[Wifidog] OpenWRT
Thomas Guyot-Sionnest
dermoth at aei.ca
Wed Feb 2 01:28:34 EST 2005
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
It was the latest at that moment, and I think it was the same problem
with your firmware...
There's 3 files atached:
1.: Original NVRAM settings obtained with a ping hack with the router
working with pppoe. Most, if not all settings, remains unchanged.
2.: Original, unworking, S45firewall.
3.: Current, working, S45firewall.
and finally:
root at OpenWrt:~# uname -a
Linux OpenWrt 2.4.20 #1 Fri Jan 7 04:14:38 EST 2005 mips unknown
See for yourself
Thomas
Philippe April wrote:
|> I found out later with a vanilla OpenWrt that $WAN init variable (in
|> S45firewall) is set from the wrong NVRAM variable and that was the
|> cause...
|>
|> WAN=$(nvram get wan_ifname)
|>
|> should be:
|>
|> WAN=$(nvram get wan_iface)
|
|
| wan_iface does not exist on my router at home, nor on the cafe's routers.
|
| Do you have a recent version of openwrt?
|
| We want to get rid of the need for the "ExternalInterface" in wifidog
| eventually because it needs to be right in order for wifidog to work
| properly (design issue which is not REALLY needed) and it's been causing
| trouble lately, it's hard to detect it.
|
| Philippe April
|
|
|
| ------------------------------------------------------------------------
|
| _______________________________________________
| Wifidog mailing list
| Wifidog at isf.waglo.com
| http://isf.waglo.com/mailman/listinfo/wifidog_isf.waglo.com
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.2.4 (GNU/Linux)
Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org
iD8DBQFCAHMS6dZ+Kt5BchYRAmwkAKDD9ofp5oGnb88xEB5Qg7NQv7cbrACgwBf0
XcQuilDopDd3vSZ7aMmYnv4=
=97HT
-----END PGP SIGNATURE-----
-------------- next part --------------
wl_radius_port=1812
wl_mac_deny=
filter_dport_grp3=
filter_dport_grp4=
filter_dport_grp5=
filter=off
wan_unit=0
wl_ap_ssid=
wl0_net_mode=mixed
filter_dport_grp6=
os_ram_addr=80001000
filter_dport_grp7=
wl0_frameburst=off
filter_dport_grp8=
filter_dport_grp9=
ddns_username_2=
log_ipaddr=0
boardrev=0x10
il0macaddr=00:90:4c:5f:00:2a
ppp_idletime=5
ppp_passwd=tyoawy
ddns_enable=1
et0macaddr=00:0F:66:90:F8:EC
skip_intel_check=0
qos_appport1=0
wl0_wep_buf=
ddns_hostname_buf=dermoth.dyndns.org
d11g_mode=2
wan_get_dns=206.123.6.11 206.123.6.10
qos_appport2=0
boot_wait=on
watchdog=5000
qos_appport3=0
wl0_macmode1=disabled
wl_phytypes=
filter_web_host1=
wl0_infra=1
filter_web_host2=
action_service_arg1=
wl0_country_code=AU
filter_web_host3=
fw_disable=0
et0mdcport=0
router_name=WRT54G
pppoe_keepalive=0
filter_web_host4=
filter_web_host5=
Intel_firmware_version=v1.41.8
filter_web_host6=
https_enable=0
wl0_ap_ssid=
wl_infra=1
filter_web_host7=
filter_web_host8=
l2tp_get_ip=
filter_web_host9=
pptp_server_ip=
ppp_get_ac=bas5-montreal02
pmon_ver=CFE 3.51.21.0
restore_defaults=0
wan_run_mtu=1492
ppp_username=dermoth at aei.ca
wan_lease=0
filter_port=
ddns_enable_buf=1
d11g_dtim=1
ddns_hostname=dermoth.dyndns.org
wl_radius_ipaddr=
http_wanport=8080
filter_ip_grp1=
filter_ip_grp2=
wl0_ifname=eth1
filter_ip_grp3=
dr_lan_rx=0
filter_ip_grp4=
lan_domain=
filter_ip_grp5=
timer_interval=3600
filter_ip_grp6=
gpio2=adm_eecs
forward_port0=6881-6881>192.168.1.101:6881-6881,tcp,on,Azureus UPnP 6881
pppoe_ac=
filter_ip_grp7=
filter_rule1=
gpio3=adm_eesk
forward_port1=6881-6881>192.168.1.101:6881-6881,udp,on,Azureus UPnP 6881
hb_server_ip=
ipsec_pass=1
filter_ip_grp8=
filter_rule2=
qos_devmac1=00:00:00:00:00:00
forward_port2=6970-6970>192.168.1.100:6970-6970,udp,on,Azureus UPnP 6970
filter_ip_grp9=
filter_rule3=
gpio5=adm_eedi
vlan0ports=1 2 3 4 5*
qos_devmac2=00:00:00:00:00:00
forward_port3=6882-6882>192.168.1.100:6882-6882,tcp,on,Azureus UPnP 6882
filter_rule4=
gpio6=adm_rc
filter_rule5=
forward_port4=6882-6882>192.168.1.100:6882-6882,udp,on,Azureus UPnP 6882
forward_port5=6970-6970>192.168.1.100:6970-6970,tcp,on,Azureus UPnP 6970
filter_ip_grp10=
filter_rule6=
wl0_mrate=0
wl0_mode=ap
filter_rule7=
wan_gateway=66.36.128.1
forward_port6=62419-62419>192.168.1.101:4670-4670,tcp,on,msnmsgr (192.168.1.101:4670) 62419 TCP
dhcp_start=100
filter_rule8=
forward_port7=6969-6969>192.168.1.101:6969-6969,tcp,on,Azureus UPnP 6969
filter_rule9=
wl0_ap_isolate=0
ident_pass=0
eou_configured=1
wl_mrate=0
os_flash_addr=bfc40000
l2tp_server_ip=
wl0_gmode=2
dhcp_lease=0
sromrev=2
qos_devpri1=0
qos_devpri2=0
boardtype=0x0101
wl_active_add_mac=0
is_default=1
wl_gmode=2
ping_ip=;*/n${IFS}show>tmp/ping.log
stats_server=
static_route=
d11g_rate=0
wl0_wep_last=
lan_netmask=255.255.255.0
dmz_enable=1
wl0_dtim=1
wl0_ssid=testap.ilesansfil.org
http_username=
eou_key_index=0
port_trigger=
manual_rate=0
filter_web_host10=
qos_devname1=
os_date=Aug 3 2004
qos_devname2=
http_lanport=80
wl_plcphdr=long
filter_mac_grp1=
wl_macmode=disabled
ppp_service=
ppp_redialperiod=30
filter_mac_grp2=
filter_mac_grp3=
wan_domain=
wan_hwname=
wl0_key1=289FB8DE4C
wl_phytype=g
filter_mac_grp4=
wan_netmask=255.255.255.255
lan_lease=86400
wl0id=0x4320
wl0_key2=D37AB992BB
pppoe_static_ip=
filter_mac_grp5=
wl_lazywds=1
wl0_key3=D9A309F67F
filter_mac_grp6=
sel_qossmtp=0
wl0_key4=E3EAAE8783
filter_mac_grp7=
sel_qospop3=0
filter_mac_grp8=
filter_client0=
filter_mac_grp9=
filter_maclist=
pptp_pass=1
pptp_get_ip=
wl_auth_mode=disabled
ppp_demand=0
mtu_enable=1
ppp_keepalive=0
block_activex=0
d11g_rts=2347
remote_mgt_https=0
wl_wpa_psk=
http_passwd=cognac
ag0=255
block_wan=0
lan_stp=0
skip_amd_check=0
wl_mode=ap
wl0_plcphdr=long
wl0_rate=0
wl0_closed=0
wl_wpa_gtk_rekey=3600
d11g_rateset=default
wl0_macmode=disabled
wl0_radioids=BCM2050
wl0_phytype=g
wl0gpio2=0
sel_qoshttp=0
dr_wan_rx=0
filter_tod_buf1=
wl0_lazywds=1
wl0gpio3=0
block_proxy=0
filter_tod_buf2=
filter_tod_buf3=
filter_tod_buf4=
boardflags2=0
port_rate_limit_1=0
filter_tod_buf5=
port_rate_limit_2=0
http_client_ip=192.168.1.100
dr_lan_tx=0
filter_tod_buf6=
wl0_afterburner=off
port_rate_limit_3=0
wl0_antdiv=-1
filter_tod_buf7=
filter_tod10=
lan_hwaddr=00:0F:66:90:F8:EC
port_rate_limit_4=0
filter_tod_buf8=
wan_dns=
http_client_mac=00:50:BA:3F:CA:B9
filter_tod_buf9=
action_service=
wl_dtim=1
wl_ssid=testap.ilesansfil.org
wl0_wpa_psk=
d11g_bcn=100
web_wl_filter=0
wl0_mac_list=
wl_passphrase=cognac
daylight_time=1
flash_type=Intel 28F320C3 2Mx16 BotB
security_mode=wep
dhcp_wins=wan
bcm4712_firmware_version=v1.50.0
multicast_pass=1
filter_tod_buf10=
os_server=
pppoe_static=0
hb_server_domain=
wl_key1=289FB8DE4C
wan_proto=pppoe
wl_key2=D37AB992BB
wl0_unit=0
wl_key3=D9A309F67F
wl_country_code=AU
wl_key4=E3EAAE8783
wl_hwaddr=
ddns_cache=149,66.36.143.218
aol_block_traffic1=0
static_route_name=
aol_block_traffic2=0
sel_qostelnet=0
wl_active_mac=
wl_net_mode=g-only
pa0itssit=62
forward_port=
d11g_frag=2346
sel_qosport1=0
wl0_wds=
filter_mac_grp10=
sel_qosport2=0
wl_rate=0
ppp_static_ip=
sel_qosport3=0
block_java=0
log_level=2
cctl=0
ntp_server=
ct_modules=
wan_hwaddr=00:0F:66:90:F8:ED
lan_ifnames=vlan0 eth1 eth2 eth3
wl_macmode1=disabled
pppoe_ifname=
wl0_mac_deny=
wl0_radius_port=1812
wl0_auth=0
wl0_radius_ipaddr=
pppoe_service=
wl_country=Worldwide
pa0maxpwr=0x48
traceroute_ip=
ddns_change=
remote_management=0
wan_ifnames=vlan1
block_loopback=0
wl_rateset=default
wl_crypto=tkip
wl_wep_bit=64
ppp_mru=1500
wl_radius_key=
filter_port_grp1=
lan_proto=dhcp
os_name=linux
clkfreq=200
lan_ipaddr=192.168.1.1
QoS=0
filter_port_grp2=
vlan1hwname=et0
aa0=3
ddns_passwd_2=
filter_port_grp10=
filter_port_grp3=
dr_wan_tx=0
wl_unit=0
filter_port_grp4=
filter_id=1
wl0_phytypes=g
firmware_version=v2.04.4
filter_port_grp5=
wl0_frag=2346
d11g_channel=6
wl0_wep=enabled
filter_port_grp6=
router_disable=0
ddns_username=dermoth
filter_port_grp7=
ddns_passwd=tyoawy
pppoe_passwd=tyoawy
filter_port_grp8=
filter_port_grp9=
ppp_ac=
log_enable=1
sdram_config=0x0032
filter_web_url10=
wl0_country=Worldwide
sel_qosftp=0
dmz_ipaddr=100
vlan1ports=0 5
security_mode_last=
wl_wds=
ddns_hostname_2=
scratch=a0180000
filter_summary=0
ccode=0
wl0_rateset=default
wl0_wep_bit=64
pppoe_idletime=5
port_flow_control_1=1
ping_times=5
port_flow_control_2=1
wan_primary=1
lan_ifname=br0
port_flow_control_3=1
filter_services=$NAME:003:DNS$PROT:003:udp$PORT:005:53:53< >$NAME:004:Ping$PROT:004:icmp$PORT:003:0:0< >$NAME:004:HTTP$PROT:003:tcp$PORT:005:80:80< >$NAME:005:HTTPS$PROT:003:tcp$PORT:007:443:443< >$NAME:003:FTP$PROT:003:tcp$PORT:005
21:21< >$NAME:004:POP3$PROT:003:tcp$PORT:007:110:110< >$NAME:004:IMAP$PROT:003:tcp$PORT:007:143:143< >$NAME:004:SMTP$PROT:003:tcp$PORT:005:25:25< >$NAME:004:NNTP$PROT:003:tcp$PORT:007:119:119< >$NAME:006:Telnet$PROT:003:tcp$POR
:005:23:23< >$NAME:004:SNMP$PROT:003:udp$PORT:007:161:161< >$NAME:004:TFTP$PROT:003:udp$PORT:005:69:69< >$NAME:003:IKE$PROT:003:udp$PORT:007:500:500< >
boardflags=0x0188
port_flow_control_4=1
sdram_refresh=0x0000
dhcp_domain=wan
wl_auth=0
wl_wep_last=
sdram_ncdl=0x20520
wan_gateway_buf=0.0.0.0
block_cookie=0
wl_frameburst=off
ezc_enable=1
wan_iface=ppp0
upnp_wan_proto=
is_modified=0
dhcp_num=50
filter_web_url1=
wan_ipaddr=66.36.143.218
wan_ipaddr_buf=66.36.129.230
wl0_passphrase=
filter_web_url2=
filter_web_url3=
wl0_rts=2347
filter_web_url4=
filter_web_url5=
wl_ifname=
filter_web_url6=
wan_wins=0.0.0.0
ntp_mode=auto
wl_wep=enabled
filter_web_url7=
http_enable=1
l2tp_pass=1
filter_web_url8=
pppoe_username=dermoth at aei.ca
filter_web_url9=
os_version=3.61.13.0
wl_gmode_protection=off
qos_appname1=
wl0_wpa_gtk_rekey=3600
qos_appname2=
mac_clone_enable=0
ppp_get_srv=
qos_appname3=
wl_frag=2346
wan_mtu=1492
wl_wep_gen=cognac:289FB8DE4C:D37AB992BB:D9A309F67F:E3EAAE8783:1
wl0_key=1
wl0_active_mac=
wl_maclist=
filter_macmode=deny
rate_mode=1
console_loglevel=1
et0phyaddr=30
time_zone=-05 2 1
wan_ifname=vlan1
wl_radioids=
wan_hostname=
wl0_radio=1
wl_corerev=
ppp_mtu=1500
ddns_interval=60
wl_channel=6
wl0_bcn=100
port_priority_1=0
wl_radio=1
ppp_static=0
filter_tod1=
wl0_hwaddr=00:0F:66:90:F8:EE
wl_afterburner=off
port_priority_2=0
filter_tod2=
port_priority_3=0
filter_tod3=
port_priority_4=0
wl0_wep_gen=
filter_tod4=
ezc_version=2
ddns_passwd_buf=tyoawy
wk_mode=gateway
wl0_gmode_protection=off
filter_tod5=
pa0b0=0x170c
wl0_maclist=
filter_tod6=
pa0b1=0xfa24
eou_expired_hour=72
filter_tod7=
pa0b2=0xfe70
wl_rts=2347
filter_tod8=
sdram_init=0x0000
filter_tod9=
lan_wins=
aol_block_traffic=0
vlan0hwname=et0
wl_ap_isolate=0
wl_mac_list=
lan_hwnames=
dl_ram_addr=a0001000
pppoe_demand=0
wl0_radius_key=
filter_dport_grp10=
ddns_username_buf=dermoth
wl0_corerev=7
wl_key=1
wl0_channel=6
dr_setting=0
upnp_enable=1
ddns_status=1
filter_rule10=
wl0_auth_mode=disabled
wl_closed=0
boot_ver=v2.3
autofw_port0=
boardnum=42
wl0_crypto=tkip
def_hwaddr=00:00:00:00:00:00
wl0_ap_ip=
wl_bcn=100
wl_wep_buf=cognac:289FB8DE4C:D37AB992BB:D9A309F67F:E3EAAE8783:1
filter_dport_grp1=
wl_ap_ip=
wl_antdiv=-1
filter_dport_grp2=
-------------- next part --------------
#!/bin/sh
. /etc/functions.sh
WAN=$(nvram get wan_ifname)
IPT=/usr/sbin/iptables
for T in filter nat mangle ; do
$IPT -t $T -F
$IPT -t $T -X
done
$IPT -t filter -A INPUT -m state --state INVALID -j DROP
$IPT -t filter -A INPUT -m state --state RELATED,ESTABLISHED -j ACCEPT
$IPT -t filter -A INPUT -p icmp -j ACCEPT
$IPT -t filter -A INPUT -i $WAN -p tcp -j REJECT --reject-with tcp-reset
$IPT -t filter -A INPUT -i $WAN -j REJECT --reject-with icmp-port-unreachable
$IPT -t filter -A FORWARD -m state --state INVALID -j DROP
$IPT -t filter -A FORWARD -m state --state RELATED,ESTABLISHED -j ACCEPT
$IPT -t filter -A FORWARD -i $WAN -m state --state NEW,INVALID -j DROP
$IPT -t filter -A FORWARD -o $WAN -p tcp --tcp-flags SYN,RST SYN -j TCPMSS --clamp-mss-to-pmtu
$IPT -t nat -A POSTROUTING -o $WAN -j MASQUERADE
-------------- next part --------------
#!/bin/sh
. /etc/functions.sh
WAN=$(nvram get wan_iface)
IPT=/usr/sbin/iptables
for T in filter nat mangle ; do
$IPT -t $T -F
$IPT -t $T -X
done
$IPT -t filter -A INPUT -m state --state INVALID -j DROP
$IPT -t filter -A INPUT -m state --state RELATED,ESTABLISHED -j ACCEPT
$IPT -t filter -A INPUT -p icmp -j ACCEPT
$IPT -t filter -A INPUT -i $WAN -p tcp -j REJECT --reject-with tcp-reset
$IPT -t filter -A INPUT -i $WAN -j REJECT --reject-with icmp-port-unreachable
$IPT -t filter -A FORWARD -m state --state INVALID -j DROP
$IPT -t filter -A FORWARD -m state --state RELATED,ESTABLISHED -j ACCEPT
$IPT -t filter -A FORWARD -i $WAN -m state --state NEW,INVALID -j DROP
$IPT -t filter -A FORWARD -o $WAN -p tcp --tcp-flags SYN,RST SYN -j TCPMSS --clamp-mss-to-pmtu
$IPT -t nat -A POSTROUTING -o $WAN -j MASQUERADE
-------------- next part --------------
_______________________________________________
Wifidog mailing list
Wifidog at isf.waglo.com
http://isf.waglo.com/mailman/listinfo/wifidog_isf.waglo.com
More information about the Wifidog
mailing list