I am trying to assign IP address for my interface (its in bridge mode) but not working

yallaiah · October 15, 2019, 7:52am

my setup is like this

AP------Connected to my ------SDWAN device
and I configured DHCP in my SDWAN device when I connect the Access point to the SDWAN device
my access point to get the Ip address
when I do dhclient br-lan on access point
my sdwan device is giving a IP address to accesspoint but accesspoint not holding that ip
here is tcpdump that was taken on my sdwan device while doing dhclient on accesspoint

root@lavelle:/home/lavelle# tcpdump -ni lan0
tcpdump: verbose output suppressed, use -v or -vv for full protocol decode
listening on lan0, link-type EN10MB (Ethernet), capture size 65535 bytes
13:10:06.045098 IP 0.0.0.0.9091 > 255.255.255.255.9090: UDP, length 359
13:10:07.295186 IP 192.168.99.22.68 > 255.255.255.255.67: BOOTP/DHCP, Request from 44:d1:fa:59:2f:75, length 300
13:10:07.295521 ARP, Request who-has 192.168.99.22 tell 192.168.99.10, length 28
13:10:08.292165 ARP, Request who-has 192.168.99.22 tell 192.168.99.10, length 28
13:10:08.784885 IP 0.0.0.0.9091 > 255.255.255.255.9090: UDP, length 359
13:10:09.292178 ARP, Request who-has 192.168.99.22 tell 192.168.99.10, length 28

DHCP config

config dnsmasq
        option domainneeded '1'
        option boguspriv '1'
        option filterwin2k '0'
        option localise_queries '1'
        option rebind_protection '1'
        option rebind_localhost '1'
        option local '/lan/'
        option domain 'lan'
        option expandhosts '1'
        option nonegcache '0'
        option authoritative '1'
        option readethers '1'
        option leasefile '/tmp/dhcp.leases'
        option resolvfile '/tmp/resolv.conf.auto'

config dhcp 'lan'
        option interface 'lan'
        option leasetime '12h'
        option start '2'
        option limit '251'

config dhcp 'wan'
        option interface 'wan'
        option ignore '1'

config snmpd 'snmpd'
        option port '9091'
        option ac_addr '192.168.188.1'
~
~

/etc/config/network

config interface 'loopback'       
        option ifname 'lo'        
        option proto 'static'        
        option ipaddr '127.0.0.1'    
        option netmask '255.0.0.0'                                                                                                             
                                                                                                                                               
config interface 'lan'                                                                                                                         
        option ifname 'eth0.1 eth0.2'                                                                                                          
        option type 'bridge'                                                                                                                   
        option _orig_ifname 'eth0.1 eth0.2 ath0 wifi0.network2 wifi0.network3 wifi0.network4 ath1 wifi1.network2 wifi1.network3 wifi1.network4'
        option _orig_bridge 'true'
        option proto 'dhcp'    
        option hostname 'xd200'
                              
config interface 'wan'        
        option proto 'dhcp'   
                              
config mgt 'mgt'                
        option mgt_port '8080'    
                                  
config config 'qos'               
        option disable '1'        
        option up_rate '1024000'  
        option down_rate '1024000'
        option rule_num '0'   
                              
config switch                 
        option name 'switch0'  
        option reset '1'       
        option enable_vlan '1' 
                               
config switch_vlan             
        option device 'switch0'
        option vlan '1'        
        option ports '0t 2'

any one can help me please

eduperez · October 15, 2019, 8:41am

In the network config, LAN is a DHCP client, but in the DHCP config, it is a DHCP server.

trendy · October 15, 2019, 9:34am

https://openwrt.org/docs/guide-user/network/wifi/dumbap

yallaiah · October 15, 2019, 9:34am

I have changes the configs as per your commit
but things are same

/etc/config/network

config interface 'loopback'
        option ifname 'lo'
        option proto 'static'
        option ipaddr '127.0.0.1'
        option netmask '255.0.0.0'

config interface 'lan'
        option type 'bridge'
        option _orig_ifname 'eth0.1 ath0 wifi0.network2 wifi0.network3 wifi0.network4 ath1 wifi1.network2 wifi1.network3 wifi1.network4'
        option _orig_bridge 'true'
        option proto 'dhcp'
        option ifname 'eth0.1'

config interface 'wan'
        option proto 'dhcp'
        option ifname 'eth0.2'

config mgt 'mgt'
        option mgt_port '8080'

config config 'qos'
        option disable '1'
        option up_rate '1024000'
        option down_rate '1024000'
        option rule_num '0'

config switch
        option name 'switch0'
        option reset '1'
        option enable_vlan '1'

config switch_vlan
        option device 'switch0'
        option vlan '1'
        option ports '0t 2'

config switch_vlan             
        option device 'switch0'
        option vlan '2'        
        option ports '0t 3'

/etc/config/dhcp

config dnsmasq
        option domainneeded '1'
        option boguspriv '1'
        option filterwin2k '0'
        option localise_queries '1'
        option rebind_protection '1'
        option rebind_localhost '1'
        option local '/lan/'
        option domain 'lan'
        option expandhosts '1'
        option nonegcache '0'
        option authoritative '1'
        option readethers '1'
        option leasefile '/tmp/dhcp.leases'
        option resolvfile '/tmp/resolv.conf.auto'

config dhcp 'lan'
        option interface 'lan'
        option ignore '1'

config dhcp 'wan'
        option interface 'wan'
        option ignore '1'

config snmpd 'snmpd'
        option port '9091'
        option ac_addr '192.168.188.1'
~
~
~
~
~
~
~
~
~

can u please look it now
or any changes are required
this time we trying to assign DHCP ip to the WAN interface

Accesspoint-----(WAN)-------->Sdwan device
DHCP process are going but not holding the ip

trendy · October 15, 2019, 9:38am

Do you have a DHCP server connected in the LAN interface?

yallaiah · October 15, 2019, 9:40am

yeah , my device is relying back with DHCP reply ands ACK everything
ap is not holding that IP address
this is the tcpdump from SDWAN device side

14:56:50.117352 IP 0.0.0.0.68 > 255.255.255.255.67: BOOTP/DHCP, Request from 44:d1:fa:59:2f:75, length 300
14:56:50.117635 IP 192.168.99.10.67 > 192.168.99.22.68: BOOTP/DHCP, Reply, length 300
14:56:50.118919 IP 0.0.0.0.68 > 255.255.255.255.67: BOOTP/DHCP, Request from 44:d1:fa:59:2f:75, length 300
14:56:50.119161 IP 192.168.99.10.67 > 192.168.99.22.68: BOOTP/DHCP, Reply, length 300

tmomas · October 15, 2019, 9:43am

@yallaiah yalla Please use "Preformatted text </>" for logs, scripts, configs and general console output.

Please also remove any ===== lines.

Please edit your postings accordingly.
Thanks!

trendy · October 15, 2019, 9:48am

But the WAN interface is connected to the SD-WAN, not the LAN.

yallaiah · October 15, 2019, 10:13am

yeah wan is connected to the sdwan lan interface and DHCP is configured

trendy · October 15, 2019, 10:16am

Looks like there is no DHCP server connected to the LAN interface, so it is expected not to get an IP address. Switch it to Static Protocol and assign yourself and IP/MASK.
You may also want to turn back on the DHCP server of the OpenWrt on the LAN interface to serve your clients.

yallaiah · October 15, 2019, 11:12am

Configuring static details are working properly with out any issues ,
when we turn in to DHCP only having the issue
the issue from WAN side only , WAN side it is not holding the IP from DHCP
complete setup is typically looks like this
Access Point sdwan

trendy · October 15, 2019, 11:15am

There is no DHCP server on the LAN side of the network, so it is expected to have issues when you request address from DHCP.
Leave it with static and an IP/MASK on the LAN interface and use the DHCP server of the OpenWrt for the wireless clients.

yallaiah · October 15, 2019, 11:18am

my issue form WAN side
WAN interface is need to get a DHCP IP address
that is not working

eduperez · October 15, 2019, 11:47am

Now, you have WAN on eth0.2, but there is no VLAN 2 configured on the switch.

yallaiah · October 15, 2019, 11:54am

wan is in eth0.2
where i need to configure vlan2 ?
can u please tell me
here is the screenshots of GUI configuration

trendy · October 15, 2019, 12:46pm

We cannot understand much from the screenshot. Please post again the configurations as they stand now:

uci show network;uci show wireless; \
uci show firewall; uci show dhcp; \
ip -4 addr ; ip -4 ro ; ip -4 ru; \
iptables-save; \
head -n -0 /etc/firewall.user; \
ls -l  /etc/resolv.* /tmp/resolv.*; head -n -0 /etc/resolv.* /tmp/resolv.*

Please use "Preformatted text </>" for logs, scripts, configs and general console output.

yallaiah · October 15, 2019, 12:59pm

root@XD4200:~# uci show network;uci show wireless; \
> uci show firewall; uci show dhcp; \
> ip -4 addr ; ip -4 ro ; ip -4 ru; \
> iptables-save; \
> head -n -0 /etc/firewall.user; \
> ls -l  /etc/resolv.* /tmp/resolv.*; head -n -0 /etc/resolv.* /tmp/resolv.*
network.loopback=interface
network.loopback.ifname=lo
network.loopback.proto=static
network.loopback.ipaddr=127.0.0.1
network.loopback.netmask=255.0.0.0
network.lan=interface
network.lan.type=bridge
network.lan._orig_ifname=eth0.1 ath0 wifi0.network2 wifi0.network3 wifi0.network4 ath1 wifi1.network2 wifi1.network3 wifi1.network4
network.lan._orig_bridge=true
network.lan.ifname=eth0.1
network.lan.proto=static
network.lan.ipaddr=192.168.96.10
network.lan.netmask=255.255.255.0
network.lan.dns=8.8.8.8
network.wan=interface
network.wan.ifname=eth0.2
network.wan._orig_ifname=eth0.2
network.wan._orig_bridge=false
network.wan.proto=dhcp
network.mgt=mgt
network.mgt.mgt_port=8080
network.qos=config
network.qos.disable=1
network.qos.up_rate=1024000
network.qos.down_rate=1024000
network.qos.rule_num=0
network.@switch[0]=switch
network.@switch[0].name=switch0
network.@switch[0].reset=1
network.@switch[0].enable_vlan=1
network.@switch_vlan[0]=switch_vlan
network.@switch_vlan[0].device=switch0
network.@switch_vlan[0].vlan=1
network.@switch_vlan[0].ports=0t 2
network.@switch_vlan[1]=switch_vlan
network.@switch_vlan[1].device=switch0
network.@switch_vlan[1].vlan=2
network.@switch_vlan[1].ports=0t 3
wireless.wifi0=wifi-device
wireless.wifi0.type=qcawifi
wireless.wifi0.country=CN
wireless.wifi0.channel=7
wireless.wifi0.htmode=HT40
wireless.wifi0.txpower=30
wireless.wifi0.hwmode=11ng
wireless.wifi0.AMPDU=1
wireless.wifi0.rssi_thres=-90
wireless.wifi0.acktimeout=64
wireless.wifi1=wifi-device
wireless.wifi1.type=qcawifi
wireless.wifi1.country=CN
wireless.wifi1.channel=153
wireless.wifi1.hwmode=11ac
wireless.wifi1.htmode=HT80
wireless.wifi1.txpower=30
wireless.wifi1.rssi_thres=-90
wireless.wifi1.AMPDU=1
wireless.wifi1.acktimeout=64
wireless.@wifi-iface[0]=wifi-iface
wireless.@wifi-iface[0].device=wifi0
wireless.@wifi-iface[0].id=00
wireless.@wifi-iface[0].mode=ap
wireless.@wifi-iface[0].encryption=psk-mixed+tkip+ccmp
wireless.@wifi-iface[0].key=66666666
wireless.@wifi-iface[0].ssid=Wireless 2.4G
wireless.@wifi-iface[0].wmm=1
wireless.@wifi-iface[0].hidden=0
wireless.@wifi-iface[0].disabled=0
wireless.@wifi-iface[0].bintval=100
wireless.@wifi-iface[0].shortgi=1
wireless.@wifi-iface[0].frag=2346
wireless.@wifi-iface[0].rts=2346
wireless.@wifi-iface[0].maxsta=64
wireless.@wifi-iface[0].isolate=0
wireless.@wifi-iface[0].wds=1
wireless.@wifi-iface[0].extap=1
wireless.@wifi-iface[0].disablecoext=1
wireless.@wifi-iface[0].network=lan
wireless.@wifi-iface[1]=wifi-iface
wireless.@wifi-iface[1].device=wifi0
wireless.@wifi-iface[1].id=01
wireless.@wifi-iface[1].mode=ap
wireless.@wifi-iface[1].encryption=none
wireless.@wifi-iface[1].ssid=WirelessAP-2G-01
wireless.@wifi-iface[1].wmm=1
wireless.@wifi-iface[1].hidden=0
wireless.@wifi-iface[1].disabled=1
wireless.@wifi-iface[1].bintval=100
wireless.@wifi-iface[1].shortgi=1
wireless.@wifi-iface[1].frag=2346
wireless.@wifi-iface[1].rts=2346
wireless.@wifi-iface[1].maxsta=64
wireless.@wifi-iface[1].isolate=0
wireless.@wifi-iface[1].wds=1
wireless.@wifi-iface[1].extap=1
wireless.@wifi-iface[1].disablecoext=1
wireless.@wifi-iface[1].network=lan
wireless.@wifi-iface[2]=wifi-iface
wireless.@wifi-iface[2].device=wifi0
wireless.@wifi-iface[2].id=02
wireless.@wifi-iface[2].mode=ap
wireless.@wifi-iface[2].encryption=none
wireless.@wifi-iface[2].ssid=WirelessAP-2G-02
wireless.@wifi-iface[2].wmm=1
wireless.@wifi-iface[2].hidden=0
wireless.@wifi-iface[2].disabled=1
wireless.@wifi-iface[2].bintval=100
wireless.@wifi-iface[2].shortgi=1
wireless.@wifi-iface[2].frag=2346
wireless.@wifi-iface[2].rts=2346
wireless.@wifi-iface[2].maxsta=64
wireless.@wifi-iface[2].isolate=0
wireless.@wifi-iface[2].wds=1
wireless.@wifi-iface[2].extap=1
wireless.@wifi-iface[2].disablecoext=1
wireless.@wifi-iface[2].network=lan
wireless.@wifi-iface[3]=wifi-iface
wireless.@wifi-iface[3].device=wifi0
wireless.@wifi-iface[3].id=03
wireless.@wifi-iface[3].mode=ap
wireless.@wifi-iface[3].encryption=none
wireless.@wifi-iface[3].ssid=WirelessAP-2G-03
wireless.@wifi-iface[3].wmm=1
wireless.@wifi-iface[3].hidden=0
wireless.@wifi-iface[3].disabled=1
wireless.@wifi-iface[3].bintval=100
wireless.@wifi-iface[3].shortgi=1
wireless.@wifi-iface[3].frag=2346
wireless.@wifi-iface[3].rts=2346
wireless.@wifi-iface[3].maxsta=64
wireless.@wifi-iface[3].isolate=0
wireless.@wifi-iface[3].wds=1
wireless.@wifi-iface[3].extap=1
wireless.@wifi-iface[3].disablecoext=1
wireless.@wifi-iface[3].network=lan
wireless.@wifi-iface[4]=wifi-iface
wireless.@wifi-iface[4].device=wifi1
wireless.@wifi-iface[4].id=10
wireless.@wifi-iface[4].mode=ap
wireless.@wifi-iface[4].encryption=psk-mixed+tkip+ccmp
wireless.@wifi-iface[4].key=66666666
wireless.@wifi-iface[4].ssid=Wireless 5.8G
wireless.@wifi-iface[4].wmm=1
wireless.@wifi-iface[4].hidden=0
wireless.@wifi-iface[4].disabled=0
wireless.@wifi-iface[4].bintval=100
wireless.@wifi-iface[4].shortgi=1
wireless.@wifi-iface[4].frag=2346
wireless.@wifi-iface[4].rts=2346
wireless.@wifi-iface[4].maxsta=64
wireless.@wifi-iface[4].isolate=0
wireless.@wifi-iface[4].wds=1
wireless.@wifi-iface[4].extap=1
wireless.@wifi-iface[4].disablecoext=1
wireless.@wifi-iface[4].network=lan
wireless.@wifi-iface[5]=wifi-iface
wireless.@wifi-iface[5].device=wifi1
wireless.@wifi-iface[5].id=11
wireless.@wifi-iface[5].mode=ap
wireless.@wifi-iface[5].encryption=none
wireless.@wifi-iface[5].ssid=WirelessAP-5G-11
wireless.@wifi-iface[5].wmm=1
wireless.@wifi-iface[5].hidden=0
wireless.@wifi-iface[5].disabled=1
wireless.@wifi-iface[5].bintval=100
wireless.@wifi-iface[5].shortgi=1
wireless.@wifi-iface[5].frag=2346
wireless.@wifi-iface[5].rts=2346
wireless.@wifi-iface[5].maxsta=64
wireless.@wifi-iface[5].isolate=0
wireless.@wifi-iface[5].wds=1
wireless.@wifi-iface[5].extap=1
wireless.@wifi-iface[5].disablecoext=1
wireless.@wifi-iface[5].network=lan
wireless.@wifi-iface[6]=wifi-iface
wireless.@wifi-iface[6].device=wifi1
wireless.@wifi-iface[6].id=12
wireless.@wifi-iface[6].mode=ap
wireless.@wifi-iface[6].encryption=none
wireless.@wifi-iface[6].ssid=WirelessAP-5G-12
wireless.@wifi-iface[6].wmm=1
wireless.@wifi-iface[6].hidden=0
wireless.@wifi-iface[6].disabled=1
wireless.@wifi-iface[6].bintval=100
wireless.@wifi-iface[6].shortgi=1
wireless.@wifi-iface[6].frag=2346
wireless.@wifi-iface[6].rts=2346
wireless.@wifi-iface[6].maxsta=64
wireless.@wifi-iface[6].isolate=0
wireless.@wifi-iface[6].wds=1
wireless.@wifi-iface[6].extap=1
wireless.@wifi-iface[6].disablecoext=1
wireless.@wifi-iface[6].network=lan
wireless.@wifi-iface[7]=wifi-iface
wireless.@wifi-iface[7].device=wifi1
wireless.@wifi-iface[7].id=13
wireless.@wifi-iface[7].mode=ap
wireless.@wifi-iface[7].encryption=none
wireless.@wifi-iface[7].ssid=WirelessAP-5G-13
wireless.@wifi-iface[7].wmm=1
wireless.@wifi-iface[7].hidden=0
wireless.@wifi-iface[7].disabled=1
wireless.@wifi-iface[7].bintval=100
wireless.@wifi-iface[7].shortgi=1
wireless.@wifi-iface[7].frag=2346
wireless.@wifi-iface[7].rts=2346
wireless.@wifi-iface[7].maxsta=64
wireless.@wifi-iface[7].isolate=0
wireless.@wifi-iface[7].wds=1
wireless.@wifi-iface[7].extap=1
wireless.@wifi-iface[7].disablecoext=1
wireless.@wifi-iface[7].network=lan
firewall.@defaults[0]=defaults
firewall.@defaults[0].syn_flood=1
firewall.@defaults[0].input=ACCEPT
firewall.@defaults[0].output=ACCEPT
firewall.@defaults[0].disabled=0
firewall.@defaults[0].forward=ACCEPT
firewall.@zone[0]=zone
firewall.@zone[0].name=lan
firewall.@zone[0].network=lan
firewall.@zone[0].input=ACCEPT
firewall.@zone[0].output=ACCEPT
firewall.@zone[0].forward=ACCEPT
firewall.@zone[1]=zone
firewall.@zone[1].name=wan
firewall.@zone[1].network=wan
firewall.@zone[1].output=ACCEPT
firewall.@zone[1].masq=1
firewall.@zone[1].mtu_fix=1
firewall.@zone[1].input=ACCEPT
firewall.@zone[1].forward=ACCEPT
firewall.@forwarding[0]=forwarding
firewall.@forwarding[0].src=lan
firewall.@forwarding[0].dest=wan
firewall.@rule[0]=rule
firewall.@rule[0].name=Allow-DHCP-Renew
firewall.@rule[0].src=wan
firewall.@rule[0].proto=udp
firewall.@rule[0].dest_port=68
firewall.@rule[0].target=ACCEPT
firewall.@rule[0].family=ipv4
firewall.@rule[1]=rule
firewall.@rule[1].name=Allow-Ping
firewall.@rule[1].src=wan
firewall.@rule[1].proto=icmp
firewall.@rule[1].icmp_type=echo-request
firewall.@rule[1].family=ipv4
firewall.@rule[1].target=ACCEPT
firewall.@rule[2]=rule
firewall.@rule[2].name=Allow-DHCPv6
firewall.@rule[2].src=wan
firewall.@rule[2].proto=udp
firewall.@rule[2].src_ip=fe80::/10
firewall.@rule[2].src_port=547
firewall.@rule[2].dest_ip=fe80::/10
firewall.@rule[2].dest_port=546
firewall.@rule[2].family=ipv6
firewall.@rule[2].target=ACCEPT
firewall.@rule[3]=rule
firewall.@rule[3].name=Allow-ICMPv6-Input
firewall.@rule[3].src=wan
firewall.@rule[3].proto=icmp
firewall.@rule[3].icmp_type=echo-request echo-reply destination-unreachable packet-too-big time-exceeded bad-header unknown-header-type router-solicitation neighbour-solicitation router-advertisement neighbour-advertisement
firewall.@rule[3].limit=1000/sec
firewall.@rule[3].family=ipv6
firewall.@rule[3].target=ACCEPT
firewall.@rule[4]=rule
firewall.@rule[4].name=Allow-ICMPv6-Forward
firewall.@rule[4].src=wan
firewall.@rule[4].dest=*
firewall.@rule[4].proto=icmp
firewall.@rule[4].icmp_type=echo-request echo-reply destination-unreachable packet-too-big time-exceeded bad-header unknown-header-type
firewall.@rule[4].limit=1000/sec
firewall.@rule[4].family=ipv6
firewall.@rule[4].target=ACCEPT
firewall.@include[0]=include
firewall.@include[0].path=/etc/firewall.user
firewall.@rule[5]=rule
firewall.@rule[5].src=lan
firewall.@rule[5].name=L2TP
firewall.@rule[5].proto=udp
firewall.@rule[5].target=REJECT
firewall.@rule[5].dest_port=1701
firewall.@rule[5].dest=*
firewall.@rule[5].enabled=0
firewall.@rule[6]=rule
firewall.@rule[6].src=lan
firewall.@rule[6].name=PPTP
firewall.@rule[6].target=REJECT
firewall.@rule[6].dest_port=1723
firewall.@rule[6].dest=*
firewall.@rule[6].enabled=0
firewall.@rule[7]=rule
firewall.@rule[7].src=lan
firewall.@rule[7].name=IPSEC
firewall.@rule[7].dest=*
firewall.@rule[7].dest_port=500
firewall.@rule[7].target=REJECT
firewall.@rule[7].proto=udp
firewall.@rule[7].enabled=0
firewall.@redirect[0]=redirect
firewall.@redirect[0].target=DNAT
firewall.@redirect[0].src=wan
firewall.@redirect[0].dest=lan
firewall.@redirect[0].proto=tcp udp
firewall.@redirect[0].dest_port=80
firewall.@redirect[0].name=MGT_PORT
firewall.@redirect[0].src_dport=8080
firewall.@redirect[0].enabled=1
firewall.@mode[0]=mode
firewall.miniupnpd=include
firewall.miniupnpd.type=script
firewall.miniupnpd.path=/usr/share/miniupnpd/firewall.include
firewall.miniupnpd.family=IPv4
firewall.miniupnpd.reload=1
dhcp.@dnsmasq[0]=dnsmasq
dhcp.@dnsmasq[0].domainneeded=1
dhcp.@dnsmasq[0].boguspriv=1
dhcp.@dnsmasq[0].filterwin2k=0
dhcp.@dnsmasq[0].localise_queries=1
dhcp.@dnsmasq[0].rebind_protection=1
dhcp.@dnsmasq[0].rebind_localhost=1
dhcp.@dnsmasq[0].local=/lan/
dhcp.@dnsmasq[0].domain=lan
dhcp.@dnsmasq[0].expandhosts=1
dhcp.@dnsmasq[0].nonegcache=0
dhcp.@dnsmasq[0].authoritative=1
dhcp.@dnsmasq[0].readethers=1
dhcp.@dnsmasq[0].leasefile=/tmp/dhcp.leases
dhcp.@dnsmasq[0].resolvfile=/tmp/resolv.conf.auto
dhcp.lan=dhcp
dhcp.lan.interface=lan
dhcp.lan.start=100
dhcp.lan.limit=150
dhcp.lan.leasetime=12h
dhcp.wan=dhcp
dhcp.wan.interface=wan
dhcp.wan.ignore=1
dhcp.snmpd=snmpd
dhcp.snmpd.port=9091
dhcp.snmpd.ac_addr=192.168.188.1
1: lo: <LOOPBACK,UP,LOWER_UP> mtu 16436 qdisc noqueue state UNKNOWN 
    inet 127.0.0.1/8 scope host lo
9: br-lan: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc noqueue state UP 
    inet 192.168.96.10/24 brd 192.168.96.255 scope global br-lan
192.168.96.0/24 dev br-lan  proto kernel  scope link  src 192.168.96.10 
0:      from all lookup local 
32766:  from all lookup main 
32767:  from all lookup default 
# Generated by iptables-save v1.4.10 on Tue Oct 15 20:59:45 2019
*nat
:PREROUTING ACCEPT [3876:385055]
:INPUT ACCEPT [2364:166234]
:OUTPUT ACCEPT [9:2420]
:POSTROUTING ACCEPT [9:2420]
:MINIUPNPD - [0:0]
:postrouting_rule - [0:0]
:prerouting_lan - [0:0]
:prerouting_rule - [0:0]
:prerouting_wan - [0:0]
:zone_lan_nat - [0:0]
:zone_lan_prerouting - [0:0]
:zone_wan_nat - [0:0]
:zone_wan_prerouting - [0:0]
-A PREROUTING -j prerouting_rule 
-A PREROUTING -i br-lan -j zone_lan_prerouting 
-A PREROUTING -i eth0.2 -j zone_wan_prerouting 
-A POSTROUTING -j postrouting_rule 
-A POSTROUTING -o br-lan -j zone_lan_nat 
-A POSTROUTING -o eth0.2 -j zone_wan_nat 
-A zone_lan_prerouting -j prerouting_lan 
-A zone_wan_nat -j MASQUERADE 
-A zone_wan_prerouting -j MINIUPNPD 
-A zone_wan_prerouting -p tcp -m tcp --dport 8080 -j DNAT --to-destination :80 
-A zone_wan_prerouting -p udp -m udp --dport 8080 -j DNAT --to-destination :80 
-A zone_wan_prerouting -j prerouting_wan 
COMMIT
# Completed on Tue Oct 15 20:59:45 2019
# Generated by iptables-save v1.4.10 on Tue Oct 15 20:59:45 2019
*raw
:PREROUTING ACCEPT [25174:2076466]
:OUTPUT ACCEPT [21359:2685751]
:zone_lan_notrack - [0:0]
:zone_wan_notrack - [0:0]
-A PREROUTING -i br-lan -j zone_lan_notrack 
-A PREROUTING -i eth0.2 -j zone_wan_notrack 
COMMIT
# Completed on Tue Oct 15 20:59:45 2019
# Generated by iptables-save v1.4.10 on Tue Oct 15 20:59:45 2019
*mangle
:PREROUTING ACCEPT [25151:2073184]
:INPUT ACCEPT [23402:1829695]
:FORWARD ACCEPT [0:0]
:OUTPUT ACCEPT [21345:2684744]
:POSTROUTING ACCEPT [21352:2687055]
:qos_Default - [0:0]
:qos_Default_ct - [0:0]
:zone_wan_MSSFIX - [0:0]
-A PREROUTING -m ttl --ttl-lt 2 -j TTL --ttl-inc 5 
-A FORWARD -j zone_wan_MSSFIX 
-A qos_Default -j CONNMARK --restore-mark --nfmask 0xff --ctmask 0xff 
-A qos_Default -m mark --mark 0x0/0xff -j qos_Default_ct 
-A qos_Default -m mark --mark 0x1/0xff -m length --length 400:65535 -j MARK --set-xmark 0x0/0xff 
-A qos_Default -m mark --mark 0x2/0xff -m length --length 800:65535 -j MARK --set-xmark 0x0/0xff 
-A qos_Default -p udp -m mark --mark 0x0/0xff -m length --length 0:500 -j MARK --set-xmark 0x2/0xff 
-A qos_Default -p icmp -j MARK --set-xmark 0x1/0xff 
-A qos_Default -p tcp -m mark --mark 0x0/0xff -m tcp --sport 1024:65535 --dport 1024:65535 -j MARK --set-xmark 0x4/0xff 
-A qos_Default -p udp -m mark --mark 0x0/0xff -m udp --sport 1024:65535 --dport 1024:65535 -j MARK --set-xmark 0x4/0xff 
-A qos_Default -p tcp -m length --length 0:128 -m mark ! --mark 0x4/0xff -m tcp --tcp-flags FIN,SYN,RST,PSH,ACK,URG SYN -j MARK --set-xmark 0x1/0xff 
-A qos_Default -p tcp -m length --length 0:128 -m mark ! --mark 0x4/0xff -m tcp --tcp-flags FIN,SYN,RST,PSH,ACK,URG ACK -j MARK --set-xmark 0x1/0xff 
-A qos_Default_ct -p tcp -m mark --mark 0x0/0xff -m tcp -m multiport --ports 22,53 -j MARK --set-xmark 0x1/0xff 
-A qos_Default_ct -p udp -m mark --mark 0x0/0xff -m udp -m multiport --ports 22,53 -j MARK --set-xmark 0x1/0xff 
-A qos_Default_ct -p tcp -m mark --mark 0x0/0xff -m tcp -m multiport --ports 20,21,25,80,110,443,993,995 -j MARK --set-xmark 0x3/0xff 
-A qos_Default_ct -p tcp -m mark --mark 0x0/0xff -m tcp -m multiport --ports 5190 -j MARK --set-xmark 0x2/0xff 
-A qos_Default_ct -p udp -m mark --mark 0x0/0xff -m udp -m multiport --ports 5190 -j MARK --set-xmark 0x2/0xff 
-A qos_Default_ct -j CONNMARK --save-mark --nfmask 0xff --ctmask 0xff 
-A zone_wan_MSSFIX -o eth0.2 -p tcp -m tcp --tcp-flags SYN,RST SYN -j TCPMSS --clamp-mss-to-pmtu 
-A zone_wan_MSSFIX -i eth0.2 -p tcp -m tcp --tcp-flags SYN,RST SYN -j TCPMSS --clamp-mss-to-pmtu 
COMMIT
# Completed on Tue Oct 15 20:59:45 2019
# Generated by iptables-save v1.4.10 on Tue Oct 15 20:59:45 2019
*filter
:INPUT ACCEPT [0:0]
:FORWARD ACCEPT [0:0]
:OUTPUT ACCEPT [0:0]
:MINIUPNPD - [0:0]
:forward - [0:0]
:forwarding_lan - [0:0]
:forwarding_rule - [0:0]
:forwarding_wan - [0:0]
:input - [0:0]
:input_lan - [0:0]
:input_rule - [0:0]
:input_wan - [0:0]
:output - [0:0]
:output_rule - [0:0]
:reject - [0:0]
:syn_flood - [0:0]
:zone_lan - [0:0]
:zone_lan_ACCEPT - [0:0]
:zone_lan_DROP - [0:0]
:zone_lan_REJECT - [0:0]
:zone_lan_forward - [0:0]
:zone_wan - [0:0]
:zone_wan_ACCEPT - [0:0]
:zone_wan_DROP - [0:0]
:zone_wan_REJECT - [0:0]
:zone_wan_forward - [0:0]
-A INPUT -m conntrack --ctstate RELATED,ESTABLISHED -j ACCEPT 
-A INPUT -i lo -j ACCEPT 
-A INPUT -p tcp -m tcp --tcp-flags FIN,SYN,RST,ACK SYN -j syn_flood 
-A INPUT -j input_rule 
-A INPUT -j input 
-A FORWARD -m conntrack --ctstate RELATED,ESTABLISHED -j ACCEPT 
-A FORWARD -j forwarding_rule 
-A FORWARD -j forward 
-A OUTPUT -m conntrack --ctstate RELATED,ESTABLISHED -j ACCEPT 
-A OUTPUT -o lo -j ACCEPT 
-A OUTPUT -j output_rule 
-A OUTPUT -j output 
-A forward -i br-lan -j zone_lan_forward 
-A forward -i eth0.2 -j zone_wan_forward 
-A input -i br-lan -j zone_lan 
-A input -i eth0.2 -j zone_wan 
-A output -j zone_lan_ACCEPT 
-A output -j zone_wan_ACCEPT 
-A reject -p tcp -j REJECT --reject-with tcp-reset 
-A reject -j REJECT --reject-with icmp-port-unreachable 
-A syn_flood -p tcp -m tcp --tcp-flags FIN,SYN,RST,ACK SYN -m limit --limit 25/sec --limit-burst 50 -j RETURN 
-A syn_flood -j DROP 
-A zone_lan -j input_lan 
-A zone_lan -j zone_lan_ACCEPT 
-A zone_lan_ACCEPT -o br-lan -j ACCEPT 
-A zone_lan_ACCEPT -i br-lan -j ACCEPT 
-A zone_lan_DROP -o br-lan -j DROP 
-A zone_lan_DROP -i br-lan -j DROP 
-A zone_lan_REJECT -o br-lan -j reject 
-A zone_lan_REJECT -i br-lan -j reject 
-A zone_lan_forward -j zone_wan_ACCEPT 
-A zone_lan_forward -j forwarding_lan 
-A zone_lan_forward -j zone_lan_ACCEPT 
-A zone_wan -p udp -m udp --dport 68 -j ACCEPT 
-A zone_wan -p icmp -m icmp --icmp-type 8 -j ACCEPT 
-A zone_wan -p tcp -m tcp --dport 80 -m conntrack --ctstate DNAT -j ACCEPT 
-A zone_wan -p udp -m udp --dport 80 -m conntrack --ctstate DNAT -j ACCEPT 
-A zone_wan -j input_wan 
-A zone_wan -j zone_wan_ACCEPT 
-A zone_wan_ACCEPT -o eth0.2 -j ACCEPT 
-A zone_wan_ACCEPT -i eth0.2 -j ACCEPT 
-A zone_wan_DROP -o eth0.2 -j DROP 
-A zone_wan_DROP -i eth0.2 -j DROP 
-A zone_wan_REJECT -o eth0.2 -j reject 
-A zone_wan_REJECT -i eth0.2 -j reject 
-A zone_wan_forward -j MINIUPNPD 
-A zone_wan_forward -j forwarding_wan 
-A zone_wan_forward -j zone_wan_ACCEPT 
COMMIT
# Completed on Tue Oct 15 20:59:45 2019
head: invalid number '-0'
lrwxrwxrwx    1 root     root            16 Nov  9  2018 /etc/resolv.conf -> /tmp/resolv.conf
-rw-r--r--    1 root     root            32 Oct 15 19:34 /tmp/resolv.conf
-rw-r--r--    1 root     root            35 Oct 15 19:34 /tmp/resolv.conf.auto
head: invalid number '-0'
root@XD4200:~#

trendy · October 15, 2019, 1:12pm

This command was not pasted properly. Try to run it once again.
Other than that the config looks fine.
Run the following tcpdump and plug in the WAN interface.
tcpdump -i eth0.2 -vvn

yallaiah · October 15, 2019, 1:19pm

sorry this command is showing error
here is the output

root@XD4200:~# head -n -0 /etc/resolv.*
head: invalid number '-0'

root@XD4200:~# tcpdump -i eth0.2 -vvn
tcpdump: WARNING: eth0.2: no IPv4 address assigned
tcpdump: listening on eth0.2, link-type EN10MB (Ethernet), capture size 65535 bytes
21:22:05.733826 IP (tos 0x0, ttl 64, id 0, offset 0, flags [none], proto UDP (17), length 387)
    0.0.0.0.9091 > 255.255.255.255.9090: [udp sum ok] UDP, length 359
21:22:05.788129 IP (tos 0x10, ttl 128, id 0, offset 0, flags [none], proto UDP (17), length 328)
    0.0.0.0.68 > 255.255.255.255.67: [udp sum ok] BOOTP/DHCP, Request from 44:d1:fa:59:2f:75, length 300, xid 0x17be8e00, Flags [none] (0x0000)
          Client-Ethernet-Address 44:d1:fa:59:2f:75
          Vendor-rfc1048 Extensions
            Magic Cookie 0x63825363
            DHCP-Message Option 53, length 1: Discover
            Parameter-Request Option 55, length 7: 
              Subnet-Mask, BR, Time-Zone, Default-Gateway
              Domain-Name, Domain-Name-Server, Hostname
21:22:05.788516 IP (tos 0x10, ttl 128, id 0, offset 0, flags [none], proto UDP (17), length 328)
    192.168.99.10.67 > 192.168.99.22.68: [udp sum ok] BOOTP/DHCP, Reply, length 300, xid 0x17be8e00, Flags [none] (0x0000)
          Your-IP 192.168.99.22
          Server-IP 192.168.99.10
          Client-Ethernet-Address 44:d1:fa:59:2f:75
          Vendor-rfc1048 Extensions
            Magic Cookie 0x63825363
            DHCP-Message Option 53, length 1: Offer
            Server-ID Option 54, length 4: 192.168.99.10
            Lease-Time Option 51, length 4: 3600
            Subnet-Mask Option 1, length 4: 255.255.255.0
            Default-Gateway Option 3, length 4: 192.168.99.10
            Domain-Name-Server Option 6, length 4: 8.8.8.8
21:22:05.790231 IP (tos 0x10, ttl 128, id 0, offset 0, flags [none], proto UDP (17), length 328)
    0.0.0.0.68 > 255.255.255.255.67: [udp sum ok] BOOTP/DHCP, Request from 44:d1:fa:59:2f:75, length 300, xid 0x17be8e00, Flags [none] (0x0000)
          Client-Ethernet-Address 44:d1:fa:59:2f:75
          Vendor-rfc1048 Extensions
            Magic Cookie 0x63825363
            DHCP-Message Option 53, length 1: Request
            Server-ID Option 54, length 4: 192.168.99.10
            Requested-IP Option 50, length 4: 192.168.99.22
            Parameter-Request Option 55, length 7: 
              Subnet-Mask, BR, Time-Zone, Default-Gateway
              Domain-Name, Domain-Name-Server, Hostname
21:22:05.790782 IP (tos 0x10, ttl 128, id 0, offset 0, flags [none], proto UDP (17), length 328)
    192.168.99.10.67 > 192.168.99.22.68: [udp sum ok] BOOTP/DHCP, Reply, length 300, xid 0x17be8e00, Flags [none] (0x0000)
          Your-IP 192.168.99.22
          Server-IP 192.168.99.10
          Client-Ethernet-Address 44:d1:fa:59:2f:75
          Vendor-rfc1048 Extensions
            Magic Cookie 0x63825363
            DHCP-Message Option 53, length 1: ACK
            Server-ID Option 54, length 4: 192.168.99.10
            Lease-Time Option 51, length 4: 3600
            Subnet-Mask Option 1, length 4: 255.255.255.0
            Default-Gateway Option 3, length 4: 192.168.99.10
            Domain-Name-Server Option 6, length 4: 8.8.8.8
21:22:08.793832 IP (tos 0x0, ttl 64, id 0, offset 0, flags [none], proto UDP (17), length 387)
    0.0.0.0.9091 > 255.255.255.255.9090: [udp sum ok] UDP, length 359
21:22:11.796889 IP (tos 0x0, ttl 64, id 0, offset 0, flags [none], proto UDP (17), length 387)
    0.0.0.0.9091 > 255.255.255.255.9090: [udp sum ok] UDP, length 359

yallaiah · October 15, 2019, 1:22pm

if you don't mind , can we connect via webex