Bonjour,
J'utilise la configuration "solution PPPoE avec ERL sans Livebox routeur" (
https://lafibre.info/remplacer-livebox/en-cours-remplacer-sa-livebox-par-un-routeur-ubiquiti-edgemax/msg279881/#msg279881) couplé à un dual-WAN Freebox, le tout sur un ER-8.
La configuration réseau :
- eth0 : ONT Orange
- eth1 : LAN Freebox
- eth6 : VLAN Livebox TV dédié
- eth7 : LAN
Le VLAN Livebox TV est taggué par le switch (Netgear GS724T) pour être distribué sur un autre switch (GS108T) dans le salon.
Tout fonctionne (hormis l'hairpin NAT mais c'est un autre problème).
Le problème que j'ai c'est que lorsque je reboote le routeur, je n'ai plus accès la TV Orange. Je suis obligé de suivre cette procédure :
# Brancher la Livebox routeur à l'ONT
# Brancher le décodeur Livebox sur la Livebox
# Eteindre/Allumer le décodeur pour obtenir la nouvelle adresse IP locale
# A partir de ce moment la TV fonctionne
# Rebrancher le décodeur sur le switch
# Rebrancher l'ONT sur l'ER-8
# Eteindre/Allumer le décodeur pour obtenir la nouvelle adresse IP locale
A partir de là cela fonctionne de nouveau (même en rebootant switchs ou décodeur TV), et ce, jusqu'au prochain reboot de mon routeur.
Une idée d'où cela pourrait-il provenir ?
firewall {
all-ping enable
broadcast-ping disable
group {
network-group FREE_NETS {
network 212.27.52.0/24
network 212.27.38.0/24
}
network-group PRIVATE_NETS {
network 192.168.0.0/16
network 172.16.0.0/12
network 10.0.0.0/8
}
}
ipv6-receive-redirects disable
ipv6-src-route disable
ip-src-route disable
log-martians disable
modify balance {
rule 10 {
action modify
description "do NOT load balance lan to lan"
destination {
group {
network-group PRIVATE_NETS
}
}
modify {
table main
}
}
rule 20 {
action modify
description "do NOT load balance destination public address"
destination {
group {
address-group ADDRv4_eth0
}
}
modify {
table main
}
}
rule 30 {
action modify
description "do NOT load balance destination public address"
destination {
group {
address-group ADDRv4_eth1
}
}
modify {
table main
}
}
rule 40 {
action modify
description "Vers Free ADSL"
destination {
group {
network-group FREE_NETS
}
}
modify {
lb-group Free
}
}
rule 41 {
action modify
description "SMTP sortant vers Free"
destination {
port 25
}
modify {
lb-group Free
}
protocol tcp
source {
address 192.168.10.0/24
}
}
rule 110 {
action modify
modify {
lb-group G
}
}
}
name WAN_IN {
default-action drop
description "WAN to internal"
enable-default-log
rule 10 {
action accept
description "Allow established/related"
log disable
protocol all
state {
established enable
invalid disable
new disable
related enable
}
}
rule 20 {
action drop
description "Drop invalid state"
log enable
protocol all
state {
established disable
invalid enable
new disable
related disable
}
}
rule 30 {
action drop
description "Drop BOGONS"
log enable
protocol all
source {
group {
network-group PRIVATE_NETS
}
}
}
rule 40 {
action accept
description SMTP
destination {
port smtp
}
log enable
protocol tcp
state {
established disable
invalid disable
new enable
related disable
}
}
}
name WAN_LOCAL {
default-action drop
description "WAN to router"
rule 10 {
action accept
description "Allow established/related"
log disable
state {
established enable
related enable
}
}
rule 20 {
action drop
description "Drop invalid state"
state {
invalid enable
}
}
}
options {
mss-clamp {
interface-type pppoe
interface-type pptp
interface-type tun
mss 1452
}
}
receive-redirects disable
send-redirects enable
source-validation disable
syn-cookies enable
}
interfaces {
bridge br0 {
address dhcp
aging 300
bridged-conntrack disable
description "Orange TV - VOD"
dhcp-options {
client-option "send vendor-class-identifier "sagem";"
client-option "send user-class "\047FSVDSL_livebox.MLTV.softathome.Livebox3";"
client-option "request subnet-mask, routers, rfc3442-classless-static-routes;"
client-option "send dhcp-client-identifier 1:xx:xx:xx:xx:xx:xx;"
default-route update
default-route-distance 210
name-server update
}
hello-time 2
max-age 20
priority 32768
promiscuous disable
stp false
}
bridge br1 {
aging 300
bridged-conntrack disable
description "Freebox TV"
hello-time 2
max-age 20
priority 32768
promiscuous disable
stp false
vif 100 {
description "Freebox TV"
}
}
ethernet eth0 {
description "FFTH Orange"
duplex auto
speed auto
vif 835 {
address dhcp
description "VLAN Internet"
pppoe 0 {
default-route auto
firewall {
in {
name WAN_IN
}
local {
name WAN_LOCAL
}
}
mtu 1492
name-server auto
password xxxxxxxxxx
user-id fti/xxxxxxxxxx
}
}
vif 838 {
bridge-group {
bridge br0
}
description "VLAN TV VOD"
egress-qos "0:4 1:4 2:4 3:4 4:4 5:4 6:4 7:4"
}
vif 840 {
bridge-group {
bridge br0
}
description "VLAN TV Canal 1 - Zap"
egress-qos "0:5 1:5 2:5 3:5 4:5 5:5 6:5 7:5"
}
vif 851 {
bridge-group {
bridge br0
}
description "VoIP Orange"
}
}
ethernet eth1 {
address dhcp
description "ADSL Free"
duplex auto
firewall {
in {
modify balance
name WAN_IN
}
local {
name WAN_LOCAL
}
}
speed auto
vif 100 {
bridge-group {
bridge br1
}
description "Freebox TV"
}
}
ethernet eth2 {
disable
duplex auto
speed auto
}
ethernet eth3 {
disable
duplex auto
speed auto
}
ethernet eth4 {
disable
duplex auto
speed auto
}
ethernet eth5 {
disable
duplex auto
speed auto
}
ethernet eth6 {
address 192.168.20.1/24
description "LAN TV Orange"
duplex auto
firewall {
in {
modify balance
}
}
speed auto
}
ethernet eth7 {
address 192.168.10.1/24
description LAN
duplex auto
firewall {
in {
modify balance
}
}
speed auto
vif 100 {
bridge-group {
bridge br1
}
description "Freebox TV"
mtu 1500
}
vif 851 {
bridge-group {
bridge br0
}
disable
}
}
loopback lo {
}
}
load-balance {
group Free {
interface eth1 {
}
lb-local enable
lb-local-metric-change disable
}
group G {
interface eth1 {
failover-only
}
interface pppoe0 {
}
lb-local enable
lb-local-metric-change disable
}
}
port-forward {
auto-firewall enable
hairpin-nat disable
wan-interface pppoe0
}
protocols {
igmp-proxy {
disable-quickleave
interface br0 {
alt-subnet 0.0.0.0/0
role upstream
threshold 1
}
interface eth0 {
role disabled
threshold 1
}
interface eth0.835 {
role disabled
threshold 1
}
interface eth0.838 {
role disabled
threshold 1
}
interface eth0.840 {
role disabled
threshold 1
}
interface eth1 {
role disabled
threshold 1
}
interface eth2 {
role disabled
threshold 1
}
interface eth3 {
role disabled
threshold 1
}
interface eth4 {
role disabled
threshold 1
}
interface eth5 {
role disabled
threshold 1
}
interface eth6 {
alt-subnet 0.0.0.0/0
role downstream
threshold 1
}
interface eth7 {
role disabled
threshold 1
}
}
static {
}
}
service {
dhcp-server {
disabled false
hostfile-update disable
shared-network-name LAN {
authoritative enable
subnet 192.168.10.0/24 {
default-router 192.168.10.1
dns-server 192.168.10.1
domain-name lan
lease 3600
ntp-server 192.168.10.1
start 192.168.10.100 {
stop 192.168.10.254
}
time-server 192.168.10.1
}
}
shared-network-name LAN_TV_Orange {
authoritative disable
subnet 192.168.20.0/24 {
default-router 192.168.20.1
dns-server 81.253.149.1
dns-server 80.10.246.130
domain-name orangetv
lease 3600
start 192.168.20.101 {
stop 192.168.20.199
}
}
}
static-arp disable
use-dnsmasq enable
}
dns {
forwarding {
cache-size 1024
listen-on eth7
listen-on eth6
name-server 80.67.169.12
name-server 80.67.169.40
options cname=ntp.lan,192.168.10.1
}
}
gui {
https-port 443
listen-address 192.168.10.1
older-ciphers enable
}
nat {
rule 1 {
description "SMTP - WAN Orange"
destination {
group {
}
port smtp
}
inbound-interface pppoe0
inside-address {
address 192.168.10.10
}
log disable
protocol tcp
type destination
}
rule 11 {
description "SMTP - WAN Free"
destination {
port smtp
}
inbound-interface eth1
inside-address {
address 192.168.10.10
}
log disable
protocol tcp
type destination
}
rule 5000 {
description "masquerade Orange Internet"
log disable
outbound-interface pppoe0
protocol all
type masquerade
}
rule 5001 {
description "masquerade Free Internet"
log disable
outbound-interface eth1
protocol all
type masquerade
}
rule 5002 {
description "Freebox TV"
outbound-interface br1.100
protocol all
source {
address 192.168.10.0/24
}
type masquerade
}
}
unms {
disable
}
upnp2 {
listen-on eth6
listen-on eth7
nat-pmp enable
secure-mode disable
wan ppoe0
}
}
system {
config-management {
commit-revisions 50
}
conntrack {
expect-table-size 4096
hash-size 4096
table-size 32768
tcp {
half-open-connections 512
loose enable
max-retrans 3
}
}
domain-name lan
host-name edgerouter
login {
user toto{
authentication {
encrypted-password prout
plaintext-password ""
}
full-name ""
level admin
}
}
name-server 127.0.0.1
ntp {
server 0.ubnt.pool.ntp.org {
}
server 1.ubnt.pool.ntp.org {
}
server 2.ubnt.pool.ntp.org {
}
server 3.ubnt.pool.ntp.org {
}
}
offload {
hwnat disable
ipsec enable
ipv4 {
forwarding enable
pppoe enable
vlan enable
}
ipv6 {
forwarding enable
}
}
package {
repository wheezy {
components "main contrib non-free"
distribution wheezy
password ""
url http://debian.mirrors.ovh.net/debian/
username ""
}
repository wheezy-security {
components main
distribution squeeze/updates
password ""
url http://security.debian.org
username ""
}
}
static-host-mapping {
host-name edgerouter {
alias edgerouter.lan
inet 192.168.10.1
}
host-name ntp {
alias ntp.lan
inet 192.168.10.1
}
}
syslog {
global {
facility all {
level notice
}
facility protocols {
level debug
}
}
host 192.168.10.10 {
facility all {
level warning
}
}
}
task-scheduler {
task dynhost {
executable {
path /config/scripts/dynhost.sh
}
interval 1m
}
task orange_watchdog {
executable {
path /config/scripts/orange_watchdog.sh
}
interval 5m
}
}
time-zone Europe/Paris
traffic-analysis {
dpi enable
export enable
}
}
/* Warning: Do not remove the following line. */
/* === vyatta-config-version: "config-management@1:conntrack@1:cron@1:dhcp-relay@1:dhcp-server@4:firewall@5:ipsec@5:nat@3:qos@1:quagga@2:system@4:ubnt-pptp@1:ubnt-udapi-server@1:ubnt-unms@1:ubnt-util@1:vrrp@1:webgui@1:webproxy@1:zone-policy@1" === */
/* Release version: v1.10.1.5067575.180305.1804 */