海运的博客

此内容被密码保护

发布时间:July 15, 2012 // 分类:OpenWrt // 4 Comments

请输入密码访问

修改PPPOE配置解决ADSL频繁掉线问题

发布时间:May 5, 2012 // 分类:OpenWrt // No Comments

使用迅雷下载的时候openwrt老是掉线,查看ppp日志:

May  5 07:02:05 OpenWrt daemon.info pppd[23813]: No response to 5 echo-requests
May  5 07:02:05 OpenWrt daemon.notice pppd[23813]: Serial link appears to be disconnected.
May  5 07:02:05 OpenWrt daemon.info pppd[23813]: Connect time 1089.9 minutes.
May  5 07:02:05 OpenWrt daemon.info pppd[23813]: Sent 335012468 bytes, received 1671352386 bytes.
May  5 07:02:06 OpenWrt user.notice root: stopping ntpclient
May  5 07:02:12 OpenWrt daemon.notice pppd[23813]: Connection terminated.
May  5 07:02:12 OpenWrt daemon.notice pppd[23813]: Modem hangup

PPPOE客户端会每隔10秒向服务器发送echo request确认在线,5次请求未回应就认为连线有问题并断开连接。
修改配置增加和ADSL服务器交互间隔:

vim /etc/ppp/options
lcp-echo-interval 30 #发送间隔秒
lcp-echo-failure 15 #15次未响应断开

Openwrt/Linux安装squid做透明代理缓存服务器

发布时间:April 21, 2012 // 分类:Squid,OpenWrt,Linux服务 // 3 Comments

安装Squid:

opkg update
opkg install squid
cd /etc/squid
mv squid.conf squid.conf.back
vim squid.conf

配置文件:

visible_hostname proxy.www.haiyun.me #主机名
cache_mgr onovps@www.haiyun.me #管理员邮箱
http_port 3128 transparent #监听端口3128,透明代理
icp_port 0 #单机模式
dns_nameservers 192.168.1.1 #DNS
#cache_effective_user squid #运行用户
#cache_effective_group squid #运行用户组
pid_filename /tmp/squid.pid #pid文件
error_directory /usr/share/squid/errors/Simplify_Chinese #错误提示文件
emulate_httpd_log on #开启httpd日记格式
#logformat log %>a %ui %un [%tl] "%rm %ru HTTP/%rv" %Hs %<st "%{Referer}>h" "%{User-Agent}>h" %Ss:%Sh #自定义日记模式
cache_access_log /mnt/log/access.log #日记路径
cache_log none #无cache日记
cache_store_log none #无store日记
cache_dir ufs /mnt/cache/ 2048 16 256 #硬盘缓存2G,一级目录16,二级目录256
cache_mem 16 MB #内存缓存16M
cache_swap_low 90
cache_swap_high 95
minimum_object_size 0 KB #最小缓存不限制
maximum_object_size 4096 KB #最大缓存4M
cache_vary on #开启vary缓存
connect_timeout 1 minute #连接超时1分
request_timeout 1 minutes #请求超时1分

acl QUERY urlpath_regex -i cgi-bin \?
cache deny QUERY #不缓存cgin-bin

acl bt url_regex -i ^http://.*\.torrent$
http_access deny bt    #禁止下载torrent
acl files urlpath_regex -i "/etc/squid/files.txt" #过滤下载文件后缀
acl sites dstdom_regex "/etc/squid/sites.txt"   #过滤特定网址
acl keys url_regex -i "/etc/squid/keys.txt"  #过滤特定关键词
acl nocache_sites dstdom_regex "/etc/squid/nocache_sites.txt" #指定不缓存网址
acl nocache_files urlpath_regex -i "/etc/squid/nocache_files.txt" #指定不缓存文件后缀
http_access deny files             
http_access deny sites
http_access deny keys   
cache deny nocache_sites
cache deny nocache_files

acl all src 0.0.0.0/0.0.0.0 
acl manager proto cache_object
acl localhost src 127.0.0.1/255.255.255.255
acl localnet src 192.168.1.0/255.255.255.0
acl SSL_ports port 443 563 10000
acl Safe_ports port 80 21 443 56370 210 1025-65535 280 488 591

http_access allow manager localhost
http_access deny manager
http_access allow localnet
http_access deny all

#acl apache rep_header Server ^Apache
broken_vary_encoding allow all #开启压缩
header_access X-Forwarded-For deny all #禁止 X-Forwarded头
header_access HTTP_VIA deny all   #禁止HTTP_VIA
header_access Via deny all #禁止Via头
refresh_pattern -i \.css$ 1440 50% 129600 reload-into-ims 
refresh_pattern -i \.xml$ 1440 50% 129600 reload-into-ims
refresh_pattern -i \.htm$ 1440 90% 129600 reload-into-ims
refresh_pattern -i \.html$ 1440 90% 129600 reload-into-ims
refresh_pattern -i \.shtml$ 1440 90% 129600 reload-into-ims
refresh_pattern -i \.png$ 1440 90% 129600 reload-into-ims
refresh_pattern -i \.jpg$ 1440 90% 129600 reload-into-ims
refresh_pattern -i \.jpeg$ 1440 90% 129600 reload-into-ims
refresh_pattern -i \.gif$ 1440 90% 129600 reload-into-ims
refresh_pattern -i \.bmp$ 1440 90% 129600 reload-into-ims
refresh_pattern -i \.js$ 1440 90% 129600 reload-into-ims

refresh_pattern -i \.mp3$ 1440 50% 2880 ignore-reload
refresh_pattern -i \.wmv$ 1440 50% 2880 ignore-reload
refresh_pattern -i \.rm$ 1440 50% 2880 ignore-reload
refresh_pattern -i \.swf$ 1440 50% 2880 ignore-reload
refresh_pattern -i \.mpeg$ 1440 50% 2880 ignore-reload
refresh_pattern -i \.wma$ 1440 50% 2880 ignore-reload

refresh_pattern -i \.exe$ 1440 50% 2880 ignore-reload
refresh_pattern -i \.rar$ 1440 50% 2880 ignore-reload
refresh_pattern -i \.zip$ 1440 50% 2880 ignore-reload
refresh_pattern -i \.gz$ 1440 50% 2880 ignore-reload
refresh_pattern -i \.bz2$ 1440 50% 2880 ignore-reload
refresh_pattern -i \.7z$ 1440 50% 2880 ignore-reload

squid相关指令:

squid -k reconfigure #重置
squid -k parse  #检测配置文件
squid -k shutdown #关闭
squid -k rotate  #分割日记

Openwrt下安装squid后无init脚本,管理不方便,自己简单写了个。

#/bin/bash
#Create by www.haiyun.me
case $1 in
stop)
  squid -k shutdown
  ;;
start)
  squid
  ;;
restart)
  squid -k reconfigure
  ;;
check)
  squid -k parse
  ;;
*)
  echo "Please use restart|start|stop|check"
  ;;
esac

iptables配置:

opkg install iptables-utils iptables-mod-nat-extra
iptables -t nat -A PREROUTING -i br-lan -p tcp  --dport 80 -j REDIRECT --to-ports 3128

Openwrt安装USB驱动挂载U盘

发布时间:April 21, 2012 // 分类:OpenWrt // 2 Comments

opkg update
opkg install kmod-usb-core
opkg install kmod-usb-ohci #安装usb ohci控制器驱动
#opkg install kmod-usb-uhci  #UHCI USB控制器
opkg install kmod-usb2 #安装usb2.0
opkg install kmod-usb-storage #安装usb存储设备驱动
opkg install usbutils #安装了这个后可以用 lsusb
opkg install kmod-fs-ext2 #安装ext2分区支持
opkg install kmod-fs-ext3 #安装ext3分区格式支持组件
opkg install kmod-fs-ntfs #ntfs内核驱动
opkg install mount.ntfs-3g #挂载ntfs助手
opkg install mount-utils #挂载卸载工具
opkg install ntfs-3g #挂载NTFS
opkg install kmod-fs-vfat #挂载FAT
opkg install fdisk #硬盘分区管理工具

挂载分区:

mount -t ext2 /dev/sda1 /mnt/

开机自动挂载:

echo "/dev/sda1 /mnt/                     ext2   rw,async,noatime,nodiratime  0 0 ">> /etc/fstab

OpenWrt路由器iptables防火墙设置

发布时间:April 18, 2012 // 分类:OpenWrt // No Comments

OpenWrt自带防火墙有点复杂,自己根据需要重新配置了下iptables,可满足一般用户需求。

#/bin/bash
#OpenWrt防火墙,适用于RG100AA
#Cretaed by www.haiyun.me
iptables -F
iptables -X
iptables -Z
iptables -P INPUT   DROP
iptables -P OUTPUT  ACCEPT
iptables -P FORWARD DROP
iptables -A INPUT -i lo -j ACCEPT
iptables -A INPUT -i br-lan -j ACCEPT
#iptables -A INPUT -m string --algo bm --string "sex" -j DROP
iptables -A INPUT -m state --state RELATED,ESTABLISHED -j ACCEPT
#iptables -A FORWARD -m string --algo bm --string "sex" -j DROP
iptables -A FORWARD -i br-lan -o pppoe-wan  -j ACCEPT
iptables -A FORWARD -m state --state RELATED,ESTABLISHED -j ACCEPT
#iptables -A FORWARD -p tcp --dport 12488 -j ACCEPT
#iptables -A FORWARD -p udp --dport 12488 -j ACCEPT
iptables -t nat -F
iptables -t nat -X
iptables -t nat -Z
iptables -t nat -P PREROUTING  ACCEPT
iptables -t nat -P POSTROUTING ACCEPT
iptables -t nat -P OUTPUT      ACCEPT
iptables -t nat -A POSTROUTING -i br-lan -o pppoe-wan -j MASQUERADE
#iptables -t nat -A PREROUTING -p tcp  --dport 12488  -j DNAT --to-destination 192.168.1.6
#iptables -t nat -A PREROUTING -p udp  --dport 12488  -j DNAT --to-destination 192.168.1.6
#iptables -t mangle -F
#iptables -t mangle -X
#iptables -t mangle -Z
#iptables -t mangle -A PREROUTING  -i pppoe-wan -j TTL --ttl-inc 1
#iptables -t mangle -A POSTROUTING -o pppoe-wan -j TTL --ttl-set 128
#iptables -t mangle -A POSTROUTING -o pppoe-wan -j IPID --ipid-pace 1
#iptables -I FORWARD -p tcp --tcp-flags RST RST -j DROP 
分类
最新文章
最近回复
  • opnfense: 谢谢博主!!!解决问题了!!!我之前一直以为内置的odhcp6就是唯一管理ipv6的方式
  • liyk: 这个方法获取的IPv6大概20分钟之后就会失效,默认路由先消失,然后Global IPV6再消失
  • 海运: 不好意思,没有。
  • zongboa: 您好,請問一下有immortalwrt設定guest Wi-Fi的GUI教學嗎?感謝您。
  • 海运: 恩山有很多。
  • swsend: 大佬可以分享一下固件吗,谢谢。
  • Jimmy: 方法一 nghtp3步骤需要改成如下才能编译成功: git clone https://git...
  • 海运: 地址格式和udpxy一样,udpxy和msd_lite能用这个就能用。
  • 1: 怎么用 编译后的程序在家里路由器内任意一台设备上运行就可以吗?比如笔记本电脑 m参数是笔记本的...
  • 孤狼: ups_status_set: seems that UPS [BK650M2-CH] is ...