I set up two VLANs on Port 3 and 4 of a TL-WR1043ND (Backfire RC-4) as eth0.3 and eth0.4.
Both I bridge in an attempt to form one unified LAN.
The reason why I do this is that I need the Openwrt-Router to act as a switch that allows packet sniffing between a PC and a server: eth0.3 and eth0.4 should plug between a formerly closed ethernet connection and act totally transparent while allowing tcpdump to dump packets to an attached USB storage device.
I use two separate VLANs instead of just one, because the learning switches would not pass all data to port 5 of the router, but switch most directly, once they've learned the attached device's MAC addresses.
The creation of two seperate VLANs should force all packets up through the software switch.
What I see when comparing wireshark-logs from an attached PC to the tcpdump from the OpenWRT-bridge, is that most packets flow correctly as they should.
I see broadcast ARP-requests coming through to the PC from the LAN, and so are SMB packets, VRRP packets, STP-packets, etc.
However some packets (namely directed ARP requests, DHCP responses etc.) are arriving at OpenWRT's bridge, but they are not being passed to the attached PC.
I can see them in the tcpdump-file, but they're not arriving at the PC.
Apparently, the router filters them out.
I did disable the firewall, ("/etc/init.d ... stop") but that doesn't improve the situation.
Can anyone confirm that this is a bug or point me to a mistake I may have made?
The /etc/config/network file is this:
config 'interface' 'loopback'
option 'ifname' 'lo'
option 'proto' 'static'
option 'ipaddr' '127.0.0.1'
option 'netmask' '255.0.0.0'config 'interface' 'lan'
option 'ifname' 'eth0.1'
option 'type' 'bridge'
option 'proto' 'static'
option 'ipaddr' '192.168.1.1'
option 'netmask' '255.255.255.0'config 'interface' 'wan'
option 'ifname' 'eth0.2'
option 'proto' 'dhcp'config 'switch'
option 'name' 'rtl8366rb'
option 'reset' '1'
option 'enable_vlan' '1'config 'switch_vlan'
option 'device' 'rtl8366rb'
option 'vlan' '1'
option 'ports' '3 4 5t'config 'switch_vlan'
option 'device' 'rtl8366rb'
option 'vlan' '2'
option 'ports' '0 5t'config 'switch_vlan'
option 'device' 'rtl8366rb'
option 'vlan' '3'
option 'ports' '1 5t'config 'switch_vlan'
option 'device' 'rtl8366rb'
option 'vlan' '4'
option 'ports' '2 5t'config 'interface' 'sniffer'
option 'type' 'bridge'
option 'ifname' 'eth0.3 eth0.4'
option 'defaultroute' '0'
option 'proto' 'none'
option 'peerdns' '0'
The simplest way to find the deviation is when comparing the PC's Wireshark log with the router's tcpdump.
The PC, for example, sends a DHCP Request, succeeded by a DHCP Discover. Those packets, by nature, are broadcast packets from 0.0.0.0 to 255.255.255.255.
The Router does receive them, they are contained in the tcpdump.
The Router then, 40-41 milliseconds later, receives DHCP offers from four servers. Those packets, by nature, are directed at the newly assigned IP. They're certainly all the same IP.
The PC does not receive any of them.
The PC's Wireshark log only shows the Request/Discovers, but not the responses that the Router still saw.
That means the bridge ("br-sniffer") and the corresponding interfaces eth0.3 and eth0.4 have indeed received the Request/Discover and they habe indeed forwarded their broadcast as they should. They do receive answers, but those they choose not to send to the PC.
Why is that?
I have no clue what I may be doing wrong - or what makes the packets so special, other than them being directed an an IP rather than broadcasts.
Any idea?
Thanks for any help.