Bonjour à tous
J'ai la fibre orange (jet) depuis peu avec une LB4. J'ai pris un ERL et j'ai appliqué ce tuto (avec eth0 pour le lan, eth1 pour l'ONT et eth2 pour la LB).
Ça fonctionne et je remercie l'ensemble des contributeurs.
J'ai cependant un problème bloquant.
Le port forwarding de port unique fonctionne bien mais je n'arrive pas à faire fonctionner le forward d'un range de ports.
Sur la machine de destination, avec un tcpdump, je vois les paquets arriver avec une length de 0.
Est ce que quelqu'un à reussi à mettre ça en place ?
Voici ma config:
firewall {
all-ping enable
broadcast-ping disable
ipv6-receive-redirects disable
ipv6-src-route disable
ip-src-route disable
log-martians enable
name WAN_IN {
default-action drop
description "WAN to internal"
enable-default-log
rule 10 {
action accept
description "Allow established/related"
log disable
protocol all
state {
established enable
invalid disable
new disable
related enable
}
}
rule 20 {
action drop
description "Drop invalid state"
log disable
protocol all
state {
established disable
invalid enable
new disable
related disable
}
}
}
name WAN_LOCAL {
default-action drop
description "WAN to router"
rule 1 {
action accept
description "Allow established/related"
state {
established enable
related enable
}
}
rule 2 {
action accept
description "Allow Ping"
destination {
group {
address-group ADDRv4_eth0
}
}
log enable
protocol icmp
}
rule 3 {
action drop
description "Drop invalid state"
log disable
state {
invalid enable
}
}
}
options {
}
receive-redirects disable
send-redirects enable
source-validation disable
syn-cookies enable
}
interfaces {
bridge br0 {
aging 300
bridged-conntrack disable
description "bro -> eth2.838 LIVEBOX (VoD)"
hello-time 2
max-age 20
priority 0
promiscuous disable
stp false
}
bridge br1 {
aging 300
bridged-conntrack disable
description "br1 -> eth2.840 LIVEBOX (ZAPPING + CANAL 1)"
hello-time 2
max-age 20
priority 0
promiscuous disable
stp false
}
ethernet eth0 {
address 192.168.0.1/24
description "eth0 LOCAL LAN SWITCH"
duplex auto
speed auto
}
ethernet eth1 {
description "eth1 ONT (FIBRE RJ45)"
duplex auto
speed auto
vif 832 {
address dhcp
description "eth1.832 (INTERNET + VOIP + CANAL 2)"
dhcp-options {
client-option "send vendor-class-identifier "sagem";"
client-option "send user-class "\053FSVDSL_livebox.Internet.softathome.Livebox3";"
client-option "send rfc3118-auth 00:00:00:00:00:00:00:00:00:00:00:XX:XX:XX:XX:XX:XX:XX:XX:XX:XX:XX;"
client-option "request dhcp-lease-time, dhcp-renewal-time, dhcp-rebinding-time, domain-search, rfc3118-auth;"
default-route update
default-route-distance 210
name-server update
}
egress-qos "0:0 1:1 2:2 3:3 4:4 5:5 6:6 7:7"
firewall {
in {
name WAN_IN
}
local {
name WAN_LOCAL
}
}
ipv6 {
address {
autoconf
}
dup-addr-detect-transmits 1
}
}
vif 838 {
bridge-group {
bridge br0
}
description "eth1.838 (VoD)"
egress-qos "0:4 1:4 2:4 3:4 4:4 5:4 6:4 7:4"
}
vif 840 {
bridge-group {
bridge br1
}
description "eth1.840 (ZAPPING + CANAL 1)"
egress-qos "0:5 1:5 2:5 3:5 5:5 6:5 7:5"
}
}
ethernet eth2 {
description "eth2 VERS LIVEBOX"
duplex auto
speed auto
vif 832 {
address 192.168.2.1/24
description "eth2.832 LIVEBOX (INTERNET + VOIP + CANAL 2)"
}
vif 838 {
bridge-group {
bridge br0
}
description "eth2.838 LIVEBOX (VoD)"
egress-qos "0:4 1:4 2:4 3:4 4:4 5:4 6:4 7:4"
}
vif 840 {
bridge-group {
bridge br1
}
description "eth2.840 LIVEBOX (ZAPPING + CANAL 1)"
egress-qos "0:5 1:5 2:5 3:5 4:5 5:5 6:5 7:5"
}
}
loopback lo {
}
}
port-forward {
auto-firewall enable
hairpin-nat enable
lan-interface eth0
rule 1 {
description FW1
forward-to {
address 192.168.0.50
port 18123
}
original-port 18123
protocol tcp
}
rule 2 {
description FW2
forward-to {
address 192.168.0.50
port 40888
}
original-port 40888
protocol tcp
}
rule 3 {
description FW3PR
forward-to {
address 192.168.0.50
port 24000-24500
}
original-port 24000-24500
protocol tcp
}
wan-interface eth1.832
}
protocols {
}
service {
dhcp-server {
disabled false
global-parameters "option rfc3118-auth code 90 = string;"
global-parameters "option SIP code 120 = string;"
hostfile-update disable
shared-network-name LAN {
authoritative disable
subnet 192.168.0.0/24 {
default-router 192.168.0.1
dns-server 192.168.0.1
lease 86400
start 192.168.0.30 {
stop 192.168.0.254
}
}
}
shared-network-name LIVEBOX {
authoritative enable
subnet 192.168.1.0/24 {
default-router 192.168.1.1
dns-server 81.253.149.9
dns-server 80.10.246.1
domain-name orange.fr
lease 86400
start 192.168.1.30 {
stop 192.168.1.50
}
subnet-parameters "option rfc3118-auth 00:00:00:00:00:00:00:00:00:00:00:64:68:63:70:6c:69:76:65:62:6f:78:66:72:32:35:30;"
subnet-parameters "option SIP 00:06:73:62:63:74:33:67:03:41:55:42:06:61:63:63:65:73:73:11:6f:72:61:6e:67:65:2d:6d:75:6c:74:69:6d:65:64:69:61:03:6e:65:74:00;"
}
}
}
dns {
forwarding {
cache-size 1000
listen-on eth0
}
}
gui {
http-port 8000
https-port 8443
older-ciphers enable
}
nat {
rule 5010 {
log disable
outbound-interface eth1.832
protocol all
type masquerade
}
}
ssh {
allow-root
port 7999
protocol-version v2
}
upnp2 {
listen-on eth2.832
listen-on eth0
nat-pmp enable
secure-mode disable
wan eth1.832
}
}
system {
host-name ubnt
login {
user root {
authentication {
encrypted-password XXXXXXXXXXXXXXXXXXXXXX.
plaintext-password ""
}
level admin
}
user ubnt {
authentication {
encrypted-password XXXXXXXXXXXXXXXXXXXXXX
plaintext-password ""
}
full-name ""
level admin
}
}
name-server 8.8.8.8
name-server 8.8.4.4
name-server 208.67.222.222
name-server 208.67.220.220
ntp {
server 0.ubnt.pool.ntp.org {
}
server 1.ubnt.pool.ntp.org {
}
server 2.ubnt.pool.ntp.org {
}
server 3.ubnt.pool.ntp.org {
}
}
offload {
hwnat disable
ipsec enable
ipv4 {
forwarding enable
vlan enable
}
ipv6 {
forwarding disable
}
}
package {
repository wheezy {
components "main contrib non-free"
distribution wheezy
password ""
url http://http.us.debian.org/debian
username ""
}
repository wheezy-security {
components main
distribution wheezy/updates
password ""
url http://security.debian.org
username ""
}
}
syslog {
global {
facility all {
level notice
}
facility protocols {
level debug
}
}
}
time-zone Europe/Paris
}
/* Warning: Do not remove the following line. */
/* === vyatta-config-version: "config-management@1:conntrack@1:cron@1:dhcp-relay@1:dhcp-server@4:firewall@5:ipsec@5:nat@3:qos@1:quagga@2:system@4:ubnt-pptp@1:ubnt-util@1:vrrp@1:webgui@1:webproxy@1:zone-policy@1" === */
/* Release version: v1.9.1.4939093.161214.0705 */
Ceci ne fonctionne pas:
rule 3 {
description FW3PR
forward-to {
address 192.168.0.50
port 24000-24500
}
original-port 24000-24500
protocol tcp
}
J'ai essayé d'autres ranges et aussi en version 1.6, 1.8.5 et 1.9.1, même résultat.
Avez vous une idée svp ?