Hi,
I'm trying to configure an openwrt router so that I get two wan IP addresses by dhcp. The first one will be received by the router itself and the second one - by a host on the DMZ. So far I followed the DMZ howto in the Wiki up to a point where I need help. It appears that the host on the DMZ interface sends a request for IP but it does not receive one. Here are my config files:
##########
##### DHCP
##########
config dnsmasq
option domainneeded '1'
option boguspriv '1'
option filterwin2k '0'
option localise_queries '1'
option rebind_protection '1'
option rebind_localhost '1'
option local '/lan/'
option domain 'lan'
option expandhosts '1'
option nonegcache '0'
option authoritative '1'
option readethers '1'
option leasefile '/tmp/dhcp.leases'
option resolvfile '/tmp/resolv.conf.auto'
option dhcphostsfile '/etc/dhcp-hosts'
config dhcp 'lan'
option interface 'lan'
option start '2'
option limit '150'
option leasetime '1h'
option dhcpv6 'disabled'
option ra 'server'
config dhcp 'wan'
option interface 'wan'
option ignore '1'
config dhcp 'dmz'
option interface 'dmz'
option ignore '1'
config odhcpd 'odhcpd'
option maindhcp '0'
option leasefile '/tmp/hosts/odhcpd'
option leasetrigger '/usr/sbin/odhcpd-update'
#############
##### NETWORK
#############
config interface 'loopback'
option ifname 'lo'
option proto 'static'
option ipaddr '127.0.0.1'
option netmask '255.0.0.0'
config interface 'lan'
option ifname 'eth0'
option force_link '1'
option type 'bridge'
option proto 'static'
option ipaddr '192.168.253.1'
option netmask '255.255.255.0'
config interface 'wan'
option ifname 'eth1'
option proto 'dhcp'
option macaddr '00:00:00:00:9d:00'
config switch
option name 'switch0'
option reset '1'
option enable_vlan '1'
config switch_vlan
option device 'switch0'
option vlan '1'
option ports '0 1 2 3'
config switch_vlan
option device 'switch0'
option vlan '2'
option ports '4'
config interface 'dmz'
option ifname 'eth0.2'
option proto 'dhcp'
option macaddr '00:0b:09:11:82:2e'
option type 'bridge'
##############
##### FIREWALL
##############
config defaults
option syn_flood 1
option input ACCEPT
option output ACCEPT
option forward REJECT
# Uncomment this line to disable ipv6 rules
option disable_ipv6 1
config zone
option name lan
list network 'lan'
option input ACCEPT
option output ACCEPT
option forward ACCEPT
config zone
option name wan
list network 'wan'
list network 'wan6'
option input REJECT
option output ACCEPT
option forward REJECT
option masq 1
option mtu_fix 1
#################### DMZ start
config zone
option name 'dmz'
option input ACCEPT
option output ACCEPT
option forward REJECT
option network 'dmz'
config rule
option src 'dmz'
option target ACCEPT
config forwarding
option src 'wan'
option dest 'dmz'
config forwarding
option src 'dmz'
option dest 'wan'
config rule
option name Allow-DHCP-RenewDMZ
option src dmz
option proto udp
option dest_port 68
option target ACCEPT
option family ipv4
#################### DMZ end
config forwarding
option src lan
option dest wan
# We need to accept udp packets on port 68,
# see https://dev.openwrt.org/ticket/4108
config rule
option name Allow-DHCP-Renew
option src wan
option proto udp
option dest_port 68
option target ACCEPT
option family ipv4
# Allow IPv4 ping
config rule
option name Allow-Ping
option src wan
option proto icmp
option icmp_type echo-request
option family ipv4
option target ACCEPT
# Allow DHCPv6 replies
# see https://dev.openwrt.org/ticket/10381
config rule
option name Allow-DHCPv6
option src wan
option proto udp
option src_ip fe80::/10
option src_port 547
option dest_ip fe80::/10
option dest_port 546
option family ipv6
option target ACCEPT
# Allow essential incoming IPv6 ICMP traffic
config rule
option name Allow-ICMPv6-Input
option src wan
option proto icmp
list icmp_type echo-request
list icmp_type echo-reply
list icmp_type destination-unreachable
list icmp_type packet-too-big
list icmp_type time-exceeded
list icmp_type bad-header
list icmp_type unknown-header-type
list icmp_type router-solicitation
list icmp_type neighbour-solicitation
list icmp_type router-advertisement
list icmp_type neighbour-advertisement
option limit 1000/sec
option family ipv6
option target ACCEPT
# Allow essential forwarded IPv6 ICMP traffic
config rule
option name Allow-ICMPv6-Forward
option src wan
option dest *
option proto icmp
list icmp_type echo-request
list icmp_type echo-reply
list icmp_type destination-unreachable
list icmp_type packet-too-big
list icmp_type time-exceeded
list icmp_type bad-header
list icmp_type unknown-header-type
option limit 1000/sec
option family ipv6
option target ACCEPT
# include a file with users custom iptables rules
config include
option path /etc/firewall.user
config rule
option src lan
option dest wan
option target REJECT