OpenWRT auf dem Linksys

Seit einiger Zeit setzte ich openWRT auf meinem Linksys Router ein, das es sich durch seinen Modularen aufbau und seiene Linux-like und somit sehr freie configurationsmöglichkeiten hervortut.

Configuration und Administration

Tagged VLAN out

Hat man einen managbarn switch, ist es interessant den Linksys dazu zu bringen vlan tagged pakete auszugeben.

epending on the hardware platform you'll either have an ADM or Robo switch. The new /proc/switch interface will handle either, eliminating (most of) the need for admcfg or robocfg.

The tag/untag is done on a per port basis, not per vlan.

'*' = pvid; if ports are in multiple vlans, untagged packets will be added to this vlan
't' = tagged port; all packets sent out this port will be tagged (default for port 5)
'u' = untagged port; all packets sent out this port will be untagged

<code>
insmod switch-core
insmod switch-robo
echo "1t 5t" > /proc/switch/eth0/vlan/10/ports
echo "1* 2 3 4 5t*" > /proc/switch/eth0/vlan/0/ports
made packets to vlan10 tagged and packets to vlan0 untagged. I do not understand, why wrt54gs has a differnt behaviour. Only difference to wrt54gs was module switch-adm, because wrt54gs does not link switch-robo. </code>

Bernd 2007/02/11 23:34

Mehrere Vlans einrichten

Möchte man den Linksys unter openWRT in mehrer Netzen betreiben und zwischen diesen Routen, oder ein DMZ einrichten, so kann man br0 auftrennen und/oder jedem der 4 switsch Port's eine eigenes vlan zuortnen.

Da wir ab heute T-DSL und das bestehende Kabel Deutschland im haus haben möchte ich den Router mit einem Zweiten „WAN-Port“ ausstatten und die Netzwerklast auf beide Leitungen gleichermassen verteilen. Dazu muss man wie auch der WAN Port nur ein vlan ist (vlan1)

root@zion:~# nvram set vlan0ports="2 3 4 5*"
root@zion:~# nvram set vlan2hwname=et0
root@zion:~# nvram set vlan2ports="1 5"
root@zion:~# nvram set vlan2macaddr=00:14:cc:vv:vv:dd
root@zion:~# 

root@zion:~# nvram set lan_ifnames="vlan0 eth1 eth2"    
 DOT NEEDET sets the dev's which were brigdged

root@zion:~# nvram set vlan2macaddr=00:14:cc:vv:vv:dd
root@zion:~# nvram commit

Auch hier nochmal erklährt

Dannach geht es ganz normal damit weiter:

einfach ein Netzwerk einstellen

PPPoE configurieren

That's easy. Just set some NVRAM variables and plug your DSL modem into the WAN port.

/!\ IMPORTANT: Use the correct network interface name for your hardware version in the pppoe_ifname and wan_device NVRAM variables.

nvram set wan1_ifname=ppp0
nvram set wan1_proto=pppoe
nvram set ppp_idletime=10
nvram set ppp_mtu=1492 # The MTU of your ISP
nvram set ppp_passwd=<your_isp_password>
nvram set ppp_redialperiod=15
nvram set ppp_username=<your_isp_login>
nvram set pppoe_ifname="vlan2"
nvram set wan1_device="vlan2"
nvram commit

When done bring up the WAN connection with:

ifup wan1
Ja, so sollte das eigentlich gehen. Tut es aber nicht.

Man muss noch ein wenig Fummeln und dann geht es.

in die /etc/init.d/S10boot musste noch folgendes dazu

vconfig set_name_type VLAN_PLUS_VID_NO_PAD

# blux: vlan2 activieren
vconfig add eth0 2 
# /blux
Bis auf ein paar probleme mit dem vconfig, das bei neustart aus dem script heraus aufgerufen immer eth0:2 erstellt und nichs vom meinem vlan2 wissen möchte. LÖSUNG: eigene vconfig Zeile muss unbedingt nacht vconfig set_name_type VLAN_PLUS_VID_NO_PAD stehen. Warum auch immer, was auch immer das macht. scheint aber dem kernel eine Option für die device namen zu geben.

Aber viel wichtiger, ein BUG in den IF up scripten!
in der /sbin/ifup.pppoe muss man ein fest reingecodetes wan_device durch ${type}_device ersetzen

        IFNAME=$(nvram get ${type}_device)
und schon geht es.

Bernd 2006/11/02 22:34

1. Introduction

Lots of users requested a howto on IRC and the forum for a sample demilitarized zone configuration using OpenWrt. Well, here is the howto. Take it AS-IS. If you don't like how it's written please feel free to change it.

This example is tested with a WRT54GS v1.0 and a standard White Russian RC4 image.

(Note for users looking to duplicate the poorly-named DMZ feature found on most native firmwares - just skip straight to step 2.4. This is not as proper, but allows for a „moving DMZ host“, which may not be limited to a given port. - MarkZiesemer)

This document is written for experienced users only.

             (vlan1)       (br0)
INTERNET ---------- OpenWrt ------------ Clients
                       |
                       | (vlan2)
                       |
                       |
                       |

              Demilitarized Zone

vlan1: WAN
vlan2: LAN Port 4 (= DMZ)
br0:   LAN (Ports 1 to 3) and WiFi

vlan1: IP address from DHCP, PPPoE, static, ..
vlan2: 192.168.2.1 (192.168.2.0/24)
br0:   192.168.1.1 (192.168.1.0/24)

2. Configuration

2.1. Create a new vlan

You now have to decide which one of the LAN ports on the back of your router you want to use for the demilitarized zone. On this page it's LAN port 4.

The configuration is easily done by changing the vlan* NVRAM variables.

/!\ WARNING: Doublecheck these settings before commit them!

nvram set vlan0hwname=et0
nvram set vlan0ports="1 2 3 5*"
nvram set vlan1hwname=et0
nvram set vlan1ports="0 5"
nvram set vlan2hwname=et0
nvram set vlan2ports="4 5"
The vlan2hwname and vlan2ports NVRAM variables creates the new vlan2 for our DMZ.

2.2. Configure dmz_* variables

nvram set dmz_ifname=vlan2
nvram set dmz_ifnames=vlan2
nvram set dmz_ipaddr=192.168.2.1
nvram set dmz_netmask=255.255.255.0
nvram set dmz_proto=static

2.3. Modify the init scripts

Next is to change your init scripts to bring up the DMZ on every reboot. You have to edit the /etc/init.d/S40network file and add ifup dmz after the line ifup wan.

2.4. Configure the firewall

[..]
iptables -A forwarding_rule -i vlan2 -o $WAN  -j ACCEPT
iptables -A forwarding_rule -i vlan2 -o br0   -j ACCEPT

### Port forwarding
# http to DMZ
iptables -t nat -A prerouting_rule -i $WAN -p tcp --dport 80 -j DNAT --to 192.168.2.2
iptables        -A forwarding_rule -i $WAN -p tcp --dport 80 -d 192.168.2.2 -j ACCEPT

### DMZ (should be placed after port forwarding / accept rules)
iptables -t nat -A prerouting_rule -i $WAN -j DNAT --to 192.168.2.2
iptables        -A forwarding_rule -i $WAN -d 192.168.2.2 -j ACCEPT

Links

Bernd 2006/11/02 22:29

Firewall Logging

Jo ich glaub das reicht. fürs erste. ;-)
Ich werde dafür whl noch ein Webinterface Programmieren.

Bernd 2006/11/22 23:48

WRT54G configurieren

Ich habe eine gute Installations- und Configuratonsanleitung für openWRT gefunden. Sie ist sehr anschaulich geschrieben und beschreibt neben der Grundlegenden Installation auch die Grundconfiguration und einige feinheiten die ich noch nirgends so zusammengefasst gesehen habe. Optimal für Einsteiger!

DNS server

Um eine vollständigen DNS server auf einem Linksys zu haben, kann man das Paket „maradns“ installieren. Auf den ersten Blick erscheint die Configuration etwas unübersichtlich, jedoch ist das Quick-start-HowTo auf der Maradns Seite ein guter Einstiegspunkt.

DynDNS

Damit der DynDNS Service von openWRT mit dyndns.org funktioniert muss man in /etc/init.d/S70dyndns folgende Zeile eintragen, bzw. die Vorhandene ändern, und natürlich die nvram Variablen entsprechend seinem Account setzen.

    # alle 6 Tage die IP checken 6*24*60*60=518400                                                                                                                         
    $INADYN --dyndns_system statdns@dyndns.org --update_period_sec 518400 -u $(nvram get dyndns_user) -p $(nvram get dyndns_pass) -a $(nvram get dyndns_url) >/dev/null 2>&1 &    

UPDATE Seit einiger Zeit seze ich ez-ipupdate ein, da inadyn obsolete ist.

Traffic/System Statistiken

cron

von http://martybugs.net/wireless/openwrt/cron.cgi

Scheduling Jobs With cron on OpenWrt

This page contains an overview on how to configure cron on a Linksys WRT54GS running OpenWrt, to enable scheduled jobs to be run.

No additional software needs to be installed on OpenWrt, as it already has the crond binary included.

Note that OpenWrt whiterussian RC4 already has cron already pre-configured, so there's no need to follow the instructions on this page (other than maybe creating the /etc/crontab symlink for convenience).

Configuring crond Create crontab Directory Firstly, create the directory for crontab files:

mkdir /etc/crontabs

Note that /var/spool/cron/crontabs/ is the default directory that crond will check for configuration. However, anything in /var/ is lost during a reboot, so we'll use another directory to ensure our crontab file persists between reboots.

Create crontab File Cronjobs need to be specified in /etc/crontabs/root. For now, just create an empty file:

touch /etc/crontabs/root

Symbolic Link For ease of use, I create a symbolic link to the crontab file:

ln -sf /etc/crontabs/root /etc/crontab  

This symbolic link is not required by crond, but it allows me to reference the crontab file using /etc/crontab.

Create Init Script Create an init script, /etc/init.d/S55crond, to start the crond daemon at boot time, with the following contents:

#!/bin/sh
# start crond
/usr/sbin/crond -c /etc/crontabs

and make the script executable:

chmod 755 /etc/init.d/S55crond

Manually Start crond The crond daemon can be manually started using:

/etc/init.d/S55crond

Verify that crond successfully started by checking the syslog using:

logread

and you should see something similar to this at the end of the logread output:

Mar 21 20:29:38 (none) kern.notice crond[687]: crond 2.3.2 dillon, started, log level 8

Restart crond You'll need to restart crond whenever you make changes to the crontab file. This can be achieved using the following:

killall crond; /etc/init.d/S55crond

This will stop and restart the crond process, causing it to re-read the crontab file as it starts up, ensuring your changes to the crontab file will take effect.

Scheduling Jobs With crond

Now that you have crond running on OpenWrt, it can be used to perodically run any task that you want. Just add an entry to /etc/crontabs/root for each task that you want periodically executed.

For example, if you wanted to run a script every hour, the following would be added to crontab:

# run this script every hour
01 * * * * /path/scriptname > /dev/null

You'll then need to restart crond to make this change take effect:

killall crond; /etc/init.d/S55crond

Refer to the cron man page for more details on the syntax of the crontab file.

Logging by crond

Note that by default, crond will log a message to the syslog every time it executes a scheduled job. For example, if running a time synchronisation task every 10 minutes, syslog (accessible by running logread from a command prompt) will fill up with messages such as this:

Dec 22 11:10:01 (none) kern.notice crond[347]: USER root pid 3286 cmd /etc/init.d/S60ntpclient
Dec 22 11:20:01 (none) kern.notice crond[347]: USER root pid 3290 cmd /etc/init.d/S60ntpclient
Dec 22 11:21:44 (none) syslog.info -- MARK --
Dec 22 11:30:01 (none) kern.notice crond[347]: USER root pid 3294 cmd /etc/init.d/S60ntpclient
Dec 22 11:40:01 (none) kern.notice crond[347]: USER root pid 3298 cmd /etc/init.d/S60ntpclient

The easiest way to stop these from being logged is to configure crond to send all log messages to /dev/null. To do so, edit /etc/init.d/S55crond and change it to:

#!/bin/sh
# start crond
/usr/sbin/crond -c /etc/crontabs -L /dev/null

After restarting crond, it will no longer send any log messages to the syslog. Note that this also means that crond will not log any errors to syslog, so be sure to confirm that crond is operating correctly before configuring it to use /dev/null for logging.

next page: Time Synchronisation on OpenWrt

last updated 22 Dec 2005

Router Backup

Wenn man /tmp/ als nfs Laufwerk gemounted hat, kann man auch ohne Probleme dorthin ein Backup erstellen. Ich habe mir hierzu ein kleines Script erstellt.

Natürlich könnte man auch mit dd if=/dev/mtd/block/4 ein Backup der Partition erstellen, jedoch kann man in diesem Fall beim wieder herstellen keine einzelnen Dateien heraus ziehen. Zumindest nicht so einfach wie es mit tar.gz Archiven geht.

backup

#!/bin/sh
DATUM=`date '+%d.%m.%y-%Hh%M'`;
echo $DATUM
 
mount 2>&1 |grep "nfs" && ( tar -czf /var/backup/backup-zion-$DATUM.tar.gz /etc/
);
echo "Backup /var/backup/backup-zion-$DATUM.tar.gz erstellt";
 
exit 0;

Restore

Bei einem Restore spielt man einfach ein taufrisches openwrt auf, und überschreibt / mit dem Inhalt des letzten Backups.

Bernd 2006/12/13 19:46

Cisco SES Button to renew dhcp lease

Eine neue IP addrese auf Knopfdruck beziehen, von: http://forum.openwrt.org/viewtopic.php?id=5856

I wanted the Cisco SES button on my Linksys WRT54G v3.1 (OpenWrt-1.0 RC5) to release and renew my DHCP lease (in routed client [sta] mode). I wrote this small script and placed it in /etc/init.d/S70sesbutton. I am quite new at shell scripting, so be gentle, but how does it look? It seems to work fine… If anybody has any tips or suggestions, I'm more than happy to listen. smile Thanks!

Basically it does ifdown wan; ifup wan, looks to see if a lease (doesn't have to be as specific as one IP) was obtained, if not, flashes the orange light thrice to indicate failure, otherwise it flashes the white light thrice to indicate success.

#!/bin/sh

while : ; do
  sleep 1
  if [ "$(cat /proc/sys/button)" = "1" ]; then
    echo "0x10" > /proc/sys/diag
    ifdown wan; ifup wan > /tmp/udhcpc.last
    sleep 6
    LEASE=$(cat /tmp/udhcpc.last | grep 'Lease of 192.168.2.100 obtained')
    if [ "$LEASE" = "" ]; then
        echo "0x00" > /proc/sys/diag; sleep 1; echo "0x10" > /proc/sys/diag; sleep 1
        echo "0x00" > /proc/sys/diag; sleep 1; echo "0x10" > /proc/sys/diag; sleep 1
        echo "0x00" > /proc/sys/diag; sleep 1; echo "0x10" > /proc/sys/diag
    else
        /sbin/wifi
        echo "0x00" > /proc/sys/diag; sleep 1; echo "0x08" > /proc/sys/diag; sleep 1
        echo "0x00" > /proc/sys/diag; sleep 1; echo "0x08" > /proc/sys/diag; sleep 1
        echo "0x00" > /proc/sys/diag; sleep 1; echo "0x08" > /proc/sys/diag
    fi
    sleep 4
    echo "0x00" > /proc/sys/diag
  fi
done &

#!/bin/sh

led_flash3times()
{
    led_flash $1 $2 $3 $4
    led_flash $1 $2 $3 $4
    led_flash $1 $2 $3 $4
}
 
led_flash()
{
    led_setcolor $1
    sleep $2
    led_setcolor $3
    sleep $4
}
 
led_setcolor()
{
    echo "$1" > /proc/sys/diag
}
 
while : ; do
  sleep 1
  if [ "$(cat /proc/sys/button)" = "1" ]; then
    echo "0x10" > /proc/sys/diag
    ifdown wan; ifup wan > /tmp/udhcpc.last
    sleep 6
    LEASE=$(cat /tmp/udhcpc.last | grep 'Lease of 192.168.2.100 obtained')
    
    # declare vars
    color1="0x00"
    color2="0x10"
    color3="0x08"
    flashdelay=1
    
    if [ "$LEASE" = "" ]; then
        led_flash3times $color1 $flashdelay $color2 $flashdelay
    else
        /sbin/wifi
        led_flash3times $color1 $flashdelay $color3 $flashdelay
    fi
    
    # we are done flashing - wait a few seconds and then set the original color
    sleep 3
    led_setcolor color1
  fi
done &

interface-wrt

bei einer Suche im internet, nach eventuellem vorhandensein eines WEB-IE's für openWRT bin ich auf folgendes gestossen:

here's what's in the new version
  * ipkg management
  * ability for ipkgs to add interfaces of their own
  * adds a footer to point out this is OpenWRT
  * some css fixes (thanks Jannes)
  * other minor fixes

the ability to auto-detect other packages, if they install certain web files, is in this version.  to get an idea of how it works, install the package example-gui from my repository.

again, still beta, the usual cautions apply.  and, as always, my repository is at http://davidoffdotnet.net/openwrt/ipkg

this version includes most of the major features i intend to include, unless i hear otherwise . . . 

there are still some things i plan to add, like mac_address cloning, and other minor config options.  also, the css has become a little bloated, as has some of the ash, so i'll probably try to clean that up at some point (and, i hope, give a little speed boost to things).

most of all what this needs is bug squashing.  so please, test away and let me know any problems, no matter how small or big.  patches are welcome, but so are messages saying, "hey, x is broken"  wink

EDIT: btw, though i haven't had time to test it myself, if you use a current snapshot, the http-bb package should not be necessary.

Offline
von http://forum.openwrt.org/viewtopic.php?id=463

Die Pakete kann man von hier http://davidoffdotnet.net/openwrt/ipkg/ beziehen.

Das Paket nennt sich „interface-wrt“ und wird wie folgt installiert:

Installation von Ipkg Paketen

Eine schnelle beschreibung wie man unter openWRT pakete installiert. Wem diese Erklärung nicht ausreicht kann weiteres in der openWRT Dokumentation-packages nachlesen. Wer gar vorhat solche Pakete selbst zu bauen findet Informationen dazu im BuildingPackagesHowTo.

1. in /etc/ipkg.conf die Quelle eintragen

src openwrt http://www.openwrt.org/ipkg
src sam http://davidoffdotnet.net/openwrt/ipkg
src openswan ftp://ftp.openswan.org/openswan/binaries/openwrt/buildroot-20040509/ipkg
dest root /
dest ram /tmp

2. Das Paket installieren und nochmal nach dem Erfolg des Unterfangens schauen

/etc # ipkg install interface-wrt
/etc # ipkg status

Bernd 2006/05/09 17:48

Links

Bernd 2006/09/04 19:47

war/openwrt.txt · Zuletzt geändert: 2012/09/10 23:13 (Externe Bearbeitung)
 
Falls nicht anders bezeichnet, ist der Inhalt dieses Wikis unter der folgenden Lizenz veröffentlicht: CC Attribution-Share Alike 3.0 Unported
Recent changes RSS feed Donate Powered by PHP Valid XHTML 1.0 Valid CSS Driven by DokuWiki