Bonjour,
J'en peu plus, je n'arrive pas à faire fonctionner comme je veux mon ERL.
J'avoue ne pas avoir lu la totalité des 27x pages, mais en général avant de poster, j’essaie tjrs de trouver la réponse par moi même.
Matériels actuels : Livebox 4 + Décodeur TV4
Objectif comme config : DHCP avec ERL + TV (via ERL) + Livebox routeur pour Tel (que j'allumerai seulement quand j'en ai besoin). Pour le Wi-Fi, je dois recevoir en principe demain un AP de la même marque.
Pb observé : Flux TV KO (Internet OK, LB OK, VoD OK)
Manipulations effectuées :
- Remplacé le fichier dhclient3 avec les bons droits sur le fichier
- Copier le fichier rfc3442-classless-routes dans le répertoire /etc/dhcp3/dhclient-exit-hooks.d
- patché le fichier vyatta-interfaces.pl
J'ai testé plusieurs config...
1ère config (Eth0 : LAN / Eth1 : ONT / Eth2 : TV):
firewall {
all-ping enable
broadcast-ping disable
ip-src-route disable
log-martians enable
name WAN_IN {
default-action drop
description "WAN to internal"
rule 10 {
action accept
description "Allow established/related"
log disable
protocol all
state {
established enable
invalid disable
new disable
related enable
}
}
rule 20 {
action drop
description "Drop invalid state"
log disable
protocol all
state {
established disable
invalid enable
new disable
related disable
}
}
}
name WAN_LOCAL {
default-action drop
description "WAN to router"
rule 1 {
action accept
description "Allow established/related"
state {
established enable
related enable
}
}
rule 3 {
action drop
description "Drop invalid state"
log disable
state {
invalid enable
}
}
}
receive-redirects disable
send-redirects enable
source-validation disable
syn-cookies enable
}
interfaces {
ethernet eth0 {
description LAN_ETH0
address 10.73.73.0/24
duplex auto
speed auto
}
ethernet eth1 {
description ISP
duplex auto
speed auto
vif 832 {
address dhcp
description ISP_DATA
dhcp-options {
client-option "send vendor-class-identifier "sagem";"
client-option "send user-class "\053FSVDSL_livebox.Internet.softathome.Livebox3";"
client-option "send rfc3118-auth 00:00:00:00:00:00:00:00:00:00:00:xxxxxxxxxxxxx;"
client-option "request subnet-mask, routers, domain-name-servers, domain-name, broadcast-address, dhcp-lease-time, dhcp-renewal-time, dhcp-rebinding-time, rfc3118-auth;"
default-route update
default-route-distance 210
name-server update
}
egress-qos "0:0 1:0 2:0 3:0 4:0 5:0 6:6 7:0"
firewall {
in {
name WAN_IN
}
local {
name WAN_LOCAL
}
}
}
vif 838 {
address dhcp
description ISP_TV_VOD
dhcp-options {
client-option "send vendor-class-identifier "sagem";"
client-option "send user-class "\047FSVDSL_livebox.MLTV.softathome.Livebox4";"
client-option "send dhcp-client-identifier 1:A0:1B:29:xx:xx:xx;"
client-option "request subnet-mask, routers, rfc3442-classless-static-routes;"
default-route no-update
default-route-distance 210
name-server update
}
egress-qos "0:4 1:4 2:4 3:4 4:4 5:4 6:4 7:4"
}
vif 840 {
address 192.168.255.254/32
description ISP_TV_STREAM
egress-qos "0:5 1:5 2:5 3:5 4:5 5:5 6:5 7:5"
}
}
ethernet eth2 {
address 10.73.74.1/24
description LAN_ETH2
duplex auto
speed auto
}
loopback lo {
}
}
port-forward {
auto-firewall enable
hairpin-nat enable
lan-interface eth0
rule 1 {
description https
forward-to {
address 10.73.73.11
port 443
}
original-port 443
protocol tcp
}
wan-interface eth1.832
}
protocols {
igmp-proxy {
disable-quickleave
interface eth0 {
role disabled
threshold 1
}
interface eth1 {
role disabled
threshold 1
}
interface eth1.832 {
role disabled
threshold 1
}
interface eth1.838 {
role disabled
threshold 1
}
interface eth1.840 {
alt-subnet 0.0.0.0/0
role upstream
threshold 1
}
interface eth2 {
alt-subnet 0.0.0.0/0
role downstream
threshold 1
}
}
}
service {
dhcp-server {
disabled false
hostfile-update disable
shared-network-name LAN_ETH0_DHCP {
authoritative enable
subnet 10.73.73.0/24 {
default-router 10.73.73.254
dns-server 10.73.73.254
domain-name home
lease 86400
ntp-server 10.73.73.254
start 10.73.73.2 {
stop 10.73.73.253
}
}
}
shared-network-name LAN_ETH1_DHCP {
authoritative enable
subnet 10.73.74.0/24 {
default-router 10.73.74.254
dns-server 10.73.74.254
lease 86400
ntp-server 10.73.74.254
start 10.73.74.100 {
stop 10.73.74.200
}
}
}
use-dnsmasq disable
}
dns {
forwarding {
cache-size 1024
listen-on lo
listen-on eth0
listen-on eth2
name-server 80.10.246.3
name-server 81.253.149.10
}
}
gui {
http-port 80
https-port 443
older-ciphers enable
}
nat {
rule 5001 {
description "MASQ: WAN"
log disable
outbound-interface eth1.832
protocol all
type masquerade
}
rule 5002 {
description "MASQ: ORANGE"
log disable
outbound-interface eth1.838
protocol all
type masquerade
}
}
ssh {
allow-root
port 22
protocol-version v2
}
upnp2 {
listen-on eth0
nat-pmp enable
port 34651
secure-mode enable
wan eth1.832
}
}
system {
config-management {
commit-revisions 5
}
conntrack {
expect-table-size 4096
hash-size 4096
table-size 32768
tcp {
half-open-connections 512
loose disable
max-retrans 3
}
}
login {
user admin {
authentication {
encrypted-password xxxxxxxxxxxxxx
plaintext-password ""
}
full-name Admin
level admin
}
user root {
authentication {
encrypted-password xxxxxxxxxxxxxx.
plaintext-password ""
}
level admin
}
}
name-server 127.0.0.1
ntp {
server 0.ubnt.pool.ntp.org {
}
server 1.ubnt.pool.ntp.org {
}
server 2.ubnt.pool.ntp.org {
}
server 3.ubnt.pool.ntp.org {
}
}
offload {
hwnat disable
ipsec enable
ipv4 {
forwarding enable
gre enable
vlan enable
}
ipv6 {
forwarding enable
vlan enable
}
}
syslog {
global {
facility all {
level notice
}
facility protocols {
level warning
}
}
}
time-zone Europe/Paris
traffic-analysis {
dpi disable
export disable
}
}
/* Warning: Do not remove the following line. */
/* === vyatta-config-version: "config-management@1:conntrack@1:cron@1:dhcp-relay@1:dhcp-server@4:firewall@5:ipsec@5:nat@3:qos@1:quagga@2:system@4:ubnt-pptp@1:ubnt-util@1:vrrp@1:webgui@1:webproxy@1:zone-policy@1" === */
/* Release version: v1.9.1.4939093.161214.0705 */