Re: [OpenWrt-Tickets] [OpenWrt] #20380: firewall zone name length of 12 characters or more breaks all networking

Wed, 28 Oct 2015 13:02:16 -0700 

#20380: firewall zone name length of 12 characters or more breaks all networking
--------------------------+-----------------------------------
  Reporter:  tim@…        |      Owner:  developers
      Type:  defect       |     Status:  new
  Priority:  high         |  Milestone:
 Component:  base system  |    Version:  Barrier Breaker 14.07
Resolution:               |   Keywords:
--------------------------+-----------------------------------

Comment (by Damian Kaczkowski):

 Try such config:

 network:
 {{{
 config interface 'lan_protected'
         list ifname 'eth0.1'
         option type 'bridge'
         (...)
 }}}

 dnsmasq.conf
 {{{
 dhcp-range=tag:br-
 lan_protected,192.168.0.2,192.168.0.249,255.255.255.0,12h
 }}}

 firewall
 {{{
 config zone
         option name 'lan_protected'
         list network 'lan_protected'
         option input 'ACCEPT'
         option output 'ACCEPT'
         option forward 'ACCEPT'
         option family 'ipv4'
 }}}

 Then check dnsmasq logs on logread. You will see that interface name on
 dhcp logs is truncated. Also the firewall zone won't be created when
 issueing fw3 reload. "lan_protecte" causes that one of firewall or dnsmasq
 works. "lan_protect" or shorter makes both firewall and dnsmasq to work.



 Btw. dnsmasq generation script (/etc/config/dhcp) generates wrong dhcp-
 range sections, eg:
 {{{
 dhcp-range=lan_protected,192.168.0.2,192.168.0.249,255.255.255.0,12h
 }}}
 DNS man page says:
 {{{
 The optional set:<tag> sets an alphanumeric label which marks this network
 so that dhcp options may be specified on a per-network basis. When it is
 prefixed with 'tag:' instead, then its meaning changes from setting a tag
 to matching it.
 }}}
 {{{
  This system evolved from an earlier, more limited one and for backward
 compatibility "net:" may be used instead of "tag:" and "set:" may be
 omitted. (Except in dhcp-host, where "net:" may be used instead of
 "set:".)
 }}}
 So "tag" should be used to match the dhcp-range to interface but dhcp
 config auto generates dhcp-range directives (in /var/etc/dnsmasq.conf) as
 "set:" (casue man page says that "set:" may be ommited).

--
Ticket URL: <https://dev.openwrt.org/ticket/20380#comment:5>
OpenWrt <http://openwrt.org>
Opensource Wireless Router Technology
_______________________________________________
openwrt-tickets mailing list
[email protected]
https://lists.openwrt.org/cgi-bin/mailman/listinfo/openwrt-tickets

Reply via email to