OpenWrt / Cardbus Support on WRT54G3G

OpenWRT: Så här enkelt konfigureras brandväggen för det nya Linux interfacet. Ska det vara ppp0 eller pppo? Svaret är: 0 (noll).

OpenWrt / Cardbus Support on WRT54G3G: "(RC6) In order to setup firewall correctly (instead forwarding fails), set this nvram values:

Code:

nvram set wan_device='ppp0'
nvram set wan_ifname='ppp0'"

OpenWrtDocs/Configuration - OpenWrt

iptables - brandväggen kan behöva konfigureras för högre säkerhet. Utan iptables konfigurerad medger OpenWRT trafik genom NAT.

OpenWrtDocs/Configuration - OpenWrt: "

5.5. iptables - Firewall

The rules and some small samples for your firewall can be found in /etc/firewall.user. For RC5 and earlier if you want to make changes to this file you have to remove it first since it is actually a symlink to /rom/etc/firewall.user, see the section Editing files in OpenWrtDocs/Using.

Be sure to read the notes about the firewall rules before changing anything. The important thing to note is that if you setup port forwarding, you won't be able to see the changes inside the router's LAN. You will have to access the router from outside to verify the setup.

As of RC9 the file /etc/firewall.user reads

#!/bin/sh
# Copyright (C) 2006 OpenWrt.org
iptables -F input_rule
iptables -F output_rule
iptables -F forwarding_rule
iptables -t nat -F prerouting_rule
iptables -t nat -F postrouting_rule
# The following chains are for traffic directed at the IP of the
# WAN interface
iptables -F input_wan
iptables -F forwarding_wan
iptables -t nat -F prerouting_wan
### Open port to WAN
## -- This allows port 22 to be answered by (dropbear on) the router
# iptables -t nat -A prerouting_wan -p tcp --dport 22 -j ACCEPT
# iptables -A input_wan -p tcp --dport 22 -j ACCEPT
### Port forwarding ## -- This forwards port 8080 on the WAN to port 80 on 192.168.1.2
# iptables -t nat -A prerouting_wan -p tcp --dport 8080 -j DNAT --to 192.168.1.2:80
# iptables -A forwarding_wan -p tcp --dport 80 -d 192.168.1.2 -j ACCEPT
###DMZ ## -- Connections to ports not handled above will be forwarded to 192.168.1.2
# iptables -t nat -A prerouting_wan -j DNAT --to 192.168.1.2
# iptables -A forwarding_wan -d 192.168.1.2 -j ACCEPT

The first section, Open port to WAN shows an example of opening a port for your router running OpenWRT to listen to and accept. In the case given, it will open up port 22 and accept connections using dropbear (the SSH server). Just delete the # sign in front of the two rules to enable access.

If you wanted to open up any other ports for the router to listen to, just copy those two lines and change just the port number from 22 to something else.

The second section, Port forwarding is for accepting incoming connections from the WAN (outside the router) and sending the requests to a networked device on your LAN (inside your router).

Before setting up any port forwarding, you'll have to install some OpenWRT packages first, such as iptables-nat and ip (any others?).

In the example provided, if someone on the Internet were to connect to your router on port 8080, it would forward them to port 80 on whatever computer / device had the IP address of 192.168.1.2.

If you are running a webserver on that address, and want to listen on port 80 instead, change the 8080 on the first line.

The same is true for any other ports you'd want to forward to your LAN. Just follow the example as a guide.

The last section, DMZ is sending all connections to a port not specified in the rules above to a certain IP address. If you do decide to use this, it would be a good idea to have a firewall managing the ports on the destination. The DMZ can be considered a simple way to let another computer handle the firewall rules, if you don't want to configure them on OpenWRT and at the same time you want to send all connections to one device.

Once you're finished making changes to your firewall, restart it by running the init script:

/etc/init.d/S45firewall restart

Remember to test the changes outside your LAN! Finally, if you wish to dig deeper into how iptables work under the rule/chain structure of OpenWRT, see OpenWrtDocs/IPTables
"

WRT54GL+asterisk - VoIP-Forum.se

WRT54GL+asterisk - VoIP-Forum.se: "
Jag har lagt in följande i /etc/firewall.user (förutom det som redan står där):
iptables -t nat -A prerouting_rule -i $WAN -p tcp --dport 80 -j ACCEPT
iptables -A input_rule -i $WAN -p tcp --dport 80 -j ACCEPT
iptables -t nat -A prerouting_rule -i $WAN -p tcp --dport 22 -j ACCEPT
iptables -A input_rule -i $WAN -p tcp --dport 22 -j ACCEPT
iptables -t nat -A prerouting_rule -i $WAN -p udp --dport 5060 -j ACCEPT
iptables -A input_rule -i $WAN -p udp --dport 5060 -j ACCEPT
iptables -t nat -A prerouting_rule -i $WAN -p udp --dport 10000:20000 -j ACCEPT
iptables -A input_rule -i $WAN -p udp --dport 10000:20000 -j ACCEPT
iptables -t nat -A prerouting_rule -i $WAN -p udp --dport 4569 -j ACCEPT
iptables -A input_rule -i $WAN -p udp --dport 4569 -j ACCEPT
iptables -t nat -A prerouting_rule -i $WAN -p udp --dport 5036 -j ACCEPT
iptables -A input_rule -i $WAN -p udp --dport 5036 -j ACCEPT
iptables -t nat -A prerouting_rule -i $WAN -p udp --dport 2727 -j ACCEPT
iptables -A input_rule -i $WAN -p udp --dport 2727 -j ACCEPT

Använd ett ordentligt password för det här öppnar väl lite för mycket egentligen.. (port 22 och 80 behövs inte för telefonin)

Det fungerar att koppla upp utifrån. Däremot måste jag använda intern ip-adress 192.168.1.1 för att koppla upp inifrån till IAX2. Och extern för att koppla upp utifrån. Med SIP har jag inte det problemet och annars är jag nöjd. Transcoding är iofs lite långsam på routern...

Quality of service vill du säkert också ha, så här gjorde jag med det:
Så här har jag försökt:

1. Följ guiden här: http://wiki.openwrt.org/Faq#head-a1d...83d1dfb4b761ff
2. Ladda hem http://l7-filter.sourceforge.net/lay...tocols/sip.pat till /etc/l7-protocols
3. Det står sen (i guiden från punkt 1) att man ska editera '/etc/config/qos-wan', jag hittar bara '/etc/config/qos' hos mig. Jag antar att det ändå är i den jag ska pilla..
4. Lägg till direkt under # RULES:
# RULES:
config classify
option target 'Priority'
option layer7 'sip'
5. Starta om routern eller kör 'ifdown wan && ifup wan'

Man skulle nästan göra en liten wiki-guide någonstans med detta... Det är ju skitbra! :-)"

HowTo configure iptables - SIPfoundry sipx, The Open Source SIP PBX for Linux - Calivia

HowTo configure iptables - SIPfoundry sipx, The Open Source SIP PBX for Linux - Calivia: "Using SIP conntrack/NAT

Load the modules

modprobe ip_conntrack_sip ip_nat_sip

Set IPtables filter rules

iptables -A INPUT -m state --state ESTABLISHED,RELATED -j ACCEPT
iptables -A INPUT -p udp --dport 5060 -j ACCEPT

Set IPtables NAT rules

iptables -A FORWARD -o eth0 -p udp --dport 5060 -j ACCEPT
iptables -t nat -A POSTROUTING -o eth0 -j SNAT --to-source ip.add.dr.ess

[edit] "

SER Milkfish [Arkiv] - VoIP-Forum.se

SER Milkfish [Arkiv] - VoIP-Forum.se: "Körde du udp 5060?

Nu fungerar nästan allt (iaxuppkopplingen måste dock göras via lan-ip hemma och via wan-ip utanför) som önskvärt.
Jag har lagt in följande i firewall.user (ge gärna synpunkter på säkerhetsrisker):

iptables -t nat -A prerouting_rule -i $WAN -p tcp --dport 80 -j ACCEPT
iptables -A input_rule -i $WAN -p tcp --dport 80 -j ACCEPT

iptables -t nat -A prerouting_rule -i $WAN -p tcp --dport 22 -j ACCEPT
iptables -A input_rule -i $WAN -p tcp --dport 22 -j ACCEPT

iptables -t nat -A prerouting_rule -i $WAN -p udp --dport 5060 -j ACCEPT
iptables -A input_rule -i $WAN -p udp --dport 5060 -j ACCEPT

iptables -t nat -A prerouting_rule -i $WAN -p udp --dport 10000:20000 -j ACCEPT
iptables -A input_rule -i $WAN -p udp --dport 10000:20000 -j ACCEPT

iptables -t nat -A prerouting_rule -i $WAN -p udp --dport 4569 -j ACCEPT
iptables -A input_rule -i $WAN -p udp --dport 4569 -j ACCEPT

iptables -t nat -A prerouting_rule -i $WAN -p udp --dport 5036 -j ACCEPT
iptables -A input_rule -i $WAN -p udp --dport 5036 -j ACCEPT

iptables -t nat -A prerouting_rule -i $WAN -p udp --dport 2727 -j ACCEPT
iptables -A input_rule -i $WAN -p udp --dport 2727 -j ACCEPT"

Have you successfully backed up the Casino Royale?

Have you successfully backed up the Casino Royale?: "you have to set DVDDecrypter to 'cycle the drive on read error'."

OpenWrt / WRTSL54GS

OpenWrt / WRTSL54GS: " cptdondo wrote:

If someone has a working config for RC5 for this router, could you please post your NVRAM values for lan and wan settings?

Code:

et0mdcport=0
et0phyaddr=30
et1mdcport=1
et1phyaddr=5
lan_ifname=eth0
lan_ifnames=vlan0 eth1 eth2
lan_ipaddr=192.168.1.1
lan_netmask=255.255.255.0
lan_proto=static
old_ifname=eth1
old_ipaddr=192.168.33.99
old_netmask=255.255.255.0
old_proto=static
vlan0hwname=et0
vlan0ports=0 1 2 3 5u
vlan1hwname=et0
vlan1ports=4 5
wan_device=vlan1
wan_hostname=sl
wan_ifname=eth2
wan_proto=dhcp
wl0_akm=none
wl0_channel=1
wl0_closed=0
wl0_ifname=eth2
wl0_infra=1
wl0_mode=sta
wl0_radio=1
wl0_ssid=XXXXX
wl0_wep=disabled
wl0gpio2=0
wl0gpio3=0
wl0id=0x4320

I run my 'SL' in wireless client mode. I have the switch set up to DHCP clients and the 'OLD WAN' port set up as a static ip extra door.

Mike (mrdvt92)"

OpenWrt / Cardbus Support on WRT54G3G

Lars ringde och undrade om WAN-access via USB. Åtminstone en WRT-router har USB-port, nämligen följande.

OpenWrt / Cardbus Support on WRT54G3G: "To RUok:

I am interested, but took a different path. I used a WRTSL54GS unit. The SL has a USB port so I simply attached my cellphone via USB. From there it's just a matter of some PPP chat scripts. Not as elegant and self-contained as a card in the router. But it works.

To mikino:
Search for 'web proxy' on the forums. There are several programs if all you want is basic proxy functions without caching of content."

International Press Telecommunications Council - Wikipedia, the free encyclopedia

International Press Telecommunications Council - Wikipedia, the free encyclopedia: "In particular, the IPTC defined a set of metadata attributes that can be applied to images. These were defined originally in 1979, and revised significantly in 1991 to be the 'Information Interchange Model' (IIM), but the concept really advanced in 1994 when Adobe defined a specification for actually embedding the metadata into digital image files - known as 'IPTC headers.' IPTC Headers can be embedded into JPEG/Exif or TIFF formatted image files.

In 2001, Adobe introduced something called 'Extensible Metadata Platform' (XMP), which is an XML schema for the same types of metadata as IPTC, but is based on XML/RDF, and is therefore inherently extensible. The effort spawned a collaboration with the IPTC itself, eventually producing the 'IPTC Core Schema for XMP,' which merges the two approaches to embedded metadata. The XMP specification describes techniques for how to embed the metadata in JPEG, TIFF, JPEG2000, GIF, PNG, HTML, PostScript, PDF, SVG, Adobe Illustrator, and DNG files. Recent versions of all the main Adobe software products, (Photoshop, Illustrator, Acrobat, Framemaker, etc.) support XMP, as do an increasing number of third-party tools."

OpenWrt / Cardbus Support on WRT54G3G

Att installera OpenWRT med X-WRT ( Milestone-2.75) var en barnlek. Med hjälp av följande anvisning fungerade 3G-supporten också.

OpenWrt / Cardbus Support on WRT54G3G: "after uplading x-wrt image , the following packages must be installes in router (for nozomi):

kmod-pcmcia_2.4.30-brcm-5_mipsel.ipk
kmod-pcmcia-serial_2.4.30-brcm-5_mipsel.ipk
pcmcia-utils_3.2.8-1_mipsel.ipk
kmod-nozomi_2.4.30-brcm-1_mipsel.ipk
chat_2.4.3-7_mipsel.ipk
comgt_0.3-1_mipsel.ipk
"

OpenWrt / Cardbus Support on WRT54G3G

WRT-routern levererades idag. Hade riktig nytta av följande båda inlägg för att E600-kortet skulle fungera med OpenWRT (Whiterussian).

OpenWrt / Cardbus Support on WRT54G3G:

"Hi all,

I have been using RC6 with Option GTmax / T-Mobile Germany (butterfly antenna).
This is what to do:

Code:

# 1. Flash your router with supplied firmware image (RC6)

# 2. Update ipkg and install required packages
ipkg update
ipkg install http://ftp.berlios.de/pub/xwrt/webif_latest_stable.ipk
ipkg install kmod-pcmcia kmod-pcmcia-serial pcmcia-utils kmod-nozomi chat comgt
reboot

# 3. Set your UMTS settings (Example: T-Mobile Germany)
# These values could also set by using x-wrt webif!!!
nvram set wan_proto="wwan"
nvram set wwan_service="umts_first"
nvram set wwan_country="de"
nvram set wwan_apn="internet.t-mobile"
nvram set wwan_username="tm"
nvram set wwan_passwd="tm"
nvram set wan_ifname="ppp0"
nvram set wwan_pincode="****"

# forwarding (see later in thread)
nvram set wan_device='ppp0'
nvram set wan_ifname='ppp0'

nvram commit

# add "noipdefault" to /etc/ppp/options !!"

"Hi, all.

I have been googling but could not solve th issue, so I let this post here. Maybe someone may help...

I do own a novatel merlin u740, and I have installed the RC6 on my WRT54G3G.
Everything went right.
I installed these packages:
kmod-pcmcia_2.4.30-brcm-5_mipsel.ipk
kmod-pcmcia-serial_2.4.30-brcm-5_mipsel.ipk
pcmcia-utils_3.2.8-1_mipsel.ipk
chat_2.4.3-7_mipsel.ipk
comgt_0.3-1_mipsel.ipk
kmod-ohci*.ipk and kmod_usb* (not all)

I have updated the file with
card 'Novatel bla bla u740'
manfid 0x1440, 0x1400
bind 'serial_cs', etc, etc

I can see at the usb 'log' that the card is detected, (and also when i plug for example an usb pen, the pen is detected).

I know some AT commands to 'start' the u740 with, for example hyperterminal from windows.

My (maybe stupid) question, from a noobie is, how do I setup OpenWrt in order to 'allow' connections, since i must use is as a normal serial modem?

thanks in advance"