OpenWRT notes: Difference between revisions
Line 69: | Line 69: | ||
* FORWARD → forward → zone_wan_forward → forwarding_wan | * FORWARD → forward → zone_wan_forward → forwarding_wan | ||
* OUTPUT → output_rule | * OUTPUT → output_rule | ||
=====input_rule===== | |||
General rules for packets addressed to this host. | |||
=====input_lan===== | |||
Rules to be applied to packets addressed to this host, received over the LAN interface. | |||
=====input_wan===== | |||
Rules to be applied to packets addressed to this host, received over the WAN interface. | |||
====''nat'' Table==== | ====''nat'' Table==== |
Revision as of 22:32, 18 December 2009
Atheros AR81-Based Products
Hardware Comparison
Vendor | Product | CPU | Flash | RAM | USB | OpenWRT info | Comment |
---|---|---|---|---|---|---|---|
Linksys | WRT160NL | MIPS24Kc AR9132r2 400 MHz | 8 MB | 32 MB | 1 | Wiki, Forum | |
TP-Link | WR-841N(D) v5 | ? | 4 MB | 32 MB | 0 | USB on board but unpopulated, missing DC/DC converter | |
TP-Link | WR-941N(D) v3 | MIPS24Kc AR9132r2 400 MHz | 4 MB | 32 MB | 0 | USB on board but unpopulated, missing DC/DC converter |
TP-Link devices
Updating firmware with mtd
mtd -r write openwrt.bin firmware
IPTables Configuration
This section is specific to OpenWRT in that the kamikaze standard chains are explained. There must be some document in one of the OpenWRT wikis, but I couldn't easily find it.
In addition, I need EBTables in the picture as well, so a few comments on where you'd add layer 2 rules will be included.
Call Graph and Custom Rules
The OpenWRT standard rule set defines a few more or less default actions that you probably will want to keep: do not accept incoming connectins from the WAN interface (except for DHCP/bootp replies), NAT all outgoing traffic, and allow pretty much anything on the LAN interface. If you want to add your own rules to drop or allow additional things, there's a chain specifically for that. To understand which of these chains to add your rules to, look at this call graph. It is helpful to look at one of the EBTables tutorials, for example ebtables/iptables interaction. It contains a good overview of how packets traverse the various points.
mangle Table
OpenWRT does not add any chains to the mangle table. If you want to add custom rules, you can add them to any of the standard chains (PREROUTING, INPUT, FORWARD, OUTPUT, POSTROUTING).
filter Table
- INPUT → input_rule
- INPUT → input → zone_lan → input_lan
- INPUT → input → zone_wan → input_wan
- FORWARD → forwarding_rule
- FORWARD → forward → zone_lan_forward → forwarding_lan
- FORWARD → forward → zone_wan_forward → forwarding_wan
- OUTPUT → output_rule
input_rule
General rules for packets addressed to this host.
input_lan
Rules to be applied to packets addressed to this host, received over the LAN interface.
input_wan
Rules to be applied to packets addressed to this host, received over the WAN interface.
nat Table
- PREROUTING → zone_wan_prerouting → prerouting_wan
- PREROUTING → zone_lan_prerouting → prerouting_lan
- PREROUTING → postrouting_rule
- POSTROUTING → prerouting_rule
- POSTROUTING → zone_wan_nat
Link List
Building and installing
- OpenWRT snapshorts for ar71xx platform
- buildroot instructions
- (Old) buildroot instructions
- (Newer) trunk build instructions
Configuration
Hardware and software alternatives