Bon, je confirme que j'ai une couille dans le potage.
Je viens de re-checker les interfaces et les vlans, et ça me semble correct. Cependant, la LB ne monte pas, même si elle décrit la synchro comme correcte, l'internet ne monte pas dessus.
D'autre part, la configuration ne supporte pas le reboot. Au reboot, la machine se retrouve dans un état où aucune interface ne répond. Je dois effectuer un reset hard 10 secondes, et reprendre depuis le début.
Qu'est-ce que j'ai bien pu oublier...
Voici ma configue pour si vous repérez un truc évident sur lequel j'ai tellement le nez collé que je ne le vois pas:
Comme j'indiquais, j'ai la LB sur eth0, l'ONT sur eth1, et switch sur les 3 autres.
firewall {
all-ping enable
broadcast-ping disable
ipv6-receive-redirects disable
ipv6-src-route disable
ip-src-route disable
log-martians enable
name WAN_IN {
default-action drop
description "WAN to internal"
enable-default-log
rule 10 {
action accept
description "Allow established/related"
log disable
protocol all
state {
established enable
invalid disable
new disable
related enable
}
}
rule 20 {
action drop
description "Drop invalid state"
log disable
protocol all
state {
established disable
invalid enable
new disable
related disable
}
}
}
name WAN_LOCAL {
default-action drop
description "WAN to router"
rule 1 {
action accept
description "Allow established/related"
state {
established enable
related enable
}
}
rule 2 {
action accept
description "Allow Ping"
destination {
group {
address-group ADDRv4_eth7
}
}
log enable
protocol icmp
}
rule 3 {
action drop
description "Drop invalid state"
log disable
state {
invalid enable
}
}
}
options {
mss-clamp {
interface-type pppoe
interface-type pptp
interface-type tun
mss 1452
}
}
receive-redirects disable
send-redirects enable
source-validation disable
syn-cookies enable
}
interfaces {
bridge br0 {
aging 300
bridged-conntrack disable
description "bro -> eth0.838 LIVEBOX (VoD)"
hello-time 2
max-age 20
priority 0
promiscuous disable
stp false
}
bridge br1 {
aging 300
bridged-conntrack disable
description "br1 -> eth0.840 LIVEBOX (ZAPPING + CANAL 1)"
hello-time 2
max-age 20
priority 0
promiscuous disable
stp false
}
ethernet eth0 {
description "eth0 VERS LIVEBOX"
duplex auto
speed auto
vif 832 {
address 192.168.2.1/24
description "eth0.832 LIVEBOX (INTERNET + VOIP + CANAL 2)"
}
vif 838 {
bridge-group {
bridge br0
}
description "eth0.838 LIVEBOX (VoD)"
egress-qos "0:4 1:4 2:4 3:4 4:4 5:4 6:4 7:4"
}
vif 840 {
bridge-group {
bridge br1
}
description "eth0.840 LIVEBOX (ZAPPING + CANAL 1)"
egress-qos "0:5 1:5 2:5 3:5 4:5 5:5 6:5 7:5"
}
}
ethernet eth1 {
address dhcp
description "eth1 ONT (FIBRE RJ45)"
duplex auto
speed auto
vif 832 {
address dhcp
description "eth1.832 (INTERNET + VOIP + CANAL 2)"
dhcp-options {
client-option "send vendor-class-identifier "sagem";"
client-option "send user-class "\053FSVDSL_livebox.Internet.softathome.Livebox3";"
client-option "send rfc3118-auth 00:00:00:00:00:00:00:00:00:00:00:XX:XX:XX:XX:XX:XX:XX:XX:XX;"
client-option "request dhcp-lease-time, dhcp-renewal-time, dhcp-rebinding-time, domain-search, rfc3118-auth, SIP;"
default-route update
default-route-distance 210
name-server update
}
egress-qos "0:0 1:1 2:2 3:3 4:4 5:5 6:6 7:7"
firewall {
in {
name WAN_IN
}
local {
name WAN_LOCAL
}
}
ipv6 {
address {
autoconf
}
dup-addr-detect-transmits 1
}
}
vif 838 {
bridge-group {
bridge br0
}
description "eth1.838 (VoD)"
egress-qos "0:4 1:4 2:4 3:4 4:4 5:4 6:4 7:4"
}
vif 840 {
bridge-group {
bridge br1
}
description "eth1.840 (ZAPPING + CANAL 1)"
egress-qos "0:5 1:5 2:5 3:5 5:5 6:5 7:5"
}
}
ethernet eth2 {
duplex auto
poe {
output off
}
speed auto
}
ethernet eth3 {
duplex auto
poe {
output off
}
speed auto
}
ethernet eth4 {
duplex auto
poe {
output off
}
speed auto
}
loopback lo {
}
switch switch0 {
address 192.168.1.1/24
description SWITCH
mtu 1500
switch-port {
interface eth2
interface eth3
interface eth4
}
}
}
protocols {
igmp-proxy {
disable-quickleave
interface br1 {
alt-subnet 0.0.0.0/0
role upstream
threshold 1
}
interface eth0 {
alt-subnet 0.0.0.0/0
role downstream
threshold 1
}
}
}
service {
dhcp-server {
disabled false
global-parameters "option rfc3118-auth code 90 = string;"
global-parameters "option SIP code 120 = string;"
hostfile-update disable
shared-network-name LAN {
authoritative disable
subnet 192.168.1.0/24 {
default-router 192.168.1.1
dns-server 8.8.8.8
dns-server 8.8.4.4
domain-name FD-HOME
lease 86400
start 192.168.1.10 {
stop 192.168.1.200
}
static-mapping nexus {
ip-address 192.168.1.25
mac-address 00:24:1d:cc:57:bb
}
static-mapping zeus {
ip-address 192.168.1.9
mac-address 78:24:af:3c:b2:a8
}
}
}
shared-network-name LIVEBOX {
authoritative enable
subnet 192.168.2.0/24 {
default-router 192.168.2.1
dns-server 81.253.149.9
dns-server 80.10.246.1
domain-name orange.fr
lease 86400
start 192.168.2.2 {
stop 192.168.2.254
}
subnet-parameters "option rfc3118-auth 00:00:00:00:00:00:00:00:00:00:00:XX:XX:XX:XX:XX:XX:XX:XX:XX:XX;"
subnet-parameters "option SIP 00:06:73:62:63:74:33:67:03:41:55:42:06:61:63:63:65:73:73:11:6f:72:61:6e:67:65:2d:6d:75:6c:74:69:6d:65:64:69:61:03:6e:65:74:00;"
}
}
}
dns {
}
gui {
https-port 443
}
mdns {
reflector
}
nat {
rule 5010 {
log disable
outbound-interface eth1.832
protocol all
type masquerade
}
}
ssh {
allow-root
port 22
protocol-version v2
}
upnp2 {
listen-on eth0.832
nat-pmp enable
secure-mode disable
wan eth1.832
listen-on switch0
}
}
system {
config-management {
commit-revisions 50
}
domain-name FD-HOME
host-name ubnt
login {
user root {
authentication {
encrypted-password Tralapouet
plaintext-password ""
}
level admin
}
user admin {
authentication {
encrypted-password PouetTrala
plaintext-password ""
}
level admin
}
user ubnt {
authentication {
encrypted-password PouetPouetTralala
plaintext-password ""
}
full-name ""
level admin
}
}
name-server 192.168.1.1
name-server 8.8.8.8
name-server 8.8.4.4
name-server 208.67.222.222
name-server 208.67.220.220
ntp {
server 0.ubnt.pool.ntp.org {
}
server 1.ubnt.pool.ntp.org {
}
server 2.ubnt.pool.ntp.org {
}
server 3.ubnt.pool.ntp.org {
}
}
offload {
ipsec enable
ipv4 {
forwarding enable
vlan enable
}
ipv6 {
forwarding disable
}
}
package {
repository wheezy {
components "main contrib non-free"
distribution wheezy
password ""
url http://http.us.debian.org/debian
username ""
}
repository wheezy-security {
components main
distribution wheezy/updates
password ""
url http://security.debian.org
username ""
}
}
syslog {
global {
facility all {
level notice
}
facility protocols {
level debug
}
}
host 192.168.1.9 {
facility all {
level err
}
}
}
time-zone Europe/Paris
}
/* Warning: Do not remove the following line. */
/* === vyatta-config-version: "config-management@1:conntrack@1:cron@1:dhcp-relay@1:dhcp-server@4:firewall@5:ipsec@5:nat@3:qos@1:quagga@2:system@4:ubnt-pptp@1:ubnt-util@1:vrrp@1:webgui@1:webproxy@1:zone-policy@1" === */
/* Release version: v1.8.0.4853089.160219.1614 */
Côté interfaces, ça donne ça:
root@ubnt:~# show interfaces
Codes: S - State, L - Link, u - Up, D - Down, A - Admin Down
Interface IP Address S/L Description
--------- ---------- --- -----------
br0 - u/u bro -> eth0.838 LIVEBOX (VoD)
br1 - u/u br1 -> eth0.840 LIVEBOX (ZAPPING + CANAL 1)
eth0 - u/u eth0 VERS LIVEBOX
eth0.832 192.168.2.1/24 u/u eth0.832 LIVEBOX (INTERNET + VOIP + CANAL 2)
eth0.838 - u/u eth0.838 LIVEBOX (VoD)
eth0.840 - u/u eth0.840 LIVEBOX (ZAPPING + CANAL 1)
eth1 - u/u eth1 ONT (FIBRE RJ45)
eth1.832 x.y.z.t/21 u/u eth1.832 (INTERNET + VOIP + CANAL 2)
eth1.838 - u/u eth1.838 (VoD)
eth1.840 - u/u eth1.840 (ZAPPING + CANAL 1)
eth2 - u/u
eth3 - u/u
eth4 - u/u
lo 127.0.0.1/8 u/u
::1/128
switch0 192.168.1.1/24 u/u SWITCH