OK, je l'avais viré de toute façon, suspectant un truc dans le genre.
Donc, j'ai fait un test, pas d'erreurs à part :
[ service nat rule 5010 outbound-interface eth1.832 ]
NAT configuration warning: interface eth1.832 does not exist on this system
peut-être pcq pas encore d'IP obtenue ? (elle apparaît en tout premier)
et de toute façon, mon eth1.832 (ONT) n'obtient pas d'IP, donc je pense être bon pour le switch.
(je vais quand même essayer avec le dhclient, pour voir)
Sinon,en attendant, pouvez-vous éventuellement jeter un oeil à la config que j'ai utilisée, pour voir s'il n'y a rien qui cloche ? merci !
firewall {
all-ping enable
broadcast-ping disable
ipv6-receive-redirects disable
ipv6-src-route disable
ip-src-route disable
log-martians enable
name WAN_IN {
default-action drop
description "WAN to internal"
enable-default-log
rule 10 {
action accept
description "Allow established/related"
log disable
protocol all
state {
established enable
invalid disable
new disable
related enable
}
}
rule 20 {
action drop
description "Drop invalid state"
log disable
protocol all
state {
established disable
invalid enable
new disable
related disable
}
}
}
name WAN_LOCAL {
default-action drop
description "WAN to router"
rule 10 {
action accept
description "Allow established/related"
log disable
protocol all
state {
established enable
invalid disable
new disable
related enable
}
}
rule 20 {
action drop
description "Drop invalid state"
log disable
protocol all
state {
established disable
invalid enable
new disable
related disable
}
}
}
options {
mss-clamp {
mss 1452
}
}
receive-redirects disable
send-redirects enable
source-validation disable
syn-cookies enable
}
interfaces {
bridge br0 {
aging 300
bridged-conntrack disable
hello-time 2
max-age 20
priority 0
promiscuous disable
stp false
}
bridge br1 {
aging 300
bridged-conntrack disable
hello-time 2
max-age 20
priority 0
promiscuous disable
stp false
}
ethernet eth0 {
description LIVEBOX
duplex auto
speed auto
vif 832 {
address 192.168.2.1/24
description "VLAN TV Canal 2"
}
vif 838 {
bridge-group {
bridge br0
}
description "VLAN TV VOD"
egress-qos "0:4 1:4 2:4 3:4 4:4 5:4 6:4 7:4"
}
vif 840 {
bridge-group {
bridge br1
}
description "VLAN TV Canal 1 - Zap"
egress-qos "0:5 1:5 2:5 3:5 4:5 5:5 6:5 7:5"
}
}
ethernet eth1 {
description ONT
duplex auto
speed auto
vif 832 {
address dhcp
description "Internet VoIP et Canal 2"
dhcp-options {
client-option "send dhcp-client-identifier 1:xx:xx:xx:xx:xx:xx;"
client-option "send vendor-class-identifier "sagem";"
client-option "send user-class "+FSVDSL_livebox.Internet.softathome.Livebox3";"
client-option "send rfc3118-auth 00:00:00:00:00:00:00:00:00:00:00:xx:xx:xx:xx:xx:xx:xx:xx:xx:xx:xx;"
client-option "request subnet-mask, routers, domain-name-servers, domain-name, broadcast-address, dhcp-lease-time, dhcp-renewal-time, dhcp-rebinding-time, option-119, option-90, option-120;"
default-route update
default-route-distance 210
name-server update
}
egress-qos "0:0 1:1 2:2 3:3 4:4 5:5 6:6 7:7"
firewall {
in {
name WAN_IN
}
local {
name WAN_LOCAL
}
}
}
vif 838 {
bridge-group {
bridge br0
}
description "VLAN TV VOD"
egress-qos "0:4 1:4 2:4 3:4 4:4 5:4 6:4 7:4"
}
vif 840 {
bridge-group {
bridge br1
}
description "Canal 1 et zapping"
egress-qos "0:5 1:5 2:5 3:5 4:5 5:5 6:5 7:5"
}
}
ethernet eth2 {
address 192.168.0.1/24
description "LAN HOME"
duplex auto
speed auto
}
loopback lo {
}
}
port-forward {
auto-firewall enable
hairpin-nat disable
wan-interface eth1.832
}
service {
dhcp-server {
disabled false
hostfile-update disable
global-parameters "option rfc3118-auth code 90 = string;"
global-parameters "option SIP code 120 = string;"
shared-network-name LAN {
authoritative enable
subnet 192.168.0.0/24 {
default-router 192.168.0.1
dns-server 192.168.0.1
lease 86400
start 192.168.0.10 {
stop 192.168.0.49
}
}
}
shared-network-name LIVEBOX {
authoritative enable
subnet 192.168.2.0/24 {
default-router 192.168.2.1
dns-server 80.10.246.5
dns-server 81.253.149.13
domain-name orange.fr
lease 86400
start 192.168.2.10 {
stop 192.168.2.49
}
subnet-parameters "option rfc3118-auth 00:00:00:00:00:00:00:00:00:00:00:xx:xx:xx:xx:xx:xx:xx:xx:xx:xx:xx;"
subnet-parameters "option SIP 00:06:73:62:63:74:33:67:03:41:55:42:06:61:63:63:65:73:73:11:6f:72:61:6e:67:65:2d:6d:75:6c:74:69:6d:65:64:69:61:03:6e:65:74:00;"
static-mapping Livebox {
ip-address 192.168.2.254
mac-address xx:xx:xx:xx:xx:xx
}
}
}
}
dns {
forwarding {
cache-size 1000
listen-on eth2
listen-on eth0
}
}
gui {
https-port 443
}
nat {
rule 5010 {
description "Masquerading outgoing connections"
log disable
outbound-interface eth1.832
protocol all
type masquerade
}
}
ssh {
port 22
protocol-version v2
}
}
system {
config-management {
commit-revisions 50
}
host-name ubnt
login {
user xxxxxx {
authentication {
encrypted-password xxxxxxxxxx
plaintext-password ""
}
full-name "xxxxxxxxxx"
level admin
}
}
name-server 192.168.0.1
name-server 8.8.8.8
ntp {
server 0.ubnt.pool.ntp.org {
}
server 1.ubnt.pool.ntp.org {
}
server 2.ubnt.pool.ntp.org {
}
server 3.ubnt.pool.ntp.org {
}
}
offload {
ipsec enable
ipv4 {
forwarding enable
vlan enable
}
}
syslog {
global {
facility all {
level notice
}
facility protocols {
level debug
}
}
host 192.168.0.1 {
facility all {
level err
}
}
}
time-zone Europe/Paris
}
/* Warning: Do not remove the following line. */
/* === vyatta-config-version: "config-management@1:conntrack@1:cron@1:dhcp-relay@1:dhcp-server@4:firewall@5:ipsec@5:nat@3:qos@1:quagga@2:system@4:ubnt-pptp@1:ubnt-util@1:vrrp@1:webgui@1:webproxy@1:zone-policy@1" === */
/* Release version: v1.8.0.4853089.160219.1607 */