|
Size: 218
Comment:
|
Size: 5568
Comment:
|
| Deletions are marked like this. | Additions are marked like this. |
| Line 1: | Line 1: |
| <<TableOfContents>> |
|
| Line 7: | Line 9: |
| }}} | /etc/init.d/service-name start }}} == Enable SSH from WAN == Place into /etc/firewall.user: {{{#!highlight sh iptables --append input_wan --protocol tcp --dport 22 --jump ACCEPT }}} When SSH from WAN is enabled, it's probably a good idea to disable password logins via SSH (only public key authentication will be allowed): {{{#!highlight sh sed -i -e "s/'on'/'off'/" /etc/config/dropbear }}} will set PasswordAuth option to "off", making /etc/config/dropbear look like: {{{ config dropbear option PasswordAuth 'off' option Port '22' }}} == Unlock root data partition == OpenWrt sometimes does not unlock the data partition. I've particularly noticed this on the WRT54GL and OpenWrt 10.03. {{{ mtd unlock rootfs_data }}} == Increase DNS cache size == {{{ uci set dhcp.@dnsmasq[-1].cachesize=8192 uci commit dhcp }}} Or place into `/etc/config/dhcp`: {{{ config dnsmasq # ... option cachesize '8192' }}} == Use custom DNS server == Create /etc/resolv.local containing nameserver entries. Add resolv-file to dnsmasq.conf: {{{ echo resolv-file=/etc/resolv.local >> /etc/dnsmasq.conf }}} and restart dnsmasq: {{{ /etc/init.d/dnsmasq restart }}} == Useful packages == || '''Package''' || '''Use''' || || miniupnpd luci-app-upnp || Enable UPnP so ports in firewall can automatically be opened || || umdns || Lightweight Avahi/mDNS server || == IPv6 == opkg install iputils-traceroute6 # IPv6 traceroute == Statistcs and collectd == {{{#!highlight sh # Install luci statistics app, collectd, and some useful collectd modules opkg update opkg install luci-app-statistics opkg install collectd-mod-interface collectd-mod-memory collectd-mod-ping collectd-mod-rrdtool collectd-mod-wireless collectd-mod-conntrack collectd-mod-cpu collectd-mod-iptables collectd-mod-uptime opkg install luci-proto-vpnc uci get luci_statistics.collectd_interface.Interfaces uci set luci_statistics.collectd_interface.Interfaces='br-lan 6in4-henet' # wan interfaces only uci set luci_statistics.collectd_interface.Interfaces='eth1 6in4-henet' # set wireless interfaces uci get luci_statistics.collectd_iwinfo.Interfaces uci add_list luci_statistics.collectd_iwinfo.Interfaces='wlan0' uci add_list luci_statistics.collectd_iwinfo.Interfaces='wlan1' uci set luci_statistics.collectd.Interval=60 uci commit luci_statistics /etc/init.d/luci_statistics enable /etc/init.d/collectd enable }}} == Pass through SSH and Mosh for IPv6 == Into /etc/config/firewall: {{{ config rule option src 'wan' option proto 'tcp' option dest 'lan' option dest_port '22' option family 'ipv6' option target 'ACCEPT' option name 'SSH for IPv6' config rule option src 'wan' option proto 'udp' option dest 'lan' option dest_port '60000-61000' option family 'ipv6' option target 'ACCEPT' option name 'Mosh for IPv6' }}} == SQM (Smart Queue Management) to reduce Bufferbloat == {{{#!highlight sh # Remove QoS opkg remove qos-scripts luci-app-qos # Install SQM opkg install luci-app-sqm # Configure (see below) # Enable /etc/init.d/sqm start /etc/init.d/sqm enable }}} Configuration (see [[https://openwrt.org/docs/guide-user/network/traffic-shaping/sqm|SQM page on OpenWrt wiki]] for more information): {{{ config queue 'eth1' option qdisc_advanced '0' option enabled '1' option interface 'eth0' option download '250000' option upload '250000' option debug_logging '0' option verbosity '5' option qdisc 'cake' option script 'piece_of_cake.qos' option linklayer 'ethernet' option overhead '44' }}} and adjust download and upload (in kbps) appropriately. == UPnP == {{{#!highlight sh opkg install luci-app-upnp uci set upnpd.config.enabled=1 uci commit }}} == List packages installed after flash == Not 100% accurate, from https://gist.github.com/devkid/8d4c2a5ab62e690772f3d9de5ad2d978#gistcomment-2658305: {{{#!highlight sh #!/bin/sh PRECISION=6 trunk_time () { PKGTIME=$(opkg info "$1" | grep '^Installed-Time: ' | cut -f2 -d ' ') PKGTIME=${PKGTIME:0:$2} return } trunk_time busybox $PRECISION && BUILD_TIME=$PKGTIME for i in $(opkg list-installed | cut -d' ' -f1) do trunk_time $i $PRECISION if [ "$PKGTIME" != "$BUILD_TIME" ] then echo $i fi done }}} == Useful reads == [[http://tech.sybreon.com/2015/05/05/nat64dns64-on-openwrt/|Setting up NAT64 and DNS64 on OpenWRT]], for IPv6-only networks. [[http://www.jauu.net/2015/03/03/complete-openwrt-guide/|My complete OpenWrt setup guide]]. Comprehensive, from-scratch setup guide. [[https://github.com/imaginator/home-network/blob/master/build-firmware]]: git repository for storing configuration for building an OpenWrt image == Misc notes == {{{#!highlight sh # Enable cron. Edit w/ `crontab -e` /etc/init.d/cron enable /etc/init.d/cron start # set hostname uci set system.@system[0].hostname=mynewhostname uci commit system /etc/init.d/system reload }}} * SSH keys for Dropbear should be appended to `/etc/dropbear/authorized_keys` |
Contents
- Start service on boot
- Enable SSH from WAN
- Unlock root data partition
- Increase DNS cache size
- Use custom DNS server
- Useful packages
- IPv6
- Statistcs and collectd
- Pass through SSH and Mosh for IPv6
- SQM (Smart Queue Management) to reduce Bufferbloat
- UPnP
- List packages installed after flash
- Useful reads
- Misc notes
Start service on boot
OpenWrt does not have update-rc.d or chkconfig. To start a service called service-name on boot, run:
Enable SSH from WAN
Place into /etc/firewall.user:
1 iptables --append input_wan --protocol tcp --dport 22 --jump ACCEPT
When SSH from WAN is enabled, it's probably a good idea to disable password logins via SSH (only public key authentication will be allowed):
1 sed -i -e "s/'on'/'off'/" /etc/config/dropbear
will set PasswordAuth option to "off", making /etc/config/dropbear look like:
config dropbear
option PasswordAuth 'off'
option Port '22'
Unlock root data partition
OpenWrt sometimes does not unlock the data partition. I've particularly noticed this on the WRT54GL and OpenWrt 10.03.
mtd unlock rootfs_data
Increase DNS cache size
uci set dhcp.@dnsmasq[-1].cachesize=8192 uci commit dhcp
Or place into /etc/config/dhcp:
config dnsmasq
# ...
option cachesize '8192'
Use custom DNS server
Create /etc/resolv.local containing nameserver entries. Add resolv-file to dnsmasq.conf:
echo resolv-file=/etc/resolv.local >> /etc/dnsmasq.conf
and restart dnsmasq:
/etc/init.d/dnsmasq restart
Useful packages
Package |
Use |
miniupnpd luci-app-upnp |
Enable UPnP so ports in firewall can automatically be opened |
umdns |
Lightweight Avahi/mDNS server |
IPv6
opkg install iputils-traceroute6 # IPv6 traceroute
Statistcs and collectd
1 # Install luci statistics app, collectd, and some useful collectd modules
2 opkg update
3 opkg install luci-app-statistics
4 opkg install collectd-mod-interface collectd-mod-memory collectd-mod-ping collectd-mod-rrdtool collectd-mod-wireless collectd-mod-conntrack collectd-mod-cpu collectd-mod-iptables collectd-mod-uptime
5 opkg install luci-proto-vpnc
6
7 uci get luci_statistics.collectd_interface.Interfaces
8 uci set luci_statistics.collectd_interface.Interfaces='br-lan 6in4-henet'
9 # wan interfaces only
10 uci set luci_statistics.collectd_interface.Interfaces='eth1 6in4-henet'
11
12 # set wireless interfaces
13 uci get luci_statistics.collectd_iwinfo.Interfaces
14 uci add_list luci_statistics.collectd_iwinfo.Interfaces='wlan0'
15 uci add_list luci_statistics.collectd_iwinfo.Interfaces='wlan1'
16
17 uci set luci_statistics.collectd.Interval=60
18 uci commit luci_statistics
19
20 /etc/init.d/luci_statistics enable
21 /etc/init.d/collectd enable
Pass through SSH and Mosh for IPv6
Into /etc/config/firewall:
config rule
option src 'wan'
option proto 'tcp'
option dest 'lan'
option dest_port '22'
option family 'ipv6'
option target 'ACCEPT'
option name 'SSH for IPv6'
config rule
option src 'wan'
option proto 'udp'
option dest 'lan'
option dest_port '60000-61000'
option family 'ipv6'
option target 'ACCEPT'
option name 'Mosh for IPv6'
SQM (Smart Queue Management) to reduce Bufferbloat
Configuration (see SQM page on OpenWrt wiki for more information):
config queue 'eth1'
option qdisc_advanced '0'
option enabled '1'
option interface 'eth0'
option download '250000'
option upload '250000'
option debug_logging '0'
option verbosity '5'
option qdisc 'cake'
option script 'piece_of_cake.qos'
option linklayer 'ethernet'
option overhead '44'and adjust download and upload (in kbps) appropriately.
UPnP
List packages installed after flash
Not 100% accurate, from https://gist.github.com/devkid/8d4c2a5ab62e690772f3d9de5ad2d978#gistcomment-2658305:
1 #!/bin/sh
2
3 PRECISION=6
4
5 trunk_time () {
6 PKGTIME=$(opkg info "$1" | grep '^Installed-Time: ' | cut -f2 -d ' ')
7 PKGTIME=${PKGTIME:0:$2}
8 return
9 }
10
11 trunk_time busybox $PRECISION && BUILD_TIME=$PKGTIME
12
13 for i in $(opkg list-installed | cut -d' ' -f1)
14 do
15 trunk_time $i $PRECISION
16 if [ "$PKGTIME" != "$BUILD_TIME" ]
17 then
18 echo $i
19 fi
20 done
Useful reads
Setting up NAT64 and DNS64 on OpenWRT, for IPv6-only networks.
My complete OpenWrt setup guide. Comprehensive, from-scratch setup guide.
https://github.com/imaginator/home-network/blob/master/build-firmware: git repository for storing configuration for building an OpenWrt image
Misc notes
SSH keys for Dropbear should be appended to /etc/dropbear/authorized_keys
