[FS#1098] Firewall problem with PPPoE LAN configuration

LEDE Bugs lede-bugs at lists.infradead.org
Sat Oct 21 23:58:05 PDT 2017 

A new Flyspray task has been opened.  Details are below. 

User who did this - Brian Topping (briantopping) 

Attached to Project - LEDE Project
Summary - Firewall problem with PPPoE LAN configuration
Task Type - Bug Report
Category - Base system
Status - Unconfirmed
Assigned To - 
Operating System - All
Severity - Medium
Priority - Very Low
Reported Version - lede-17.01
Due in Version - Undecided
Due Date - Undecided
Details - Greetings, thanks for the awesome investment in LEDE! Regardless of the direction of the project, this was a much-needed shot in the arm!

There is an ISP in the USA called CenturyLink and they have a fiber connection that puts the incoming connection on VLAN 201. I can think of a few reasons that don't require a tin-foil hat for why they do this, but anyway. LEDE and predecessor have supported this cleanly for the two years that I have tried it. My network config, for what it's worth:

config interface 'loopback'
	option ifname 'lo'
	option proto 'static'
	option ipaddr '127.0.0.1'
	option netmask '255.0.0.0'

config globals 'globals'
	option ula_prefix 'fdc6:b2c7:28af::/48'

config interface 'lan'
	option type 'bridge'
	option ifname 'eth0'
	option proto 'static'
	option netmask '255.255.255.0'
	option ip6assign '60'
	option ipaddr '192.168.10.1'

config interface 'wan'
	option _orig_ifname 'eth1'
	option _orig_bridge 'false'
	option proto 'pppoe'
	option ipv6 'auto'
	option username '*************'
	option password '******'
	option ifname 'eth1'

config interface 'wan6'
	option proto 'dhcpv6'
	option ifname 'eth1.2'

config switch
	option name 'switch0'
	option reset '1'
	option enable_vlan '1'

config switch_vlan
	option device 'switch0'
	option vlan '1'
	option ports '0 1 2 3 5'
	option vid '1'

config switch_vlan
	option device 'switch0'
	option vlan '2'
	option vid '2'

config switch_vlan
	option device 'switch0'
	option vlan '3'
	option ports '4t 6'
	option vid '201'


What I never noticed until recently is the firewall is not responding properly to port forwarding or router input. I do not know if this has always been a problem, if it is a problem with the router (Linksys WRT3200ACM) and it generally works fine, if it is a LUCI problem because it needs to know about the PPPoE connection and adjust the firewall entries, or if all of this stuff is working just fine and I am not configuring Samba properly to show the port on the WAN:


config samba
	option name 'Lede'
	option workgroup 'WORKGROUP'
	option description 'Lede'
	option homes '0'
	option interface 'loopback lan wan'

config sambashare
	option name 'test'
	option guest_ok 'yes'
	option path '/mnt/dtraveler'
	option read_only 'yes'


I have a lot of experience with the platform, but I admittedly I'm less skilled when tools like `lsof` are unavailable to see port presentation and whatnot. 

What can I do to help here?

Thanks, Brian

More information can be found at the following URL:
https://bugs.lede-project.org/index.php?do=details&task_id=1098

More information about the lede-bugs mailing list