From b8fc9d8888d73ab5d1fd625cb0b91aab4d2b26c2 Mon Sep 17 00:00:00 2001
From: Christian Pointner <equinox@spreadspace.org>
Date: Mon, 7 Jan 2019 23:01:32 +0100
Subject: fix ele-router config

---
 inventory/host_vars/ele-router.yml | 14 +++++++++-----
 1 file changed, 9 insertions(+), 5 deletions(-)

(limited to 'inventory/host_vars/ele-router.yml')

diff --git a/inventory/host_vars/ele-router.yml b/inventory/host_vars/ele-router.yml
index c81e0b1d..5314c13b 100644
--- a/inventory/host_vars/ele-router.yml
+++ b/inventory/host_vars/ele-router.yml
@@ -12,12 +12,16 @@ openwrt_network_external:
   - name: switch_vlan
     options:
       device: 'switch0'
-      vlan: '{{ network_wan_zone.vlan }}'
+      ## for some reason vlan-id 91 does not work. why??
+      # vlan: '{{ network_wan_zone.vlan }}'
+      vlan: '1'
       ports: '2 3 4 6t'
 
   - name: interface 'wan'
     options:
-      ifname: 'eth0.{{ network_wan_zone.vlan }}'
+      ## for some reason vlan-id 91 does not work. why??
+      # ifname: 'eth0.{{ network_wan_zone.vlan }}'
+      ifname: 'eth0.1'
       proto: dhcp
   #     proto: static
   #     ipaddr: "{{ network_wan_zone.prefix | ipaddr(network_wan_zone.offsets[inventory_hostname]) | ipaddr('address') }}"
@@ -192,7 +196,7 @@ openwrt_mixin:
         ### todo: limit the destination address?
         iptables -A INPUT -i "$WAN_IF" -p icmp -j ACCEPT
         iptables -A INPUT -i "$WAN_IF" -p tcp --dport 22000 -j ACCEPT
-        iptables -A INPUT -i "$WAN_IF" -m state --state RELATED,ESTABLISHED -j ACCEPT
+        iptables -A INPUT -i "$WAN_IF" -m conntrack --ctstate RELATED,ESTABLISHED -j ACCEPT
 
         for zone in "{{ network_internal_zone_names | join('" "') }}"; do
           interface=$(uci get "network.$zone.ifname")
@@ -207,11 +211,11 @@ openwrt_mixin:
           iptables -A INPUT -i "$interface" -p tcp --dport 53 -d "$ipaddr" -s "$ipaddr/$netmask" -j ACCEPT
 
           iptables -A INPUT -i "$interface" -p icmp -d "$ipaddr" -s "$ipaddr/$netmask" -j ACCEPT
-          iptables -A INPUT -i "$interface" -m state --state RELATED,ESTABLISHED -j ACCEPT
+          iptables -A INPUT -i "$interface" -m conntrack --ctstate RELATED,ESTABLISHED -j ACCEPT
 
 
           iptables -A FORWARD -i "$interface" -o "$WAN_IF" -s "$ipaddr/$netmask" -j ACCEPT
-          iptables -A FORWARD -i "$WAN_IF" -o "$interface" -m state --state RELATED,ESTABLISHED -j ACCEPT
+          iptables -A FORWARD -i "$WAN_IF" -o "$interface" -m conntrack --ctstate RELATED,ESTABLISHED -j ACCEPT
           iptables -t nat -A POSTROUTING -o "$WAN_IF" -s "$ipaddr/$netmask" -j MASQUERADE
         done
 
-- 
cgit v1.2.3