[Berlin-wireless] Probleme beim Upgrade von ubnt-loco-m2

Martin Hübner martin.hubner at web.de
Sa Jan 5 21:12:41 CET 2019 

Hallo Liste,

ich habe hier eine ubnt-loco-m2, mit nur einem LAN-Port und möchte die
auf hedy mit tunneldigger aktualisieren. Dabei ergeben sich ein paar
Probleme:

Beim tunneldigger-Image ist der Router nach dem Durchlaufen des Wizards
nicht mehr erreichbar:
- Laptop mit der "LAN"-Dose verbunden -> IP-Adresse bekommen schlägt fehl
- "LAN" mit Anschlussrouter verbunden, Client in W-LAN ->
(erwartungsgemäß) IP-Adresse aus privatem Netz
- Router ohne jegliche Verbindung, Client im W-LAN -> Verbindung schlägt
fehl (keine IP-Adresse)
Egal, was ich auch mache, ich komme nicht mehr auf den Router drauf.


Also habe ich per tftp das default-image (1.0.1) probiert:
- Heim- und Freifunknetz sind getrennt, allerdings kommen weder Router
noch Clients ins Internet.
- Router bezieht keine IP-Adressen für WAN
- WAN existiert nicht (siehe Anhang)

Ich denke, das ganze hat auch mit dem Themenkomplex um Issue 292 [1]
(vertauschte Ports bei Nanostations und CPE's) zu tun. Allerdings findet
sich im LuCi-Interface kein Switch, bei dem ich die "Ports" schnell
tauschen könnte.

Kann mir jemand bitte einen Tipp geben?

Viele Grüße
Martin



[1] https://github.com/freifunk-berlin/firmware/issues/292
-------------- nächster Teil --------------

config defaults
	option syn_flood '1'
	option input 'ACCEPT'
	option output 'ACCEPT'
	option forward 'REJECT'
	option drop_invalid '0'

config zone
	option name 'wan'
	option masq '1'
	option network 'wan'
	option forward 'REJECT'
	option output 'ACCEPT'
	option local_restrict '1'
	option input 'ACCEPT'

config rule
	option name 'Allow-DHCP-Renew'
	option src 'wan'
	option proto 'udp'
	option dest_port '68'
	option target 'ACCEPT'
	option family 'ipv4'

config rule
	option name 'Allow-Ping'
	option src 'wan'
	option proto 'icmp'
	option icmp_type 'echo-request'
	option family 'ipv4'
	option target 'ACCEPT'

config rule
	option name 'Allow-DHCPv6'
	option src 'wan'
	option proto 'udp'
	option src_ip 'fe80::/10'
	option src_port '547'
	option dest_ip 'fe80::/10'
	option dest_port '546'
	option family 'ipv6'
	option target 'ACCEPT'

config rule
	option name 'Allow-ICMPv6-Input'
	option src 'wan'
	option proto 'icmp'
	option icmp_type 'echo-request echo-reply destination-unreachable packet-too-big time-exceeded bad-header unknown-header-type router-solicitation neighbour-solicitation router-advertisement neighbour-advertisement'
	option limit '1000/sec'
	option family 'ipv6'
	option target 'ACCEPT'

config rule
	option name 'Allow-ICMPv6-Forward'
	option src 'wan'
	option dest '*'
	option proto 'icmp'
	option icmp_type 'echo-request echo-reply destination-unreachable packet-too-big time-exceeded bad-header unknown-header-type'
	option limit '1000/sec'
	option family 'ipv6'
	option target 'ACCEPT'

config include
	option path '/etc/firewall.user'

config zone 'zone_freifunk'
	option input 'ACCEPT'
	option forward 'REJECT'
	option name 'freifunk'
	option output 'ACCEPT'
	option device 'tnl_+'
	option network 'tunl0 wireless0 dhcp'

config zone 'zone_ffuplink'
	option name 'ffuplink'
	option input 'REJECT'
	option forward 'ACCEPT'
	option output 'ACCEPT'
	option network 'ffuplink'
	option masq '1'

config forwarding
	option dest 'freifunk'
	option src 'freifunk'

config rule
	option proto 'icmp'
	option target 'ACCEPT'
	option src 'freifunk'

config rule
	option dest_port '80'
	option proto 'tcp'
	option target 'ACCEPT'
	option src 'freifunk'

config rule
	option dest_port '443'
	option proto 'tcp'
	option target 'ACCEPT'
	option src 'freifunk'

config rule
	option dest_port '22'
	option proto 'tcp'
	option target 'ACCEPT'
	option src 'freifunk'

config advanced
	option tcp_westwood '1'
	option tcp_ecn '0'
	option ip_conntrack_max '8192'

config forwarding
	option dest 'freifunk'
	option src 'wan'

config forwarding 'fwd_ff_ffuplink'
	option src 'freifunk'
	option dest 'ffuplink'

config forwarding
	option dest 'freifunk'
	option src 'lan'

config forwarding
	option dest 'freifunk'
	option src 'freifunk'

config rule
	option proto 'icmp'
	option target 'ACCEPT'
	option src 'freifunk'

config rule
	option dest_port '80'
	option proto 'tcp'
	option target 'ACCEPT'
	option src 'freifunk'

config rule
	option dest_port '443'
	option proto 'tcp'
	option target 'ACCEPT'
	option src 'freifunk'

config rule
	option dest_port '22'
	option proto 'tcp'
	option target 'ACCEPT'
	option src 'freifunk'

config rule
	option dest_port '698'
	option proto 'udp'
	option target 'ACCEPT'
	option src 'freifunk'

config rule
	option dest_port '17990'
	option proto 'tcp'
	option target 'ACCEPT'
	option src 'freifunk'

config rule
	option src 'freifunk'
	option target 'ACCEPT'
	option dest_port '53'
	option proto 'icmp'

config rule
	option src_port '68'
	option leasetime '30m'
	option target 'ACCEPT'
	option src 'freifunk'
	option dest_port '80'
	option proto 'tcp'

config rule
	option proto 'tcp'
	option src 'freifunk'
	option target 'ACCEPT'
	option dest_port '443'

config forwarding
	option dest 'freifunk'
	option src 'lan'

config forwarding
	option dest 'freifunk'
	option src 'freifunk'

config rule
	option dest_port '22'
	option proto 'tcp'
	option target 'ACCEPT'
	option src 'freifunk'

config rule
	option dest_port '698'
	option proto 'udp'
	option target 'ACCEPT'
	option src 'freifunk'

config rule
	option dest_port '17990'
	option proto 'tcp'
	option target 'ACCEPT'
	option src 'freifunk'

config rule
	option proto 'udp'
	option src 'freifunk'
	option target 'ACCEPT'
	option dest_port '53'

config rule
	option src_port '68'
	option leasetime '30m'
	option proto 'udp'
	option target 'ACCEPT'
	option dest_port '67'
	option src 'freifunk'

config rule
	option proto 'tcp'
	option src 'freifunk'
	option target 'ACCEPT'
	option dest_port '8082'

-------------- nächster Teil --------------

config interface 'loopback'
	option ifname 'lo'
	option proto 'static'
	option ipaddr '127.0.0.1'
	option netmask '255.0.0.0'

config globals 'globals'
	option ula_prefix 'fdeb:edc9:c023::/48'

config interface 'tunl0'
	option ifname 'tunl0'
	option proto 'none'

config device 'ffuplink_dev'
	option type 'veth'
	option name 'ffuplink'
	option peer_name 'ffuplink_wan'

config interface 'ffuplink'
	option ifname 'ffuplink'
	option proto 'dhcp'

config rule 'olsr_allif_ipv4'
	option lookup 'olsr'
	option priority '1000'

config rule 'localnets_allif_ipv4'
	option lookup 'localnets'
	option priority '2000'

config rule 'olsr_tunnel_tunl0_ipv4'
	option lookup 'olsr-tunnel'
	option priority '19999'
	option in 'tunl0'

config rule 'olsr_default_tunl0_ipv4'
	option lookup 'olsr-default'
	option priority '20000'
	option in 'tunl0'

config rule 'olsr_default_unreachable_tunl0_ipv4'
	option action 'unreachable'
	option priority '20001'
	option in 'tunl0'

config interface 'wireless0'
	option netmask '255.255.255.255'
	option proto 'static'
	option ipaddr '10.31.43.98'
	option ip6assign '64'

config interface 'dhcp'
	option proto 'static'
	option dns '85.214.20.141 213.73.91.35 194.150.168.168 2001:4ce8::53 2001:910:800::12'
	option ifname 'eth0'
	option netmask '255.255.255.224'
	option ip6assign '64'
	option ipaddr '10.36.236.129'
	option type 'bridge'

config rule 'olsr_tunnel_wireless0_ipv4'
	option lookup 'olsr-tunnel'
	option priority '19999'
	option in 'wireless0'

config rule 'olsr_default_wireless0_ipv4'
	option lookup 'olsr-default'
	option priority '20000'
	option in 'wireless0'

config rule 'olsr_default_unreachable_wireless0_ipv4'
	option action 'unreachable'
	option priority '20001'
	option in 'wireless0'

config rule 'olsr_tunnel_dhcp_ipv4'
	option lookup 'olsr-tunnel'
	option priority '19999'
	option in 'dhcp'

config rule 'olsr_default_dhcp_ipv4'
	option lookup 'olsr-default'
	option priority '20000'
	option in 'dhcp'

config rule 'olsr_default_unreachable_dhcp_ipv4'
	option action 'unreachable'
	option priority '20001'
	option in 'dhcp'

Mehr Informationen über die Mailingliste Berlin