TP-LINK3020 в качестве роутера с ethernet в wi-fi на OpenWRT
29.03.2014 - 08:35
Имеем "карманный" роутер TP-LINK-3020 на правильной прошивке от OpenWRT (tl-mr3020v1_ru_3_15_2_up_boot(130507).bin), необходимо было заставить его выполнять свои прямые обязанности, раздавать инет по wifi клиентам.
INTERNET <---> wan(eth0)-[TPLINK3020]-wlan(radio0) <---> Client WIFI
Первоначально необходимо сконфигурировать сетевые интерфейсы:
#vi /etc/config/network
#LOOPBACK
config interface 'loopback'
option ifname 'lo'
option proto 'static'
option ipaddr '127.0.0.1'
option netmask '255.0.0.0'
#ETHERNET
config interface 'wan'
option ifname 'eth0'
option type 'bridge'
option proto 'static'
option ipaddr '192.168.64.254'
option netmask '255.255.255.0'
option gateway '192.168.64.1'
list dns '8.8.8.8'
# Wi-Fi
config interface 'wlan'
option proto 'static'
option ipaddr '10.0.0.1'
option netmask '255.255.255.0'
config interface 'loopback'
option ifname 'lo'
option proto 'static'
option ipaddr '127.0.0.1'
option netmask '255.0.0.0'
#ETHERNET
config interface 'wan'
option ifname 'eth0'
option type 'bridge'
option proto 'static'
option ipaddr '192.168.64.254'
option netmask '255.255.255.0'
option gateway '192.168.64.1'
list dns '8.8.8.8'
# Wi-Fi
config interface 'wlan'
option proto 'static'
option ipaddr '10.0.0.1'
option netmask '255.255.255.0'
Переходим к настройке самого Wi-Fi:
#vi /etc/config/wireless
config wifi-device 'radio0'
option type 'mac80211'
option channel '11'
option macaddr '90:d6:42:20:b2:e1'
option hwmode '11ng'
option htmode 'HT20'
list ht_capab 'SHORT-GI-20'
list ht_capab 'SHORT-GI-40'
list ht_capab 'RX-STBC1'
list ht_capab 'DSSS_CCK-40'
option country 'RU'
option disabled '0'
option channel '2'
option txpower '20'
config wifi-iface
option device 'radio0'
option network 'wlan'
option mode 'ap'
option ssid 'Имя сети'
option encryption 'psk2'
option key 'Ваш пароль'
option type 'mac80211'
option channel '11'
option macaddr '90:d6:42:20:b2:e1'
option hwmode '11ng'
option htmode 'HT20'
list ht_capab 'SHORT-GI-20'
list ht_capab 'SHORT-GI-40'
list ht_capab 'RX-STBC1'
list ht_capab 'DSSS_CCK-40'
option country 'RU'
option disabled '0'
option channel '2'
option txpower '20'
config wifi-iface
option device 'radio0'
option network 'wlan'
option mode 'ap'
option ssid 'Имя сети'
option encryption 'psk2'
option key 'Ваш пароль'
Настраивем DHCP сервер на wlan интерфейсе (wifi):
#vi /etc/config/dhcp
config dnsmasq
option domainneeded '1'
option boguspriv '1'
option filterwin2k '0'
option localise_queries '1'
option rebind_protection '1'
option rebind_localhost '1'
option local '/lan/'
option domain 'lan'
option expandhosts '1'
option nonegcache '0'
option authoritative '1'
option readethers '1'
option leasefile '/tmp/dhcp.leases'
option resolvfile '/tmp/resolv.conf.auto'
config dhcp 'wlan'
option interface 'wlan'
option start '100'
option limit '150'
option leasetime '12h'
option ignore '0' #включить DHCP сервер
config dhcp 'wan'
option interface 'wan'
option ignore '1'
option domainneeded '1'
option boguspriv '1'
option filterwin2k '0'
option localise_queries '1'
option rebind_protection '1'
option rebind_localhost '1'
option local '/lan/'
option domain 'lan'
option expandhosts '1'
option nonegcache '0'
option authoritative '1'
option readethers '1'
option leasefile '/tmp/dhcp.leases'
option resolvfile '/tmp/resolv.conf.auto'
config dhcp 'wlan'
option interface 'wlan'
option start '100'
option limit '150'
option leasetime '12h'
option ignore '0' #включить DHCP сервер
config dhcp 'wan'
option interface 'wan'
option ignore '1'
Настройки "огненной стены":
#vi /etc/config/firewall
config defaults
option syn_flood '1'
option input 'ACCEPT'
option output 'ACCEPT'
option forward 'ACCEPT'
config zone
option name 'wlan'
option input 'ACCEPT'
option output 'ACCEPT'
option forward 'ACCEPT'
option network 'wlan'
config zone
option name 'wan'
option network 'wan'
option input 'ACCEPT'
option output 'ACCEPT'
option forward 'REJECT'
option masq '1'
option mtu_fix '1'
config forwarding
option src 'wlan'
option dest 'wan'
config forwarding
option src 'wan'
option dest 'wlan'
config rule
option name 'Allow-DHCP-Renew'
option src 'wan'
option proto 'udp'
option dest_port '68'
option target 'ACCEPT'
option family 'ipv4'
config rule
option name 'Allow-Ping'
option src 'wan'
option proto 'icmp'
option icmp_type 'echo-request'
option family 'ipv4'
option target 'ACCEPT'
config rule
option name 'Allow-DHCPv6'
option src 'wan'
option proto 'udp'
option src_ip 'fe80::/10'
option src_port '547'
option dest_ip 'fe80::/10'
option dest_port '546'
option family 'ipv6'
option target 'ACCEPT'
config rule
option name 'Allow-ICMPv6-Input'
option src 'wan'
option proto 'icmp'
list icmp_type 'echo-request'
list icmp_type 'echo-reply'
list icmp_type 'destination-unreachable'
list icmp_type 'packet-too-big'
list icmp_type 'time-exceeded'
list icmp_type 'bad-header'
list icmp_type 'unknown-header-type'
list icmp_type 'router-solicitation'
list icmp_type 'neighbour-solicitation'
list icmp_type 'router-advertisement'
list icmp_type 'neighbour-advertisement'
option limit '1000/sec'
option family 'ipv6'
option target 'ACCEPT'
config rule
option name 'Allow-ICMPv6-Forward'
option src 'wan'
option dest '*'
option proto 'icmp'
list icmp_type 'echo-request'
list icmp_type 'echo-reply'
list icmp_type 'destination-unreachable'
list icmp_type 'packet-too-big'
list icmp_type 'time-exceeded'
list icmp_type 'bad-header'
list icmp_type 'unknown-header-type'
option limit '1000/sec'
option family 'ipv6'
option target 'ACCEPT'
option syn_flood '1'
option input 'ACCEPT'
option output 'ACCEPT'
option forward 'ACCEPT'
config zone
option name 'wlan'
option input 'ACCEPT'
option output 'ACCEPT'
option forward 'ACCEPT'
option network 'wlan'
config zone
option name 'wan'
option network 'wan'
option input 'ACCEPT'
option output 'ACCEPT'
option forward 'REJECT'
option masq '1'
option mtu_fix '1'
config forwarding
option src 'wlan'
option dest 'wan'
config forwarding
option src 'wan'
option dest 'wlan'
config rule
option name 'Allow-DHCP-Renew'
option src 'wan'
option proto 'udp'
option dest_port '68'
option target 'ACCEPT'
option family 'ipv4'
config rule
option name 'Allow-Ping'
option src 'wan'
option proto 'icmp'
option icmp_type 'echo-request'
option family 'ipv4'
option target 'ACCEPT'
config rule
option name 'Allow-DHCPv6'
option src 'wan'
option proto 'udp'
option src_ip 'fe80::/10'
option src_port '547'
option dest_ip 'fe80::/10'
option dest_port '546'
option family 'ipv6'
option target 'ACCEPT'
config rule
option name 'Allow-ICMPv6-Input'
option src 'wan'
option proto 'icmp'
list icmp_type 'echo-request'
list icmp_type 'echo-reply'
list icmp_type 'destination-unreachable'
list icmp_type 'packet-too-big'
list icmp_type 'time-exceeded'
list icmp_type 'bad-header'
list icmp_type 'unknown-header-type'
list icmp_type 'router-solicitation'
list icmp_type 'neighbour-solicitation'
list icmp_type 'router-advertisement'
list icmp_type 'neighbour-advertisement'
option limit '1000/sec'
option family 'ipv6'
option target 'ACCEPT'
config rule
option name 'Allow-ICMPv6-Forward'
option src 'wan'
option dest '*'
option proto 'icmp'
list icmp_type 'echo-request'
list icmp_type 'echo-reply'
list icmp_type 'destination-unreachable'
list icmp_type 'packet-too-big'
list icmp_type 'time-exceeded'
list icmp_type 'bad-header'
list icmp_type 'unknown-header-type'
option limit '1000/sec'
option family 'ipv6'
option target 'ACCEPT'
- Войдите на сайт для отправки комментариев
- Версия для печати