openwrt配置实验

最新推荐文章于 2024-07-24 20:43:50 发布

东升

最新推荐文章于 2024-07-24 20:43:50 发布

阅读量5.2k

点赞数

分类专栏： openwrt

本文链接：https://blog.csdn.net/liangdsing/article/details/62890975

版权

openwrt 专栏收录该内容

10 篇文章 5 订阅

订阅专栏

使用的机器有四个LAN口，LAN1-4，1个WAN口

默认的配置情况是，LAN1-LAN4为vlan-id1，wan口为vlan-id2，在LAN口下能通过dhcp分配ip地址，电脑接入lan口后能访问外网。

我本次实验的目的是

1，创建一个新的桥br-test。（默认桥接口是br-lan）

2，创建一个新的子端口eth0.3并与LAN1关联，即LAN1接收到的数据会进入eth0.3子端口。

3，电脑线接入LAN1口能自动分配IP地址，网段是192.85.1.100开始

4，接入LAN1口的电脑能上网

一般的操作是通过页面来完成，至于后台写了哪些配置文件不是很了解，本次实验不借助web操作，通过console来完成对应操作。

首先看下默认配置

root@BDCOM:/etc/config# cat network 

config interface 'loopback'
        option ifname 'lo'
        option proto 'static'
        option ipaddr '127.0.0.1'
        option netmask '255.0.0.0'

config globals 'globals'
        option ula_prefix 'fd1f:7a45:08ed::/48'

config interface 'lan'
        option ifname 'eth0.1'
        option force_link '1'
        option type 'bridge'
        option proto 'static'
        option ipaddr '192.168.1.1'
        option netmask '255.255.255.0'
        option ip6assign '60'
        option macaddr 'fc:fa:f7:01:02:01'
        option enable '1'
        option model 'auto'

config interface 'wan'
        option ifname 'eth0.2'
        option proto 'dhcp'
        option vendorid '3830d84fd8bc77bf'
        option macaddr 'fc:fa:f7:01:02:00'
        option enable '1'
        option model 'auto'

config interface 'wan6'
        option ifname '@wan'
        option proto 'dhcpv6'

config switch
        option name 'switch0'
        option reset '1'
        option enable_vlan '1'

config switch_vlan
        option device 'switch0'
        option vlan '1'
        option ports '0 1 2 3 6t'

config switch_vlan
        option device 'switch0'
        option vlan '2'
        option ports '4 6t'

config arp_globals 'arp_globals'
        option interval '1'
        option threshold '500'

config ap_arp 'ap_arp'
        option enable '0'
        option threshold '50'

root@BDCOM:/etc/config#

root@BDCOM:/etc/config# ifconfig
br-lan    Link encap:Ethernet  HWaddr FC:FA:F7:01:02:01  
          inet addr:192.168.1.1  Bcast:192.168.1.255  Mask:255.255.255.0
          inet6 addr: fe80::fefa:f7ff:fe01:201/64 Scope:Link
          inet6 addr: fd1f:7a45:8ed::1/60 Scope:Global
          UP BROADCAST RUNNING MULTICAST  MTU:1500  Metric:1
          RX packets:9267 errors:0 dropped:0 overruns:0 frame:0
          TX packets:12423 errors:0 dropped:0 overruns:0 carrier:0
          collisions:0 txqueuelen:0 
          RX bytes:479628 (468.3 KiB)  TX bytes:18118631 (17.2 MiB)

eth0      Link encap:Ethernet  HWaddr FC:FA:F7:01:02:00  
          inet6 addr: fe80::fefa:f7ff:fe01:200/64 Scope:Link
          UP BROADCAST RUNNING MULTICAST  MTU:1500  Metric:1
          RX packets:14712 errors:0 dropped:22 overruns:0 frame:0
          TX packets:9575 errors:0 dropped:0 overruns:0 carrier:0
          collisions:0 txqueuelen:1000 
          RX bytes:18639573 (17.7 MiB)  TX bytes:673852 (658.0 KiB)
          Interrupt:5 

eth0.1    Link encap:Ethernet  HWaddr FC:FA:F7:01:02:00  
          UP BROADCAST RUNNING MULTICAST  MTU:1500  Metric:1
          RX packets:253 errors:0 dropped:0 overruns:0 frame:0
          TX packets:174 errors:0 dropped:0 overruns:0 carrier:0
          collisions:0 txqueuelen:0 
          RX bytes:48132 (47.0 KiB)  TX bytes:54977 (53.6 KiB)

eth0.2    Link encap:Ethernet  HWaddr FC:FA:F7:01:02:00  
          inet addr:172.16.20.37  Bcast:172.16.20.255  Mask:255.255.255.0
          inet6 addr: fe80::fefa:f7ff:fe01:200/64 Scope:Link
          UP BROADCAST RUNNING MULTICAST  MTU:1500  Metric:1
          RX packets:14228 errors:0 dropped:0 overruns:0 frame:0
          TX packets:9376 errors:0 dropped:0 overruns:0 carrier:0
          collisions:0 txqueuelen:0 
          RX bytes:18294088 (17.4 MiB)  TX bytes:614932 (600.5 KiB)

lo        Link encap:Local Loopback  
          inet addr:127.0.0.1  Mask:255.0.0.0
          inet6 addr: ::1/128 Scope:Host
          UP LOOPBACK RUNNING  MTU:65536  Metric:1
          RX packets:427 errors:0 dropped:0 overruns:0 frame:0
          TX packets:427 errors:0 dropped:0 overruns:0 carrier:0
          collisions:0 txqueuelen:0 
          RX bytes:29308 (28.6 KiB)  TX bytes:29308 (28.6 KiB)

wlan0     Link encap:Ethernet  HWaddr FC:FA:F7:01:02:00  
          inet6 addr: fe80::fefa:f7ff:fe01:200/64 Scope:Link
          UP BROADCAST RUNNING MULTICAST  MTU:1500  Metric:1
          RX packets:9079 errors:0 dropped:0 overruns:0 frame:0
          TX packets:12368 errors:0 dropped:0 overruns:0 carrier:0
          collisions:0 txqueuelen:1000 
          RX bytes:563664 (550.4 KiB)  TX bytes:18325351 (17.4 MiB)

新增一个桥接口

在network配置文件中增加如下内容后执行/etc/init.d/network restart

config interface 'test'
        option ifname 'eth0.3'
        option force_link '1'
        option type 'bridge'
        option proto 'static'
        option ipaddr '192.85.1.1'
        option netmask '255.255.255.0'
        option ip6assign '60'
        option macaddr 'fc:fa:f7:01:02:01'
        option enable '1'
        option model 'auto'

ifconfig命令查看得到如下新增信息

br-test   Link encap:Ethernet  HWaddr FC:FA:F7:01:02:01  
          inet addr:192.85.1.1  Bcast:192.85.1.255  Mask:255.255.255.0
          inet6 addr: fe80::fefa:f7ff:fe01:201/64 Scope:Link
          inet6 addr: fd1f:7a45:8ed:10::1/60 Scope:Global
          UP BROADCAST RUNNING MULTICAST  MTU:1500  Metric:1
          RX packets:0 errors:0 dropped:0 overruns:0 frame:0
          TX packets:6 errors:0 dropped:0 overruns:0 carrier:0
          collisions:0 txqueuelen:0 
          RX bytes:0 (0.0 B)  TX bytes:636 (636.0 B)

eth0.3    Link encap:Ethernet  HWaddr FC:FA:F7:01:02:00  
          UP BROADCAST RUNNING MULTICAST  MTU:1500  Metric:1
          RX packets:0 errors:0 dropped:0 overruns:0 frame:0
          TX packets:9 errors:0 dropped:0 overruns:0 carrier:0
          collisions:0 txqueuelen:0 
          RX bytes:0 (0.0 B)  TX bytes:814 (814.0 B)

可以看到在交换机配置项中，划分了 vlan1和vlan2，vlan1的端口有0，1，2，3即LAN1-4，VLAN2为wan口,交换机名称是switch0

config switch
        option name 'switch0'
        option reset '1'
        option enable_vlan '1'

config switch_vlan
        option device 'switch0'
        option vlan '1'
        option ports '0 1 2 3 6t'

config switch_vlan
        option device 'switch0'
        option vlan '2'
        option ports '4 6t'

通过命令swconfig dev switch0 show可以看到底层驱动关于交换机的信息

root@BDCOM:/etc/config# swconfig dev switch0 show
Global attributes:
        enable_vlan: 1
Port 0:
        pvid: 1
        link: port:0 link:up speed:100baseT full-duplex 
Port 1:
        pvid: 1
        link: port:1 link:down
Port 2:
        pvid: 1
        link: port:2 link:down
Port 3:
        pvid: 1
        link: port:3 link:down
Port 4:
        pvid: 2
        link: port:4 link:up speed:100baseT full-duplex 
Port 5:
        pvid: 0
        link: port:5 link:down
Port 6:
        pvid: 0
        link: port:6 link:up speed:1000baseT full-duplex 
Port 7:
        pvid: 0
        link: port:7 link:down
VLAN 1:
        vid: 1
        ports: 0 1 2 3 6t 
VLAN 2:
        vid: 2
        ports: 4 6t

我需要把LAN1与eth0.3即vlan-id3关联起来，需要修改network的配置

修改结果如下：

config switch_vlan
        option device 'switch0'
        option vlan '1'
        option ports '1 2 3 6t'

config switch_vlan
        option device 'switch0'
        option vlan '2'
        option ports '4 6t'

config switch_vlan
        option device 'switch0'
        option vlan '3'
        option ports '0 6t'

增加了switch_vlan3的配置项，port 0加入至vlan3中，同时需要从vlan1中移除出去，6t貌似是cpu接口，t是tag的意思

swconfig dev switch0 show查看设置结果

Global attributes:
        enable_vlan: 1
Port 0:
        pvid: 3
        link: port:0 link:up speed:100baseT full-duplex 
Port 1:
        pvid: 1
        link: port:1 link:down
Port 2:
        pvid: 1
        link: port:2 link:down
Port 3:
        pvid: 1
        link: port:3 link:down
Port 4:
        pvid: 2
        link: port:4 link:up speed:100baseT full-duplex 
Port 5:
        pvid: 0
        link: port:5 link:down
Port 6:
        pvid: 0
        link: port:6 link:up speed:1000baseT full-duplex 
Port 7:
        pvid: 0
        link: port:7 link:down
VLAN 1:
        vid: 1
        ports: 1 2 3 6t 
VLAN 2:
        vid: 2
        ports: 4 6t 
VLAN 3:
        vid: 3
        ports: 0 6t

接下来处理dhcp

配置信息在

root@BDCOM:/etc/config# cat dhcp 
config dnsmasq
        option domainneeded     1
        option boguspriv        1
        option filterwin2k      0  # enable for dial on demand
        option localise_queries 1
        option rebind_protection 0  # disable if upstream must serve RFC1918 addresses
        option rebind_localhost 0  # enable for RBL checking and similar services
        #list rebind_domain example.lan  # whitelist RFC1918 responses for domains
        option local    '/lan/'
        option domain   'lan'
        option expandhosts      1
        option nonegcache       0
        option authoritative    1
        option readethers       1
        option leasefile        '/tmp/dhcp.leases'
        option wdfile   '/usr/bin/wifidog_util'
        option resolvfile       '/tmp/resolv.conf.auto'
        #list server            '/mycompany.local/1.2.3.4'
        #option nonwildcard     1
        #list interface         br-lan
        #list notinterface      lo
        #list bogusnxdomain     '64.94.110.11'

config dhcp lan
        option interface        lan
        option start    100
        option limit    150
        option leasetime        12h
        option force    1
        option ra_management    1

config dhcp wan
        option interface        wan
        option ignore   1

config ac_dhcp
        option sta_acid 'BDCOM_AP'
        option ap_acid 'BDCOM_AP'

dhcp文件中增加如下配置内容

config dhcp test
        option interface        test
        option start    100
        option limit    150
        option leasetime        12h
        option force    1
        option ra_management    1

重启服务/etc/init.d/dnsmasq restart

可以看到新的配置文件生成在

root@BDCOM:/etc/config# cat /var/etc/dnsmasq.conf 
# auto-generated config file from /etc/config/dhcp
conf-file=/etc/dnsmasq.conf
dhcp-authoritative
domain-needed
localise-queries
read-ethers
bogus-priv
expand-hosts
domain=lan
server=/lan/
dhcp-leasefile=/tmp/dhcp.leases
wifidog-file=/usr/bin/wifidog_util
resolv-file=/tmp/resolv.conf.auto
addn-hosts=/tmp/hosts
conf-dir=/tmp/dnsmasq.d
dhcp-broadcast=tag:needs-broadcast


host-record=BDCOM.lan,BDCOM,192.168.1.1


dhcp-range=lan,192.168.1.100,192.168.1.249,255.255.255.0,12h
dhcp-range=test,192.85.1.100,192.85.1.249,255.255.255.0,12h
no-dhcp-interface=eth0.2

电脑通过LAN1端口连接后能获取到ip地址，网段为192.85.1.X，但是电脑不能访问外部，这是因为防火墙的缘故

root@BDCOM:/etc/config# vi firewall 增加如下内容

config zone
        option name             test
        list   network          'test'
        option input            ACCEPT
        option output           ACCEPT
        option forward          ACCEPT


config forwarding
        option src              test
        option dest             wan

重启防火墙服务/etc/init.d/firewall restart， ok，电脑能上网了。

接下来进行桥的配置，将无线口加入至br-test桥中。

先将无线口从br-lan删除下来

brctl delif br-lan wlan0

加入至新的桥中

brctl addif br-test wlan0

brctl show
bridge name     bridge id               STP enabled     interfaces
br-lan          7fff.fcfaf7010201       no              eth0.1
br-test         7fff.fcfaf7010201       no              eth0.3
                                                        wlan0

实验完毕！以上只是通过修改uci的配置文件来实现定制服务，这样，openwrt路由器在重启之后不会因为配置丢失而失去对应的服务。

配置结束后需要重启服务器，大部分网络这块是通过netifd模块进行的配置，其调用流程较为复杂。

附：

brctl show，显示桥信息

brctl addbr br0，新增桥

brctl addif br0 eth0.1，将子端口eth0.1加入桥

vconfig add eth0 3, 创建eth0.3端口

ifconfig eth0.3 up, up端口，非dup端口在ifconfig下不会显示

ifconfig eth0.3 192.168.1.1 netmask 255.255.255.0，端口配置ip地址

ifconfig eth0.0 0.0.0.0 ，端口删除ip地址

vconfig rem eth0.3，删除子端口