Openwrt网络配置之简单路由器
2016-11-02 00:02
573 查看
目的:将平台配置为有线连接外网,无线终端通过平台热点访问外网
固件:基于OpenWrt 15.5 release版本
平台:树莓派2
WIFI Driver:RTL8192CU
需要配置的文件: /etc/config/network, /etc/config/wireless, /etc/config/dhcp,/etc/config/filewall
PS:仅做个人记录
1. /etc/config/network配置如下
目的:将平台配置为有线连接外网,无线终端通过平台热点访问外网
2. /etc/config/wireless 配置如下
3. /etc/config/dhcp 配置如下
4. /etc/config/firewall 配置如下
目的:将平台配置为有线连接外网,无线终端通过平台热点访问外网
固件:基于OpenWrt 15.5 release版本
平台:树莓派2
WIFI Driver:RTL8192CU
需要配置的文件: /etc/config/network, /etc/config/wireless, /etc/config/dhcp,/etc/config/filewall
PS:仅做个人记录
1. /etc/config/network配置如下
目的:将平台配置为有线连接外网,无线终端通过平台热点访问外网
config interface 'loopback' option ifname 'lo' option proto 'static' option ipaddr '127.0.0.1' option netmask '255.0.0.0' config interface wan option ifname eth0 option proto pppoe option username xxxxxxxx option password xxxxxxxx option peerdns 1 config interface lan option ifname wlan0 option proto static option ipaddr 192.168.66.253 option netmask 255.255.255.0 option nat 1 config globals 'globals' option ula_prefix 'fd75:48b7:1258::/48'
2. /etc/config/wireless 配置如下
config wifi-device radio0 option type mac80211 option channel 11 option hwmode 11g option path 'platform/bcm2708_usb/usb1/1-1/1-1.5/1-1.5:1.0' option htmode HT20 # REMOVE THIS LINE TO ENABLE WIFI: option disabled 0 config wifi-iface option device radio0 option network lan option mode ap option ssid 'Router Test' # option encryption psk2 option encryption none # option key xxxxxxxx
3. /etc/config/dhcp 配置如下
config dnsmasq option domainneeded '1' option boguspriv '1' option filterwin2k '0' option localise_queries '1' option rebind_protection '1' option rebind_localhost '1' option local '/lan/' option domain 'lan' option expandhosts '1' option nonegcache '0' option authoritative '1' option readethers '1' option leasefile '/tmp/dhcp.leases' option resolvfile '/tmp/resolv.conf.auto' option localservice '1' config dhcp 'lan' option interface 'lan' option start '100' option limit '150' option leasetime '12h' # option dhcpv6 'server' # option ra 'server' config dhcp 'wan' option interface 'wan' option ignore '1'
4. /etc/config/firewall 配置如下
config defaults option syn_flood 1 option input ACCEPT option output ACCEPT option forward REJECT # Uncomment this line to disable ipv6 rules # option disable_ipv6 1 config zone option name lan list network 'lan' option input ACCEPT option output ACCEPT option forward ACCEPT config zone option name wan list network 'wan' list network 'wan6' # option input REJECT option input ACCEPT option output ACCEPT # option forward REJECT option forward ACCEPT option masq 1 option mtu_fix 1 config forwarding option src lan option dest wan # We need to accept udp packets on port 68, # see https://dev.openwrt.org/ticket/4108 config rule option name Allow-DHCP-Renew option src wan option proto udp option dest_port 68 option target ACCEPT option family ipv4 # Allow IPv4 ping config rule option name Allow-Ping option src wan option proto icmp option icmp_type echo-request option family ipv4 option target ACCEPT config rule option name Allow-IGMP option src wan option proto igmp option family ipv4 option target ACCEPT # Allow DHCPv6 replies # see https://dev.openwrt.org/ticket/10381 config rule option name Allow-DHCPv6 option src wan option proto udp option src_ip fe80::/10 option src_port 547 option dest_ip fe80::/10 option dest_port 546 option family ipv6 option target ACCEPT config rule option name Allow-MLD option src wan option proto icmp option src_ip fe80::/10 list icmp_type '130/0' list icmp_type '131/0' list icmp_type '132/0' list icmp_type '143/0' option family ipv6 option target ACCEPT # Allow essential incoming IPv6 ICMP traffic config rule option name Allow-ICMPv6-Input option src wan option proto icmp list icmp_type echo-request list icmp_type echo-reply list icmp_type destination-unreachable list icmp_type packet-too-big list icmp_type time-exceeded list icmp_type bad-header list icmp_type unknown-header-type list icmp_type router-solicitation list icmp_type neighbour-solicitation list icmp_type router-advertisement list icmp_type neighbour-advertisement option limit 1000/sec option family ipv6 option target ACCEPT # Allow essential forwarded IPv6 ICMP traffic config rule option name Allow-ICMPv6-Forward option src wan option dest * option proto icmp list icmp_type echo-request list icmp_type echo-reply list icmp_type destination-unreachable list icmp_type packet-too-big list icmp_type time-exceeded list icmp_type bad-header list icmp_type unknown-header-type option limit 1000/sec option family ipv6 option target ACCEPT # include a file with users custom iptables rules config include option path /etc/firewall.user # allow IPsec/ESP and ISAKMP passthrough config rule option src wan option dest lan option proto esp option target ACCEPT config rule option src wan option dest lan option dest_port 500 option proto udp option target ACCEPT
内容来自用户分享和网络整理,不保证内容的准确性,如有侵权内容,可联系管理员处理 
相关文章推荐
- 路由器网络服务安全配置
- Cisco网络教材:路由器寄存器的配置
- 初涉网络实验-路由器端口的开启与配置
- 企业网络环境下路由器的配置
- linux下网络配置的简单了解
- Ubuntu简单网络配置
- 路由器网络服务安全配置
- Ubuntu 8.0.4简单网络配置
- Linux之 ubuntu 7.04配置网络桥使virtualbox虚拟机联网的简单方法
- 路由器网络服务安全配置
- Linux下的一些简单网络配置命令介绍
- 我做网络实验的几个简单配置
- 正确配置思科路由器口令从而保障网络安全
- 正确配置思科路由器口令从而保障网络安全
- 路由器网络服务安全配置
- Linux操作系统下的一些简单网络配置命令
- cisco路由器简单配置
- Cisco 网络教材之路由器的配置详细解析
- linux系统下安装samba,和简单网络配置