Hello. I’m managing my family’s router and usually get to upgrading it 2-4 times per year. I went back over the holiday period and tried upgrading from 1.4-rolling-202304050317 to 1.5-rolling-202312290919 (I’ve tried a couple of recent rolling 1.5 versions, all showing the same behavior).
When booting into the 1.5 version, the bridge that I’ve setup between eth1, eth2 and eth3 seems to stop working (I’ve got WAN on eth0).
This is my configuration which I produced with show configuration commands | strip-private (I’ve removed the firewall section to get under character limits but can probably provide that in a separate post but I suspect it’s not relevant, see below):
set interfaces bridge br0 description 'LAN'
set interfaces bridge br0 enable-vlan
set interfaces bridge br0 ip source-validation 'strict'
set interfaces bridge br0 member interface eth1 allowed-vlan '65'
set interfaces bridge br0 member interface eth1 allowed-vlan '66'
set interfaces bridge br0 member interface eth1 allowed-vlan '69'
set interfaces bridge br0 member interface eth1 allowed-vlan '70'
set interfaces bridge br0 member interface eth1 allowed-vlan '71'
set interfaces bridge br0 member interface eth1 allowed-vlan '72'
set interfaces bridge br0 member interface eth1 native-vlan '69'
set interfaces bridge br0 member interface eth2 allowed-vlan '65'
set interfaces bridge br0 member interface eth2 allowed-vlan '66'
set interfaces bridge br0 member interface eth2 allowed-vlan '69'
set interfaces bridge br0 member interface eth2 allowed-vlan '70'
set interfaces bridge br0 member interface eth2 allowed-vlan '71'
set interfaces bridge br0 member interface eth2 allowed-vlan '72'
set interfaces bridge br0 member interface eth2 native-vlan '69'
set interfaces bridge br0 member interface eth3 allowed-vlan '65'
set interfaces bridge br0 member interface eth3 allowed-vlan '66'
set interfaces bridge br0 member interface eth3 allowed-vlan '69'
set interfaces bridge br0 member interface eth3 allowed-vlan '70'
set interfaces bridge br0 member interface eth3 allowed-vlan '71'
set interfaces bridge br0 member interface eth3 allowed-vlan '72'
set interfaces bridge br0 member interface eth3 native-vlan '69'
set interfaces bridge br0 stp
set interfaces bridge br0 vif 65 address 'xxx.xxx.0.1/16'
set interfaces bridge br0 vif 65 description 'Home'
set interfaces bridge br0 vif 66 address 'xxx.xxx.0.1/16'
set interfaces bridge br0 vif 66 description 'Management'
set interfaces bridge br0 vif 69 address 'xxx.xxx.0.1/16'
set interfaces bridge br0 vif 69 description 'Production'
set interfaces bridge br0 vif 70 address 'xxx.xxx.0.1/16'
set interfaces bridge br0 vif 70 description 'Guest'
set interfaces bridge br0 vif 71 address 'xxx.xxx.0.1/16'
set interfaces bridge br0 vif 71 description 'Iot'
set interfaces bridge br0 vif 72 address 'xxx.xxx.0.1/16'
set interfaces bridge br0 vif 72 description 'IotConnected'
set interfaces ethernet eth0 address 'dhcp'
set interfaces ethernet eth0 description 'OUTSIDE'
set interfaces ethernet eth0 hw-id 'xx:xx:xx:xx:xx:cd'
set interfaces ethernet eth1 hw-id 'xx:xx:xx:xx:xx:ce'
set interfaces ethernet eth2 hw-id 'xx:xx:xx:xx:xx:cf'
set interfaces ethernet eth3 hw-id 'xx:xx:xx:xx:xx:d0'
set interfaces loopback lo
set nat destination rule 10 description 'Port forward public SSH port'
set nat destination rule 10 destination port '22'
set nat destination rule 10 inbound-interface name 'eth0'
set nat destination rule 10 protocol 'tcp'
set nat destination rule 10 translation address 'xxx.xxx.0.1'
set nat source rule 64 description 'LAN'
set nat source rule 64 outbound-interface name 'eth0'
set nat source rule 64 source address 'xxx.xxx.0.0/11'
set nat source rule 64 translation address 'masquerade'
set service dhcp-server shared-network-name xxxxxx authoritative
set service dhcp-server shared-network-name xxxxxx ntp-server 'xxx.xxx.0.1'
set service dhcp-server shared-network-name xxxxxx subnet xxx.xxx.0.0/16 default-router 'xxx.xxx.0.1'
set service dhcp-server shared-network-name xxxxxx subnet xxx.xxx.0.0/16 lease '86400'
set service dhcp-server shared-network-name xxxxxx subnet xxx.xxx.0.0/16 name-server 'xxx.xxx.0.1'
set service dhcp-server shared-network-name xxxxxx subnet xxx.xxx.0.0/16 range 0 start 'xxx.xxx.0.11'
set service dhcp-server shared-network-name xxxxxx subnet xxx.xxx.0.0/16 range 0 stop 'xxx.xxx.0.211'
set service dhcp-server shared-network-name xxxxxx authoritative
set service dhcp-server shared-network-name xxxxxx ntp-server 'xxx.xxx.0.1'
set service dhcp-server shared-network-name xxxxxx subnet xxx.xxx.0.0/16 default-router 'xxx.xxx.0.1'
set service dhcp-server shared-network-name xxxxxx subnet xxx.xxx.0.0/16 lease '86400'
set service dhcp-server shared-network-name xxxxxx subnet xxx.xxx.0.0/16 name-server 'xxx.xxx.0.1'
set service dhcp-server shared-network-name xxxxxx subnet xxx.xxx.0.0/16 range 0 start 'xxx.xxx.0.11'
set service dhcp-server shared-network-name xxxxxx subnet xxx.xxx.0.0/16 range 0 stop 'xxx.xxx.0.211'
set service dhcp-server shared-network-name xxxxxx authoritative
set service dhcp-server shared-network-name xxxxxx ntp-server 'xxx.xxx.0.1'
set service dhcp-server shared-network-name xxxxxx subnet xxx.xxx.0.0/16 default-router 'xxx.xxx.0.1'
set service dhcp-server shared-network-name xxxxxx subnet xxx.xxx.0.0/16 lease '86400'
set service dhcp-server shared-network-name xxxxxx subnet xxx.xxx.0.0/16 name-server 'xxx.xxx.0.1'
set service dhcp-server shared-network-name xxxxxx subnet xxx.xxx.0.0/16 range 0 start 'xxx.xxx.0.11'
set service dhcp-server shared-network-name xxxxxx subnet xxx.xxx.0.0/16 range 0 stop 'xxx.xxx.0.211'
set service dhcp-server shared-network-name xxxxxx authoritative
set service dhcp-server shared-network-name xxxxxx ntp-server 'xxx.xxx.0.1'
set service dhcp-server shared-network-name xxxxxx subnet xxx.xxx.0.0/16 default-router 'xxx.xxx.0.1'
set service dhcp-server shared-network-name xxxxxx subnet xxx.xxx.0.0/16 lease '86400'
set service dhcp-server shared-network-name xxxxxx subnet xxx.xxx.0.0/16 name-server 'xxx.xxx.0.1'
set service dhcp-server shared-network-name xxxxxx subnet xxx.xxx.0.0/16 range 0 start 'xxx.xxx.0.11'
set service dhcp-server shared-network-name xxxxxx subnet xxx.xxx.0.0/16 range 0 stop 'xxx.xxx.0.211'
set service dhcp-server shared-network-name xxxxxx authoritative
set service dhcp-server shared-network-name xxxxxx ntp-server 'xxx.xxx.0.1'
set service dhcp-server shared-network-name xxxxxx subnet xxx.xxx.0.0/16 default-router 'xxx.xxx.0.1'
set service dhcp-server shared-network-name xxxxxx subnet xxx.xxx.0.0/16 lease '86400'
set service dhcp-server shared-network-name xxxxxx subnet xxx.xxx.0.0/16 name-server 'xxx.xxx.0.1'
set service dhcp-server shared-network-name xxxxxx subnet xxx.xxx.0.0/16 range 0 start 'xxx.xxx.0.11'
set service dhcp-server shared-network-name xxxxxx subnet xxx.xxx.0.0/16 range 0 stop 'xxx.xxx.0.211'
set service dhcp-server shared-network-name xxxxxx authoritative
set service dhcp-server shared-network-name xxxxxx ntp-server 'xxx.xxx.0.1'
set service dhcp-server shared-network-name xxxxxx subnet xxx.xxx.0.0/16 default-router 'xxx.xxx.0.1'
set service dhcp-server shared-network-name xxxxxx subnet xxx.xxx.0.0/16 lease '86400'
set service dhcp-server shared-network-name xxxxxx subnet xxx.xxx.0.0/16 name-server 'xxx.xxx.0.1'
set service dhcp-server shared-network-name xxxxxx subnet xxx.xxx.0.0/16 range 0 start 'xxx.xxx.0.11'
set service dhcp-server shared-network-name xxxxxx subnet xxx.xxx.0.0/16 range 0 stop 'xxx.xxx.0.211'
set service dhcp-server shared-network-name xxxxxx subnet xxx.xxx.0.0/16 static-mapping xxxxxx ip-address 'xxx.xxx.0.220'
set service dhcp-server shared-network-name xxxxxx subnet xxx.xxx.0.0/16 static-mapping xxxxxx mac 'xx:xx:xx:xx:xx:94'
set service dns dynamic name service-namecheap-eth0 address 'eth0'
set service dns dynamic name service-namecheap-eth0 host-name xxxxxx
set service dns dynamic name service-namecheap-eth0 password xxxxxx
set service dns dynamic name service-namecheap-eth0 protocol 'namecheap'
set service dns dynamic name service-namecheap-eth0 server 'dynamicdns.park-your-domain.com'
set service dns dynamic name service-namecheap-eth0 username xxxxxx
set service dns forwarding allow-from 'xxx.xxx.0.1/32'
set service dns forwarding allow-from 'xxx.xxx.0.0/11'
set service dns forwarding cache-size '2000000'
set service dns forwarding dnssec 'validate'
set service dns forwarding ignore-hosts-file
set service dns forwarding listen-address 'xxx.xxx.0.1'
set service dns forwarding listen-address 'xxx.xxx.0.1'
set service dns forwarding listen-address 'xxx.xxx.0.1'
set service dns forwarding listen-address 'xxx.xxx.0.1'
set service dns forwarding listen-address 'xxx.xxx.0.1'
set service dns forwarding listen-address 'xxx.xxx.0.1'
set service dns forwarding listen-address 'xxx.xxx.0.1'
set service dns forwarding name-server xxx.xxx.1.1
set service dns forwarding name-server xxx.xxx.8.8
set service dns forwarding no-serve-rfc1918
set service mdns repeater interface 'br0.65'
set service mdns repeater interface 'br0.70'
set service mdns repeater interface 'br0.72'
set service ntp allow-client xxxxxx 'xxx.xxx.0.0/16'
set service ntp allow-client xxxxxx 'xxx.xxx.0.0/16'
set service ntp allow-client xxxxxx 'xxx.xxx.0.0/16'
set service ntp allow-client xxxxxx 'xxx.xxx.0.0/16'
set service ntp allow-client xxxxxx 'xxx.xxx.0.0/16'
set service ntp allow-client xxxxxx 'xxx.xxx.0.0/16'
set service ntp server xxxxx.tld pool
set service ntp server xxxxx.tld pool
set service ssh access-control allow user xxxxxx
set service ssh disable-password-authentication
set service ssh dynamic-protection
set service ssh port '22'
set system config-management commit-revisions '100'
set system conntrack modules ftp
set system conntrack modules h323
set system conntrack modules nfs
set system conntrack modules pptp
set system conntrack modules sip
set system conntrack modules sqlnet
set system conntrack modules tftp
set system console device ttyS0 speed '115200'
set system host-name xxxxxx
set system login user xxxxxx authentication encrypted-password xxxxxx
set system login user xxxxxx authentication public-keys xxxx@xxx.xxx key xxxxxx
set system login user xxxxxx authentication public-keys xxxx@xxx.xxx type 'ssh-ed25519'
set system login user xxxxxx authentication public-keys xxxx@xxx.xxx key xxxxxx
set system login user xxxxxx authentication public-keys xxxx@xxx.xxx type 'ssh-ed25519'
set system login user xxxxxx authentication public-keys xxxx@xxx.xxx key xxxxxx
set system login user xxxxxx authentication public-keys xxxx@xxx.xxx type 'ssh-ed25519'
set system name-server 'xxx.xxx.0.1'
set system option ctrl-alt-delete 'reboot'
set system option performance 'latency'
set system option reboot-on-panic
set system option startup-beep
set system syslog global facility all level 'info'
set system syslog global facility local7 level 'debug'
At first I thought the issue had something to do with the firewall due to the recent changes with that, but after looking into it a bit further, I don’t think that’s the case, I think my problem lies with the bridge. If I on the 1.4 version run:
sudo tcpdump -nei eth3 icmp
sudo tcpdump -nei br0 icmp
sudo tcpdump -nei br0.69 icmp
and try pinging the router, I can see packets being captured for all three commands. If I repeat this under the 1.5 version, I only see packets being captured when running the first command, the second two captures nothing when pinging the router.
If I connect the WAN cable when running under 1.5, I’m able to ping 1.1.1.1 from the router, but I’m not able to ping the same from my laptop which is connected by cable to eth3. I’m also not able to SSH into the router. But my laptop does receive an IP in the range I’d expect (the 69 VLAN). When running under 1.4, I’ve got full internet access and the bridge appears to be working as expected.
I’ve tried dropping the entire firewall and don’t see any change in behavior.
I’ve also separately tried dropping the entire NAT and firewall sections and recreating something more basic using the Quick Start guide and I’ve had a look through the Using VLAN aware Bridge example a number of times but I can’t spot anything that’s looking different in my configuration but perhaps I’ve been staring at it for too long.
I’m starting to run out of ideas of what could be wrong or how I should go about fixing it. Does someone see anything wrong with my configuration?