Network/WRT54GL.md
... ...
@@ -8,38 +8,38 @@ title: WRT54GL
8 8
9 9
## Fix Disk Space
10 10
11
-* <https://dev.openwrt.org/changeset/13650>
11
+* <https://dev.openwrt.org/changeset/13650>
12 12
13 13
echo "option overlay_root /jffs" >> /etc/opkg.conf
14
-
14
+
15 15
16 16
17 17
18 18
## [IPv6][35]
19 19
20
-* Attempted on Gargoyle (OpenWRT 8.09-beta)
21
-* <http://wiki.openwrt.org/IPv6_howto>
22
-* NOTE: opkg has replaced ipkg
20
+* Attempted on Gargoyle (OpenWRT 8.09-beta)
21
+* <http://wiki.openwrt.org/IPv6_howto>
22
+* NOTE: opkg has replaced ipkg
23 23
24 24
opkg update
25 25
opkg install kmod-ipv6 kmod-ip6tables
26 26
opkg install radvd ip ip6tables
27 27
insmod ipv6 # doesn't fucking work!
28
-
29 28
30
-Insmod ipv6 fails with: `> insmod: unresolved symbol tcp_destroy_sock`
29
+
30
+Insmod ipv6 fails with: `> insmod: unresolved symbol tcp_destroy_sock`
31 31
32 32
33 33
34 34
## TFTP Upgrade
35 35
36
-* Upgrading OpenWRT via TFTP
37
-* Run tftp
36
+* Upgrading OpenWRT via TFTP
37
+* Run tftp
38 38
39
-`atftp --trace --option "timeout 10" --option "mode octet" --put --local-file openwrt-xxx-x.x-xxx.bin 192.168.1.1`
39
+`atftp --trace --option "timeout 10" --option "mode octet" --put --local-file openwrt-xxx-x.x-xxx.bin 192.168.1.1`
40 40
41
-* Power cycle the router
42
-* With boot_wait already configured no need to press reset button
41
+* Power cycle the router
42
+* With boot_wait already configured no need to press reset button
43 43
44 44
45 45
... ...
@@ -49,28 +49,28 @@ Insmod ipv6 fails with: `> insmod: unresolved symbol tcp_destroy_sock`
49 49
50 50
#### 2009-08-20
51 51
52
-* Attempted on OpenWRT 8.09 X-WRT
53
-* <https://forum.openwrt.org/viewtopic.php?id=19603>
52
+* Attempted on OpenWRT 8.09 X-WRT
53
+* <https://forum.openwrt.org/viewtopic.php?id=19603>
54 54
55 55
opkg update
56 56
opkg install ip kmod-ipv6 kmod-ip6tables radvd
57
-
58 57
59
-* Still doesn't fucking work. 2.6 kernel only.
58
+
59
+* Still doesn't fucking work. 2.6 kernel only.
60 60
61 61
### Remove
62 62
63 63
opkg remove kmod-ipv6tables kmod-ipv6 radvd ip6tables
64
-
65 64
66
-* Ha! Fix opkg repos
65
+
66
+* Ha! Fix opkg repos
67 67
68 68
vi /etc/opkg.conf
69
-
70 69
71
-* cat /etc/opkg.conf
72 70
73
-```
71
+* cat /etc/opkg.conf
72
+
73
+ ```
74 74
#src/gz snapshots http://downloads.openwrt.org/kamikaze/8.09.1/brcm47xx/packages
75 75
src/gz snapshots http://downloads.openwrt.org/kamikaze/8.09.1/brcm-2.4/packages
76 76
dest root /
... ...
@@ -79,7 +79,7 @@ Insmod ipv6 fails with: `> insmod: unresolved symbol tcp_destroy_sock`
79 79
option overlay_root /jffs
80 80
#src X-Wrt http://downloads.x-wrt.org/xwrt/kamikaze/8.09.1/brcm47xx/packages
81 81
src X-Wrt http://downloads.x-wrt.org/xwrt/kamikaze/8.09/brcm-2.4/packages
82
- ```
82
+ ```
83 83
84 84
85 85
... ...
@@ -87,107 +87,113 @@ Insmod ipv6 fails with: `> insmod: unresolved symbol tcp_destroy_sock`
87 87
88 88
opkg update
89 89
opkg install -force-downgrade ip kmod-ipv6 kmod-ip6tables radvd ip6tables
90
-
90
+
91 91
92 92
93 93
94 94
### Configure PPP
95 95
96
-* <http://nuwiki.openwrt.org/oldwiki/IPv6_howto>
97
-* Activate PPP [IPv6][35] support. Add following lines to /etc/ppp/options :
96
+* <http://nuwiki.openwrt.org/oldwiki/IPv6_howto>
97
+* Activate PPP [IPv6][35] support. Add following lines to /etc/ppp/options :
98 98
99
+ ```
99 100
+ipv6
100 101
#logfile /var/log/ppp.log
101
-
102
+ ```
102 103
103
-* No v6CP response so e-mailed Entanet (ipv6 at enta dot net)
104
+
105
+* No v6CP response so e-mailed Entanet (ipv6 at enta dot net)
104 106
105 107
106 108
107 109
## Iodine
108 110
109
-* `opkg install kmod-tun iodine`
111
+* `opkg install kmod-tun iodine`
110 112
111 113
112 114
113 115
## httpd listen address
114 116
115
-* Set httpd port to LAN IP and port
117
+* Set httpd port to LAN IP and port
116 118
119
+ ```
117 120
# cat /etc/config/httpd
118 121
config 'httpd'
119 122
option 'port' '192.168.1.1:80'
120 123
option 'home' '/www'
121
-
124
+ ```
122 125
123 126
124 127
125 128
## Port Forwarding Lockups
126 129
127
-* Stops forwarding ports after a while
130
+* Stops forwarding ports after a while
128 131
129 132
130 133
131 134
### Reduce TCP established timeout
132 135
133
-* /proc
136
+* /proc
134 137
135 138
echo -n 900 > /proc/sys/net/ipv4/netfilter/ip_conntrack_tcp_timeout_established
136
-
137 139
138 140
139 141
140
-* vim /etc/sysctl.conf
142
+
143
+* vim /etc/sysctl.conf
141 144
142 145
net.ipv4.netfilter.ip_conntrack_tcp_timeout_established=900
143
-
146
+
144 147
145 148
146 149
147 150
## NTP Time Synchronization
148 151
149
-* <http://martybugs.net/wireless/openwrt/timesync.cgi>
150
-* Install ntpclient
152
+* <http://martybugs.net/wireless/openwrt/timesync.cgi>
153
+* Install ntpclient
151 154
152 155
opkg update
153 156
opkg install ntpclient
154
-
155 157
156
-* Run once
158
+
159
+* Run once
157 160
158 161
/usr/sbin/ntpclient -c 1 -s -h 0.openwrt.pool.ntp.org
159
-
162
+
160 163
161 164
162 165
163 166
## SSH listen address
164 167
165
-* Set SSH port to LAN IP and port
168
+* Set SSH port to LAN IP and port
166 169
170
+ ```
167 171
# cat /etc/config/dropbear
168 172
config dropbear
169 173
option PasswordAuth 'on'
170 174
option Port '192.168.1.1:22'
171
-
175
+ ```
176
+
172 177
173 178
174 179
175 180
## Fix BT iptables forwarding
176 181
177
-* Change live iptables rules
182
+* Change live iptables rules
178 183
179 184
iptables -t nat -nv --list zone_wan_prerouting --line-number
180 185
iptables -t nat -I zone_wan_prerouting 4 -p tcp -m tcp --dport 6881:6889 -j DNAT --to-destination 192.168.1.4
181 186
iptables -t nat -I zone_wan_prerouting 5 -p udp -m udp --dport 6881:6889 -j DNAT --to-destination 192.168.1.4
182 187
iptables -t nat -D zone_wan_prerouting 7 # delete old rule
183 188
iptables -t nat -D zone_wan_prerouting 6 # delete old rule
184
-
185 189
186 190
187 191
188
-* Edit saved rules
189
- * Modified dest_port '6881-6889' to ''
190 192
193
+* Edit saved rules
194
+ * Modified dest_port '6881-6889' to ''
195
+
196
+ ```
191 197
# vim /etc/config/firewall
192 198
config 'redirect' 'BT'
193 199
option 'src' 'wan'
... ...
@@ -196,138 +202,142 @@ Insmod ipv6 fails with: `> insmod: unresolved symbol tcp_destroy_sock`
196 202
option 'dest_ip' '192.168.1.4'
197 203
option 'dest_port' ''
198 204
option 'src_dport' '6881-6889'
199
-
205
+ ```
200 206
201 207
202 208
203 209
## Configure [IPv6][35] tunnel
204 210
205
-* Create he.net tunnelbroker account
206
-* Let he.net ping the router
211
+* Create he.net tunnelbroker account
212
+* Let he.net ping the router
207 213
214
+ ```
208 215
# vim /etc/firewall.user
209 216
iptables -A input_wan -p icmp -m icmp --icmp-type echo-request -m limit --limit 10/s -j zone_wan_ACCEPT
210
-
217
+ ```
211 218
212 219
213 220
214
-* Set [IPv6][35] Address in WebIf to 2001:470:1f09:471::1/64
221
+* Set [IPv6][35] Address in WebIf to 2001:470:1f09:471::1/64
215 222
216 223
217 224
218 225
### Tunnel Script
219 226
220
-* [http://blog.silviosilva.com/index.php/2009/03/15/ipv6\_tunnelbroker\_openwrt/][38]
221
-* <http://www.tunnelbroker.net/forums/index.php?action=printpage;topic=106.0>
227
+* [http://blog.silviosilva.com/index.php/2009/03/15/ipv6\_tunnelbroker\_openwrt/][38]
228
+* <http://www.tunnelbroker.net/forums/index.php?action=printpage;topic=106.0>
222 229
230
+ ```
223 231
# cat /etc/init.d/ipv6tunnel
224 232
#!/bin/sh /etc/rc.common
225
-
233
+
226 234
#Information from the "Tunnel Details" page
227 235
SERVER_v4=216.66.80.26
228 236
SERVER_v6=2001:470:1f08:471::1
229
-
237
+
230 238
CLIENT_v4=78.32.119.229
231 239
CLIENT_v6=2001:470:1f08:471::2
232
-
240
+
233 241
# Uncomment if you have a /48
234 242
#ROUTED_48=Your /48 netblock's gateway address, e.g., 2001:a:b::1
235 243
ROUTED_64=2001:470:1f09:471::1
236
-
244
+
237 245
START=50
238
-
246
+
239 247
start() {
240 248
echo "Starting he.net IPv6 tunnel: "
241 249
ip tunnel add henet mode sit remote $SERVER_v4 local $CLIENT_v4 ttl 255
242 250
ip link set henet up
243
-
251
+
244 252
ip -6 addr add $CLIENT_v6/64 dev henet
245 253
ip -6 ro add default via $SERVER_v6 dev henet
246
-
254
+
247 255
# Set by WebIf
248 256
#ip -6 addr add $ROUTED_64/64 dev br-lan
249 257
# Uncomment if you have a /48
250 258
#ip -6 addr add $ROUTED_48/48 dev br-lan
251 259
ip -f inet6 addr
252
-
260
+
253 261
echo "Done."
254 262
}
255 263
stop() {
256 264
echo -n "Stopping he.net IPv6 tunnel: "
257 265
ip link set henet down
258 266
ip tunnel del henet
259
-
267
+
260 268
# Set by WebIf
261 269
#ip -6 addr delete $ROUTED_64/64 dev br-lan
262 270
# Uncomment if you have a /48
263 271
#ip -6 addr delete $ROUTED_48/48 dev br-lan
264
-
272
+
265 273
echo "Done."
266 274
}
267 275
restart() {
268 276
stop
269 277
start
270 278
}
271
-
272
-
279
+ ```
273 280
274 281
275 282
276 283
### radvd
277 284
278
- # cat /etc/config/radvd
279
- config interface
280
- option interface 'lan'
281
- option AdvSendAdvert 1
282
- option AdvManagedFlag 0
283
- option AdvOtherConfigFlag 0
284
- option ignore 0
285
-
286
- config prefix
287
- option interface 'lan'
288
- # If not specified, a non-link-local prefix of the interface is used
289
- option prefix '2001:db8:feed:b00::/64'
290
- option AdvOnLink 1
291
- option AdvAutonomous 1
292
- option AdvRouterAddr 0
293
- option ignore 0
294
-
295
- config rdnss
296
- option interface 'lan'
297
- # If not specified, the link-local address of the interface is used
298
- option addr ''
299
- option ignore 1
300
-
285
+```
286
+# cat /etc/config/radvd
287
+config interface
288
+ option interface 'lan'
289
+ option AdvSendAdvert 1
290
+ option AdvManagedFlag 0
291
+ option AdvOtherConfigFlag 0
292
+ option ignore 0
293
+
294
+config prefix
295
+ option interface 'lan'
296
+ # If not specified, a non-link-local prefix of the interface is used
297
+ option prefix '2001:db8:feed:b00::/64'
298
+ option AdvOnLink 1
299
+ option AdvAutonomous 1
300
+ option AdvRouterAddr 0
301
+ option ignore 0
302
+
303
+config rdnss
304
+ option interface 'lan'
305
+ # If not specified, the link-local address of the interface is used
306
+ option addr ''
307
+ option ignore 1
308
+```
301 309
302 310
303 311
304 312
### Enable WebIf services
305 313
306
-* Enable ipv6tunnel, radvd
314
+* Enable ipv6tunnel, radvd
307 315
308 316
309 317
310 318
### Official OpenWRT [IPv6][35] howto
311 319
312
-* <http://nuwiki.openwrt.org/oldwiki/IPv6_howto>
320
+* <http://nuwiki.openwrt.org/oldwiki/IPv6_howto>
313 321
314 322
315 323
316 324
### ip6tables
317 325
318
-* <http://ipv6.debian.net/>
319
-* Add to /etc/modules.d
326
+* <http://ipv6.debian.net/>
327
+* Add to /etc/modules.d
320 328
329
+ ```
321 330
# echo ip6_tables >> /etc/modules.d/20-ipv6
322 331
# echo ip6table_filter >> /etc/modules.d/20-ipv6
323
-
332
+ ```
324 333
325 334
326 335
327
-* Adapt ip6-stateless script
328
-* network/Firewall/router.fw.sh
329
-* cat >> firewall.user
336
+* Adapt ip6-stateless script
337
+* network/Firewall/router.fw.sh
338
+* cat >> firewall.user
330 339
340
+ ```
331 341
#--------------------------------------------------
332 342
#-- IP6TABLES
333 343
#--------------------------------------------------
... ...
@@ -335,62 +345,62 @@ Insmod ipv6 fails with: `> insmod: unresolved symbol tcp_destroy_sock`
335 345
PORTS_IN_UDP_ALLOW=""
336 346
PORTS_FWD_TCP_ALLOW="22"
337 347
PORTS_FWD_UDP_ALLOW=""
338
-
348
+
339 349
IPTABLES="/usr/sbin/iptables"
340 350
IP6TABLES="/usr/sbin/ip6tables"
341
-
351
+
342 352
IP6_WAN_IF=henet
343
-
353
+
344 354
# Defailt rate limiting
345 355
#RLIMIT="-m limit --limit 3/s --limit-burst 8"
346 356
RLIMIT=""
347
-
357
+
348 358
# Logging options.
349 359
LOG="LOG --log-level debug --log-tcp-sequence --log-tcp-options"
350 360
LOG="$LOG --log-ip-options"
351
-
361
+
352 362
# Unprivileged ports.
353 363
PHIGH="1024:65535"
354 364
PSSH="1000:1023"
355
-
365
+
356 366
#--------------------------------------------------
357 367
# Sysctl
358 368
#--------------------------------------------------
359 369
echo "1" > /proc/sys/net/ipv6/conf/all/forwarding
360
-
361
-
370
+
371
+
362 372
#--------------------------------------------------
363 373
# Default policies.
364 374
#--------------------------------------------------
365
-
375
+
366 376
# Drop everything by default.
367 377
$IP6TABLES -P INPUT DROP
368 378
$IP6TABLES -P FORWARD DROP
369 379
$IP6TABLES -P OUTPUT DROP
370
-
380
+
371 381
# Set the nat/mangle/raw tables' chains to ACCEPT
372 382
$IP6TABLES -t mangle -P PREROUTING ACCEPT
373 383
$IP6TABLES -t mangle -P INPUT ACCEPT
374 384
$IP6TABLES -t mangle -P FORWARD ACCEPT
375 385
$IP6TABLES -t mangle -P OUTPUT ACCEPT
376 386
$IP6TABLES -t mangle -P POSTROUTING ACCEPT
377
-
387
+
378 388
#--------------------------------------------------
379 389
# Cleanup.
380 390
#--------------------------------------------------
381
-
391
+
382 392
# Delete all
383 393
$IP6TABLES -F
384 394
$IP6TABLES -t mangle -F
385
-
395
+
386 396
# Delete all
387 397
$IP6TABLES -X
388 398
$IP6TABLES -t mangle -X
389
-
399
+
390 400
# Zero all packets and counters.
391 401
$IP6TABLES -Z
392 402
$IP6TABLES -t mangle -Z
393
-
403
+
394 404
#--------------------------------------------------
395 405
# Basic user-defined chains
396 406
#--------------------------------------------------
... ...
@@ -398,98 +408,98 @@ Insmod ipv6 fails with: `> insmod: unresolved symbol tcp_destroy_sock`
398 408
$IP6TABLES -N ACCEPTLOG
399 409
#$IP6TABLES -A ACCEPTLOG -j $LOG $RLIMIT --log-prefix "ACCEPT "
400 410
$IP6TABLES -A ACCEPTLOG -j ACCEPT
401
-
411
+
402 412
# LOG packets, then DROP.
403 413
$IP6TABLES -N DROPLOG
404 414
#$IP6TABLES -A DROPLOG -j $LOG $RLIMIT --log-prefix "DROP "
405 415
$IP6TABLES -A DROPLOG -j DROP
406
-
416
+
407 417
# LOG packets, then REJECT.
408 418
# TCP packets are rejected with a TCP reset.
409 419
$IP6TABLES -N REJECTLOG
410 420
#$IP6TABLES -A REJECTLOG -j $LOG $RLIMIT --log-prefix "REJECT "
411 421
$IP6TABLES -A REJECTLOG -p tcp -j REJECT --reject-with tcp-reset
412 422
$IP6TABLES -A REJECTLOG -j REJECT
413
-
423
+
414 424
#--------------------------------------------------
415 425
# Vulnerabilities
416 426
#--------------------------------------------------
417
-
427
+
418 428
#Remove RH0 vulnerability
419 429
# https://lists.ubuntu.com/archives/kernel-bugs/2007-June/027320.html
420 430
# https://www.sixxs.net/forum/?msg=general-573582
421 431
#$IP6TABLES -A INPUT -m rt --rt-type 0 -j DROP
422 432
#$IP6TABLES -A OUTPUT -m rt --rt-type 0 -j DROP
423 433
#$IP6TABLES -A FORWARD -m rt --rt-type 0 -j DROP
424
-
434
+
425 435
#--------------------------------------------------
426 436
# ICMP
427 437
#--------------------------------------------------
428
-
438
+
429 439
# Allow IPv6 ICMP
430 440
$IP6TABLES -A INPUT -p ipv6-icmp -j ACCEPT
431 441
$IP6TABLES -A OUTPUT -p ipv6-icmp -j ACCEPT
432 442
$IP6TABLES -A FORWARD -p ipv6-icmp -j ACCEPT
433
-
443
+
434 444
#--------------------------------------------------
435 445
# Basic allowed traffic - loopback, outgoing
436 446
#--------------------------------------------------
437 447
$IP6TABLES -A INPUT -i lo -j ACCEPT
438 448
$IP6TABLES -A OUTPUT -o lo -j ACCEPT
439
-
449
+
440 450
# Allow incoming connections related to existing allowed connections.
441 451
#$IP6TABLES -A INPUT -m state --state ESTABLISHED,RELATED -j ACCEPT
442 452
$IP6TABLES -A INPUT -p tcp ! --syn -j ACCEPT
443
-
453
+
444 454
# Allow outgoing connections EXCEPT invalid
445 455
#$IP6TABLES -A OUTPUT -m state --state NEW,ESTABLISHED,RELATED -j ACCEPT
446 456
$IP6TABLES -A OUTPUT -j ACCEPT
447
-
457
+
448 458
# Allow incoming connections related to existing allowed connections.
449 459
#$IP6TABLES -A FORWARD -m state --state ESTABLISHED,RELATED -j ACCEPT
450 460
$IP6TABLES -A FORWARD -p tcp ! --syn -j ACCEPT
451
-
461
+
452 462
# Allow new outgoing forwarded connections
453 463
#$IP6TABLES -A FORWARD -o ${IP6_WAN_IF} -m state --state NEW -j ACCEPT
454 464
$IP6TABLES -A FORWARD -o ${IP6_WAN_IF} -j ACCEPT
455
-
465
+
456 466
##--------------------------------------------------
457 467
## Drop MS ports - SMB, CIFS, etc
458 468
##--------------------------------------------------
459 469
#$IP6TABLES -A INPUT -p tcp -m multiport --dports 135,137,138,139,445,1433,1434 -j DROP
460 470
#$IP6TABLES -A INPUT -p udp -m multiport --dports 135,137,138,139,445,1433,1434 -j DROP
461
-
471
+
462 472
#--------------------------------------------------
463 473
# Drop Invalid traffic
464 474
#--------------------------------------------------
465 475
#$IP6TABLES -A INPUT -m state --state INVALID -j DROP
466 476
#$IP6TABLES -A OUTPUT -m state --state INVALID -j DROP
467 477
#$IP6TABLES -A FORWARD -m state --state INVALID -j DROP
468
-
478
+
469 479
#--------------------------------------------------
470 480
# Port scans and SYN floods
471 481
#--------------------------------------------------
472 482
$IP6TABLES -N SYN_FLOOD
473
-
483
+
474 484
$IP6TABLES -A SYN_FLOOD -m limit --limit 2/s --limit-burst 6 -j RETURN
475 485
$IP6TABLES -A SYN_FLOOD -m limit --limit 2/s --limit-burst 6 -j LOG --log-prefix SYN-DROP:
476 486
$IP6TABLES -A SYN_FLOOD -j DROP
477
-
487
+
478 488
$IP6TABLES -A INPUT -p tcp --syn -j SYN_FLOOD
479 489
$IP6TABLES -A FORWARD -i ${IP6_WAN_IF} -p tcp --syn -j SYN_FLOOD
480
-
490
+
481 491
#--------------------------------------------------
482 492
# Drop bad IPs
483 493
#--------------------------------------------------
484 494
## Block lists
485 495
## $IP6TABLES -A INPUT -s INSERT-BAD-IP-HERE -j DROPLOG
486 496
## $IP6TABLES -A FORWARD -s INSERT-BAD-IP-HERE -j DROPLOG
487
-
497
+
488 498
# IANA reserved and unallocated
489 499
# http://www.iana.org/assignments/ipv6-address-space/
490 500
# http://www.iana.org/assignments/ipv6-unicast-address-assignments/
491
-
492
-
501
+
502
+
493 503
##--------------------------------------------------
494 504
#--------------------------------------------------
495 505
# Inbound
... ...
@@ -499,12 +509,12 @@ Insmod ipv6 fails with: `> insmod: unresolved symbol tcp_destroy_sock`
499 509
#${IP6TABLES} -A INPUT -m state --state NEW -p tcp --dport ${PORT} -j ACCEPT
500 510
${IP6TABLES} -A INPUT -p tcp --syn --dport ${PORT} -j ACCEPT
501 511
done
502
-
512
+
503 513
for PORT in ${PORTS_IN_UDP_ALLOW} ; do
504 514
#${IP6TABLES} -A INPUT -m state --state NEW -p udp --dport ${PORT} -j ACCEPT
505 515
${IP6TABLES} -A INPUT -p udp --dport ${PORT} -j ACCEPT
506 516
done
507
-
517
+
508 518
#--------------------------------------------------
509 519
# Forward
510 520
#--------------------------------------------------
... ...
@@ -513,29 +523,27 @@ Insmod ipv6 fails with: `> insmod: unresolved symbol tcp_destroy_sock`
513 523
#${IP6TABLES} -A FORWARD -i ${IP6_WAN_IF} -m state --state NEW -p tcp --dport ${PORT} -j ACCEPT
514 524
${IP6TABLES} -A FORWARD -i ${IP6_WAN_IF} -p tcp --syn --dport ${PORT} -j ACCEPT
515 525
done
516
-
526
+
517 527
for PORT in ${PORTS_FWD_UDP_ALLOW} ; do
518 528
#${IP6TABLES} -A FORWARD -i ${IP6_WAN_IF} -m state --state NEW -p udp --dport ${PORT} -j ACCEPT
519 529
${IP6TABLES} -A FORWARD -i ${IP6_WAN_IF} -p udp --dport ${PORT} -j ACCEPT
520 530
done
521
-
531
+
522 532
##--------------------------------------------------
523 533
## Reject the rest
524 534
##--------------------------------------------------
525 535
#$IP6TABLES -A INPUT -j REJECTLOG
526 536
#$IP6TABLES -A OUTPUT -j REJECTLOG
527 537
#$IP6TABLES -A FORWARD -j REJECTLOG
528
-
538
+
529 539
<<EOF
530
-
540
+ ```
531 541
532 542
533 543
534 544
### Allow [IPv6][35]-in-IPv4 through iptables
535 545
536 546
$IPTABLES -A input_wan -p ipv6 -j zone_wan_ACCEPT
537
-
538
-
539 547
540 548
541 549
## Public Wifi
... ...
@@ -543,7 +551,7 @@ Insmod ipv6 fails with: `> insmod: unresolved symbol tcp_destroy_sock`
543 551
### nodogsplash
544 552
545 553
wget http://kokoro.ucsd.edu/nodogsplash/latest.ipk
546
-
554
+
547 555
548 556
549 557
... ...
@@ -559,7 +567,7 @@ Insmod ipv6 fails with: `> insmod: unresolved symbol tcp_destroy_sock`
559 567
option 'gateway' ''
560 568
option 'ip6gw' ''
561 569
option 'dns' ' 195.74.113.58 195.74.113.62'
562
-
570
+
563 571
564 572
565 573
... ...
@@ -596,7 +604,7 @@ Insmod ipv6 fails with: `> insmod: unresolved symbol tcp_destroy_sock`
596 604
option 'turbo' ''
597 605
option 'macpolicy' 'none'
598 606
option 'maclist' ''
599
-
607
+
600 608
601 609
602 610
... ...
@@ -608,12 +616,12 @@ Insmod ipv6 fails with: `> insmod: unresolved symbol tcp_destroy_sock`
608 616
option 'output' 'ACCEPT'
609 617
option 'forward' 'REJECT'
610 618
option 'masq' '1'
611
-
619
+
612 620
config 'forwarding'
613 621
option 'src' 'public'
614 622
option 'dest' 'wan'
615 623
option 'mtu_fix' '1'
616
-
624
+
617 625
618 626
619 627
... ...
@@ -625,36 +633,38 @@ Insmod ipv6 fails with: `> insmod: unresolved symbol tcp_destroy_sock`
625 633
option 'limit' '150'
626 634
option 'leasetime' '720m'
627 635
option 'ignore' '0'
628
-
629
-
636
+
637
+
630 638
631 639
632 640
633 641
### radvd
634 642
635
- # cat /etc/config/radvd
636
- config interface
637
- option interface 'public'
638
- option AdvSendAdvert 1
639
- option AdvManagedFlag 0
640
- option AdvOtherConfigFlag 0
641
- option ignore 0
642
-
643
- config prefix
644
- option interface 'public'
645
- # If not specified, a non-link-local prefix of the interface is used
646
- option prefix '2001:470:903c:ac10::/64'
647
- option AdvOnLink 1
648
- option AdvAutonomous 1
649
- option AdvRouterAddr 0
650
- option ignore 0
651
-
652
- config rdnss
653
- option interface 'lan'
654
- # If not specified, the link-local address of the interface is used
655
- option addr ''
656
- option ignore 1
657
-
643
+```
644
+# cat /etc/config/radvd
645
+config interface
646
+ option interface 'public'
647
+ option AdvSendAdvert 1
648
+ option AdvManagedFlag 0
649
+ option AdvOtherConfigFlag 0
650
+ option ignore 0
651
+
652
+config prefix
653
+ option interface 'public'
654
+ # If not specified, a non-link-local prefix of the interface is used
655
+ option prefix '2001:470:903c:ac10::/64'
656
+ option AdvOnLink 1
657
+ option AdvAutonomous 1
658
+ option AdvRouterAddr 0
659
+ option ignore 0
660
+
661
+config rdnss
662
+ option interface 'lan'
663
+ # If not specified, the link-local address of the interface is used
664
+ option addr ''
665
+ option ignore 1
666
+```
667
+
658 668
659 669
660 670
... ...
@@ -662,19 +672,19 @@ Insmod ipv6 fails with: `> insmod: unresolved symbol tcp_destroy_sock`
662 672
663 673
#### 2009-12-16
664 674
665
-* Borked router deleting stuff from /jffs
675
+* Borked router deleting stuff from /jffs
666 676
667 677
668 678
669 679
### Reboot to Failsafe
670 680
671
-* Power cycle
672
-* When DMZ light comes on press and hold Reset button until DMZ light flashes (~3Hz)
681
+* Power cycle
682
+* When DMZ light comes on press and hold Reset button until DMZ light flashes (~3Hz)
673 683
telnet 192.168.1.1
674 684
> firstboot
675 685
> reboot
676
-
677
-
686
+
687
+
678 688
679 689
680 690
... ...
@@ -682,7 +692,7 @@ Insmod ipv6 fails with: `> insmod: unresolved symbol tcp_destroy_sock`
682 692
683 693
opkg update
684 694
opkg install qos-scripts
685
-
695
+
686 696
687 697
688 698
... ...
@@ -690,46 +700,48 @@ Insmod ipv6 fails with: `> insmod: unresolved symbol tcp_destroy_sock`
690 700
691 701
opkg update
692 702
opkg install nodogsplash
693
-
694 703
695
-* <http://nuwiki.openwrt.org/oldwiki/hotspothowto#configure.nodogsplash>
696
-* Abandon for now. Too buggy.
704
+
705
+* <http://nuwiki.openwrt.org/oldwiki/hotspothowto#configure.nodogsplash>
706
+* Abandon for now. Too buggy.
697 707
698 708
699 709
700 710
### SSH access
701 711
702
-* dropbear
703
-* authorized keys
712
+* dropbear
713
+* authorized keys
704 714
705 715
706 716
707 717
### Reconfigure
708 718
709
-* From host
719
+* From host
710 720
scp etc/config/* router:/etc/config/
711 721
scp etc/firewall.user router:/etc/
712
-
713
-
714
-
715
-
716 722
717
-* OpenDNS configuration
723
+
724
+
725
+
726
+
727
+* OpenDNS configuration
718 728
cat >> /etc/resolv.conf.opendns
719 729
nameserver 208.67.222.222
720 730
nameserver 208.67.220.220
721 731
EOF
722
-
723
-
724
-
725
- * And replace DNS entries in /etc/config/network with these
726
-* ppp
727
- cat >> /etc/ppp/options
728
- +ipv6
729
- #logfile /var/log/ppp.log
730
- EOF
731
-
732
-
732
+
733
+
734
+
735
+ * And replace DNS entries in /etc/config/network with these
736
+* ppp
737
+ ```
738
+ cat >> /etc/ppp/options
739
+ +ipv6
740
+ #logfile /var/log/ppp.log
741
+ EOF
742
+ ```
743
+
744
+
733 745
734 746
735 747
... ...
@@ -740,7 +752,7 @@ Insmod ipv6 fails with: `> insmod: unresolved symbol tcp_destroy_sock`
740 752
opkg install radvd ip6tables 6scripts
741 753
opkg install qos-scripts nptclient
742 754
opkg install nodogsplash
743
-
755
+
744 756
745 757
746 758
... ...
@@ -749,7 +761,7 @@ Insmod ipv6 fails with: `> insmod: unresolved symbol tcp_destroy_sock`
749 761
/usr/sbin/ntpclient -c 1 -s -h 0.openwrt.pool.ntp.org
750 762
/etc/init.d/radvd start
751 763
/etc/init.d/firewall restart
752
-
764
+
753 765
754 766
755 767
... ...
@@ -758,7 +770,7 @@ Insmod ipv6 fails with: `> insmod: unresolved symbol tcp_destroy_sock`
758 770
root@router:~# df /dev/mtdblock/4
759 771
Filesystem 1k-blocks Used Available Use% Mounted on
760 772
/dev/mtdblock/4 1792 1192 600 67% /jffs
761
-
773
+
762 774
763 775
764 776
... ...
@@ -766,8 +778,8 @@ Insmod ipv6 fails with: `> insmod: unresolved symbol tcp_destroy_sock`
766 778
767 779
## Upgrade
768 780
769
-* Upgrade to OpenWrt 8.09.2
770
-* ipv6 broken on x-wrt as it was on Gargoyle
781
+* Upgrade to OpenWrt 8.09.2
782
+* ipv6 broken on x-wrt as it was on Gargoyle
771 783
772 784
773 785
... ...
@@ -775,27 +787,27 @@ Insmod ipv6 fails with: `> insmod: unresolved symbol tcp_destroy_sock`
775 787
776 788
scp -r router:/etc ./
777 789
ssh router 'opkg list_installed' > installed_packages
778
-
790
+
779 791
780 792
781 793
782 794
### Download
783 795
784
-* <http://downloads.openwrt.org/kamikaze/8.09.2/brcm-2.4/openwrt-brcm-2.4-squashfs.trx>
785
-* <http://downloads.openwrt.org/kamikaze/8.09.2/brcm-2.4/openwrt-wrt54g-squashfs.bin>
796
+* <http://downloads.openwrt.org/kamikaze/8.09.2/brcm-2.4/openwrt-brcm-2.4-squashfs.trx>
797
+* <http://downloads.openwrt.org/kamikaze/8.09.2/brcm-2.4/openwrt-wrt54g-squashfs.bin>
786 798
787 799
788 800
789 801
### Upgrade
790 802
791
-* Via web interface with .trx
803
+* Via web interface with .trx
792 804
793 805
794 806
795 807
### Reinstall
796 808
797 809
opkg install kmod-ipv6 ip ip6tables kmod-ip6tables qos-scripts 6scripts radvd ntpclient
798
-
810
+
799 811
800 812
801 813
... ...
@@ -805,24 +817,26 @@ Insmod ipv6 fails with: `> insmod: unresolved symbol tcp_destroy_sock`
805 817
scp etc/firewall.user router:/etc/
806 818
scp etc/hosts router:/etc/hosts.local
807 819
scp etc/dropbear/authorized_keys etc/dropbear/
808
-
809 820
810 821
811 822
812
-* Fix dnsmasq, was using /etc/resolv.conf.opendns
823
+
824
+* Fix dnsmasq, was using /etc/resolv.conf.opendns
813 825
sed -i -e 's%/etc/resolv.conf.opendns%/tmp/resolv.conf.auto%' /etc/config/dhcp
814
-
815
-
816
-
817
-
818
-
819
-* Fix ppp ipv6
820
- cat >> /etc/ppp/options
821
- +ipv6
822
- #logfile /var/log/ppp.log
823
- EOF
824
-
825
-
826
+
827
+
828
+
829
+
830
+
831
+* Fix ppp ipv6
832
+ ```
833
+ cat >> /etc/ppp/options
834
+ +ipv6
835
+ #logfile /var/log/ppp.log
836
+ EOF
837
+ ```
838
+
839
+
826 840
827 841
828 842
... ...
@@ -830,10 +844,10 @@ Insmod ipv6 fails with: `> insmod: unresolved symbol tcp_destroy_sock`
830 844
831 845
### Install
832 846
833
-* <http://members.aon.at/linuxfreak/linux/mini_snmpd.html>
847
+* <http://members.aon.at/linuxfreak/linux/mini_snmpd.html>
834 848
opkg install mini-snmpd
835
-
836
-
849
+
850
+
837 851
838 852
839 853
... ...
@@ -841,30 +855,31 @@ Insmod ipv6 fails with: `> insmod: unresolved symbol tcp_destroy_sock`
841 855
842 856
#### /etc/config/mini_snmpd
843 857
844
-* [http://wlan-lj.net/browser/branches/openwrt/packages/net/mini\_snmpd/files/mini\_snmpd.config?order=date][43]
858
+* [http://wlan-lj.net/browser/branches/openwrt/packages/net/mini\_snmpd/files/mini\_snmpd.config?order=date][43]
845 859
846 860
config mini_snmpd
847
- option enabled 1
848
- option community public
849
- option location ''
850
- option contact ''
851
- option disks '/tmp,/jffs'
852
- option interfaces 'ppp0,br-lan,br-public' # Max 4
853
-
861
+ option enabled 1
862
+ option community public
863
+ option location ''
864
+ option contact ''
865
+ option disks '/tmp,/jffs'
866
+ option interfaces 'ppp0,br-lan,br-public' # Max 4
867
+
854 868
855 869
856 870
857 871
#### /etc/init.d/mini_snmpd
858 872
859
-* [http://wlan-lj.net/browser/branches/openwrt/packages/net/mini\_snmpd/files/mini\_snmpd.init?order=date][44]
873
+* [http://wlan-lj.net/browser/branches/openwrt/packages/net/mini\_snmpd/files/mini\_snmpd.init?order=date][44]
860 874
875
+ ```
861 876
#!/bin/sh /etc/rc.common
862 877
# Copyright (C) 2009 OpenWrt.org
863
-
878
+
864 879
NAME=mini_snmpd
865 880
PROG=/sbin/$NAME
866 881
START=50
867
-
882
+
868 883
append_string() {
869 884
local section="$1"
870 885
local option="$2"
... ...
@@ -873,60 +888,61 @@ Insmod ipv6 fails with: `> insmod: unresolved symbol tcp_destroy_sock`
873 888
config_get _val "$section" "$option"
874 889
[ -n "$_val" ] && append args "$3 $_val"
875 890
}
876
-
891
+
877 892
mini_snmpd_config() {
878 893
local cfg="$1"
879 894
args=""
880
-
895
+
881 896
append_string "$cfg" community "-c"
882 897
append_string "$cfg" location "-L"
883 898
append_string "$cfg" contact "-C"
884 899
append_string "$cfg" disks "-d"
885 900
append_string "$cfg" interfaces "-i"
886
-
901
+
887 902
config_get_bool enabled "$cfg" "enabled" '1'c
888 903
[ "$enabled" -gt 0 ] && $PROG $args &
889 904
}
890
-
905
+
891 906
start() {
892 907
config_load mini_snmpd
893 908
config_foreach mini_snmpd_config mini_snmpd
894 909
}
895
-
910
+
896 911
stop() {
897 912
killall mini_snmpd
898 913
}
899
-
900
-
914
+ ```
901 915
902
-* Make executable
916
+
917
+
918
+* Make executable
903 919
chmod a+x /etc/init.d/mini_snmpd
904
-
905
-
920
+
921
+
906 922
907 923
908 924
909 925
### Run
910 926
911 927
mini_snmpd -i ppp0
912
-
928
+
913 929
914 930
915 931
916 932
## Upgrade to 10.03
917 933
918
-* <http://backfire.openwrt.org/10.03/brcm-2.4/openwrt-brcm-2.4-squashfs.trx>
919
-* <http://backfire.openwrt.org/10.03/brcm-2.4/openwrt-wrt54g-squashfs.bin>
920
-* Upgraded via web interface with .bin
934
+* <http://backfire.openwrt.org/10.03/brcm-2.4/openwrt-brcm-2.4-squashfs.trx>
935
+* <http://backfire.openwrt.org/10.03/brcm-2.4/openwrt-wrt54g-squashfs.bin>
936
+* Upgraded via web interface with .bin
921 937
922 938
923 939
924 940
### Config Changes from Kamikaze
925 941
926
-* /etc/config/httpd replaced with /etc/config/uhttpd
927
-* Delegated block in /etc/config/6tunnel
928
-* 6tunnel.init script fix <https://dev.openwrt.org/ticket/7203>
929
-* add services to init: 6tunnel, radvd, mini_snmpd
942
+* /etc/config/httpd replaced with /etc/config/uhttpd
943
+* Delegated block in /etc/config/6tunnel
944
+* 6tunnel.init script fix <https://dev.openwrt.org/ticket/7203>
945
+* add services to init: 6tunnel, radvd, mini_snmpd
930 946
931 947
932 948
... ...
@@ -934,26 +950,27 @@ Insmod ipv6 fails with: `> insmod: unresolved symbol tcp_destroy_sock`
934 950
935 951
### SSH
936 952
937
- # opkg install tinyproxy autossh
938
-
953
+```
954
+# opkg install tinyproxy autossh
955
+```
956
+
939 957
940
-* Set for transparent proxying
941
-* <http://open-wrt.ru/forum/viewtopic.php?id=2069>
958
+* Set for transparent proxying
959
+* <http://open-wrt.ru/forum/viewtopic.php?id=2069>
942 960
943 961
944 962
945 963
### VPN
946 964
947
-* <http://forum.openwrt.org/viewtopic.php?pid=8495>
965
+* <http://forum.openwrt.org/viewtopic.php?pid=8495>
948 966
949 967
950 968
951 969
## UPNP
952 970
953
- # opkg install miniupnpd
954
-
955
-
956
-cat /etc/config/upnp
971
+```
972
+# opkg install miniupnpd
973
+cat /etc/config/upnp
957 974
958 975
config upnpd config
959 976
option enabled 1
... ...
@@ -963,28 +980,29 @@ cat /etc/config/upnp
963 980
option upload 512
964 981
option external_iface wan
965 982
option internal_iface lan
966
-
983
+```
984
+
967 985
968 986
969 987
970 988
## Native [IPv6][35]
971 989
972
-* Divide Entanet allocated /56 into three subnets
973
- * 2001:4d48:ad51:xxx0::/64 for edge
974
- * 2001:4d48:ad51:xxx1::/64 for lan
975
- * 2001:4d48:ad51:xxx2::/64 for public
990
+* Divide Entanet allocated /56 into three subnets
991
+ * 2001:4d48:ad51:xxx0::/64 for edge
992
+ * 2001:4d48:ad51:xxx1::/64 for lan
993
+ * 2001:4d48:ad51:xxx2::/64 for public
976 994
977 995
### Multihoming
978 996
979
-NOTE: native ipv6 only works alongside tunnelled ipv6 if multihoming is supported.
997
+NOTE: native ipv6 only works alongside tunnelled ipv6 if multihoming is supported.
980 998
981
-Adding native [IPv6][35] didn't work initially because hosts were using their first assigned (tunnelled) ipv6 address and replies couldn't be routed back via native ipv6
999
+Adding native [IPv6][35] didn't work initially because hosts were using their first assigned (tunnelled) ipv6 address and replies couldn't be routed back via native ipv6
982 1000
983 1001
984 1002
985 1003
### Network
986 1004
987
-* /etc/config/network
1005
+* /etc/config/network
988 1006
config 'interface' 'wan'
989 1007
...
990 1008
option 'ipv6' '1'
... ...
@@ -997,135 +1015,141 @@ Adding native [IPv6][35] didn't work initially because hosts were using their fi
997 1015
config 'interface' 'public'
998 1016
...
999 1017
option 'ip6addr' '2001:4d48:ad51:xxx2::1/64'
1000
-
1001
-
1002 1018
1003
-* ip6addr option doesn't work for pppoe - can be added manually
1019
+
1020
+
1021
+* ip6addr option doesn't work for pppoe - can be added manually
1004 1022
ip addr add 2001:4d48:ad51:xxx0::1/64 dev ppp0
1005
-
1006
-
1023
+
1024
+
1007 1025
1008 1026
1009 1027
1010 1028
### Router Advertisements
1011 1029
1012
-* Add /64 adverts to /etc/config/radvd
1013
- config prefix
1014
- # Native Entanet prefix
1015
- option interface 'lan'
1016
- option prefix '2001:4d48:ad51:xxx1::/64'
1017
- option AdvOnLink 1
1018
- option AdvAutonomous 1
1019
- option AdvRouterAddr 0
1020
- option ignore 0
1021
-
1022
- config prefix
1023
- # Native Entanet prefix
1024
- option interface 'public'
1025
- option prefix '2001:4d48:ad51:xxx2::/64'
1026
- option AdvOnLink 1
1027
- option AdvAutonomous 1
1028
- option AdvRouterAddr 0
1029
- option ignore 0
1030
-
1031
-
1030
+* Add /64 adverts to /etc/config/radvd
1031
+ ```
1032
+ config prefix
1033
+ # Native Entanet prefix
1034
+ option interface 'lan'
1035
+ option prefix '2001:4d48:ad51:xxx1::/64'
1036
+ option AdvOnLink 1
1037
+ option AdvAutonomous 1
1038
+ option AdvRouterAddr 0
1039
+ option ignore 0
1040
+
1041
+ config prefix
1042
+ # Native Entanet prefix
1043
+ option interface 'public'
1044
+ option prefix '2001:4d48:ad51:xxx2::/64'
1045
+ option AdvOnLink 1
1046
+ option AdvAutonomous 1
1047
+ option AdvRouterAddr 0
1048
+ option ignore 0
1049
+ ```
1050
+
1051
+
1032 1052
1033 1053
1034 1054
1035 1055
### Firewall
1036 1056
1037
-* /etc/firewall.user
1038
-* Adapt script to support multiple ipv6 endpoints (henet and ppp0)
1057
+* /etc/firewall.user
1058
+* Adapt script to support multiple ipv6 endpoints (henet and ppp0)
1039 1059
1040 1060
1041 1061
1042 1062
### Disable 6tunnel service
1043 1063
1044
-`rm /etc/rc.d/S46_6tunnel`
1064
+`rm /etc/rc.d/S46_6tunnel`
1045 1065
1046 1066
1047 1067
1048 1068
### AAISP [IPv6][35]
1049 1069
1050
-Divide AAISP allocated /48
1070
+Divide AAISP allocated /48
1051 1071
1052
-* 2001:8b0:16b9:xxxx::/60 for location 1
1053
- * 2001:8b0:16b9:xxx1::/64 for lan
1054
- * 2001:8b0:16b9:xxx8::/64 for public
1072
+* 2001:8b0:16b9:xxxx::/60 for location 1
1073
+ * 2001:8b0:16b9:xxx1::/64 for lan
1074
+ * 2001:8b0:16b9:xxx8::/64 for public
1055 1075
1056 1076
1057 1077
1058 1078
## Upgrade to 12.09
1059 1079
1060
-[openwrt-wrt54g-squashfs.bin][45]
1080
+[openwrt-wrt54g-squashfs.bin][45]
1061 1081
1062
-Does not support [WRT54GL][46]. Recommended version is 10.03.
1082
+Does not support [WRT54GL][46]. Recommended version is 10.03.
1063 1083
1064 1084
1065 1085
1066 1086
## Remote Logging
1067 1087
1068
-Recent watchdog resets (probably from rtorrent's ~700 connections). Uptime in the range of minutes.
1088
+Recent watchdog resets (probably from rtorrent's ~700 connections). Uptime in the range of minutes.
1069 1089
1070
-* <http://wiki.openwrt.org/doc/uci/system>
1071
-* <https://forum.openwrt.org/viewtopic.php?id=11912>
1072
-* <http://www.rsyslog.com/receiving-messages-from-a-remote-system/>
1073
-* <http://www.rsyslog.com/sending-messages-to-a-remote-syslog-server/>
1090
+* <http://wiki.openwrt.org/doc/uci/system>
1091
+* <https://forum.openwrt.org/viewtopic.php?id=11912>
1092
+* <http://www.rsyslog.com/receiving-messages-from-a-remote-system/>
1093
+* <http://www.rsyslog.com/sending-messages-to-a-remote-syslog-server/>
1074 1094
1075 1095
1076 1096
1077 1097
### Log server
1078 1098
1079
-Accept logging on [Hastur][47]:
1099
+Accept logging on [Hastur][47]:
1080 1100
1081
-Enable imudp plugin `/etc/rsyslog.conf`
1101
+Enable imudp plugin `/etc/rsyslog.conf`
1082 1102
1103
+ ```
1083 1104
# provides UDP syslog reception
1084 1105
$ModLoad imudp
1085 1106
$UDPServerRun 514
1086
-
1107
+ ```
1087 1108
1088
-Log remote messages from router to a file `/etc/rsyslog.d/router.conf`
1089 1109
1110
+Log remote messages from router to a file `/etc/rsyslog.d/router.conf`
1111
+
1112
+ ```
1090 1113
## Match router hostname
1091 1114
:source, isequal, "router" /var/log/phase1/router.log
1092 1115
& ~
1093
-
1116
+ ```
1117
+
1094 1118
1095
-Configure rsyslogd
1119
+Configure rsyslogd
1096 1120
1097 1121
1098 1122
1099 1123
### OpenWRT
1100 1124
1101
-Set log\_ip and log\_port. Default port is 514
1125
+Set log\_ip and log\_port. Default port is 514
1102 1126
1103
-/etc/config/system
1127
+/etc/config/system
1104 1128
1105 1129
option 'log_ip' '192.168.0.4'
1106 1130
option 'log_port' '514'
1107
-
1131
+
1108 1132
1109 1133
1110 1134
1111 1135
# Linksys
1112 1136
1113
-* [Linksys 4.30.11][48]
1137
+* [Linksys 4.30.11][48]
1114 1138
1115 1139
tftp 192.168.1.1
1116
-
1140
+
1117 1141
tftp> binary
1118 1142
tftp> rexmt 1
1119 1143
tftp> timeout 60
1120 1144
tftp> trace
1121 1145
tftp> put WRT54GL_v4.30.11_012_ETSI_EN_code.bin
1122
-
1146
+
1123 1147
1124 1148
1125 1149
1126 1150
# Replacement
1127 1151
1128
-Replaced by WDR-3600, see [Mobile Router][50]
1152
+Replaced by WDR-3600, see [Mobile Router][50]
1129 1153
1130 1154
1131 1155
... ...
@@ -1133,26 +1157,26 @@ Replaced by WDR-3600, see [Mobile Router][50]
1133 1157
1134 1158
#### 2009-01-21
1135 1159
1136
-Turned on QoS. Prioritized www and ssh over bittorrent
1160
+Turned on QoS. Prioritized www and ssh over bittorrent
1137 1161
1138 1162
1139 1163
1140 1164
#### 2009-01-25
1141 1165
1142
-Installed DD-WRT.
1166
+Installed DD-WRT.
1143 1167
1144 1168
1145 1169
1146 1170
#### 2009-01-27
1147 1171
1148
-Installed OpenWRT
1149
-Configure [IPv6][35]
1172
+Installed OpenWRT
1173
+Configure [IPv6][35]
1150 1174
1151 1175
1152 1176
1153 1177
#### 2009-04-02
1154 1178
1155
-Fix OpenDNS configuration <http://forum.openwrt.org/viewtopic.php?id=12408>
1179
+Fix OpenDNS configuration <http://forum.openwrt.org/viewtopic.php?id=12408>
1156 1180
1157 1181
1158 1182
... ...
@@ -1160,7 +1184,7 @@ Fix OpenDNS configuration <http://forum.openwrt.org/viewtopic.php?id=12408>
1160 1184
nameserver 208.67.222.222
1161 1185
nameserver 208.67.220.220
1162 1186
EOF
1163
-
1187
+
1164 1188
1165 1189
1166 1190
... ...
@@ -1169,143 +1193,143 @@ Fix OpenDNS configuration <http://forum.openwrt.org/viewtopic.php?id=12408>
1169 1193
config dnsmasq
1170 1194
....
1171 1195
option resolvfile '/etc/resolv.conf.opendns'
1172
-
1196
+
1173 1197
1174 1198
1175 1199
1176 1200
#### 2009-08-18
1177 1201
1178
-* Replaced Gargoyle with x-wrt OpenWRT 8.09
1179
-* Web interface upgrade didn't work so flashed via TFTP
1180
- * [X-WRT Kamikaze 8.09 brcm-2.4 default][52]
1181
-* Configured WAN in pppoe mode, no bridge
1182
-* Configured LAN, bridge mode (for wireless)
1183
-* Set LAN DNS servers to OpenDNS
1202
+* Replaced Gargoyle with x-wrt OpenWRT 8.09
1203
+* Web interface upgrade didn't work so flashed via TFTP
1204
+ * [X-WRT Kamikaze 8.09 brcm-2.4 default][52]
1205
+* Configured WAN in pppoe mode, no bridge
1206
+* Configured LAN, bridge mode (for wireless)
1207
+* Set LAN DNS servers to OpenDNS
1184 1208
1185 1209
1186 1210
1187 1211
#### 2009-08-19
1188 1212
1189
-* Configured wireless
1190
-* Configured port forwarding
1191
-* Set PPPoE MTU to 1472
1213
+* Configured wireless
1214
+* Configured port forwarding
1215
+* Set PPPoE MTU to 1472
1192 1216
1193 1217
1194 1218
1195 1219
#### 2009-08-20
1196 1220
1197
-* [IPv6][35]
1198
-* Force kernel downgrade
1221
+* [IPv6][35]
1222
+* Force kernel downgrade
1199 1223
1200 1224
1201 1225
1202 1226
#### 2009-08-21
1203 1227
1204
-* Testing iodine
1228
+* Testing iodine
1205 1229
1206 1230
1207 1231
1208 1232
#### 2009-09-??
1209 1233
1210
-* Set httpd to listen on LAN only
1234
+* Set httpd to listen on LAN only
1211 1235
1212 1236
1213 1237
1214 1238
#### 2009-09-08
1215 1239
1216
-* Port forwarding lockups
1217
-* Reduced TCP conntrack timeout to 900 seconds
1218
-* Adjusted bittorrent forwarding rule
1240
+* Port forwarding lockups
1241
+* Reduced TCP conntrack timeout to 900 seconds
1242
+* Adjusted bittorrent forwarding rule
1219 1243
1220 1244
iptables -t nat -nv --list zone_wan_prerouting --line-number
1221 1245
iptables -t nat -I zone_wan_prerouting 4 -p tcp -m tcp --dport 6881:6889 -j DNAT --to-destination 192.168.1.4
1222 1246
iptables -t nat -I zone_wan_prerouting 5 -p udp -m udp --dport 6881:6889 -j DNAT --to-destination 192.168.1.4
1223 1247
iptables -t nat -D zone_wan_prerouting 7 # delete old rule
1224 1248
iptables -t nat -D zone_wan_prerouting 6 # delete old rule
1225
-
1226 1249
1227 1250
1228 1251
1229
-* Time synchronization
1230
-* Dropbear SSH on LAN only
1252
+
1253
+* Time synchronization
1254
+* Dropbear SSH on LAN only
1231 1255
1232 1256
1233 1257
1234 1258
#### 2009-09-12
1235 1259
1236
-* Switch wireless to channel 6, distance to 18m
1237
-* Configure he.net tunnel
1260
+* Switch wireless to channel 6, distance to 18m
1261
+* Configure he.net tunnel
1238 1262
1239 1263
1240 1264
1241 1265
#### 2009-09-16
1242 1266
1243
-* Initial ip6tables config
1267
+* Initial ip6tables config
1244 1268
1245 1269
1246 1270
1247 1271
#### 2009-09-18
1248 1272
1249
-* Fix ip6tables tunnel and synflood
1273
+* Fix ip6tables tunnel and synflood
1250 1274
1251 1275
$IPTABLES -A input_wan -p ipv6 -j zone_wan_ACCEPT
1252 1276
$IP6TABLES -A FORWARD -i ${IP6_WAN_IF} -p tcp --syn -j SYN_FLOOD
1253
-
1277
+
1254 1278
1255 1279
1256 1280
1257 1281
#### 2009-11-24
1258 1282
1259
-* Upgrade packages - Fails due to lack of disk space
1260
-* Fix [IPv6][35]
1261
- * Upgrade deleted firewall.user
1283
+* Upgrade packages - Fails due to lack of disk space
1284
+* Fix [IPv6][35]
1285
+ * Upgrade deleted firewall.user
1262 1286
1263 1287
1264 1288
1265 1289
#### 2009-12-10
1266 1290
1267
-* Removed iodined
1268
-* Started public wifi configuration
1291
+* Removed iodined
1292
+* Started public wifi configuration
1269 1293
1270 1294
1271 1295
1272 1296
#### 2009-12-12
1273 1297
1274
-* Public wifi configuration
1298
+* Public wifi configuration
1275 1299
1276 1300
1277 1301
1278 1302
#### 2009-12-13
1279 1303
1280
-* install 6scripts
1281
-* fix misconfigured public wifi
1282
- *
1283
- * [No ifname stanza][54]
1304
+* install 6scripts
1305
+* fix misconfigured public wifi
1306
+ *
1307
+ * [No ifname stanza][54]
1284 1308
1285 1309
1286 1310
1287 1311
#### 2009-12-14
1288 1312
1289
-* Block INPUT from public network by default
1313
+* Block INPUT from public network by default
1290 1314
1291 1315
#### 2009-12-15
1292 1316
1293
-* configured public wifi
1294
-* firewall rules for br-public
1317
+* configured public wifi
1318
+* firewall rules for br-public
1295 1319
1296 1320
1297 1321
1298 1322
#### 2009-12-16
1299 1323
1300
-* opkg remove ip (freespace 288k)
1301
-* opkg install qos-scripts
1302
- * Nope. Still not enough space
1303
-* remove /etc/init.d/6bridge /etc/config/6bridge
1304
-* Remove unused ip6tables modules
1305
- root@router:/jffs# df /dev/mtdblock/4
1324
+* opkg remove ip (freespace 288k)
1325
+* opkg install qos-scripts
1326
+ * Nope. Still not enough space
1327
+* remove /etc/init.d/6bridge /etc/config/6bridge
1328
+* Remove unused ip6tables modules
1329
+ root@router:/jffs# df /dev/mtdblock/4
1306 1330
Filesystem 1k-blocks Used Available Use% Mounted on
1307 1331
/dev/mtdblock/4 1792 1512 280 84% /jffs
1308
-
1332
+
1309 1333
root@router:/jffs/lib/modules/2.4.35.4# lsmod | grep ip6
1310 1334
ip6t_LOG 4556 1
1311 1335
ip6t_IMQ 684 0 (unused)
... ...
@@ -1316,153 +1340,153 @@ Fix OpenDNS configuration <http://forum.openwrt.org/viewtopic.php?id=12408>
1316 1340
ip6table_mangle 2284 0 (unused)
1317 1341
ip6table_filter 1740 1
1318 1342
ip6_tables 17440 8 [ip6t_LOG ip6t_IMQ ip6t_owner ip6t_limit ip6t_frag ip6t_eui64 ip6table_mangle ip6table_filter]
1319
-
1343
+
1320 1344
root@router:/jffs/lib/modules/2.4.35.4# rmmod ip6t_owner ip6t_frag ip6t_eui64
1321 1345
root@router:/jffs/lib/modules/2.4.35.4# rm ip6t_owner.o ip6t_frag.o ip6t_eui64.o
1322
-
1346
+
1323 1347
root@router:/jffs/lib/modules/2.4.35.4# df /dev/mtdblock/4
1324 1348
root@router:/# vim /etc/modules.d/49-ip6tables
1325 1349
Filesystem 1k-blocks Used Available Use% Mounted on
1326 1350
/dev/mtdblock/4 1792 1508 284 84% /jffs
1327
-
1328
-
1329
-
1330
-
1331
-
1332 1351
1333
-* Borked router - reset required
1352
+
1353
+
1354
+
1355
+
1356
+
1357
+* Borked router - reset required
1334 1358
1335 1359
1336 1360
1337 1361
#### 2010-01-03
1338 1362
1339
-* Suspicious rules found in iptables
1363
+* Suspicious rules found in iptables
1340 1364
Chain zone_wan (1 references)
1341
- pkts bytes target prot opt in out source destination
1342
- 60899 4775K ACCEPT tcp -- * * 0.0.0.0/0 0.0.0.0/0
1343
- 0 0 ACCEPT tcp -- * * 0.0.0.0/0 0.0.0.0/0
1344
-
1345
-
1346
-
1347
- * Rules accepted all traffic. DNS was externally visible.
1348
- * Rules removed
1349
-
1350
-
1351
-* Fixed [IPv6][35]
1365
+ pkts bytes target prot opt in out source destination
1366
+ 60899 4775K ACCEPT tcp -- * * 0.0.0.0/0 0.0.0.0/0
1367
+ 0 0 ACCEPT tcp -- * * 0.0.0.0/0 0.0.0.0/0
1368
+
1369
+
1370
+
1371
+ * Rules accepted all traffic. DNS was externally visible.
1372
+ * Rules removed
1373
+
1374
+
1375
+* Fixed [IPv6][35]
1352 1376
ip -6 addr add 2001:470:903c:c0a8::1/64 dev br-lan
1353 1377
ip -6 addr add 2001:470:903c:ac10::1/64 dev br-public
1354
-
1355
-
1356
-
1357
- * Broken by missing addresses on router br-lan and br-public interfaces
1358
- * Should br-lan and br-public also get autoconfigured by radvd?
1378
+
1379
+
1380
+
1381
+ * Broken by missing addresses on router br-lan and br-public interfaces
1382
+ * Should br-lan and br-public also get autoconfigured by radvd?
1359 1383
1360 1384
1361 1385
1362 1386
#### 2010-01-19
1363 1387
1364
-* Give Michelle a static IP 172.16.0.100
1365
-* NAT GRE
1388
+* Give Michelle a static IP 172.16.0.100
1389
+* NAT GRE
1366 1390
iptables -t nat -A zone_wan_prerouting -p gre -j DNAT --to-destination 172.16.0.100
1367
-
1368
-
1391
+
1392
+
1369 1393
1370 1394
1371 1395
1372 1396
#### 2010-02-26
1373 1397
1374
-* Switch br-lan back to 192.168.1.0/24
1375
-* Rename "30 Rustat Public" to "SavePublicWifi.org"
1398
+* Switch br-lan back to 192.168.1.0/24
1399
+* Rename "30 Rustat Public" to "SavePublicWifi.org"
1376 1400
1377 1401
1378 1402
1379 1403
#### 2010-03-02
1380 1404
1381
-* Set wl0 txpower to 25dBm
1405
+* Set wl0 txpower to 25dBm
1382 1406
1383
-`iwconfig wl0 txpower 25dBm`
1407
+`iwconfig wl0 txpower 25dBm`
1384 1408
1385 1409
1386 1410
1387 1411
#### 2010-03-03
1388 1412
1389
-* Upgrade to OpenWrt-8.09.2
1390
-* Fix configuration of dnsmasq (used to have /etc/resolv.conf.opendns)
1413
+* Upgrade to OpenWrt-8.09.2
1414
+* Fix configuration of dnsmasq (used to have /etc/resolv.conf.opendns)
1391 1415
1392 1416
1393 1417
1394 1418
#### 2010-03-04
1395 1419
1396
-* Install mini-snmpd
1420
+* Install mini-snmpd
1397 1421
1398 1422
1399 1423
1400 1424
#### 2010-03-16
1401 1425
1402
-* Reverted to Linksys firmware
1426
+* Reverted to Linksys firmware
1403 1427
1404 1428
1405 1429
1406 1430
#### 2010-05-04
1407 1431
1408
-* OpenWrt 10.03
1409
-* Got snmp and ipv6 working again
1432
+* OpenWrt 10.03
1433
+* Got snmp and ipv6 working again
1410 1434
1411 1435
1412 1436
1413 1437
#### 2010-10-27
1414 1438
1415
-* Installed miniupnpd
1439
+* Installed miniupnpd
1416 1440
1417 1441
1418 1442
1419 1443
#### 2010-12-16
1420 1444
1421
-* Reenabled ppp ipv6 following [Proto 41 Filtering][56]
1445
+* Reenabled ppp ipv6 following [Proto 41 Filtering][56]
1422 1446
1423 1447
1424 1448
1425 1449
#### 2011-06-06
1426 1450
1427
-* Configure native [IPv6][35]
1428
- * Enable ipv6 on PPP link through Luci (AdministrationInterfaces)
1451
+* Configure native [IPv6][35]
1452
+ * Enable ipv6 on PPP link through Luci (AdministrationInterfaces)
1429 1453
1430 1454
1431 1455
1432 1456
#### 2011-06-14
1433 1457
1434
-* Change remove host address from bridged interfaces. (Replaced :1 with ::)
1435
-* Restarted wan to fix ipv6 routing issue
1436
- # ifdown wan ; sleep 3 ; ifup wan
1437
-
1438
-
1458
+* Change remove host address from bridged interfaces. (Replaced :1 with ::)
1459
+* Restarted wan to fix ipv6 routing issue
1460
+ ```
1461
+ # ifdown wan ; sleep 3 ; ifup wan
1462
+ ```
1439 1463
1440 1464
1441 1465
1442 1466
#### 2011-11-09
1443 1467
1444
-* Move to AAISP
1445
-* [IPv6][35] routing failure fixed by restarting radvd
1468
+* Move to AAISP
1469
+* [IPv6][35] routing failure fixed by restarting radvd
1446 1470
1447 1471
1448 1472
1449 1473
#### 2013
1450 1474
1451
-* On hiatus while at #25.
1452
-* 192.168.0.13 DHCP must be reserved for Pivos Xios
1475
+* On hiatus while at #25.
1476
+* 192.168.0.13 DHCP must be reserved for Pivos Xios
1453 1477
1454 1478
1455 1479
1456 1480
#### 2013-10-20
1457 1481
1458
-* Investigate and abandon upgrade to OpenWrt-12.09 "attitude adjustment"
1459
-* Create git repo for settings
1482
+* Investigate and abandon upgrade to OpenWrt-12.09 "attitude adjustment"
1483
+* Create git repo for settings
1460 1484
1461 1485
1462 1486
1463 1487
#### 2013-10-22
1464 1488
1465
-* Configure for PPTP-to-PPPoA with Sky
1489
+* Configure for PPTP-to-PPPoA with Sky
1466 1490
1467 1491
1468 1492
... ...
@@ -1472,31 +1496,31 @@ Fix OpenDNS configuration <http://forum.openwrt.org/viewtopic.php?id=12408>
1472 1496
1473 1497
## OpenWrt 12.03 Attitude Adjustment
1474 1498
1475
-* <http://downloads.openwrt.org/attitude_adjustment/12.09/brcm47xx/generic/>
1499
+* <http://downloads.openwrt.org/attitude_adjustment/12.09/brcm47xx/generic/>
1476 1500
1477 1501
1478 1502
1479 1503
## Nodogplash
1480 1504
1481
-* Add nodogsplash, need to free space first
1505
+* Add nodogsplash, need to free space first
1482 1506
1483 1507
1484 1508
1485 1509
## [IPv6][35] UDP broken
1486 1510
1487
-* UDP responses aren't passed in by stateless firewall
1488
-* Breaks DNS over [IPv6][35]
1511
+* UDP responses aren't passed in by stateless firewall
1512
+* Breaks DNS over [IPv6][35]
1489 1513
1490 1514
1491 1515
1492 1516
## Public Wifi
1493 1517
1494
-* Route SavePublicWifi.org through tor
1495
-* <http://hardy.dropbear.id.au/blog/2008/02/hosting-multiple-wireless-networks-on-openwrt>
1496
-* <http://kokoro.ucsd.edu/nodogsplash/>
1497
-* Needs a reflash upgrade
1498
-* <http://p3f.gmxhome.de/OpenWRT/Configure-OpenVPN.html>
1499
-* <https://forum.openwrt.org/viewtopic.php?id=19137&p=1>
1518
+* Route SavePublicWifi.org through tor
1519
+* <http://hardy.dropbear.id.au/blog/2008/02/hosting-multiple-wireless-networks-on-openwrt>
1520
+* <http://kokoro.ucsd.edu/nodogsplash/>
1521
+* Needs a reflash upgrade
1522
+* <http://p3f.gmxhome.de/OpenWRT/Configure-OpenVPN.html>
1523
+* <https://forum.openwrt.org/viewtopic.php?id=19137&p=1>
1500 1524
1501 1525
1502 1526