potrebno je urediti dokument!! styling!!
Namestil sem firmware OpenWrt kamikaze 7.09 v datotekama openwrt-atheros-2.6-root.jffs2-64k in kernelom openwrt-atheros-2.6-vmlinux.lzma.
Na TFPT strežnik (na IPju 192.168.1.166) postavil obe datoteki, ob zagonu routerja se nanj povezal:
telnet 192.168.1.254 9000
in na njem pognal:
ip_addr -h 192.168.1.166 -l 192.168.1.254/24
fis init
load -r -v -b %{FREEMEMLO} openwrt-atheros-2.6-root.jffs2-64k
fis create -f 0xA8030000 -l 0x006F0000 -e 0x00000000 rootfs
load -r -v -b %{FREEMEMLO} openwrt-atheros-2.6-vmlinux.lzma
fis create -r 0x80041000 -e 0x80041000 vmlinux.bin.l7
reset
Prijavil s telnetom na 192.168.1.1 in nastavil root geslo.
/etc/init.d/firewall stop /etc/init.d/firewall disable
echo -n > /etc/firewall.user echo -n > /etc/config/firewall
V /etc/config/network nastavil IP na 192.168.10.1 in:
/etc/init.d/network restart
in se prijavil na novo preko SSH (prej si primerno spremenil IP).
V /lib/network/config.sh sem spremenil:
ifconfig "$iface" down
v:
ifconfig "$iface" down 2>/dev/null >/dev/null
in:
# Interface settings
config_get mtu "$config" mtu
config_get macaddr "$config" macaddr
$DEBUG ifconfig "$iface" ${macaddr:+hw ether "$macaddr"} ${mtu:+mtu $mtu} up
uci set "/var/state/network.$config.ifname=$iface"
v:
# Interface settings (if not an alias)
if [ "${iface##*:}" = "$iface" ]; then
config_get mtu "$config" mtu
config_get macaddr "$config" macaddr
$DEBUG ifconfig "$iface" ${macaddr:+hw ether "$macaddr"} ${mtu:+mtu $mtu} up
fi
uci set "/var/state/network.$config.ifname=$iface"
V /etc/hotplug.d/net/10-net sem dodal na začetek, takoj po include:
setup_interface_if_auto() {
local cfg="$(find_config "$1")"
# check the autoload setting
config_get auto "$cfg" auto
case "$auto" in
1|on|enabled) setup_interface "$1";;
*) return 1 ;;
esac
}
in spremenil:
local cfg="$(find_config "$INTERFACE")"
# check the autoload setting
config_get auto "$cfg" auto
case "$auto" in
1|on|enabled) setup_interface "$INTERFACE";;
esac
v:
if setup_interface_if_auto "$INTERFACE"; then
# Setup interface alises
for ifc in $interfaces; do
config_get dev "$ifc" ifname
[ "${dev%%:*}" = "$INTERFACE" -a "$dev" != "$INTERFACE" ] && {
setup_interface_if_auto "$dev"
}
done
fi
Nastavil sem /etc/config/network na:
config interface loopback option ifname lo option proto static option ipaddr 127.0.0.1 option netmask 255.0.0.0
config interface wifi option ifname "ath0" option proto static option ipaddr 10.16.201.161 option netmask 255.255.255.224
config interface mesh option ifname "ath0:0" option proto static option ipaddr 10.14.0.17 option netmask 255.255.0.0
config interface wan option ifname "eth0" option proto dhcp
config interface fallback option ifname "eth0:0" option proto static option ipaddr 169.254.189.120 option netmask 255.255.0.0
V /etc/config/wireless:
config wifi-device wifi0 option type atheros option channel 8 option mode 11g option diversity 0 option txantenna 1 option rxantenna 1
config wifi-iface option device wifi0 option network wifi option mode adhoc option ssid open.kiberpipa.net option bssid 02:CA:FF:EE:BA:BE option hidden 0 option isolate 0 option encryption none #option rts 250 #option frag 512 option bgscan 0
rts in frag nastavitvi še ne delata pravilno v tej verziji (r3314) madwifi modula, zato sta začasno zakomentirani.
V /etc/config/dhcp sem nastavil:
config dhcp option interface wifi option start 162 option limit 29 option leasetime 3h option force 1
config dhcp option interface mesh option start 0 option limit 0 option leasetime infinite option force 1
config dhcp option interface wan option ignore 1
config dhcp option interface fallback option ignore 1
touch /etc/ethers
V /etc/dnsmasq.conf sem nastavil:
domain-needed bogus-priv filterwin2k localise-queries local=/wifi/ domain=wifi expand-hosts no-negcache no-resolv server=10.14.0.1 server=10.14.0.2 dhcp-authoritative dhcp-leasefile=/tmp/dhcp.leases read-ethers
Sprašuje le DNS strežnike v omrežju.
V /etc/init.d/dnsmasq sem dodal za:
append_bool "$cfg" ignore "-I $ifname"
še:
config_get_bool ignore "$cfg" ignore [ "$ignore" -gt 0 ] && return 0
saj se sicer dnsmasqu vseeno lahko doda range, čeprav je ignore nastavljen, in zamenjal:
limit="$((${limit:-150} + 1))"
z (da računa malo bolj pravilno):
limit="${limit:-150}"
in za:
eval "$(ipcalc.sh $ipaddr $netmask $start $limit)"
dodal:
if [ "$limit" = "0" ]; then END=static fi
za podporo le statičnemu delovanju DHCP strežnika (če je limit nastavljen na 0).
V /etc/config/system:
config system option hostname rog-4
reboot
Prijavil na 169.254.189.120.
Ker sem potreboval uplink (169.254.189.100 je IP računalnika s katerim sem bil prijavljen na router, saj sem uporabljal failback nastavitve):
route add default gw 169.254.189.100 dev eth0:0 metric 100 route add -host 193.164.137.78 gw 169.254.189.100 dev eth0:0 route add -host 91.185.199.246 gw 169.254.189.100 dev eth0:0 echo "nameserver 193.2.1.66" > /etc/resolv.conf
V /etc/ipkg.conf sem dodal na vrhu:
src wifi http://ipkg.stargate.si/mips
ipkg update ipkg upgrade
To je nadgradilo busybox na naš paket.
ipkg upgrade
To je nadgradilo se kmod-madwifi modul.
ipkg install kmod-softdog
reboot
Še enkrat nastavil uplink:
ipkg install ntpclient
dropbearkey -t dss -s 1024 -f /etc/dropbear/dropbear_dss_host_key.new dropbearkey -t rsa -s 2048 -f /etc/dropbear/dropbear_rsa_host_key.new mv /etc/dropbear/dropbear_dss_host_key.new /etc/dropbear/dropbear_dss_host_key mv /etc/dropbear/dropbear_rsa_host_key.new /etc/dropbear/dropbear_rsa_host_key
Naredil sem datoteko /etc/init.d/date:
#!/bin/sh /etc/rc.common
START=35
start() {
date 060100002008
}
chmod +x /etc/init.d/date /etc/init.d/date enable /etc/init.d/date start
ipkg install openvpn
mkdir /etc/openvpn/
V /etc/openvpn/wlanlj.conf:
client proto udp dev tap0 remote 193.164.137.78 9999 remote 91.185.199.246 9999 resolv-retry infinite nobind persist-key persist-tun ns-cert-type server comp-lzo daemon auth-user-pass /etc/openvpn/wlanlj.pass auth-retry nointeract cipher BF-CBC ifconfig 10.14.0.17 255.255.0.0 writepid /var/run/openvpn.pid verb 3 mute 20 user nobody group nogroup ca /etc/openvpn/wlanlj-ca.crt tls-auth /etc/openvpn/wlanlj-ta.key 1
V /etc/default/openvpn:
CONFIG="/etc/openvpn/wlanlj.conf" OPTIONS="--config $CONFIG"
V /etc/openvpn/wlanlj.pass sem vpisal uporabniško ime in geslo, vsako v svojo vrstico.
Skopiral wlanlj-ca.crt, wlanlj-ta.key v /etc/openvpn in nastavil, da so vse tri datoteke berljive le za root uporabnika.
ipkg install olsrd
Nastavil /etc/olsrd.conf:
DebugLevel 0
IpVersion 4
ClearScreen yes
Hna4
{
10.16.201.160 255.255.255.224
}
AllowNoInt yes
UseHysteresis no
LinkQualityLevel 2
LinkQualityWinSize 100
Pollrate 0.1
NicChgsPollInt 3.0
TcRedundancy 2
MprCoverage 1
Interface "ath0:0"
{
HelloInterval 4.0
HelloValidityTime 80.0
TcInterval 8.0
TcValidityTime 160.0
MidInterval 8.0
MidValidityTime 160.0
HnaInterval 8.0
HnaValidityTime 160.0
}
Interface "tap0"
{
HelloInterval 4.0
HelloValidityTime 80.0
TcInterval 8.0
TcValidityTime 160.0
MidInterval 8.0
MidValidityTime 160.0
HnaInterval 8.0
HnaValidityTime 160.0
LinkQualityMult default 0.44
}
V /etc/sysctl.conf sem nastavil:
dev.wifi0.diversity=0 dev.wifi0.rxantenna=1 dev.wifi0.txantenna=1 net.ipv4.conf.default.arp_announce=1 net.ipv4.conf.all.arp_announce=1
V /etc/modules.d/50-madwifi sem nastavil:
ath_ahb countrycode=0 outdoor=1
ipkg remove bridge ppp-mod-pppoe kmod-pppoe ppp kmod-ppp
ipkg install ip nmap tcpdump ngrep
V /usr/share/udhcpc/default.script sem:
route add default gw $i dev $interface
spremenil v:
route add default gw $i dev $interface metric 100
in:
$(route -n | awk '/^0.0.0.0\W{9}('$valid')\W/ {next} /^0.0.0.0/ {print "route del -net "$1" gw "$2";"}')
v (da pocisi le svoje route in ne drugih default):
$(route -n | awk '/^0.0.0.0\W{9}('$valid')\W/ {next} !/('$interface')$/ {next} /^0.0.0.0/ {print "route del -net "$1" gw "$2" metric 100;"}')
Tako bo povezava preko DHCP imela nižjo prioriteto kot tista preko omrežja (za to, da pa ima brezžična povezava višjo prioriteto od VPNja, pa skrbi OLSR z obtežitvijo).
V /etc/hotplug.d/iface/10-routes sem v add_route() pred:
[ -n "$gateway" ] || {
dodal:
[ "$gateway" = "auto" ] && {
# Get the gateway from the interface configuration
config_get gateway "$interface" gateway
}
Tako mi ni potrebno nastaviti točnega IP-ja gatewaya, saj ga pri DHCP wan povezavi tudi ne vem vnaprej.
Ker imajo routerji v splosnem dva default routa je potrebno nastaviti, da povezave, ki se naredijo preko enega izmed njiju od zunaj tudi po istem gredo nazaj. Recimo ce ping pride po enem default routu (ker je verjetno povezan v druga omrezja), se mora vrniti po istem nazaj, ne pa se poskusiti vrniti po default routu tocke.
mkdir /etc/iproute2/ echo "8 wan" > /etc/iproute2/rt_tables
V /etc/hotplug.d/iface/10-routes dodal v sklop branja nastavitev:
config_get table "$config" table
odstranil dele:
config_get netmask "$config" netmask
netmask="${netmask:-255.255.255.255}"
dest="${netmask:+-net "$target" netmask "$netmask"}"
dest="${dest:--host "$target"}"
[ -n "$gateway" ] || {
echo "Missing gateway in route section $config"
return 1
}
dodal za sklopom [ “$gateway” = “auto” ]:
wasnetwork=0
[ "$target" = "network" ] && {
config_get ipaddr "$interface" ipaddr
config_get netmask "$interface" netmask
target=`ipcalc.sh "$ipaddr" "$netmask" | grep NETWORK | cut -d "=" -f 2`/`ipcalc.sh "$ipaddr" "$netmask" | grep PREFIX | cut -d "=" -f 2`
wasnetwork=1
}
odstranil komentar celotnega tega dela “make sure there is a gateway and a target”, ker ni več točen, in spremenil glavni ukaz v:
/usr/sbin/ip route add $target ${gateway:+via "$gateway"} ${dev:+dev "$dev"} ${metric:+metric "$metric"} ${table:+table "$table"}
in za njim dodal se (rahlo hardcodeano delovanje):
[ -n "$table" ] && {
config_get ipaddr "$interface" ipaddr
/usr/sbin/ip rule list | grep -q "from $ipaddr lookup $table" || /usr/sbin/ip rule add from "$ipaddr" pref 15000 table "$table"
[ "$wasnetwork" != 0 ] || [ "$target" = "default" ] || /usr/sbin/ip rule list | grep -q "from all to $target lookup $table" || /usr/sbin/ip rule add to "$target" pref 20000 table "$table"
/usr/sbin/ip rule list | grep -q "from all fwmark 0x100000/0x100000 lookup main" || /usr/sbin/ip rule add fwmark 0x100000/0x100000 pref 10000 table main
}
Na konec /etc/config/network sem tako dodal se route preko wana:
config route wanvpn1 option interface wan option target 193.164.137.78 option gateway auto option metric 0 option table wan config route wanvpn2 option interface wan option target 91.185.199.246 option gateway auto option metric 0 option table wan
config route wannetwork option interface wan option target network option metric 0 option table wan
config route wandefault option interface wan option target default option gateway auto option metric 0 option table wan
To tudi ohrani route do VPN, ker se sicer izgubi povezava do VPNja, ko se enkrat doda default route, ki gre preko VPNja (saj ima nižji metric). Ta default route OLSR ponovno umakne čez čas, VPN povezava se ponovno vzpostavi, pa ga ponovno doda … Vmes tudi morebitnemu uporabniku prijavljenjemu na točko povezava nekaj časa dela in nekaj časa ne dela. Namreč ko se umakne default route preko VPNja, točka pošlje pakete (ker se ni firewalla, takrat pa bi prav tako to bil problem) na svoj wan, ampak naprave naprej na wanu ne poznajo IP-ja tega uporabika, točka pa ne dela NATa, da bi IP zakrila. Tako povezava takrat ne deluje. (Da bi se to v tem koraku testiralo, mora biti v /proc/sys/net/ipv4/ip_forward 1 in firewall pravilno nastavljen, da dovoljuje forward.)
Nastavil sem /etc/init.d/firewall na:
#!/bin/sh /etc/rc.common
START=45
start() {
include /lib/network
scan_interfaces
config_load /var/state/network
config_get WIFI_IF wifi ifname
config_get MESH_IF mesh ifname
config_get LAN_IF lan ifname
config_get LANMESH_IF lanmesh ifname
config_get WAN_IF wan ifname
config_get FALLBACK_IF fallback ifname
config_get WIFI_ADDR wifi ipaddr
config_get LAN_ADDR lan ipaddr
config_get FALLBACK_ADDR fallback ipaddr
config_get WIFI_MASK wifi netmask
config_get LAN_MASK lan netmask
config_get FALLBACK_MASK fallback netmask
WIFI_DEV=${WIFI_IF%%:*}
MESH_DEV=${MESH_IF%%:*}
LAN_DEV=${LAN_IF%%:*}
LANMESH_DEV=${LANMESH_IF%%:*}
WAN_DEV=${WAN_IF%%:*}
FALLBACK_DEV=${FALLBACK_IF%%:*}
VPN_DEV="tap+"
WIFI_IN="-i $WIFI_DEV -s $WIFI_ADDR/$WIFI_MASK"
MESH_IN="-i $MESH_DEV -s ! $WIFI_ADDR/$WIFI_MASK"
LAN_IN="-i $LAN_DEV -s $LAN_ADDR/$LAN_MASK"
[ -n "$LAN_IF" ] && LANMESH_IN="-i $LANMESH_DEV -s ! $LAN_ADDR/$LAN_MASK" || LANMESH_IN="-i $LANMESH_DEV"
WAN_IN="-i $WAN_DEV -s ! $FALLBACK_ADDR/$FALLBACK_MASK"
FALLBACK_IN="-i $FALLBACK_DEV -s $FALLBACK_ADDR/$FALLBACK_MASK"
VPN_IN="-i $VPN_DEV"
WAN_OUT="-o $WAN_DEV -d ! $FALLBACK_ADDR/$FALLBACK_MASK"
VPN_HOST1="193.164.137.78"
VPN_HOST2="91.185.199.246"
VPN_PORT="9999"
# Clears everything, INPUT & OUTPUT policy ACCEPT, FORWARD policy DROP
stop
### INPUT ###
iptables -P INPUT DROP
iptables -A INPUT -m state --state INVALID -j DROP
iptables -A INPUT -p tcp --tcp-flags SYN SYN --tcp-option \! 2 -j DROP
iptables -A INPUT -m state --state ESTABLISHED,RELATED -j ACCEPT
iptables -A INPUT -i lo -j ACCEPT
iptables -A INPUT $FALLBACK_IN -j ACCEPT
# Allows node SSH from anywhere
iptables -A INPUT -p tcp --dport 22 -j ACCEPT
# Allows node HTTP from anywhere except wan
[ -n "$WAN_IF" ] && iptables -A INPUT $WAN_IN -p tcp --dport 80 -j REJECT --reject-with icmp-net-prohibited
iptables -A INPUT -p tcp --dport 80 -j ACCEPT
# Allows node DNS from anywhere except wan
[ -n "$WAN_IF" ] && iptables -A INPUT $WAN_IN -p tcp --dport 53 -j REJECT --reject-with icmp-net-prohibited
[ -n "$WAN_IF" ] && iptables -A INPUT $WAN_IN -p udp --dport 53 -j REJECT --reject-with icmp-net-prohibited
iptables -A INPUT -p tcp --dport 53 -j ACCEPT
iptables -A INPUT -p udp --dport 53 -j ACCEPT
# Allows captive portal
iptables -A INPUT $WIFI_IN -p tcp --dport 2050 -j ACCEPT
# Allows DHCP (broadcast)
iptables -A INPUT -i $WIFI_DEV -p udp --sport 68 --dport 67 -j ACCEPT
[ -n "$LAN_IF" ] && iptables -A INPUT -i $LAN_DEV -p udp --sport 68 --dport 67 -j ACCEPT
# Allows OLSR (broadcast)
iptables -A INPUT $MESH_IN -p udp --dport 698 -j ACCEPT
[ -n "$LANMESH_IF" ] && iptables -A INPUT $LANMESH_IN -p udp --dport 698 -j ACCEPT
iptables -A INPUT $VPN_IN -p udp --dport 698 -j ACCEPT
# Allows useful ICMP (like ping)
iptables -A INPUT -p icmp --icmp-type echo-reply -j ACCEPT
iptables -A INPUT -p icmp --icmp-type destination-unreachable -j ACCEPT
iptables -A INPUT -p icmp --icmp-type source-quench -j ACCEPT
iptables -A INPUT -p icmp --icmp-type echo-request -j ACCEPT
iptables -A INPUT -p icmp --icmp-type time-exceeded -j ACCEPT
iptables -A INPUT -p icmp --icmp-type parameter-problem -j ACCEPT
# Allows traceroute
iptables -A INPUT -p udp --sport 32769:65535 --dport 33434:33523 -j ACCEPT
iptables -A INPUT -p icmp --icmp-type 30 -j ACCEPT
### FORWARD ###
iptables -P FORWARD DROP
iptables -A FORWARD -m state --state INVALID -j DROP
iptables -A FORWARD -p tcp --tcp-flags SYN SYN --tcp-option \! 2 -j DROP
iptables -t mangle -A FORWARD -p tcp --tcp-flags SYN,RST SYN -j TCPMSS --clamp-mss-to-pmtu
iptables -A FORWARD -m state --state ESTABLISHED,RELATED -j ACCEPT
# Disallows routing OLSR packets in a network
iptables -A FORWARD -p udp --dport 698 -j DROP
# Disallows routing DHCP packets in a network
iptables -A FORWARD -p udp --dport 67 -j DROP
iptables -A FORWARD -p udp --sport 68 -j DROP
# Disallows VPN connections to our VPN servers in a network
iptables -A FORWARD -p tcp -d $VPN_HOST1 --dport $VPN_PORT -j REJECT --reject-with icmp-net-prohibited
iptables -A FORWARD -p udp -d $VPN_HOST1 --dport $VPN_PORT -j REJECT --reject-with icmp-net-prohibited
iptables -A FORWARD -p tcp -d $VPN_HOST2 --dport $VPN_PORT -j REJECT --reject-with icmp-net-prohibited
iptables -A FORWARD -p udp -d $VPN_HOST2 --dport $VPN_PORT -j REJECT --reject-with icmp-net-prohibited
# Disallows routing from or to a wan segment
[ -n "$WAN_IF" ] && iptables -A FORWARD -m state --state NEW $WAN_IN -j DROP
[ -n "$WAN_IF" ] && iptables -A FORWARD -m state --state NEW $WAN_OUT -j DROP
# Allows routing inside other segments
iptables -A FORWARD -m state --state NEW -j ACCEPT
### OUPUT ###
iptables -P OUTPUT ACCEPT
# Allows VPN connections from the router only through wan or fallback
[ -n "$WAN_IF" ] && iptables -A OUTPUT -o $WAN_DEV -p tcp -d $VPN_HOST1 --dport $VPN_PORT -j ACCEPT
[ -n "$WAN_IF" ] && iptables -A OUTPUT -o $WAN_DEV -p tcp -d $VPN_HOST2 --dport $VPN_PORT -j ACCEPT
[ -n "$WAN_IF" ] && iptables -A OUTPUT -o $WAN_DEV -p udp -d $VPN_HOST1 --dport $VPN_PORT -j ACCEPT
[ -n "$WAN_IF" ] && iptables -A OUTPUT -o $WAN_DEV -p udp -d $VPN_HOST2 --dport $VPN_PORT -j ACCEPT
iptables -A OUTPUT -o $FALLBACK_DEV -p tcp -d $VPN_HOST1 --dport $VPN_PORT -j ACCEPT
iptables -A OUTPUT -o $FALLBACK_DEV -p tcp -d $VPN_HOST2 --dport $VPN_PORT -j ACCEPT
iptables -A OUTPUT -o $FALLBACK_DEV -p udp -d $VPN_HOST1 --dport $VPN_PORT -j ACCEPT
iptables -A OUTPUT -o $FALLBACK_DEV -p udp -d $VPN_HOST2 --dport $VPN_PORT -j ACCEPT
iptables -A OUTPUT -p tcp -d $VPN_HOST1 --dport $VPN_PORT -j REJECT --reject-with icmp-net-prohibited
iptables -A OUTPUT -p tcp -d $VPN_HOST2 --dport $VPN_PORT -j REJECT --reject-with icmp-net-prohibited
iptables -A OUTPUT -p udp -d $VPN_HOST1 --dport $VPN_PORT -j REJECT --reject-with icmp-net-prohibited
iptables -A OUTPUT -p udp -d $VPN_HOST2 --dport $VPN_PORT -j REJECT --reject-with icmp-net-prohibited
### ROUTING ###
iptables -t mangle -A PREROUTING -d $VPN_HOST1 -j MARK --or-mark 0x100000
iptables -t mangle -A PREROUTING -d $VPN_HOST2 -j MARK --or-mark 0x100000
echo 1 > /proc/sys/net/ipv4/ip_forward
}
stop() {
echo 0 > /proc/sys/net/ipv4/ip_forward
iptables -t filter -P INPUT ACCEPT
iptables -t filter -P OUTPUT ACCEPT
iptables -t filter -P FORWARD DROP
iptables -t filter -F
iptables -t filter -X
iptables -t nat -P PREROUTING ACCEPT
iptables -t nat -P POSTROUTING ACCEPT
iptables -t nat -P OUTPUT ACCEPT
iptables -t nat -F
iptables -t nat -X
iptables -t mangle -P PREROUTING ACCEPT
iptables -t mangle -P OUTPUT ACCEPT
iptables -t mangle -P INPUT ACCEPT
iptables -t mangle -P FORWARD ACCEPT
iptables -t mangle -P POSTROUTING ACCEPT
iptables -t mangle -F
iptables -t mangle -X
}
/etc/init.d/firewall enable /etc/init.d/openvpn enable /etc/init.d/olsrd enable
reboot
Osnovno delovanje je tako nastavljeno.
mkdir /www/cgi-bin/
V /www/cgi-bin/urandom sem napisal:
#!/bin/sh echo "Content-type: application/octet-stream" echo cat /dev/urandom
chmod +x /www/cgi-bin/urandom
V /www/cgi-bin/zero sem napisal:
#!/bin/sh echo "Content-type: application/octet-stream" echo cat /dev/zero
chmod +x /www/cgi-bin/zero
Tako HTTP strežnik ponuja neskončni “datoteki”, ki lahko služita za merjenje kvalitete povezave, če se meri hitrost prenosa /cgi-bin/urandom (ceprav ta je odvisen potem precej od hitrosti CPU, tako da za velike hitrosti ni) in /cgi-bin/zero.
V /etc/init.d/httpd sem:
config_get ifname wan hostname
[ -d /www ] && httpd -p 80 -h /www -r ${hostname:-OpenWrt}
spremenil v:
hostname=`cat /proc/sys/kernel/hostname`
[ -d /www ] && httpd -p 80 -h /www -r ${hostname:-OpenWrt} -R / -H 10.14.0.2
/etc/init.d/httpd restart
Namestil program za merjenje hitrosti povezave, recimo za prenašanje tistih neskoncnih cgi-bin streamov (in seveda drugih stvari, ker za razliko od wgeta izpisuje hitrost prenosa):
ipkg install curl
Primer:
curl -o /dev/null http://localhost/cgi-bin/zero
ipkg install nodogsplash
Nastavil /etc/nodogsplash/nodogsplash.conf na:
GatewayInterface ath0
GatewayIPRange 10.16.201.160/27
GatewayName kiberpipa.net
ClientIdleTimeout 30
ClientForceTimeout 360
MaxClients 25
FirewallRuleSet preauthenticated-users {
FirewallRule allow tcp port 53 to 10.14.0.1
FirewallRule allow udp port 53 to 10.14.0.1
FirewallRule allow tcp port 53 to 10.14.0.2
FirewallRule allow udp port 53 to 10.14.0.2
FirewallRule allow icmp to 10.14.0.1
FirewallRule allow icmp to 10.14.0.2
}
FirewallRuleSet authenticated-users {
FirewallRule allow
}
FirewallRuleSet users-to-router {
FirewallRule allow tcp port 22
FirewallRule allow tcp port 53
FirewallRule allow udp port 53
FirewallRule allow udp port 67
FirewallRule allow tcp port 80
FirewallRule allow icmp
}
/etc/init.d/nodogsplash enable /etc/init.d/nodogsplash start
V kolikor se želi imeti lan port, se v /etc/config/network zakomentira wan del in doda:
config interface lan option ifname "eth0" option proto static option ipaddr 10.16.201.193 option netmask 255.255.255.224
V /etc/config/dhcp se doda še:
config dhcp option interface lan option start 194 option limit 29 option leasetime 3h
V /etc/olsrd.conf se doda se v Hna4 sekcijo:
10.16.201.192 255.255.255.224
Ter se onemogoči VPN, če ni wana:
/etc/init.d/openvpn disable
reboot
V kolikor se želi imeti lan port za meshing, se v /etc/config/network zakomentira wan del (seveda ne more biti hkrati tudi lan, če je, se stvari zakomplicirajo in se mora lanmesh nastaviti kot dodaten alias) in doda:
config interface lanmesh option ifname "eth0" option proto static option ipaddr 10.14.0.17 option netmask 255.255.0.0
V /etc/config/dhcp se doda še:
config dhcp option interface lanmesh option start 0 option limit 0 option leasetime infinite
V /etc/olsrd.conf se doda interface iz:
Interface "ath0:0"
v:
Interface "ath0:0" "eth0"
Ter se onemogoči VPN, če ni wana:
/etc/init.d/openvpn disable
reboot