Hello, I am trying to set mwan3 on my Omnia.
I get stuck even on prerequisite - I am not able to ping anything, using second connection. After “ping -c 1 -I lan4 www.google.com”
I got message “ping: connect: Permission denied”.
This ping works, if the lan4 interface is set as “WAN” in Foris. But when WAN is set to wan port (eth2), than I got this permission denied message. I think it must be something with firewall?
The lan4 port has its own interface and the interface belongs to WAN firewall zone.
Does anyone have mwan3 up and running? Any idea what could cause this? Thank you.
/etc/config/network
config interface 'loopback'
option device 'lo'
option proto 'static'
option ipaddr '127.0.0.1'
option netmask '255.0.0.0'
config globals 'globals'
option ula_prefix 'fd33:8c9b:d6c2::/48'
config interface 'lan'
option device 'br-lan'
option proto 'static'
option ip6assign '60'
option _turris_mode 'managed'
list ipaddr '192.168.5.1/24'
config interface 'wan'
option ipv6 '1'
option device 'eth2'
option proto 'dhcp'
option metric '10'
config interface 'wan6'
option device '@wan'
option proto 'dhcpv6'
option metric '20'
option reqprefix 'auto'
option reqaddress 'try'
config device 'dev_wan'
option name 'eth2'
config interface 'guest_turris'
option enabled '1'
option proto 'static'
option device 'br-guest-turris'
option ipaddr '10.111.222.1'
option netmask '255.255.255.0'
option ip6assign '64'
config device 'br_guest_turris'
option name 'br-guest-turris'
option type 'bridge'
option bridge_empty '1'
config device 'br_lan'
option name 'br-lan'
option type 'bridge'
list ports 'lan0'
list ports 'lan1'
config interface 'lan_studia'
option device 'lan2'
option proto 'static'
option ipaddr '192.168.6.1'
option netmask '255.255.255.0'
list dns '8.8.8.8'
config interface 'gsm'
option device 'lan4'
option proto 'static'
option netmask '255.255.255.252'
option ipaddr '10.9.116.10'
option gateway '10.9.116.9'
option metric '50'
/etc/config/firewall
config defaults
option input 'ACCEPT'
option output 'ACCEPT'
option forward 'REJECT'
option synflood_protect '1'
config zone
option name 'lan'
option input 'ACCEPT'
option output 'ACCEPT'
option forward 'ACCEPT'
list network 'lan'
config zone
option name 'wan'
option input 'REJECT'
option output 'ACCEPT'
option forward 'REJECT'
option masq '1'
option mtu_fix '1'
list network 'wan'
list network 'wan6'
list network 'gsm'
config forwarding
option src 'lan'
option dest 'wan'
config rule
option name 'Allow-DHCP-Renew'
option src 'wan'
option proto 'udp'
option dest_port '68'
option target 'ACCEPT'
option family 'ipv4'
config rule
option name 'Allow-Ping'
option src 'wan'
config rule
option name 'Allow-DHCP-Renew'
option src 'wan'
option proto 'udp'
option dest_port '68'
option target 'ACCEPT'
option family 'ipv4'
config rule
option name 'Allow-Ping'
option src 'wan'
option proto 'icmp'
option icmp_type 'echo-request'
option family 'ipv4'
option target 'ACCEPT'
config rule
option name 'Allow-IGMP'
option src 'wan'
option proto 'igmp'
option family 'ipv4'
option target 'ACCEPT'
config rule
option name 'Allow-DHCPv6'
option src 'wan'
option proto 'udp'
option dest_port '546'
option family 'ipv6'
option target 'ACCEPT'
config rule
option name 'Allow-MLD'
option src 'wan'
option proto 'icmp'
option src_ip 'fe80::/10'
list icmp_type '130/0'
list icmp_type '131/0'
list icmp_type '132/0'
list icmp_type '143/0'
option family 'ipv6'
option target 'ACCEPT'
config rule
option name 'Allow-ICMPv6-Input'
option src 'wan'
option proto 'icmp'
list icmp_type 'echo-request'
list icmp_type 'echo-reply'
list icmp_type 'destination-unreachable'
list icmp_type 'packet-too-big'
list icmp_type 'time-exceeded'
list icmp_type 'bad-header'
list icmp_type 'unknown-header-type'
list icmp_type 'router-solicitation'
list icmp_type 'neighbour-solicitation'
list icmp_type 'router-advertisement'
list icmp_type 'neighbour-advertisement'
option limit '1000/sec'
option family 'ipv6'
option target 'ACCEPT'
config rule
option name 'Allow-ICMPv6-Forward'
option src 'wan'
option dest '*'
option proto 'icmp'
list icmp_type 'echo-request'
list icmp_type 'echo-reply'
list icmp_type 'destination-unreachable'
list icmp_type 'packet-too-big'
list icmp_type 'time-exceeded'
list icmp_type 'bad-header'
list icmp_type 'unknown-header-type'
option limit '1000/sec'
option family 'ipv6'
option target 'ACCEPT'
config rule
option name 'Allow-IPSec-ESP'
option src 'wan'
option dest 'lan'
option proto 'esp'
option target 'ACCEPT'
config rule
option name 'Allow-ISAKMP'
option src 'wan'
option dest 'lan'
option dest_port '500'
option proto 'udp'
option target 'ACCEPT'
config rule
option name 'Support-UDP-Traceroute'
option src 'wan'
option dest_port '33434:33689'
option proto 'udp'
option family 'ipv4'
option target 'REJECT'
option enabled 'false'
config include
option path '/etc/firewall.user'
config rule 'turris_wan_6in4_rule'
option enabled '0'
config rule 'turris_wan_6to4_rule'
option enabled '0'
config zone 'guest_turris'
option enabled '1'
option name 'tr_guest'
option input 'REJECT'
option forward 'REJECT'
option output 'ACCEPT'
list network 'guest_turris'
config forwarding 'guest_turris_forward_wan'
option enabled '1'
option name 'guest to wan forward'
option src 'tr_guest'
option dest 'wan'
config rule 'guest_turris_dns_rule'
option enabled '1'
option name 'guest dns rule'
option src 'tr_guest'
option proto 'tcpudp'
option dest_port '53'
option target 'ACCEPT'
config rule 'guest_turris_dhcp_rule'
option enabled '1'
option name 'guest dhcp rule'
option src 'tr_guest'
option proto 'udp'
option src_port '67-68'
option dest_port '67-68'
option target 'ACCEPT'
config rule 'guest_turris_Allow_DHCPv6'
option src 'tr_guest'
option proto 'udp'
option src_ip 'fe80::/10'
option src_port '546-547'
option dest_ip 'fe80::/10'
option dest_port '546-547'
option family 'ipv6'
option target 'ACCEPT'
config rule 'guest_turris_Allow_MLD'
option src 'tr_guest'
option proto 'icmp'
option src_ip 'fe80::/10'
option family 'ipv6'
option target 'ACCEPT'
list icmp_type '130/0'
list icmp_type '131/0'
list icmp_type '132/0'
list icmp_type '143/0'
config rule 'guest_turris_Allow_ICMPv6_Input'
option src 'tr_guest'
option proto 'icmp'
option limit '1000/sec'
option family 'ipv6'
option target 'ACCEPT'
list icmp_type 'echo-request'
list icmp_type 'echo-reply'
list icmp_type 'destination-unreachable'
list icmp_type 'packet-too-big'
list icmp_type 'time-exceeded'
list icmp_type 'bad-header'
list icmp_type 'unknown-header-type'
list icmp_type 'router-solicitation'
list icmp_type 'neighbour-solicitation'
list icmp_type 'router-advertisement'
list icmp_type 'neighbour-advertisement'
config zone
option name 'lan_studia'
option input 'ACCEPT'
option forward 'REJECT'
option output 'ACCEPT'
list network 'LAN_STUDIA'
list network 'lan_studia'
config forwarding
option dest 'wan'