[[wlan-lj:fonera3]]
You are here: wlan-lj » fonera3
Edit this pageOld revisions
Recent changesIndex

Strani

FIXME potrebno je urediti dokument!! styling!!

Namestil sem firmware OpenWrt kamikaze 7.09 v datotekama openwrt-atheros-2.6-root.jffs2-64k in kernelom openwrt-atheros-2.6-vmlinux.lzma.

Na TFPT streznik (na IPju 192.168.1.166) postavil obe datoteki, ob zagonu routerja se nanj povezal:

telnet 192.168.1.254 9000

in na njem pognal:

ip_addr -h 192.168.1.166 -l 192.168.1.254/24 fis init load -r -v -b %{FREEMEMLO} openwrt-atheros-2.6-root.jffs2-64k fis create -f 0xA8030000 -l 0x006F0000 -e 0×00000000 rootfs load -r -v -b %{FREEMEMLO} openwrt-atheros-2.6-vmlinux.lzma fis create -r 0×80041000 -e 0×80041000 vmlinux.bin.l7 reset

Prijavil s telnetom na 192.168.1.1 in nastavil root geslo.

/etc/init.d/firewall stop /etc/init.d/firewall disable

echo -n > /etc/firewall.user echo -n > /etc/config/firewall

V /etc/config/network nastavil IP na 192.168.10.1 in:

/etc/init.d/network restart

in se prijavil na novo preko SSH (prej si primerno spremenil IP).

V /lib/network/config.sh sem spremenil:

ifconfig “$iface” down

v:

ifconfig “$iface” down 2>/dev/null >/dev/null

in:

# Interface settings config_get mtu “$config” mtu config_get macaddr “$config” macaddr $DEBUG ifconfig “$iface” ${macaddr:+hw ether “$macaddr”} ${mtu:+mtu $mtu} up uci set ”/var/state/network.$config.ifname=$iface”

v:

# Interface settings (if not an alias) if [ “${iface##*:}” = “$iface” ]; then 

config_get mtu "$config" mtu
config_get macaddr "$config" macaddr
$DEBUG ifconfig "$iface" ${macaddr:+hw ether "$macaddr"} ${mtu:+mtu $mtu} up

fi uci set ”/var/state/network.$config.ifname=$iface”

V /etc/hotplug.d/net/10-net sem dodal na zacetek, takoj po include:

setup_interface_if_auto() { 

local cfg="$(find_config "$1")"

# check the autoload setting
config_get auto "$cfg" auto
case "$auto" in
	1|on|enabled) setup_interface "$1";;
	*) return 1 ;;
esac

}

in spremenil:

local cfg=“$(find_config “$INTERFACE”)”# check the autoload setting config_get auto “$cfg” auto case “$auto” in 

1|on|enabled) setup_interface "$INTERFACE";;

esac

v:

if setup_interface_if_auto “$INTERFACE”; then 

# Setup interface alises 
for ifc in $interfaces; do 
	config_get dev "$ifc" ifname 
	[ "${dev%%:*}" = "$INTERFACE" -a "$dev" != "$INTERFACE" ] && { 
		setup_interface_if_auto "$dev" 
	} 
done

fi

Nastavil sem /etc/config/network na:

config interface loopback 

option ifname	lo
option proto	static
option ipaddr	127.0.0.1
option netmask	255.0.0.0

config interface wifi 

option ifname	"ath0"
option proto	static
option ipaddr	10.16.201.161
option netmask	255.255.255.224

config interface mesh 

option ifname	"ath0:0"
option proto	static
option ipaddr	10.14.0.17
option netmask	255.255.0.0

config interface wan 

option ifname	"eth0"
option proto	dhcp

config interface fallback 

option ifname	"eth0:0"
option proto	static
option ipaddr	169.254.189.120
option netmask	255.255.0.0

V /etc/config/wireless:

config wifi-device wifi0 

option type		atheros
option channel	8
option mode		11g
option diversity 0
option txantenna 1
option rxantenna 1

config wifi-iface 

option device	wifi0
option network	wifi
option mode		adhoc
option ssid		open.kiberpipa.net
option bssid	02:CA:FF:EE:BA:BE
option hidden 	0
option isolate	0
option encryption none
#option rts		250
#option frag	512
option bgscan	0

rts in frag nastavitvi ne delata se pravilno v tej verziji (r3314) madwifi modula, zato sta zacasno zakomentirani.

V /etc/config/dhcp sem nastavil:

config dhcp 

option interface	wifi
option start 		162
option limit		29
option leasetime	3h
option force		1

config dhcp 

option interface	mesh
option start		0
option limit		0
option leasetime	infinite
option force		1

config dhcp 

option interface	wan
option ignore		1

config dhcp 

option interface	fallback
option ignore		1

touch /etc/ethers

V /etc/dnsmasq.conf sem nastavil:

domain-needed bogus-priv filterwin2k localise-queries local=/wifi/ domain=wifi expand-hosts no-negcache no-resolv server=10.14.0.1 server=10.14.0.2 dhcp-authoritative dhcp-leasefile=/tmp/dhcp.leases read-ethers

Sprasuje le DNS streznike v omrezju.

V /etc/init.d/dnsmasq sem dodal za:

append_bool “$cfg” ignore ”-I $ifname”

se:

config_get_bool ignore “$cfg” ignore [ “$ignore” -gt 0 ] && return 0

saj se sicer dnsmasqu vseeno lahko doda range, ceprav je ignore nastavljen, in zamenjal:

limit=“$1)

z (da racuna malo bolj pravilno):

limit=“${limit:-150}”

in za:

eval “$(ipcalc.sh $ipaddr $netmask $start $limit)”

dodal:

if [ “$limit” = “0” ]; then 

END=static

fi

za podporo le staticnemu delovanju DHCP streznika (ce je limit nastavljen na 0).

V /etc/config/system:

config system 

option hostname	rog-4

reboot

Prijavil na 169.254.189.120.

Ker sem potreboval uplink (169.254.189.100 je IP racunalnika s katerim sem bil prijavljen na router, saj sem uporabljal failback nastavitve):

route add default gw 169.254.189.100 dev eth0:0 metric 100 route add -host 193.164.137.78 gw 169.254.189.100 dev eth0:0 route add -host 91.185.199.246 gw 169.254.189.100 dev eth0:0 echo “nameserver 193.2.1.66” > /etc/resolv.conf

V /etc/ipkg.conf sem dodal na vrhu:

src wifi http://ipkg.stargate.si/mips

ipkg update ipkg upgrade

To je nadgradilo busybox na nas paket.

ipkg upgrade

To je nadgradilo se kmod-madwifi modul.

ipkg install kmod-softdog

reboot

Se enkrat nastavil uplink:

ipkg install ntpclient

dropbearkey -t dss -s 1024 -f /etc/dropbear/dropbear_dss_host_key.new dropbearkey -t rsa -s 2048 -f /etc/dropbear/dropbear_rsa_host_key.new mv /etc/dropbear/dropbear_dss_host_key.new /etc/dropbear/dropbear_dss_host_key mv /etc/dropbear/dropbear_rsa_host_key.new /etc/dropbear/dropbear_rsa_host_key

Naredil sem datoteko /etc/init.d/date:

#!/bin/sh /etc/rc.common

START=35 start() { 

date 060100002008

}

chmod +x /etc/init.d/date /etc/init.d/date enable /etc/init.d/date start

ipkg install openvpn

mkdir /etc/openvpn/

V /etc/openvpn/wlanlj.conf:

client proto udp dev tap0 remote 193.164.137.78 9999 remote 91.185.199.246 9999 resolv-retry infinite nobind persist-key persist-tun ns-cert-type server comp-lzo daemon auth-user-pass /etc/openvpn/wlanlj.pass auth-retry nointeract cipher BF-CBC ifconfig 10.14.0.17 255.255.0.0 writepid /var/run/openvpn.pid verb 3 mute 20 user nobody group nogroup ca /etc/openvpn/wlanlj-ca.crt tls-auth /etc/openvpn/wlanlj-ta.key 1

V /etc/default/openvpn:

CONFIG=”/etc/openvpn/wlanlj.conf” OPTIONS=”–config $CONFIG”

V /etc/openvpn/wlanlj.pass sem vpisal uporabnisko ime in geslo, vsako v svojo vrstico.

Skopiral wlanlj-ca.crt, wlanlj-ta.key v /etc/openvpn in nastavil, da so vse tri datoteke berljive le za root uporabnika.

ipkg install olsrd

Nastavil /etc/olsrd.conf:

DebugLevel 0 IpVersion 4 ClearScreen yes Hna4 { 

10.16.201.160	255.255.255.224

} AllowNoInt yes UseHysteresis no LinkQualityLevel 2 LinkQualityWinSize 100 Pollrate 0.1 NicChgsPollInt 3.0 TcRedundancy 2 MprCoverage 1 Interface “ath0:0” { 

HelloInterval		4.0
HelloValidityTime	80.0
TcInterval			8.0
TcValidityTime		160.0
MidInterval			8.0
MidValidityTime		160.0
HnaInterval			8.0
HnaValidityTime		160.0

} Interface “tap0” { 

HelloInterval		4.0
HelloValidityTime	80.0
TcInterval			8.0
TcValidityTime		160.0
MidInterval			8.0
MidValidityTime		160.0
HnaInterval			8.0
HnaValidityTime		160.0
LinkQualityMult default	0.44

}

V /etc/sysctl.conf sem nastavil:

dev.wifi0.diversity=0 dev.wifi0.rxantenna=1 dev.wifi0.txantenna=1 net.ipv4.conf.default.arp_announce=1 net.ipv4.conf.all.arp_announce=1

V /etc/modules.d/50-madwifi sem nastavil:

ath_ahb countrycode=0 outdoor=1

ipkg remove bridge ppp-mod-pppoe kmod-pppoe ppp kmod-ppp

ipkg install ip nmap tcpdump ngrep

V /usr/share/udhcpc/default.script sem:

route add default gw $i dev $interface

spremenil v:

route add default gw $i dev $interface metric 100

in:

$(route -n | awk '/^0.0.0.0\W{9}('$valid')\W/ {next} /^0.0.0.0/ {print “route del -net “$1” gw “$2”;”}')

v (da pocisi le svoje route in ne drugih default):

$(route -n | awk '/^0.0.0.0\W{9}('$valid')\W/ {next} !/('$interface')$/ {next} /^0.0.0.0/ {print “route del -net “$1” gw “$2” metric 100;”}')

Tako bo povezava preko DHCP imela nizjo prioriteto kot tista preko omrezja (za to, da pa ima brezzicna povezava visjo prioriteto od VPNja, pa skrbi OLSR z obtezitvijo).

V /etc/hotplug.d/iface/10-routes sem v add_route() pred:

[ -n “$gateway” ] || {

dodal:

[ “$gateway” = “auto” ] && { 

# Get the gateway from the interface configuration
config_get gateway "$interface" gateway

}

Tako mi ni potrebno nastaviti tocnega IPja gatewaya, saj ga pri DHCP wan povezavi tudi ne vem vnaprej.

Ker imajo routerji v splosnem dva default routa je potrebno nastaviti, da povezave, ki se naredijo preko enega izmed njiju od zunaj tudi po istem gredo nazaj. Recimo ce ping pride po enem default routu (ker je verjetno povezan v druga omrezja), se mora vrniti po istem nazaj, ne pa se poskusiti vrniti po default routu tocke.

mkdir /etc/iproute2/ echo “8 wan” > /etc/iproute2/rt_tables

V /etc/hotplug.d/iface/10-routes dodal v sklop branja nastavitev:

config_get table “$config” table

odstranil dele:

config_get netmask “$config” netmask

netmask=“${netmask:-255.255.255.255}” dest=“${netmask:+-net “$target” netmask “$netmask”}” dest=“${dest:–host “$target”}”

[ -n “$gateway” ] || { 

echo "Missing gateway in route section $config"
return 1

}

dodal za sklopom [ “$gateway” = “auto” ]:

wasnetwork=0 [ “$target” = “network” ] && { 

config_get ipaddr "$interface" ipaddr
config_get netmask "$interface" netmask
target=`ipcalc.sh "$ipaddr" "$netmask" | grep NETWORK | cut -d "=" -f 2`/`ipcalc.sh "$ipaddr" "$netmask" | grep PREFIX | cut -d "=" -f 2`
wasnetwork=1

}

odstranil komentar celotnega tega dela “make sure there is a gateway and a target”, ker vec ni tocen, in spremenil glavni ukaz v:

/usr/sbin/ip route add $target ${gateway:+via “$gateway”} ${dev:+dev “$dev”} ${metric:+metric “$metric”} ${table:+table “$table”}

in za njim dodal se (rahlo hardcodeano delovanje):

[ -n “$table” ] && { 

config_get ipaddr "$interface" ipaddr
/usr/sbin/ip rule list | grep -q "from $ipaddr lookup $table" || /usr/sbin/ip rule add from "$ipaddr" pref 15000 table "$table"
[ "$wasnetwork" != 0 ] || [ "$target" = "default" ] || /usr/sbin/ip rule list | grep -q "from all to $target lookup $table" || /usr/sbin/ip rule add to "$target" pref 20000 table "$table"
/usr/sbin/ip rule list | grep -q "from all fwmark 0x100000/0x100000 lookup main" || /usr/sbin/ip rule add fwmark 0x100000/0x100000 pref 10000 table main

}

Na konec /etc/config/network sem tako dodal se route preko wana:

config route wanvpn1 

option interface wan
option target	193.164.137.78
option gateway	auto
option metric	0
option table	wan

config route wanvpn2 

option interface wan
option target	91.185.199.246
option gateway	auto
option metric	0
option table	wan

config route wannetwork 

option interface wan
option target	network
option metric	0
option table	wan

config route wandefault 

option interface wan
option target	default
option gateway	auto
option metric	0
option table	wan

To tudi ohrani route do VPN, ker se sicer izgubi povezava do VPNja, ko se enkrat doda default route, ki gre preko VPNja (saj ima nizji metric). Ta default route OLSR ponovno umakne cez cas, VPN povezava se ponovno vzpostavi, pa ga ponovno doda … Vmes tudi morebitnemu uporabniku prijavljenjemu na tocko povezava nekaj casa dela in nekaj casa ne dela. Namrec ko se umakne default route preko VPNja, tocka poslje pakete (ker se ni firewalla, takrat pa bi prav tako to bil problem) na svoj wan, ampak naprave naprej na wanu ne poznajo IPja tega uporabika, tocka pa ne dela NATa, da bi IP zakrila. Tako povezava takrat ne deluje. (Da bi se to v tem koraku testiralo, mora biti v /proc/sys/net/ipv4/ip_forward 1 in firewall pravilno nastavljen, da dovoljuje forward.)

Nastavil sem /etc/init.d/firewall na:

#!/bin/sh /etc/rc.common

START=45 start() { 

include /lib/network
scan_interfaces
config_load /var/state/network

config_get WIFI_IF wifi ifname
config_get MESH_IF mesh ifname
config_get LAN_IF lan ifname
config_get LANMESH_IF lanmesh ifname
config_get WAN_IF wan ifname
config_get FALLBACK_IF fallback ifname

config_get WIFI_ADDR wifi ipaddr
config_get LAN_ADDR lan ipaddr
config_get FALLBACK_ADDR fallback ipaddr

config_get WIFI_MASK wifi netmask
config_get LAN_MASK lan netmask
config_get FALLBACK_MASK fallback netmask

WIFI_DEV=${WIFI_IF%%:*}
MESH_DEV=${MESH_IF%%:*}
LAN_DEV=${LAN_IF%%:*}
LANMESH_DEV=${LANMESH_IF%%:*}
WAN_DEV=${WAN_IF%%:*}
FALLBACK_DEV=${FALLBACK_IF%%:*}
VPN_DEV="tap+"

WIFI_IN="-i $WIFI_DEV -s $WIFI_ADDR/$WIFI_MASK"
MESH_IN="-i $MESH_DEV -s ! $WIFI_ADDR/$WIFI_MASK"
LAN_IN="-i $LAN_DEV -s $LAN_ADDR/$LAN_MASK"
[ -n "$LAN_IF" ] && LANMESH_IN="-i $LANMESH_DEV -s ! $LAN_ADDR/$LAN_MASK" || LANMESH_IN="-i $LANMESH_DEV"
WAN_IN="-i $WAN_DEV -s ! $FALLBACK_ADDR/$FALLBACK_MASK"
FALLBACK_IN="-i $FALLBACK_DEV -s $FALLBACK_ADDR/$FALLBACK_MASK"
VPN_IN="-i $VPN_DEV"

WAN_OUT="-o $WAN_DEV -d ! $FALLBACK_ADDR/$FALLBACK_MASK"

VPN_HOST1="193.164.137.78"
VPN_HOST2="91.185.199.246"
VPN_PORT="9999"
	
# Clears everything, INPUT & OUTPUT policy ACCEPT, FORWARD policy DROP
stop

### INPUT ###

iptables -P INPUT DROP

iptables -A INPUT -m state --state INVALID -j DROP
iptables -A INPUT -p tcp --tcp-flags SYN SYN --tcp-option \! 2 -j DROP

iptables -A INPUT -m state --state ESTABLISHED,RELATED -j ACCEPT
iptables -A INPUT -i lo -j ACCEPT
iptables -A INPUT $FALLBACK_IN -j ACCEPT

# Allows node SSH from anywhere
iptables -A INPUT -p tcp --dport 22 -j ACCEPT

# Allows node HTTP from anywhere except wan
[ -n "$WAN_IF" ] && iptables -A INPUT $WAN_IN -p tcp --dport 80 -j REJECT --reject-with icmp-net-prohibited
iptables -A INPUT -p tcp --dport 80 -j ACCEPT

# Allows node DNS from anywhere except wan
[ -n "$WAN_IF" ] && iptables -A INPUT $WAN_IN -p tcp --dport 53 -j REJECT --reject-with icmp-net-prohibited
[ -n "$WAN_IF" ] && iptables -A INPUT $WAN_IN -p udp --dport 53 -j REJECT --reject-with icmp-net-prohibited
iptables -A INPUT -p tcp --dport 53 -j ACCEPT
iptables -A INPUT -p udp --dport 53 -j ACCEPT

# Allows captive portal
iptables -A INPUT $WIFI_IN -p tcp --dport 2050 -j ACCEPT

# Allows DHCP (broadcast)
iptables -A INPUT -i $WIFI_DEV -p udp --sport 68 --dport 67 -j ACCEPT
[ -n "$LAN_IF" ] && iptables -A INPUT -i $LAN_DEV -p udp --sport 68 --dport 67 -j ACCEPT

# Allows OLSR (broadcast)
iptables -A INPUT $MESH_IN -p udp --dport 698 -j ACCEPT
[ -n "$LANMESH_IF" ] && iptables -A INPUT $LANMESH_IN -p udp --dport 698 -j ACCEPT
iptables -A INPUT $VPN_IN -p udp --dport 698 -j ACCEPT

# Allows useful ICMP (like ping)
iptables -A INPUT -p icmp --icmp-type echo-reply -j ACCEPT
iptables -A INPUT -p icmp --icmp-type destination-unreachable -j ACCEPT
iptables -A INPUT -p icmp --icmp-type source-quench -j ACCEPT
iptables -A INPUT -p icmp --icmp-type echo-request -j ACCEPT
iptables -A INPUT -p icmp --icmp-type time-exceeded -j ACCEPT
iptables -A INPUT -p icmp --icmp-type parameter-problem -j ACCEPT

# Allows traceroute
iptables -A INPUT -p udp --sport 32769:65535 --dport 33434:33523 -j ACCEPT
iptables -A INPUT -p icmp --icmp-type 30 -j ACCEPT

### FORWARD ###

iptables -P FORWARD DROP

iptables -A FORWARD -m state --state INVALID -j DROP
iptables -A FORWARD -p tcp --tcp-flags SYN SYN --tcp-option \! 2 -j DROP
iptables -t mangle -A FORWARD -p tcp --tcp-flags SYN,RST SYN -j TCPMSS --clamp-mss-to-pmtu
iptables -A FORWARD -m state --state ESTABLISHED,RELATED -j ACCEPT

# Disallows routing OLSR packets in a network
iptables -A FORWARD -p udp --dport 698 -j DROP

# Disallows routing DHCP packets in a network
iptables -A FORWARD -p udp --dport 67 -j DROP
iptables -A FORWARD -p udp --sport 68 -j DROP

# Disallows VPN connections to our VPN servers in a network
iptables -A FORWARD -p tcp -d $VPN_HOST1 --dport $VPN_PORT -j REJECT --reject-with icmp-net-prohibited
iptables -A FORWARD -p udp -d $VPN_HOST1 --dport $VPN_PORT -j REJECT --reject-with icmp-net-prohibited
iptables -A FORWARD -p tcp -d $VPN_HOST2 --dport $VPN_PORT -j REJECT --reject-with icmp-net-prohibited
iptables -A FORWARD -p udp -d $VPN_HOST2 --dport $VPN_PORT -j REJECT --reject-with icmp-net-prohibited

# Disallows routing from or to a wan segment
[ -n "$WAN_IF" ] && iptables -A FORWARD -m state --state NEW $WAN_IN -j DROP
[ -n "$WAN_IF" ] && iptables -A FORWARD -m state --state NEW $WAN_OUT -j DROP

# Allows routing inside other segments
iptables -A FORWARD -m state --state NEW -j ACCEPT

### OUPUT ###

iptables -P OUTPUT ACCEPT

# Allows VPN connections from the router only through wan or fallback
[ -n "$WAN_IF" ] && iptables -A OUTPUT -o $WAN_DEV -p tcp -d $VPN_HOST1 --dport $VPN_PORT -j ACCEPT
[ -n "$WAN_IF" ] && iptables -A OUTPUT -o $WAN_DEV -p tcp -d $VPN_HOST2 --dport $VPN_PORT -j ACCEPT
[ -n "$WAN_IF" ] && iptables -A OUTPUT -o $WAN_DEV -p udp -d $VPN_HOST1 --dport $VPN_PORT -j ACCEPT
[ -n "$WAN_IF" ] && iptables -A OUTPUT -o $WAN_DEV -p udp -d $VPN_HOST2 --dport $VPN_PORT -j ACCEPT
iptables -A OUTPUT -o $FALLBACK_DEV -p tcp -d $VPN_HOST1 --dport $VPN_PORT -j ACCEPT
iptables -A OUTPUT -o $FALLBACK_DEV -p tcp -d $VPN_HOST2 --dport $VPN_PORT -j ACCEPT
iptables -A OUTPUT -o $FALLBACK_DEV -p udp -d $VPN_HOST1 --dport $VPN_PORT -j ACCEPT
iptables -A OUTPUT -o $FALLBACK_DEV -p udp -d $VPN_HOST2 --dport $VPN_PORT -j ACCEPT
iptables -A OUTPUT -p tcp -d $VPN_HOST1 --dport $VPN_PORT -j REJECT --reject-with icmp-net-prohibited
iptables -A OUTPUT -p tcp -d $VPN_HOST2 --dport $VPN_PORT -j REJECT --reject-with icmp-net-prohibited
iptables -A OUTPUT -p udp -d $VPN_HOST1 --dport $VPN_PORT -j REJECT --reject-with icmp-net-prohibited
iptables -A OUTPUT -p udp -d $VPN_HOST2 --dport $VPN_PORT -j REJECT --reject-with icmp-net-prohibited

### ROUTING ###
		
iptables -t mangle -A PREROUTING -d $VPN_HOST1 -j MARK --or-mark 0x100000
iptables -t mangle -A PREROUTING -d $VPN_HOST2 -j MARK --or-mark 0x100000

echo 1 > /proc/sys/net/ipv4/ip_forward

} stop() { 

echo 0 > /proc/sys/net/ipv4/ip_forward

iptables -t filter -P INPUT ACCEPT
iptables -t filter -P OUTPUT ACCEPT
iptables -t filter -P FORWARD DROP
iptables -t filter -F
iptables -t filter -X
iptables -t nat -P PREROUTING ACCEPT
iptables -t nat -P POSTROUTING ACCEPT
iptables -t nat -P OUTPUT ACCEPT
iptables -t nat -F
iptables -t nat -X
iptables -t mangle -P PREROUTING ACCEPT
iptables -t mangle -P OUTPUT ACCEPT
iptables -t mangle -P INPUT ACCEPT
iptables -t mangle -P FORWARD ACCEPT
iptables -t mangle -P POSTROUTING ACCEPT
iptables -t mangle -F
iptables -t mangle -X

}

/etc/init.d/firewall enable /etc/init.d/openvpn enable /etc/init.d/olsrd enable

reboot

Osnovno delovanje je tako nastavljeno.

mkdir /www/cgi-bin/

V /www/cgi-bin/urandom sem napisal:

#!/bin/sh echo “Content-type: application/octet-stream” echo cat /dev/urandom

chmod +x /www/cgi-bin/urandom

V /www/cgi-bin/zero sem napisal:

#!/bin/sh echo “Content-type: application/octet-stream” echo cat /dev/zero

chmod +x /www/cgi-bin/zero

Tako HTTP streznik ponuja neskoncni “datoteki”, ki lahko sluzita za merjenje kvalitete povezave, ce se meri hitrost prenosa /cgi-bin/urandom (ceprav ta je odvisen potem precej od hitrosti CPU, tako da za velike hitrosti ni) in /cgi-bin/zero.

V /etc/init.d/httpd sem:

config_get ifname wan hostname [ -d /www ] && httpd -p 80 -h /www -r ${hostname:-OpenWrt}

spremenil v:

hostname=`cat /proc/sys/kernel/hostname` [ -d /www ] && httpd -p 80 -h /www -r ${hostname:-OpenWrt} -R / -H 10.14.0.2

/etc/init.d/httpd restart

Namestil program za merjenje hitrosti povezave, recimo za prenasanje tistih neskoncnih cgi-bin streamov (in seveda drugih stvari, ker za razliko od wgeta izpisuje hitrost prenosa):

ipkg install curl

Primer:

curl -o /dev/null http://localhost/cgi-bin/zero

ipkg install nodogsplash

Nastavil /etc/nodogsplash/nodogsplash.conf na:

GatewayInterface ath0 GatewayIPRange 10.16.201.160/27 GatewayName kiberpipa.net ClientIdleTimeout 30 ClientForceTimeout 360 MaxClients 25 FirewallRuleSet preauthenticated-users { 

FirewallRule allow tcp port 53 to 10.14.0.1
FirewallRule allow udp port 53 to 10.14.0.1
FirewallRule allow tcp port 53 to 10.14.0.2
FirewallRule allow udp port 53 to 10.14.0.2
FirewallRule allow icmp to 10.14.0.1
FirewallRule allow icmp to 10.14.0.2

} FirewallRuleSet authenticated-users { 

FirewallRule allow

} FirewallRuleSet users-to-router { 

FirewallRule allow tcp port 22
FirewallRule allow tcp port 53
FirewallRule allow udp port 53
FirewallRule allow udp port 67
FirewallRule allow tcp port 80
FirewallRule allow icmp

}

/etc/init.d/nodogsplash enable /etc/init.d/nodogsplash start

V kolikor se zeli imeti lan port, se v /etc/config/network zakomentira wan del in doda:

config interface lan 

option ifname	"eth0"
option proto	static
option ipaddr	10.16.201.193
option netmask	255.255.255.224

V /etc/config/dhcp se doda se:

config dhcp 

option interface	lan
option start 		194
option limit		29
option leasetime	3h

V /etc/olsrd.conf se doda se v Hna4 sekcijo:

10.16.201.192 255.255.255.224

Ter se onemogoci VPN, ce ni wana:

/etc/init.d/openvpn disable

reboot

V kolikor se zeli imeti lan port za meshing, se v /etc/config/network zakomentira wan del (seveda ne more biti hkrati tudi lan, ce je, se stvari zakomplicirajo in se mora lanmesh nastaviti kot dodaten alias) in doda:

config interface lanmesh 

option ifname	"eth0"
option proto	static
option ipaddr	10.14.0.17
option netmask	255.255.0.0

V /etc/config/dhcp se doda se:

config dhcp 

option interface	lanmesh
option start		0
option limit		0
option leasetime	infinite

V /etc/olsrd.conf se doda interface iz:

Interface “ath0:0”

v:

Interface “ath0:0” “eth0”

Ter se onemogoci VPN, ce ni wana:

/etc/init.d/openvpn disable

reboot

1) ${limit:-150} + 1
wlan-lj/fonera3.txt · Last modified: 2008/06/24 01:56 by mitar
Edit this pageOld revisions
Back to top
www.chimeric.de Creative Commons License Valid CSS Driven by DokuWiki do yourself a favour and use a real browser - get firefox!! Recent changes RSS feed Valid XHTML 1.0