Howto OpenWRT: Unterschied zwischen den Versionen
|Zeile 1:||Zeile 1:|
Aktuelle Version vom 6. April 2014, 05:34 Uhr
Howto install the OpenWRT-Firmware on a Linksys WRT54g
OpenWRT is a highly configurable firmware for the WRT54G. It provides different packages for diverse functionalities. This howto will cover the basic installation of the firmware, as well as some specific configurations.
There are several howtos for OpenWRT on the net:
The basic installation is documented on the OpenWRT homepage, in the userguide section. In most cases you can skip the part about compiling from source.
Connect to the Linksys via telnet
OpenWRT by default installs telnet on the Linksys. To access it you need a telnet client, which is installed on most Operating Systems by default. Connect your computer to one of the LAN-Ports on the back of the Linksys. To open a telnet-connection:
- on Windows: -->Startmenu-->Ausf�?¼hren--> telnet 192.168.1.1
- on MacOSX: Programme -> Dienstprogramme -> Terminal.app ausf�?¼hren. telnet 192.168.1.1
- on Linux: telnet 192.168.1.1
There is no login/pass on telnet. You can now start to configure the linksys to your demands. To close the connection do "CTRL-D"
Before you can install new software on the linksys, you will need to connect it to the internet. For this howto we will assume that you have access to the internet via a LAN. Connect the WAN-interface of the Linksys with a cable to the network. To configure the WAN-interface of the router, issue the following commands:
nvram get wan_ifname (this will print the name of the WAN interface) ifconfig <name-of-WAN-interface> xxx.xxx.xxx.xxx (put in an ip used on the LAN) route add default gw xxx.xxx.xxx.xxx (put in the ip of the gateway) echo "nameserver 184.108.40.206" >> /etc/resolv.conf (this configures the nameservers) ping subsignal.org (to test if it works, abort with CTRL-C)
Install ssh (dropbear)
Telnet is by design very insecure, a far better way of configuring the router is ssh. there is a ssh-server for OpenWRT available, its name is dropbear. you can use the "ipkg" tool to install it. login to the linksys using telnet and issue the following commands:
ipkg update ipkg install dropbear
The first command will get a currenty list of available software from the internet and the second command installs the dropbear-ssh-server.
Now you need to set the root-password:
After restarting the router you can login via ssh.
- on linux: ssh 192.168.1.1
- MacOSX: open a console, and type "ssh -l root 192.168.1.1"
- On Windows you will need a seperate ssh-client, putty is a good one. Type 192.168.1.1 into the address field, select ssh as protocol and press connect.
Login with username: root and pass: whatever you chose as root-password. If this works, you can now safely stop the insecure telnet service:
Configuring the network
In terms of hardware, the linksys (v2) has only two interfaces called eth0 and eth1. The eth0 interface is split up via so called vlan tagging which results in two additional interfaces seen by the network stack vlan0 and vlan1 so you end up having three configurable interfaces which serve different purposes.
eth1: The wireless network
vlan0: The four-port switch
vlan1: The "WAN" link, which is per default used for the internet uplink
In the standard configuration, the vlan0 and eth1 interfaces are bound together in a so called bridge (seen as br0), that is: they are seen by the upper software layers as one physical interface with one IP address. Consequently, you cannot seperate your wired network and what is connected through the wireless interface which is something you would really apreciate from a security point of view.
I'll try to show you, how you can change this and finally have two seperate interfaces with two seperate networks for which all sort of rules to shape and control network traffic can be applied.
Many options for the linksys are controlled by simple attribute=value pairs. The tool you use is called "nvram" which can be called as follows:
nvram show shows all variables set.
nvram get <attribute name> shows the value of the attribute
nvram set <name>=<value> sets the attribute <name> to the new value <value>
nvram commit writes changes to the flash disk
That said, let's split up the networks: ->nvram show | grep lan_ifnames will show all devices currently in the bridge, removing eth1 will do the trick e.g. ->nvram set lan_ifnames="eth0 vlan0"