GPON Router doesn't provide internet to LAN ports

Koror · 01-13-2020, 02:54 AM

Hello Everyone,
I'm trying to use my old ISP router Nokia G-240W-A as a standard router (i.e. use it like any other router which we can buy in stores).
The G-240W-A have 4 ethernet ports for LAN and PON port for wan connection.
This kernel doesn't use /etc/config/network nor /etc/config/interfaces

So first I switched one of the 4 lan ports to act like wan port by the following steps:
#brctl delif br0 eth3.0
#brctl addif br1 eth3.0
#ifconfig br1 10.0.0.66 netmask 255.255.255.0 up
#route add default gw xx.xx.xx.xx
#echo "nameserver xx.x.x.xxx” > /etc/resolv.conf
summary:
move eth3.0 from bridge br0 to bridge br1
set static ip to the bridge and netmask to the bridge
add dns server

https://ibb.co/Khchmd9
IMPORTANT: The bridge IP is the same! and when am trying to create a new one after short time the id of the new bridge is being the same like the others !
I don't really know if its an issue...

After step i can ping to google but when am trying to ping from my PC which connected via lan port the ping is failed.

nvram show:
_wps_config_method=sta-pin
acs_ifnames=wl0
boardnum=1234
eth0_hwaddr=00:10:18:00:00:00
eth0_ifname=eth0
eth1_hwaddr=00:10:18:00:00:00
eth1_ifname=eth1
eth2_hwaddr=00:10:18:00:00:00
eth2_ifname=eth2
eth3_hwaddr=00:10:18:00:00:00
eth3_ifname=eth3
lan1_ifname=br1
lan1_ifnames=
lan_hwaddr=00:10:18:00:00:00
lan_ifname=br0
lan_ifnames=eth3 eth2 eth1 eth0 wl0 wl0.1 wl0.2 wl0.3
lan_wps_oob=disabled
lan_wps_reg=enabled
router_disable=0
wl0.1_akm=psk psk2
wl0.1_ap_isolate=0
wl0.1_auth=0
wl0.1_auth_mode=none
wl0.1_bss_enabled=1
wl0.1_bss_maxassoc=16
wl0.1_closed=0
wl0.1_crypto=aes
wl0.1_hspot=0
wl0.1_hwaddr=4c:fa:ca:2a:0c:46
wl0.1_ifname=wl0.1
wl0.1_key=3
wl0.1_key1=1234567890123
wl0.1_key2=1234567890123
wl0.1_key3=1234567890123
wl0.1_key4=1234567890123
wl0.1_maclist=*DEL*
wl0.1_macmode=disabled
wl0.1_mode=ap
wl0.1_net_reauth=36000
wl0.1_preauth=0
wl0.1_radio=1
wl0.1_radius_ipaddr=0.0.0.0
wl0.1_radius_key=*DEL*
wl0.1_radius_port=1812
wl0.1_rxchain_pwrsave_enable=1
wl0.1_rxchain_pwrsave_pps=10
wl0.1_rxchain_pwrsave_quiet_time=10
wl0.1_ssid=ALHN-c4f1-2
wl0.1_wep=disabled
wl0.1_wme=on
wl0.1_wme_bss_disable=0
wl0.1_wmf_bss_enable=0
wl0.1_wpa_gtk_rekey=0
wl0.1_wpa_psk=12345678
wl0.1_wps_config_state=1
wl0.1_wps_mode=disabled
wl0.2_akm=psk psk2
wl0.2_ap_isolate=0
wl0.2_auth=0
wl0.2_auth_mode=none
wl0.2_bss_enabled=1
wl0.2_bss_maxassoc=16
wl0.2_closed=0
wl0.2_crypto=aes
wl0.2_hspot=0
wl0.2_hwaddr=4c:fa:ca:2a:0c:47
wl0.2_ifname=wl0.2
wl0.2_key=1
wl0.2_key1=1234567890123
wl0.2_key2=1234567890123
wl0.2_key3=1234567890123
wl0.2_key4=1234567890123
wl0.2_maclist=*DEL*
wl0.2_macmode=disabled
wl0.2_mode=ap
wl0.2_net_reauth=36000
wl0.2_preauth=0
wl0.2_radio=1
wl0.2_radius_ipaddr=0.0.0.0
wl0.2_radius_key=*DEL*
wl0.2_radius_port=1812
wl0.2_rxchain_pwrsave_enable=1
wl0.2_rxchain_pwrsave_pps=10
wl0.2_rxchain_pwrsave_quiet_time=10
wl0.2_ssid=ALHN-c4f1-3
wl0.2_wep=disabled
wl0.2_wme=on
wl0.2_wme_bss_disable=0
wl0.2_wmf_bss_enable=0
wl0.2_wpa_gtk_rekey=0
wl0.2_wpa_psk=12345678
wl0.2_wps_config_state=1
wl0.2_wps_mode=disabled
wl0.3_akm=psk psk2
wl0.3_ap_isolate=0
wl0.3_auth=0
wl0.3_auth_mode=none
wl0.3_bss_enabled=1
wl0.3_bss_maxassoc=16
wl0.3_closed=0
wl0.3_crypto=aes
wl0.3_hspot=0
wl0.3_hwaddr=4c:fa:ca:2a:0c:48
wl0.3_ifname=wl0.3
wl0.3_key=1
wl0.3_key1=1234567890123
wl0.3_key2=1234567890123
wl0.3_key3=1234567890123
wl0.3_key4=1234567890123
wl0.3_maclist=*DEL*
wl0.3_macmode=disabled
wl0.3_mode=ap
wl0.3_net_reauth=36000
wl0.3_preauth=0
wl0.3_radio=1
wl0.3_radius_ipaddr=0.0.0.0
wl0.3_radius_key=*DEL*
wl0.3_radius_port=1812
wl0.3_rxchain_pwrsave_enable=1
wl0.3_rxchain_pwrsave_pps=10
wl0.3_rxchain_pwrsave_quiet_time=10
wl0.3_ssid=ALHN-c4f1-4
wl0.3_wep=disabled
wl0.3_wme=on
wl0.3_wme_bss_disable=0
wl0.3_wmf_bss_enable=0
wl0.3_wpa_gtk_rekey=0
wl0.3_wpa_psk=12345678
wl0.3_wps_config_state=1
wl0.3_wps_mode=disabled
wl0_acs_chan_dwell_time=30
wl0_acs_chan_flop_period=30
wl0_acs_ci_scan_timeout=300
wl0_acs_ci_scan_timer=4
wl0_acs_cs_scan_timer=900
wl0_acs_excl_chans=
wl0_acs_fcs_mode=0
wl0_acs_ics_dfs=0
wl0_acs_scan_entry_expire=3600
wl0_acs_tx_idle_cnt=5
wl0_akm=psk psk2
wl0_ampdu=auto
wl0_ampdu_rr_rtylimit_tid=2 2 2 2 2 2 2 2
wl0_ampdu_rtylimit_tid=5 5 5 5 5 5 5 5
wl0_amsdu=auto
wl0_antdiv=-1
wl0_ap_isolate=0
wl0_apsta=0
wl0_assoc_retry_max=3
wl0_auth=0
wl0_auth_mode=none
wl0_bcn=100
wl0_bcn_rotate=1
wl0_bss_enabled=1
wl0_bss_maxassoc=16
wl0_bss_opmode_cap_reqd=0
wl0_bw_cap=1
wl0_channel=4
wl0_chanspec=1
wl0_closed=0
wl0_corerev=30
wl0_country_code=CN
wl0_country_rev=0
wl0_crypto=aes
wl0_dcs_csa_unicast=0
wl0_dfs_postism=-1
wl0_dfs_preism=-1
wl0_dtim=1
wl0_frag=2346
wl0_frameburst=off
wl0_gmode=1
wl0_gmode_protection=auto
wl0_hspot=0
wl0_hw_rxchain=3
wl0_hw_txchain=3
wl0_hwaddr=4c:fa:ca:2a:0c:45
wl0_ifname=wl0
wl0_infra=1
wl0_intf_drate=0
wl0_intf_glitch=0
wl0_intf_rrate=0
wl0_intf_scnt=5
wl0_intf_speriod=50
wl0_intf_swin=7
wl0_intf_txbad=0
wl0_intf_txnoack=0x4000f
wl0_key=3
wl0_key1=1234567890
wl0_key2=1234567890
wl0_key3=1234567890
wl0_key4=1234567890
wl0_lazywds=0
wl0_leddc=0x640000
wl0_maclist=*DEL*
wl0_macmode=disabled
wl0_maxassoc=16
wl0_mcast_regen_bss_enable=1
wl0_mode=ap
wl0_mrate=0
wl0_nband=2
wl0_net_reauth=36000
wl0_nmcsidx=11
wl0_nmode=-1
wl0_nmode_protection=auto
wl0_obss_coex=1
wl0_phytype=n
wl0_phytypes=n
wl0_plcphdr=long
wl0_preauth=0
wl0_pspretend_retry_limit=0
wl0_pspretend_threshold=0
wl0_psr_mrpt=0
wl0_radio=1
wl0_radio_pwrsave_enable=0
wl0_radio_pwrsave_level=0
wl0_radio_pwrsave_pps=10
wl0_radio_pwrsave_quiet_time=1800
wl0_radio_pwrsave_stas_assoc_check=0
wl0_radioids=BCM2057
wl0_radius_ipaddr=0.0.0.0
wl0_radius_key=*DEL*
wl0_radius_port=1812
wl0_rate=0
wl0_rateset=default
wl0_reg_mode=off
wl0_rifs_advert=auto
wl0_rts=2347
wl0_rxchain=3
wl0_rxchain_pwrsave_enable=1
wl0_rxchain_pwrsave_pps=10
wl0_rxchain_pwrsave_quiet_time=10
wl0_rxchain_pwrsave_stas_assoc_check=0
wl0_rxstreams=0
wl0_ssid=AAAAAAAA
wl0_sta_retry_time=5
wl0_stbc_rx=0
wl0_stbc_tx=auto
wl0_tpc_db=0
wl0_txbf_bfe_cap=1
wl0_txbf_bfr_cap=1
wl0_txchain=3
wl0_txstreams=0
wl0_unit=0
wl0_vifs=wl0.1 wl0.2 wl0.3
wl0_vlan_prio_mode=off
wl0_wds=*DEL*
wl0_wds_timeout=1
wl0_wdssec_enable=0
wl0_wep=disabled
wl0_wet_tunnel=0
wl0_wme=on
wl0_wme_ap_be=15 63 3 0 0 off off
wl0_wme_ap_bk=15 1023 7 0 0 off off
wl0_wme_ap_vi=7 15 1 6016 3008 off off
wl0_wme_ap_vo=3 7 1 3264 1504 off off
wl0_wme_apsd=on
wl0_wme_bss_disable=0
wl0_wme_no_ack=off
wl0_wme_sta_be=15 1023 3 0 0 off off
wl0_wme_sta_bk=15 1023 7 0 0 off off
wl0_wme_sta_vi=7 15 2 6016 3008 off off
wl0_wme_sta_vo=3 7 2 3264 1504 off off
wl0_wmf_bss_enable=0
wl0_wpa_gtk_rekey=0
wl0_wpa_psk=123456789
wl0_wps_config_state=1
wl0_wps_mode=disabled
wl_key=3
wl_key1=1234567890
wl_key2=1234567890
wl_key3=1234567890
wl_key4=1234567890
wl_unit=0
wl_wep=disabled
wl_wps_config_state=1
wl_wps_reg=enabled
wlmngr=done
wps_autho_sta_mac=00:00:00:00:00:00
wps_config=DONE
wps_config_command=0
wps_config_method=0x228c
wps_currentband=
wps_device_name=BroadcomAP
wps_device_pin=59826859
wps_method=1
wps_mfstring=Broadcom
wps_mode=disabled
wps_modelname=Broadcom
wps_modelnum=123456
wps_proc_mac=
wps_proc_status=0
wps_restart=0
wps_sta_pin=00000000
wps_status=0
wps_timeout_enable=0
wps_uuid=0x000102030405060708090a0b0c0d0ebb
wps_version2=enabled

So i switched
lan_ifnames=eth3 eth2 eth1 eth0 wl0 wl0.1 wl0.2 wl0.3
to
lan_ifnames=eth2 eth1 eth0 wl0 wl0.1 wl0.2 wl0.3

and
lan1_ifnames=
to
lan1_ifnames=eth3

but this changes doesn't fixed the issue.

ifconfig show

bcmsw Link encap:Ethernet HWaddr 4C:FA:CA:2A:0C:44
UP BROADCAST RUNNING MULTICAST MTU:1500 Metric:1
RX packets:2680 errors:0 dropped:55 overruns:0 frame:0
TX packets:1341 errors:0 dropped:1542 overruns:0 carrier:0
collisions:0 txqueuelen:1000
RX bytes:220528 (215.3 KiB) TX bytes:130375 (127.3 KiB)
Base address:0xffff

br0 Link encap:Ethernet HWaddr 4C:FA:CA:2A:0C:44
inet addr:192.168.1.254 Bcast:192.168.1.255 Mask:255.255.255.0
inet6 addr: fe80::1/64 Scope:Link
UP BROADCAST RUNNING MULTICAST MTU:1500 Metric:1
RX packets:4150 errors:0 dropped:2 overruns:0 frame:0
TX packets:1279 errors:0 dropped:0 overruns:0 carrier:0
collisions:0 txqueuelen:0
RX bytes:424007 (414.0 KiB) TX bytes:122024 (119.1 KiB)

br1 Link encap:Ethernet HWaddr 4C:FA:CA:2A:0C:44
inet addr:10.0.0.66 Bcast:10.0.0.255 Mask:255.255.255.0
inet6 addr: fe80::4efa:caff:fe2a:c44/64 Scope:Link
UP BROADCAST RUNNING MULTICAST MTU:1500 Metric:1
RX packets:7 errors:0 dropped:0 overruns:0 frame:0
TX packets:23 errors:0 dropped:0 overruns:0 carrier:0
collisions:0 txqueuelen:0
RX bytes:512 (512.0 B) TX bytes:1594 (1.5 KiB)

eth0 Link encap:Ethernet HWaddr 4C:FA:CA:2A:0C:44
UP BROADCAST MULTICAST MTU:1500 Metric:1
RX packets:0 errors:0 dropped:0 overruns:0 frame:0
TX packets:0 errors:0 dropped:0 overruns:0 carrier:0
collisions:0 txqueuelen:1000
RX bytes:0 (0.0 B) TX bytes:0 (0.0 B)

eth0.0 Link encap:Ethernet HWaddr 4C:FA:CA:2A:0C:44
inet6 addr: fe80::4efa:caff:fe2a:c44/64 Scope:Link
UP BROADCAST RUNNING MULTICAST MTU:1500 Metric:1
RX packets:0 errors:0 dropped:0 overruns:0 frame:0
TX packets:861 errors:0 dropped:0 overruns:0 carrier:0
collisions:0 txqueuelen:0
RX bytes:0 (0.0 B) TX bytes:67752 (66.1 KiB)

eth1 Link encap:Ethernet HWaddr 4C:FA:CA:2A:0C:44
inet6 addr: fe80::4efa:caff:fe2a:c44/64 Scope:Link
UP BROADCAST RUNNING MULTICAST MTU:1500 Metric:1
RX packets:4457 errors:0 dropped:0 overruns:0 frame:0
TX packets:2191 errors:0 dropped:0 overruns:0 carrier:0
collisions:0 txqueuelen:1000
RX bytes:676454 (660.5 KiB) TX bytes:443618 (433.2 KiB)

eth1.0 Link encap:Ethernet HWaddr 4C:FA:CA:2A:0C:44
inet6 addr: fe80::4efa:caff:fe2a:c44/64 Scope:Link
UP BROADCAST RUNNING MULTICAST MTU:1500 Metric:1
RX packets:2495 errors:0 dropped:0 overruns:0 frame:0
TX packets:1314 errors:0 dropped:0 overruns:0 carrier:0
collisions:0 txqueuelen:0
RX bytes:157518 (153.8 KiB) TX bytes:123816 (120.9 KiB)

eth2 Link encap:Ethernet HWaddr 4C:FA:CA:2A:0C:44
UP BROADCAST MULTICAST MTU:1500 Metric:1
RX packets:0 errors:0 dropped:0 overruns:0 frame:0
TX packets:0 errors:0 dropped:0 overruns:0 carrier:0
collisions:0 txqueuelen:1000
RX bytes:0 (0.0 B) TX bytes:0 (0.0 B)

eth2.0 Link encap:Ethernet HWaddr 4C:FA:CA:2A:0C:44
inet6 addr: fe80::4efa:caff:fe2a:c44/64 Scope:Link
UP BROADCAST RUNNING MULTICAST MTU:1500 Metric:1
RX packets:0 errors:0 dropped:0 overruns:0 frame:0
TX packets:862 errors:0 dropped:0 overruns:0 carrier:0
collisions:0 txqueuelen:0
RX bytes:0 (0.0 B) TX bytes:67830 (66.2 KiB)

eth3 Link encap:Ethernet HWaddr 4C:FA:CA:2A:0C:44
inet6 addr: fe80::4efa:caff:fe2a:c44/64 Scope:Link
UP BROADCAST RUNNING MULTICAST MTU:1500 Metric:1
RX packets:1015 errors:0 dropped:0 overruns:0 frame:0
TX packets:1186 errors:0 dropped:0 overruns:0 carrier:0
collisions:0 txqueuelen:1000
RX bytes:339211 (331.2 KiB) TX bytes:276386 (269.9 KiB)

eth3.0 Link encap:Ethernet HWaddr 4C:FA:CA:2A:0C:44
inet6 addr: fe80::4efa:caff:fe2a:c44/64 Scope:Link
UP BROADCAST RUNNING MULTICAST MTU:1500 Metric:1
RX packets:56 errors:0 dropped:0 overruns:0 frame:0
TX packets:106 errors:0 dropped:0 overruns:0 carrier:0
collisions:0 txqueuelen:0
RX bytes:9425 (9.2 KiB) TX bytes:11501 (11.2 KiB)

lo Link encap:Local Loopback
inet addr:127.0.0.1 Mask:255.0.0.0
inet6 addr: ::1/128 Scope:Host
UP LOOPBACK RUNNING MTU:16436 Metric:1
RX packets:3321 errors:0 dropped:0 overruns:0 frame:0
TX packets:3321 errors:0 dropped:0 overruns:0 carrier:0
collisions:0 txqueuelen:0
RX bytes:771015 (752.9 KiB) TX bytes:771015 (752.9 KiB)

wan0 Link encap:Ethernet HWaddr 4C:FA:CA:2A:0C:47
inet6 addr: fe80::4efa:caff:fe2a:c47/64 Scope:Link
UP BROADCAST RUNNING MULTICAST MTU:1500 Metric:1
RX packets:4457 errors:0 dropped:0 overruns:0 frame:0
TX packets:2191 errors:0 dropped:20 overruns:0 carrier:0
collisions:0 txqueuelen:1000
RX bytes:676454 (660.5 KiB) TX bytes:443618 (433.2 KiB)

iptables -vnL

Chain INPUT (policy DROP 0 packets, 0 bytes)
pkts bytes target prot opt in out source destination
0 0 REJECT tcp -- pon_981_0_1 * 0.0.0.0/0 0.0.0.0/0 tcp dpt:23 reject-with tcp-reset
0 0 REJECT tcp -- pon_1081_5_1 * 0.0.0.0/0 0.0.0.0/0 tcp dpt:23 reject-with tcp-reset
0 0 REJECT tcp -- pon_881_0_1 * 0.0.0.0/0 0.0.0.0/0 tcp dpt:23 reject-with tcp-reset
5942 1008K INPUT_RTP_BLOCK all -- * * 0.0.0.0/0 0.0.0.0/0
5942 1008K INPUT_FW_PREFIX all -- * * 0.0.0.0/0 0.0.0.0/0
2226 145K INPUT_FW_BLACK all -- * * 0.0.0.0/0 0.0.0.0/0
1 328 INPUT_FW_WHITE all -- * * 0.0.0.0/0 0.0.0.0/0

Chain FORWARD (policy ACCEPT 0 packets, 0 bytes)
pkts bytes target prot opt in out source destination
0 0 REJECT udp -- * * 0.0.0.0/0 0.0.0.0/0 udp dpt:68 reject-with icmp-port-unreachable
0 0 TCPMSS tcp -- * * 0.0.0.0/0 0.0.0.0/0 tcp flags:0x06/0x02 TCPMSS set 1412
0 0 FORWARD_FW_PREFIX all -- * * 0.0.0.0/0 0.0.0.0/0
0 0 FORWARD_FW_BLACK all -- * * 0.0.0.0/0 0.0.0.0/0
0 0 FORWARD_FW_WHITE all -- * * 0.0.0.0/0 0.0.0.0/0

Chain OUTPUT (policy ACCEPT 4466 packets, 945K bytes)
pkts bytes target prot opt in out source destination

Chain FORWARD_DMZ (1 references)
pkts bytes target prot opt in out source destination

Chain FORWARD_DROP_ACK (1 references)
pkts bytes target prot opt in out source destination
0 0 LOG all -- br+ pon+ 0.0.0.0/0 0.0.0.0/0 ctstate INVALID LOG flags 7 level 7 prefix "FW_FORWARD_DROP_INVALID "
0 0 DROP all -- br+ pon+ 0.0.0.0/0 0.0.0.0/0 ctstate INVALID
0 0 LOG all -- br+ ppp+ 0.0.0.0/0 0.0.0.0/0 ctstate INVALID LOG flags 7 level 7 prefix "FW_FORWARD_DROP_INVALID "
0 0 DROP all -- br+ ppp+ 0.0.0.0/0 0.0.0.0/0 ctstate INVALID
0 0 LOG all -- pon+ br+ 0.0.0.0/0 0.0.0.0/0 ctstate INVALID LOG flags 7 level 7 prefix "FW_FORWARD_DROP_INVALID "
0 0 DROP all -- pon+ br+ 0.0.0.0/0 0.0.0.0/0 ctstate INVALID
0 0 LOG all -- ppp+ br+ 0.0.0.0/0 0.0.0.0/0 ctstate INVALID LOG flags 7 level 7 prefix "FW_FORWARD_DROP_INVALID "
0 0 DROP all -- ppp+ br+ 0.0.0.0/0 0.0.0.0/0 ctstate INVALID
0 0 LOG tcp -- br+ pon+ 0.0.0.0/0 0.0.0.0/0 tcp flags:0x17/0x10 ctstate NEW LOG flags 7 level 7 prefix "FW_FORWARD_REJECT_NEW "
0 0 REJECT tcp -- br+ pon+ 0.0.0.0/0 0.0.0.0/0 tcp flags:0x17/0x10 ctstate NEW reject-with tcp-reset
0 0 LOG tcp -- br+ ppp+ 0.0.0.0/0 0.0.0.0/0 tcp flags:0x17/0x10 ctstate NEW LOG flags 7 level 7 prefix "FW_FORWARD_REJECT_NEW "
0 0 REJECT tcp -- br+ ppp+ 0.0.0.0/0 0.0.0.0/0 tcp flags:0x17/0x10 ctstate NEW reject-with tcp-reset
0 0 LOG tcp -- pon+ br+ 0.0.0.0/0 0.0.0.0/0 tcp flags:0x17/0x10 ctstate NEW LOG flags 7 level 7 prefix "FW_FORWARD_REJECT_NEW "
0 0 REJECT tcp -- pon+ br+ 0.0.0.0/0 0.0.0.0/0 tcp flags:0x17/0x10 ctstate NEW reject-with tcp-reset
0 0 LOG tcp -- ppp+ br+ 0.0.0.0/0 0.0.0.0/0 tcp flags:0x17/0x10 ctstate NEW LOG flags 7 level 7 prefix "FW_FORWARD_REJECT_NEW "
0 0 REJECT tcp -- ppp+ br+ 0.0.0.0/0 0.0.0.0/0 tcp flags:0x17/0x10 ctstate NEW reject-with tcp-reset

Chain FORWARD_FW_BLACK (1 references)
pkts bytes target prot opt in out source destination
0 0 IPFLTOUTFWD all -- * * 0.0.0.0/0 0.0.0.0/0
0 0 WANIPDROP all -- * * 0.0.0.0/0 0.0.0.0/0

Chain FORWARD_FW_PREFIX (1 references)
pkts bytes target prot opt in out source destination
0 0 ACCEPT all -- lo * 0.0.0.0/0 0.0.0.0/0
0 0 FORWARD_DROP_ACK all -- * * 0.0.0.0/0 0.0.0.0/0

Chain FORWARD_FW_WHITE (1 references)
pkts bytes target prot opt in out source destination
0 0 FORWARD_PORTFWD all -- * * 0.0.0.0/0 0.0.0.0/0
0 0 FORWARD_DMZ all -- * * 0.0.0.0/0 0.0.0.0/0

Chain FORWARD_PORTFWD (1 references)
pkts bytes target prot opt in out source destination

Chain INPUT_DOS_PROT (1 references)
pkts bytes target prot opt in out source destination
0 0 LOG tcp -- !br+ * 0.0.0.0/0 0.0.0.0/0 tcp dpt:21 LOG flags 0 level 1 prefix "wan-ftp-access-log"

Chain INPUT_DROP_ACK (1 references)
pkts bytes target prot opt in out source destination
0 0 LOG all -- br+ * 0.0.0.0/0 0.0.0.0/0 ctstate INVALID LOG flags 7 level 7 prefix "FW_INPUT_DROP_INVALID "
0 0 DROP all -- br+ * 0.0.0.0/0 0.0.0.0/0 ctstate INVALID
0 0 LOG all -- pon+ * 0.0.0.0/0 0.0.0.0/0 ctstate INVALID LOG flags 7 level 7 prefix "FW_INPUT_DROP_INVALID "
0 0 DROP all -- pon+ * 0.0.0.0/0 0.0.0.0/0 ctstate INVALID
0 0 LOG all -- ppp+ * 0.0.0.0/0 0.0.0.0/0 ctstate INVALID LOG flags 7 level 7 prefix "FW_INPUT_DROP_INVALID "
0 0 DROP all -- ppp+ * 0.0.0.0/0 0.0.0.0/0 ctstate INVALID
0 0 LOG tcp -- br+ * 0.0.0.0/0 0.0.0.0/0 tcp flags:0x17/0x10 ctstate NEW LOG flags 7 level 7 prefix "FW_INPUT_REJECT_NEW "
0 0 REJECT tcp -- br+ * 0.0.0.0/0 0.0.0.0/0 tcp flags:0x17/0x10 ctstate NEW reject-with tcp-reset
0 0 LOG tcp -- pon+ * 0.0.0.0/0 0.0.0.0/0 tcp flags:0x17/0x10 ctstate NEW LOG flags 7 level 7 prefix "FW_INPUT_REJECT_NEW "
0 0 REJECT tcp -- pon+ * 0.0.0.0/0 0.0.0.0/0 tcp flags:0x17/0x10 ctstate NEW reject-with tcp-reset
0 0 LOG tcp -- ppp+ * 0.0.0.0/0 0.0.0.0/0 tcp flags:0x17/0x10 ctstate NEW LOG flags 7 level 7 prefix "FW_INPUT_REJECT_NEW "
0 0 REJECT tcp -- ppp+ * 0.0.0.0/0 0.0.0.0/0 tcp flags:0x17/0x10 ctstate NEW reject-with tcp-reset

Chain INPUT_FW_BLACK (1 references)
pkts bytes target prot opt in out source destination
2222 144K INPUT_WEB_MGR all -- * * 0.0.0.0/0 0.0.0.0/0
2222 144K IPFLTOUTFWD all -- * * 0.0.0.0/0 0.0.0.0/0
2222 144K INPUT_DOS_PROT all -- * * 0.0.0.0/0 0.0.0.0/0
2222 144K INPUT_FW_LEVEL all -- * * 0.0.0.0/0 0.0.0.0/0
0 0 WANIPDROP all -- * * 0.0.0.0/0 0.0.0.0/0

Chain INPUT_FW_LEVEL (1 references)
pkts bytes target prot opt in out source destination
0 0 ACCEPT udp -- !br+ * 0.0.0.0/0 0.0.0.0/0 udp dpts:22456:22584
0 0 ACCEPT udp -- !br+ * 0.0.0.0/0 0.0.0.0/0 udp spt:123
0 0 ACCEPT udp -- pon+ * 0.0.0.0/0 0.0.0.0/0
0 0 ACCEPT udp -- iphost+ * 0.0.0.0/0 0.0.0.0/0
0 0 ACCEPT udp -- !br+ * 0.0.0.0/0 0.0.0.0/0 udp dpt:49407
0 0 ACCEPT tcp -- !br+ * 0.0.0.0/0 0.0.0.0/0 tcp dpt:49407
0 0 ACCEPT udp -- !br+ * 0.0.0.0/0 0.0.0.0/0 udp dpts:22456:32456
0 0 ACCEPT udp -- !br+ * 0.0.0.0/0 0.0.0.0/0 udp dpt:5060
0 0 ACCEPT tcp -- !br+ * 0.0.0.0/0 0.0.0.0/0 tcp dpt:5060
0 0 ACCEPT tcp -- !br+ * 0.0.0.0/0 0.0.0.0/0 tcp spt:443
0 0 ACCEPT tcp -- !br+ * 0.0.0.0/0 0.0.0.0/0 tcp spt:7013
0 0 ACCEPT tcp -- !br+ * 0.0.0.0/0 0.0.0.0/0 tcp spt:7033
0 0 ACCEPT tcp -- !br+ * 0.0.0.0/0 0.0.0.0/0 tcp spt:9090
0 0 ACCEPT tcp -- !br+ * 0.0.0.0/0 0.0.0.0/0 tcp dpt:1234
0 0 ACCEPT tcp -- !br+ * 0.0.0.0/0 0.0.0.0/0 tcp dpt:3005
0 0 ACCEPT tcp -- !br+ * 0.0.0.0/0 0.0.0.0/0 tcp dpt:7547
0 0 ACCEPT udp -- * * 0.0.0.0/0 0.0.0.0/0 udp spt:1813
0 0 ACCEPT udp -- * * 0.0.0.0/0 0.0.0.0/0 udp spt:1812
0 0 ACCEPT udp -- !br+ * 0.0.0.0/0 0.0.0.0/0 udp dpt:2944
0 0 ACCEPT tcp -- !br+ * 0.0.0.0/0 0.0.0.0/0 tcp dpt:2944
0 0 ACCEPT udp -- !br+ * 0.0.0.0/0 0.0.0.0/0 udp dpt:69
0 0 ACCEPT udp -- !br+ * 0.0.0.0/0 0.0.0.0/0 udp dpt:68
0 0 ACCEPT udp -- !br+ * 0.0.0.0/0 0.0.0.0/0 udp spt:53
0 0 REJECT udp -- !br+ * 0.0.0.0/0 0.0.0.0/0 udp dpt:53 reject-with icmp-port-unreachable
0 0 ACCEPT tcp -- !br+ * 0.0.0.0/0 0.0.0.0/0 tcp spt:53
0 0 ACCEPT tcp -- !br+ * 0.0.0.0/0 0.0.0.0/0 tcp dpt:53
0 0 REJECT udp -- !br+ * 0.0.0.0/0 0.0.0.0/0 udp dpt:80 reject-with icmp-port-unreachable
0 0 REJECT tcp -- !br+ * 0.0.0.0/0 0.0.0.0/0 tcp dpt:80 reject-with tcp-reset
0 0 REJECT tcp -- !br+ * 0.0.0.0/0 0.0.0.0/0 tcp dpt:23 reject-with tcp-reset
0 0 REJECT udp -- !br+ * 0.0.0.0/0 0.0.0.0/0 udp dpt:22 reject-with icmp-port-unreachable
0 0 REJECT tcp -- * * 0.0.0.0/0 0.0.0.0/0 tcp dpt:22 reject-with tcp-reset
0 0 REJECT tcp -- !br+ * 0.0.0.0/0 0.0.0.0/0 tcp dpt:21 reject-with tcp-reset
0 0 ACCEPT tcp -- !br+ * 0.0.0.0/0 0.0.0.0/0 ctstate RELATED,ESTABLISHED
0 0 ACCEPT tcp -- !br+ * 0.0.0.0/0 0.0.0.0/0 tcp spt:21
0 0 ACCEPT icmp -- !br+ * 0.0.0.0/0 0.0.0.0/0 icmptype 0
0 0 ACCEPT icmp -- !br+ * 0.0.0.0/0 0.0.0.0/0 icmptype 3
0 0 ACCEPT icmp -- * * 0.0.0.0/0 0.0.0.0/0 icmptype 8 limit: avg 10/sec burst 20
0 0 ACCEPT icmp -- !br+ * 0.0.0.0/0 0.0.0.0/0 icmptype 11
0 0 ACCEPT icmp -- !br+ * 0.0.0.0/0 0.0.0.0/0 icmptype 17
0 0 ACCEPT icmp -- !br+ * 0.0.0.0/0 0.0.0.0/0 icmptype 18
0 0 ACCEPT 2 -- !br+ * 0.0.0.0/0 224.0.0.0/4
2225 145K ACCEPT all -- br+ * 0.0.0.0/0 0.0.0.0/0
0 0 ACCEPT all -- lo * 0.0.0.0/0 0.0.0.0/0
0 0 DROP icmp -- * * 0.0.0.0/0 0.0.0.0/0 icmptype 8
0 0 DROP all -- !br+ * 0.0.0.0/0 0.0.0.0/0

Chain INPUT_FW_PREFIX (1 references)
pkts bytes target prot opt in out source destination
3716 863K ACCEPT all -- lo * 0.0.0.0/0 0.0.0.0/0
2226 145K INPUT_DROP_ACK all -- * * 0.0.0.0/0 0.0.0.0/0

Chain INPUT_FW_WHITE (1 references)
pkts bytes target prot opt in out source destination

Chain INPUT_RTP_BLOCK (1 references)
pkts bytes target prot opt in out source destination

Chain INPUT_WEB_MGR (1 references)
pkts bytes target prot opt in out source destination
0 0 ACCEPT tcp -- br0 * 0.0.0.0/0 0.0.0.0/0 tcp dpt:80

Chain IPFLTOUTFWD (2 references)
pkts bytes target prot opt in out source destination

Chain WANIPALLOW (1 references)
pkts bytes target prot opt in out source destination

Chain WANIPDROP (2 references)
pkts bytes target prot opt in out source destination
0 0 WANIPALLOW all -- * * 0.0.0.0/0 0.0.0.0/0

Chain urlfilter (0 references)
pkts bytes target prot opt in out source destination

route -n
AONT3@:/ # route -n
Kernel IP routing table
Destination Gateway Genmask Flags Metric Ref Use Iface
0.0.0.0 10.0.0.138 0.0.0.0 UG 0 0 0 br1
10.0.0.0 0.0.0.0 255.255.255.0 U 0 0 0 br1
192.168.1.0 0.0.0.0 255.255.255.0 U 0 0 0 br0

nini09 · 01-15-2020, 02:34 PM

How do you create eth3.0?

Koror · 01-20-2020, 02:00 AM

fixed by the following commands:

iptables -t nat -A POSTROUTING -o br1 -j MASQUERADE
iptables -A FORWARD -i br1 -o br0 -j ACCEPT
iptables -A FORWARD -i br0 -o br1 -j ACCEPT