Custom firmware w. Asus WL-500W

Mobile WLAN and UMTS Router

I bought the router Asus WL-500W in order to have it run OpenWRT Kamikaze 7.09 as a replacement for my previous Linksys WRT54G3G, which is still used in another location. The WRT54G3G has no USB ports but a CardBus slot, which contains a Huawei E600 UMTS (no HSDPA) adapter. The E600 serves the WAN port of the WRT54G3G running the Kamikaze 7.09 brcm-2.4 port since I was unable to get the WRT54G3G WLAN to work with the 2.6 kernel (brcm47xx port). This is a wellknown problem which is due to the chipset manufacturer Broadcom not releasing the source code for their proprietary WLAN driver for the Linux 2.6 kernel. (Actually, I believe it's the driver's Hardware Abstraction Layer - HAL- which is needed. Work is currently in progress in the open source community on alternative drivers, i.e. b43. The alternative drivers as of today, March 2009, are reported to work with some brcm chipsets, but according to my findings they do not yet work satisfactorily with the Broadcom WLAN chipsets in WRT54G3G (BCM4712 - 802.11g) and WL500W (BCM4321 - 802.11N-draft).

So, the new WL500W, which has two USB ports, is supposed to make use of a Huawei E220 UMTS (HSDPA) Modem, a dongle for WAN. This may not be altogether unproblematic, since the Linux 2.4 kernel has no built in support for USB modems. This was introduced in the 2.6 kernel with version 2.6.19 I believe. (http://wiki.debian.org/Huawei/E220: "E220 is supported natively in Linux kernels 2.6.20 and later, using the usbserial.ko (usbserial-generic interface) module. - Also usb_storage.ko is aware of HUAWEI E220 modem and no further action needs to be taken.")

I have experimented with a few of the open source firmwares for the WL-500W, but all seem to have their own shortcomings:

1. Koppel: www.koppel.cz/cdmawifi, versions 1.69 and 1,71. Based on the wellrespected Oleg firmwares (latest stable subversion "10") for the Asus WL-500 series of routers, which are based on stock Asus firmware and extensively modified with bugfixes. The Koppel modifications are done to get the WAN port use UMTS adapters and are developed by a czech gentleman by the name of Jiri Engelthaler. Based on the 2.4 kernel.

Koppel works very well on the WL-500W, both WAN (UMTS) and WLAN (brcm). The only caveat I have found are firewall issues, which remain from the Oleg firmware. It seems that the "A" directive in iptables is not working. I am unaware of any firewall rules with port-forwarding of SIP ports, which my setup requires, based on other than the "A" directive so the firewall doesn't work for med. The firewall is iptables with a web interface aswell as a post-firewall script. I was unable to configure the router for good and efficient use including asterisk (SIP) behind the NAT firewall.

2. Alpha versions of the Oleg firmwares can be found on Google Gode. It seems that someone has continued the development of Oleg's firmware, which has not progressed for more than a year. It runs fine, at least the subversion "d" I tried, but I could not get WAN to work with E220. No reference to the firewall issue in the list of changes.

3. Asus has brought out a new firmware for the WL-500W, version 2.0.0.6. I heard that the issues of the previous versions, corrected by Oleg, remain, so I did not work very long to check whether the E220 could be made to work. Certainly, it does not work out of the box.

4. X-WRT is a version of OpenWRT which is not a fork. It adds an improved webif configuration interface. This web interface uses some Flash memory, which is particularly limited in the WRT54G3G, only 4MB. So, only the WL-500W benefits from X-WRT if you need to install additional drivers to get E600 UMTS adapter to work. The Kamikaze 8.09 has recently been relesed, also by X-WRT, and looked fine in the brcm47xx port I tried. But i could not get the b43 driver which was installed automatically to control WLAN of the WL-500W. The mini-PCI card was not recognised.

5. DD-WRT is currently under heavy development. It looks very promising, so I installed the latest V.24 pre-SP2 mega build. It seems the WL-500W can handle it with its 8MB flash, but JFFS has only 320 kb available after enableing it. So, USB storage is required. Unfortunately I could not get E220 to work and it seems difficult to get IPKG packages to work without a functional WAN port for Internet access. It's kernel 2.4.37, so USB modems need special attention.

I'm currently investigating the possiblity to install Debian on the WL-500W. This can be done, according to http://wpkg.org/Running_Debian_on_ASUS_WL-500W, but I doubt that it will be beneficial to a router. It works very well on a NSLU2 running asterisk however. If m0n0wall is lightweight enough, I guess that could be possible. But with only 32MB of RAM available, the same with NSLU2 by the way, you must be very selective with what to install. I do need iptables, vlan, dnsmasq and a sip proxy such as milkfish, which is included in DD-WRT mega and voip builds.

asterisk behind NAT: externip

SIP and One-Way Audio

Är detta anledningen? - Även jag börjar bli nojjig p g a DynDNS.

-Mikael

clipped from forum.voxilla.com

I currently have 6 on-prem extensions, 6 off-prem extensions, 9 two-way SIP service connections, one inbound only SIP service connection and one IAX2 two-way service connection. Each one of these connections came with its own portion of pain.

---

The reason my brain centers on the dyndns is this: up until about a month ago I was running my Asterisk on a Linksys WRT54GS router, which passed traffic wonderfully because the Asterisk was actually on the public side of the router and not in a DMZ or behind forwarded ports. The WRT doesn't have enough horsepower to do switching and voice processing, so I couldn't set up either an IVR function or a Voice Mail function. That led me to shift the Asterisk to a dedicated Intel box.

---

I installed Asterisk@Home (because I couldn't get Asterisk CVS to install well over Fedora Core 3 on a Pentium 200 MMX), put the Asterisk server in my router's DMZ (the same WRT with Linksys firmware) and migrated my .conf files to the new box. The box roared to life, but would not pass audio to or from FWD or any of my off-prem extensions, although every other connection worked.

---

It wasn't until I set my externip to my dyndns FQDN that I could get audio on the troubled connections, although the audio would quit every once in a while. That's when I learned to reload my sip.conf after suffering a PPPoE IP address change. Everything has been smooth ever since, which is why I have been fixated on that part of the configuration.

---

Your question about ping response is simple. Unless you have forwarded the ping port (whose number escapes me) to your Asterisk box, it is your router that is responding to the ping. An easy way to confirm successful forwarding through your router is to forward port 80 (http) or 22 (ssh) through your router to the Asterisk box and see if you can reach AMP from a web browser or open a remote shell or SFTP session via an SSH client, since both of these server daemons are native to Asterisk@Home.

---

I wouldn't be so quick to change out your Asterisk version because of this problem. First of all, there's a directory /etc/asterisk/default that has clean copies of all of the .conf files should you feel you are irretrievably corrupt somewhere. Secondly, if you have other services and clients working you probably haven't screwed anything up.

Re: REPORT - Enosoft DV Processor 1.5.0

Hello, John, and thanks for taking your time.

In the meantime I have resolved the issue, which was with my XPconfiguration. Enosoft DV works fine now. Possibly, my findings may be of use to other not so competent users, so here it goes. Sorry for being lengthy.

As I indicated, I'm a first time user and have been using PPro with a Canopus capture card for some years. Now I wanted to convert a 13 GB DV-AVI file from PPro to AVC in Matroska by using Handbrake (Pre4). I thought the DV-AVI file was useless outside of PPro, and wanted Enosoft DV to convert to an intermediate DV file before Handbrake. I had previously done so using MPEG Streamclip.

Enosoft accepted the DV-AVI, but did not monitor it at all. Further processing was impossible. So I asked for this error report to be produced, and the error report production crashed the app after the email had been produced in Outlook (or Express, which I normally don't use either) but before it was sent. I managed to manually send the email to you after recovery from the crash.

I did manage to convert to DVI by using MPEG Streamclip, which is QuickTime-based. No problem here with monitoring or conversion. I tried another app by M. Paul Glagla (http://paul.glagla.free.fr/index_en.htm), DVdate 7.0.9, which simply reported that the file was not found, even after having used the File Open dialogue of the app; suspicious. Another app by M Glagla put me on the right track; ImageGrab 4.2.0. This app reported that my system was using DirectX 9 ("9 f" I believe) but had problems that some DX filters contained in quartz.dll (i e AVI splitter) were missing from my system. Bill would not let me reinstall DirectX, so I looked for an already installed tool which came with K-Lite Codec Pack a long time ago, Tweak Tool. This tool fixed DirectX/quartz.dll and removed some traces of older divx installations as a bonus. No idea why quartz.dll had been uninstalled though. Spybot S & D? Just guessing.

Now every app that relies on DX (Enosoft DV, DVdate and ImageGrab) are functional. Yours looks like a very useful app for DV editors and not too complicated for the casual user. Thank you, again.

Regards,

Mikael N

John M skrev:
> Hello,
>
> Thank you for your message.
>
> I notice from the event log (part of the overall report) that you
> manually triggered the report. When this happens, the software mimicks
> an application crash to force Windows to call the software's error
> handling. Once you have generated a report, it is not recommended that
> you continue using that instance of the software. i.e., close the
> program and start afresh. BTW, in your case, all of the information was
> correctly reported. Did you let the report generation process
> automatically create the email or did you send the .zip file manually?
>
> Were you generating the report for a particular reason or just curious
> to see what it contained? If you are having trouble with the software,
> please send a description of the problem.
>
> Kind regards,
>
> John M
> enosoft - high performance tools for music and video
>
> ------------------------------------------------------------------------
> *From:* Mikael N
> *Sent:* Thursday, November 06, 2008 1:13 AM
> *To:* support@enosoft.net
> *Subject:* REPORT - Enosoft DV Processor 1.5.0
>
>
> Had just loaded my first 60 min DV file, create by Adobe Premiere
> Pro 7.0. Was collecting an error log, when app crashed.

Installing OpenWRT with UMTS support

Summary with some comments, on installing and setting up OpenWRT with UMTS support

Step by step; In simplified English, by mnordlin

Install OpenWRT Kamikaze 7.09

1. Download firmware image from http://downloads.openwrt.org/kamikaze/7.09/brcm-2.4/openwrt-brcm-2.4-squashfs.trx (provided you already have kamikaze installed - install the corresponding bin file otherwise)
2. Copy firmware to /tmp folder on device.
3. Execute
root@OpenWrt:~# mtd -r write openwrt-brcm-2.4-squashfs.trx linux
4. Wait until connection breaks, which happens when installation reboots
5. Open a command window, start -> run -> cmd.
6. Attach an ethernet cable between your PC and device (you won't have access to WLAN until later on).
7. C:\Documents and Settings\Mikael>telnet 192.168.1.1 [enter]
8. Get your personal public key or create a key pair. You will probably find PUTTYgen (included with WinSCP) useful for generating your RSA key pair and pasting your public key to device in next step. The secret key will be required later on for logging in to the device.
9. Execute in telnet window, using copy and paste,
root@OpenWrt:~# echo 'ssh-rsa AAAAB3NzaC1yc2EAAAABJQAAAQEAtQl8uscy3rjAbNBdL2ATUKfHCJHB+Zh7V5aTjBLoJ7F
AOw1fnCCpzWi2yUsqbjrzVIO6tFsPODS3PRc0my9ghSxO9itmwOe0kKLYc8blNf9kcQ27upSyf
Ff5jhE5AwyqEpzmc26FPwj4Zhip+aWg1ZLaEUn/WLHLEuXHPA9lRRgtlYHqgT7Ap3D/lZ/9Rd
4zCxTKAshzjO5fEBAXyOMADYJ1G9IIaKDHkHGtb981Sraxk9f+wMbOBuyvOGJKKXHuX04X
V7dmY87AhmAaRwEPeS0gGqoEkDMeALqyt1dYKqZ+Tv58UAPakS6nM9YhOGMMY5sCWM
m/bS3XQFbrv+2qWQ== rsa-key-20080313' > /etc/dropbear/authorized_keys
(be sure to use your own public key - the one in the example is a 2048 bits RSA key in PUTTY format for SSH-2, created by mnordlin)
10. Execute
root@OpenWrt:~# cat /etc/config/dropbear | sed -e "s/'on'/'off'/" > /etc/config/dropbear
(or simply change the line to "option PasswordAuth 'off'", replacing 'on' to 'off')
11. Execute
root@OpenWrt:~# rm /etc/rc.d/S50telnet
12. Check your public key was entered correctly by displaying it, execute
root@OpenWrt:~# dropbearkey -y -f /etc/dropbear/dropbear_rsa_host_key
13. Check that ssh works (dropbear on device), and reboot. Telnet access is now disabled. The only means of accessing device is with ssh (SCP as in WinSCP), using your private key.
14. Enable WiFi/WLAN by adding '#' in front of the line 'option disabled 1', or simply removing the whole line, in /etc/config/wireless
15. Add credentials for WiFi security.
Use WPA-PSK by changing 'option encryption' from 'none' to 'psk' and adding "option key '12345678'".
Change 'OpenWrt' to 'WRT54G3G' while you're at it, should you ever get a second router.
16. Your next router won't be a WRT54G3G.
Change the hostname of the device in /etc/config/system from OpenWRT to WRT54G3G.
The command line will remain as OpenWRT until next reboot, however.

Enabling 3G/UMTS

17. Install the PCMCIA drivers; kmod-pcmcia-core and pcmcia-cs:
Copy the drivers from openwrt.org to device /tmp, then execute the ipkg install commands:
root@OpenWrt:~# ipkg install pcmcia-cs_3.2.8-1_mipsel.ipk
root@OpenWrt:~# ipkg install kmod-pcmcia-core_2.4.34-brcm-1_mipsel.ipk

18. Reboot the device without the Huawei E600.

19. Check that CardBus Controller installed fine
root@OpenWrt:~# cardctl status
Output should look like:
Socket 0:
no card

20. Insert the Huawei E600 into device and check CardBus Controller status again. Output now should look like:
Socket 0:
3.3V CardBus card
function 0: [ready]
function 1: [ready]

21. Install USB support: kmod-usb-core, kmod-usb-serial, kmod-usb-ohci (for SlugOS, use 'kernel-module-usbserial').
root@OpenWrt:~# ipkg install kmod-usb-core_2.4.34-brcm-1_mipsel.ipk
root@OpenWrt:~# ipkg install kmod-usb-serial_2.4.34-brcm-1_mipsel.ipk
root@OpenWrt:~# ipkg install kmod-usb-ohci_2.4.34-brcm-1_mipsel.ipk

22. Install 3G/UMTS support (for dialup PPP): chat, comgt.
root@OpenWrt:~# ipkg install chat_2.4.3-8_mipsel.ipk
root@OpenWrt:~# ipkg install comgt_0.32-1_mipsel.ipk

23. Modífy the WAN section of “/etc/config/network” to read:
#### WAN configuration
config interface wan
option ifname 'ppp0'
option proto '3g'
option device '/dev/usb/tts/0'
option apn 'internet.tele2.se'
option pincode '1234' (or what you have here)
option dns "130.244.127.161 130.244.127.169"

24. Modify the LAN section by adding the following both lines.
option gateway 192.168.1.1

25. Start (and optionally time) the wan interface:
root@OpenWrt:~# time ifup wan
Wireless WAN (WWAN as it was called in whiterussian) is now started. Output should look like:
ifconfig: SIOCGIFFLAGS: No such device
Trying to set PIN
PIN set successfully
Trying to set mode
Error setting WWAN mode!
real 0m 7.22s
user 0m 0.69s
sys 0m 1.17s

Update wget

26. Update wget (to avoid the segmentation fault bug)
root@OpenWrt:~# ipkg update
root@OpenWrt:~# ipkg -force-overwrite install wget

Setup DDNS

27. Create the file /etc/ppp/ip-up.d/S01dyndns (and don't forget to chmod it executable; i e 0x0755) with the following content:
#!/bin/sh
USER="user"
PASS="pass"
DOMAIN="domain.ath.cx"
registered=$(nslookup $DOMAIN|sed 's/[^0-9. ]//g'|tail -n1|sed -e's/ [0-9.]*//2' -e's/ *//')
current=$(wget -O - http://checkip.dyndns.org|sed 's/[^0-9.]//g')
[ "$current" != "$registered" ] && {
wget -O /dev/null http://$USER:$PASS@members.dyndns.org/nic/update?hostname=$DOMAIN &&
registered=$current
}
sleep 3
newip=$(wget -O - http://checkip.dyndns.org|sed s/[^0-9.]//g)
newdns=$(nslookup $DOMAIN|sed 's/[^0-9. ]//g'|tail -n1|sed -e's/ [0-9.]*//2' -e's/ *//')
echo "Set ${newip} (DNS: ${newdns}), had ${current} (DNS: ${registered})" \
| /usr/bin/logger -t ddupd

28. After a reboot, check DynDNS by running
root@OpenWrt:~#nslookup gashaga.ath.cx (<- your domain goes here)

29. Compare the ip address with the ip for ppp0 by running
root@OpenWrt:~#ifconfig
If the numbers are equal, all is fine.

Open iptables for incoming ssh

30. To open up the firewall to allow incoming connections on port 22 (the ssh port), add the following line to “/etc/config/firewall”:
accept:proto=tcp dport=22

A Masquerading SIP Proxy: siproxd

31. Install siproxd according to Hias in http://forum.openwrt.org/viewtopic.php?id=9397
Since you're running OpenWrt 7.09 (aka Kamikaze) your bridged LAN is named br-lan (br0 was whiterussian). ppp0 remains, though, even if you start your Internet interface by 'ifup wan'. You can check the names with 'ifconfig', which you used in step 29 above.

32. Change settings from 'transparent SIP proxy' to 'GS BT-100 behind NAT router running siproxd' from
http://apocalyptech.com/linux/sipnat/siproxd-pdf.htm.

QoS: L7/SIP

33. Install ipkg install qos-scripts

34. Setup QoS according to http://www.voip-forum.se/forum/showthread.php?t=601 and install sip.pat level7-filter from
http://l7-filter.sourceforge.net/layer7-protocols/protocols/sip.pat

References:

A. http://josefsson.org/grisslan/internet.html
B. http://wiki.openwrt.org/OpenWrtDocs/KamikazeConfiguration
C. http://wiki.openwrt.org/DDNSHowTo
D. http://forum.openwrt.org/viewtopic.php?pid=57925
E. http://forum.openwrt.org/viewtopic.php?id=9397
F. http://apocalyptech.com/linux/sipnat/siproxd-pdf.html
G. http://www.voip-forum.se/forum/showthread.php?t=601
H. http://l7-filter.sourceforge.net/layer7-protocols/protocols/sip.pat

Windows

Carl,

Du får låsa upp alla windowsdatorer. Ge alla windowsanvändare alla rättigheter till sina egna datorer. Gör alla windowsanvändare till medlemmar i administratörsgruppen på sin egen arbetsstation.

Vi kan ju inte göra adminstratörslösenordet publikt, för då har ju alla tillgång till grundläggande systemfunktioner. Då har vi total anarki.

Skynda, för snart kommer nästa säkerhetsuppdatering och då kan ingen jobba på kontoret innan någon har gått runt och låst upp datorerna med operatörslösenordet.

Sara kunde inte jobba eftersom lösenordet efterfrågades (utan anledning efter vad hon visste). Nu kan inte Jennifer jobba heller, för hon vill ha "Instant Messenger" som också kräver operatörslösenord. Jennifer vet - - genom Dig förmodligen - att på kontoret just nu finns bara en person med det magiska lösenordet och det är jag.

Farorna i Windows ligger inte i att användarna kan administrera sina egna datorer, utan att programmen i windows och Windows själv släpper in virus och trojaner som sedan smittar ner andra i nätverket utan att användaren är medveten om det. Jag vill inte hindra någon från att installera program som vederbörande anser behövs och tänker inte göra det. Skulle bandbredden inte räcka till för alla videosamtal och filöverföringar så får vi lösa problemet då. Det finns mer bandbredd att köpa. Jag skulle i och för sig gärna se att medvetenheten ökar, men hittills finns det inga tecken som tyder på det.

skrivarservern i korridoren har fått sig en ny IP-adress från DHCP. Jag upptäckte den av en slump; 192.168.10.100 (förut 192.168.10.123). Jag vet inte om den gamla IP-adressen är upptagen av någon ny dator. Min dator skriver nu ut på den nya IP-adressen, och tydligen också den i köket var det nån som sa. Jag har förklarat detta för Eva, som dock inte förmår att ändra IP-adressen i sin skrivardrivrutin, och kan därför inte göra den ändringen hos någon annan windowsanvändare heller.

När jag nu har lärt mig administrera Linux (Red Hat, Fedora Core och SuSE) orkar jag inte lära mig Vista också. Jag har lärt mig Windows 3.0, 3,1, 3,11, Windows 95, Windows 98, 98 SE, Windows Me, Windows 2000, Windows XP. Det får räcka för min livstid. Jag vill inte heller gå runt och knappa in operatörslösenordet varje gång som någon gammal eller ny medarbetare känner behov av att installera något nytt. - Henrik, som är Microsofts advokat på firman, säger att han inte kan byta IP-adress i Vista och kanske är det så komplicerat. Jag kan inte heller, och vill inte lära mig.

Hälsningar

Mikael

Sony vs Digital Digest, March 16th 2007

(doom9.org 2007-06-12)

mnordlin's Message:

jeanl (Jean Laroche) är skaparen av PgcEdit , samt

• MenuShrink. Use it to convert your DVD menus to still frames, and regain disc space.
• DVDSubEdit. Modify your subtitles without having to demux and remux the VOB files!
• FixVTS. Use it to normalize a badly authored VOB or DVD.

. clipped from www.doom9.org

It was Sony - the company that gave us such great things as audio CDs you cannot copy to your MiniDiscs, rootkits on our PCs, exploding notebook batteries and BD+, is also the culprit behind the takedown of RipIt4Me and FixVTS. While the proceedings appear to have been secret and the involved parties still cannot give any details, the Federal Court of Australia is keeping meticulous records. In looking through the documentation available online, we see that Sony filed a copyright lawsuit against Digital Digest on March 16th. 3 days after, the court granted the first search warrant. Looking through it reveals that they were after anything related to RipIt4Me - starting with its use, its users and ending with its development, and about circumventing Sony's ARccOS DVD corruption mechanism. Thereafter, we have orders that hint towards the secrecy of the proceedings (I'd be very interested if somebody living down there would go down to the registrar and asked to see all documentation related to the case - this cannot be done online and I live a tad bit too far away to try it myself), another search order against blutach. Then on the 30th of March, the court orders a fishing expedition on items seized at blutach's residence - looking for information on the development of RipIt4Me and any activities of anybody involved in RipIt4Me development. The order specifically mentions jeanl. Two days later, the RipIt4Me website is down an jeanl takes an extended time-out from visiting DVD backup related websites.

The final order from May 3rd also explains why there are no DVD backup forums at Digital Digest anymore - the admin has effectively been barred from providing support for any website that helps people copy DVDs.

So far so good, a few questions remain though: The case is listed in the copyright section - so how exactly can RipIt4Me infringe Sony's copyright (note that it's the arm of Sony that makes ARccOS that filed the suit, not the movie studio arm)? Towards that end, access to any filed documentation would be really useful.

Then there's the matter of any proceedings in the United States. Unlike the original case, a few minutes of searching didn't yield anything yet, but I'm not a 100% sure where to look either (admittedly, finding the proper court was a stroke of luck that Google made possible) - whether it would be in California District court, or in a district court of one of the two Sony DADC offices in the US, or Federal court (and in which circuit). If you're familiar with copyright lawsuits in the US, I'd be very interested in a chat.

Get Clipmarks - The easiest way to email text, images and videos you find on the web. It's free!

WRT54GL+asterisk - VoIP-Forum.se

WRT54GL+asterisk - VoIP-Forum.se: "Quality of service vill du säkert också ha, så här gjorde jag med det:

1. Följ guiden här: http://wiki.openwrt.org/Faq#head-a1d...83d1dfb4b761ff
2. Ladda hem http://l7-filter.sourceforge.net/lay...tocols/sip.pat till /etc/l7-protocols
3. Det står sen (i guiden från punkt 1) att man ska editera '/etc/config/qos-wan', jag hittar bara '/etc/config/qos' hos mig. Jag antar att det ändå är i den jag ska pilla..
4. Lägg till direkt under # RULES:
# RULES:
config classify
option target 'Priority'
option layer7 'sip'
5. Starta om routern eller kör 'ifdown wan && ifup wan'

OpenWrt / Cardbus Support on WRT54G3G

OpenWRT: Så här enkelt konfigureras brandväggen för det nya Linux interfacet. Ska det vara ppp0 eller pppo? Svaret är: 0 (noll).

OpenWrt / Cardbus Support on WRT54G3G: "(RC6) In order to setup firewall correctly (instead forwarding fails), set this nvram values:

Code:

nvram set wan_device='ppp0'
nvram set wan_ifname='ppp0'"

OpenWrtDocs/Configuration - OpenWrt

iptables - brandväggen kan behöva konfigureras för högre säkerhet. Utan iptables konfigurerad medger OpenWRT trafik genom NAT.

OpenWrtDocs/Configuration - OpenWrt: "

5.5. iptables - Firewall

The rules and some small samples for your firewall can be found in /etc/firewall.user. For RC5 and earlier if you want to make changes to this file you have to remove it first since it is actually a symlink to /rom/etc/firewall.user, see the section Editing files in OpenWrtDocs/Using.

Be sure to read the notes about the firewall rules before changing anything. The important thing to note is that if you setup port forwarding, you won't be able to see the changes inside the router's LAN. You will have to access the router from outside to verify the setup.

As of RC9 the file /etc/firewall.user reads

#!/bin/sh
# Copyright (C) 2006 OpenWrt.org
iptables -F input_rule
iptables -F output_rule
iptables -F forwarding_rule
iptables -t nat -F prerouting_rule
iptables -t nat -F postrouting_rule
# The following chains are for traffic directed at the IP of the
# WAN interface
iptables -F input_wan
iptables -F forwarding_wan
iptables -t nat -F prerouting_wan
### Open port to WAN
## -- This allows port 22 to be answered by (dropbear on) the router
# iptables -t nat -A prerouting_wan -p tcp --dport 22 -j ACCEPT
# iptables -A input_wan -p tcp --dport 22 -j ACCEPT
### Port forwarding ## -- This forwards port 8080 on the WAN to port 80 on 192.168.1.2
# iptables -t nat -A prerouting_wan -p tcp --dport 8080 -j DNAT --to 192.168.1.2:80
# iptables -A forwarding_wan -p tcp --dport 80 -d 192.168.1.2 -j ACCEPT
###DMZ ## -- Connections to ports not handled above will be forwarded to 192.168.1.2
# iptables -t nat -A prerouting_wan -j DNAT --to 192.168.1.2
# iptables -A forwarding_wan -d 192.168.1.2 -j ACCEPT

The first section, Open port to WAN shows an example of opening a port for your router running OpenWRT to listen to and accept. In the case given, it will open up port 22 and accept connections using dropbear (the SSH server). Just delete the # sign in front of the two rules to enable access.

If you wanted to open up any other ports for the router to listen to, just copy those two lines and change just the port number from 22 to something else.

The second section, Port forwarding is for accepting incoming connections from the WAN (outside the router) and sending the requests to a networked device on your LAN (inside your router).

Before setting up any port forwarding, you'll have to install some OpenWRT packages first, such as iptables-nat and ip (any others?).

In the example provided, if someone on the Internet were to connect to your router on port 8080, it would forward them to port 80 on whatever computer / device had the IP address of 192.168.1.2.

If you are running a webserver on that address, and want to listen on port 80 instead, change the 8080 on the first line.

The same is true for any other ports you'd want to forward to your LAN. Just follow the example as a guide.

The last section, DMZ is sending all connections to a port not specified in the rules above to a certain IP address. If you do decide to use this, it would be a good idea to have a firewall managing the ports on the destination. The DMZ can be considered a simple way to let another computer handle the firewall rules, if you don't want to configure them on OpenWRT and at the same time you want to send all connections to one device.

Once you're finished making changes to your firewall, restart it by running the init script:

/etc/init.d/S45firewall restart

Remember to test the changes outside your LAN! Finally, if you wish to dig deeper into how iptables work under the rule/chain structure of OpenWRT, see OpenWrtDocs/IPTables
"

WRT54GL+asterisk - VoIP-Forum.se

WRT54GL+asterisk - VoIP-Forum.se: "
Jag har lagt in följande i /etc/firewall.user (förutom det som redan står där):
iptables -t nat -A prerouting_rule -i $WAN -p tcp --dport 80 -j ACCEPT
iptables -A input_rule -i $WAN -p tcp --dport 80 -j ACCEPT
iptables -t nat -A prerouting_rule -i $WAN -p tcp --dport 22 -j ACCEPT
iptables -A input_rule -i $WAN -p tcp --dport 22 -j ACCEPT
iptables -t nat -A prerouting_rule -i $WAN -p udp --dport 5060 -j ACCEPT
iptables -A input_rule -i $WAN -p udp --dport 5060 -j ACCEPT
iptables -t nat -A prerouting_rule -i $WAN -p udp --dport 10000:20000 -j ACCEPT
iptables -A input_rule -i $WAN -p udp --dport 10000:20000 -j ACCEPT
iptables -t nat -A prerouting_rule -i $WAN -p udp --dport 4569 -j ACCEPT
iptables -A input_rule -i $WAN -p udp --dport 4569 -j ACCEPT
iptables -t nat -A prerouting_rule -i $WAN -p udp --dport 5036 -j ACCEPT
iptables -A input_rule -i $WAN -p udp --dport 5036 -j ACCEPT
iptables -t nat -A prerouting_rule -i $WAN -p udp --dport 2727 -j ACCEPT
iptables -A input_rule -i $WAN -p udp --dport 2727 -j ACCEPT

Använd ett ordentligt password för det här öppnar väl lite för mycket egentligen.. (port 22 och 80 behövs inte för telefonin)

Det fungerar att koppla upp utifrån. Däremot måste jag använda intern ip-adress 192.168.1.1 för att koppla upp inifrån till IAX2. Och extern för att koppla upp utifrån. Med SIP har jag inte det problemet och annars är jag nöjd. Transcoding är iofs lite långsam på routern...

Quality of service vill du säkert också ha, så här gjorde jag med det:
Så här har jag försökt:

1. Följ guiden här: http://wiki.openwrt.org/Faq#head-a1d...83d1dfb4b761ff
2. Ladda hem http://l7-filter.sourceforge.net/lay...tocols/sip.pat till /etc/l7-protocols
3. Det står sen (i guiden från punkt 1) att man ska editera '/etc/config/qos-wan', jag hittar bara '/etc/config/qos' hos mig. Jag antar att det ändå är i den jag ska pilla..
4. Lägg till direkt under # RULES:
# RULES:
config classify
option target 'Priority'
option layer7 'sip'
5. Starta om routern eller kör 'ifdown wan && ifup wan'

Man skulle nästan göra en liten wiki-guide någonstans med detta... Det är ju skitbra! :-)"

SER Milkfish [Arkiv] - VoIP-Forum.se

SER Milkfish [Arkiv] - VoIP-Forum.se: "Körde du udp 5060?

Nu fungerar nästan allt (iaxuppkopplingen måste dock göras via lan-ip hemma och via wan-ip utanför) som önskvärt.
Jag har lagt in följande i firewall.user (ge gärna synpunkter på säkerhetsrisker):

iptables -t nat -A prerouting_rule -i $WAN -p tcp --dport 80 -j ACCEPT
iptables -A input_rule -i $WAN -p tcp --dport 80 -j ACCEPT

iptables -t nat -A prerouting_rule -i $WAN -p tcp --dport 22 -j ACCEPT
iptables -A input_rule -i $WAN -p tcp --dport 22 -j ACCEPT

iptables -t nat -A prerouting_rule -i $WAN -p udp --dport 5060 -j ACCEPT
iptables -A input_rule -i $WAN -p udp --dport 5060 -j ACCEPT

iptables -t nat -A prerouting_rule -i $WAN -p udp --dport 10000:20000 -j ACCEPT
iptables -A input_rule -i $WAN -p udp --dport 10000:20000 -j ACCEPT

iptables -t nat -A prerouting_rule -i $WAN -p udp --dport 4569 -j ACCEPT
iptables -A input_rule -i $WAN -p udp --dport 4569 -j ACCEPT

iptables -t nat -A prerouting_rule -i $WAN -p udp --dport 5036 -j ACCEPT
iptables -A input_rule -i $WAN -p udp --dport 5036 -j ACCEPT

iptables -t nat -A prerouting_rule -i $WAN -p udp --dport 2727 -j ACCEPT
iptables -A input_rule -i $WAN -p udp --dport 2727 -j ACCEPT"

OpenWrt / WRTSL54GS

OpenWrt / WRTSL54GS: " cptdondo wrote:

If someone has a working config for RC5 for this router, could you please post your NVRAM values for lan and wan settings?

Code:

et0mdcport=0
et0phyaddr=30
et1mdcport=1
et1phyaddr=5
lan_ifname=eth0
lan_ifnames=vlan0 eth1 eth2
lan_ipaddr=192.168.1.1
lan_netmask=255.255.255.0
lan_proto=static
old_ifname=eth1
old_ipaddr=192.168.33.99
old_netmask=255.255.255.0
old_proto=static
vlan0hwname=et0
vlan0ports=0 1 2 3 5u
vlan1hwname=et0
vlan1ports=4 5
wan_device=vlan1
wan_hostname=sl
wan_ifname=eth2
wan_proto=dhcp
wl0_akm=none
wl0_channel=1
wl0_closed=0
wl0_ifname=eth2
wl0_infra=1
wl0_mode=sta
wl0_radio=1
wl0_ssid=XXXXX
wl0_wep=disabled
wl0gpio2=0
wl0gpio3=0
wl0id=0x4320

I run my 'SL' in wireless client mode. I have the switch set up to DHCP clients and the 'OLD WAN' port set up as a static ip extra door.

Mike (mrdvt92)"

OpenWrt / Cardbus Support on WRT54G3G

Lars ringde och undrade om WAN-access via USB. Åtminstone en WRT-router har USB-port, nämligen följande.

OpenWrt / Cardbus Support on WRT54G3G: "To RUok:

I am interested, but took a different path. I used a WRTSL54GS unit. The SL has a USB port so I simply attached my cellphone via USB. From there it's just a matter of some PPP chat scripts. Not as elegant and self-contained as a card in the router. But it works.

To mikino:
Search for 'web proxy' on the forums. There are several programs if all you want is basic proxy functions without caching of content."

OpenWrt / Cardbus Support on WRT54G3G

Att installera OpenWRT med X-WRT ( Milestone-2.75) var en barnlek. Med hjälp av följande anvisning fungerade 3G-supporten också.

OpenWrt / Cardbus Support on WRT54G3G: "after uplading x-wrt image , the following packages must be installes in router (for nozomi):

kmod-pcmcia_2.4.30-brcm-5_mipsel.ipk
kmod-pcmcia-serial_2.4.30-brcm-5_mipsel.ipk
pcmcia-utils_3.2.8-1_mipsel.ipk
kmod-nozomi_2.4.30-brcm-1_mipsel.ipk
chat_2.4.3-7_mipsel.ipk
comgt_0.3-1_mipsel.ipk
"

OpenWrt / Cardbus Support on WRT54G3G

WRT-routern levererades idag. Hade riktig nytta av följande båda inlägg för att E600-kortet skulle fungera med OpenWRT (Whiterussian).

OpenWrt / Cardbus Support on WRT54G3G:

"Hi all,

I have been using RC6 with Option GTmax / T-Mobile Germany (butterfly antenna).
This is what to do:

Code:

# 1. Flash your router with supplied firmware image (RC6)

# 2. Update ipkg and install required packages
ipkg update
ipkg install http://ftp.berlios.de/pub/xwrt/webif_latest_stable.ipk
ipkg install kmod-pcmcia kmod-pcmcia-serial pcmcia-utils kmod-nozomi chat comgt
reboot

# 3. Set your UMTS settings (Example: T-Mobile Germany)
# These values could also set by using x-wrt webif!!!
nvram set wan_proto="wwan"
nvram set wwan_service="umts_first"
nvram set wwan_country="de"
nvram set wwan_apn="internet.t-mobile"
nvram set wwan_username="tm"
nvram set wwan_passwd="tm"
nvram set wan_ifname="ppp0"
nvram set wwan_pincode="****"

# forwarding (see later in thread)
nvram set wan_device='ppp0'
nvram set wan_ifname='ppp0'

nvram commit

# add "noipdefault" to /etc/ppp/options !!"

"Hi, all.

I have been googling but could not solve th issue, so I let this post here. Maybe someone may help...

I do own a novatel merlin u740, and I have installed the RC6 on my WRT54G3G.
Everything went right.
I installed these packages:
kmod-pcmcia_2.4.30-brcm-5_mipsel.ipk
kmod-pcmcia-serial_2.4.30-brcm-5_mipsel.ipk
pcmcia-utils_3.2.8-1_mipsel.ipk
chat_2.4.3-7_mipsel.ipk
comgt_0.3-1_mipsel.ipk
kmod-ohci*.ipk and kmod_usb* (not all)

I have updated the file with
card 'Novatel bla bla u740'
manfid 0x1440, 0x1400
bind 'serial_cs', etc, etc

I can see at the usb 'log' that the card is detected, (and also when i plug for example an usb pen, the pen is detected).

I know some AT commands to 'start' the u740 with, for example hyperterminal from windows.

My (maybe stupid) question, from a noobie is, how do I setup OpenWrt in order to 'allow' connections, since i must use is as a normal serial modem?

thanks in advance"

Bl a en WRT-router har jag nu beställt, såsom ersättare för den fallerande Dovadon.

Beställda produkter

Artnr.

Benämning

Antal

Leverans

Pris

Summa inkl. moms

e1008419

Linksys 3G/UMTS Wireless Router (Vodafon

1

2007-03-31

1.619:-

1.619:-

e1156720

TViX M-4000U/TViX M-4000P

1

2007-04-02

2.190:-

2.190:-

Moms (25%) ingår med 762:-

Frakt 0:- Totalt inkl. moms 3.809:-

3G/GPRS connection on Ubuntu with a HUAWEI E600 vs 1.5 « ergonomica

Idag skickades Dovadon tillbaka till försäljaren. Genom denna notis får man emellertid ett klart intryck av att det ska gå att köra E600 under bl a Embedded Linux.

3G/GPRS connection on Ubuntu with a HUAWEI E600 vs 1.5 « ergonomica: "What was used:

* Computer with Linux Ubuntu. (Linux 2.6.12-10-386 #1 Sat Mar 11 16:13:17 UTC 2006 i686 GNU/Linux)
* pcmcia_cs installed (Ubuntu Brezzy Bager and Dapper Drake as it installed as default)
* pppconfig intalled (Ubuntu Brezzy Bager and Dapper Drake as it installed as default)
* 3G/GPRS PCMCIA card (mine is a HUAWEI E600 from Optimus - Kanguru)

"

Rix|Port80 Forum / Koppla modem V90/92 via 'Tele2 Mobilt Bredb. G3' till modempool=?

Att använda Tele2's E600 PC-Card för UMTS genom en router var inte helt enkelt, visade det sig. I ett svar på ett tips om en Dovado-router nödgades jag konstaera följande.

Rix|Port80 Forum / Koppla modem V90/92 via 'Tele2 Mobilt Bredb. G3' till modempool=?: "Tyvärr fungerar inte 'Tele2 Mobilt bredband' och PC-kortet Huawei E600 för mig tillsammans med Dovado WRG. Om jag behåller routern får jag väl se om problemet är åtgärdat i uppdateringen av firmwaren, som enligt Dovados hemsida skall komma i mitten av feb. 2007. - E600 fungerar tydligen, och Tele2 också, enligt supporten på communica.se.

Routern från Dovado kostar 4.095,- på Dustin. Vad som skiljer från en annan Linux-baserad router (som kan fås för ca 1.000 kr) är dels två telefonportar (POTS; RJ11) dels PCMCIA-slotten. Sistnämnda feature har också en Linksys router, WRT54G3G, ävenledes Linux-baserad som i Sverige (bl a på Dustin) säljs för ca 2.000,-. Då är den emellertid operatörslöst till Vodafone/Telenor). Linksys routern har alltså inga RJ11-portar för POTS över SIP. Har inte hört annat än att det ska fungera, t o m med den användarsupportade firmwaren OpenWRT.

"

Tyfon Svenska AB

Tyfon Svenska AB: "Information om trådlöst i Sörmland
23 januari 2007
Om du har beställt trådlöst bredband i Sörmland och ännu inte fått leverans läs mer information här:
Den troligaste orsaken är att mätningarna visat att du behöver en extern antenn för att få tillräcklig signalstyrka för en tjänst med god kvalitet.
Under nästa vecka kommer vi skicka ut ett förslag där du kommer kunna välja om du vill köpa en extern antenn och montera själv, om du vill ha monteringshjälp eller om du vill makulera din beställning.
Priser på extern antenn och monteringshjälp kommer att presenteras i brevet och en av anledningarna att det tagit tid att få förslaget är att vi har letat efter ett fullgott alternativ till ett bättre pris än det som fanns tillgängligt från början och det har vi nu."