fix ele-router config

author: Christian Pointner <equinox@spreadspace.org> 2019-01-07 23:01:32 +0100
committer: Christian Pointner <equinox@spreadspace.org> 2019-01-07 23:01:32 +0100
commit: b8fc9d8888d73ab5d1fd625cb0b91aab4d2b26c2 (patch)
tree: bfdd248c3a0cae3d8e76bfbec116b8f421dcad87 /inventory/host_vars
parent: further improved preseed disk selection (diff)
1 files changed, 9 insertions, 5 deletions
diff --git a/inventory/host_vars/ele-router.yml b/inventory/host_vars/ele-router.yml
index c81e0b1d..5314c13b 100644
--- a/inventory/host_vars/ele-router.yml
+++ b/inventory/host_vars/ele-router.yml
@@ -12,12 +12,16 @@ openwrt_network_external:
   - name: switch_vlan
     options:
       device: 'switch0'
-      vlan: '{{ network_wan_zone.vlan }}'
+      ## for some reason vlan-id 91 does not work. why??
+      # vlan: '{{ network_wan_zone.vlan }}'
+      vlan: '1'
       ports: '2 3 4 6t'
 
   - name: interface 'wan'
     options:
-      ifname: 'eth0.{{ network_wan_zone.vlan }}'
+      ## for some reason vlan-id 91 does not work. why??
+      # ifname: 'eth0.{{ network_wan_zone.vlan }}'
+      ifname: 'eth0.1'
       proto: dhcp
   #     proto: static
   #     ipaddr: "{{ network_wan_zone.prefix | ipaddr(network_wan_zone.offsets[inventory_hostname]) | ipaddr('address') }}"
@@ -192,7 +196,7 @@ openwrt_mixin:
         ### todo: limit the destination address?
         iptables -A INPUT -i "$WAN_IF" -p icmp -j ACCEPT
         iptables -A INPUT -i "$WAN_IF" -p tcp --dport 22000 -j ACCEPT
-        iptables -A INPUT -i "$WAN_IF" -m state --state RELATED,ESTABLISHED -j ACCEPT
+        iptables -A INPUT -i "$WAN_IF" -m conntrack --ctstate RELATED,ESTABLISHED -j ACCEPT
 
         for zone in "{{ network_internal_zone_names | join('" "') }}"; do
           interface=$(uci get "network.$zone.ifname")
@@ -207,11 +211,11 @@ openwrt_mixin:
           iptables -A INPUT -i "$interface" -p tcp --dport 53 -d "$ipaddr" -s "$ipaddr/$netmask" -j ACCEPT
 
           iptables -A INPUT -i "$interface" -p icmp -d "$ipaddr" -s "$ipaddr/$netmask" -j ACCEPT
-          iptables -A INPUT -i "$interface" -m state --state RELATED,ESTABLISHED -j ACCEPT
+          iptables -A INPUT -i "$interface" -m conntrack --ctstate RELATED,ESTABLISHED -j ACCEPT
 
 
           iptables -A FORWARD -i "$interface" -o "$WAN_IF" -s "$ipaddr/$netmask" -j ACCEPT
-          iptables -A FORWARD -i "$WAN_IF" -o "$interface" -m state --state RELATED,ESTABLISHED -j ACCEPT
+          iptables -A FORWARD -i "$WAN_IF" -o "$interface" -m conntrack --ctstate RELATED,ESTABLISHED -j ACCEPT
           iptables -t nat -A POSTROUTING -o "$WAN_IF" -s "$ipaddr/$netmask" -j MASQUERADE
         done
author	Christian Pointner <equinox@spreadspace.org>	2019-01-07 23:01:32 +0100
committer	Christian Pointner <equinox@spreadspace.org>	2019-01-07 23:01:32 +0100
commit	b8fc9d8888d73ab5d1fd625cb0b91aab4d2b26c2 (patch)
tree	bfdd248c3a0cae3d8e76bfbec116b8f421dcad87 /inventory/host_vars
parent	further improved preseed disk selection (diff)