Howto openwrt: Difference between revisions
Jump to navigation
Jump to search
Mandulete1 (talk | contribs) No edit summary |
Mandulete1 (talk | contribs) No edit summary |
||
| Line 137: | Line 137: | ||
restart dhcp service: | restart dhcp service: | ||
service dnsmasq restart | service dnsmasq restart | ||
= configure firewall = | |||
edit /etc/config/firewall: | |||
config defaults | |||
option syn_flood 1 | |||
option input REJECT | |||
option output ACCEPT | |||
option forward REJECT | |||
config zone | |||
option name lan | |||
list network 'lan' | |||
option input ACCEPT | |||
option output ACCEPT | |||
option forward ACCEPT | |||
config zone | |||
option name wan | |||
list network 'wan' | |||
option input REJECT | |||
option output ACCEPT | |||
option forward REJECT | |||
option masq 1 | |||
option mtu_fix 1 | |||
config zone | |||
option name wifi2 | |||
list network 'wifi2' | |||
option input ACCEPT | |||
option output ACCEPT | |||
option forward ACCEPT | |||
option masq 1 | |||
option mtu_fix 1 | |||
config forwarding | |||
option src lan | |||
option dest wan | |||
config forwarding | |||
option src wifi2 | |||
option dest wan | |||
# We need to accept udp packets on port 68, | |||
# see https://dev.openwrt.org/ticket/4108 | |||
config rule | |||
option name Allow-DHCP-Renew | |||
option src wan | |||
option proto udp | |||
option dest_port 68 | |||
option target ACCEPT | |||
option family ipv4 | |||
# Allow IPv4 ping | |||
config rule | |||
option name Allow-Ping | |||
option src wan | |||
option proto icmp | |||
option icmp_type echo-request | |||
option family ipv4 | |||
option target ACCEPT | |||
config rule | |||
option name Allow-IGMP | |||
option src wan | |||
option proto igmp | |||
option family ipv4 | |||
option target ACCEPT | |||
# Allow IPSec | |||
config rule | |||
option name Allow-IPSec-ESP | |||
option src wan | |||
option dest lan | |||
option proto esp | |||
option target ACCEPT | |||
config rule | |||
option name Allow-ISAKMP | |||
option src wan | |||
option dest lan | |||
option dest_port 500 | |||
option proto udp | |||
option target ACCEPT | |||
restart firewall: | |||
service firewall restart | |||
= install luci theme = | = install luci theme = | ||
install packages: | install packages: | ||
Revision as of 01:40, 28 March 2024
download image
download openwrt image for x86:
https://downloads.openwrt.org/releases/22.03.0/targets/x86/legacy/openwrt-22.03.0-x86-legacy-generic-squashfs-combined.img.gz
decompress image:
gzip -d openwrt-22.03.0-x86-legacy-generic-squashfs-combined.img.gz
copy image to pendrive:
dd if=openwrt-22.03.0-x86-legacy-generic-squashfs-combined.img of=/dev/sdd status=progress
soekris net6501
install e1000e driver for intel 82574L:
mkdir openwtr/23.05.3 -p cd openwtr/23.05.3 wget https://downloads.openwrt.org/releases/23.05.3/targets/x86/legacy/packages/kmod-e1000e_5.15.150-1_i386_pentium-mmx.ipk wget https://downloads.openwrt.org/releases/23.05.3/targets/x86/legacy/packages/kmod-ptp_5.15.150-1_i386_pentium-mmx.ipk opkg install *.ipk
load kernel module:
modprobe e1000e
configure network
edit /etc/config/network:
config interface 'loopback'
option device 'lo'
option proto 'static'
option ipaddr '127.0.0.1'
option netmask '255.0.0.0'
config globals 'globals'
option ula_prefix 'fd5c:aa60:b3ab::/48'
config device 'lan_br'
option name 'br-lan'
option type 'bridge'
list ports 'eth1'
list ports 'eth2'
list ports 'eth3'
config device 'eth1'
option name 'eth1'
config device 'eth2'
option name 'eth2'
config device 'eth3'
option name 'eth3'
config interface 'lan'
option device 'br-lan'
option proto 'static'
option netmask '255.255.255.0'
option ipaddr '192.168.99.1'
config interface 'wan'
option device 'eth0'
option proto 'dhcp'
config interface 'wifi2'
option proto 'static'
option device 'wlan0'
option ipaddr '172.16.164.254'
option netmask '255.255.255.0'
edit /etc/config/wireless:
config wifi-device 'radio0'
option type 'mac80211'
option path 'pci0000:00/0000:00:1a.0/0000:0d:00.0'
option channel '11'
option band '2g'
option htmode 'HE80'
option cell_density '1'
option txpower '11'
option country 'US'
config wifi-iface 'wifinet0'
option device 'radio0'
option mode 'ap'
option ssid 'mierdero'
option encryption 'psk2+tkip+ccmp'
option key 'livinglavidalinux'
option network 'wifi2'
option ifname 'wlan0'
start network:
service network start
install packages
update repo:
opkg update
install packages:
opkg install bash curl parted fdisk lsblk nano hostapd wireless-tools wpa-supplicant kmod-iwlwifi pciutils iwlwifi-firmware-ax200 iwlwifi-firmware-ax210
configure dhcp server
edit /etc/config/dhcp:
config dnsmasq
option domainneeded '1'
option boguspriv '1'
option filterwin2k '0'
option localise_queries '1'
option rebind_protection '1'
option rebind_localhost '1'
option local '/lan/'
option domain 'lan.ovox.local'
option expandhosts '1'
option nonegcache '0'
option cachesize '1000'
option authoritative '1'
option readethers '1'
option leasefile '/tmp/dhcp.leases'
option resolvfile '/tmp/resolv.conf.d/resolv.conf.auto'
option nonwildcard '1'
option localservice '1'
option ednspacket_max '1232'
option filter_aaaa '0'
option filter_a '0'
list server '4.2.2.1'
list server '4.2.2.2'
config dhcp 'lan'
option interface 'lan'
option start '100'
option limit '150'
option leasetime '12h'
option dhcpv4 'server'
option ra 'server'
option ra_slaac '1'
list ra_flags 'managed-config'
list ra_flags 'other-config'
config dhcp 'wan'
option interface 'wan'
option ignore '1'
config odhcpd 'odhcpd'
option maindhcp '0'
option leasefile '/tmp/hosts/odhcpd'
option leasetrigger '/usr/sbin/odhcpd-update'
option loglevel '4'
config dhcp 'wifi2'
option interface 'wifi2'
option start '240'
option leasetime '2m'
option limit '14'
restart dhcp service:
service dnsmasq restart
configure firewall
edit /etc/config/firewall:
config defaults
option syn_flood 1
option input REJECT
option output ACCEPT
option forward REJECT
config zone
option name lan
list network 'lan'
option input ACCEPT
option output ACCEPT
option forward ACCEPT
config zone
option name wan
list network 'wan'
option input REJECT
option output ACCEPT
option forward REJECT
option masq 1
option mtu_fix 1
config zone option name wifi2 list network 'wifi2' option input ACCEPT option output ACCEPT option forward ACCEPT option masq 1 option mtu_fix 1 config forwarding option src lan option dest wan
config forwarding option src wifi2 option dest wan
# We need to accept udp packets on port 68, # see https://dev.openwrt.org/ticket/4108 config rule option name Allow-DHCP-Renew option src wan option proto udp option dest_port 68 option target ACCEPT option family ipv4
# Allow IPv4 ping config rule option name Allow-Ping option src wan option proto icmp option icmp_type echo-request option family ipv4 option target ACCEPT
config rule option name Allow-IGMP option src wan option proto igmp option family ipv4 option target ACCEPT
- Allow IPSec
config rule option name Allow-IPSec-ESP option src wan option dest lan option proto esp option target ACCEPT
config rule option name Allow-ISAKMP option src wan option dest lan option dest_port 500 option proto udp option target ACCEPT
restart firewall:
service firewall restart
install luci theme
install packages:
opkg install luci-compat opkg install luci-lib-ipkg wget --no-check-certificate https://github.com/jerrykuku/luci-theme-argon/releases/download/v2.3.1/luci-theme-argon_2.3.1_all.ipk opkg install luci-theme-argon_2.3.1_all.ipk