Je relance Le sujet de la libebox par un EdgeRouter 4
Voici ma configutation
ONT => ETH1
ETH0 => LAN avec TV
Cela fonctionnait très bien depuis des années, J'ai du modifier toute ma config pour la conformité protocolaire 2023
Après quelques galère, j'ai enfin réussi a refaire fonctionner ma conf.
Puis Orange m'a demandé de changer le boitier ONT pour une raison obscure. Ma configuration fonctionnait toujours a merveille.
Puis Obligé de reboot mon edgerouteur. Et depuis les flux Tv fonctionnent de façon aléatoires parfois certaines chaines passent parfois d'autre.
Je remet ma livebox 4, qui fait ses mises a jour la connexion data revient, mais les chaines TV ont toujours le meme problème.
Sur ce appel a orange qui me dit de tout changer box internet et les 2 boxs TV !!
ET au bout de bien 1 heure de manip de reboot d ont de livebox etc....
Le flux tv est revenu.
Puis j'ai réadapté ma config comme ci dessous
firewall {
all-ping enable
broadcast-ping disable
ipv6-name WANv6_IN {
default-action drop
description "WANv6 inbound traffic forwarded to LAN"
rule 10 {
action accept
description "Allow established/related"
state {
established enable
related enable
}
}
rule 20 {
action drop
description "Drop invalid state"
state {
invalid enable
}
}
rule 30 {
action accept
description "Allow ICMPv6"
log disable
protocol icmpv6
}
}
ipv6-name WANv6_LOCAL {
default-action drop
description "WANv6 inbound traffic to the router"
rule 10 {
action accept
description "Allow established/related"
state {
established enable
related enable
}
}
rule 20 {
action drop
description "Drop invalid state"
state {
invalid enable
}
}
rule 30 {
action accept
description "Allow ICMPv6"
log disable
protocol icmpv6
}
rule 40 {
action accept
description "Allow DHCPv6"
destination {
port 546
}
protocol udp
source {
port 547
}
}
}
ipv6-name WANv6_OUT {
default-action accept
description "WANv6 outbound traffic"
rule 10 {
action accept
description "Allow established/related"
state {
established enable
related enable
}
}
rule 20 {
action reject
description "Reject invalid state"
state {
invalid enable
}
}
}
ipv6-receive-redirects disable
ipv6-src-route disable
ip-src-route disable
log-martians enable
name WAN_IN {
default-action drop
description "WAN to internal"
enable-default-log
rule 10 {
action accept
description "Allow established/related"
log disable
protocol all
state {
established enable
invalid disable
new disable
related enable
}
}
rule 20 {
action drop
description "Drop invalid state"
log disable
protocol all
state {
established disable
invalid enable
new disable
related disable
}
}
}
name WAN_LOCAL {
default-action drop
description "WAN to router"
rule 1 {
action accept
description "Allow established/related"
state {
established enable
related enable
}
}
rule 2 {
action accept
description "Allow Ping"
destination {
group {
address-group ADDRv4_eth7
}
}
log enable
protocol icmp
}
rule 3 {
action drop
description "Drop invalid state"
log disable
state {
invalid enable
}
}
rule 4 {
action accept
description "Allow ping"
destination {
group {
address-group ADDRv4_eth1.832
}
}
log disable
protocol icmp
}
}
receive-redirects disable
send-redirects enable
source-validation disable
syn-cookies enable
}
interfaces {
ethernet eth0 {
address 192.168.1.1/24
description LAN_ETH0
duplex auto
ipv6 {
dup-addr-detect-transmits 1
router-advert {
cur-hop-limit 64
link-mtu 0
managed-flag false
max-interval 600
other-config-flag false
prefix ::/64 {
autonomous-flag true
on-link-flag true
preferred-lifetime 14400
valid-lifetime 18000
}
reachable-time 0
retrans-timer 0
send-advert true
}
}
speed auto
vif 2 {
address 192.168.2.1/24
description LAN_DATA
mtu 1500
}
vif 3 {
address 192.168.3.1/24
description LAN_OTHER
mtu 1500
}
}
ethernet eth1 {
address dhcp
description ISP
duplex auto
speed auto
vif 832 {
address dhcp
description ISP_DATA
dhcp-options {
client-option "request subnet-mask, routers, domain-name-servers, domain-name, broadcast-address, dhcp-lease-time, dhcp-renewal-time, dhcp-rebinding-time, rfc3118-authentication, domain-search, SIP-servers, Vendor-Specific-Information;"
client-option "send vendor-class-identifier "sagem";"
client-option "send user-class "\053FSVDSL_livebox.Internet.softathome.Livebox5";"
client-option "send dhcp-client-identifier 1:xx:xx:xx:xx:xx:xx;"
client-option "send rfc3118-auth 00:00:00:00:00:00:00:00:00:00:00:................:62;"
default-route update
default-route-distance 210
global-option "option rfc3118-authentication code 90 = string;"
global-option "option SIP-servers code 120 = string;"
global-option "option Vendor-Specific-Information code 125 = string;"
name-server update
}
egress-qos "0:0 1:0 2:0 3:0 4:0 5:0 6:6 7:0"
firewall {
in {
name WAN_IN
}
local {
name WAN_LOCAL
}
}
}
vif 840 {
address 192.168.255.254/32
description ISP_TV_STREAM
egress-qos "0:5 1:5 2:5 3:5 4:5 5:5 6:5 7:5"
}
}
ethernet eth2 {
disable
duplex auto
speed auto
}
ethernet eth3 {
disable
duplex auto
speed auto
}
loopback lo {
}
}
port-forward {
auto-firewall enable
hairpin-nat enable
lan-interface eth0
rule 1 {
description test
forward-to {
address xxx.xxx.xxx.xxx
port xxx
}
original-port xxx
protocol udp
}
wan-interface eth1.832
}
protocols {
igmp-proxy {
disable-quickleave
interface eth0 {
alt-subnet 0.0.0.0/0
role downstream
threshold 1
}
interface eth1 {
role disabled
threshold 1
}
interface eth1.832 {
role disabled
threshold 1
}
interface eth1.840 {
alt-subnet 0.0.0.0/0
role upstream
threshold 1
}
interface eth2 {
role disabled
threshold 1
}
}
static {
route6 ::/0 {
next-hop fe80::ba0:bab {
interface eth1.832
}
}
}
}
service {
dhcp-server {
disabled false
global-parameters "option rfc3118-auth code 90 = string;"
global-parameters "option SIP code 120 = string;"
global-parameters "option Vendor-specific code 125 = string;"
hostfile-update disable
shared-network-name LAN_ETH0_DHCP {
authoritative enable
subnet 192.168.1.0/24 {
default-router 192.168.1.1
dns-server 192.168.1.1
lease 86400
ntp-server 192.168.1.1
start 192.168.1.2 {
stop 192.168.1.254
}
static-mapping TVChambre {
ip-address 192.168.1.30
mac-address c4:eb:42:57:11:37
static-mapping-parameters "option domain-name-servers 81.253.149.5,80.10.246.134;"
static-mapping-parameters "option Vendor-specific 00:00:0d:e9:28:04:06:35:43:46:41:32:35:05:0f:44:4d:32:32:30:35:37:32:39:31:35:30:37:35:35:06:0d:4c:69:76:65:62:6f:78:20:46:69:62:72:65;"
}
static-mapping TVSalon {
ip-address 192.168.1.38
mac-address c4:eb:42:57:11:f0
static-mapping-parameters "option domain-name-servers 81.253.149.5,80.10.246.134;"
static-mapping-parameters "option Vendor-specific 00:00:0d:e9:28:04:06:35:43:46:41:32:35:05:0f:44:4d:32:32:30:35:37:32:39:31:35:30:37:35:35:06:0d:4c:69:76:65:62:6f:78:20:46:69:62:72:65;"
}
unifi-controller 192.168.1.3
}
}
static-arp disable
use-dnsmasq disable
}
dns {
forwarding {
cache-size 1024
listen-on eth0
listen-on eth0.2
listen-on eth0.3
name-server 1.1.1.1
name-server 8.8.8.8
}
}
gui {
http-port 80
https-port 443
older-ciphers enable
}
nat {
rule 5001 {
description "MASQ: WAN"
log disable
outbound-interface eth1.832
protocol all
type masquerade
}
}
snmp {
community myCommunity {
authorization ro
}
contact syscontact
location "France"
}
ssh {
allow-root
listen-address 192.168.1.1
listen-address 192.168.2.1
port 22
protocol-version v2
}
unms {
disable
}
upnp2 {
listen-on eth0
nat-pmp enable
port 34651
secure-mode enable
wan eth1.832
}
}
system {
config-management {
commit-revisions 5
}
conntrack {
expect-table-size 4096
hash-size 4096
table-size 32768
tcp {
half-open-connections 512
loose disable
max-retrans 3
}
}
domain-name dmn.net
host-name router
login {
user root {
authentication {
encrypted-password sdfg
plaintext-password ""
}
level admin
}
user ubnt {
authentication {
encrypted-password sdfg
plaintext-password ""
}
full-name ""
level admin
}
}
name-server 192.168.1.1
ntp {
server 0.ubnt.pool.ntp.org {
}
server 1.ubnt.pool.ntp.org {
}
server 2.ubnt.pool.ntp.org {
}
server 3.ubnt.pool.ntp.org {
}
}
offload {
hwnat disable
ipsec enable
ipv4 {
forwarding enable
gre enable
vlan enable
}
ipv6 {
forwarding enable
vlan enable
}
}
static-host-mapping {
}
syslog {
global {
facility all {
level notice
}
facility protocols {
level warning
}
}
}
time-zone Europe/Paris
traffic-analysis {
dpi disable
export disable
}
}
/* Warning: Do not remove the following line. */
/* === vyatta-config-version: "config-management@1:conntrack@1:cron@1:dhcp-relay@1:dhcp-server@4:firewall@5:ipsec@5:nat@3:qos@1:quagga@2:suspend@1:system@4:ubnt-pptp@1:ubnt-udapi-server@1:ubnt-unms@1:ubnt-util@1:vrrp@1:webgui@1:webproxy@1:zone-policy@1" === */
/* Release version: v1.10.8.5142457.181120.1810 */
Le flux internet est revenu IPV4 et IPV6
Cependant les flux TV on toujours le meme comportement M6 fonctionne un coup, je zap au bout d'un momdnet je trouve des chaine qui switch de HD+ a HD et enfin SD avec une écran noir et cela termina par une erreur de connection. Si je change de chaine d'autre fonctionne puis je reviens sur M6 qui fonctionnait : elle ne fonctionne cette fois plus.
Est ce que qqun pourrait me donner un coup de main sur ce comportement pb ipV4 ipV6 ?
J'ai dibbler et dhcp3 patché.
Cela fait une semaine que je galère :-(