Network
Routing
Failover IP - double wan
Installation: opkg install mwan3
Status: mwan3 status
/etc/config/mwan3:
config globals 'globals'
option mmx_mask '0x3F00'
config interface 'wan'
option enabled '1'
list track_ip '8.8.4.4'
list track_ip '8.8.8.8'
list track_ip '208.67.222.222'
list track_ip '208.67.220.220'
option family 'ipv4'
option reliability '1'
config interface 'wan6'
option enabled '0'
list track_ip '2001:4860:4860::8844'
list track_ip '2001:4860:4860::8888'
list track_ip '2620:0:ccd::2'
list track_ip '2620:0:ccc::2'
option family 'ipv6'
option reliability '2'
config interface 'wanb'
option enabled '1'
list track_ip '8.8.4.4'
list track_ip '8.8.8.8'
list track_ip '208.67.222.222'
list track_ip '208.67.220.220'
option family 'ipv4'
option reliability '1'
config interface 'wanb6'
option enabled '0'
list track_ip '2001:4860:4860::8844'
list track_ip '2001:4860:4860::8888'
list track_ip '2620:0:ccd::2'
list track_ip '2620:0:ccc::2'
option family 'ipv6'
option reliability '1'
config member 'wan_m1_w3'
option interface 'wan'
option metric '1'
option weight '3'
config member 'wan_m2_w3'
option interface 'wan'
option metric '2'
option weight '3'
config member 'wanb_m1_w2'
option interface 'wanb'
option metric '1'
option weight '2'
config member 'wanb_m2_w2'
option interface 'wanb'
option metric '2'
option weight '2'
config member 'wan6_m1_w3'
option interface 'wan6'
option metric '1'
option weight '3'
config member 'wan6_m2_w3'
option interface 'wan6'
option metric '2'
option weight '3'
config member 'wanb6_m1_w2'
option interface 'wanb6'
option metric '1'
option weight '2'
config member 'wanb6_m2_w2'
option interface 'wanb6'
option metric '2'
option weight '2'
#config policy 'wan_only'
# list use_member 'wan_m1_w3'
# list use_member 'wan6_m1_w3'
#config policy 'wanb_only'
# list use_member 'wanb_m1_w2'
# list use_member 'wanb6_m1_w2'
#config policy 'balanced'
# list use_member 'wan_m1_w3'
# list use_member 'wanb_m1_w2'
# list use_member 'wan6_m1_w3'
# list use_member 'wanb6_m1_w2'
config policy 'wan_wanb'
list use_member 'wan_m1_w3'
list use_member 'wanb_m2_w2'
list use_member 'wan6_m1_w3'
# list use_member 'wanb6_m2_w2'
#config rule 'https'
# option sticky '1'
# option dest_port '443'
# option proto 'tcp'
# option use_policy 'balanced'
config rule 'default_rule_v4'
option dest_ip '0.0.0.0/0'
option use_policy 'wan_wanb'
option family 'ipv4'
option sticky '0'
#config rule 'default_rule_v6'
# option dest_ip '::/0'
# option use_policy 'wan_wanb'
# option family 'ipv6'
Note: please add option metric
in /etc/config/network
for each interface
References:
List connected client
On router
ip neighbor
cat /tmp/dhcp.leases
ubus call dhcp ipv4leases
ubus call dhcp ipv6leases
On wireless device
# Universal
iwinfo wlan0 assoclist
# Proprietary Broadcom (wl)
wl -i wl0 assoclist
# Proprietary Atheros (madwifi)
wlanconfig ath0 list sta
# MAC80211
iw dev wlan0 station dump
On switch
# arp does not show those on other vlan, so you should use:
bridge fdb show | grep self # not optimized, it show all active+old/inactive connections
Tips/shortcut on all wireless intefaces:
ip a | grep wlan | cut -d: -f2 | tr -d " " | xargs -i iwinfo {} assoclist | grep -E "^\w"
Note: require findutils-xargs
List wireless network
iwinfo wlan0 scan
Add dhcp to an interface
/etc/config/dhcp
config dhcp 'management'
option interface 'management'
option start '100'
option limit '150'
option leasetime '12h'
DHCP options
config dhcp 'management'
...
list dhcp_option '6,192.168.1.10,192.168.1.11'
list dhcp_option '66,192.168.0.15'
Notes:
6
for DNS server followg byprimary,secondary
(optional for secondary)66
for tftp/ipxe
Configure an interface as a dhclient
/etc/config/network
config interface 'lan'
...
option proto 'dhcp'
Add a vlan
/etc/config/network
config bridge-vlan
option device 'br-lan'
option vlan '100'
list ports 'eth0:t'
IMPORTANT: if its the first time you add a vlan and the interface has a DHCP protocol, change the device of the interface to make it works (see below with br-lan.100
), else the device will not be accessible anymore.
/etc/config/network
config interface 'lan'
option device 'br-lan.100'
option proto 'dhcp'
Set static ip to an interface
/etc/config/network
config device
option name 'management'
option type 'bridge'
list ports 'lan8'
config interface 'management'
option device 'management'
option proto 'static'
option netmask '255.255.255.0'
option ipaddr '192.168.20.1'
Note: replace lan8
, use ls -l /sys/class/net/
to find existing ports
Select DNS Server for a network interface
/etc/config/network
config interface 'lan'
...
list dns '192.168.2.227'
dnsmasq with PXE
/etc/dnsmasq.conf
dhcp-match=set:ipxeclient,60,IPXEClient*
dhcp-match=set:bios,60,PXEClient:Arch:00000
dhcp-boot=tag:bios,netboot.xyz.kpxe,,192.168.4.146
dhcp-match=set:efi32,60,PXEClient:Arch:00002
dhcp-boot=tag:efi32,netboot.xyz.efi,,192.168.4.146
dhcp-match=set:efi32-1,60,PXEClient:Arch:00006
dhcp-boot=tag:efi32-1,netboot.xyz.efi,,192.168.4.146
dhcp-match=set:efi64,60,PXEClient:Arch:00007
dhcp-boot=tag:efi64,netboot.xyz.efi,,192.168.4.146
dhcp-match=set:efi64-1,60,PXEClient:Arch:00008
dhcp-boot=tag:efi64-1,netboot.xyz.efi,,192.168.4.146
dhcp-match=set:efi64-2,60,PXEClient:Arch:00009
dhcp-boot=tag:efi64-2,netboot.xyz.efi,,192.168.4.146
Note:
- ensure a tftp server is running at
192.168.4.146
- not sure but i think it is only required if you need to change the default boot filenames
.efi, .kpxe
Add static lease on the DHCP
/etc/config/dhcp
config host
option ip '192.168.2.227'
option mac '62:34:29:95:F9:56'
Spanning Tree Protocol (STP)
/etc/config/network
config interface 'lan'
...
option stp 1
Port Mirroring
/etc/firewall.user
iptables -A POSTROUTING -t mangle -o br-lan ! -s 192.168.2.227 -j TEE --gateway 192.168.2.227
iptables -A PREROUTING -t mangle -i br-lan ! -d 192.168.2.227 -j TEE --gateway 192.168.2.227
Note: require opkg install iptables-mod-tee kmod-ipt-tee
Then /etc/init.d/firewall restart