294 lines
7.6 KiB
Plaintext
294 lines
7.6 KiB
Plaintext
= Ratbert Setup =
|
|
Nach der erfolgreichen Wiederbelebung von Ratbert konnte der Ersatzrouter Wormbert wieder im Schrank verschwinden. Was dazu alles nötig war sei im Folgenden hier dokumentiert.
|
|
|
|
|
|
== Debricking ==
|
|
Von Lateinich debricere - der Verziegelsteinigung entziehen.... oder so..
|
|
Da der Bootloader noch vollkommen intakt war, gab es bei der Wiederherstellung von einer lauffähigen OpenWRT Firmware keine größeren Hindernisse zu überwinden.
|
|
Mithilfe eines eingelöteten Pinheaders lässt sich die serielle Schnittstelle von Ratbert nun leicht mit einer USB UART bridge benutzen.
|
|
Die dazu nötigen Schritte sind unter :http://wiki.openwrt.org/toh/tp-link/tl-wr1043nd und besonders in dem Log unter :http://wiki.openwrt.org/toh/tp-link/tl-wr1043nd/flashlog zu finden.
|
|
|
|
== Pakete ==
|
|
Durch geschickte Benutzung des Paketmanagers opkg hat Astro folgende Pakete zur Menge der Installierten gemacht:
|
|
<pre>
|
|
aiccu avahi-daemon base-files base-files-network busybox crda dbus dnsmasq
|
|
dropbear firewall hotplug2 ip iptables iptables-mod-conntrack iptables-mod-nat
|
|
iw kernel kmod-ath kmod-ath9k kmod-ath9k-common kmod-button-hotplug kmod-cfg80211
|
|
kmod-crypto-aes kmod-crypto-arc4 kmod-crypto-core kmod-input-core kmod-input-gpio-keys-polled
|
|
kmod-input-polldev kmod-ipt-conntrack kmod-ipt-core kmod-ipt-nat kmod-ipt-nathelper
|
|
kmod-iptunnel4 kmod-ipv6 kmod-leds-gpio kmod-ledtrig-usbdev kmod-lib-crc-ccitt kmod-mac80211
|
|
kmod-nls-base kmod-ppp kmod-pppoe kmod-sit kmod-tun kmod-usb-core kmod-usb-ohci kmod-usb2
|
|
libavahi libc libcap libdaemon libdbus libexpat libgcc libgdbm libip4tc libncurses
|
|
libnl-tiny libpcap libpthread libreadline librt libuci libxtables mtd ntpd opkg ppp
|
|
ppp-mod-pppoe quagga quagga-bgpd quagga-libospf quagga-libzebra quagga-ospfd
|
|
quagga-vtysh swconfig tcpdump terminfo uboot-envtools uci wireless-tools wpad-mini
|
|
</pre>
|
|
-> fileliste mit versionen: [[{{ns:media}}:Inst_pkgs.txt.gzfake.jpg]]
|
|
|
|
|
|
== Einstellungen einzelner Services ==
|
|
Hier nun die wichtigstsen Konfigurationsanpassungen für einzelne Services:
|
|
=== Basissystemeinstellungen ===
|
|
In /etc/config/system ist lediglich der hostname anzupassen:
|
|
|
|
<pre>
|
|
root@ratbert:/etc/config# cat system
|
|
|
|
config 'system'
|
|
option 'hostname' 'ratbert'
|
|
option 'timezone' 'UTC'
|
|
|
|
config 'timeserver' 'ntp'
|
|
list 'server' '0.openwrt.pool.ntp.org'
|
|
list 'server' '1.openwrt.pool.ntp.org'
|
|
list 'server' '2.openwrt.pool.ntp.org'
|
|
list 'server' '3.openwrt.pool.ntp.org'
|
|
|
|
config 'led' 'led_usb'
|
|
option 'name' 'USB'
|
|
option 'sysfs' 'tp-link:green:usb'
|
|
option 'trigger' 'usbdev'
|
|
option 'dev' '1-1'
|
|
option 'interval' '50'
|
|
|
|
config 'led' 'led_wlan'
|
|
option 'name' 'WLAN'
|
|
option 'sysfs' 'tp-link:green:wlan'
|
|
option 'trigger' 'phy0tpt'
|
|
</pre>
|
|
|
|
|
|
=== Netzconfig ===
|
|
In /etc/config/network findet sich die Basiskonfiguration für Netzwerk unter OpenWRT:
|
|
|
|
<pre>
|
|
root@ratbert:/etc/config# cat network
|
|
</pre> ---->
|
|
|
|
<pre>
|
|
config 'interface' 'loopback'
|
|
option 'ifname' 'lo'
|
|
option 'proto' 'static'
|
|
option 'ipaddr' '127.0.0.1'
|
|
option 'netmask' '255.0.0.0'
|
|
|
|
config 'interface' 'lan'
|
|
option 'ifname' 'eth0.1'
|
|
#option 'type' 'bridge'
|
|
option 'proto' 'static'
|
|
option ipaddr 172.22.99.4
|
|
option 'netmask' '255.255.255.0'
|
|
option netmask 255.255.255.0
|
|
|
|
|
|
config 'interface' 'wan'
|
|
option 'ifname' 'eth0.2'
|
|
option 'proto' 'pppoe'
|
|
option username "HIERUNSEREGEHEIMENUMMER@t-online.de"
|
|
option password "GEHEIMESPASSWORT"
|
|
option peerdns 0
|
|
option ipv6 1
|
|
|
|
|
|
config 'switch'
|
|
option 'name' 'rtl8366rb'
|
|
option 'reset' '1'
|
|
option 'enable_vlan' '1'
|
|
|
|
config 'switch_vlan'
|
|
option 'device' 'rtl8366rb'
|
|
option 'vlan' '1'
|
|
option 'ports' '1 2 3 4 5t'
|
|
|
|
config 'switch_vlan'
|
|
option 'device' 'rtl8366rb'
|
|
option 'vlan' '2'
|
|
option 'ports' '0 5t'
|
|
|
|
config interface wifi
|
|
option proto static
|
|
option ipaddr 172.22.101.1
|
|
</pre>
|
|
|
|
|
|
=== Wireless Network ===
|
|
/etc/config/wireless :
|
|
<pre>
|
|
config wifi-device radio0
|
|
option type mac80211
|
|
option channel 6
|
|
option macaddr f4:ec:38:ba:1d:ac
|
|
option hwmode 11ng
|
|
option htmode HT20
|
|
list ht_capab SHORT-GI-40
|
|
list ht_capab DSSS_CCK-40
|
|
|
|
config wifi-iface
|
|
option device radio0
|
|
option network wifi
|
|
option mode ap
|
|
option ssid C3D2.n
|
|
option encryption none
|
|
</pre>
|
|
|
|
|
|
|
|
=== Firewall ===
|
|
Crappy OpenWRT firewall disabled.
|
|
|
|
<pre>
|
|
root@ratbert:~# cat /etc/rc.local
|
|
# Put your custom commands here that should be executed once
|
|
# the system init finished. By default this file does nothing.
|
|
|
|
iptables -t nat -A POSTROUTING -o pppoe-wan -j MASQUERADE
|
|
iptables -t mangle -A FORWARD -p tcp --tcp-flags SYN,RST SYN -j TCPMSS --clamp-mss-to-pmtu
|
|
|
|
exit 0
|
|
</pre>
|
|
|
|
Wir hatten mal noch in der raw table NOTRACK zwischen LAN & WLAN...
|
|
|
|
=== DNSmasq ===
|
|
Der combinierte DNS und DHCP Server dnsmasq ist in /etc/config/dhcp so eingestellt:
|
|
|
|
<pre>
|
|
root@ratbert:/etc/config# cat dhcp
|
|
config dnsmasq
|
|
option domainneeded 1
|
|
option boguspriv 1
|
|
option filterwin2k 0 # enable for dial on demand
|
|
option localise_queries 1
|
|
option rebind_protection 1 # disable if upstream must serve RFC1918 addresses
|
|
option rebind_localhost 1 # enable for RBL checking and similar services
|
|
#list rebind_domain example.lan # whitelist RFC1918 responses for domains
|
|
option local '/lan/'
|
|
option domain 'lan'
|
|
option expandhosts 1
|
|
option nonegcache 0
|
|
option authoritative 1
|
|
option readethers 1
|
|
option leasefile '/tmp/dhcp.leases'
|
|
option resolvfile '/tmp/resolv.conf.auto'
|
|
#list server '/mycompany.local/1.2.3.4'
|
|
#option nonwildcard 1
|
|
#list interface br-lan
|
|
#list notinterface lo
|
|
#list bogusnxdomain '64.94.110.11'
|
|
|
|
config dhcp wifi
|
|
option interface wifi
|
|
option start 100
|
|
option limit 150
|
|
option leasetime 12h
|
|
|
|
config dhcp lan
|
|
option interface lan
|
|
option ignore 1
|
|
config dhcp wan
|
|
option interface wan
|
|
option ignore 1
|
|
</pre>
|
|
|
|
=== aiccu ===
|
|
Der Sixxs Tunnel ist in /etc/config/aiccu configuriert:
|
|
<pre>
|
|
root@ratbert:/etc/config# cat aiccu
|
|
config aiccu
|
|
option username '****************'
|
|
option password '****************'
|
|
option protocol ''
|
|
option server 'tic.sixxs.net'
|
|
option interface ''
|
|
option tunnel_id ''
|
|
option requiretls ''
|
|
option defaultroute '1'
|
|
option nat '0'
|
|
option heartbeat '1'
|
|
</pre>
|
|
|
|
=== Quagga ===
|
|
<pre>
|
|
root@ratbert:/etc/rc.d# vtysh
|
|
|
|
Hello, this is Quagga (version 0.99.20).
|
|
Copyright 1996-2005 Kunihiro Ishiguro, et al.
|
|
|
|
ratbert# sh ru
|
|
Building configuration...
|
|
|
|
Current configuration:
|
|
!
|
|
!
|
|
interface aiccu
|
|
ipv6 nd suppress-ra
|
|
!
|
|
interface eth0
|
|
ipv6 nd suppress-ra
|
|
!
|
|
interface eth0.0
|
|
ipv6 nd suppress-ra
|
|
!
|
|
interface eth0.1
|
|
ip ospf message-digest-key 1 md5 $GEHEIM
|
|
ipv6 address 2001:6f8:1194:c3d2::1/64
|
|
ipv6 nd prefix 2001:6f8:1194:c3d2::/64
|
|
ipv6 nd ra-interval 5
|
|
ipv6 nd ra-lifetime 60
|
|
ipv6 nd reachable-time 30
|
|
no ipv6 nd suppress-ra
|
|
!
|
|
interface eth0.2
|
|
ipv6 nd suppress-ra
|
|
!
|
|
interface lo
|
|
!
|
|
interface mon.wlan0
|
|
ipv6 nd suppress-ra
|
|
!
|
|
interface pppoe-wan
|
|
ipv6 nd suppress-ra
|
|
!
|
|
interface sit0
|
|
ipv6 nd suppress-ra
|
|
!
|
|
interface wlan0
|
|
ipv6 address 2001:6f8:1194:c3d4::1/64
|
|
ipv6 nd prefix 2001:6f8:1194:c3d4::/64
|
|
ipv6 nd ra-interval 10
|
|
ipv6 nd ra-lifetime 600
|
|
ipv6 nd reachable-time 60
|
|
no ipv6 nd suppress-ra
|
|
!
|
|
router bgp 64699
|
|
bgp router-id 172.22.99.4
|
|
network 172.22.99.0/24
|
|
network 172.22.101.0/24
|
|
neighbor fe80::a800:42ff:fe7a:3246 remote-as 64699
|
|
neighbor fe80::a800:42ff:fe7a:3246 description dn42.hq.c3d2.de
|
|
neighbor fe80::a800:42ff:fe7a:3246 interface eth0.1
|
|
!
|
|
address-family ipv6
|
|
neighbor fe80::a800:42ff:fe7a:3246 activate
|
|
neighbor fe80::a800:42ff:fe7a:3246 soft-reconfiguration inbound
|
|
exit-address-family
|
|
!
|
|
router ospf
|
|
ospf router-id 172.22.99.4
|
|
redistribute connected
|
|
network 172.22.99.0/24 area 0.0.0.0
|
|
network 172.22.101.0/24 area 0.0.0.0
|
|
area 0.0.0.0 authentication message-digest
|
|
!
|
|
access-list vty permit 127.0.0.0/8
|
|
access-list vty deny any
|
|
!
|
|
ip forwarding
|
|
ipv6 forwarding
|
|
!
|
|
line vty
|
|
access-class vty
|
|
!
|
|
end
|
|
</pre>
|