then I think it might be just optical terminal and not a combination of fiber optic, router and wireless terminal. Just like I have modem router wlan combo but I am just using modem part as bridge and my own pi4 router and my own wireless access points.
I think it is great you are able to use your own router with FTTH.
Is it fine to show your IP address like that?
Yes.
From an IPv4 perspective:
From an IPv6 perspective:
I'm no longer on '191b'.In the current configuration, the worst that could happen is someone decides to DoS my network range. The Pi will probably fall over under the load.
so i've uploaded a /tftpboot 'sample' zip with (draft) config generator...: https://rpi4.wulfy23.info/misc/tftpboot/
came in handy for me over the last day or two messing with a laptop I can't open (easily)...
currently sort of has;
really only for experts at this stage... but may add some 'per-device' and special network device specific stuff ( cisco / ubiquiti ) in the future...
it's ~ 750M and you'd need twice that to unpack it... so try to keep a local copy of the .tar unless the version number changes...
it's not rpi4 specific so anyone with extroot / x64 / 2G free should be able to use it...
I am waiting for the integration of IDS, IPS and DPI tool you mentioned some time ago. I think it was DPI.
not sure if that was crowdsec... there were a few in that list... crowdsec is not exactly the above but it's a good middle ground...
I did spend two days on it... and i'd say it has good integration potential but am holding of a few months for some things to be resolved...
(breaks when you include it in an image... but anyone wanting to have a play with it, with intermediate skills or above is welcome to install and try it out 'post-upgrade'... it's great for exposed servers but stats from typical natting routers would be interesting to see)
persistent usb nic names
following on from
https://forum.openwrt.org/t/bind-usb-ethernet-adapter-to-specific-port/111854?u=wulfy23
https://forum.openwrt.org/t/stable-network-interface-names-for-usb-ethernet-dongles/98539
next build will incorporate the ability to make usb-nics persistent
this is how it works...
step1
### enable the logic as a whole
uci set network.globals.persistent_nic='1'
uci commit network
step2
### for every usb nic
uci set network.rummy.mac_original='00:00:e8:00:44:bf'
uci commit network
### update the uci logical interface underlying device eth+last6chars
uci set network.rummy.device="eth0044bf"
uci commit network
so you can leave the first wan untouched: edit: no it will need to be added also...
edit: macaddr(normal override if underlying 'mac_original') will work if it's in the interface ( not device ) section...
there is a bug with macaddr in the device section (move macaddr overrides to the interface section if it's a use adapter to be renamed and you want it overidden until the bug is fixed)
for extra wan interfaces repeat step2...
caveats:
for anyone not on this build you can get the hotplug.d/net/000-kickanic here
Hi Wulfy23: thank you for this wonderful build. I got your build up and running on rpi4 without a problem. It's running very nice.
I have a strange question regarding DHCP server on rpi4.
I am connecting Telekom router + rpi4(openwrt)+ Xiaomi Ax3600(as Access-Point for WiFi)
What I want to ask is how should I setup the DHCP server so that I have 0 issues in blocking ads and also in terms of IP address conflict.
How should I proceed further? I mean should I setup static dns Address in my Router and let rpi4 manage DHCP server and the Xiaomi Ax3600 in AP-Mode?
Is this setup correct? If so how can I do the DHCP setting in openwrt??? Can I switch off the DHCP server on Telekom router? Will it work if I do so?
Sorry for asking so many questions at a time.
Hoping to get a reply from you soon.
Thanks in advance
Thanks, glad it's working for you...
I had started to write some general advice then it grew over 250 words...
You questions are all kinda general networking (i.e. not directly related to anything to do with this build at all) related...
(they are also really broad)
so best to open a brand new, dedicated thread for it... ( many more people will see it and have the chance to help )
when you do please link to your post above ( the 'link' icon at the bottom of the post )... people will want to know if your Telecom device is 'natting' / not-bridged ( what kind of address it hands out and how )
Hi,
I'm just about to purchase a Pi4 to use as my main router on a 1gb fiber connection. I just want it rock solid with SQM , is the Pi 4 2GB version good enough, or do I need go for the 8GB ? (I'll just be running openwrt and a couple of small packages I guess).
Also, is DCHP Optiion 61 possible on this build ?
Thanks
2GB is plenty for all that. Won't affect SQM performance which is almost all based on CPU.
this build uses the typical dnsmasq by default which supports most dhcp options...
dnsmasq isn't used to send DHCP option 61 - from my understanding, someone may want DHCP Option 61 sent as part of the WAN DHCP request (some internet providers apparently require this)
roger that... in this case it would be;
uci set network.wan.clientid=ABC
uci commit network
so yes... supported...
If you mean on WAN, sent to the ISP, then it's standard OpenWRT
Look in the Advanced Tab of the WAN interface
Client ID to send when requesting DHCP
That's the value to be sent as DHCP option 61
I am unable to access my modem. But I can ping modem IP from within openwrt. Something to do with banIP?
I have tried and created new interface but still unable to access my modem.
PING 192.168.10.1 (192.168.10.1): 56 data bytes
64 bytes from 192.168.10.1: seq=0 ttl=64 time=1.885 ms
64 bytes from 192.168.10.1: seq=1 ttl=64 time=0.750 ms
64 bytes from 192.168.10.1: seq=2 ttl=64 time=0.728 ms
64 bytes from 192.168.10.1: seq=3 ttl=64 time=0.746 ms
64 bytes from 192.168.10.1: seq=4 ttl=64 time=0.757 ms
--- 192.168.10.1 ping statistics ---
5 packets transmitted, 5 packets received, 0% packet loss
round-trip min/avg/max = 0.728/0.973/1.885 ms
cat /etc/config/network
config interface 'loopback'
option device 'lo'
option proto 'static'
option ipaddr '127.0.0.1'
option netmask '255.0.0.0'
config globals 'globals'
option packet_steering '1'
config device
option name 'br-lan'
option type 'bridge'
list ports 'eth0'
config interface 'lan'
option device 'br-lan'
option proto 'static'
option netmask '255.255.255.0'
option ip6assign '60'
option ipaddr '192.168.1.2'
option igmp_snooping '1'
option delegate '0'
config interface 'wan'
option proto 'pppoe'
option device 'eth1'
option username
option password
option ipv6 'auto'
option hostname 'router'
option peerdns '0'
list dns '8.8.8.8'
config interface 'IPTV'
option device 'eth1'
option proto 'static'
option ipaddr '10.10.10.1'
option netmask '255.255.255.0'
config interface 'guest'
option proto 'static'
option device 'br-guest'
option ipaddr '192.168.3.1'
option netmask '255.255.255.0'
option delegate '0'
config device
option name 'br-guest'
option type 'bridge'
list ports 'dummy0'
config interface 'accessmodem'
option proto 'static'
option ipaddr '192.168.10.5'
option netmask '255.255.255.0'
option device 'eth1'
cat /etc/config/firewall
config defaults
option input 'ACCEPT'
option output 'ACCEPT'
option forward 'REJECT'
option synflood_protect '1'
config zone
option name 'lan'
option input 'ACCEPT'
option output 'ACCEPT'
option forward 'ACCEPT'
list network 'lan'
config zone
option name 'wan'
option input 'REJECT'
option output 'ACCEPT'
option forward 'REJECT'
option masq '1'
option mtu_fix '1'
list network 'wan'
list network 'wan6'
list network 'IPTV'
list network 'accessmodem'
config forwarding
option src 'lan'
option dest 'wan'
config rule
option name 'Allow-DHCP-Renew'
option src 'wan'
option proto 'udp'
option dest_port '68'
option target 'ACCEPT'
option family 'ipv4'
config rule
option name 'Allow-Ping'
option src 'wan'
option proto 'icmp'
option icmp_type 'echo-request'
option family 'ipv4'
option target 'ACCEPT'
config rule
option name 'Allow-IGMP'
option proto 'igmp'
option family 'ipv4'
option target 'ACCEPT'
option src 'wan'
config rule
option name 'Allow-DHCPv6'
option src 'wan'
option proto 'udp'
option src_ip 'fc00::/6'
option dest_ip 'fc00::/6'
option dest_port '546'
option family 'ipv6'
option target 'ACCEPT'
config rule
option name 'Allow-MLD'
option src 'wan'
option proto 'icmp'
option src_ip 'fe80::/10'
list icmp_type '130/0'
list icmp_type '131/0'
list icmp_type '132/0'
list icmp_type '143/0'
option family 'ipv6'
option target 'ACCEPT'
config rule
option name 'Allow-ICMPv6-Input'
option src 'wan'
option proto 'icmp'
list icmp_type 'echo-request'
list icmp_type 'echo-reply'
list icmp_type 'destination-unreachable'
list icmp_type 'packet-too-big'
list icmp_type 'time-exceeded'
list icmp_type 'bad-header'
list icmp_type 'unknown-header-type'
list icmp_type 'router-solicitation'
list icmp_type 'neighbour-solicitation'
list icmp_type 'router-advertisement'
list icmp_type 'neighbour-advertisement'
option limit '1000/sec'
option family 'ipv6'
option target 'ACCEPT'
config rule
option name 'Allow-ICMPv6-Forward'
option src 'wan'
option dest '*'
option proto 'icmp'
list icmp_type 'echo-request'
list icmp_type 'echo-reply'
list icmp_type 'destination-unreachable'
list icmp_type 'packet-too-big'
list icmp_type 'time-exceeded'
list icmp_type 'bad-header'
list icmp_type 'unknown-header-type'
option limit '1000/sec'
option family 'ipv6'
option target 'ACCEPT'
config rule
option name 'Allow-IPSec-ESP'
option src 'wan'
option dest 'lan'
option proto 'esp'
option target 'ACCEPT'
config rule
option name 'Allow-ISAKMP'
option src 'wan'
option dest 'lan'
option dest_port '500'
option proto 'udp'
option target 'ACCEPT'
config rule
option name 'Support-UDP-Traceroute'
option src 'wan'
option dest_port '33434:33689'
option proto 'udp'
option family 'ipv4'
option target 'REJECT'
option enabled '0'
config include
option path '/etc/firewall.user'
option reload '1'
config zone
option name 'Guest'
option input 'REJECT'
option output 'ACCEPT'
option forward 'REJECT'
list network 'guest'
config forwarding
option src 'Guest'
option dest 'wan'
config rule
option name 'Guest DHCP and DNS'
option src 'Guest'
option target 'ACCEPT'
list proto 'udp'
option dest_port '53 67 '
config rule
option name 'block'
option src 'lan'
option dest 'wan'
option target 'REJECT'
list src_mac '*********************'
list src_mac '*********************'
list src_mac '*********************'
list src_mac '*********************'
list src_mac '*********************'
list src_mac '*********************'
list src_mac '*********************'
list src_mac '*********************'
list src_mac '*********************'
list src_mac '*********************'
list src_mac '*********************'
when did it last work?
what has changed since then?
It was working fine 2 days ago.
I changed nothing.
is this a bad paste (or you just removed the macs and it looks odd)?
config rule
option name 'block'
option src 'lan'
option dest 'wan'
option target 'REJECT'
list src_mac
this line seems incomplete
was it added in the last two days?
I removed mac addresses I added in block list. Let me post it here again.
I noticed this change after power failure. It is not working since then. I am unable to access modem. Before it was working fine.
option name 'block'
option src 'lan'
option dest 'wan'
option target 'REJECT'
list src_mac '*********************'
list src_mac '*********************'
list src_mac '*********************'
list src_mac '*********************'
list src_mac '*********************'
list src_mac '*********************'
list src_mac '*********************'
list src_mac '*********************'
list src_mac '*********************'
list src_mac '*********************'
list src_mac '*********************'