Auteur Sujet: Remplacer sa Livebox PRO V3 par un autre modem VDSL2  (Lu 2249 fois)

0 Membres et 1 Invité sur ce sujet

cetipabo

  • Invité
Remplacer sa Livebox PRO V3 par un autre modem VDSL2
« le: 19 octobre 2017 à 15:21:21 »
Bonjour,
Au boulot nous avons une connexion VDSL2 avec une Livebox pro V3 (louée 5.98€/mois), et elle se connecte tout le temps en PPPOE, jamais en DHCP...J'envisage de la remplacer par un autre modem/routeur.

j'ai testé chez moi,en VDSL2 aussi, en remplacement de ma livebox 4, le modem/routeur DGA4130 avec succès, que ce soit en PPPOE ou en DHCP.
Orange m'a confirmé par e-chat qu'on pouvait arrêter la location de la livebox Pro sur simple demande au 3901.

La question que je me pose, pourquoi cette livebox ne se connecte pas en DHCP ? c'est lié au fait qu'on est sur un ABO pro ? c'est lié à la livebox pro ? Je suis relié chez moi sur le même NRA...SHI30, et avec ma LB4 c'est toujours une connexion DHCP qui se fait.

2eme question:
on a l'option IP fixe...si jamais je configure une connexion en DHCP, on va m'attribuer automatiquement toujours la même IP? ou je dois configurer l'IP fixe dans le modem/routeur, donc pas de DHCP ?
« Modifié: 16 août 2022 à 01:44:17 par cetipabo »

zoc

  • Abonné Orange Fibre
  • *
  • Messages: 4 256
  • Antibes (06) / Mercury (73)
Remplacer sa Livebox PRO V3 par un autre modem VDSL2
« Réponse #1 le: 19 octobre 2017 à 17:49:56 »
L'option IP fixe est incompatible avec DHCP pour l'instant. D'où la connexion en PPPoE  ;)

cetipabo

  • Invité
Remplacer sa Livebox PRO V3 par un autre modem VDSL2
« Réponse #2 le: 19 octobre 2017 à 18:03:01 »
ha ben voilà l'explication alors... ;)
Merci !

cetipabo

  • Invité
Remplacer sa Livebox PRO V3 par un autre modem VDSL2
« Réponse #3 le: 27 octobre 2017 à 09:03:45 »
Bonjour,
j'ai remplacé la livebox par mon nouveau modem routeur DGA4130, connexion en PPPOE, c'est OK. Mais je rencontre un petit souci avec le Firewall.

Sur la Livebox je n'ai aucune regle NAT ou firewall particulière. Le firewall est réglé par défaut sur moyen:
Le pare-feu filtre toutes les connexions entrantes. Le trafic sortant est autorisé à l'exception des services Netbios. Il est recommandé d'utiliser ce mode.

Voici mon réseau :


La livebox 3 Pro, sert à aller sur internet (c'est la passerelle fournie par le DHCP), elle ne fait ni DNS ni DHCP (c'est un serveur Win2008R2 qui se charge de ça). Le routeur Mikrotik nous permet de joindre notre siège en italie par un tunnel VPN.
Il y a donc sur la livebox une route statique vers le routeur Mikrotik pour atteindre le sous réseau 192.168.1.0/24.
Dans cette configuration tout marche bien.

Lorsque je remplace la livebox par le modem/routeur DGA4130, sur les 50 Personnes qui se connectent à l'as/400, seules 4 ou 5 y parviennent, pour le reste il y a un time out et la connexion échoue...
J'ai donc regardé du côté du Firewall mais je ne vois pas très bien ce qui peut causer cette "limitation"...Lorsque je fais un /etc/init.d/firewall stop ca marche pour tout le monde, dès que je fais /etc/init.d/firewall start les connexions qui ont été établies fonctionnent toujours mais pas moyen d'en faire de nouvelles.

Je poste le fichier de config qui est d'ailleurs celui par défaut du modem, si quelqu'un pouvait m'aiguiller sur ce qui pourrait clocher ?
config defaults
option syn_flood '1'
option input 'ACCEPT'
option output 'ACCEPT'
option forward 'REJECT'
option drop_invalid '1'

config zone
option name 'lan'
list network 'lan'
option input 'ACCEPT'
option output 'ACCEPT'
option forward 'ACCEPT'
option mtu_fix '1'
option wan '0'
option _key '81DE1D0CF847B2D21E1AE23D3A905576'

config zone
option name 'wan'
list network 'wan'
list network 'wan6'
list network 'wwan'
option output 'ACCEPT'
option masq '1'
option conntrack '1'
option mtu_fix '1'
option wan '1'
option _key 'AC675F7B4EFFDCCC6A32C61C2352E101'
option forward 'DROP'
option input 'DROP'

config forwarding
option src 'lan'
option dest 'wan'
option _key '6F23AAB534610B3984947FBE70FC0D9F'

config zone 'z_wlnetb24'
option name 'z_wlnetb24'
list network 'wlnet_b_24'
option input 'DROP'
option output 'ACCEPT'
option forward 'REJECT'
option mtu_fix '1'
option wan '0'
option _key 'CD1D0756EECBE86EB6C247E33D7BFE91'

config forwarding 'for_wlnetb24'
option src 'z_wlnetb24'
option dest 'wan'
option _key '050C872A2E993C0D2514DE07CE409099'

config rule 'drop_lan_2_z_wlnetb24'
option name 'drop_lan_2_z_wlnetb24'
option src 'lan'
option dest 'z_wlnetb24'
option proto 'all'
option target 'DROP'
option _key '0391D1DF6C20BA0D06804759EF224B0D'

config rule 'drop_z_wlnetb24_2_lan'
option name 'drop_z_wlnetb24_2_lan'
option src 'z_wlnetb24'
option dest 'lan'
option proto 'all'
option target 'DROP'
option _key 'E5770E8539797E4A4F47AC0784224666'

config rule 'drop_lan_2_z_wlnetb24_GW'
option name 'drop-lan_2_z_wlnetb24_GW'
option src 'lan'
option proto 'all'
option target 'DROP'
option family 'ipv4'
option dest_ip '192.168.168.1'
option _key '5539196C10585379DF02F621B9109C5E'

config rule 'Allow_z_wlnetb24_ICMP'
option name 'Allow_z_wlnetb24_ICMP'
option src 'z_wlnetb24'
option proto 'igmp'
option target 'ACCEPT'
option family 'ipv4'
option dest_ip '192.168.168.1'
option _key 'D336836CF273E66EA8948659A257297D'

config rule 'Allow_z_wlnetb24_DHCP'
option name 'Allow_z_wlnetb24_DHCP'
option src 'z_wlnetb24'
option proto 'udp'
option dest_port '67'
option target 'ACCEPT'
option family 'ipv4'
option _key '2D02C26771638D3EB6D2C02E08A77F63'

config rule 'Allow_z_wlnetb24_DNS'
option name 'Allow_z_wlnetb24_DNS'
option src 'z_wlnetb24'
option proto 'udp'
option dest_port '53'
option target 'ACCEPT'
option family 'ipv4'
option _key '006EE6E42C3E9BB4B9FA81E13EA325A9'

config rule 'Allow_z_wlnetb24_ICMPv6'
option name 'Allow-z_wlnetb24_ICMPv6'
option src 'z_wlnetb24'
option proto 'icmp'
list icmp_type 'echo-request'
list icmp_type 'echo-reply'
list icmp_type 'destination-unreachable'
list icmp_type 'packet-too-big'
list icmp_type 'time-exceeded'
list icmp_type 'bad-header'
list icmp_type 'unknown-header-type'
list icmp_type 'router-solicitation'
list icmp_type 'neighbour-solicitation'
list icmp_type 'router-advertisement'
list icmp_type 'neighbour-advertisement'
option limit '1000/sec'
option family 'ipv6'
option target 'ACCEPT'
option _key 'A2DD8E9DA8C6E98F7024B94406D121D2'

config zone 'z_wlnetb5'
option name 'z_wlnetb5'
list network 'wlnet_b_5'
option input 'DROP'
option output 'ACCEPT'
option forward 'REJECT'
option wan '0'
option _key 'ED433C723B17B92A3282D6BCD4BDE150'

config forwarding 'for_wlnetb5'
option src 'z_wlnetb5'
option dest 'wan'
option _key '3CB812F288A258C1A1CF80BE99ABAE6E'

config rule 'drop_lan_2_z_wlnetb5'
option name 'drop_lan_2_z_wlnetb5'
option src 'lan'
option dest 'z_wlnetb5'
option proto 'all'
option target 'DROP'
option _key 'A6A40A0290E4E4EAAD546D1C518D141F'

config rule 'drop_z_wlnetb5_2_lan'
option name 'drop_z_wlnetb5_2_lan'
option src 'z_wlnetb5'
option dest 'lan'
option proto 'all'
option target 'DROP'
option _key '29A616D2CB403191464C0581E7177EFA'

config rule 'drop_lan_2_z_wlnetb5_GW'
option name 'drop-lan_2_z_wlnetb5_GW'
option src 'lan'
option proto 'all'
option target 'DROP'
option family 'ipv4'
option dest_ip '192.168.168.129'
option _key '2F668D0FF1BD66B19A774E49A6ABCDBB'

config rule 'Allow_z_wlnetb5_ICMP'
option name 'Allow_z_wlnetb5_ICMP'
option src 'z_wlnetb5'
option proto 'igmp'
option target 'ACCEPT'
option family 'ipv4'
option dest_ip '192.168.168.129'
option _key '98330F17CDECD59AC1CE55EC091E0A4D'

config rule 'Allow_z_wlnetb5_DHCP'
option name 'Allow_z_wlnetb5_DHCP'
option src 'z_wlnetb5'
option proto 'udp'
option dest_port '67'
option target 'ACCEPT'
option family 'ipv4'
option _key '4D8295AF4C438B5C7E73EBAC39A98183'

config rule 'Allow_z_wlnetb5_DNS'
option name 'Allow_z_wlnetb5_DNS'
option src 'z_wlnetb5'
option proto 'udp'
option dest_port '53'
option target 'ACCEPT'
option family 'ipv4'
option _key 'CC8E8D7220F1A39ECB7E90997F30DEDF'

config rule 'Allow_z_wlnetb5_ICMPv6'
option name 'Allow-z_wlnetb5_ICMPv6'
option src 'z_wlnetb5'
option proto 'icmp'
list icmp_type 'echo-request'
list icmp_type 'echo-reply'
list icmp_type 'destination-unreachable'
list icmp_type 'packet-too-big'
list icmp_type 'time-exceeded'
list icmp_type 'bad-header'
list icmp_type 'unknown-header-type'
list icmp_type 'router-solicitation'
list icmp_type 'neighbour-solicitation'
list icmp_type 'router-advertisement'
list icmp_type 'neighbour-advertisement'
option limit '1000/sec'
option family 'ipv6'
option target 'ACCEPT'
option _key '615C7227EAF28459B64ECD0131617620'

config rule 'rule1'
option name 'Allow-DHCP-Renew'
option src 'wan'
option proto 'udp'
option dest_port '68'
option target 'ACCEPT'
option family 'ipv4'
option _key '4D406E76F0AA522DD01B6D6C84A692E5'

config rule 'rule2'
option name 'Allow-Ping'
option src 'wan'
option proto 'icmp'
list icmp_type 'echo-request'
option family 'ipv4'
option target 'ACCEPT'
option _key '4098DFEE76799D989E30E52014D917D2'
option enabled '1'

config rule 'rule3'
option name 'Allow-DHCPv6'
option src 'wan'
option proto 'udp'
option src_ip 'fc00::/6'
option dest_ip 'fc00::/6'
option dest_port '546'
option family 'ipv6'
option target 'ACCEPT'
option _key 'DD5C0A3D9BCD5D78CEC03F03543084CD'

config rule 'rule4'
option name 'Allow-ICMPv6-Input'
option src 'wan'
option proto 'icmp'
list icmp_type 'echo-request'
list icmp_type 'echo-reply'
list icmp_type 'destination-unreachable'
list icmp_type 'packet-too-big'
list icmp_type 'time-exceeded'
list icmp_type 'bad-header'
list icmp_type 'unknown-header-type'
list icmp_type 'router-solicitation'
list icmp_type 'neighbour-solicitation'
list icmp_type 'router-advertisement'
list icmp_type 'neighbour-advertisement'
option limit '1000/sec'
option family 'ipv6'
option target 'ACCEPT'
option _key '71E1157ADD3B56DC5B6EBBE0D7740C17'

config rule 'rule5'
option name 'Allow-ICMPv6-Forward'
option src 'wan'
option dest '*'
option proto 'icmp'
list icmp_type 'echo-request'
list icmp_type 'echo-reply'
list icmp_type 'destination-unreachable'
list icmp_type 'packet-too-big'
list icmp_type 'time-exceeded'
list icmp_type 'bad-header'
list icmp_type 'unknown-header-type'
option limit '1000/sec'
option family 'ipv6'
option target 'ACCEPT'
option _key 'A612FE20B6C4ED752E11ED8DB1E671EA'

config rule 'rule6'
option name 'access_2_LAN_IP'
option src 'lan'
option proto 'tcp'
option family 'ipv4'
option extra '-m multiport --dports 80,22,8080,443,8443 -m addrtype --limit-iface-in ! --dst-type LOCAL'
option target 'REJECT'
option _key '2570B7E00E8F2566BE69437E61033288'

config rule 'rule7'
option name 'close_port_139'
option src 'wan'
option proto 'tcp'
option dest_port '139'
option family 'ipv4'
option target 'DROP'
option _key '34FB8E40E5D072656BBF584CB6C80B8D'

config rule 'rule8'
option name 'close_port_445'
option src 'wan'
option proto 'tcp'
option dest_port '445'
option family 'ipv4'
option target 'DROP'
option _key '3ECD9E5EBF2E066D74A513EB66A30A2B'

config rule 'rule9'
option name 'Deny-CUPS-lan'
option src 'lan'
option proto 'tcp'
option dest_port '631'
option family 'ipv4'
option target 'DROP'
option _key '04D5E72D7482354F26DFF6657839B371'

config rule 'rule10'
option name 'Deny-CUPS-wan'
option src 'wan'
option proto 'tcp'
option dest_port '631'
option family 'ipv4'
option target 'DROP'
option _key 'E8F893B7639681D0354D5B303C58423E'

config rule 'rule11'
option name 'Deny-CUPS-lan-v6'
option src 'lan'
option proto 'tcp'
option dest_port '631'
option family 'ipv6'
option target 'DROP'
option _key 'D82C06EF61A6A54298E9CF2FD1EDE937'

config rule 'rule12'
option name 'Deny-CUPS-wan-v6'
option src 'wan'
option proto 'tcp'
option dest_port '631'
option family 'ipv6'
option target 'DROP'
option _key '2CC360BD2344B25A49F1D54928C1C196'

config include
option path '/etc/firewall.user'

config include 'tchext_restart'
option type 'script'
option path '/lib/functions/firewall-restart-ext-tch.sh'

config include 'tchext'
option type 'script'
option path '/lib/functions/firewall-ext-tch.sh'
option reload '1'

config cone 'cone1'
option name 'PS and XBox Live 1'
option src 'wan'
option dest_port '88'

config cone 'cone2'
option name 'PS and XBox Live 2'
option src 'wan'
option dest_port '3074:3658'

config cone 'cone3'
option name 'PS and XBox Live 3'
option src 'wan'
option dest_port '10070'

config cone 'cone4'
option name 'PS and XBox Live 4'
option src 'wan'
option dest_port '4500'

config include 'tod'
option type 'script'
option path '/lib/functions/tod.sh'
option reload '1'

config include 'intercept'
option type 'script'
option path '/usr/lib/intercept/firewall.sh'

config fwconfig 'fwconfig'
option defaultoutgoing_lax 'ACCEPT'
option defaultoutgoing_normal 'ACCEPT'
option defaultoutgoing_high 'DROP'
option defaultoutgoing_user 'ACCEPT'
option defaultincoming_lax 'REJECT'
option defaultincoming_normal 'DROP'
option defaultincoming_high 'DROP'
option defaultincoming_user 'DROP'
option dmz '0'
option level 'normal'

config redirectsgroup 'userredirects'
option enabled '1'
option name 'FW redirects defined by the user'
option type 'userredirect'

config redirectsgroup 'dmzredirects'
option enabled '0'
option name 'FW redirects for the DMZ functionality'
option type 'dmzredirect'

config dmzredirect 'dmzredirect'
option name 'DMZ rule'
option src 'wan'
option dest 'lan'
option family 'ipv4'
option target 'DNAT'
option proto 'tcpudp'
option enabled '0'

config rulesgroup 'normalrules'
option name 'FW rules for normal level'
option type 'normalrule'
option enabled '1'

config rulesgroup 'laxrules'
option name 'FW rules for lax level'
option type 'laxrule'
option enabled '0'

config rulesgroup 'highrules'
option enabled '0'
option name 'FW rules for high level'
option type 'highrule'

config rulesgroup 'userrules'
option name 'FW rules for user level'
option type 'userrule'
option enabled '0'

config rulesgroup 'userrules_v6'
option name 'FW rules for user level IPv6'
option type 'userrule_v6'
option enabled '0'

config rulesgroup 'defaultrules'
option enabled '1'
option name 'FW rules for default behavior'
option type 'defaultrule'

config highrule 'highrule1'
option name 'HTTP'
option src 'lan'
option dest 'wan'
option proto 'tcp'
option dest_port '80'
option target 'ACCEPT'

config highrule 'highrule2'
option name 'HTTPS'
option src 'lan'
option dest 'wan'
option proto 'tcp'
option dest_port '443'
option target 'ACCEPT'

config highrule 'highrule3'
option name 'SMTP'
option src 'lan'
option dest 'wan'
option proto 'tcp'
option dest_port '25'
option target 'ACCEPT'

config highrule 'highrule4'
option name 'POP3'
option src 'lan'
option dest 'wan'
option proto 'tcp'
option dest_port '110'
option target 'ACCEPT'

config highrule 'highrule5'
option name 'IMAP'
option src 'lan'
option dest 'wan'
option proto 'tcp'
option dest_port '445'
option target 'ACCEPT'

config highrule 'highrule6'
option name 'SSH'
option src 'lan'
option dest 'wan'
option proto 'tcp'
option dest_port '22'
option target 'ACCEPT'

config defaultrule 'defaultipv6incoming'
option name 'Default action for incoming IPv6 traffic'
option src 'wan'
option dest 'lan'
option proto 'all'
option family 'ipv6'
option target 'ACCEPT'
option enabled '0'

config defaultrule 'defaultipv6outgoing'
option name 'Default action for outgoing IPv6 traffic'
option src 'lan'
option dest 'wan'
option proto 'all'
option family 'ipv6'
option target 'ACCEPT'
option enabled '0'

config defaultrule 'defaultoutgoing'
option name 'Default action for outgoing NAT'
option src 'lan'
option dest 'wan'
option proto 'all'
option target 'ACCEPT'

config helper 'helper1'
option helper 'ftp'
option dest_port '21'
option proto 'tcp'
option _key '351AC2735D8F2393FC2596688E7E2BED'

config helper 'helper2'
option helper 'tftp'
option dest_port '69'
option proto 'udp'
option _key '022546ED77E6AABF607312BFA91AD628'

config helper 'helper3'
option helper 'snmp'
option family 'ipv4'
option dest_port '161'
option proto 'udp'
option _key '7941B735042DACAD63B8209258046D91'

config helper 'helper4'
option helper 'pptp'
option family 'ipv4'
option dest_port '1723'
option proto 'tcp'
option _key '1E5DE4CB1DED89F83BF32355A889E451'

config helper 'helper5'
option enable '0'
option helper 'sip'
option dest_port '5060'
option proto 'udp'
option _key 'F5EFAAFBC16FE91C257FA37F7A0B4529'

config helper 'helper6'
option helper 'sip'
option dest_port '5060'
option proto 'udp'
option intf 'loopback'
option _key 'D78534F2E5B87D5FA58D19FB87B27BCA'

config helper 'helper7'
option helper 'irc'
option family 'ipv4'
option dest_port '6667'
option proto 'tcp'
option _key 'B85F67530928EDD1BB69F16DBA3CCFB0'

config helper 'helper8'
option helper 'amanda'
option dest_port '10080'
option proto 'udp'
option _key '370C69613D055A926D1985EE8A1322A8'

config helper 'helper9'
option helper 'rtsp'
option dest_port '554'
option family 'ipv4'
option proto 'tcp'
option _key 'FE4A9858D1F99B832A3106EC18CC24EB'

config include 'cwmpd'
option type 'script'
option path '/lib/functions/firewall-cwmpd.sh'
option reload '1'

config include 'dhcpsnooper'
option type 'script'
option path '/lib/functions/firewall-dhcpsnooper.sh'
option reload '1'

config include 'igmpproxy'
option type 'script'
option path '/lib/functions/firewall-igmpproxy-tch.sh'
option reload '1'

config include 'mldproxy'
option type 'script'
option path '/lib/functions/firewall-mldproxy-tch.sh'
option reload '1'

config include 'snmpd'
option type 'script'
option path '/lib/functions/firewall-net-snmp.sh'
option reload '1'

config include 'miniupnpd'
option type 'script'
option path '/usr/share/miniupnpd-tch/firewall.include'
option family 'IPv4'
option reload '1'

config include 'mmpbx'
option type 'script'
option path '/lib/functions/firewall-mmpbx.sh'
option reload '1'

config include 'weburl'
option type 'script'
option path '/lib/functions/weburl-tch.sh'
option reload '1'


Pour info toutes les règles avec des *wlnetb* sont en rapport avec le wifi il me semble, mais comme il est désactivé ne pas tenir compte de ça.