=====Flash via http=====
http://downloads.openwrt.org/kamikaze/8.09.1/brcm-2.4/openwrt-wrt54g-squashfs.bin
=====Setting Password=====
====With Telnet====
Connect to the router at it's default address (usually 192.168.1.1) and issue the
passwd
command. After setting the password, any attempt to telnet in will result in a ?Login failed? message. You will need to use ssh from then on to connect using a console.
=====Setup hostname=====
vi /etc/config/system
option hostname Openwrt
to
option hostname linksysr2
=====Setup Wan IP=====
vi /etc/config/network
config interface wan
option ifname "eth0.1"
option proto static
option ipaddr 192.168.1.17
option netmask 255.255.255.0
option gateway 192.168.1.21
option dns 192.168.1.5
=====Change DHCP range=====
vi /etc/config/dhcp
config dhcp lan
option interface lan
option start 100
#Change from 150 to 10
#option limit 150
#to
option limit 10
option leasetime 12h
option force 1
=====Reserve IP=====
vi /etc/config/dhcp
# Add to bottom
config host
option name afungs-iPhone
option mac 00:23:DF:6F:AB:3D
option ip 192.168.8.2
=====Setup Wifi=====
Wireless specific (Layers 1 and 2) configuration is in /etc/config/wireless. Layer 3 (Network) is done in /etc/config/network
vi /etc/config/wireless
#wpa encryption
config wifi-device wl0
option type broadcom
option channel 5
#0 Enable wifi. 1 disalbe wifi
option disabled 0
config wifi-iface
option device wl0
option network lan
option mode ap
option ssid openwrt
option encryption psk
#0 broadcasts the ssid; 1 disables broadcasting of the ssid
option hidden 1
option key xxxxxxxx
=====Mac filtering=====
vi /etc/init.d/wlmacfilter
#!/bin/sh /etc/rc.common
# The macfilter 2 means that the filter works in "Allow" mode.
# Other options are: 0 - disabled, or 1 - Deny.
#
# The maclist is a list of mac addresses to allow/deny, quoted,
# with spaces # separating multiple entries
# eg "00:0D:0B:B5:2A:BF 00:0D:0C:A2:2A:BA"
START=47
MACLIST="00:0D:0B:B5:2A:BF 00:0D:0C:A2:2A:BA"
start() {
wlc ifname wl0 maclist "$MACLIST"
wlc ifname wl0 macfilter 2
}
stop() {
wlc ifname wl0 maclist none
wlc ifname wl0 macfilter 0
}
#Finally, enable the script to run at boot time:
chmod 755 /etc/init.d/wlmacfilter
#This add alias to /etc/rc.d/
/etc/init.d/wlmacfilter enable
=====Firewall=====
The openWRT default setting is:
*Drop all packets that state is INVALID
*Accept all packets that state is RELATED or ESTABLISHED
*Drop incoming packets from wan
*Accept all incoming packets from lan(br-lan)
*Accept all outgoing packets
*Drop forwarding packets from lan(br-lan) to wan
To add custom rules:
vi /etc/config/firewall
#Comment
#config forwarding
# option src lan
# option dest wan
# option mtu_fix 1
vi /etc/firewall.user
iptables -A input_rule -s 192.168.1.x -p tcp --dport 22 -j ACCEPT
=====Time Zone=====
uci set system.@system[0].zonename="Asia/Hong Kong"
uci set system.@system[0].timezone="HKT-8"
uci commit system
timezone=$(uci get system.@system[0].timezone); [ -z "$timezone" ] && timezone=UTC; echo "$timezone" > /tmp/TZ
Reference http://luci.freifunk-halle.net/UserDocs/TimeZones
=====NTP Client=====
opkg install ntpclient
#Change the default NTP server using UCI. By default there are four NTP servers configured. To change the first NTP server run the following UCI command:
uci set ntpclient.@ntpserver[0].hostname=stdtime.gov.hk
#Save the changes with:
uci commit ntpclient
#Restart the network to update the time
/etc/init.d/network restart
=====OpenVPN=====
opkg install openssl-utils
=====Additional packages=====
opkg update
#openvpn
opkg install openvpn
#tcpdump
wget
http://downloads.openwrt.org/kamikaze/8.09.1/brcm-2.4/packages/libpcap_0.9.8-1_mipsel.ipk
opkg install libpcap_0.9.8-1_mipsel.ipk
wget
http://downloads.openwrt.org/kamikaze/8.09.1/brcm-2.4/packages/tcpdump_3.9.8-1.1_mipsel.ipk
opkg install tcpdump_3.9.8-1.1_mipsel.ipk
#iptables-save and iptables-restore
wget
http://downloads.openwrt.org/kamikaze/8.09.1/brcm-2.4/packages/iptables-utils_1.3.8-4.1_mipsel.ipk
opkg install iptables-utils_1.3.8-4.1_mipsel.ipk
沒有留言:
發佈留言