Поднял второй влан из post-boot:
Code:
# GLDN WIFI
robocfg vlan 0 ports "1 2 3 5t" vlan 2 ports "4 5t"
vconfig add eth0 2
/sbin/udhcpc -i vlan2 -p /var/run/udhcpc2.pid -b -s /tmp/udhcpc2
+ код udhcpc2:
#!/bin/sh
interface=vlan2
/usr/local/sbin/udhcpc $*
ip rou del 194.154.70.236 via 195.1.2.3 dev vlan1
ip rou add 194.154.70.236/32 via 172.16.0.1 dev vlan2 metric 1
ip rou add 10.40.0.0/24 via 172.16.0.1 dev vlan2 metric 1
Результат необычный: IP-адрес от vlan2 ассоциируется с интерфейсом vlan1, после чего портятся цепочки nat:
Code:
[is15-routah:~] tf /opt/var/log/syslog.log
Jun 11 16:13:50 local0.info udhcpc[9581]: udhcpc (v0.9.9-pre) started
Jun 11 16:13:50 user.emerg client: deconfig: lease is lost
Jun 11 16:13:53 local0.info udhcpc[9581]: Lease of 172.16.254.189 obtained, lease time 1800
Jun 11 16:13:54 user.notice post-firewall: Started post-firewall vlan2 172.16.254.189 br0 192.168.1.111 vlan1 172.16.254.189
Jun 11 16:13:54 user.notice post-firewall: Leaving post-firewall.
Jun 11 16:13:55 user.err syslog: ERRO: MC-Router API already in use; Errno(125): Address already in use
Jun 11 16:13:55 user.emerg client: bound IP : 172.16.254.189 from 172.16.0.1
Code:
[is15-routah:~] iptables -L -nv -t nat
Chain PREROUTING (policy ACCEPT 557 packets, 32630 bytes)
pkts bytes target prot opt in out source destination
0 0 VSERVER all -- * * 0.0.0.0/0 172.16.254.189
0 0 VSERVER all -- * * 0.0.0.0/0 172.16.254.189
0 0 autofw tcp -- br0 * 0.0.0.0/0 0.0.0.0/0 tcp dpt:6881 autofw tcp dpt:6881-6999 to:6881-6999
Chain POSTROUTING (policy ACCEPT 13 packets, 752 bytes)
pkts bytes target prot opt in out source destination
0 0 MASQUERADE all -- * vlan2 !172.16.254.189 0.0.0.0/0
462 23935 MASQUERADE all -- * vlan1 !172.16.254.189 0.0.0.0/0
13 1146 MASQUERADE all -- * br0 192.168.1.0/24 192.168.1.0/24
Что неправильно в этой конфигурации?