cambios en openwrt

This commit is contained in:
kleper 2019-04-29 10:33:57 -05:00
parent 301543f0f4
commit 31020108bd
6 changed files with 230 additions and 168 deletions

View File

@ -1,25 +1,25 @@
config dnsmasq config dnsmasq
option domainneeded '1' option domainneeded '1'
option boguspriv '1'
option filterwin2k '0'
option localise_queries '1' option localise_queries '1'
option rebind_protection '1' option rebind_protection '1'
option rebind_localhost '1' option rebind_localhost '1'
option local '/lan/'
option domain 'lan'
option expandhosts '1' option expandhosts '1'
option nonegcache '0'
option authoritative '1' option authoritative '1'
option readethers '1' option readethers '1'
option leasefile '/tmp/dhcp.leases' option leasefile '/tmp/dhcp.leases'
option resolvfile '/tmp/resolv.conf.auto' option resolvfile '/tmp/resolv.conf.auto'
option nonwildcard '1' option nonwildcard '1'
option localservice '1' option localservice '1'
option local '/redcomani.org/'
option domain 'redcomani.org'
config dhcp 'lan' config dhcp 'lan'
option interface 'lan' option interface 'lan'
option dhcpv6 'server'
option ra 'server'
option ignore '1' option ignore '1'
option ra_management '1'
config dhcp 'wan' config dhcp 'wan'
option interface 'wan' option interface 'wan'

View File

@ -1,125 +1,195 @@
config defaults config defaults
option syn_flood '1' option syn_flood 1
option input 'ACCEPT' option input ACCEPT
option output 'ACCEPT' option output ACCEPT
option forward 'REJECT' option forward REJECT
# Uncomment this line to disable ipv6 rules
# option disable_ipv6 1
config zone config zone
option name 'lan' option name lan
option input 'ACCEPT' list network 'lan'
option output 'ACCEPT' option input ACCEPT
option forward 'ACCEPT' option output ACCEPT
option network 'lan' option forward ACCEPT
config zone config zone
option name 'wan' option name wan
option input 'REJECT' list network 'wan'
option output 'ACCEPT' list network 'wan6'
option forward 'REJECT' option input REJECT
option masq '1' option output ACCEPT
option mtu_fix '1' option forward REJECT
option network ' ' option masq 1
option mtu_fix 1
config forwarding config forwarding
option src 'lan' option src lan
option dest 'wan' option dest wan
# We need to accept udp packets on port 68,
# see https://dev.openwrt.org/ticket/4108
config rule
option name Allow-DHCP-Renew
option src wan
option proto udp
option dest_port 68
option target ACCEPT
option family ipv4
# Allow IPv4 ping
config rule
option name Allow-Ping
option src wan
option proto icmp
option icmp_type echo-request
option family ipv4
option target ACCEPT
config rule config rule
option name 'Allow-DHCP-Renew' option name Allow-IGMP
option src 'wan' option src wan
option proto 'udp' option proto igmp
option dest_port '68' option family ipv4
option target 'ACCEPT' option target ACCEPT
option family 'ipv4'
# Allow DHCPv6 replies
# see https://dev.openwrt.org/ticket/10381
config rule
option name Allow-DHCPv6
option src wan
option proto udp
option src_ip fc00::/6
option dest_ip fc00::/6
option dest_port 546
option family ipv6
option target ACCEPT
config rule config rule
option name 'Allow-Ping' option name Allow-MLD
option src 'wan' option src wan
option proto 'icmp' option proto icmp
option icmp_type 'echo-request' option src_ip fe80::/10
option family 'ipv4'
option target 'ACCEPT'
config rule
option name 'Allow-IGMP'
option src 'wan'
option proto 'igmp'
option family 'ipv4'
option target 'ACCEPT'
config rule
option name 'Allow-DHCPv6'
option src 'wan'
option proto 'udp'
option src_ip 'fc00::/6'
option dest_ip 'fc00::/6'
option dest_port '546'
option family 'ipv6'
option target 'ACCEPT'
config rule
option name 'Allow-MLD'
option src 'wan'
option proto 'icmp'
option src_ip 'fe80::/10'
list icmp_type '130/0' list icmp_type '130/0'
list icmp_type '131/0' list icmp_type '131/0'
list icmp_type '132/0' list icmp_type '132/0'
list icmp_type '143/0' list icmp_type '143/0'
option family 'ipv6' option family ipv6
option target 'ACCEPT' option target ACCEPT
# Allow essential incoming IPv6 ICMP traffic
config rule
option name Allow-ICMPv6-Input
option src wan
option proto icmp
list icmp_type echo-request
list icmp_type echo-reply
list icmp_type destination-unreachable
list icmp_type packet-too-big
list icmp_type time-exceeded
list icmp_type bad-header
list icmp_type unknown-header-type
list icmp_type router-solicitation
list icmp_type neighbour-solicitation
list icmp_type router-advertisement
list icmp_type neighbour-advertisement
option limit 1000/sec
option family ipv6
option target ACCEPT
# Allow essential forwarded IPv6 ICMP traffic
config rule
option name Allow-ICMPv6-Forward
option src wan
option dest *
option proto icmp
list icmp_type echo-request
list icmp_type echo-reply
list icmp_type destination-unreachable
list icmp_type packet-too-big
list icmp_type time-exceeded
list icmp_type bad-header
list icmp_type unknown-header-type
option limit 1000/sec
option family ipv6
option target ACCEPT
config rule config rule
option name 'Allow-ICMPv6-Input' option name Allow-IPSec-ESP
option src 'wan' option src wan
option proto 'icmp' option dest lan
list icmp_type 'echo-request' option proto esp
list icmp_type 'echo-reply' option target ACCEPT
list icmp_type 'destination-unreachable'
list icmp_type 'packet-too-big'
list icmp_type 'time-exceeded'
list icmp_type 'bad-header'
list icmp_type 'unknown-header-type'
list icmp_type 'router-solicitation'
list icmp_type 'neighbour-solicitation'
list icmp_type 'router-advertisement'
list icmp_type 'neighbour-advertisement'
option limit '1000/sec'
option family 'ipv6'
option target 'ACCEPT'
config rule config rule
option name 'Allow-ICMPv6-Forward' option name Allow-ISAKMP
option src 'wan' option src wan
option dest '*' option dest lan
option proto 'icmp' option dest_port 500
list icmp_type 'echo-request' option proto udp
list icmp_type 'echo-reply' option target ACCEPT
list icmp_type 'destination-unreachable'
list icmp_type 'packet-too-big'
list icmp_type 'time-exceeded'
list icmp_type 'bad-header'
list icmp_type 'unknown-header-type'
option limit '1000/sec'
option family 'ipv6'
option target 'ACCEPT'
config rule
option name 'Allow-IPSec-ESP'
option src 'wan'
option dest 'lan'
option proto 'esp'
option target 'ACCEPT'
config rule
option name 'Allow-ISAKMP'
option src 'wan'
option dest 'lan'
option dest_port '500'
option proto 'udp'
option target 'ACCEPT'
# include a file with users custom iptables rules
config include config include
option path '/etc/firewall.user' option path /etc/firewall.user
### EXAMPLE CONFIG SECTIONS
# do not allow a specific ip to access wan
#config rule
# option src lan
# option src_ip 192.168.45.2
# option dest wan
# option proto tcp
# option target REJECT
# block a specific mac on wan
#config rule
# option dest wan
# option src_mac 00:11:22:33:44:66
# option target REJECT
# block incoming ICMP traffic on a zone
#config rule
# option src lan
# option proto ICMP
# option target DROP
# port redirect port coming in on wan to lan
#config redirect
# option src wan
# option src_dport 80
# option dest lan
# option dest_ip 192.168.16.235
# option dest_port 80
# option proto tcp
# port redirect of remapped ssh port (22001) on wan
#config redirect
# option src wan
# option src_dport 22001
# option dest lan
# option dest_port 22
# option proto tcp
### FULL CONFIG SECTIONS
#config rule
# option src lan
# option src_ip 192.168.45.2
# option src_mac 00:11:22:33:44:55
# option src_port 80
# option dest wan
# option dest_ip 194.25.2.129
# option dest_port 120
# option proto tcp
# option target REJECT
#config redirect
# option src lan
# option src_ip 192.168.45.2
# option src_mac 00:11:22:33:44:55
# option src_port 1024
# option src_dport 80
# option dest_ip 194.25.2.129
# option dest_port 120
# option proto tcp

View File

@ -6,11 +6,11 @@ config interface 'loopback'
option netmask '255.0.0.0' option netmask '255.0.0.0'
config globals 'globals' config globals 'globals'
option ula_prefix 'fd20:a9a3:4c8a::/48' option ula_prefix 'fda8:6c9c:aee9::/48'
config interface 'lan' config interface 'lan'
option type 'bridge' option type 'bridge'
option ifname 'eth0.1' option ifname 'eth0'
option proto 'static' option proto 'static'
option ip6assign '60' option ip6assign '60'
option ipaddr '10.17.0.101' option ipaddr '10.17.0.101'
@ -19,25 +19,10 @@ config interface 'lan'
option dns '10.17.95.1' option dns '10.17.95.1'
config interface 'wan' config interface 'wan'
option ifname 'eth0.2' option ifname 'eth1'
option proto 'dhcp' option proto 'dhcp'
config interface 'wan6' config interface 'wan6'
option ifname 'eth0.2' option ifname 'eth1'
option proto 'dhcpv6' option proto 'dhcpv6'
config switch
option name 'switch0'
option reset '1'
option enable_vlan '1'
config switch_vlan
option device 'switch0'
option vlan '1'
option ports '2 3 4 5 0t'
config switch_vlan
option device 'switch0'
option vlan '2'
option ports '1 0t'

View File

@ -14,22 +14,44 @@ config timeserver 'ntp'
list server '2.openwrt.pool.ntp.org' list server '2.openwrt.pool.ntp.org'
list server '3.openwrt.pool.ntp.org' list server '3.openwrt.pool.ntp.org'
config led 'led_usb1' config gpio_switch 'poe_passthrough'
option name 'USB1' option name 'PoE Passthrough'
option sysfs 'tp-link:green:usb1' option gpio_pin '8'
option trigger 'usbdev' option value '0'
option interval '50'
option dev '1-1.1'
config led 'led_usb2' config led 'led_rssilow'
option name 'USB2' option sysfs 'ubnt:red:link1'
option sysfs 'tp-link:green:usb2' option trigger 'rssi'
option trigger 'usbdev' option iface 'rssid_wlan0'
option interval '50' option minq '1'
option dev '1-1.2' option maxq '100'
option offset '0'
option factor '13'
config led 'led_wlan2g' config led 'led_rssimediumlow'
option name 'WLAN2G' option sysfs 'ubnt:orange:link2'
option sysfs 'tp-link:blue:wlan2g' option trigger 'rssi'
option trigger 'phy0tpt' option iface 'rssid_wlan0'
option minq '26'
option maxq '100'
option offset '-25'
option factor '13'
config led 'led_rssimediumhigh'
option sysfs 'ubnt:green:link3'
option trigger 'rssi'
option iface 'rssid_wlan0'
option minq '51'
option maxq '100'
option offset '-50'
option factor '13'
config led 'led_rssihigh'
option sysfs 'ubnt:green:link4'
option trigger 'rssi'
option iface 'rssid_wlan0'
option minq '76'
option maxq '100'
option offset '-75'
option factor '13'

View File

@ -1,32 +1,17 @@
config wifi-device 'radio0' config wifi-device 'radio0'
option type 'mac80211' option type 'mac80211'
option channel '11'
option hwmode '11g' option hwmode '11g'
option path 'platform/ar934x_wmac' option path 'pci0000:00/0000:00:00.0'
option channel '6' option htmode 'HT20'
option htmode 'HT40'
option country 'US' option country 'US'
option legacy_rates '1' option legacy_rates '1'
config wifi-iface 'default_radio0' config wifi-iface 'default_radio0'
option device 'radio0' option device 'radio0'
option mode 'ap'
option ssid 'RedCoMani.org'
option network 'lan' option network 'lan'
option mode 'ap'
option encryption 'none'
option ssid 'RedCoMani.org'
config wifi-device 'radio1'
option type 'mac80211'
option hwmode '11a'
option path 'pci0000:00/0000:00:00.0'
option channel '120'
option htmode 'HT40'
option country 'US'
option legacy_rates '1'
config wifi-iface 'default_radio1'
option device 'radio1'
option mode 'ap'
option ssid 'RedCoMani.org'
option encryption 'none' option encryption 'none'

View File

@ -1,4 +1,4 @@
root:$1$o0K13DIt$44HqwLkJyp3ZpxHjNjMh//:17926:0:99999:7::: root:$1$xhU4xtec$6BYy6N10k/XgXJVFYtKmu/:17926:0:99999:7:::
daemon:*:0:0:99999:7::: daemon:*:0:0:99999:7:::
ftp:*:0:0:99999:7::: ftp:*:0:0:99999:7:::
network:*:0:0:99999:7::: network:*:0:0:99999:7:::