Difference between revisions of "Setting up a gateway on OpenWRT"

From ARDC
Jump to navigation Jump to search
Line 17: Line 17:
 
  '''# ./etc/config/ampr-ripd -p <PASSWORD> -t 44 -a <44.xxx.xxx.xxx/xx>'''
 
  '''# ./etc/config/ampr-ripd -p <PASSWORD> -t 44 -a <44.xxx.xxx.xxx/xx>'''
 
  ip route add default dev tunl0 via '''<AMPRGW>''' onlink table 44
 
  ip route add default dev tunl0 via '''<AMPRGW>''' onlink table 44
  ip route add '''<44.xxx.xxx.xxx/xx>''' src '''<44.xxx.xxx.xxx>''' dev '''<br-amprnet>''' table 44
+
  ip rule add to '''<44.xxx.xxx.xxx/xx>''' table main priority 44
  ###OPTIONAL FOR LAN###
+
#OPTIONAL LAN ### ip rule add from '''<44.xxx.xxx.xxx/xx>''' to '''<192.168.xxx.xxx/16>''' table main priority 45
  ip route add 192.168.0.0/16 src 192.168.x.x dev br-lan table 44
+
ip rule add from 44.0.0.0/8 table 44 priority 46
  ###
+
  ### CREATE A BLACKHOLE ON TABLE 7777 ###
  ip rule add to 44.0.0.0/8 table 44 priority 44
+
  ip route add default dev lo src 127.0.0.1 table 7777
  ip rule add from 44.0.0.0/8 table 44 priority 45
+
  ### BLACKHOLE ALL REMAINING AMPR TRAFFIC ON TUNNEL ###
 
+
  ip rule add to 44.0.0.0/8 table 7777 priority 7777
 +
   
 
* create any forwarding rules
 
* create any forwarding rules

Revision as of 05:26, 15 August 2015

ampr-ripd has been compiled for Atheros 71xx

Summary

Install:

  • kmod-ipip
  • ip-full
  • ampr-ripd to /etc/config/ (always run RIP44 software in console mode FIRST after installation to verify execution and obtain the password, the execution of the file is commented-out below)
  • a bridge interface to tunl0 and a new VLAN, adding it to it's own firewall zone
  • a VLAN to any switch/trunk ports (as desired)
  • the following to Firewall > Custom Rules:
# (eth0.2 in this case is the Public-facing WAN (to allow IPENCAP traffic), read your OpenWRT hardware Wiki for your specific model 
ifconfig tunl0 mtu 1480 up
iptables -t filter -I INPUT -p 4 -i eth0.2 -j ACCEPT
# ./etc/config/ampr-ripd -p <PASSWORD> -t 44 -a <44.xxx.xxx.xxx/xx>
ip route add default dev tunl0 via <AMPRGW> onlink table 44
ip rule add to <44.xxx.xxx.xxx/xx> table main priority 44
#OPTIONAL LAN ### ip rule add from <44.xxx.xxx.xxx/xx> to <192.168.xxx.xxx/16> table main priority 45
ip rule add from 44.0.0.0/8 table 44 priority 46
### CREATE A BLACKHOLE ON TABLE 7777 ###
ip route add default dev lo src 127.0.0.1 table 7777
### BLACKHOLE ALL REMAINING AMPR TRAFFIC ON TUNNEL ###
ip rule add to 44.0.0.0/8 table 7777 priority 7777

  • create any forwarding rules