@zoc
Je suis reparti de zéro.
J'ai réinjecter le dernier firmware (ER-e100.v1.7.0.4783374), j'ai fais un reset (au cas où...)
Puis j'ai suivi le tutu de homelabs en remplaçant le fichier orange.boot par celui modifié grâce à ton aide. J'ai repris le fichier d'origine en rajoutant ce qui me paraissait manquer par rapport à ta configuration. Par contre, il semble que tu aies oublié une accolade à cet endroit :
rule 10 {
action accept
description "Allow ICMP"
log disable
protocol icmp
}
options {
mss-clamp {
mss 1452
}
}
Je l'ai rajouté comme ci-dessous :
rule 10 {
action accept
description "Allow ICMP"
log disable
protocol icmp
}
}
options {
mss-clamp {
mss 1452
}
}
Je load le .boot et jusque là pas de souci. Je commit et la
Commit failed !!
Voilà ce que j'ai pu voir en faisant le commit :
[ interfaces loopback lo ]
Can not delete lo
[ service nat rule 5010 outbound-interface pppoe0 ]
NAT configuration warning: interface pppoe0 does not exist on this system
[ interfaces ethernet eth1 vif 838 bridge-group ]
Adding interface eth1.838 to bridge br1
[ interfaces ethernet eth2 vif 851 bridge-group ]
Adding interface eth2.851 to bridge br0
[ interfaces ethernet eth2 vif 840 bridge-group ]
Adding interface eth2.840 to bridge br1
[ interfaces ethernet eth2 vif 838 bridge-group ]
Adding interface eth2.838 to bridge br1
[ interfaces ethernet eth2 vif 832 bridge-group ]
Adding interface eth2.832 to bridge br1
[ interfaces ethernet eth1 vif 832 bridge-group ]
Adding interface eth1.832 to bridge br1
[ interfaces ethernet eth1 vif 851 bridge-group ]
Adding interface eth1.851 to bridge br0
[ interfaces ethernet eth1 vif 835 address dhcp ]
Starting DHCP client on eth1.835 ...
[ interfaces ethernet eth1 vif 840 bridge-group ]
Adding interface eth1.840 to bridge br1
[ system package repository wheezy ]
Adding new entry to /etc/apt/sources.list...
[ system package repository wheezy-security ]
Adding new entry to /etc/apt/sources.list...
[ system syslog ]
Stopping enhanced syslogd: rsyslogd.
Starting enhanced syslogd: rsyslogd.
[ service pppoe-server ]
Starting pppoe-server: pppoe-server.
[ service dhcp-server ]
Starting DHCP server daemon...
Commit failed
[edit]
Je te poste mon fichier de conf modifié. J'ai sans doute fait des erreurs. J'ai remplacé le login et MDP par des XXXXXXX ainsi que le host-name et le user. Pour le "encrypted-password je l'ai caché mais j'ai laissé celui d'origine du fichier. (peut être une première erreur dans ce coin)
firewall {
all-ping enable
broadcast-ping disable
ipv6-receive-redirects disable
ipv6-src-route disable
ip-src-route disable
log-martians enable
name WAN_IN {
default-action drop
description "packets from Internet to LAN"
enable-default-log
rule 1 {
action accept
description "allow established sessions"
log disable
protocol all
state {
established enable
invalid disable
new disable
related enable
}
}
rule 2 {
action drop
description "drop invalid state"
log disable
protocol all
state {
established disable
invalid enable
new disable
related disable
}
}
rule 10 {
action accept
description "Allow ICMP"
log disable
protocol icmp
}
}
name WAN_LOCAL {
default-action drop
description "packets from Internet to the router"
rule 1 {
action accept
description "allow established session to the router"
log disable
protocol all
state {
established enable
invalid disable
new disable
related enable
}
}
rule 2 {
action drop
description "drop invalid state"
log disable
protocol all
state {
established disable
invalid enable
new disable
related disable
}
}
rule 10 {
action accept
description "Allow ICMP"
log disable
protocol icmp
}
}
options {
mss-clamp {
mss 1452
}
}
receive-redirects disable
send-redirects enable
source-validation disable
syn-cookies enable
}
interfaces {
bridge br0 {
aging 300
bridged-conntrack disable
description "Bridge TOIP"
hello-time 2
max-age 20
multicast disable
priority 0
promiscuous disable
stp false
}
bridge br1 {
aging 300
bridged-conntrack disable
description "Bridge TV"
hello-time 2
max-age 20
multicast disable
priority 0
promiscuous disable
stp false
}
ethernet eth0 {
address 192.168.1.1/24
description "Local Network"
duplex auto
speed auto
}
ethernet eth1 {
description ONT
duplex auto
speed auto
vif 832 {
bridge-group {
bridge br1
}
description "VLAN TV Canal 2"
egress-qos "0:5 1:5 2:5 3:5 4:5 5:5 6:5 7:5"
}
vif 835 {
address dhcp
description "VLAN Internet"
pppoe 0 {
default-route auto
description "FTTH Orange"
firewall {
in {
name WAN_IN
}
local {
name WAN_LOCAL
}
}
mtu 1492
name-server auto
password XXXXXXXXX
user-id fti/XXXXXXXXX
}
}
vif 838 {
bridge-group {
bridge br1
}
description "VLAN TV VOD"
egress-qos "0:4 1:4 2:4 3:4 4:4 5:4 6:4 7:4"
}
vif 840 {
bridge-group {
bridge br1
}
description "VLAN TV Canal 1 - Zap"
egress-qos "0:5 1:5 2:5 3:5 4:5 5:5 6:5 7:5"
}
vif 851 {
bridge-group {
bridge br0
}
description "VLAN TOIP"
egress-qos "0:6 1:6 2:6 3:6 4:6 5:6 6:6 7:6"
}
}
ethernet eth2 {
address 192.168.2.1/24
description "Livebox Network"
duplex auto
speed auto
vif 832 {
bridge-group {
bridge br1
}
description "VLAN TV Canal 2"
}
vif 835 {
description "VLAN Internet"
}
vif 838 {
bridge-group {
bridge br1
}
description "VLAN TV VOD"
}
vif 840 {
bridge-group {
bridge br1
}
description "VLAN TV Canal 1 - Zap"
}
vif 851 {
bridge-group {
bridge br0
}
description "VLAN TOIP"
}
}
}
port-forward {
auto-firewall enable
hairpin-nat enable
lan-interface eth0
wan-interface pppoe0
}
service {
dhcp-server {
disabled false
hostfile-update disable
shared-network-name LOCAL_NETWORK {
authoritative enable
subnet 192.168.1.0/24 {
default-router 192.168.1.1
lease 86400
start 192.168.1.100 {
stop 192.168.1.200
}
}
}
}
dns {
forwarding {
cache-size 1000
listen-on eth2
listen-on eth0
}
}
gui {
https-port 443
}
nat {
rule 5010 {
description "Masquerading outgoing connections"
log disable
outbound-interface pppoe0
protocol all
type masquerade
}
}
pppoe-server {
authentication {
local-users {
username fti/XXXXXXX {
password XXXXXXX
}
}
mode local
}
client-ip-pool {
start 192.168.2.210
stop 192.168.2.220
}
dns-servers {
server-1 80.10.246.2
server-2 80.10.246.129
}
interface eth2.835
mtu 1492
}
ssh {
port 22
protocol-version v2
}
ubnt-discover {
disable
}
upnp2 {
listen-on eth0
listen-on eth2
nat-pmp enable
secure-mode disable
wan pppoe0
}
}
system {
config-management {
commit-revisions 50
}
host-name XXXXXXXX
login {
user XXXXXXX {
authentication {
encrypted-password XXXXXXXXXXXXXXXXXXXXXXXXXX.
}
level admin
}
}
conntrack {
expect-table-size 4096
hash-size 4096
table-size 32768
tcp {
half-open-connections 512
loose disable
max-retrans 3
}
}
name-server 8.8.8.8
name-server 8.8.4.4
ntp {
server 0.ubnt.pool.ntp.org {
}
server 1.ubnt.pool.ntp.org {
}
server 2.ubnt.pool.ntp.org {
}
server 3.ubnt.pool.ntp.org {
}
}
offload {
ipv4 {
forwarding enable
pppoe enable
vlan enable
}
}
package {
repository wheezy {
components "main contrib non-free"
distribution wheezy
password ""
url http://http.us.debian.org/debian
username ""
}
repository wheezy-security {
components main
distribution wheezy/updates
password ""
url http://security.debian.org
username ""
}
}
syslog {
global {
facility all {
level notice
}
facility protocols {
level warning
}
}
}
time-zone Europe/Paris
traffic-analysis {
dpi disable
export disable
}
}
/* Warning: Do not remove the following line. */
/* === vyatta-config-version: "config-management@1:conntrack@1:cron@1:dhcp-relay@1:dhcp-server@4:firewall@5:ipsec@4:nat@3:qos@1:quagga@2:system@4:ubnt-pptp@1:ubnt-util@1:vrrp@1:webgui@1:webproxy@1:zone-policy@1" === */
/* Release version: v1.6.0beta1.4705702.140925.2253 */
@akeix Je garde tes infos bien au chaud mais pour l'instant je vais déjà essayer de faire fonctionner l'ERL avec la Livebox. Quand j'aurai le matériel et une configuration qui fonctionne, j'essayerai de me passer de la LB.
Merci à tous les deux en tout cas de votre aide !!!