[SOLVED] NO LAN (wired ethernet) IPv6 (but with WiFi all is ok)

I have installed from scratch two new OpenWRT 19.07.2 on EspressoBin Board (mvebu).
All is working fine on IPv6 while following this howto :

But all working fine only in WiFi...
WiFi clients gets IPv6 (PC, MAC, iPAD, iPhone, Android ...)
While when connecting in ethernet, (same zone than WiFi) I get only one fe80... local link IPv6 (UBUNTU or MINT), or none at all (MAC) and no connection to the Internet...

Is there any known issues about this ?
Is there any debugging how-to to follow ?

I still have the problem...
Any clue about this issue ?
I have only wifi ipv6, but no ipv6 with ethernet...
I am testing with ubuntu !

Please copy the output of the following commands and post it here using the "Preformatted text </> " button:
grafik
Remember to redact passwords, MAC addresses and any public IP addresses you may have:

cat /etc/config/network
cat /etc/config/wireless
cat /etc/config/dhcp
cat /etc/config/firewall
root@LPM:~# cat /etc/config/network 

config interface 'loopback'
	option ifname 'lo'
	option proto 'static'
	option ipaddr '127.0.0.1'
	option netmask '255.0.0.0'

config globals 'globals'
	option ula_prefix 'fdf9:042b:7194::/48'

config interface 'lan'
	option type 'bridge'
	option proto 'static'
	option netmask '255.255.255.0'
	option ipaddr '10.4.2.1'
	option ifname 'lan0 lan1'
	option igmp_snooping '1'
	option stp '1'
	list ip6class 'local'
	option ip6assign '64'

config interface 'wan'
	option ifname 'wan'
	option dhcpv6 'relay'
	option ra 'relay'
	option ndp 'relay'
	option master '1'
	option proto 'dhcp'
	option force_link '1'

config interface 'wan6'
	option ifname 'wan'
	option proto 'dhcpv6'
	option reqaddress 'try'
	option reqprefix '56'

config interface 'DMZ'
	option proto 'static'
	option type 'bridge'
	option netmask '255.255.255.0'
	option ipaddr '10.4.1.1'
	option igmp_snooping '1'
	option stp '1'
	option ip6assign '60'

config interface 'WG_NDDC'
	option proto 'wireguard'
	option private_key '<OBFUSCATED>'
	option listen_port '52900'
	list addresses '10.10.4.1'
	option force_link '1'

config wireguard_WG_NDDC
	option description 'LOUCHE'
	option public_key '<OBFUSCATED>'
	option route_allowed_ips '1'
	option endpoint_host '<OBFUSCATED>'
	option endpoint_port '52900'
	option persistent_keepalive '25'
	list allowed_ips '10.10.3.1/32'
	list allowed_ips '10.3.2.0/24'
	list allowed_ips '192.168.3.0/24'

config wireguard_WG_NDDC
	option public_key '<OBFUSCATED>'
	option description 'LGM'
	option persistent_keepalive '25'
	list allowed_ips '10.10.6.1/32'
	list allowed_ips '10.6.2.0/24'
	list allowed_ips '10.6.1.0/24'
	option route_allowed_ips '1'
	option endpoint_port '52900'

root@LPM:~# cat /etc/config/dhcp

config dnsmasq
	option localise_queries '1'
	option rebind_protection '1'
	option rebind_localhost '1'
	option expandhosts '1'
	option readethers '1'
	option resolvfile '/tmp/resolv.conf.auto'
	option nonwildcard '0'
	option leasefile '/root/dhcp.leases'
	list rebind_domain 'gk2.net'
	option localservice '0'
	option quietdhcp '1'
	option boguspriv '0'
	option domain '<OBFUSCATED>'
	list server '/<OBFUSCATED>/10.4.2.1'
	list server '/<OBFUSCATED>/10.2.1.1'
	list server '/<OBFUSCATED>/10.3.2.1'
	list server '212.27.40.240'
	list server '212.27.40.241'
	list server '2a01:e00::2'
	list server '2a01:e00::1'
	list server '8.8.8.8'
	list server '9.9.9.9'
	list server '/<OBFUSCATED>/10.4.2.1'
	list server '/<OBFUSCATED>/10.6.2.1'
	option local '/<OBFUSCATED>/'
	option authoritative '1'
	option confdir '/root/adblock/dns'

config dhcp 'lan'
	option interface 'lan'
	option start '100'
	option limit '150'
	option leasetime '12h'
	list dhcp_option '3,10.4.2.1'
	list dhcp_option '6,10.4.2.1'
	list dhcp_option '15,<OBFUSCATED>'
	option ra 'relay'
	option dhcpv6 'relay'
	option ndp 'relay'

config dhcp 'wan'
	option interface 'wan'
	option ignore '1'
	option ra 'relay'
	option dhcpv6 'relay'
	option ndp 'relay'
	option master '1'

config odhcpd 'odhcpd'
	option maindhcp '0'
	option leasefile '/tmp/hosts/odhcpd'
	option leasetrigger '/usr/sbin/odhcpd-update'
	option loglevel '4'

config dhcp 'DMZ'
	option start '100'
	option leasetime '12h'
	option limit '150'
	option interface 'DMZ'
	option ra 'relay'
	option dhcpv6 'relay'
	option ndp 'relay'

config domain
	option name '<OBFUSCATED>'
	option ip '<OBFUSCATED>'

config domain
	option name '<OBFUSCATED>'
	option ip '<OBFUSCATED>'

config domain
	option ip '<OBFUSCATED>'
	option name '<OBFUSCATED>'

config host
	option name 'STARGATE'
	option dns '1'
	option ip '10.4.2.3'
	option mac '<OBFUSCATED>'

config host
	option mac '<OBFUSCATED>'
	option name 'BORNE'
	option dns '1'
	option ip '10.4.2.2'

config host
	option mac '<OBFUSCATED>'
	option dns '1'
	option ip '10.4.2.11'
	option name 'HL8250'

config host
	option mac '<OBFUSCATED>'
	option name 'OWRT-DEV'
	option dns '1'
	option ip '10.4.2.20'

config host
	option mac '<OBFUSCATED>'
	option name 'GDISK'
	option dns '1'
	option ip '10.4.2.25'

config host
	option mac '<OBFUSCATED>'
	option name 'myJITSI'
	option dns '1'
	option ip '10.4.2.53'

config host
	option mac '<OBFUSCATED>'
	option name 'myAJENTI'
	option dns '1'
	option ip '10.4.2.58'

config host
	option mac '<OBFUSCATED>'
	option name 'myREVERSE'
	option dns '1'
	option ip '10.4.2.16'

config domain
	option name '<OBFUSCATED>'
	option ip '10.4.2.20'

config domain
	option name '<OBFUSCATED>'
	option ip '<OBFUSCATED>'

config domain
	option name '<OBFUSCATED>'
	option ip '<OBFUSCATED>'

root@LPM:~# cat /etc/config/wireless 

config wifi-device 'radio0'
	option type 'mac80211'
	option path 'soc/d0070000.pcie/pci0000:00/0000:00:00.0'
	option htmode 'HT40'
	option hwmode '11g'
	option country 'FR'
	option channel '9'

config wifi-iface 'default_radio0'
	option device 'radio0'
	option mode 'ap'
	option encryption 'psk-mixed'
	option key '<OBFUSCATED>'
	option ssid 'VISITE'
	option network 'lan'

config wifi-iface 'wifinet0'
	option device 'radio0'
	option mode 'ap'
	option ssid 'ptitbob'
	option network 'lan'
	option hidden '1'
	option key '<OBFUSCATED>'
	option encryption 'psk-mixed'

config wifi-iface 'wifinet1'
	option device 'radio0'
	option mode 'ap'
	option ssid 'tribuK'
	option network 'lan'
	option hidden '1'
	option encryption 'psk-mixed'
	option key '<OBFUSCATED>'

config wifi-iface 'wifinet3'
	option ssid 'LABORNE'
	option encryption 'psk-mixed'
	option device 'radio0'
	option mode 'ap'
	option network 'lan'
	option key '<OBFUSCATED>'

root@LPM:~# cat /etc/config/firewall 

config defaults
	option syn_flood '1'
	option input 'ACCEPT'
	option output 'ACCEPT'
	option forward 'REJECT'
	option flow_offloading '1'
	option flow_offloading_hw '1'
	option drop_invalid '1'

config zone
	option name 'lan'
	option input 'ACCEPT'
	option output 'ACCEPT'
	option forward 'ACCEPT'
	option network 'lan'

config zone
	option name 'wan'
	option output 'ACCEPT'
	option masq '1'
	option conntrack '1'
	option input 'DROP'
	option forward 'DROP'
	option network 'wan wan6'

config rule
	option name 'Allow-DHCP-Renew'
	option src 'wan'
	option proto 'udp'
	option dest_port '68'
	option target 'ACCEPT'
	option family 'ipv4'

config rule
	option name 'Allow-Ping'
	option src 'wan'
	option proto 'icmp'
	option icmp_type 'echo-request'
	option family 'ipv4'
	option target 'ACCEPT'

config rule
	option name 'Allow-IGMP'
	option src 'wan'
	option proto 'igmp'
	option family 'ipv4'
	option target 'ACCEPT'

config rule
	option name 'Allow-DHCPv6'
	option src 'wan'
	option proto 'udp'
	option src_ip 'fc00::/6'
	option dest_ip 'fc00::/6'
	option dest_port '546'
	option family 'ipv6'
	option target 'ACCEPT'

config rule
	option name 'Allow-MLD'
	option src 'wan'
	option proto 'icmp'
	option src_ip 'fe80::/10'
	list icmp_type '130/0'
	list icmp_type '131/0'
	list icmp_type '132/0'
	list icmp_type '143/0'
	option family 'ipv6'
	option target 'ACCEPT'

config rule
	option name 'Allow-ICMPv6-Input'
	option src 'wan'
	option proto 'icmp'
	list icmp_type 'echo-request'
	list icmp_type 'echo-reply'
	list icmp_type 'destination-unreachable'
	list icmp_type 'packet-too-big'
	list icmp_type 'time-exceeded'
	list icmp_type 'bad-header'
	list icmp_type 'unknown-header-type'
	list icmp_type 'router-solicitation'
	list icmp_type 'neighbour-solicitation'
	list icmp_type 'router-advertisement'
	list icmp_type 'neighbour-advertisement'
	option limit '1000/sec'
	option family 'ipv6'
	option target 'ACCEPT'

config rule
	option name 'Allow-ICMPv6-Forward'
	option src 'wan'
	option dest '*'
	option proto 'icmp'
	list icmp_type 'echo-request'
	list icmp_type 'echo-reply'
	list icmp_type 'destination-unreachable'
	list icmp_type 'packet-too-big'
	list icmp_type 'time-exceeded'
	list icmp_type 'bad-header'
	list icmp_type 'unknown-header-type'
	option limit '1000/sec'
	option family 'ipv6'
	option target 'ACCEPT'

config rule
	option name 'Allow-IPSec-ESP'
	option src 'wan'
	option dest 'lan'
	option proto 'esp'
	option target 'ACCEPT'

config rule
	option name 'Allow-ISAKMP'
	option src 'wan'
	option dest 'lan'
	option dest_port '500'
	option proto 'udp'
	option target 'ACCEPT'

config include
	option path '/etc/firewall.user'

config zone
	option name 'dmz'
	option input 'ACCEPT'
	option forward 'REJECT'
	option output 'ACCEPT'
	option network 'DMZ'

config forwarding
	option dest 'dmz'
	option src 'lan'

config forwarding
	option dest 'dmz'
	option src 'vpn'

config forwarding
	option dest 'lan'
	option src 'vpn'

config forwarding
	option dest 'vpn'
	option src 'lan'

config forwarding
	option dest 'wan'
	option src 'dmz'

config forwarding
	option dest 'wan'
	option src 'lan'

config rule
	option src '*'
	option target 'ACCEPT'
	option proto 'udp'
	option dest_port '52900'
	option name 'Allow-Wireguard-Inbound'

config zone
	option name 'WG_NDDC'
	option input 'ACCEPT'
	option forward 'ACCEPT'
	option output 'ACCEPT'
	option masq '1'
	option network 'WG_NDDC'

config forwarding
	option src 'WG_NDDC'
	option dest 'wan'

config forwarding
	option src 'WG_NDDC'
	option dest 'lan'

config forwarding
	option src 'lan'
	option dest 'WG_NDDC'

config forwarding
	option src 'wan'
	option dest 'WG_NDDC'

config redirect
	option target 'DNAT'
	option src 'wan'
	option proto 'udp'
	option src_dport '52900'
	option dest_port '52900'
	option name 'WIREGUARD'

config rule
	option target 'ACCEPT'
	option src 'wan'
	option proto 'udp'
	option dest_port '547'
	option name 'Allow DHCPv6 (546-to-547)'
	option family 'ipv6'
	option src_port '546'
	option dest 'lan'

config rule
	option target 'ACCEPT'
	option src 'wan'
	option proto 'udp'
	option dest_port '546'
	option name 'Allow DHCPv6 (547-to-546)'
	option family 'ipv6'
	option src_port '547'
	option dest 'lan'

config redirect
	list proto 'tcp'
	option dest_port '443'
	option name 'HTTPS'
	option dest 'lan'
	option target 'DNAT'
	option src_dport '443'
	option dest_ip '10.4.2.16'
	option src 'dmz'
	option reflection_src 'external'

config redirect
	option dest_port '80'
	option name 'HTTP'
	option target 'DNAT'
	option dest 'lan'
	option src 'dmz'
	option reflection_src 'external'
	option src_dport '80'
	option dest_ip '10.4.2.16'

config redirect 'adblock_dns_53'
	option name 'Adblock DNS, port 53'
	option src 'lan'
	option proto 'tcp udp'
	option src_dport '53'
	option dest_port '53'
	option target 'DNAT'

config redirect 'adblock_dns_853'
	option name 'Adblock DNS, port 853'
	option src 'lan'
	option proto 'tcp udp'
	option src_dport '853'
	option dest_port '853'
	option target 'DNAT'

config redirect 'adblock_dns_5353'
	option name 'Adblock DNS, port 5353'
	option src 'lan'
	option proto 'tcp udp'
	option src_dport '5353'
	option dest_port '5353'
	option target 'DNAT'

config redirect
	option dest_port '443'
	option src 'wan'
	option name 'VIDEO'
	option src_dport '8443'
	option target 'DNAT'
	option dest_ip '10.4.2.53'
	option dest 'lan'
	list proto 'tcp'
	option enabled '0'

config redirect
	option src 'wan'
	option name 'VIDEO'
	option target 'DNAT'
	option dest_ip '10.4.2.53'
	option dest 'lan'
	option dest_port '10000-20000'
	option src_dport '10000-20000'
	list proto 'tcp'
	list proto 'udp'
	option enabled '0'

config redirect
	option dest_port '4443'
	option src 'wan'
	option name 'VIDEO'
	option src_dport '4443'
	option target 'DNAT'
	option dest_ip '10.4.2.53'
	option dest 'lan'
	list proto 'tcp'
	option enabled '0'

config redirect
	option dest_port '443'
	option src 'wan'
	option name 'HTTPS'
	option src_dport '443'
	option target 'DNAT'
	option dest 'lan'
	list proto 'tcp'
	option dest_ip '10.4.2.16'
	option reflection_src 'external'

config redirect
	option dest_port '80'
	option src 'wan'
	option name 'HTTP'
	option src_dport '80'
	option target 'DNAT'
	option dest 'lan'
	list proto 'tcp'
	option dest_ip '10.4.2.16'
	option reflection_src 'external'

root@LPM:~# cat /etc/firewall.user 
# This file is interpreted as shell script.
# Put your custom iptables rules here, they will
# be executed with each firewall (re-)start.

# Internal uci firewall chains are flushed and recreated on reload, so
# put custom rules into the root chains e.g. INPUT or FORWARD or into the
# special user chains, e.g. input_wan_rule or postrouting_lan_rule.



Is there anything which may bug IPv6 on ethernet but still work on wifi ?

Your wireless networks are bridges to the LAN interface, so they should behave exactly the same as the wired clients.

However, your LAN network lists "lan0" and "lan1" as the interfaces, and that is a bit confusing to me, because I have never seen that naming before. Also, you do not seem to have a switch configuration. Are your wired clients connected to this LAN network too?

Do LAN and WAN MAC addresses happen to be the same?

Yes, this is an espressobin board and OpenWRT see the 3 ethernet (WAN / LAN0 / LAN1) with the same mac hardware address

it is a unsupported switch (new driver).
Yes the LAN network wired clients are connected to this bridge with « lan0 » «and « lan1 » the ports name of the espressobin board LAN0 / LAN1...

Try setting a different MAC on WAN

I have tried setting a different mac hardware address on WAN (+1) and reboot the box...
Same problems !

Yes, it is why I am lost in this problem from months...

Then try snapshot. It might be fixed upstream

Tried, and not fixed...
19.07.4 still got problem for my ubuntu, but only on the wired connection, then wifi is ok !

Please post a fresh troubleshooting output:

ubus call system board; \
uci export network; uci export wireless; \
uci export dhcp; uci export firewall; \
head -n -0 /etc/firewall.user; \
ip -6 addr ; ip -6 ro li tab all ; ip -6 ru
root@LPM:~# ubus call system board; \
> uci export network; uci export wireless; \
> uci export dhcp; uci export firewall; \
> head -n -0 /etc/firewall.user; \
> ip -6 addr ; ip -6 ro li tab all ; ip -6 ru

{
	"kernel": "4.14.195",
	"hostname": "LPM",
	"model": "Globalscale Marvell ESPRESSOBin Board V7 (eMMC)",
	"board_name": "globalscale,espressobin-v7-emmc",
	"release": {
		"distribution": "OpenWrt",
		"version": "19.07.4",
		"revision": "r11208-ce6496d796",
		"target": "mvebu/cortexa53",
		"description": "OpenWrt 19.07.4 r11208-ce6496d796"
	}
}

package network

config interface 'loopback'
	option ifname 'lo'
	option proto 'static'
	option ipaddr '127.0.0.1'
	option netmask '255.0.0.0'

config globals 'globals'
	option ula_prefix 'fdf9:042b:7194::/48'

config interface 'lan'
	option type 'bridge'
	option proto 'static'
	option netmask '255.255.255.0'
	option ipaddr '10.4.2.1'
	option ifname 'lan0 lan1'
	list ip6class 'local'
	list ip6class 'wan6'
	option macaddr 'F0:AD:4E:08:AA:5F'
	option ip6assign '64'
	option ip6hint '10'

config interface 'wan'
	option ifname 'wan'
	option dhcpv6 'relay'
	option ra 'relay'
	option ndp 'relay'
	option master '1'
	option proto 'static'
	option ipaddr 'xxxxxxxxx'
	option netmask '255.255.255.0'
	option gateway 'xxxxxxxx'
	list dns '127.0.0.1#53'
	option ip6assign '60'

config interface 'wan6'
	option ifname 'wan'
	option proto 'dhcpv6'
	option reqaddress 'try'
	option peerdns '0'
	list dns 'fdf9:42b:7194:10::1'
	option reqprefix 'auto'

config interface 'DMZ'
	option proto 'static'
	option type 'bridge'
	option netmask '255.255.255.0'
	option ipaddr '10.4.1.1'
	option igmp_snooping '1'
	option stp '1'
	option ip6assign '60'

config interface 'WG_NDDC'
	option proto 'wireguard'
	option private_key 'xxxx'
	option listen_port '52900'
	list addresses '10.10.4.1'
	option force_link '1'

config wireguard_WG_NDDC
	option description 'LOUCHE'
	option public_key 'xxxx'
	option route_allowed_ips '1'
	option endpoint_host 'louche.gk2.net'
	option endpoint_port '52900'
	option persistent_keepalive '25'
	list allowed_ips '10.10.3.1/32'
	list allowed_ips '10.3.2.0/24'
	list allowed_ips '192.168.3.0/24'

config wireguard_WG_NDDC
	option public_key 'xxxx'
	option description 'LGM'
	option persistent_keepalive '25'
	list allowed_ips '10.10.6.1/32'
	list allowed_ips '10.6.2.0/24'
	list allowed_ips '10.6.1.0/24'
	option route_allowed_ips '1'
	option endpoint_port '52900'

package wireless

config wifi-device 'radio0'
	option type 'mac80211'
	option path 'soc/d0070000.pcie/pci0000:00/0000:00:00.0'
	option htmode 'HT40'
	option hwmode '11g'
	option country 'FR'
	option channel '9'

config wifi-iface 'default_radio0'
	option device 'radio0'
	option mode 'ap'
	option encryption 'psk-mixed'
	option key 'xxxx'
	option ssid 'VISITE'
	option network 'lan'

config wifi-iface 'wifinet0'
	option device 'radio0'
	option mode 'ap'
	option ssid 'ptitbob'
	option network 'lan'
	option hidden '1'
	option key 'xxxx'
	option encryption 'psk-mixed'

config wifi-iface 'wifinet1'
	option device 'radio0'
	option mode 'ap'
	option ssid 'tribuK'
	option network 'lan'
	option hidden '1'
	option encryption 'psk-mixed'
	option key 'xxxx'

config wifi-iface 'wifinet3'
	option ssid 'LABORNE'
	option encryption 'psk-mixed'
	option device 'radio0'
	option mode 'ap'
	option network 'lan'
	option key 'xxxx'

config wifi-iface 'wifinet4'
	option network 'lan'
	option ssid 'TOR'
	option encryption 'psk2'
	option device 'radio0'
	option mode 'ap'
	option hidden '1'
	option key 'xxxx'

package dhcp

config dnsmasq
	option localise_queries '1'
	option rebind_protection '1'
	option rebind_localhost '1'
	option expandhosts '1'
	option readethers '1'
	option nonwildcard '0'
	option leasefile '/root/dhcp.leases'
	option localservice '0'
	option quietdhcp '1'
	option domain 'lpm.nddc.gk2.net'
	option local '/lpm.nddc.gk2.net/'
	option authoritative '1'
	list rebind_domain 'gk2.net'
	list rebind_domain 'onion'
	option allservers '1'
	option nonegcache '1'
	option filterwin2k '1'
	option confdir '/tmp/dnsmasq.d'
	option noresolv '1'
	option port '53'
	list server '127.0.0.1#5353'
	list server '10.4.2.1#5353'
	list server '/nddc.gk2.net/10.4.2.1'
	list server '/village.gk2.net/10.2.1.1'
	list server '/louche.gk2.net/10.3.2.1'
	list server '/lpm.nddc.gk2.net/10.4.2.1'
	list server '/lgm.nddc.gk2.net/10.6.2.1'
	list server '/onion/127.0.0.1#9053'
	list server 'fdf9:42b:7194:10::1#5353'

config dhcp 'lan'
	option interface 'lan'
	option start '100'
	option limit '150'
	option leasetime '12h'
	list dhcp_option '3,10.4.2.1'
	list dhcp_option '6,10.4.2.1'
	list dhcp_option '15,lpm.nddc.gk2.net'
	option force '1'
	list dns 'fdf9:42b:7194:10::1'
	list domain 'lpm.nddc.gk2.net'
	option ra 'relay'
	option ndp 'relay'
	option dhcpv6 'relay'

config dhcp 'wan'
	option interface 'wan'
	option ra 'relay'
	option dhcpv6 'relay'
	option ndp 'relay'
	option master '1'
	option ignore '1'

config odhcpd 'odhcpd'
	option maindhcp '0'
	option leasefile '/tmp/hosts/odhcpd'
	option leasetrigger '/usr/sbin/odhcpd-update'
	option loglevel '4'

config dhcp 'DMZ'
	option start '100'
	option leasetime '12h'
	option limit '150'
	option interface 'DMZ'
	option ra 'relay'
	option dhcpv6 'relay'
	option ndp 'relay'

config domain
	option name 'louche.gk2.net'
	option ip '88.178.80.34'

config domain
	option name 'nddc.gk2.net'
	option ip '78.200.26.76'

config domain
	option ip '78.200.27.94'
	option name 'lgm.gk2.net'

config host
	option name 'STARGATE'
	option dns '1'
	option ip '10.4.2.3'
	option mac 'F0:AD:4E:08:AA:CA'

config host
	option mac 'F0:AD:4E:08:AB:3D'
	option name 'BORNE'
	option dns '1'
	option ip '10.4.2.2'

config host
	option mac '30:05:5C:C3:23:A5'
	option dns '1'
	option ip '10.4.2.11'
	option name 'HL8250'

config host
	option mac 'F0:AD:4E:08:AA:C3'
	option name 'OWRT-DEV'
	option dns '1'
	option ip '10.4.2.20'

config host
	option mac '28:C6:8E:35:9B:79'
	option name 'GDISK'
	option dns '1'
	option ip '10.4.2.25'

config host
	option mac '00:FF:AA:00:00:03'
	option name 'myJITSI'
	option dns '1'
	option ip '10.4.2.53'

config host
	option mac '00:FF:AA:00:00:08'
	option name 'myAJENTI'
	option dns '1'
	option ip '10.4.2.58'

config host
	option mac '00:FF:AA:00:00:10'
	option name 'myREVERSE'
	option dns '1'
	option ip '10.4.2.16'

config domain
	option name 'tribu.lpm.nddc.gk2.net'
	option ip '10.4.2.20'

config domain
	option name 'village.gk2.net'
	option ip '78.200.26.76'

config domain
	option name 'tribu.gk2.net'
	option ip '78.200.26.76'

config host
	option mac '00:FF:AA:00:03:01'
	option name 'KLUB'
	option dns '1'
	option ip '10.4.2.165'

config domain
	option name 'klub.gk2.net'
	option ip '78.200.26.76'

config host
	option name 'myNextCloud'
	option dns '1'
	option mac '00:FF:AA:BB:CC:01'
	option ip '10.4.2.159'

config host
	option mac '00:FF:AA:BB:CC:02'
	option name 'myMastodon'
	option dns '1'
	option ip '10.4.2.100'

config host
	option name 'yuhonost'
	option dns '1'
	option mac 'DC:A6:32:C5:2B:21'
	option ip '10.4.2.207'

package firewall

config defaults
	option input 'ACCEPT'
	option output 'ACCEPT'
	option forward 'REJECT'
	option drop_invalid '1'
	option synflood_protect '1'

config zone
	option name 'lan'
	option input 'ACCEPT'
	option output 'ACCEPT'
	option forward 'ACCEPT'
	option network 'lan'

config zone
	option name 'wan'
	option output 'ACCEPT'
	option masq '1'
	option conntrack '1'
	option input 'DROP'
	option forward 'DROP'
	option network 'wan wan6'

config rule
	option name 'Allow-DHCP-Renew'
	option src 'wan'
	option proto 'udp'
	option dest_port '68'
	option target 'ACCEPT'
	option family 'ipv4'

config rule
	option name 'Allow-Ping'
	option src 'wan'
	option proto 'icmp'
	option icmp_type 'echo-request'
	option family 'ipv4'
	option target 'ACCEPT'

config rule
	option name 'Allow-IGMP'
	option src 'wan'
	option proto 'igmp'
	option family 'ipv4'
	option target 'ACCEPT'

config rule
	option name 'Allow-DHCPv6'
	option src 'wan'
	option proto 'udp'
	option src_ip 'fc00::/6'
	option dest_ip 'fc00::/6'
	option dest_port '546'
	option family 'ipv6'
	option target 'ACCEPT'

config rule
	option name 'Allow-MLD'
	option src 'wan'
	option proto 'icmp'
	option src_ip 'fe80::/10'
	list icmp_type '130/0'
	list icmp_type '131/0'
	list icmp_type '132/0'
	list icmp_type '143/0'
	option family 'ipv6'
	option target 'ACCEPT'

config rule
	option name 'Allow-ICMPv6-Input'
	option src 'wan'
	option proto 'icmp'
	list icmp_type 'echo-request'
	list icmp_type 'echo-reply'
	list icmp_type 'destination-unreachable'
	list icmp_type 'packet-too-big'
	list icmp_type 'time-exceeded'
	list icmp_type 'bad-header'
	list icmp_type 'unknown-header-type'
	list icmp_type 'router-solicitation'
	list icmp_type 'neighbour-solicitation'
	list icmp_type 'router-advertisement'
	list icmp_type 'neighbour-advertisement'
	option limit '1000/sec'
	option family 'ipv6'
	option target 'ACCEPT'

config rule
	option name 'Allow-ICMPv6-Forward'
	option src 'wan'
	option dest '*'
	option proto 'icmp'
	list icmp_type 'echo-request'
	list icmp_type 'echo-reply'
	list icmp_type 'destination-unreachable'
	list icmp_type 'packet-too-big'
	list icmp_type 'time-exceeded'
	list icmp_type 'bad-header'
	list icmp_type 'unknown-header-type'
	option limit '1000/sec'
	option family 'ipv6'
	option target 'ACCEPT'

config rule
	option name 'Allow-IPSec-ESP'
	option src 'wan'
	option dest 'lan'
	option proto 'esp'
	option target 'ACCEPT'

config rule
	option name 'Allow-ISAKMP'
	option src 'wan'
	option dest 'lan'
	option dest_port '500'
	option proto 'udp'
	option target 'ACCEPT'

config include
	option path '/etc/firewall.user'

config zone
	option name 'dmz'
	option input 'ACCEPT'
	option forward 'REJECT'
	option output 'ACCEPT'
	option network 'DMZ'

config forwarding
	option dest 'dmz'
	option src 'lan'

config forwarding
	option dest 'dmz'
	option src 'vpn'

config forwarding
	option dest 'lan'
	option src 'vpn'

config forwarding
	option dest 'vpn'
	option src 'lan'

config forwarding
	option dest 'wan'
	option src 'dmz'

config forwarding
	option dest 'wan'
	option src 'lan'

config rule
	option src '*'
	option target 'ACCEPT'
	option proto 'udp'
	option dest_port '52900'
	option name 'Allow-Wireguard-Inbound'

config zone
	option name 'WG_NDDC'
	option input 'ACCEPT'
	option forward 'ACCEPT'
	option output 'ACCEPT'
	option masq '1'
	option network 'WG_NDDC'

config forwarding
	option src 'WG_NDDC'
	option dest 'wan'

config forwarding
	option src 'WG_NDDC'
	option dest 'lan'

config forwarding
	option src 'lan'
	option dest 'WG_NDDC'

config redirect
	option target 'DNAT'
	option src 'wan'
	option proto 'udp'
	option src_dport '52900'
	option dest_port '52900'
	option name 'WIREGUARD'

config rule
	option target 'ACCEPT'
	option src 'wan'
	option proto 'udp'
	option dest_port '547'
	option name 'Allow DHCPv6 (546-to-547)'
	option family 'ipv6'
	option src_port '546'
	option dest 'lan'

config rule
	option target 'ACCEPT'
	option src 'wan'
	option proto 'udp'
	option dest_port '546'
	option name 'Allow DHCPv6 (547-to-546)'
	option family 'ipv6'
	option src_port '547'
	option dest 'lan'

config redirect
	option dest_port '443'
	option src 'wan'
	option name 'HTTPS'
	option src_dport '443'
	option target 'DNAT'
	option dest 'lan'
	list proto 'tcp'
	option dest_ip '10.4.2.16'
	option reflection_src 'external'

config redirect
	list proto 'tcp'
	option dest_port '443'
	option name 'HTTPS'
	option dest 'lan'
	option target 'DNAT'
	option src_dport '443'
	option dest_ip '10.4.2.16'
	option src 'dmz'
	option reflection_src 'external'

config redirect
	option dest_port '80'
	option src 'wan'
	option name 'HTTP'
	option src_dport '80'
	option target 'DNAT'
	option dest 'lan'
	list proto 'tcp'
	option dest_ip '10.4.2.16'
	option reflection_src 'external'

config redirect
	option dest_port '80'
	option name 'HTTP'
	option target 'DNAT'
	option dest 'lan'
	option src 'dmz'
	option reflection_src 'external'
	option src_dport '80'
	option dest_ip '10.4.2.16'

config redirect
	option dest_port '3478'
	option src 'wan'
	option name 'TURN'
	option src_dport '3478'
	option target 'DNAT'
	option dest_ip '10.4.2.159'
	option dest 'lan'
	option reflection_src 'external'

config redirect 'adblock_dns_9053'
	option src 'lan'
	option proto 'tcp udp'
	option target 'DNAT'
	option dest_port '53'
	option name 'Adblock DNS, port 53'
	option src_dport '53'
	option dest 'lan'
	option dest_ip '10.4.2.1'

config redirect
	option dest_port '443'
	option src 'wan'
	option name 'VIDEO'
	option src_dport '8443'
	option target 'DNAT'
	option dest_ip '10.4.2.53'
	option dest 'lan'
	list proto 'tcp'
	option enabled '0'

config redirect
	option src 'wan'
	option name 'VIDEO'
	option target 'DNAT'
	option dest_ip '10.4.2.53'
	option dest 'lan'
	option dest_port '10000-20000'
	option src_dport '10000-20000'
	list proto 'tcp'
	list proto 'udp'
	option enabled '0'

config redirect
	option dest_port '4443'
	option src 'wan'
	option name 'VIDEO'
	option src_dport '4443'
	option target 'DNAT'
	option dest_ip '10.4.2.53'
	option dest 'lan'
	list proto 'tcp'
	option enabled '0'

config redirect
	option dest_port '25'
	option src 'wan'
	option name 'postfix'
	option src_dport '25'
	option target 'DNAT'
	option dest_ip '10.4.2.207'
	option dest 'lan'
	list proto 'tcp'
	list proto 'udp'

config redirect
	option dest_port '587'
	option src 'wan'
	option name 'postfix'
	option src_dport '587'
	option target 'DNAT'
	option dest_ip '10.4.2.207'
	option dest 'lan'
	list proto 'tcp'
	list proto 'udp'

config redirect
	option dest_port '993'
	option src 'wan'
	option name 'dovecot'
	option src_dport '993'
	option target 'DNAT'
	option dest_ip '10.4.2.207'
	option dest 'lan'
	list proto 'tcp'
	list proto 'udp'

config redirect
	option dest_port '5222'
	option src 'wan'
	option name 'metronome'
	option src_dport '5222'
	option target 'DNAT'
	option dest_ip '10.4.2.207'
	option dest 'lan'
	list proto 'tcp'
	list proto 'udp'

config redirect
	option dest_port '5269'
	option src 'wan'
	option name 'metronome'
	option src_dport '5269'
	option target 'DNAT'
	option dest_ip '10.4.2.207'
	option dest 'lan'
	list proto 'tcp'
	list proto 'udp'

config redirect
	option dest_port '25'
	option src 'dmz'
	option name 'postfix'
	option src_dport '25'
	option target 'DNAT'
	option dest_ip '10.4.2.207'
	option dest 'lan'
	list proto 'tcp'
	list proto 'udp'

config redirect
	option dest_port '587'
	option src 'dmz'
	option name 'postfix'
	option src_dport '587'
	option target 'DNAT'
	option dest_ip '10.4.2.207'
	option dest 'lan'
	list proto 'tcp'
	list proto 'udp'

config redirect
	option dest_port '993'
	option src 'dmz'
	option name 'dovecot'
	option src_dport '993'
	option target 'DNAT'
	option dest_ip '10.4.2.207'
	option dest 'lan'
	list proto 'tcp'
	list proto 'udp'

config redirect
	option dest_port '5222'
	option src 'dmz'
	option name 'metronome'
	option src_dport '5222'
	option target 'DNAT'
	option dest_ip '10.4.2.207'
	option dest 'lan'
	list proto 'tcp'
	list proto 'udp'

config redirect
	option dest_port '5269'
	option src 'dmz'
	option name 'metronome'
	option src_dport '5269'
	option target 'DNAT'
	option dest_ip '10.4.2.207'
	option dest 'lan'
	list proto 'tcp'
	list proto 'udp'

# This file is interpreted as shell script.
# Put your custom iptables rules here, they will
# be executed with each firewall (re-)start.

# Internal uci firewall chains are flushed and recreated on reload, so
# put custom rules into the root chains e.g. INPUT or FORWARD or into the
# special user chains, e.g. input_wan_rule or postrouting_lan_rule.

# iptables -t nat -A prerouting_rule -p udp --dport 53 -j REDIRECT
# iptables -t nat -A prerouting_rule -p tcp --dport 53 -j REDIRECT

#keep network on pi-hole
iptables -t nat -I PREROUTING -i br-lan -p tcp --dport 53 -j DNAT --to 10.4.2.1:53
iptables -t nat -I PREROUTING -i br-lan -p udp --dport 53 -j DNAT --to 10.4.2.1:53

## Firewall Rules WIFI TOR for Transparent proxying (wlan0-4)
tor_rules() {
iptables -t nat -A PREROUTING -i wlan0-4 -p udp --dport 53 -j REDIRECT --to-port 9053
iptables -t nat -A PREROUTING -i wlan0-4 -p tcp ! --dport 80 --syn -j REDIRECT --to-port 9040
}
##tor_rules

1: lo: <LOOPBACK,UP,LOWER_UP> mtu 65536 state UNKNOWN qlen 1000
    inet6 ::1/128 scope host 
       valid_lft forever preferred_lft forever
2: eth0: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 state UP qlen 532
    inet6 fe80::f2ad:4eff:fe08:aa5d/64 scope link 
       valid_lft forever preferred_lft forever
5: wan@eth0: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 state UP qlen 1000
    inet6 fdf9:42b:7194:20::1/60 scope global noprefixroute 
       valid_lft forever preferred_lft forever
    inet6 2a01:e34:ec81:a4c0:f2ad:4eff:fe08:aa5d/64 scope global dynamic noprefixroute 
       valid_lft 86068sec preferred_lft 86068sec
    inet6 fdf9:42b:7194:11::1/64 scope global deprecated dynamic noprefixroute 
       valid_lft 6685sec preferred_lft 0sec
    inet6 fe80::f2ad:4eff:fe08:aa5d/64 scope link 
       valid_lft forever preferred_lft forever
48: br-lan: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 state UP qlen 1000
    inet6 fdf9:42b:7194:10::1/64 scope global noprefixroute 
       valid_lft forever preferred_lft forever
    inet6 fe80::f2ad:4eff:fe08:aa5f/64 scope link 
       valid_lft forever preferred_lft forever
49: wlan0: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 state UP qlen 1000
    inet6 fe80::6f0:21ff:fe46:391f/64 scope link 
       valid_lft forever preferred_lft forever
50: wlan0-1: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 state UP qlen 1000
    inet6 fe80::4f0:21ff:fe46:391f/64 scope link 
       valid_lft forever preferred_lft forever
51: wlan0-2: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 state UP qlen 1000
    inet6 fe80::f0:21ff:fe46:391f/64 scope link 
       valid_lft forever preferred_lft forever
52: wlan0-3: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 state UP qlen 1000
    inet6 fe80::cf0:21ff:fe46:391f/64 scope link 
       valid_lft forever preferred_lft forever
53: wlan0-4: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 state UP qlen 1000
    inet6 fe80::8f0:21ff:fe46:391f/64 scope link 
       valid_lft forever preferred_lft forever

default from 2a01:e34:ec81:a4c0::/64 via fe80::207:cbff:fe97:6ba9 dev wan proto static metric 512 pref medium
2a01:e34:ec81:a4c0:71c5:cfb8:f6a6:fa95 dev br-lan proto static metric 1024 pref medium
2a01:e34:ec81:a4c0:881e:f985:51c1:b59f dev br-lan proto static metric 1024 pref medium
2a01:e34:ec81:a4c0::/64 dev wan proto static metric 256 pref medium
fdf9:42b:7194:10::/64 dev br-lan proto static metric 1024 pref medium
fdf9:42b:7194:20::/64 dev wan proto static metric 1024 pref medium
unreachable fdf9:42b:7194::/48 dev lo proto static metric 2147483647 error 4294967183 pref medium
fe80::/64 dev eth0 proto kernel metric 256 pref medium
fe80::/64 dev br-lan proto kernel metric 256 pref medium
fe80::/64 dev wlan0 proto kernel metric 256 pref medium
fe80::/64 dev wlan0-1 proto kernel metric 256 pref medium
fe80::/64 dev wlan0-2 proto kernel metric 256 pref medium
fe80::/64 dev wlan0-3 proto kernel metric 256 pref medium
fe80::/64 dev wlan0-4 proto kernel metric 256 pref medium
fe80::/64 dev wan proto kernel metric 256 pref medium
local ::1 dev lo table local proto kernel metric 0 pref medium
anycast 2a01:e34:ec81:a4c0:: dev wan table local proto kernel metric 0 pref medium
local 2a01:e34:ec81:a4c0:f2ad:4eff:fe08:aa5d dev wan table local proto kernel metric 0 pref medium
anycast fdf9:42b:7194:10:: dev br-lan table local proto kernel metric 0 pref medium
local fdf9:42b:7194:10::1 dev br-lan table local proto kernel metric 0 pref medium
anycast fdf9:42b:7194:11:: dev wan table local proto kernel metric 0 pref medium
local fdf9:42b:7194:11::1 dev wan table local proto kernel metric 0 pref medium
anycast fdf9:42b:7194:20:: dev wan table local proto kernel metric 0 pref medium
local fdf9:42b:7194:20::1 dev wan table local proto kernel metric 0 pref medium
anycast fe80:: dev eth0 table local proto kernel metric 0 pref medium
anycast fe80:: dev br-lan table local proto kernel metric 0 pref medium
anycast fe80:: dev wlan0 table local proto kernel metric 0 pref medium
anycast fe80:: dev wlan0-1 table local proto kernel metric 0 pref medium
anycast fe80:: dev wlan0-2 table local proto kernel metric 0 pref medium
anycast fe80:: dev wlan0-3 table local proto kernel metric 0 pref medium
anycast fe80:: dev wlan0-4 table local proto kernel metric 0 pref medium
anycast fe80:: dev wan table local proto kernel metric 0 pref medium
local fe80::f0:21ff:fe46:391f dev wlan0-2 table local proto kernel metric 0 pref medium
local fe80::4f0:21ff:fe46:391f dev wlan0-1 table local proto kernel metric 0 pref medium
local fe80::6f0:21ff:fe46:391f dev wlan0 table local proto kernel metric 0 pref medium
local fe80::8f0:21ff:fe46:391f dev wlan0-4 table local proto kernel metric 0 pref medium
local fe80::cf0:21ff:fe46:391f dev wlan0-3 table local proto kernel metric 0 pref medium
local fe80::f2ad:4eff:fe08:aa5d dev eth0 table local proto kernel metric 0 pref medium
local fe80::f2ad:4eff:fe08:aa5d dev wan table local proto kernel metric 0 pref medium
local fe80::f2ad:4eff:fe08:aa5f dev br-lan table local proto kernel metric 0 pref medium
ff00::/8 dev eth0 table local metric 256 pref medium
ff00::/8 dev br-lan table local metric 256 pref medium
ff00::/8 dev wlan0 table local metric 256 pref medium
ff00::/8 dev wlan0-1 table local metric 256 pref medium
ff00::/8 dev wlan0-2 table local metric 256 pref medium
ff00::/8 dev wlan0-3 table local metric 256 pref medium
ff00::/8 dev wlan0-4 table local metric 256 pref medium
ff00::/8 dev wan table local metric 256 pref medium
ff00::/8 dev WG_NDDC table local metric 256 pref medium

0:	from all lookup local 
32766:	from all lookup main 
4200000001:	from all iif lo failed_policy
4200000005:	from all iif wan failed_policy
4200000005:	from all iif wan failed_policy
4200000048:	from all iif br-lan failed_policy
4200000055:	from all iif WG_NDDC failed_policy
root@LPM:~#
 

Remove the ip6classes.

This looks quite messed up as there are parts from network and parts from dhcp. Also ip6assign should not be there.

These options should be under wan6 section of dhcp, not wan. You'll have to create it manually.

2 Likes

thanks @trendy

done

cleaned and fixed

done

applied and reboot...

still the same ; no wired ipv6, but still ok with WIFI

Post them one more time please.
Also append at the bottom a brctl show

root@LPM:~# uci export network; uci export dhcp

package network

config interface 'loopback'
	option ifname 'lo'
	option proto 'static'
	option ipaddr '127.0.0.1'
	option netmask '255.0.0.0'

config globals 'globals'
	option ula_prefix 'fdf9:042b:7194::/48'

config interface 'lan'
	option type 'bridge'
	option proto 'static'
	option netmask '255.255.255.0'
	option ipaddr '10.4.2.1'
	option ifname 'lan0 lan1'
	option macaddr 'F0:AD:4E:08:AA:5F'
	option ip6assign '64'
	option ip6hint '10'

config interface 'wan'
	option ifname 'wan'
	option proto 'dhcp'
	list dns '127.0.0.1'
	option peerdns '0'

config interface 'wan6'
	option ifname 'wan'
	option proto 'dhcpv6'
	option reqaddress 'try'
	option peerdns '0'
	list dns 'fdf9:42b:7194:10::1'
	option reqprefix 'auto'

config interface 'DMZ'
	option proto 'static'
	option type 'bridge'
	option netmask '255.255.255.0'
	option ipaddr '10.4.1.1'
	option igmp_snooping '1'
	option stp '1'
	option ip6assign '60'

config interface 'WG_NDDC'
	option proto 'wireguard'
	option private_key 'xxxx'
	option listen_port '52900'
	list addresses '10.10.4.1'
	option force_link '1'

config wireguard_WG_NDDC
	option description 'LOUCHE'
	option public_key 'xxxx'
	option route_allowed_ips '1'
	option endpoint_host 'louche.gk2.net'
	option endpoint_port '52900'
	option persistent_keepalive '25'
	list allowed_ips '10.10.3.1/32'
	list allowed_ips '10.3.2.0/24'
	list allowed_ips '192.168.3.0/24'

config wireguard_WG_NDDC
	option public_key 'xxxx'
	option description 'LGM'
	option persistent_keepalive '25'
	list allowed_ips '10.10.6.1/32'
	list allowed_ips '10.6.2.0/24'
	list allowed_ips '10.6.1.0/24'
	option route_allowed_ips '1'
	option endpoint_port '52900'

package dhcp

config dnsmasq
	option localise_queries '1'
	option rebind_protection '1'
	option rebind_localhost '1'
	option expandhosts '1'
	option readethers '1'
	option nonwildcard '0'
	option leasefile '/root/dhcp.leases'
	option localservice '0'
	option quietdhcp '1'
	option domain 'lpm.nddc.gk2.net'
	option local '/lpm.nddc.gk2.net/'
	option authoritative '1'
	list rebind_domain 'gk2.net'
	list rebind_domain 'onion'
	option allservers '1'
	option nonegcache '1'
	option filterwin2k '1'
	option confdir '/tmp/dnsmasq.d'
	option noresolv '1'
	option port '53'
	list server '127.0.0.1#5353'
	list server '10.4.2.1#5353'
	list server '/nddc.gk2.net/10.4.2.1'
	list server '/village.gk2.net/10.2.1.1'
	list server '/louche.gk2.net/10.3.2.1'
	list server '/lpm.nddc.gk2.net/10.4.2.1'
	list server '/lgm.nddc.gk2.net/10.6.2.1'
	list server '/onion/127.0.0.1#9053'
	list server 'fdf9:42b:7194:10::1#5353'

config dhcp 'lan'
	option interface 'lan'
	option start '100'
	option limit '150'
	option leasetime '12h'
	list dhcp_option '3,10.4.2.1'
	list dhcp_option '6,10.4.2.1'
	list dhcp_option '15,lpm.nddc.gk2.net'
	option force '1'
	list dns 'fdf9:42b:7194:10::1'
	list domain 'lpm.nddc.gk2.net'
	option ra 'relay'
	option ndp 'relay'
	option dhcpv6 'relay'

config dhcp 'wan'
	option interface 'wan'
	option ignore '1'

config dhcp 'wan6'
	option interface 'wan6'
	option ra 'relay'
	option dhcpv6 'relay'
	option ndp 'relay'
	option master '1'

config odhcpd 'odhcpd'
	option maindhcp '0'
	option leasefile '/tmp/hosts/odhcpd'
	option leasetrigger '/usr/sbin/odhcpd-update'
	option loglevel '4'

config dhcp 'DMZ'
	option start '100'
	option leasetime '12h'
	option limit '150'
	option interface 'DMZ'
	option ra 'relay'
	option dhcpv6 'relay'
	option ndp 'relay'

config domain
	option name 'louche.gk2.net'
	option ip '88.178.80.34'

config domain
	option name 'nddc.gk2.net'
	option ip '78.200.26.76'

config domain
	option ip '78.200.27.94'
	option name 'lgm.gk2.net'

config host
	option name 'STARGATE'
	option dns '1'
	option ip '10.4.2.3'
	option mac 'F0:AD:4E:08:AA:CA'

config host
	option mac 'F0:AD:4E:08:AB:3D'
	option name 'BORNE'
	option dns '1'
	option ip '10.4.2.2'

config host
	option mac '30:05:5C:C3:23:A5'
	option dns '1'
	option ip '10.4.2.11'
	option name 'HL8250'

config host
	option mac 'F0:AD:4E:08:AA:C3'
	option name 'OWRT-DEV'
	option dns '1'
	option ip '10.4.2.20'

config host
	option mac '28:C6:8E:35:9B:79'
	option name 'GDISK'
	option dns '1'
	option ip '10.4.2.25'

config host
	option mac '00:FF:AA:00:00:03'
	option name 'myJITSI'
	option dns '1'
	option ip '10.4.2.53'

config host
	option mac '00:FF:AA:00:00:08'
	option name 'myAJENTI'
	option dns '1'
	option ip '10.4.2.58'

config host
	option mac '00:FF:AA:00:00:10'
	option name 'myREVERSE'
	option dns '1'
	option ip '10.4.2.16'

config domain
	option name 'tribu.lpm.nddc.gk2.net'
	option ip '10.4.2.20'

config domain
	option name 'village.gk2.net'
	option ip '78.200.26.76'

config domain
	option name 'tribu.gk2.net'
	option ip '78.200.26.76'

config host
	option mac '00:FF:AA:00:03:01'
	option name 'KLUB'
	option dns '1'
	option ip '10.4.2.165'

config domain
	option name 'klub.gk2.net'
	option ip '78.200.26.76'

config host
	option name 'myNextCloud'
	option dns '1'
	option mac '00:FF:AA:BB:CC:01'
	option ip '10.4.2.159'

config host
	option mac '00:FF:AA:BB:CC:02'
	option name 'myMastodon'
	option dns '1'
	option ip '10.4.2.100'

config host
	option name 'yuhonost'
	option dns '1'
	option mac 'DC:A6:32:C5:2B:21'
	option ip '10.4.2.207'

root@LPM:~# brctl show
bridge name	bridge id		STP enabled	interfaces
br-lan		7fff.f0ad4e08aa5f	no		lan0
							lan1
							wlan0
							wlan0-1
							wlan0-2
							wlan0-3
							wlan0-4