root@GL-AR750:~# ubus call system board;
{
"kernel": "4.9.120",
"hostname": "GL-AR750",
"system": "Qualcomm Atheros QCA9533 ver 2 rev 0",
"model": "GL.iNet GL-AR750",
"board_name": "gl-ar750",
"release": {
"distribution": "OpenWrt",
"version": "18.06.1",
"revision": "r7258-5eb055306f",
"target": "ar71xx\/generic",
"description": "OpenWrt 18.06.1 r7258-5eb055306f"
}
}
root@GL-AR750:~# uci export network; uci export wireless;
package network
config interface 'loopback'
option ifname 'lo'
option proto 'static'
option ipaddr '127.0.0.1'
option netmask '255.0.0.0'
config globals 'globals'
option ula_prefix 'fdfc:784f:8f39::/48'
config interface 'lan'
option type 'bridge'
option ifname 'eth1.1'
option proto 'static'
option netmask '255.255.255.0'
option ip6assign '60'
option hostname 'GL-AR750-cd6'
option ipaddr '192.168.174.1'
config interface 'wan'
option ifname 'eth0'
option proto 'dhcp'
option hostname 'GL-AR750-cd6'
option metric '10'
config interface 'wan6'
option ifname 'eth0'
option proto 'dhcpv6'
config switch
option name 'switch0'
option reset '1'
option enable_vlan '1'
config switch_vlan
option device 'switch0'
option vlan '1'
option ports '1 2 0t'
config interface 'guest'
option ifname 'guest'
option type 'bridge'
option proto 'static'
option ipaddr '192.168.9.1'
option netmask '255.255.255.0'
option ip6assign '60'
config route
option interface 'lan'
option gateway '10.8.4.0'
option target '192.168.0.0'
option netmask '255.255.255.0'
option type 'anycast'
package wireless
config wifi-device 'radio0'
option type 'mac80211'
option channel '36'
option hwmode '11a'
option path 'pci0000:00/0000:00:00.0'
option htmode 'VHT80'
option txpower '20'
option txpower_max '20'
option band '5G'
option disabled '0'
config wifi-iface 'default_radio0'
option device 'radio0'
option network 'lan'
option mode 'ap'
option encryption 'psk2'
option ifname 'wlan0'
option wds '1'
option ssid 'Rhy_VPN_5G'
option key 'Bill1895'
config wifi-device 'radio1'
option type 'mac80211'
option hwmode '11g'
option path 'platform/qca953x_wmac'
option channel '6'
option htmode 'HT40'
option noscan '1'
option txpower '20'
option txpower_max '20'
option band '2G'
option disabled '0'
config wifi-iface 'default_radio1'
option device 'radio1'
option network 'lan'
option mode 'ap'
option encryption 'psk2'
option wds '1'
option ifname 'wlan1'
option ssid 'Rhy_VPN_2.4G'
option key 'Bill1895'
config wifi-iface 'guest5g'
option device 'radio0'
option network 'guest'
option mode 'ap'
option wds '1'
option ssid 'GL-AR750-cd6-Guest-5G'
option encryption 'psk2'
option key 'goodlife'
option ifname 'wlan2'
option disabled '1'
option guest '1'
config wifi-iface 'guest2g'
option device 'radio1'
option network 'guest'
option mode 'ap'
option wds '1'
option ssid 'GL-AR750-cd6-Guest'
option encryption 'psk2'
option key 'goodlife'
option ifname 'wlan3'
option disabled '1'
option guest '1'
root@GL-AR750:~# uci export dhcp; uci export firewall;
package dhcp
config dnsmasq
option domainneeded '1'
option boguspriv '1'
option filterwin2k '0'
option localise_queries '1'
option rebind_protection '1'
option rebind_localhost '1'
option local '/lan/'
option domain 'lan'
option expandhosts '1'
option nonegcache '0'
option authoritative '1'
option readethers '1'
option leasefile '/tmp/dhcp.leases'
option resolvfile '/tmp/resolv.conf.auto'
option nonwildcard '1'
option localservice '1'
config dhcp 'lan'
option interface 'lan'
option start '100'
option limit '150'
option leasetime '12h'
option force '1'
option dhcpv6 'server'
option ra 'server'
config dhcp 'wan'
option interface 'wan'
option ignore '1'
config odhcpd 'odhcpd'
option maindhcp '0'
option leasefile '/tmp/hosts/odhcpd'
option leasetrigger '/usr/sbin/odhcpd-update'
option loglevel '4'
config dhcp 'guest'
option interface 'guest'
option start '100'
option leasetime '12h'
option limit '150'
option dhcpv6 'server'
option ra 'server'
config domain 'localhost'
option name 'console.gl-inet.com'
option ip '192.168.174.1'
package firewall
config defaults
option syn_flood '1'
option input 'ACCEPT'
option output 'ACCEPT'
option forward 'ACCEPT'
config zone
option name 'lan'
list network 'lan'
option input 'ACCEPT'
option output 'ACCEPT'
option forward 'ACCEPT'
config zone
option name 'wan'
list network 'wan'
list network 'wan6'
option output 'ACCEPT'
option forward 'REJECT'
option masq '1'
option mtu_fix '1'
option input 'REJECT'
config forwarding
option src 'lan'
option dest 'wan'
config rule
option name 'Allow-DHCP-Renew'
option src 'wan'
option proto 'udp'
option dest_port '68'
option target 'ACCEPT'
option family 'ipv4'
config rule
option name 'Allow-Ping'
option src 'wan'
option proto 'icmp'
option icmp_type 'echo-request'
option family 'ipv4'
option target 'ACCEPT'
config rule
option name 'Allow-IGMP'
option src 'wan'
option proto 'igmp'
option family 'ipv4'
option target 'ACCEPT'
config rule
option name 'Allow-DHCPv6'
option src 'wan'
option proto 'udp'
option src_ip 'fc00::/6'
option dest_ip 'fc00::/6'
option dest_port '546'
option family 'ipv6'
option target 'ACCEPT'
config rule
option name 'Allow-MLD'
option src 'wan'
option proto 'icmp'
option src_ip 'fe80::/10'
list icmp_type '130/0'
list icmp_type '131/0'
list icmp_type '132/0'
list icmp_type '143/0'
option family 'ipv6'
option target 'ACCEPT'
config rule
option name 'Allow-ICMPv6-Input'
option src 'wan'
option proto 'icmp'
list icmp_type 'echo-request'
list icmp_type 'echo-reply'
list icmp_type 'destination-unreachable'
list icmp_type 'packet-too-big'
list icmp_type 'time-exceeded'
list icmp_type 'bad-header'
list icmp_type 'unknown-header-type'
list icmp_type 'router-solicitation'
list icmp_type 'neighbour-solicitation'
list icmp_type 'router-advertisement'
list icmp_type 'neighbour-advertisement'
option limit '1000/sec'
option family 'ipv6'
option target 'ACCEPT'
config rule
option name 'Allow-ICMPv6-Forward'
option src 'wan'
option dest '*'
option proto 'icmp'
list icmp_type 'echo-request'
list icmp_type 'echo-reply'
list icmp_type 'destination-unreachable'
list icmp_type 'packet-too-big'
list icmp_type 'time-exceeded'
list icmp_type 'bad-header'
list icmp_type 'unknown-header-type'
option limit '1000/sec'
option family 'ipv6'
option target 'ACCEPT'
config rule
option name 'Allow-IPSec-ESP'
option src 'wan'
option dest 'lan'
option proto 'esp'
option target 'ACCEPT'
config rule
option name 'Allow-ISAKMP'
option src 'wan'
option dest 'lan'
option dest_port '500'
option proto 'udp'
option target 'ACCEPT'
config include
option path '/etc/firewall.user'
option reload '1'
config include 'gls2s'
option type 'script'
option path '/var/etc/gls2s.include'
option reload '1'
config include 'glfw'
option type 'script'
option path '/usr/bin/glfw.sh'
option reload '1'
config include 'glqos'
option type 'script'
option path '/usr/sbin/glqos.sh'
option reload '1'
config include 'mwan3'
option type 'script'
option path '/var/etc/mwan3.include'
option reload '1'
config zone 'guestzone'
option name 'guestzone'
option network 'guest'
option forward 'REJECT'
option output 'ACCEPT'
option input 'REJECT'
config forwarding 'guestzone_fwd'
option src 'guestzone'
option dest 'wan'
config rule 'guestzone_dhcp'
option name 'guestzone_DHCP'
option src 'guestzone'
option target 'ACCEPT'
option proto 'udp'
option dest_port '67-68'
config rule 'guestzone_dns'
option name 'guestzone_DNS'
option src 'guestzone'
option target 'ACCEPT'
option proto 'tcp udp'
option dest_port '53'
config rule 'glservice_rule'
option name 'glservice'
option dest_port '83'
option proto 'tcp udp'
option src 'wan'
option target 'ACCEPT'
option enabled '0'
root@GL-AR750:~# head -n -0 /etc/firewall.user;
force_dns() {
# lanip=$(ifconfig br-lan |sed -n 's/.*dr:\(.*\) Bc.*/\1/p')
lanip=$(uci get network.lan.ipaddr)
[ "$1" = "add" ] && {
ip=$(uci get glconfig.general.ipaddr)
[ -z "$ip" ] && ip=$(uci get network.lan.ipaddr)
iptables -t nat -D PREROUTING -s 0/0 -p udp --dport 53 -j DNAT --to $ip
iptables -t nat -D PREROUTING -s 0/0 -p tcp --dport 53 -j DNAT --to $ip
uci set glconfig.general.ipaddr=$lanip
uci commit glconfig
iptables -t nat -C PREROUTING -s 0/0 -p udp --dport 53 -j DNAT --to $lanip
[ ! "$?" = "0" ] && iptables -t nat -I PREROUTING -s 0/0 -p udp --dport 53 -j DNAT --to $lanip
iptables -t nat -C PREROUTING -s 0/0 -p tcp --dport 53 -j DNAT --to $lanip
[ ! "$?" = "0" ] && iptables -t nat -I PREROUTING -s 0/0 -p tcp --dport 53 -j DNAT --to $lanip
}
[ "$1" = "remove" ] && {
lanip=$(uci get glconfig.general.ipaddr)
[ -z "$lanip" ] && lanip=$(uci get network.lan.ipaddr)
iptables -t nat -C PREROUTING -s 0/0 -p udp --dport 53 -j DNAT --to $lanip
[ "$?" = "0" ] && iptables -t nat -D PREROUTING -s 0/0 -p udp --dport 53 -j DNAT --to $lanip
iptables -t nat -C PREROUTING -s 0/0 -p tcp --dport 53 -j DNAT --to $lanip
[ "$?" = "0" ] && iptables -t nat -D PREROUTING -s 0/0 -p tcp --dport 53 -j DNAT --to $lanip
}
}
force=$(uci get glconfig.general.force_dns)
if [ -n "$force" ]; then
force_dns add
else
force_dns remove
fi
gl-firewall
# PPTP Passthrough
iptables -t raw -D OUTPUT -p tcp -m tcp --dport 1723 -j CT --helper pptp
iptables -t raw -A OUTPUT -p tcp -m tcp --dport 1723 -j CT --helper pptp
root@GL-AR750:~# ip -4 addr ; ip -4 ro li tab all ; ip -4 ru;
1: lo: <LOOPBACK,UP,LOWER_UP> mtu 65536 qdisc noqueue state UNKNOWN group default qlen 1
inet 127.0.0.1/8 scope host lo
valid_lft forever preferred_lft forever
2: eth0: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc fq_codel state UP group default qlen 1000
inet 192.168.2.211/24 brd 192.168.2.255 scope global eth0
valid_lft forever preferred_lft forever
7: br-lan: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc noqueue state UP group default qlen 1000
inet 192.168.174.1/24 brd 192.168.174.255 scope global br-lan
valid_lft forever preferred_lft forever
11: tun0: <POINTOPOINT,MULTICAST,NOARP,UP,LOWER_UP> mtu 1500 qdisc fq_codel state UNKNOWN group default qlen 100
inet 10.8.4.134 peer 10.8.4.133/32 scope global tun0
valid_lft forever preferred_lft forever
default via 192.168.2.1 dev eth0 table 1
default via 192.168.2.1 dev eth0 proto static src 192.168.2.211 metric 10
10.8.4.0/24 via 10.8.4.133 dev tun0
10.8.4.133 dev tun0 proto kernel scope link src 10.8.4.134
192.168.2.0/24 dev eth0 proto static scope link metric 10
192.168.163.0/24 via 10.8.4.133 dev tun0
192.168.174.0/24 dev br-lan proto kernel scope link src 192.168.174.1
local 10.8.4.134 dev tun0 table local proto kernel scope host src 10.8.4.134
broadcast 127.0.0.0 dev lo table local proto kernel scope link src 127.0.0.1
local 127.0.0.0/8 dev lo table local proto kernel scope host src 127.0.0.1
local 127.0.0.1 dev lo table local proto kernel scope host src 127.0.0.1
broadcast 127.255.255.255 dev lo table local proto kernel scope link src 127.0.0.1
broadcast 192.168.2.0 dev eth0 table local proto kernel scope link src 192.168.2.211
local 192.168.2.211 dev eth0 table local proto kernel scope host src 192.168.2.211
broadcast 192.168.2.255 dev eth0 table local proto kernel scope link src 192.168.2.211
broadcast 192.168.174.0 dev br-lan table local proto kernel scope link src 192.168.174.1
local 192.168.174.1 dev br-lan table local proto kernel scope host src 192.168.174.1
broadcast 192.168.174.255 dev br-lan table local proto kernel scope link src 192.168.174.1
0: from all lookup local
1001: from all iif eth0 lookup main
2001: from all fwmark 0x100/0x3f00 lookup 1
2061: from all fwmark 0x3d00/0x3f00 blackhole
2062: from all fwmark 0x3e00/0x3f00 unreachable
32766: from all lookup main
32767: from all lookup default
root@GL-AR750:~# ls -l /etc/resolv.* /tmp/resolv.*; head -n -0 /etc/resolv.* /tmp/resolv.*
lrwxrwxrwx 1 root root 16 Oct 9 2019 /etc/resolv.conf -> /tmp/resolv.conf
-rw-r--r-- 1 root root 32 Oct 25 10:14 /tmp/resolv.conf
-rw-r--r-- 1 root root 56 Oct 25 11:18 /tmp/resolv.conf.auto
==> /etc/resolv.conf <==
search lan
nameserver 127.0.0.1
==> /tmp/resolv.conf <==
search lan
nameserver 127.0.0.1
==> /tmp/resolv.conf.auto <==
# Interface wan
nameserver 192.168.2.1
search fritz.box