[SOLVED]Network Problem

Firmware Version : LEDE Reboot 17.01.4 r3560-79f57e422d / LuCI lede-17.01 branch (git-17.290.79498-d3f0685)
Kernel Version : 4.4.92
Additional Package : kmod-bridge igmpproxy mwan3

Topology:
%E6%8B%93%E6%89%91

Switch configuration:
%E4%BA%A4%E6%8D%A2%E6%9C%BA
IPTV is multicast and I install igmpproxy to foward it into lan so that any IP(192.168.2.X) in any port could watch IPTV.

Add 2 rules in mwan3 to make sure the traffic goes to the correct wan interface.183.235.0.0/16 includes all server IP the box needs.
mwan3

Usually there is no issue occured ( router starts up completely,then devices get IP form it ).But when router reboots , devices would get the wrong IP from IPTV DHCP SERVER instead of my router .
To find out what happened , I make a simple test with a PC:
1.Unselect option 'Bring up on boot' of interface IPTV.
2.Reboot the router.
3.'ipconfig /release','ipconfig /renew' on PC.
However, the PC still gets a wrong IP.

cap
From the packets captured , we could see it is very odd that at the rebooting of router , lan and iptv two zone could connect to each other without any limitation.

And after router starts up completely , I use 'ipconfig /release','ipconfig /renew' on PC .PC always could get the correct IP (192.168.2.x) .
cap2

How could I fix that?

You don't say what your hardware is, but I"m suspecting that between the time power comes on and some point later when the switch on your router is configured by OpenWRT, for a brief few seconds it's passing your DHCP requests directly across the bridge to your ISP... I've heard of that before for some hardware. Is that consistent with what you're seeing?

Yes , that's what I see . My router is Phicomm K3 , a model without Openwrt official support , CPU BCM4709C.
Is there any way to prevent it ?

Without official support, or rather full source, no.

The usually, and pretty much only-, way to fix these issues are on the bootloader level or immediately afterwards (in the earliest kernel stages, usually by insetring a chainloaded bootloader between actual bootloader and the bulk of the kernel has loaded). With either of these options you need to reconfigure the switch as early as possible to isolate all switch ports, until userspace can apply the actually intended vlan settings. Even this might not completely prevent any leakage, but the purpose is to shorten the time frame enough to (at least) avoid a successful dhcp handshake.

For this to work, you do need pretty intimate knowledge about the switch used in your router and how to configure it on a pretty low level. Furthermore you either need full/ working bootloader code, so you can rebuild it in a way that allows hooking the switch initialization (port isolation) into it -- or full kernel code, to go the route of inserting an intermediate kernel loader (doing exactly the same) into it.

The approach of inserting an intermediate loader leaves the actual bootloader alone, which makes this usually the safer option and therefore preferred in most cases.

Thank you!What you said is completely right!
My router is a Broadcom CPU product which has a bootloader called CFE.I've just got into it , do the same test above and got a same result that PC get a wrong IP.
The solution you offer is nearly impossible for the rookies like me . But I found even in bootloader , wan port would not directly connect to other three.So I use wan port to connect IPTV , a lan port to connect INTERNET. And it solved my problem temporally.

This topic was automatically closed 6 days after the last reply. New replies are no longer allowed.