Benutzer:Peerco: Unterschied zwischen den Versionen
Aus FunkFeuer Wiki
Peerco (Diskussion | Beiträge) (→OpenVPN tunnel) |
Peerco (Diskussion | Beiträge) (→OpenVPN tunnel) |
||
| Zeile 60: | Zeile 60: | ||
[..] | [..] | ||
| + | |||
| + | ins_nat() { | ||
| + | LANNAT= | ||
| + | case $WIFIDEV in "");;*)case $LANDEV in "");;*)if ! in_range $LANADR/$LA | ||
| + | NPRE;then | ||
| + | use_nat | ||
| + | |||
| + | # Setup alias and dest nat for an ethernet DMZ PC, e.g. | ||
| + | # 172.31.255.254 on WLAN -> DMZ PC which has 192.168.1.2 | ||
| + | # Also add to olsrd.conf: "HNA4 172.31.255.254 255.255.255.255" | ||
| + | IFS=\; | ||
| + | devnum=0 | ||
| + | for dmz in $(nvram get ff_dmz); do | ||
| + | src=${dmz%[:,]*} | ||
| + | dst=${dmz#*[:,]} | ||
| + | ip addr add dev $WIFIDEV $src/32 label $WIFIDEV:$devnum | ||
| + | iptables -t nat -I PREROUTING -d $src -j DNAT --to $dst | ||
| + | iptables -I FORWARD -s ! $LANNET/$LANPRE -d $dst -j ACCE | ||
| + | PT | ||
| + | iptables -I FORWARD -s $dst -d ! $LANNET/$LANPRE -j ACCE | ||
| + | PT | ||
| + | iptables -I OUTPUT -o lo -s $src -d $src -j ACCEPT | ||
| + | iptables -I INPUT -i lo -s $src -j ACCEPT | ||
| + | devnum=$(( $devnum + 1 )) | ||
| + | done | ||
| + | unset IFS | ||
| + | |||
| + | case $LANADR in "") | ||
| + | LANNAT=192.168.0.0/16 | ||
| + | ;;*) | ||
| + | LANNAT=$LANNET/$LANPRE | ||
| + | ;;esac | ||
| + | iptables -t nat -I POSTROUTING -o $WIFIDEV -s $LANNAT -d ! $LANN | ||
| + | AT -j MASQUERADE | ||
| + | iptables -t nat -I POSTROUTING -o tap0 -s $LANNAT -d ! $LANNAT - | ||
| + | j MASQUERADE | ||
| + | fi;;esac;;esac | ||
| + | |||
| + | # Mask packets from these WLAN DHCP clients, so they can do | ||
| + | # inet w/o OLSR unless HNA4 is to be used to accomplish this | ||
| + | case $(nvram get ff_wldhcp_hna4) in 1);;*) | ||
| + | ff_wldhcp=$(nvram get ff_wldhcp) | ||
| + | case $ff_wldhcp in "");;*) | ||
| + | use_nat | ||
| + | IFS=\; | ||
| + | for wldhcp in $ff_wldhcp; do | ||
| + | iptables -t nat -I POSTROUTING -s ${wldhcp%[:,]* | ||
| + | } -j MASQUERADE | ||
| + | done | ||
| + | unset IFS | ||
| + | ;;esac | ||
| + | ;;esac | ||
| + | case $WANDEV in "");;*)if in_range $WANADR/$WANPRE;then | ||
| + | case $LANNAT in "");;*) | ||
| + | iptables -t nat -I POSTROUTING -o $WANDEV -s $LANNAT -d | ||
| + | ! $LANNAT -j MASQUERADE | ||
| + | ;;esac | ||
| + | else | ||
| + | use_nat | ||
| + | iptables -t nat -I POSTROUTING -o $WANDEV -j MASQUERADE | ||
| + | fi;;esac | ||
| + | } | ||
[..] | [..] | ||
Version vom 28. Dezember 2010, 19:38 Uhr
Inhaltsverzeichnis
Nodes
Servers
Hardware
- WRAP Wireless Router Application Platform
Software
- Nullsoft (Streaming|S as in Soft) Video
- The Winamp TV - NSV - NullSoft Video Streaming Resource
- MPeX.net - MP3 Software, Downloads, Hardware, Anleitungen, Winamp
Docs
OpenVPN tunnel
- http://ipkg.funkfeuer.at/autoupdate/freifunk-openwrt-autoupdate-1.7.4.8-0xff-markit-full.trx
- http://ipkg.funkfeuer.at/ipkg/1.6/0xff-openvpn-webif_1.5.3_mipsel.ipk
leider ließ sich http://ipkg.funkfeuer.at/ipkg/1.7/0xff-openvpn-webif_1.7.1_mipsel.ipk nicht installieren
ipkg remove tcpdump
ipkg remove freifunk-tcpdump
ipkg install freifunk-tcpdump
root@gru3ost:~# cat /etc/init.d/S42openvpn [..] #create OpenVPN config cat>$CONFIG_DIR/$VPN_IF.conf<<EOM dev $VPN_IF proto $ff_openvpn_proto remote $ff_openvpn_host port $ff_openvpn_port ifconfig $ff_openvpn_ip $ff_openvpn_netmask route-up /etc/openvpn/openvpn-webif-route-up.sh up /etc/openvpn/openvpn-webif-if-up.sh down /etc/openvpn/openvpn-webif-if-down.sh up-restart comp-lzo script-security 2 verb 3 EOM [..]
root@gru3ost:~# cat /etc/init.d/S45firewall
[..]
ins_nat() {
LANNAT=
case $WIFIDEV in "");;*)case $LANDEV in "");;*)if ! in_range $LANADR/$LA
NPRE;then
use_nat
# Setup alias and dest nat for an ethernet DMZ PC, e.g.
# 172.31.255.254 on WLAN -> DMZ PC which has 192.168.1.2
# Also add to olsrd.conf: "HNA4 172.31.255.254 255.255.255.255"
IFS=\;
devnum=0
for dmz in $(nvram get ff_dmz); do
src=${dmz%[:,]*}
dst=${dmz#*[:,]}
ip addr add dev $WIFIDEV $src/32 label $WIFIDEV:$devnum
iptables -t nat -I PREROUTING -d $src -j DNAT --to $dst
iptables -I FORWARD -s ! $LANNET/$LANPRE -d $dst -j ACCE
PT
iptables -I FORWARD -s $dst -d ! $LANNET/$LANPRE -j ACCE
PT
iptables -I OUTPUT -o lo -s $src -d $src -j ACCEPT
iptables -I INPUT -i lo -s $src -j ACCEPT
devnum=$(( $devnum + 1 ))
done
unset IFS
case $LANADR in "")
LANNAT=192.168.0.0/16
;;*)
LANNAT=$LANNET/$LANPRE
;;esac
iptables -t nat -I POSTROUTING -o $WIFIDEV -s $LANNAT -d ! $LANN
AT -j MASQUERADE
iptables -t nat -I POSTROUTING -o tap0 -s $LANNAT -d ! $LANNAT -
j MASQUERADE
fi;;esac;;esac
# Mask packets from these WLAN DHCP clients, so they can do
# inet w/o OLSR unless HNA4 is to be used to accomplish this
case $(nvram get ff_wldhcp_hna4) in 1);;*)
ff_wldhcp=$(nvram get ff_wldhcp)
case $ff_wldhcp in "");;*)
use_nat
IFS=\;
for wldhcp in $ff_wldhcp; do
iptables -t nat -I POSTROUTING -s ${wldhcp%[:,]*
} -j MASQUERADE
done
unset IFS
;;esac
;;esac
case $WANDEV in "");;*)if in_range $WANADR/$WANPRE;then
case $LANNAT in "");;*)
iptables -t nat -I POSTROUTING -o $WANDEV -s $LANNAT -d
! $LANNAT -j MASQUERADE
;;esac
else
use_nat
iptables -t nat -I POSTROUTING -o $WANDEV -j MASQUERADE
fi;;esac
}
[..]
