海运的博客

N1盒子armbian编译内核开启iptables透明代理重定向REDIRECT模块

发布时间:November 17, 2018 // 分类:N1 // 2 Comments

armbian默认内核开启REDIRECT涉及的选项较多,不能使用仅编译内核模块方式,可编译内核并替换。

首先开启Netfilter nf_tables support,然后选择nf_tables redirect support,路径见图片顶部。

2018-11-17_154225.png

开启ipv4 nf_tables support、ipv4 redirect support for nf_tables、redirect target support:

2018-11-17_153925.png

开启ipv6 nf_tables support和ipv6 redirect support for nf_tables:

2018-11-17_154122.png

ubuntu18.04编译使用transmission2.92/2.94/3.0跳过校验

发布时间:November 16, 2018 // 分类:PT // No Comments

安装编译环境及transmission依赖:

apt-get install ca-certificates libcurl4-openssl-dev libssl-dev pkg-config build-essential checkinstall libevent-dev intltool libtool zlib1g-dev

下载编译transmission:

wget http://archive.ubuntu.com/ubuntu/pool/main/t/transmission/transmission_2.92.orig.tar.gz
tar zxvf transmission_2.92.orig.tar.gz 
cd transmission-2.92
wget http://archive.ubuntu.com/ubuntu/pool/main/t/transmission/transmission_2.92-3ubuntu2.debian.tar.xz
tar Jxvf transmission_2.92-3ubuntu2.debian.tar.xz 
#打openssl补丁,不然编译失败
patch -p 1 < debian/patches/f91cf5ad8c677b61ceb0bf5877b87f9e93256dd7.patch 
#patch -p 1 < debian/patches/8c8386a7f3f482a9c917f51d28e0042e55f56b3e.patch 
#patch -p 1 < debian/patches/transmission-fix-dns-rebinding-vuln.patch 
#transmission跳过校验patch
wget https://github.com/superlukia/transmission-2.92_skiphashcheck/commit/56e327d1dacb5b3453954b76a6d0edd30edb7a34.patch
patch -p 1 < 56e327d1dacb5b3453954b76a6d0edd30edb7a34.patch
./configure 
make 
#替换已安装的transmission-daemon
mv /usr/bin/transmission-daemon /usr/bin/transmission-daemon.bak
cp daemon/transmission-daemon /usr/bin/transmission-daemon

2.94:

apt-get source transmission-daemon
#tar zxf transmission_2.94.orig.tar.gz transmission-2.94/
cd transmission-2.94/
wget https://github.com/blackyau/Transmission_SkipHashChek/commit/0a18e4dffc7002eb80abe39ae8c8c8aec1205967.patch
git apply 0a18e4dffc7002eb80abe39ae8c8c8aec1205967.patch
./autogen.sh
make

3.0:

apt install git ca-certificates libcurl4-openssl-dev libssl-dev pkg-config build-essential checkinstall libevent-dev intltool libtool zlib1g-dev libglib2.0-dev libsystemd-dev
git clone https://github.com/transmission/transmission
cd transmission/
git checkout 3.00
git submodule update --init
git clone https://github.com/TonyRL/docker-transmission-skip-hash-check.git
patch -p0 < docker-transmission-skip-hash-check/patches/001-skip-hash-checking.patch 
patch -p0 < docker-transmission-skip-hash-check/patches/002-fdlimit.patch 
patch -p0 < docker-transmission-skip-hash-check/patches/003-random-announce.patch 
./autogen.sh --prefix=/usr/local/transmission --with-systemd 
make && make install

如果编译时没安装libsystemd依赖,需修改下systemd服务,不然通过systemctl启动transmission会卡住。

cat /etc/systemd/system/multi-user.target.wants/transmission-daemon.service
[Unit]
Description=Transmission BitTorrent Daemon
After=network.target

[Service]
User=debian-transmission
#Type=notify
Type=simple
ExecStart=/usr/bin/transmission-daemon -f --log-error -g /var/lib/transmission-daemon/.config/transmission-daemon/
ExecStop=/bin/kill -s STOP $MAINPID
ExecReload=/bin/kill -s HUP $MAINPID

[Install]
WantedBy=multi-user.target

在WEB界面添加种子后校验时右键点击种子Ask tracker for more peers即可跳过校验。
另类方法:
https://www.jianshu.com/p/ab2df4282e59
参考:
https://github.com/superlukia/transmission-2.92_skiphashcheck
https://blog.csdn.net/Sardkit/article/details/79911925

路由iptables允许转发动态IPV6地址指定后缀

发布时间:November 16, 2018 // 分类: // No Comments

使用前缀为内网机器分配公网IP地址,如果需要在外网通过IPV6访问内网机器资源,由于前缀不固定,后缀是通过mac生成的,可以用ip6tables指定后缀允许访问:

ip6tables -I FORWARD -i pppoe-wan -d ::74f2:eac0:59d4:25ed/::ffff:ffff:ffff:ffff -j ACCEPT

参考:
https://superuser.com/questions/1181445/allow-traffic-through-a-firewall-to-a-dynamic-ipv6-address

ImageBuilder制作k2p潘多拉/PandoraBox固件

发布时间:November 2, 2018 // 分类:K2P // 8 Comments

基于ubuntu 18.04,安装依赖:

apt install build-essential libncurses5-dev zlib1g-dev gawk git  libssl-dev wget unzip python ocaml-nox help2man texinfo yui-compressor

下载最新版本18.10的ImageBuilder:

https://downloads.pangubox.com/pandorabox/18.10/targets/ralink/mt7621/PandoraBox-ImageBuilder-ralink-mt7621.Linux-x86_64.tar.xz
tar Jxf PandoraBox-ImageBuilder-ralink-mt7621.Linux-x86_64.tar.xz
cd PandoraBox-ImageBuilder-ralink-mt7621.Linux-x86_64

查看可编译的固件型号及其包含的软件包:

make info

制作固件:

#info显示的所有机型固件
make image
#仅制作k2p固件
make image PROFILE="k2p"
#安装额外的软件包,自编译软件先把软件放到packages/目录下
make image PROFILE="k2p" PACKAGES="wget"
#添加files目录内文件到固件内,如files/etc/config/network网络配置文件
make image PROFILE="k2p" FILES="files"
#查看更多选项
make help

默认的软件包在以下两个文件内:

include/target.mk
.profiles.mk 

开始使用默认配置制作k2p固件:

make image PROFILE="k2p"

遇到以下错误:

 regexp could be something like 'pkgname*' '*file*' or similar
 e.g. opkg info 'libstd*' or opkg search '*libop*' or opkg remove 'libncur*'
Makefile:140: recipe for target 'package_install' failed
make[2]: *** [package_install] Error 1
make[2]: Leaving directory '/tmp/PandoraBox-ImageBuilder-ralink-mt7621.Linux-x86_64'
Makefile:110: recipe for target '_call_image' failed
make[1]: *** [_call_image] Error 2
make[1]: Leaving directory '/tmp/PandoraBox-ImageBuilder-ralink-mt7621.Linux-x86_64'
Makefile:196: recipe for target 'image' failed
make: *** [image] Error 2

因为在Makerfile 144行要预先安装kernel文件,而package没kernel软件包,下载kernel:

wget https://downloads.pangubox.com/pandorabox/18.10/targets/ralink/mt7621/packages/kernel_3.14.79-1_mipsel_1004kc_dsp.ipk -P packages/

再次执行又出现错误:

Collected errors:
 * opkg_install_cmd: Cannot install package dosfsck.
 * opkg_install_cmd: Cannot install package fkmod-leds-gpio.
 * opkg_install_cmd: Cannot install package kmod-ipt-nathelper.
 * opkg_install_cmd: Cannot install package mkdosfs.
 * satisfy_dependencies_for: Cannot satisfy the following dependencies for ralink-utils:
 *      kmod-ipt-nathelper-extra * 
Makefile:140: recipe for target 'package_install' failed
make[2]: *** [package_install] Error 255
make[2]: Leaving directory '/tmp/PandoraBox-ImageBuilder-ralink-mt7621.Linux-x86_64'
Makefile:110: recipe for target '_call_image' failed
make[1]: *** [_call_image] Error 2
make[1]: Leaving directory '/tmp/PandoraBox-ImageBuilder-ralink-mt7621.Linux-x86_64'
Makefile:196: recipe for target 'image' failed
make: *** [image] Error 2

因为新版的openwrt将kmod-ipt-nathelper-extra 更改为kmod-nf-nathelper-extra,而潘多拉的源package没修改依赖,使用以下脚本在制作时更新源后修改软件依赖项kmod-ipt-nathelper-extra为kmod-nf-nathelper-extra:

#!/bin/bash
for file in `ls dl/18.10*`;do 
        echo $file;
        mv $file $file.gz
        gunzip $file.gz
        sed -i 's/kmod-ipt-nathelper-extra/kmod-nf-nathelper-extra/g' $file
        gzip -9 $file
        mv $file.gz $file
done
sed -i 's/kmod-ipt-nathelper/kmod-nf-nathelper/g' include/target.mk 

将以上保存为fix.sh到image build目录加可执行权限,并修改Makefile文件在122行$(MAKE) package_install前插入:

$(TOPDIR)/fix.sh

再次执行又遇到以下错误:

Collected errors:
 * opkg_install_cmd: Cannot install package dosfsck.
 * opkg_install_cmd: Cannot install package fkmod-leds-gpio.
 * opkg_install_cmd: Cannot install package mkdosfs.

因为上面这3个软件有的改名,有的名字写错,修复下:

sed -i 's/fkmod-leds-gpio/kmod-leds-gpio/g' .profiles.mk
sed -i 's/mkdosfs dosfsck/dosfstools/g' .profiles.mk
````
再次执行终于制作完成k2p固件,将制作的固件scp到路由/tmp/目录开始刷机:

scp bin/targets/ralink/mt7621/PandoraBox-ralink-mt7621-k2p-2018-10-26-git-85c67caa2-squashfs-sysupgrade.bin 192.168.168.1:/tmp/

k2p路由内使用[sysupgrade命令刷机][1]:

sysupgrade -n -v /tmp/PandoraBox-ralink-mt7621-k2p-2018-10-26-git-85c67caa2-squashfs-sysupgrade.bin

curl和wget指定ssl ca证书

发布时间:November 2, 2018 // 分类: // No Comments

openwrt下curl使用mbedtls,校验ssl要安装ca-bundle,wget使用libssl,校验ssl要安装ca-certificates,索性单独下载ca证书文件,curl和wget用配置文件指定ca证书。

curl -k https://curl.se/ca/cacert.pem -o /etc/ssl/certs/ca-certificates.crt
echo 'ca-certificate = /etc/ssl/certs/ca-certificates.crt' > ~/.wgetrc
echo 'cacert=/etc/ssl/certs/ca-certificates.crt' > ~/.curlrc

https://curl.se/docs/caextract.html

分类
最新文章
最近回复
  • opnfense: 谢谢博主!!!解决问题了!!!我之前一直以为内置的odhcp6就是唯一管理ipv6的方式
  • liyk: 这个方法获取的IPv6大概20分钟之后就会失效,默认路由先消失,然后Global IPV6再消失
  • 海运: 不好意思,没有。
  • zongboa: 您好,請問一下有immortalwrt設定guest Wi-Fi的GUI教學嗎?感謝您。
  • 海运: 恩山有很多。
  • swsend: 大佬可以分享一下固件吗,谢谢。
  • Jimmy: 方法一 nghtp3步骤需要改成如下才能编译成功: git clone https://git...
  • 海运: 地址格式和udpxy一样,udpxy和msd_lite能用这个就能用。
  • 1: 怎么用 编译后的程序在家里路由器内任意一台设备上运行就可以吗?比如笔记本电脑 m参数是笔记本的...
  • 孤狼: ups_status_set: seems that UPS [BK650M2-CH] is ...