海运的博客

发个自己编译的OpenWRT官方稳定版加IPID/TTL固件下载

发布时间:September 14, 2012 // 分类:OpenWrt // 4 Comments

使用Openwrt官方源最新稳定版编译,添加IPID/TTL模块,适用于RG100AA和DB120。
linux内核版本:

Linux OpenWrt 2.6.32.27 #2 Fri Sep 14 17:12:10 CST 2012 mips GNU/Linux

编译安装的软件如下:

opkg list-installed
base-files - 43.35-r33081
bash - 4.2-2
busybox - 1.15.3-3.4
crda - 1.1.1-1
ddns-scripts - 1.0.0-18
dnsmasq - 2.55-6.1
dropbear - 0.53.1-6
gpioctl - 1.0-1
hotplug2 - 1.0-beta-3
ip - 2.6.29-1-2
iptables - 1.4.6-3.1
iptables-mod-conntrack - 1.4.6-3.1
iptables-mod-conntrack-extra - 1.4.6-3.1
iptables-mod-extra - 1.4.6-3.1
iptables-mod-filter - 1.4.6-3.1
iptables-mod-hashlimit - 1.4.6-3.1
iptables-mod-imq - 1.4.6-3.1
iptables-mod-ipopt - 1.4.6-3.1
iptables-mod-ipsec - 1.4.6-3.1
iptables-mod-nat - 1.4.6-3.1
iptables-mod-nat-extra - 1.4.6-3.1
iw - 0.9.22-2
kernel - 2.6.32.27-1
kmod-b43 - 2.6.32.27+2011-12-01-1
kmod-cfg80211 - 2.6.32.27+2011-12-01-1
kmod-crc-ccitt - 2.6.32.27-1
kmod-crypto-aes - 2.6.32.27-1
kmod-crypto-arc4 - 2.6.32.27-1
kmod-crypto-core - 2.6.32.27-1
kmod-fs-ext3 - 2.6.32.27-1
kmod-fs-ntfs - 2.6.32.27-1
kmod-fs-vfat - 2.6.32.27-1
kmod-ipt-conntrack - 2.6.32.27-1
kmod-ipt-conntrack-extra - 2.6.32.27-1
kmod-ipt-core - 2.6.32.27-1
kmod-ipt-extra - 2.6.32.27-1
kmod-ipt-filter - 2.6.32.27-1
kmod-ipt-hashlimit - 2.6.32.27-1
kmod-ipt-imq - 2.6.32.27-1
kmod-ipt-ipopt - 2.6.32.27-1
kmod-ipt-ipsec - 2.6.32.27-1
kmod-ipt-nat - 2.6.32.27-1
kmod-ipt-nat-extra - 2.6.32.27-1
kmod-mac80211 - 2.6.32.27+2011-12-01-1
kmod-macvlan - 2.6.32.27-1
kmod-nls-base - 2.6.32.27-1
kmod-nls-cp437 - 2.6.32.27-1
kmod-nls-iso8859-1 - 2.6.32.27-1
kmod-nls-utf8 - 2.6.32.27-1
kmod-ppp - 2.6.32.27-1
kmod-pppoe - 2.6.32.27-1
kmod-sched - 2.6.32.27-1
kmod-scsi-core - 2.6.32.27-1
kmod-switch - 2.6.32.27-4
kmod-textsearch - 2.6.32.27-1
kmod-usb-core - 2.6.32.27-1
kmod-usb-ohci - 2.6.32.27-1
kmod-usb-storage - 2.6.32.27-1
kmod-usb2 - 2.6.32.27-1
l7-protocols - 2009-05-28-1
libc - 0.9.30.1-43.35
libevent2 - 2.0.16-1
libgcc - 4.3.3+cs-43.35
libip4tc - 1.4.6-3.1
libiwinfo - 18.2
libiwinfo-lua - 18.2
liblua - 5.1.4-7
libncurses - 5.7-2
libnl-tiny - 0.1-2.1
libopenssl - 0.9.8x-1
libpcap - 1.0.0-2
libpthread - 0.9.30.1-43.35
librt - 0.9.30.1-43.35
libuci - 12012009.7-4
libuci-lua - 12012009.7-4
libxtables - 1.4.6-3.1
lrzsz - 0.12.20-2
lua - 5.1.4-7
luci-app-ddns - 0.10+svn9273-1
luci-i18n-chinese - 0.10+svn9273-1
luci-i18n-english - 0.10+svn9273-1
luci-lib-core - 0.10+svn9273-1
luci-lib-ipkg - 0.10+svn9273-1
luci-lib-lmo - 0.10+svn9273-1
luci-lib-nixio - 0.10+svn9273-1
luci-lib-sys - 0.10+svn9273-1
luci-lib-web - 0.10+svn9273-1
luci-mod-admin-core - 0.10+svn9273-1
luci-mod-admin-full - 0.10+svn9273-1
luci-proto-core - 0.10+svn9273-1
luci-proto-ppp - 0.10+svn9273-1
luci-sgi-cgi - 0.10+svn9273-1
luci-sgi-uhttpd - 0.10+svn9273-1
luci-theme-base - 0.10+svn9273-1
luci-theme-openwrt - 0.10+svn9273-1
mtd - 13
openssh-client - 5.9p1-4
opkg - 576-2
ppp - 2.4.4-16.1
ppp-mod-pppoe - 2.4.4-16.1
tc - 2.6.29-1-2
tcpdump - 4.1.1-2
tmux - 1.6-2
uci - 12012009.7-4
udevtrigger - 106-1
uhttpd - 28.1
uhttpd-mod-lua - 28.1
wireless-tools - 29-4
wpad-mini - 20111103-3
zlib - 1.2.3-5

IPID及TTL使用参数参考:Openwrt/Linux使用IPID和TTL模块防网络尖兵

Openwrt更改shell为bash使用bash-completion命令补全

发布时间:September 11, 2012 // 分类:OpenWrt // 1 Comment

OpenWRT安装bash及bash-completion:

#https://www.haiyun.me
opkg update
opkg install bash-completion

更改用户shell为bash:

cat /etc/passwd 
root:AABBBDDDdDDDDDDDDDD42fmHU/:0:0:root:/root:/bin/bash

配置bash-completion命令参数补全:

echo '. /etc/bash_completion' >> /etc/bashrc

在使用命令补全时如出现以下错误:

-bash: /dev/fd/60: No such file or directory

创建/dev/fd链接:

ln -s /proc/self/fd /dev/fd

Openwrt路由宽带多拨叠加及多线路wan负载均衡

发布时间:September 8, 2012 // 分类:OpenWrt // 2 Comments

OpenWRT使用macvlan虚拟多wan:

opkg update
opkg install kmod-macvlan
#https://www.haiyun.me
#eth1.1为wan接口
ip link add link eth1.1 eth1.2 type macvlan
ip link set eth1.2 address 00:1f:a3:65:55:2d
ip link set eth1.2 up
ip link add link eth1.1 eth1.3 type macvlan
ip link set eth1.3 address 00:1f:a3:65:55:3d
ip link set eth1.3 up    

拨号时写入脚本同时多拨,也可使用morfast修改的pppd提高多拨成功率,PPPD拨号参数:

/usr/sbin/pppd plugin rp-pppoe.so mtu 1492 mru 1492 nic-eth1.1 persist usepeerdns nodefaultroute \
user <user> password <passwd> ipparam wan ifname pppoe-wan1 &

多拨成功后配置多路由负载均衡:

ip route add default scope global nexthop via ip1 dev pppoe-wan1 weight 1 nexthop via ip2 dev \
pppoe-wan2 weight 1 nexthop via ip3 dev pppoe-wan3 weight 1

iptables添加SNAT:

iptables -t nat -A POSTROUTING -s 192.168.1.0/24 -o pppoe-wan1 -j MASQUERADE
iptables -t nat -A POSTROUTING -s 192.168.1.0/24 -o pppoe-wan2 -j MASQUERADE
iptables -t nat -A POSTROUTING -s 192.168.1.0/24 -o pppoe-wan3 -j MASQUERADE

一段时间后查看负载均衡效果:

iptables -t nat -L POSTROUTING -nv
Chain POSTROUTING (policy ACCEPT 1206 packets, 81303 bytes)
 pkts bytes target     prot opt in     out     source               destination         
 1948  158K MASQUERADE  all  --  *      pppoe-wan1  192.168.1.0/24       0.0.0.0/0           
 1943  159K MASQUERADE  all  --  *      pppoe-wan2  192.168.1.0/24       0.0.0.0/0           
 1912  559K MASQUERADE  all  --  *      pppoe-wan3  192.168.1.0/24       0.0.0.0/0

为公平分配可禁用路由缓存:

echo -1 > /proc/sys/net/ipv4/rt_cache_rebuild_count

另外可参考使用iptables nth标记策略路由实现负载均衡

Linux/Openwrt策略路由配置使用

发布时间:September 8, 2012 // 分类:OpenWrt // No Comments

Linux多可支持255个路由表,查看当前路由表:

ip rule ls
0:    from all lookup local 
32766:    from all lookup main 
32767:    from all lookup default 

根据源IP或目标IP选择路由表:

#新建路由表ID与名称映射
echo '252 haiyun' >> /etc/iproute2/rt_tables 
#设置源ip走特定路由表
ip rule add from 192.168.1.5 table haiyun pref 32764
#路由表默认路由
ip route add default via 192.168.1.2 dev pppoe-wan2 table haiyun
#刷新路由缓存
ip route flush cache

基于iptables标记选择路由表:

#iptables标记数据包
iptables -t mangle -APREROUTING -p udp --dport 53 -j MARK --set-mark 20
#iptables标记的数据包走特定路由表
ip rule add fwmark 20 table haiyun pref 32763
#路由表默认路由
ip route add default via 192.168.1.2 dev pppoe-wan2 table haiyun

查看当前路由表规则:

ip rule ls
0:    from all lookup local 
32764:    from 192.168.1.5 lookup haiyun
32765:    from all lookup main 
32766:    from all lookup main 
32767:    from all lookup default 

查看路由表haiyun下路由项:

ip route ls table haiyun
default via 192.168.1.2 dev eth1 

Linux/Openwrt路由安装配置UPNP服务提高迅雷下载速度

发布时间:September 7, 2012 // 分类:OpenWrt // 1 Comment

路由器下电脑为实现互联网端到端的连接需要配置DNAT(端口映射),UPNP就相当于自动化DNAT的实现,路由和客户端软件都需支持UPNP。
Openwrt路由下安装UPNP服务:

#https://www.haiyun.me
opkg update
opkg install miniupnpd

配置Iptables UPNP链,用于发现UPNP后在此链自动添加端口映射。

#允许特定转发
iptables -N MINIUPNPD
iptables -I FORWARD -i pppoe-wan -o br-lan -j MINIUPNPD
#DNAT端口映射
iptables -t nat -N MINIUPNPD
iptables -t nat -I PREROUTING -i pppoe-wan -j MINIUPNPD

UPNP配置文件:

cat /var/etc/miniupnpd.conf 
#https://www.haiyun.me
ext_ifname=pppoe-wan
listening_ip=192.168.1.1
port=5000
enable_natpmp=yes
enable_upnp=yes
secure_mode=yes
system_uptime=yes
bitrate_down=28672000
bitrate_up=2867200
uuid=a107991c-8b19-4ce4-a525-36bd2c814165
allow 1024-65535 0.0.0.0/0 1024-65535
deny 0-65535 0.0.0.0/0 0-65535

开启UPNP服务:

/etc/init.d/miniupnpd enable
/etc/init.d/miniupnpd start

使用迅雷开启UPNP测试,查看日志UPNP服务已为迅雷添加端口映射:

Sep  7 19:06:01 OpenWrt daemon.info miniupnpd[7232]: HTTP connection from 192.168.1.16:45067
Sep  7 19:06:01 OpenWrt daemon.info miniupnpd[7232]: HTTP REQUEST : POST /ctl/IPConn (HTTP/1.1)
Sep  7 19:06:01 OpenWrt daemon.info miniupnpd[7232]: SOAPAction: urn:schemas-upnp-org:service:WANIPConnection:1#AddPortMapping
Sep  7 19:06:01 OpenWrt daemon.info miniupnpd[7232]: AddPortMapping: ext port 65379 to 192.168.1.16:65379 protocol TCP for: Thunder5
Sep  7 19:06:01 OpenWrt daemon.debug miniupnpd[7232]: UPnP permission rule 0 matched : port mapping accepted
Sep  7 19:06:01 OpenWrt daemon.info miniupnpd[7232]: redirecting port 65379 to 192.168.1.16:65379 protocol TCP for: Thunder5
Sep  7 19:06:01 OpenWrt daemon.info miniupnpd[7232]: HTTP connection from 192.168.1.16:45068
Sep  7 19:06:01 OpenWrt daemon.info miniupnpd[7232]: HTTP REQUEST : POST /ctl/IPConn (HTTP/1.1)
Sep  7 19:06:01 OpenWrt daemon.info miniupnpd[7232]: SOAPAction: urn:schemas-upnp-org:service:WANIPConnection:1#AddPortMapping
Sep  7 19:06:01 OpenWrt daemon.info miniupnpd[7232]: AddPortMapping: ext port 65379 to 192.168.1.16:15301 protocol UDP for: Thunder5
Sep  7 19:06:01 OpenWrt daemon.debug miniupnpd[7232]: UPnP permission rule 0 matched : port mapping accepted
Sep  7 19:06:01 OpenWrt daemon.info miniupnpd[7232]: redirecting port 65379 to 192.168.1.16:15301 protocol UDP for: Thunder5

查看Iptables链UPNP添加的规则:

iptables -L MINIUPNPD -nv
Chain MINIUPNPD (1 references)
 pkts bytes target     prot opt in     out     source               destination         
26245   18M ACCEPT     tcp  --  *      *       0.0.0.0/0            192.168.1.16        tcp dpt:65379 
18182 4423K ACCEPT     udp  --  *      *       0.0.0.0/0            192.168.1.16        udp dpt:15301 
iptables -t nat -L MINIUPNPD -nv
Chain MINIUPNPD (1 references)
 pkts bytes target     prot opt in     out     source               destination         
  676 61598 DNAT       tcp  --  *      *       0.0.0.0/0            0.0.0.0/0           tcp dpt:65379 to:192.168.1.16:65379 
  316 22320 DNAT       udp  --  *      *       0.0.0.0/0            0.0.0.0/0           udp dpt:65379 to:192.168.1.16:15301 
分类
最新文章
最近回复
  • opnfense: 谢谢博主!!!解决问题了!!!我之前一直以为内置的odhcp6就是唯一管理ipv6的方式
  • liyk: 这个方法获取的IPv6大概20分钟之后就会失效,默认路由先消失,然后Global IPV6再消失
  • 海运: 不好意思,没有。
  • zongboa: 您好,請問一下有immortalwrt設定guest Wi-Fi的GUI教學嗎?感謝您。
  • 海运: 恩山有很多。
  • swsend: 大佬可以分享一下固件吗,谢谢。
  • Jimmy: 方法一 nghtp3步骤需要改成如下才能编译成功: git clone https://git...
  • 海运: 地址格式和udpxy一样,udpxy和msd_lite能用这个就能用。
  • 1: 怎么用 编译后的程序在家里路由器内任意一台设备上运行就可以吗?比如笔记本电脑 m参数是笔记本的...
  • 孤狼: ups_status_set: seems that UPS [BK650M2-CH] is ...