Bon j'ai refait une config en rajoutant un reseau pour la livebox:
firewall {
all-ping enable
broadcast-ping disable
ipv6-receive-redirects disable
ipv6-src-route disable
ip-src-route disable
log-martians enable
name WAN_IN {
default-action drop
description "WAN to internal"
rule 10 {
action accept
description "Allow established/related"
log disable
protocol all
state {
established enable
invalid disable
new disable
related enable
}
}
rule 20 {
action drop
description "Drop invalid state"
log disable
protocol all
state {
established disable
invalid enable
new disable
related disable
}
}
}
name WAN_LOCAL {
default-action drop
description "WAN to router"
rule 1 {
action accept
description "Allow established/related"
state {
established enable
related enable
}
}
rule 3 {
action drop
description "Drop invalid state"
log disable
state {
invalid enable
}
}
}
receive-redirects disable
send-redirects enable
source-validation disable
syn-cookies enable
}
interfaces {
ethernet eth0 {
address 192.168.1.1/24
description LAN_ETH0
duplex auto
speed auto
}
ethernet eth1 {
description ISP
duplex auto
speed auto
vif 832 {
address dhcp
description ISP_DATA
dhcp-options {
client-option "send vendor-class-identifier "sagem";"
client-option "send user-class "\053FSVDSL_livebox.Internet.softathome.Livebox4";"
client-option "send rfc3118-auth 00:00:00:00:00:00:00:00:00:00:00:XX:XX:XX:XX:XX:XX:XX:XX:XX:XX:XX;"
client-option "request subnet-mask, routers, domain-name-servers, domain-name, broadcast-address, dhcp-lease-time, dhcp-renewal-time, dhcp-rebinding-time, rfc3118-auth;"
default-route update
default-route-distance 210
name-server update
}
egress-qos "0:0 1:0 2:0 3:0 4:0 5:0 6:6 7:0"
firewall {
in {
name WAN_IN
}
local {
name WAN_LOCAL
}
}
}
vif 838 {
address dhcp
description ISP_TV_VOD
dhcp-options {
client-option "send vendor-class-identifier "sagem";"
client-option "send user-class "\047FSVDSL_livebox.MLTV.softathome.Livebox4";"
client-option "send dhcp-client-identifier 1:YY:YY:YY:YY:YY:YY;"
client-option "request subnet-mask, routers, rfc3442-classless-static-routes;"
default-route no-update
default-route-distance 210
name-server update
}
egress-qos "0:4 1:4 2:4 3:4 4:4 5:4 6:4 7:4"
}
vif 840 {
address 192.168.255.254/32
description ISP_TV_STREAM
egress-qos "0:5 1:5 2:5 3:5 4:5 5:5 6:5 7:5"
}
}
loopback lo {
}
switch switch0 {
address 192.168.2.1/24
description switch
mtu 1500
switch-port {
interface eth2 {
}
interface eth3 {
}
interface eth4 {
}
vlan-aware disable
}
vif 832 {
address 192.168.3.254/24
description Voip
}
}
}
protocols {
igmp-proxy {
disable-quickleave
interface eth0 {
role disabled
threshold 1
}
interface eth1 {
role disabled
threshold 1
}
interface eth1.832 {
role disabled
threshold 1
}
interface eth1.838 {
role disabled
threshold 1
}
interface eth1.840 {
alt-subnet 0.0.0.0/0
role upstream
threshold 1
}
interface switch0 {
alt-subnet 0.0.0.0/0
role downstream
threshold 1
}
}
}
service {
dhcp-server {
disabled false
hostfile-update disable
shared-network-name LAN_DECODEUR_TV_DHCP {
authoritative enable
subnet 192.168.2.0/24 {
default-router 192.168.2.1
dns-server 192.168.2.1
lease 86400
ntp-server 192.168.2.1
start 192.168.2.100 {
stop 192.168.2.200
}
}
}
shared-network-name LAN_ETH0_DHCP {
authoritative enable
subnet 192.168.1.0/24 {
default-router 192.168.1.1
dns-server 192.168.1.1
lease 86400
ntp-server 192.168.1.1
start 192.168.1.100 {
stop 192.168.1.200
}
}
}
shared-network-name Livebox {
authoritative enable
subnet 192.168.3.0/24 {
default-router 192.168.3.254
dns-server 80.10.246.136
dns-server 81.253.149.6
lease 86400
start 192.168.3.21 {
stop 192.168.3.200
}
subnet-parameters "option rfc3118-auth 00:00:00:00:00:00:00:00:00:00:00:64:68:63:70:6c:69:76:65:62:6f:78:66:72:32:35:30;"
subnet-parameters "option SIP 0:6:73:62:63:74:33:67:3:50:55:54:6:61:63:63:65:73:73:11:6f:72:61:6e:67:65:2d:6d:75:6c:74:69:6d:65:64:69:61:3:6e:65:74:0;"
static-mapping Livebox {
ip-address 192.168.3.1
mac-address YY:YY:YY:YY:YY:YY
}
}
}
use-dnsmasq disable
}
dns {
forwarding {
cache-size 1024
listen-on lo
listen-on eth0
listen-on switch0
name-server 80.10.246.3
name-server 81.253.149.10
}
}
gui {
http-port 80
https-port 443
listen-address 192.168.1.1
older-ciphers disable
}
nat {
rule 5001 {
description "MASQ: WAN"
log disable
outbound-interface eth1.832
protocol all
type masquerade
}
rule 5002 {
description "MASQ: ORANGE"
log disable
outbound-interface eth1.838
protocol all
type masquerade
}
}
ssh {
disable-password-authentication
listen-address 192.168.1.1
listen-address 192.168.2.1
port 22
protocol-version v2
}
upnp2 {
listen-on eth0
nat-pmp enable
port 34651
secure-mode enable
wan eth1.832
}
}
system {
config-management {
commit-revisions 5
}
conntrack {
expect-table-size 4096
hash-size 4096
table-size 32768
tcp {
half-open-connections 512
loose disable
max-retrans 3
}
}
host-name ubnt
ntp {
server 0.ubnt.pool.ntp.org {
}
server 1.ubnt.pool.ntp.org {
}
server 2.ubnt.pool.ntp.org {
}
server 3.ubnt.pool.ntp.org {
}
}
offload {
hwnat disable
ipsec enable
ipv4 {
forwarding enable
gre enable
vlan enable
}
ipv6 {
forwarding enable
vlan enable
}
}
syslog {
global {
facility all {
level notice
}
facility protocols {
level warning
}
}
}
time-zone Europe/Paris
traffic-analysis {
dpi disable
export disable
}
}
/* Warning: Do not remove the following line. */
/* === vyatta-config-version: "config-management@1:conntrack@1:cron@1:dhcp-relay@1:dhcp-server@4:firewall@5:ipsec@5:nat@3:qos@1:quagga@2:system@4:ubnt-pptp@1:ubnt-util@1:vrrp@1:webgui@1:webproxy@1:zone-policy@1" === */
/* Release version: v1.9.1.1.4977347.170426.0359 */
Et maintenant la tv ne refonctionne plus.
Pour moi on se trouve dans le même cas qu'au début sauf que maintenant j'utilise switch0 plutôt que eth2, eth3.
La decodeur TV ne récupère plus son adresse IP via DHCP (je n'ai que des DISCOVER):
18:27:41.045259 b0:b2:8f:ca:39:c5 > ff:ff:ff:ff:ff:ff, ethertype IPv4 (0x0800), length 329: (tos 0x4, ttl 64, id 0, offset 0, flags [none], proto UDP (17), length 315)
0.0.0.0.68 > 255.255.255.255.67: [udp sum ok] BOOTP/DHCP, Request from b0:b2:8f:ca:39:c5, length 287, xid 0x46c87703, secs 1, Flags [Broadcast] (0x8000)
Client-Ethernet-Address b0:b2:8f:ca:39:c5
Vendor-rfc1048 Extensions
Magic Cookie 0x63825363
DHCP-Message Option 53, length 1: Discover
Lease-Time Option 51, length 4: 3600
Parameter-Request Option 55, length 12:
Subnet-Mask, Default-Gateway, Domain-Name-Server, LOG
Hostname, Domain-Name, BR, Static-Route
NTP, WWW, Classless-Static-Route, Option 125
User-Class Option 77, length 14:
instance#1: "PC_MLTV_WHD93", length 13
Vendor-Class Option 60, length 5: "sagem"
END Option 255, length 0
18:27:42.057346 b0:b2:8f:ca:39:c5 > ff:ff:ff:ff:ff:ff, ethertype IPv4 (0x0800), length 329: (tos 0x4, ttl 64, id 0, offset 0, flags [none], proto UDP (17), length 315)
0.0.0.0.68 > 255.255.255.255.67: [udp sum ok] BOOTP/DHCP, Request from b0:b2:8f:ca:39:c5, length 287, xid 0x46c87703, secs 2, Flags [Broadcast] (0x8000)
Client-Ethernet-Address b0:b2:8f:ca:39:c5
Vendor-rfc1048 Extensions
Magic Cookie 0x63825363
DHCP-Message Option 53, length 1: Discover
Lease-Time Option 51, length 4: 3600
Parameter-Request Option 55, length 12:
Subnet-Mask, Default-Gateway, Domain-Name-Server, LOG
Hostname, Domain-Name, BR, Static-Route
NTP, WWW, Classless-Static-Route, Option 125
User-Class Option 77, length 14:
instance#1: "PC_MLTV_WHD93", length 13
Vendor-Class Option 60, length 5: "sagem"
END Option 255, length 0
18:27:45.084488 b0:b2:8f:ca:39:c5 > ff:ff:ff:ff:ff:ff, ethertype IPv4 (0x0800), length 329: (tos 0x4, ttl 64, id 0, offset 0, flags [none], proto UDP (17), length 315)
0.0.0.0.68 > 255.255.255.255.67: [udp sum ok] BOOTP/DHCP, Request from b0:b2:8f:ca:39:c5, length 287, xid 0x46c87703, secs 5, Flags [Broadcast] (0x8000)
Client-Ethernet-Address b0:b2:8f:ca:39:c5
Vendor-rfc1048 Extensions
Magic Cookie 0x63825363
DHCP-Message Option 53, length 1: Discover
Lease-Time Option 51, length 4: 3600
Parameter-Request Option 55, length 12:
Subnet-Mask, Default-Gateway, Domain-Name-Server, LOG
Hostname, Domain-Name, BR, Static-Route
NTP, WWW, Classless-Static-Route, Option 125
User-Class Option 77, length 14:
instance#1: "PC_MLTV_WHD93", length 13
Vendor-Class Option 60, length 5: "sagem"
END Option 255, length 0
C'est comme si le routeur n'écoutait pas sur l'interface....
EDIT: effectivement le process dhcpd3 n'est pas lancé. La config dhcp-server pour la livebox a des erreurs qui fait que le process ne se lance pas:
Jun 24 18:19:54 ubnt dhcpd: /opt/vyatta/etc/dhcpd.conf line 41: unknown option dhcp.rfc3118-auth
Jun 24 18:19:54 ubnt dhcpd: #011#011option rfc3118-auth 00:
Jun 24 18:19:54 ubnt dhcpd: ^
Jun 24 18:19:54 ubnt dhcpd: /opt/vyatta/etc/dhcpd.conf line 42: unknown option dhcp.SIP
Jun 24 18:19:54 ubnt dhcpd: #011#011option SIP 0:
Jun 24 18:19:54 ubnt dhcpd: ^
Jun 24 18:19:54 ubnt dhcpd: WARNING: Host declarations are global. They are not limited to the scope you declared them in.
Jun 24 18:19:54 ubnt dhcpd: Configuration file errors encountered -- exiting
Problème résolu: il manquait les parametres globaux dans la conf service/dhcp-server:
global-parameters "option rfc3118-auth code 90 = string;"
global-parameters "option SIP code 120 = string;"