Modify

Opened 6 years ago

Closed 6 years ago

Last modified 4 years ago

#11127 closed defect (fixed)

firewall load wrong interface name for wan

Reported by: cz <chengzhicn@…> Owned by: developers
Priority: high Milestone: Barrier Breaker 14.07
Component: base system Version: Trunk
Keywords: Cc:

Description

I can't get to internet unless manually issus "ifup wan" atfer each reboot.

here is my network config

config interface 'wan'
        option ifname 'eth1'
        option 'proto' 'pppoe'
        option 'username' 'userxxxxx'
        option 'password' 'passxxxxx'

and log

root@OpenWrt:~# logread | grep firewall
Mar 13 14:52:41 OpenWrt user.info firewall: adding lan (br-lan) to zone lan
Mar 13 14:52:42 OpenWrt user.info firewall: adding wan (eth1) to zone wan
Mar 13 14:52:42 OpenWrt user.info firewall: adding voip (eth1.46) to zone wan
Mar 13 14:52:44 OpenWrt user.info firewall: adding office (pptp-office) to zone wan
Mar 13 14:52:44 OpenWrt user.info firewall: adding school (pptp-school) to zone wan
Mar 13 14:53:03 OpenWrt user.notice miniupnpd: adding firewall rules for eth1 to zone wan
Mar 13 14:56:51 OpenWrt user.info firewall: removing office (pptp-office) from zone wan
Mar 13 14:57:05 OpenWrt user.info firewall: adding office (pptp-office) to zone wan


I see that firewall use "eth1" instead of "pppoe-wan", and therefore I can't access internet since there is no NAT rule for pppoe-wan.

Attachments (0)

Change History (7)

comment:1 Changed 6 years ago by cz <chengzhicn@…>

I see that firewall using uci_get_state to get ifname of wan, so I looked into /var/state/network

root@OpenWrt:~# cat /var/state/network | grep wan
network.wan.ipaddr=x.x.x.x
network.wan.gateway=x.x.x.x
network.wan.dns=x.x.x.x x.x.x.x
network.wan.resolv_dns=x.x.x.x x.x.x.x
network.wan.up=1
network.wan.connect_time=60
network.wan.device=eth1

There is no "network.wan.ifname=pppoe-wan" as it should be, so firewall just use "option ifname 'eth1'" in /etc/config/network which is wrong.

I also write some log scripts to trace /var/state/network changes

root@OpenWrt:~# cat /etc/hotplug.d/net/20-log
echo "net - act:$ACTION if:$INTERFACE" >> /var/testlog
root@OpenWrt:~# cat /etc/hotplug.d/iface/09-log
echo "iface - act:$ACTION if:$INTERFACE dev:$DEVICE" >> /var/testlog

and here is the result

root@OpenWrt:~# cat /var/testlog
net - act:add if:gre0
net - act:add if:lo
iface - act:ifup if:loopback dev:lo
net - act:add if:wlan1
net - act:add if:eth1
net - act:add if:wlan0
net - act:add if:eth0
net - act:add if:lo
iface - act:ifup if:loopback dev:lo
iface - act:ifup if:wan dev:pppoe-wan
net - act:add if:eth0
net - act:add if:eth1
net - act:add if:wlan0
net - act:add if:wlan1
net - act:add if:gre0
net - act:add if:eth1.46
iface - act:ifdown if:voip dev:eth1.46
net - act:add if:br-lan
iface - act:ifup if:lan dev:br-lan
net - act:remove if:wlan0
iface - act:ifup if:voip dev:eth1.46
net - act:remove if:wlan1
net - act:add if:wlanap
net - act:add if:ppp0
net - act:move if:pppoe-wan
net - act:add if:mon.wlanap
net - act:add if:ppp1
net - act:move if:pptp-school
net - act:add if:ppp2
net - act:move if:pptp-office
iface - act:ifup if:office dev:pptp-office
iface - act:ifup if:school dev:pptp-school

All physical interfaces have been added twice, and "ifup pppoe-wan" is between them. So "network.wan.ifname" is set to "eth1" when the first time "eth1" been added, then pppoe-wan is up with "network.wan.ifname" set to "pppoe-wan" in /var/state/network, finally "network.wan.ifname" is reset to "eth1" when "eth1" been added the second time.

The first time is issued by /etc/init.d/boot, but I don't know where the second from and why "pppoe-wan" is upped between them.

Can someone shade some light?

comment:2 follow-up: Changed 6 years ago by jow

Please test whether the change in r30916 solves your particular problem.

comment:3 in reply to: ↑ 2 Changed 6 years ago by cz <chengzhicn@…>

Replying to jow:

Please test whether the change in r30916 solves your particular problem.


Internet access is fine now, but its brings another problem that I can't use voip anymore.
Here's my voip config

config 'interface' 'voip'
        option 'ifname' 'eth1.46'
        option 'proto' 'dhcp'
        option 'metric' '60'
        option 'gateway' '0.0.0.0'

"voip" isn't showed up in firewall zone "wan"

root@OpenWrt:~# logread | grep firewall
Mar 13 19:46:25 OpenWrt user.info firewall: adding lan (br-lan) to zone lan
Mar 13 19:46:26 OpenWrt user.info firewall: adding wan (pppoe-wan) to zone wan
Mar 13 19:46:31 OpenWrt user.info firewall: adding office (pptp-office) to zone wan
Mar 13 19:46:35 OpenWrt user.info firewall: adding wall (pptp-school) to zone wan
Mar 13 19:46:53 OpenWrt user.notice miniupnpd: adding firewall rules for pppoe-wan to zone wan

eth1.46 is despaired and vlan46 showed up instead

root@OpenWrt:~# cat /var/testlog
net - act:add if:lo
iface - act:ifup if:loopback dev:lo
net - act:add if:eth0
net - act:add if:eth1
net - act:add if:wlan0
net - act:add if:wlan1
net - act:add if:gre0
net - act:remove if:wlan0
net - act:remove if:wlan1
net - act:add if:wlanap
net - act:add if:mon.wlanap
net - act:add if:br-lan
iface - act:ifup if:lan dev:br-lan
net - act:add if:vlan46
iface - act:ifup if:wan dev:pppoe-wan
net - act:add if:ppp0
net - act:move if:pptp-school
net - act:remove if:pptp-school
iface - act:ifup if:office dev:pptp-office
iface - act:ifup if:school dev:pptp-school
net - act:add if:ppp0
net - act:move if:pptp-school
net - act:remove if:pptp-school
net - act:add if:ppp1
net - act:move if:pptp-office
net - act:remove if:pptp-office
net - act:add if:ppp2
net - act:move if:pppoe-wan
net - act:add if:ppp0
net - act:add if:ppp1
net - act:move if:pptp-school
net - act:move if:pptp-office

And seems like vlan46 is not even up

root@OpenWrt:~# ip link
... omit
3: eth1: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc pfifo_fast state UP qlen 1000
    link/ether 00:24:a5:de:3a:61 brd ff:ff:ff:ff:ff:ff
... omit
10: vlan46@eth1: <BROADCAST,MULTICAST> mtu 1500 qdisc noop state DOWN
    link/ether 00:24:a5:de:3a:61 brd ff:ff:ff:ff:ff:ff
... omit

comment:4 Changed 6 years ago by jow

Thank you for testing, the vlan issue should be fixed with r30919.

comment:5 Changed 6 years ago by cz <chengzhicn@…>

Thanks, it's all fixed!

comment:6 Changed 6 years ago by jow

  • Resolution set to fixed
  • Status changed from new to closed

Fixed with r30916 and r30919.

comment:7 Changed 4 years ago by jow

  • Milestone changed from Attitude Adjustment 12.09 to Barrier Breaker 14.07

Milestone Attitude Adjustment 12.09 deleted

Add Comment

Modify Ticket

Action
as closed .
The resolution will be deleted. Next status will be 'reopened'.
Author


E-mail address and user name can be saved in the Preferences.

 
Note: See TracTickets for help on using tickets.