OpenWRT notes
Atheros AR81-Based Products
Hardware Comparison
| Vendor | Product | CPU | Flash | RAM | USB | OpenWRT info | Comment |
|---|---|---|---|---|---|---|---|
| Linksys | WRT160NL | MIPS24Kc AR9132r2 400 MHz | 8 MB | 32 MB | 1 | Wiki, Forum | |
| TP-Link | WR-841N(D) v5 | ? | 4 MB | 32 MB | 0 | USB on board but unpopulated, missing DC/DC converter | |
| TP-Link | WR-941N(D) v3 | MIPS24Kc AR9132r2 400 MHz | 4 MB | 32 MB | 0 | USB on board but unpopulated, missing DC/DC converter |
Updating firmware with mtd
The TP-Link devices and the Cisco WRT160NL have the firmware in the firmware mtd partition.
mtd -r write openwrt.bin firmware
Wireless Configuration
Install CRDA
While basic wireless support works with just the wireless driver, you need the regulatory database to enable all channels that can be legally used in your country. So make sure to install the crda package.
IPTables Configuration
This section is specific to OpenWRT in that the kamikaze standard chains are explained. There must be some document in one of the OpenWRT wikis, but I couldn't easily find it.
In addition, I need EBTables in the picture as well, so a few comments on where you'd add layer 2 rules will be included.
Call Graph and Custom Rules
The OpenWRT standard rule set defines a few more or less default actions that you probably will want to keep: do not accept incoming connectins from the WAN interface (except for DHCP/bootp replies), NAT all outgoing traffic, and allow pretty much anything on the LAN interface. If you want to add your own rules to drop or allow additional things, there's a chain specifically for that. To understand which of these chains to add your rules to, look at this call graph. It is helpful to look at one of the EBTables tutorials, for example ebtables/iptables interaction or this IPTables howto. It contains a good overview of how packets traverse the various points.
mangle Table
OpenWRT does not add any chains to the mangle table. If you want to add custom rules, you can add them to any of the standard chains (PREROUTING, INPUT, FORWARD, OUTPUT, POSTROUTING).
filter Table
The filter table contains rules that determine whether packets are delivered to their intended destination, or blocked.
| Call Graph | Applies to packets |
|---|---|
| INPUT → input_rule | Addressed to this host. |
| INPUT → input → zone_lan → input_lan | Addressed to this host, received over the LAN interface. |
| INPUT → input → zone_wan → input_wan | Addressed to this host, received over the WAN interface. |
| FORWARD → forwarding_rule | Addressed to other hosts. |
| FORWARD → forward → zone_lan_forward → forwarding_lan | Addressed to other hosts, received over the LAN interface. |
| FORWARD → forward → zone_wan_forward → forwarding_wan | Addressed to other hosts, received over the WAN interface. |
| OUTPUT → output_rule | Originating from this host. |
- The bridge calls the filter:FORWARD chain for packets traversing the bridge. If you want your wireless devices to be able to talk to the wired ones and vice versa, you need to add a rule to the forwarding_rule chain, since none of the default rules match those ethernet frames:
iptables -A forwarding_lan -m physdev --physdev-is-bridged -j ACCEPT
nat Table
The nat table contains rules that modify packets before they are routed or received, and modify them after they've been sent or routed. Typically, the MASQUERADE action is used.
| Call Graph | Applies to packets |
|---|---|
| PREROUTING → zone_wan_prerouting → prerouting_wan | Just received on the WAN interface. |
| PREROUTING → zone_lan_prerouting → prerouting_lan | Just received on the LAN interface. |
| PREROUTING → prerouting_rule | Just received. |
| OUTPUT | Being transmitted. |
| POSTROUTING → postrouting_rule | About to be transmitted |
| POSTROUTING → zone_wan_nat | About to be transmitted out the WAN interface. |
raw Table
The raw table is used to mark packets that should not be tracked by the conntrack module.
| Call Graph | Applies to packets |
|---|---|
| PREROUTING → zone_wan_notrack | Just received on the WAN interface. |
| PREROUTING → zone_lan_notrack | Just received on the LAN interface. |
| OUTPUT | Being transmitted. |
Web Cam
Using mjpeg-streamer and one of the v4l video drivers, you can easily use the router as a surveilance device. For my Logitech camera, I needed:
- kmod-usb-video
- kmod-video-core
- kmod-video-uvc
- mjpg-streamer
The OpenWRT package for mjpg-streamer does not include the HTML files, so getting to see the images requires that you know the snapshot and streaming URLs. I downloaded the source tarball myself, and copied the www files into /tmp/www, and started mjpg-streamer like this:
# mjpg_streamer -o "output_http.so -p 8080 -w /tmp/www"
To directly access the image, use /?action=snapshot for a single image, or /?action=stream for an M-JPEG streamed image. mjpg-streamer also includes a Java applet to display M-JPEGs, and includes JavaScript to continously reload an image. See the source package for details
Link List
Building and installing
- OpenWRT snapshorts for ar71xx platform
- buildroot instructions
- (Old) buildroot instructions
- (Newer) trunk build instructions
Configuration
Hardware and software alternatives
