config dnsmasq
option domainneeded '1'
option boguspriv '1'
option filterwin2k '0'
option localise_queries '1'
option rebind_protection '1'
option rebind_localhost '1'
option local '/lan/'
option domain 'lan'
option expandhosts '1'
option nonegcache '0'
option authoritative '1'
option readethers '1'
option leasefile '/tmp/dhcp.leases'
option resolvfile '/tmp/resolv.conf.d/resolv.conf.auto'
option nonwildcard '1'
option localservice '1'
option ednspacket_max '1232'
config dhcp 'lan'
option interface 'lan'
option start '100'
option limit '150'
option leasetime '12h'
option dhcpv4 'server'
option dhcpv6 'server'
option ra 'server'
option ra_slaac '1'
list ra_flags 'managed-config'
list ra_flags 'other-config'
config dhcp 'wan'
option interface 'wan'
option ignore '1'
config odhcpd 'odhcpd'
option maindhcp '0'
option leasefile '/tmp/hosts/odhcpd'
option leasetrigger '/usr/sbin/odhcpd-update'
option loglevel '4'
config dhcp 'ps-lan'
option interface 'ps-lan'
option start '100'
option limit '150'
option leasetime '12h'
config dhcp 'pc-lan'
option interface 'pc-lan'
option start '100'
option limit '150'
option leasetime '12h'
the files is now complete
I'm not spotting any errors. What works and what doesn't? Does the main LAN (on ports 3-4) still work normally?
Your current firewall configuration doesn't allow access to the router itself in any way for the 2 new networks... so you won't get an IP address via DHCP and you won't get DNS services. You also won't be able to access LuCI or ssh when connected to the new networks. This can be good in general, but if this is the issue you are seeing, this is currently expected behavior. LAN should work, though.
Also, you probably want to add forwarding from the 2 new networks > vpn
1 Like
Is it possible that the switch is reversed?
example lan 1 =4
RPCError
RPC call to uci/get failed with ubus code 9: Unspecified error at ClassConstructor.handleCallReply (http://192.168.4.1/luci-static/resources/rpc.js?v=git-22.213.35949-d09fbe0:15:3)
my ps5 has not reconised cabled now
Yes, that is possible, but I wouldn't think so. Easy enough to try... plug your computer into each one of the ports in turn... you should get an IP address in the main LAN (192.168.2.0/24) on two of the ports. The other two ports will currently end up with self-assigned (169) addresses.
1 Like
yes is totaly possible because
my pc reacts to port 2 of the belkin but the play only connects to port 3 and not lan 1 in any case it recognizes the lan
So start with a computer (set to DHCP). Which ports are working properly with a wired computer?
the pc work to lan2 in 192.168.4.1
the ps5 has not recongised i has try lan 1 lan 3 and lan 4 i will turn off the console and reboot
edit type nat echec (failed)
The PS5 will not work on the new networks because it will be unable to get an IP address via DHCP.
Please use only your computer for the following tests -- let's not complicate things by using the PS for the moment.
Change input to 'ACCEPT' on this zone and on the office zone.
Then connect your computer to each port and observe what IP address the computer gets. If it gets a proper IP address, test to see if it gets normal internet connectivity.
Tell me what happens with each port (for example, i would expect it to look like this):
Port 1 -> IP address 192.168.3.x, internet working
Port 2 -> IP address 192.168.4.x, internet working
Port 3 and 4 -> IP address 192.168.2.x, internet working
2 Likes
ok i just understood i only have internet on port 2 in 192.168.4.1....
I'm not sure why that would be.
What IP address does your computer get when it is plugged into each port?
on 2 I have the ip on the other ports I have ethernet not connected
I just tested my ps5 also it connects only to port 2 also ...