From 301543f0f43d54c459e24177a0ff1c7f71fefefa Mon Sep 17 00:00:00 2001 From: kleper Date: Sun, 28 Apr 2019 19:56:56 -0500 Subject: [PATCH] Archivos para compilar OpenWRT --- README.md | 8 +- openwrt-files/etc/config/dhcp | 33 ++++++++ openwrt-files/etc/config/dropbear | 6 ++ openwrt-files/etc/config/firewall | 125 +++++++++++++++++++++++++++ openwrt-files/etc/config/luci | 38 +++++++++ openwrt-files/etc/config/network | 43 ++++++++++ openwrt-files/etc/config/rpcd | 10 +++ openwrt-files/etc/config/system | 35 ++++++++ openwrt-files/etc/config/ubootenv | 0 openwrt-files/etc/config/ucitrack | 56 +++++++++++++ openwrt-files/etc/config/uhttpd | 135 ++++++++++++++++++++++++++++++ openwrt-files/etc/config/wireless | 32 +++++++ openwrt-files/etc/passwd | 6 ++ openwrt-files/etc/shadow | 6 ++ 14 files changed, 529 insertions(+), 4 deletions(-) create mode 100644 openwrt-files/etc/config/dhcp create mode 100644 openwrt-files/etc/config/dropbear create mode 100644 openwrt-files/etc/config/firewall create mode 100644 openwrt-files/etc/config/luci create mode 100644 openwrt-files/etc/config/network create mode 100644 openwrt-files/etc/config/rpcd create mode 100644 openwrt-files/etc/config/system create mode 100644 openwrt-files/etc/config/ubootenv create mode 100644 openwrt-files/etc/config/ucitrack create mode 100644 openwrt-files/etc/config/uhttpd create mode 100644 openwrt-files/etc/config/wireless create mode 100644 openwrt-files/etc/passwd create mode 100644 openwrt-files/etc/shadow diff --git a/README.md b/README.md index 9b40aa9..ebf031c 100644 --- a/README.md +++ b/README.md @@ -1,4 +1,4 @@ -# RedINC.org - documentacion de implementación +# RedCoMani.org - documentacion de implementación Diferentes documentos y codigo utilizado para la implementación de los servidores de la Red comunitarioa en Buenavista Cauca. @@ -11,7 +11,7 @@ La documentacióin de este proyecto se edita de forma colaborativa en la platafo - Infraestructura con QMP: https://docutopia.tupale.co/s/qmp+pfsense - Wikipedia Local: https://docutopia.tupale.co/s/KiwixServe - Configuración servidor local: https://docutopia.tupale.co/s/ServidorLocal -- LibreMESH para RedINC.org: https://tms.openstreetmap.co/lime/ +- LibreMESH para RedCoMani.org: https://tms.openstreetmap.co/lime/ # Licencia @@ -21,5 +21,5 @@ Todos los contenidos, porciones de codigo alojados en este repositorio estan baj # creditos Al equipo de NuestraRed.org - - Juliana Hernandez / Diseño Grafico y Programación de HTML / Contacto: juliana@tupale.co - - Fernando Castro / Configuración de Red y Programación de nodos / Contacto: fernando@tupale.co + - Juliana Hernandez / Diseño Grafico y Programación de HTML / Contacto: juliana@nuestrared.org + - Fernando Castro / Configuración de Red y Programación de nodos / Contacto: fernando@nuestrared.org diff --git a/openwrt-files/etc/config/dhcp b/openwrt-files/etc/config/dhcp new file mode 100644 index 0000000..38159fa --- /dev/null +++ b/openwrt-files/etc/config/dhcp @@ -0,0 +1,33 @@ + +config dnsmasq + option domainneeded '1' + option boguspriv '1' + option filterwin2k '0' + option localise_queries '1' + option rebind_protection '1' + option rebind_localhost '1' + option local '/lan/' + option domain 'lan' + option expandhosts '1' + option nonegcache '0' + option authoritative '1' + option readethers '1' + option leasefile '/tmp/dhcp.leases' + option resolvfile '/tmp/resolv.conf.auto' + option nonwildcard '1' + option localservice '1' + +config dhcp 'lan' + option interface 'lan' + option ignore '1' + +config dhcp 'wan' + option interface 'wan' + option ignore '1' + +config odhcpd 'odhcpd' + option maindhcp '0' + option leasefile '/tmp/hosts/odhcpd' + option leasetrigger '/usr/sbin/odhcpd-update' + option loglevel '4' + diff --git a/openwrt-files/etc/config/dropbear b/openwrt-files/etc/config/dropbear new file mode 100644 index 0000000..419ec82 --- /dev/null +++ b/openwrt-files/etc/config/dropbear @@ -0,0 +1,6 @@ + +config dropbear + option PasswordAuth 'on' + option Port '22' + option Interface 'lan' + diff --git a/openwrt-files/etc/config/firewall b/openwrt-files/etc/config/firewall new file mode 100644 index 0000000..0ddb704 --- /dev/null +++ b/openwrt-files/etc/config/firewall @@ -0,0 +1,125 @@ + +config defaults + option syn_flood '1' + option input 'ACCEPT' + option output 'ACCEPT' + option forward 'REJECT' + +config zone + option name 'lan' + option input 'ACCEPT' + option output 'ACCEPT' + option forward 'ACCEPT' + option network 'lan' + +config zone + option name 'wan' + option input 'REJECT' + option output 'ACCEPT' + option forward 'REJECT' + option masq '1' + option mtu_fix '1' + option network ' ' + +config forwarding + option src 'lan' + option dest 'wan' + +config rule + option name 'Allow-DHCP-Renew' + option src 'wan' + option proto 'udp' + option dest_port '68' + option target 'ACCEPT' + option family 'ipv4' + +config rule + option name 'Allow-Ping' + option src 'wan' + option proto 'icmp' + option icmp_type 'echo-request' + option family 'ipv4' + option target 'ACCEPT' + +config rule + option name 'Allow-IGMP' + option src 'wan' + option proto 'igmp' + option family 'ipv4' + option target 'ACCEPT' + +config rule + option name 'Allow-DHCPv6' + option src 'wan' + option proto 'udp' + option src_ip 'fc00::/6' + option dest_ip 'fc00::/6' + option dest_port '546' + option family 'ipv6' + option target 'ACCEPT' + +config rule + option name 'Allow-MLD' + option src 'wan' + option proto 'icmp' + option src_ip 'fe80::/10' + list icmp_type '130/0' + list icmp_type '131/0' + list icmp_type '132/0' + list icmp_type '143/0' + option family 'ipv6' + option target 'ACCEPT' + +config rule + option name 'Allow-ICMPv6-Input' + option src 'wan' + option proto 'icmp' + list icmp_type 'echo-request' + list icmp_type 'echo-reply' + list icmp_type 'destination-unreachable' + list icmp_type 'packet-too-big' + list icmp_type 'time-exceeded' + list icmp_type 'bad-header' + list icmp_type 'unknown-header-type' + list icmp_type 'router-solicitation' + list icmp_type 'neighbour-solicitation' + list icmp_type 'router-advertisement' + list icmp_type 'neighbour-advertisement' + option limit '1000/sec' + option family 'ipv6' + option target 'ACCEPT' + +config rule + option name 'Allow-ICMPv6-Forward' + option src 'wan' + option dest '*' + option proto 'icmp' + list icmp_type 'echo-request' + list icmp_type 'echo-reply' + list icmp_type 'destination-unreachable' + list icmp_type 'packet-too-big' + list icmp_type 'time-exceeded' + list icmp_type 'bad-header' + list icmp_type 'unknown-header-type' + option limit '1000/sec' + option family 'ipv6' + option target 'ACCEPT' + +config rule + option name 'Allow-IPSec-ESP' + option src 'wan' + option dest 'lan' + option proto 'esp' + option target 'ACCEPT' + +config rule + option name 'Allow-ISAKMP' + option src 'wan' + option dest 'lan' + option dest_port '500' + option proto 'udp' + option target 'ACCEPT' + +config include + option path '/etc/firewall.user' + diff --git a/openwrt-files/etc/config/luci b/openwrt-files/etc/config/luci new file mode 100644 index 0000000..80e8dc3 --- /dev/null +++ b/openwrt-files/etc/config/luci @@ -0,0 +1,38 @@ + +config core 'main' + option lang 'auto' + option mediaurlbase '/luci-static/bootstrap' + option resourcebase '/luci-static/resources' + +config extern 'flash_keep' + option uci '/etc/config/' + option dropbear '/etc/dropbear/' + option openvpn '/etc/openvpn/' + option passwd '/etc/passwd' + option opkg '/etc/opkg.conf' + option firewall '/etc/firewall.user' + option uploads '/lib/uci/upload/' + +config internal 'languages' + +config internal 'sauth' + option sessionpath '/tmp/luci-sessions' + option sessiontime '3600' + +config internal 'ccache' + option enable '1' + +config internal 'themes' + option Bootstrap '/luci-static/bootstrap' + +config internal 'apply' + option rollback '30' + option holdoff '4' + option timeout '5' + option display '1.5' + +config internal 'diag' + option dns 'openwrt.org' + option ping 'openwrt.org' + option route 'openwrt.org' + diff --git a/openwrt-files/etc/config/network b/openwrt-files/etc/config/network new file mode 100644 index 0000000..b705d98 --- /dev/null +++ b/openwrt-files/etc/config/network @@ -0,0 +1,43 @@ + +config interface 'loopback' + option ifname 'lo' + option proto 'static' + option ipaddr '127.0.0.1' + option netmask '255.0.0.0' + +config globals 'globals' + option ula_prefix 'fd20:a9a3:4c8a::/48' + +config interface 'lan' + option type 'bridge' + option ifname 'eth0.1' + option proto 'static' + option ip6assign '60' + option ipaddr '10.17.0.101' + option netmask '255.255.0.0' + option gateway '10.17.95.1' + option dns '10.17.95.1' + +config interface 'wan' + option ifname 'eth0.2' + option proto 'dhcp' + +config interface 'wan6' + option ifname 'eth0.2' + option proto 'dhcpv6' + +config switch + option name 'switch0' + option reset '1' + option enable_vlan '1' + +config switch_vlan + option device 'switch0' + option vlan '1' + option ports '2 3 4 5 0t' + +config switch_vlan + option device 'switch0' + option vlan '2' + option ports '1 0t' + diff --git a/openwrt-files/etc/config/rpcd b/openwrt-files/etc/config/rpcd new file mode 100644 index 0000000..faaed7f --- /dev/null +++ b/openwrt-files/etc/config/rpcd @@ -0,0 +1,10 @@ +config rpcd + option socket /var/run/ubus.sock + option timeout 30 + +config login + option username 'root' + option password '$p$root' + list read '*' + list write '*' + diff --git a/openwrt-files/etc/config/system b/openwrt-files/etc/config/system new file mode 100644 index 0000000..46a9b41 --- /dev/null +++ b/openwrt-files/etc/config/system @@ -0,0 +1,35 @@ + +config system + option hostname 'OpenWrt' + option timezone 'UTC' + option ttylogin '0' + option log_size '64' + option urandom_seed '0' + +config timeserver 'ntp' + option enabled '1' + option enable_server '0' + list server '0.openwrt.pool.ntp.org' + list server '1.openwrt.pool.ntp.org' + list server '2.openwrt.pool.ntp.org' + list server '3.openwrt.pool.ntp.org' + +config led 'led_usb1' + option name 'USB1' + option sysfs 'tp-link:green:usb1' + option trigger 'usbdev' + option interval '50' + option dev '1-1.1' + +config led 'led_usb2' + option name 'USB2' + option sysfs 'tp-link:green:usb2' + option trigger 'usbdev' + option interval '50' + option dev '1-1.2' + +config led 'led_wlan2g' + option name 'WLAN2G' + option sysfs 'tp-link:blue:wlan2g' + option trigger 'phy0tpt' + diff --git a/openwrt-files/etc/config/ubootenv b/openwrt-files/etc/config/ubootenv new file mode 100644 index 0000000..e69de29 diff --git a/openwrt-files/etc/config/ucitrack b/openwrt-files/etc/config/ucitrack new file mode 100644 index 0000000..e639866 --- /dev/null +++ b/openwrt-files/etc/config/ucitrack @@ -0,0 +1,56 @@ +config network + option init network + list affects dhcp + list affects radvd + +config wireless + list affects network + +config firewall + option init firewall + list affects luci-splash + list affects qos + list affects miniupnpd + +config olsr + option init olsrd + +config dhcp + option init dnsmasq + list affects odhcpd + +config odhcpd + option init odhcpd + +config dropbear + option init dropbear + +config httpd + option init httpd + +config fstab + option exec '/sbin/block mount' + +config qos + option init qos + +config system + option init led + option exec '/etc/init.d/log reload' + list affects luci_statistics + list affects dhcp + +config luci_splash + option init luci_splash + +config upnpd + option init miniupnpd + +config ntpclient + option init ntpclient + +config samba + option init samba + +config tinyproxy + option init tinyproxy diff --git a/openwrt-files/etc/config/uhttpd b/openwrt-files/etc/config/uhttpd new file mode 100644 index 0000000..0bef6df --- /dev/null +++ b/openwrt-files/etc/config/uhttpd @@ -0,0 +1,135 @@ +# Server configuration +config uhttpd main + + # HTTP listen addresses, multiple allowed + list listen_http 0.0.0.0:80 + list listen_http [::]:80 + + # HTTPS listen addresses, multiple allowed + list listen_https 0.0.0.0:443 + list listen_https [::]:443 + + # Redirect HTTP requests to HTTPS if possible + option redirect_https 1 + + # Server document root + option home /www + + # Reject requests from RFC1918 IP addresses + # directed to the servers public IP(s). + # This is a DNS rebinding countermeasure. + option rfc1918_filter 1 + + # Maximum number of concurrent requests. + # If this number is exceeded, further requests are + # queued until the number of running requests drops + # below the limit again. + option max_requests 1 + + # Maximum number of concurrent connections. + # If this number is exceeded, further TCP connection + # attempts are queued until the number of active + # connections drops below the limit again. + option max_connections 100 + + # Certificate and private key for HTTPS. + # If no listen_https addresses are given, + # the key options are ignored. + option cert /etc/uhttpd.crt + option key /etc/uhttpd.key + + # CGI url prefix, will be searched in docroot. + # Default is /cgi-bin + option cgi_prefix /cgi-bin + + # List of extension->interpreter mappings. + # Files with an associated interpreter can + # be called outside of the CGI prefix and do + # not need to be executable. +# list interpreter ".php=/usr/bin/php-cgi" +# list interpreter ".cgi=/usr/bin/perl" + + # List of prefix->Lua handler mappings. + # Any request to an URL beneath the prefix + # will be dispatched to the associated Lua + # handler script. Lua support is disabled when + # no handler mappings are specified. Lua prefix + # matches have precedence over the CGI prefix. + list lua_prefix "/cgi-bin/luci=/usr/lib/lua/luci/sgi/uhttpd.lua" + + # Specify the ubus-rpc prefix and socket path. +# option ubus_prefix /ubus +# option ubus_socket /var/run/ubus.sock + + # CGI/Lua timeout, if the called script does not + # write data within the given amount of seconds, + # the server will terminate the request with + # 504 Gateway Timeout response. + option script_timeout 60 + + # Network timeout, if the current connection is + # blocked for the specified amount of seconds, + # the server will terminate the associated + # request process. + option network_timeout 30 + + # HTTP Keep-Alive, specifies the timeout for persistent + # HTTP/1.1 connections. Setting this to 0 will disable + # persistent HTTP connections. + option http_keepalive 20 + + # TCP Keep-Alive, send periodic keep-alive probes + # over established connections to detect dead peers. + # The value is given in seconds to specify the + # interval between subsequent probes. + # Setting this to 0 will disable TCP keep-alive. + option tcp_keepalive 1 + + # Basic auth realm, defaults to local hostname +# option realm OpenWrt + + # Configuration file in busybox httpd format +# option config /etc/httpd.conf + + # Do not follow symlinks that point outside of the + # home directory. +# option no_symlinks 0 + + # Do not produce directory listings but send 403 + # instead if a client requests an url pointing to + # a directory without any index file. +# option no_dirlists 0 + + # Do not authenticate any ubus-rpc requests against + # the ubus session/access procedure. + # This is dangerous and should be always left off + # except for development and debug purposes! +# option no_ubusauth 0 + + # For this instance of uhttpd use the listed httpauth + # sections to require Basic auth to the specified + # resources. +# list httpauth prefix_user + + +# Defaults for automatic certificate and key generation +config cert defaults + + # Validity time + option days 730 + + # RSA key size + option bits 2048 + + # Location + option country ZZ + option state Somewhere + option location Unknown + + # Common name + option commonname 'OpenWrt' + +# config httpauth prefix_user +# option prefix /protected/url/path +# option username user +# option password 'plaintext_or_md5_or_$p$user_for_system_user' diff --git a/openwrt-files/etc/config/wireless b/openwrt-files/etc/config/wireless new file mode 100644 index 0000000..35af000 --- /dev/null +++ b/openwrt-files/etc/config/wireless @@ -0,0 +1,32 @@ + +config wifi-device 'radio0' + option type 'mac80211' + option hwmode '11g' + option path 'platform/ar934x_wmac' + option channel '6' + option htmode 'HT40' + option country 'US' + option legacy_rates '1' + +config wifi-iface 'default_radio0' + option device 'radio0' + option network 'lan' + option mode 'ap' + option encryption 'none' + option ssid 'RedCoMani.org' + +config wifi-device 'radio1' + option type 'mac80211' + option hwmode '11a' + option path 'pci0000:00/0000:00:00.0' + option channel '120' + option htmode 'HT40' + option country 'US' + option legacy_rates '1' + +config wifi-iface 'default_radio1' + option device 'radio1' + option mode 'ap' + option ssid 'RedCoMani.org' + option encryption 'none' + diff --git a/openwrt-files/etc/passwd b/openwrt-files/etc/passwd new file mode 100644 index 0000000..a211066 --- /dev/null +++ b/openwrt-files/etc/passwd @@ -0,0 +1,6 @@ +root:x:0:0:root:/root:/bin/ash +daemon:*:1:1:daemon:/var:/bin/false +ftp:*:55:55:ftp:/home/ftp:/bin/false +network:*:101:101:network:/var:/bin/false +nobody:*:65534:65534:nobody:/var:/bin/false +dnsmasq:x:453:453:dnsmasq:/var/run/dnsmasq:/bin/false diff --git a/openwrt-files/etc/shadow b/openwrt-files/etc/shadow new file mode 100644 index 0000000..02516bf --- /dev/null +++ b/openwrt-files/etc/shadow @@ -0,0 +1,6 @@ +root:$1$o0K13DIt$44HqwLkJyp3ZpxHjNjMh//:17926:0:99999:7::: +daemon:*:0:0:99999:7::: +ftp:*:0:0:99999:7::: +network:*:0:0:99999:7::: +nobody:*:0:0:99999:7::: +dnsmasq:x:0:0:99999:7:::