<div dir="ltr"><div>Hi <br></div>This is my firewall file:<br><br>config defaults<br> option syn_flood '1'<br> option input 'ACCEPT'<br> option output 'ACCEPT'<br> option forward 'REJECT'<br><br>config zone<br> option name 'lan'<br> option network 'lan'<br> option input 'ACCEPT'<br> option output 'ACCEPT'<br> option forward 'REJECT'<br><br>config zone<br> option name 'wan'<br> option network 'wan'<br> option input 'REJECT'<br> option output 'ACCEPT'<br> option forward 'REJECT'<br> option masq '1'<br> option mtu_fix '1'<br><br>config forwarding<br> option src 'lan'<br> option dest 'wan'<br><br>config rule<br> option name 'Allow-DHCP-Renew'<br> option src 'wan'<br> option proto 'udp'<br> option dest_port '68'<br> option target 'ACCEPT'<br> option family 'ipv4'<br><br>config rule<br> option name 'Allow-Ping'<br> option src 'wan'<br> option proto 'icmp'<br> option icmp_type 'echo-request'<br> option family 'ipv4'<br> option target 'ACCEPT'<br><br>config rule<br> option name 'Allow-DHCPv6'<br> option src 'wan'<br> option proto 'udp'<br> option src_ip 'fe80::/10'<br> option src_port '547'<br> option dest_ip 'fe80::/10'<br> option dest_port '546'<br> option family 'ipv6'<br> option target 'ACCEPT'<br><br>config rule<br> option name 'Allow-ICMPv6-Input'<br> option src 'wan'<br> option proto 'icmp'<br> list icmp_type 'echo-request'<br> list icmp_type 'echo-reply'<br> list icmp_type 'destination-unreachable'<br> list icmp_type 'packet-too-big'<br> list icmp_type 'time-exceeded'<br> list icmp_type 'bad-header'<br> list icmp_type 'unknown-header-type'<br> list icmp_type 'router-solicitation'<br> list icmp_type 'neighbour-solicitation'<br> list icmp_type 'router-advertisement'<br> list icmp_type 'neighbour-advertisement'<br> option limit '1000/sec'<br> option family 'ipv6'<br> option target 'ACCEPT'<br><br>config rule<br> option name 'Allow-ICMPv6-Forward'<br> option src 'wan'<br> option dest '*'<br> option proto 'icmp'<br> list icmp_type 'echo-request'<br> list icmp_type 'echo-reply'<br> list icmp_type 'destination-unreachable'<br> list icmp_type 'packet-too-big'<br> list icmp_type 'time-exceeded'<br> list icmp_type 'bad-header'<br> list icmp_type 'unknown-header-type'<br> option limit '1000/sec'<br> option family 'ipv6'<br> option target 'ACCEPT'<br><br>config include<br> option path '/etc/firewall.user'<br><br>config include 'miniupnpd'<br> option type 'script'<br> option path '/usr/share/miniupnpd/firewall.include'<br> option family 'IPv4'<br> option reload '1'<br></div><div class="gmail_extra"><br><div class="gmail_quote">On Tue, Aug 4, 2015 at 12:38 PM, Weedy <span dir="ltr"><<a href="mailto:weedy2887@gmail.com" target="_blank">weedy2887@gmail.com</a>></span> wrote:<br><blockquote class="gmail_quote" style="margin:0 0 0 .8ex;border-left:1px #ccc solid;padding-left:1ex"><p dir="ltr">Is there something wrong with the default rules for your use case?</p>
<p dir="ltr">Your WiFi interfaces are tagged LAN, things should just work.</p><div class="HOEnZb"><div class="h5">
<div class="gmail_quote">On 4 Aug 2015 00:07, "John kerry" <<a href="mailto:kerry9842@gmail.com" target="_blank">kerry9842@gmail.com</a>> wrote:<br type="attribution"><blockquote class="gmail_quote" style="margin:0 0 0 .8ex;border-left:1px #ccc solid;padding-left:1ex"><div dir="ltr"><div><div>Hi,<br><br></div>below is the /etc/config/network and /etc/config/wireless changes.<br><br><b>/etc/config/network:</b><br>config interface 'loopback'<br> option ifname 'lo'<br> option proto 'static'<br> option ipaddr '127.0.0.1'<br> option netmask '255.0.0.0'<br><br>config interface 'lan'<br> option ifname 'eth0.1 eth1'<br> option type 'bridge'<br> option proto 'static'<br> option ipaddr '192.168.1.5'<br> option netmask '255.255.255.0'<br><br>config interface 'wan'<br> option ifname 'eth0.2'<br> option proto 'dhcp'<br><br>config switch<br> option name 'eth0'<br> option reset '1'<br> option enable_vlan '1'<br><br>config switch_vlan<br> option device 'eth0'<br> option vlan '1'<br> option ports '0t 2 3 4 5'<br><br>config switch_vlan<br> option device 'eth0'<br> option vlan '2'<br> option ports '0t 1'<br><br>config switch<br> option name 'eth1'<br> option reset '1'<br> option enable_vlan '1'<br><br>config switch_vlan<br> option device 'eth1'<br> option vlan '1'<br> option ports '0 1 2 3 4 5'<br><br><br><b>/etc/config/wireless:<br><br><br>config wifi-device 'wifi0'<br> option type 'qcawifi'<br> option channel 'auto'<br> option macaddr '00:03:7f:42:06:61'<br> option hwmode '11ng'<br> option txpower '19'<br> option htmode 'HT20'<br><br>config wifi-iface<br> option device 'wifi0'<br> option network 'lan'<br> option mode 'ap'<br> option encryption 'psk2'<br> option ssid 'Test_ap_1'<br> option key </b><b>'Test_ap_1'</b><b><br><br>config wifi-device 'wifi1'<br> option type 'qcawifi'<br> option channel 'auto'<br> option macaddr '00:03:7f:42:06:62'<br> option hwmode '11na'<br> option txpower '23'<br> option htmode 'HT20'<br><br>config wifi-iface<br> option device 'wifi1'<br> option network 'lan'<br> option mode 'ap'<br> option ssid 'Test_ap_2'<br> option encryption 'psk2'<br> option key 'test_ap_2'<br>'<br></b></div><b>Thanks,<br><br></b></div><div class="gmail_extra"><br><div class="gmail_quote">On Tue, Aug 4, 2015 at 11:56 AM, David Lang <span dir="ltr"><<a href="mailto:david@lang.hm" target="_blank">david@lang.hm</a>></span> wrote:<br><blockquote class="gmail_quote" style="margin:0 0 0 .8ex;border-left:1px #ccc solid;padding-left:1ex">can you connect via a wired port?<br>
<br>
given that you've been changing /etc/config/network and /etc/config/wireless, could you show us what you ended up with there?<span><font color="#888888"><br>
<br>
David Lang</font></span><div><div><br>
<br>
On Tue, 4 Aug 2015, John kerry wrote:<br>
<br>
<blockquote class="gmail_quote" style="margin:0 0 0 .8ex;border-left:1px #ccc solid;padding-left:1ex">
Hi,<br>
<br>
I am using ar71xx OpenWrt. I have connected internet connection to WAN port<br>
and my PC to LAN. I have enabled the WiFi0. The LAN port static IP i am<br>
able to open GUI and even my mobile i connected to Wifi AP and able to open<br>
GUI in mobile. But I am not able to access internet on mobile which is<br>
connected to wifi0 AP.<br>
<br>
I have added below script under /etc/firewall.user file.<br>
iptables ...flush<br>
iptables --table nat --flush<br>
iptables --delete-chain<br>
iptables --table nat --delete-chain<br>
iptables -A FORWARD -j ACCEPT -i br-lan -o eth0.2 -m state --state NEW<br>
iptables -A FORWARD -m state --state ESTABLISHED,RELATED -j ACCEPT<br>
iptables -A POSTROUTING -t nat -o eth0.2 -j MASQUERADE<br>
echo 1 > /proc/sys/net/ipv4/ip_forward<br>
<br>
#where br-lan = LAN<br>
eth0.2 = WAN<br>
<br>
Could anyone help me to write the proper NAT rules so that able to access<br>
the internet.<br>
<br>
Thanks,<br>
<br>
On Mon, Aug 3, 2015 at 11:29 AM, John kerry <<a href="mailto:kerry9842@gmail.com" target="_blank">kerry9842@gmail.com</a>> wrote:<br>
<br>
<blockquote class="gmail_quote" style="margin:0 0 0 .8ex;border-left:1px #ccc solid;padding-left:1ex">
Hello Guys,<br>
<br>
It's working. Thanks a lot to all of you :)<br>
<br>
On Mon, Aug 3, 2015 at 10:43 AM, David Lang <<a href="mailto:david@lang.hm" target="_blank">david@lang.hm</a>> wrote:<br>
<br>
<blockquote class="gmail_quote" style="margin:0 0 0 .8ex;border-left:1px #ccc solid;padding-left:1ex">
The way to do this is to first forget about the factory reset problem and<br>
configure the AP to do what you want (including any encryption)<br>
<br>
then you can take the resulting file and put it into the build system so<br>
that it becomes the 'factory default' settings.<br>
<br>
Since you are not understanding how to configure the files from the<br>
documentation, configure them from the GUI and then look at the resulting<br>
files.<br>
<br>
David Lang<br>
<br>
<br>
On Mon, 3 Aug 2015, John kerry wrote:<br>
<br>
Hi All,<br>
<blockquote class="gmail_quote" style="margin:0 0 0 .8ex;border-left:1px #ccc solid;padding-left:1ex">
<br>
I created separate files directory and added network and wireless files<br>
and<br>
its working everything but still i am not able to use encryption wpa2.<br>
Below is the my script.<br>
config wifi-device wifi0<br>
option type qcawifi<br>
option channel auto<br>
option macaddr 00:03:7f:42:06:61<br>
option hwmode 11ng<br>
# REMOVE THIS LINE TO ENABLE WIFI:<br>
option disabled 0<br>
<br>
config wifi-iface<br>
option device wifi0<br>
option network lan<br>
option mode ap<br>
option ssid CD-1<br>
option encryption psk2<br>
option key CD-1<br>
<br>
M I doing anything wrong?<br>
<br>
Thanks,<br>
<br>
On Mon, Aug 3, 2015 at 6:40 AM, David Lang <<a href="mailto:david@lang.hm" target="_blank">david@lang.hm</a>> wrote:<br>
<br>
to make the config be there after a factory reset, you need to put the<br>
<blockquote class="gmail_quote" style="margin:0 0 0 .8ex;border-left:1px #ccc solid;padding-left:1ex">
changes into the image that you build.<br>
<br>
you already did this for /etc/config/network, do the same thing for<br>
/etc/config/wireless<br>
<br>
David Lang<br>
<br>
<br>
On Sun, 2 Aug 2015, John kerry wrote:<br>
<br>
Hi Leiten,<br>
<br>
<blockquote class="gmail_quote" style="margin:0 0 0 .8ex;border-left:1px #ccc solid;padding-left:1ex">
<br>
I have one issue, after upgrading this firmware it will load wireless<br>
configuration with this changes, actually it should load when i do<br>
factory<br>
reset.<br>
<br>
Thanks,<br>
<br>
On Sun, Aug 2, 2015 at 3:45 PM, John kerry <<a href="mailto:kerry9842@gmail.com" target="_blank">kerry9842@gmail.com</a>><br>
wrote:<br>
<br>
Hi Leiten,<br>
<br>
<blockquote class="gmail_quote" style="margin:0 0 0 .8ex;border-left:1px #ccc solid;padding-left:1ex">
<br>
Thank you so much, Its working :)<br>
<br>
On Sun, Aug 2, 2015 at 3:12 PM, N.Leiten <<a href="mailto:nickleiten@gmail.com" target="_blank">nickleiten@gmail.com</a>><br>
wrote:<br>
<br>
Hi,<br>
<br>
<blockquote class="gmail_quote" style="margin:0 0 0 .8ex;border-left:1px #ccc solid;padding-left:1ex">
<br>
Don't answer to my e-mail only, you need to add openwrt-devel<br>
maillist<br>
to<br>
CC or just answer to CC, in each case I'll receive message but also<br>
everyone could see all discussion.<br>
<br>
In email dated Воскресенье - 02 августа 2015 12:54:32 user John kerry<br>
wrote:<br>
<br>
Hi Leiten,<br>
<blockquote class="gmail_quote" style="margin:0 0 0 .8ex;border-left:1px #ccc solid;padding-left:1ex">
<br>
I have added new files under and written below :<br>
vi target/linux/ar71xx/base-files/etc/uci-defaults/wireless<br>
<br>
<br>
</blockquote>
Use index in prefix of filename to set order of execution, so it'll<br>
be<br>
like '99-wireless'.<br>
<br>
<br>
#!/bin/sh<br>
<blockquote class="gmail_quote" style="margin:0 0 0 .8ex;border-left:1px #ccc solid;padding-left:1ex">
#<br>
# Copyright (c) 2013 The Linux Foundation. All rights reserved.<br>
# Copyright (C) 2011 OpenWrt.org<br>
#<br>
<br>
[ -e /etc/config/wireless ] && exit 0<br>
<br>
<br>
</blockquote>
Here is the problem. When uci-defaults invoke scripts there's already<br>
preconfiguration done and /etc/config/wireless already exists, so<br>
your<br>
script just exit at this point. Remove this line.<br>
<br>
<br>
touch /etc/config/wireless<br>
<blockquote class="gmail_quote" style="margin:0 0 0 .8ex;border-left:1px #ccc solid;padding-left:1ex">
<br>
uci set wireless.@wifi-device[0].disabled=0;<br>
uci set system.@system[0].hostname=test_ap<br>
uci set wireless.@wifi-iface[0].mode=ap<br>
uci set wireless.@wifi-iface[0].ssid=CD-2.4D<br>
uci set wireless.@wifi-iface[0].encryption=none<br>
uci set wireless.@wifi-iface[0].wds=1<br>
uci set wireless.radio0.disabled=0<br>
<br>
uci commit wireless<br>
<br>
exit 0<br>
<br>
and compile the source code using make V=s but still not changed<br>
default<br>
settings.<br>
<br>
Please help me to make it works.<br>
<br>
Thanks,<br>
<br>
<br>
On Sat, Aug 1, 2015 at 4:38 PM, N.Leiten <<a href="mailto:nickleiten@gmail.com" target="_blank">nickleiten@gmail.com</a>><br>
wrote:<br>
<br>
You can also use uci-defaults mechanism for your purpose. Just put<br>
<br>
<blockquote class="gmail_quote" style="margin:0 0 0 .8ex;border-left:1px #ccc solid;padding-left:1ex">
script in base-files/etc/uci-defaults and set your preferrable<br>
parameters with uci and don't forget to 'exit 0' at the end of<br>
script,<br>
in elsecase it'll be run every time at boot ruining changes.<br>
<br>
2015-07-31 12:08 GMT+03:00 John kerry <<a href="mailto:kerry9842@gmail.com" target="_blank">kerry9842@gmail.com</a>>:<br>
<br>
Hi,<br>
<blockquote class="gmail_quote" style="margin:0 0 0 .8ex;border-left:1px #ccc solid;padding-left:1ex">
<br>
I am working on Ar71xx openWRT Luci project. By default the Wi-Fi<br>
is<br>
disabled and SSID is OpenWrt. I need to change the default<br>
settings.<br>
Could anyone help me to change the default settings.<br>
<br>
<br>
Best Regards,<br>
John<br>
<br>
_______________________________________________<br>
openwrt-devel mailing list<br>
<a href="mailto:openwrt-devel@lists.openwrt.org" target="_blank">openwrt-devel@lists.openwrt.org</a><br>
<a href="https://lists.openwrt.org/cgi-bin/mailman/listinfo/openwrt-devel" rel="noreferrer" target="_blank">https://lists.openwrt.org/cgi-bin/mailman/listinfo/openwrt-devel</a><br>
<br>
_______________________________________________<br>
<br>
</blockquote>
openwrt-devel mailing list<br>
<a href="mailto:openwrt-devel@lists.openwrt.org" target="_blank">openwrt-devel@lists.openwrt.org</a><br>
<a href="https://lists.openwrt.org/cgi-bin/mailman/listinfo/openwrt-devel" rel="noreferrer" target="_blank">https://lists.openwrt.org/cgi-bin/mailman/listinfo/openwrt-devel</a><br>
<br>
_______________________________________________<br>
<br>
</blockquote>
openwrt-devel mailing list<br>
</blockquote>
<a href="mailto:openwrt-devel@lists.openwrt.org" target="_blank">openwrt-devel@lists.openwrt.org</a><br>
<a href="https://lists.openwrt.org/cgi-bin/mailman/listinfo/openwrt-devel" rel="noreferrer" target="_blank">https://lists.openwrt.org/cgi-bin/mailman/listinfo/openwrt-devel</a><br>
<br>
<br>
<br>
</blockquote>
<br>
<br>
</blockquote></blockquote></blockquote></blockquote></blockquote>
<br>
</blockquote>
</blockquote>
</div></div></blockquote></div><br></div>
</blockquote></div>
</div></div></blockquote></div><br></div>