爱板网论坛

查看: 391|回复: 0

[讨论] OpenWRT实现有线+WiFi的STA模式双WAN叠加

[复制链接]

231

主题

2

好友

6408

积分

状元

Rank: 6Rank: 6

  • TA的每日心情
    开心
    2016-8-15 09:30
  • 签到天数: 162 天

    连续签到: 1 天

    [LV.7]常住居民III

    爱板会员勋章

    发表于 2017-7-20 15:47:49 |显示全部楼层
    OpenWRT实现有线+WiFi的STA模式双WAN叠加

    本文系转载,原文作者LvSin

    配置/etc/config/network文件
    1. <font color="#000000">config switch 'eth1'
    2.         option reset '0'
    3.         option enable_vlan '0'

    4. config interface 'loopback'
    5.         option ifname 'lo'
    6.         option proto 'static'
    7.         option ipaddr '127.0.0.1'
    8.         option netmask '255.0.0.0'

    9. config interface 'lan'
    10.         option ifname 'eth1'
    11.         option proto 'static'
    12.         option ipaddr '192.168.6.1'
    13.         option netmask '255.255.255.0'

    14. config interface 'wan0'
    15.         option ifname 'wlan0'
    16.         option proto 'dhcp'

    17. config interface 'wan1'
    18.         option ifname 'eth0'
    19.         option proto 'dhcp'
    20.     option ifname eth0
    21.     option proto dhcp</font>
    复制代码
    注意:wan0与wan1的配置,ifname的值要对应准确,此处interface的编号要被dhcp、wireless配置文件所使用。
    配置/etc/config/dhcp         实现wan0、wan1自动dhcp获取IP地址功能
    1. <font color="#000000">config dnsmasq
    2.         option domainneeded '1'
    3.         option boguspriv '1'
    4.         option filterwin2k '0'
    5.         option localise_queries '1'
    6.         option rebind_protection '1'
    7.         option rebind_localhost '1'
    8.         option local '/lan/'
    9.         option domain 'lan'
    10.         option expandhosts '1'
    11.         option nonegcache '0'
    12.         option authoritative '1'
    13.         option readethers '1'
    14.         option leasefile '/tmp/dhcp.leases'
    15.         option resolvfile '/tmp/resolv.conf.auto'

    16. config dhcp 'lan'
    17.         option interface 'lan'
    18.         option start '100'
    19.         option limit '150'
    20.         option leasetime '12h'
    21.         option dhcpv6 'server'
    22.         option ra 'server'

    23. config dhcp 'wan0'
    24.         option interface 'wan0'
    25.         option ignore '1'

    26. config dhcp 'wan1'
    27.         option interface 'wan1'
    28.         option ignore '1'

    29. config odhcpd 'odhcpd'
    30.         option maindhcp '0'
    31.         option leasefile '/tmp/hosts/odhcpd'
    32.         option leasetrigger '/usr/sbin/odhcpd-update'</font>
    复制代码
    配置/etc/config/wireless
    1. <font color="#000000">config wifi-device 'radio0'
    2.         option type 'mac80211'
    3.         option channel '0'
    4.         option hwmode '11g'
    5.         option path 'platform/ar933x_wmac'
    6.         option htmode 'HT20'

    7. config wifi-iface
    8.         option device 'radio0'
    9.         option network 'wan0'
    10.         option mode 'sta'
    11.         option ssid 'wifi名称'
    12.         option encryption 'psk2'
    13.         option key 'wifi密码'</font>
    复制代码
    注意:option network的值要与/etc/config/network中的interface编号对应。
    配置/etc/config/firewall
    1. <font color="#000000">config defaults
    2.         option syn_flood '1'
    3.         option input 'ACCEPT'
    4.         option output 'ACCEPT'
    5.         option forward 'REJECT'

    6. config zone
    7.         option name 'lan'
    8.         option network 'lan'
    9.         option input 'ACCEPT'
    10.         option output 'ACCEPT'
    11.         option forward 'ACCEPT'

    12. config zone
    13.         option name 'wan'
    14.         list network 'wan0'
    15.         list network 'wan1'
    16.         list network 'wan6'
    17.         option input 'ACCEPT'
    18.         option output 'ACCEPT'
    19.         option forward 'ACCEPT'
    20.         option masq '1'
    21.         option mtu_fix '1'

    22. config forwarding
    23.         option src 'lan'
    24.         option dest 'wan'

    25. config rule
    26.         option name 'Allow-DHCP-Renew'
    27.         option src 'wan'
    28.         option proto 'udp'
    29.         option dest_port '68'
    30.         option target 'ACCEPT'
    31.         option family 'ipv4'

    32. config rule
    33.         option name 'Allow-Ping'
    34.         option src 'wan0'
    35.         option proto 'icmp'
    36.         option icmp_type 'echo-request'
    37.         option family 'ipv4'
    38.         option target 'ACCEPT'

    39. config rule
    40.         option name 'Allow-DHCPv6'
    41.         option src 'wan'
    42.         option proto 'udp'
    43.         option src_ip 'fe80::/10'
    44.         option src_port '547'
    45.         option dest_ip 'fe80::/10'
    46.         option dest_port '546'
    47.         option family 'ipv6'
    48.         option target 'ACCEPT'

    49. config rule
    50.         option name 'Allow-ICMPv6-Input'
    51.         option src 'wan0'
    52.         option proto 'icmp'
    53.         option icmp_type 'echo-request echo-reply destination-unreachable packet-too-big time-exceeded bad-header unknown-header-type router-solicitation neighbout'
    54.         option limit '1000/sec'
    55.         option family 'ipv6'
    56.         option target 'ACCEPT'

    57. config rule
    58.         option name 'Allow-ICMPv6-Forward'
    59.         option src 'wan'
    60.         option dest '*'
    61.         option proto 'icmp'
    62.         option icmp_type 'echo-request echo-reply destination-unreachable packet-too-big time-exceeded bad-header unknown-header-type'
    63.         option limit '1000/sec'
    64.         option family 'ipv6'
    65.         option target 'ACCEPT'

    66. config include
    67.         option path '/etc/firewall.user'</font>
    复制代码
    一键配置脚本代码示例         
    所有的配置操作均使用OpenWRT系统提供的uci命令,也是OpenWRT开发中比较正统的操作方法,当然也并不局限于此,如果不怕麻烦的话,直接修改配置文件也能达到同样效果。
    1. <font color="#000000">#!/bin/sh

    2. ENCRYPTION="psk2"   #接入wifi加密方式
    3. SSID="test"       #接入wifi的SSID
    4. KEY="12345678"      #接入wifi的密码

    5. _wifi_sta_set_firewall(){
    6.     echo > /etc/config/firewall
    7.     uci add firewall defaults 1>/dev/null
    8.     uci set firewall.@defaults[0]=defaults
    9.     uci set firewall.@defaults[0].syn_flood=1
    10.     uci set firewall.@defaults[0].input=ACCEPT
    11.     uci set firewall.@defaults[0].output=ACCEPT
    12.     uci set firewall.@defaults[0].forward=REJECT

    13.     uci add firewall zone 1>/dev/null
    14.     uci set firewall.@zone[0]=zone
    15.     uci set firewall.@zone[0].name=lan
    16.     uci set firewall.@zone[0].network=lan
    17.     uci set firewall.@zone[0].input=ACCEPT
    18.     uci set firewall.@zone[0].output=ACCEPT
    19.     uci set firewall.@zone[0].forward=ACCEPT

    20.     uci add firewall zone 1>/dev/null
    21.     uci set firewall.@zone[1]=zone
    22.     uci set firewall.@zone[1].name=wan
    23.     uci add_list firewall.@zone[1].network=wan0
    24.     uci add_list firewall.@zone[1].network=wan1
    25.     #uci add_list firewall.@zone[1].network=wan6
    26.     uci set firewall.@zone[1].input=ACCEPT
    27.     uci set firewall.@zone[1].output=ACCEPT
    28.     uci set firewall.@zone[1].forward=ACCEPT
    29.     uci set firewall.@zone[1].masq=1
    30.     uci set firewall.@zone[1].mtu_fix=1

    31.     uci add firewall forwarding 1>/dev/null
    32.     uci set firewall.@forwarding[0]=forwarding
    33.     uci set firewall.@forwarding[0].src=lan
    34.     uci set firewall.@forwarding[0].dest=wan

    35.     uci add firewall rule 1>/dev/null
    36.     uci set firewall.@rule[0]=rule
    37.     uci set firewall.@rule[0].name=Allow-DHCP-Renew
    38.     uci set firewall.@rule[0].src=wan
    39.     uci set firewall.@rule[0].proto=udp
    40.     uci set firewall.@rule[0].dest_port=68
    41.     uci set firewall.@rule[0].target=ACCEPT
    42.     uci set firewall.@rule[0].family=ipv4

    43.     uci add firewall rule 1>/dev/null
    44.     uci set firewall.@rule[1]=rule
    45.     uci set firewall.@rule[1].name=Allow-Ping
    46.     uci set firewall.@rule[1].src=wan
    47.     uci set firewall.@rule[1].proto=icmp
    48.     uci set firewall.@rule[1].icmp_type=echo-request
    49.     uci set firewall.@rule[1].family=ipv4
    50.     uci set firewall.@rule[1].target=ACCEPT

    51.     uci add firewall rule 1>/dev/null
    52.     uci set firewall.@rule[2]=rule
    53.     uci set firewall.@rule[2].name=Allow-DHCPv6
    54.     uci set firewall.@rule[2].src=wan
    55.     uci set firewall.@rule[2].proto=udp
    56.     uci set firewall.@rule[2].src_ip=fe80::/10
    57.     uci set firewall.@rule[2].src_port=547
    58.     uci set firewall.@rule[2].dest_ip=fe80::/10
    59.     uci set firewall.@rule[2].dest_port=546
    60.     uci set firewall.@rule[2].family=ipv6
    61.     uci set firewall.@rule[2].target=ACCEPT

    62.     #uci add firewall rule 1>/dev/null
    63.     #uci set firewall.@rule[3]=rule
    64.     #uci set firewall.@rule[3].name=Allow-ICMPv6-Input
    65.     #uci set firewall.@rule[3].src=wan
    66.     #uci set firewall.@rule[3].proto=icmp
    67.     #uci set firewall.@rule[3].icmp_type='echo-request echo-reply destination-unreachable packet-too-big time-exceeded bad-header unknown-header-type router-solicitation neighbout'
    68.     #uci set firewall.@rule[3].limit=1000/sec
    69.     #uci set firewall.@rule[3].family=ipv6
    70.     #uci set firewall.@rule[3].target=ACCEPT

    71.     #uci add firewall rule 1>/dev/null
    72.     #uci set firewall.@rule[4]=rule
    73.     #uci set firewall.@rule[4].name='Allow-ICMPv6-Forward'
    74.     #uci set firewall.@rule[4].src=wan
    75.     #uci set firewall.@rule[4].dest=*
    76.     #uci set firewall.@rule[4].proto=icmp
    77.     #uci set firewall.@rule[4].icmp_type='echo-request echo-reply destination-unreachable packet-too-big time-exceeded bad-header unknown-header-type'
    78.     #uci set firewall.@rule[4].limit='1000/sec'
    79.     #uci set firewall.@rule[4].family='ipv6'
    80.     #uci set firewall.@rule[4].target='ACCEPT'

    81.     echo OK
    82.     uci add firewall include 1>/dev/null
    83.     uci set firewall.@include[0]=include
    84.     uci set firewall.@include[0].path='/etc/firewall.user'
    85.     uci commit
    86. }

    87. _wifi_sta_set_network(){
    88.     echo > /etc/config/network
    89.     uci set network.eth1=switch
    90.     uci set network.eth1.reset=0
    91.     uci set network.eth1.enable_vlan=0
    92.     uci set network.loopback=interface
    93.     uci set network.loopback.ifname=lo
    94.     uci set network.loopback.proto=static
    95.     uci set network.loopback.ipaddr=127.0.0.1
    96.     uci set network.loopback.netmask=255.0.0.0
    97.     uci set network.lan=interface
    98.     uci set network.lan.ifname=eth1
    99.     uci set network.lan.proto=static
    100.     uci set network.lan.ipaddr=192.168.6.1
    101.     uci set network.lan.netmask=255.255.255.0
    102.     uci set network.wan0=interface
    103.     uci set network.wan0.ifname=wlan0
    104.     uci set network.wan0.proto=dhcp
    105.     uci set network.wan1=interface
    106.     uci set network.wan1.ifname=eth0
    107.     uci set network.wan1.proto=dhcp
    108.     uci commit
    109. }

    110. #wifi在STA模式下设置dhcp参数
    111. _wifi_sta_set_dhcp(){
    112.     uci delete dhcp.wan 2>/dev/null
    113.     uci set dhcp.lan=dhcp
    114.     uci set dhcp.lan.interface=lan
    115.     uci set dhcp.lan.start=100
    116.     uci set dhcp.lan.limit=150
    117.     uci set dhcp.lan.leasetime=12h
    118.     uci set dhcp.lan.dhcpv6=server
    119.     uci set dhcp.lan.ra=server
    120.     uci set dhcp.wan0=dhcp
    121.     uci set dhcp.wan0.interface=wan0
    122.     uci set dhcp.wan0.ignore=1
    123.     uci set dhcp.wan1=dhcp
    124.     uci set dhcp.wan1.interface=wan1
    125.     uci set dhcp.wan1.ignore=1
    126.     uci set dhcp.odhcpd=odhcpd
    127.     uci set dhcp.odhcpd.maindhcp=0
    128.     uci set dhcp.odhcpd.leasefile=/tmp/hosts/odhcpd
    129.     uci set dhcp.odhcpd.leasetrigger=/usr/sbin/odhcpd-update
    130.     uci commit
    131. }

    132. #param: <ssid> <encrymode> <key>
    133. #   <ssid>      连接AP的SSID名称
    134. #   <encrymode> AP加密方式
    135. #   <key>       AP密码
    136. wifi_connect_to(){
    137.     echo > /etc/config/wireless
    138.     uci set wireless.radio0=wifi-device
    139.     uci set wireless.radio0.type=mac80211
    140.     uci set wireless.radio0.channel=0
    141.     uci set wireless.radio0.hwmode=11g
    142.     uci set wireless.radio0.path=platform/ar933x_wmac
    143.     uci set wireless.radio0.htmode=HT20
    144.     if ! uci get wireless.@wifi-iface[0] 1>/dev/null 2>/dev/null
    145.     then
    146.         uci add wireless wifi-iface 1>/dev/null 2>/dev/null
    147.     fi
    148.     uci set wireless.@wifi-iface[0]=wifi-iface
    149.     uci set wireless.@wifi-iface[0].device=radio0
    150.     uci set wireless.@wifi-iface[0].network=wan0
    151.     uci set wireless.@wifi-iface[0].mode=sta
    152.     uci set wireless.@wifi-iface[0].ssid=$1
    153.     uci set wireless.@wifi-iface[0].encryption=$2
    154.     uci set wireless.@wifi-iface[0].key=$3
    155.     uci commit
    156. }

    157. _wifi_sta_set_firewall #设置firewall参数
    158. _wifi_sta_set_network  #设置network参数
    159. _wifi_sta_set_dhcp     #设置dhcp参数
    160. wifi_connect_to $SSID $ENCRYPTION $KEY  #连接wifi

    161. /etc/init.d/firewall enable
    162. /etc/init.d/firewall restart
    163. #/etc/init.d/network restart</font>
    复制代码
    回复

    使用道具 举报

    您需要登录后才可以回帖 登录 | 立即注册

    关闭

    站长推荐上一条 /2 下一条

    手机版|爱板网 |网站地图  

    GMT+8, 2017-11-24 00:50 , Processed in 0.132995 second(s), 11 queries , Memcache On.

    苏公网安备 32059002001056号

    Powered by Discuz!

    回顶部