2 files changed, 10 insertions, 6 deletions

diff --git a/inventory/group_vars/dolmetsch-ctl/main.yml b/inventory/group_vars/dolmetsch-ctl/main.yml
index 8c1ace83..cd9255f8 100644
--- a/inventory/group_vars/dolmetsch-ctl/main.yml
+++ b/inventory/group_vars/dolmetsch-ctl/main.yml
@@ -77,7 +77,7 @@ openwrt_mixin:
         iptables -A INPUT -i "$MIXER_IF" -p icmp -d "$MIXER_IPADDR" -s "$MIXER_IPADDR/$MIXER_NETMASK" -j ACCEPT
         iptables -A INPUT -i "$MIXER_IF" -p udp -d "$MIXER_IPADDR" -s "$MIXER_IPADDR/$MIXER_NETMASK" -j ACCEPT
         iptables -A INPUT -i "$MIXER_IF" -p tcp -d "$MIXER_IPADDR" -s "$MIXER_IPADDR/$MIXER_NETMASK" -j ACCEPT
-        iptables -A INPUT -i "$MIXER_IF" -m state --state RELATED,ESTABLISHED -j ACCEPT
+        iptables -A INPUT -i "$MIXER_IF" -m conntrack --ctstate RELATED,ESTABLISHED -j ACCEPT
 
         iptables -P INPUT DROP
         iptables -P FORWARD DROP
diff --git a/inventory/host_vars/ele-router.yml b/inventory/host_vars/ele-router.yml
index c81e0b1d..5314c13b 100644
--- a/inventory/host_vars/ele-router.yml
+++ b/inventory/host_vars/ele-router.yml
@@ -12,12 +12,16 @@ openwrt_network_external:
   - name: switch_vlan
     options:
       device: 'switch0'
-      vlan: '{{ network_wan_zone.vlan }}'
+      ## for some reason vlan-id 91 does not work. why??
+      # vlan: '{{ network_wan_zone.vlan }}'
+      vlan: '1'
       ports: '2 3 4 6t'
 
   - name: interface 'wan'
     options:
-      ifname: 'eth0.{{ network_wan_zone.vlan }}'
+      ## for some reason vlan-id 91 does not work. why??
+      # ifname: 'eth0.{{ network_wan_zone.vlan }}'
+      ifname: 'eth0.1'
       proto: dhcp
   #     proto: static
   #     ipaddr: "{{ network_wan_zone.prefix | ipaddr(network_wan_zone.offsets[inventory_hostname]) | ipaddr('address') }}"
@@ -192,7 +196,7 @@ openwrt_mixin:
         ### todo: limit the destination address?
         iptables -A INPUT -i "$WAN_IF" -p icmp -j ACCEPT
         iptables -A INPUT -i "$WAN_IF" -p tcp --dport 22000 -j ACCEPT
-        iptables -A INPUT -i "$WAN_IF" -m state --state RELATED,ESTABLISHED -j ACCEPT
+        iptables -A INPUT -i "$WAN_IF" -m conntrack --ctstate RELATED,ESTABLISHED -j ACCEPT
 
         for zone in "{{ network_internal_zone_names | join('" "') }}"; do
           interface=$(uci get "network.$zone.ifname")
@@ -207,11 +211,11 @@ openwrt_mixin:
           iptables -A INPUT -i "$interface" -p tcp --dport 53 -d "$ipaddr" -s "$ipaddr/$netmask" -j ACCEPT
 
           iptables -A INPUT -i "$interface" -p icmp -d "$ipaddr" -s "$ipaddr/$netmask" -j ACCEPT
-          iptables -A INPUT -i "$interface" -m state --state RELATED,ESTABLISHED -j ACCEPT
+          iptables -A INPUT -i "$interface" -m conntrack --ctstate RELATED,ESTABLISHED -j ACCEPT
 
 
           iptables -A FORWARD -i "$interface" -o "$WAN_IF" -s "$ipaddr/$netmask" -j ACCEPT
-          iptables -A FORWARD -i "$WAN_IF" -o "$interface" -m state --state RELATED,ESTABLISHED -j ACCEPT
+          iptables -A FORWARD -i "$WAN_IF" -o "$interface" -m conntrack --ctstate RELATED,ESTABLISHED -j ACCEPT
           iptables -t nat -A POSTROUTING -o "$WAN_IF" -s "$ipaddr/$netmask" -j MASQUERADE
         done