Mehrere LAN-Mesh Verbindungen an einem Router

Hallo,
bei meinem zentralen Router, wo mehrere Funkverbindungen zusammen kommen, habe ich für die unterschiedlichen Ports jeweils einzelne Mesh-Interfaces angelegt. Die Tage hat ein Update die /etc/config/network überschrieben und jetzt bekomme ich es nicht mehr zum laufen.

Die Verbindung an mesh_other funktioniert. Das ist das voreingestellte LAN-Mesh, wo ich nur das VLAN-Tag geändert habe. Die anderen Interfaces können keine Verbindung aufbauen.

root@64354-Darmstaedter-Strasse:/etc/config# cat network

config globals 'globals'
        option ula_prefix 'auto'

config switch
        option name 'switch0'
        option reset '1'
        option enable_vlan '1'

config switch_vlan
        option device 'switch0'
        option vlan '1'
        option ports '2 0t'

config switch_vlan
        option device 'switch0'
        option vlan '3'
        option ports '3 0t'  

config switch_vlan
        option device 'switch0'
        option vlan '4'
        option ports '4 0t'  

config switch_vlan
        option device 'switch0'
        option vlan '6'
        option ports '5t 0t'

config switch_vlan
        option device 'switch0'
        option vlan '7'        
        option ports '5t 0t' 

config switch_vlan
        option device 'switch0'
        option vlan '2'
        option ports '1 0t'

config interface 'loopback'
        option netmask '255.0.0.0'
        option ifname 'lo'
        option ipaddr '127.0.0.1'
        option proto 'static'

config interface 'wan'
        option igmp_snooping '1'
        option proto 'dhcp'
        option auto '1'
        option peerdns '0'
        option multicast_querier '0'
        option type 'bridge'
        list ifname 'eth0.2'

config interface 'wan6'
        option proto 'dhcpv6'
        option ip6table '1'
        option sourcefilter '0'
        option peerdns '0'
        option reqprefix 'no'
        option ifname 'br-wan'

config rule6 'wan6_lookup'
        option mark '0x01/0x01'
        option lookup '1'

config route6 'wan6_unreachable'
        option type 'unreachable'
        option table '1'
        option target '::/0'
        option metric '65535'
        option gateway '::'
        option interface 'loopback'

config interface 'mesh_radio0'
        option proto 'gluon_mesh'

config interface 'mesh_radio1'
        option proto 'gluon_mesh'

config interface 'mesh_other'
        option igmp_snooping '0'
        option ifname 'eth0.7'
        option index '4'
        option vxlan '1'
        option proto 'gluon_wired'
        option macaddr '46:74:7d:e5:3f:74'

config interface 'mesh_stw'       
        option igmp_snooping '0'    
        option ifname 'eth0.1'      
        option index '5'            
        option vxlan '1'            
        option proto 'gluon_wired'  
        option macaddr '46:74:7d:e5:3f:75'

config interface 'mesh_ueb'       
        option igmp_snooping '0'    
        option ifname 'eth0.3'      
        option index '6'            
        option vxlan '1'            
        option proto 'gluon_wired'  
        option macaddr '46:74:7d:e5:3f:76' 

config interface 'mesh_aq'       
        option igmp_snooping '0'    
        option ifname 'eth0.4'      
        option index '7'            
        option vxlan '1'            
        option proto 'gluon_wired'  
        option macaddr '46:74:7d:e5:3f:77'

config interface 'client'
        option igmp_snooping '1'
        option type 'bridge'
        option auto '1'
        option ra_holdoff '30'
        option multicast_querier '1'
        option macaddr 'a0:f3:c1:a6:89:b5'
        list ifname 'local-port'
        list ifname 'bat0'
        option ipv6 '1'
        option keep_ra_dnslifetime '1'
        option sourcefilter '0'
        option peerdns '0'
        option robustness '9'
        option reqprefix 'no'
        option query_interval '2000'
        option query_response_interval '500'
        option proto 'dhcpv6'

config device 'local_node_dev'
        option type 'veth'
        option name 'local-node'
        option peer_name 'local-port'
        option macaddr 'da:ff:11:00:ff:ff'
        option peer_macaddr 'a0:f3:c1:a6:89:b5'

config interface 'local_node'
        option ifname 'local-node'
        option ipaddr '10.84.191.254/20'
        option ip6addr 'fd01:67c:2ed8:100b::1:1/128'
        option ip6deprecated '1'
        option proto 'static'

config interface 'gluon_bat0'
        option gw_mode 'client'
        option proto 'gluon_bat0'

config interface 'bat0'
        option multicast_router '2'
        option ifname 'bat0'
        option auto '1'
        option macaddr 'a0:f3:c1:a6:89:b5'
        option learning '1'
        option proto 'none'

config route6 'local_node_route6'
        option target 'fd01:67c:2ed8:100b::/64'
        option gateway '::'
        option interface 'client'

config interface 'mesh_vpn'
        option ifname 'mesh-vpn'
        option transitive '1'
        option mtu '1312'
        option macaddr '46:74:7d:e5:3f:77'
        option fixed_mtu '1'
        option proto 'gluon_mesh'

entspechend die Firewall:

root@64354-Darmstaedter-Strasse:/etc/config# cat firewall

config rule 'wan_vxlan'
        option dest_port '4789'
        option src 'wan'
        option name 'wan_vxlan'
        option src_ip 'fe80::/64'
        option family 'ipv6'
        option target 'ACCEPT'
        option proto 'udp'

config rule 'wired_mesh_vxlan'
        option dest_port '4789'
        option src 'wired_mesh'
        option name 'wired_mesh_vxlan'
        option src_ip 'fe80::/64'
        option family 'ipv6'
        option target 'ACCEPT'
        option proto 'udp'

config rule 'wired_mesh_2_vxlan'
        option dest_port '4789'
        option src 'wired_mesh_2'
        option name 'wired_mesh_2_vxlan'
        option src_ip 'fe80::/64'
        option family 'ipv6'
        option target 'ACCEPT'
        option proto 'udp'

config rule 'wired_mesh_3_vxlan'
        option dest_port '4789'
        option src 'wired_mesh_3'
        option name 'wired_mesh_3_vxlan'
        option src_ip 'fe80::/64'
        option family 'ipv6'
        option target 'ACCEPT'
        option proto 'udp'

config rule 'wired_mesh_4_vxlan'
        option dest_port '4789'
        option src 'wired_mesh_4'
        option name 'wired_mesh_4_vxlan'
        option src_ip 'fe80::/64'
        option family 'ipv6'
        option target 'ACCEPT'
        option proto 'udp'

config defaults
        option syn_flood '1'
        option output 'ACCEPT'
        option forward 'REJECT'
        option input 'REJECT'

config zone
        option name 'lan'
        list network 'lan'
        option input 'ACCEPT'
        option output 'ACCEPT'
        option forward 'ACCEPT'

config zone
        option name 'wan'
        list network 'wan'
        list network 'wan6'
        option input 'REJECT'
        option output 'ACCEPT'
        option forward 'REJECT'
        option masq '1'
        option mtu_fix '1'
        option conntrack '1'

config forwarding
        option src 'lan'
        option dest 'wan'

config rule
        option name 'Allow-DHCP-Renew'
        option src 'wan'
        option proto 'udp'
        option dest_port '68'
        option target 'ACCEPT'
        option family 'ipv4'

config rule
        option name 'Allow-Ping'
        option src 'wan'
        option proto 'icmp'
        option icmp_type 'echo-request'
        option family 'ipv4'
        option target 'ACCEPT'

config rule
        option name 'Allow-IGMP'
        option src 'wan'
        option proto 'igmp'
        option family 'ipv4'
        option target 'ACCEPT'

config rule
        option name 'Allow-DHCPv6'
        option src 'wan'
        option proto 'udp'
        option src_ip 'fc00::/6'
        option dest_ip 'fc00::/6'
        option dest_port '546'
        option family 'ipv6'
        option target 'ACCEPT'

config rule
        option name 'Allow-MLD'
        option src 'wan'
        option proto 'icmp'
        option src_ip 'fe80::/10'
        list icmp_type '130/0'
        list icmp_type '131/0'
        list icmp_type '132/0'
        list icmp_type '143/0'
        option family 'ipv6'
        option target 'ACCEPT'

config rule
        option name 'Allow-ICMPv6-Input'
        option src 'wan'
        option proto 'icmp'
        list icmp_type 'echo-request'
        list icmp_type 'echo-reply'
        list icmp_type 'destination-unreachable'
        list icmp_type 'packet-too-big'
        list icmp_type 'time-exceeded'
        list icmp_type 'bad-header'
        list icmp_type 'unknown-header-type'
        list icmp_type 'router-solicitation'
        list icmp_type 'neighbour-solicitation'
        list icmp_type 'router-advertisement'
        list icmp_type 'neighbour-advertisement'
        option limit '1000/sec'
        option family 'ipv6'
        option target 'ACCEPT'

config rule
        option name 'Allow-ICMPv6-Forward'
        option src 'wan'
        option dest '*'
        option proto 'icmp'
        list icmp_type 'echo-request'
        list icmp_type 'echo-reply'
        list icmp_type 'destination-unreachable'
        list icmp_type 'packet-too-big'
        list icmp_type 'time-exceeded'
        list icmp_type 'bad-header'
        list icmp_type 'unknown-header-type'
        option limit '1000/sec'
        option family 'ipv6'
        option target 'ACCEPT'

config rule
        option name 'Allow-IPSec-ESP'
        option src 'wan'
        option dest 'lan'
        option proto 'esp'
        option target 'ACCEPT'

config rule
        option name 'Allow-ISAKMP'
        option src 'wan'
        option dest 'lan'
        option dest_port '500'
        option proto 'udp'
        option target 'ACCEPT'

config include
        option path '/etc/firewall.user'

config rule 'wan_igmp'
        option src 'wan'
        option name 'Allow-IGMP'
        option family 'ipv4'
        option target 'ACCEPT'
        option proto 'igmp'

config rule 'wan_mld'
        option src 'wan'
        option name 'Allow-MLD'
        option src_ip 'fe80::/10'
        option family 'ipv6'
        option target 'ACCEPT'
        option proto 'icmp'
        list icmp_type '130/0'
        list icmp_type '131/0'
        list icmp_type '132/0'
        list icmp_type '143/0'

config rule 'wan_ssh'
        option dest_port '22'
        option src 'wan'
        option name 'wan_ssh'
        option target 'ACCEPT'
        option proto 'tcp'

config rule 'wan_respondd_reply'
        option src_port '1001'
        option src 'wan'
        option name 'wan_respondd_reply'
        option src_ip 'fe80::/64'
        option target 'ACCEPT'
        option proto 'udp'
        option dest_port '32768:61000'

config rule 'wan_respondd'
        option dest_port '1001'
        option src 'wan'
        option name 'wan_respondd'
        option src_ip 'fe80::/64'
        option target 'ACCEPT'
        option proto 'udp'

config rule 'client_respondd'
        option dest_port '1001'
        option name 'client_respondd'
        option proto 'udp'
        option src_ip 'fe80::/64'
        option target 'ACCEPT'
        option src 'loc_client'

config include 'mesh_vpn_dns'
        option family 'ipv4'
        option type 'restore'
        option path '/lib/gluon/mesh-vpn/iptables.rules'

config zone 'mesh'
        option name 'mesh'
        option input 'REJECT'
        option forward 'REJECT'
        option output 'ACCEPT'
        list network 'client'

config rule 'mesh_ICMPv6_in'
        option src 'mesh'
        option limit '1000/sec'
        option family 'ipv6'
        option target 'ACCEPT'
        option proto 'icmp'
        list icmp_type 'echo-request'
        list icmp_type 'echo-reply'
        list icmp_type 'destination-unreachable'
        list icmp_type 'packet-too-big'
        list icmp_type 'time-exceeded'
        list icmp_type 'bad-header'
        list icmp_type 'unknown-header-type'
        list icmp_type 'router-solicitation'
        list icmp_type 'neighbour-solicitation'
        list icmp_type 'router-advertisement'
        list icmp_type 'neighbour-advertisement'
        list icmp_type '130/0'
        list icmp_type '131/0'
        list icmp_type '132/0'
        list icmp_type '143/0'

config zone 'wired_mesh'
        option name 'wired_mesh'
        option input 'REJECT'
        option forward 'REJECT'
        option output 'ACCEPT'
        list network 'mesh_other'

config zone 'wired_mesh_2'                              
        option name 'wired_mesh_2'              
        option input 'REJECT'                   
        option forward 'REJECT'                         
        option output 'ACCEPT'                  
        list network 'mesh_aq'

config zone 'wired_mesh_3'
        option name 'wired_mesh_3'
        option input 'REJECT'
        option forward 'REJECT'
        option output 'ACCEPT'
        list network 'mesh_stw'

config zone 'wired_mesh_4'
        option name 'wired_mesh_4'
        option input 'REJECT'
        option forward 'REJECT'
        option output 'ACCEPT'
        list network 'mesh_ueb'

config rule 'wired_mesh_ICMPv6_in'
        option src 'wired_mesh'
        option limit '1000/sec'
        option family 'ipv6'
        option target 'ACCEPT'
        option proto 'icmp'
        list icmp_type 'echo-request'
        list icmp_type 'echo-reply'
        list icmp_type 'destination-unreachable'
        list icmp_type 'packet-too-big'
        list icmp_type 'time-exceeded'
        list icmp_type 'bad-header'
        list icmp_type 'unknown-header-type'
        list icmp_type 'router-solicitation'
        list icmp_type 'neighbour-solicitation'
        list icmp_type 'router-advertisement'
        list icmp_type 'neighbour-advertisement'
        list icmp_type '130/0'
        list icmp_type '131/0'
        list icmp_type '132/0'
        list icmp_type '143/0'

config rule 'wired_mesh_2_ICMPv6_in'
        option src 'wired_mesh_2'
        option limit '1000/sec'
        option family 'ipv6'
        option target 'ACCEPT'
        option proto 'icmp'
        list icmp_type 'echo-request'
        list icmp_type 'echo-reply'
        list icmp_type 'destination-unreachable'
        list icmp_type 'packet-too-big'
        list icmp_type 'time-exceeded'
        list icmp_type 'bad-header'
        list icmp_type 'unknown-header-type'
        list icmp_type 'router-solicitation'
        list icmp_type 'neighbour-solicitation'
        list icmp_type 'router-advertisement'
        list icmp_type 'neighbour-advertisement'
        list icmp_type '130/0'
        list icmp_type '131/0'
        list icmp_type '132/0'
        list icmp_type '143/0'

config rule 'wired_mesh_3_ICMPv6_in'
        option src 'wired_mesh_3'
        option limit '1000/sec'
        option family 'ipv6'
        option target 'ACCEPT'
        option proto 'icmp'
        list icmp_type 'echo-request'
        list icmp_type 'echo-reply'
        list icmp_type 'destination-unreachable'
        list icmp_type 'packet-too-big'
        list icmp_type 'time-exceeded'
        list icmp_type 'bad-header'
        list icmp_type 'unknown-header-type'
        list icmp_type 'router-solicitation'
        list icmp_type 'neighbour-solicitation'
        list icmp_type 'router-advertisement'
        list icmp_type 'neighbour-advertisement'
        list icmp_type '130/0'
        list icmp_type '131/0'
        list icmp_type '132/0'
        list icmp_type '143/0'

config rule 'wired_mesh_4_ICMPv6_in'
        option src 'wired_mesh_4'
        option limit '1000/sec'
        option family 'ipv6'
        option target 'ACCEPT'
        option proto 'icmp'
        list icmp_type 'echo-request'
        list icmp_type 'echo-reply'
        list icmp_type 'destination-unreachable'
        list icmp_type 'packet-too-big'
        list icmp_type 'time-exceeded'
        list icmp_type 'bad-header'
        list icmp_type 'unknown-header-type'
        list icmp_type 'router-solicitation'
        list icmp_type 'neighbour-solicitation'
        list icmp_type 'router-advertisement'
        list icmp_type 'neighbour-advertisement'
        list icmp_type '130/0'
        list icmp_type '131/0'
        list icmp_type '132/0'
        list icmp_type '143/0'

config rule 'mesh_ssh'
        option dest_port '22'
        option src 'mesh'
        option name 'mesh_ssh'
        option target 'ACCEPT'
        option proto 'tcp'

config zone 'drop'
        option name 'drop'
        option input 'DROP'
        option forward 'DROP'
        option output 'DROP'

config rule 'mesh_respondd_reply'
        option src_port '1001'
        option src 'mesh'
        option name 'mesh_respondd_reply'
        option src_ip 'fe80::/64'
        option target 'ACCEPT'
        option proto 'udp'
        option dest_port '32768:61000'

config rule 'mesh_respondd_ll'
        option dest_port '1001'
        option src 'mesh'
        option name 'mesh_respondd_ll'
        option src_ip 'fe80::/64'
        option target 'ACCEPT'
        option proto 'udp'

config rule 'mesh_respondd_siteprefix'
        option dest_port '1001'
        option src 'mesh'
        option name 'mesh_respondd_siteprefix'
        option target 'ACCEPT'
        option proto 'udp'
        option src_ip 'fd01:67c:2ed8:100b::/64'

config rule 'mesh_http'
        option dest_port '80'
        option src 'mesh'
        option target 'ACCEPT'
        option proto 'tcp'

config zone 'loc_client'
        option name 'loc_client'
        option input 'REJECT'
        option forward 'REJECT'
        option output 'ACCEPT'
        list network 'local_node'

config rule 'loc_client_ICMPv6_in'
        option src 'loc_client'
        option limit '1000/sec'
        option family 'ipv6'
        option target 'ACCEPT'
        option proto 'icmp'
        list icmp_type 'echo-request'
        list icmp_type 'echo-reply'
        list icmp_type 'destination-unreachable'
        list icmp_type 'packet-too-big'
        list icmp_type 'time-exceeded'
        list icmp_type 'bad-header'
        list icmp_type 'unknown-header-type'
        list icmp_type 'router-solicitation'
        list icmp_type 'neighbour-solicitation'
        list icmp_type 'router-advertisement'
        list icmp_type 'neighbour-advertisement'
        list icmp_type '130/0'
        list icmp_type '131/0'
        list icmp_type '132/0'
        list icmp_type '143/0'

config rule 'loc_client_ICMPv4_in'
        option src 'loc_client'
        option family 'ipv4'
        option target 'ACCEPT'
        option proto 'icmp'
        list icmp_type 'echo-request'

config rule 'loc_client_ssh'
        option dest_port '22'
        option src 'loc_client'
        option name 'loc_client_ssh'
        option target 'ACCEPT'
        option proto 'tcp'

config rule 'loc_client_http'
        option dest_port '80'
        option src 'loc_client'
        option target 'ACCEPT'
        option proto 'tcp'

config rule 'mesh_respondd_extraprefix1'
        option dest_port '1001'
        option src 'mesh'
        option name 'mesh_respondd_extraprefix1'
        option src_ip '2001:67c:2ed8:100b::/64'
        option target 'ACCEPT'
        option proto 'udp'

config rule 'mesh_usteer_ll'
        option dest_port '16720'
        option src 'mesh'
        option name 'mesh_usteer_ll'
        option src_ip 'fe80::/64'
        option target 'ACCEPT'
        option proto 'udp'

config rule 'client_dns'
        option dest_port '53'
        option src 'loc_client'
        option target 'ACCEPT'
        option proto 'tcpudp'

Außerdem sollte über VLAN 6 an Port 5 noch das Client-Netz ausgegeben werden. Aber wenn ich bei

config interface ‘client’

das

list ifname

in ‘bat0 eth0.6’ ändere, bekommt der Router keine globale IP (mit 2001:) mehr…
Ich sehe gerade den Fehler nicht

Offenbar funktioniert das anlegen mehrerer Mesh-Interfaces mit der neuen Firmware bei diesem Gerät nicht mehr. Habe jetzt erstmal die 2.3 wieder aufgespielt. Jetzt routet es wieder, aber man hat im Client-Netz an diesem Router jetzt kein Internet. Man bekommt eine IP und kann auch die lokale Adrese des Routers im Browser öffnen, aber alles andere will nicht.

Ich vermute, da ist eine veränderte Firewalleinstellung aus der neueren Version dran schuld. Habe jetzt nicht die Zeit, das nochmal komplett zurückzusetzen. Im Wesentlichen ist die config aber wie im letzten Post. Sieht jemand, wo es klemmen könnte?