Mar
10
Speedport W 500V Wifi-Pseudobridge mit OpenWRT
Veröffentlicht von onny
Ausversehen hatte ich bei Ebay einen Speedport W 500V ersteigert, bei dem sich leider nicht mit Speed2Fritz eine bessere AVM-Firmware installieren lies, da es sich intern um eine von Hitachi entwickelte Hardware handelte. Da der Funktionsumfang von der original Firmware selbst in der neusten Version (1.31) sehr beschränkt ist, musste ich nach einer Alternative schauen, um mit dem Router z.B. eine Wifi-Pseudobridge zu basteln (Non-WDS).
Als erstes bin ich auf das Projekt BitSwitcher gestoßen, dass durch seine gute Dokumentation, ein aufgeräumtes Interface und einer schon sehr stabilen Software aufgefallen ist. Leider war es ein wenig schwierig, das Gerät über die Shell zu konfigurieren und die Anzahl an weiteren Packeten ist noch sehr limitiert.
Da ich gerne für alle möglichen Router-Probleme ein und dieselbe Firmware benutzen möchte, bei der Ich mich gut auskenne, hatte ich doch tatsächlich ein Speedport W 500V OpenWRT-Image im Snapshot/Devel-Entwicklungszweig gefunden, dass zwar noch nicht offiziell unterstützt wird, aber sich ohne Probleme installieren lässt.
Flashing, step for step:
onny@eee> wget http://downloads.openwrt.org/snapshots/trunk/brcm63xx/openwrt-SPW500V-squashfs-cfe.bin # Image downloaden
onny@eee> curl http://192.168.1.1/upload.cgi # ... warten bis Router neustartet
onny@eee> telnet 192.168.1.1 # Standard-Passwort setzen für SSH
root@OpenWrt:/# passwd
Changing password for root
New password:
Retype password:
Password for root changed by root
root@OpenWrt:/# exit
Connection closed by foreign host.
onny@eee> ssh root@192.168.1.1
root@OpenWrt:~# uname -a
Linux OpenWrt 3.0.18 #1 Wed Mar 7 23:16:34 MST 2012 mips GNU/Linux
root@OpenWrt:~# cat /etc/banner
_______ ________ __
| |.-----.-----.-----.| | | |.----.| |_
| - || _ | -__| || | | || _|| _|
|_______|| __|_____|__|__||________||__| |____|
|__| W I R E L E S S F R E E D O M
ATTITUDE ADJUSTMENT (bleeding edge, r30835) ----------
* 1/4 oz Vodka Pour all ingredients into mixing
* 1/4 oz Gin tin with ice, strain into glass.
* 1/4 oz Amaretto
* 1/4 oz Triple sec
* 1/4 oz Peach schnapps
* 1/4 oz Sour mix
* 1 splash Cranberry juice
-----------------------------------------------------
onny@eee> curl http://192.168.1.1/upload.cgi # ... warten bis Router neustartet
onny@eee> telnet 192.168.1.1 # Standard-Passwort setzen für SSH
root@OpenWrt:/# passwd
Changing password for root
New password:
Retype password:
Password for root changed by root
root@OpenWrt:/# exit
Connection closed by foreign host.
onny@eee> ssh root@192.168.1.1
root@OpenWrt:~# uname -a
Linux OpenWrt 3.0.18 #1 Wed Mar 7 23:16:34 MST 2012 mips GNU/Linux
root@OpenWrt:~# cat /etc/banner
_______ ________ __
| |.-----.-----.-----.| | | |.----.| |_
| - || _ | -__| || | | || _|| _|
|_______|| __|_____|__|__||________||__| |____|
|__| W I R E L E S S F R E E D O M
ATTITUDE ADJUSTMENT (bleeding edge, r30835) ----------
* 1/4 oz Vodka Pour all ingredients into mixing
* 1/4 oz Gin tin with ice, strain into glass.
* 1/4 oz Amaretto
* 1/4 oz Triple sec
* 1/4 oz Peach schnapps
* 1/4 oz Sour mix
* 1 splash Cranberry juice
-----------------------------------------------------
Um den Router wie von mir gewünscht zu einem Wifi-Client zu machen, um z.B. ein existierendes Netzwerk über LAN wieder freizugeben (Routed Client, Pseudobridging), müssen einige Dateien wie folgt angepasst werden:
config wifi-device radio0
option type mac80211
option channel 11
option macaddr 00:16:38:6a:ab:f1
option hwmode 11g
option disabled 0
option channel 6
config wifi-iface
option device radio0
option network wwan
option mode sta
option ssid 0zapftis
option encryption psk2
option key 'your-secret-password-here'
option type mac80211
option channel 11
option macaddr 00:16:38:6a:ab:f1
option hwmode 11g
option disabled 0
option channel 6
config wifi-iface
option device radio0
option network wwan
option mode sta
option ssid 0zapftis
option encryption psk2
option key 'your-secret-password-here'
# Copyright (C) 2006 OpenWrt.org
config interface loopback
option ifname lo
option proto static
option ipaddr 127.0.0.1
option netmask 255.0.0.0
config interface lan
option ifname eth0
option type bridge
option proto static
option ipaddr 192.168.1.1
option netmask 255.255.255.0
config interface wwan
option proto dhcp
config interface stabridge
option proto relay
option network lan wwan
config interface loopback
option ifname lo
option proto static
option ipaddr 127.0.0.1
option netmask 255.0.0.0
config interface lan
option ifname eth0
option type bridge
option proto static
option ipaddr 192.168.1.1
option netmask 255.255.255.0
config interface wwan
option proto dhcp
config interface stabridge
option proto relay
option network lan wwan
config defaults
option syn_flood 1
option input ACCEPT
option output ACCEPT
option forward REJECT
# Uncomment this line to disable ipv6 rules
# option disable_ipv6 1
config zone
option name lan
option network 'lan wwan'
option input ACCEPT
option output ACCEPT
option forward ACCEPT
config zone
option name wan
option network 'wan'
option input REJECT
option output ACCEPT
option forward REJECT
option masq 1
option mtu_fix 1
config forwarding
option src lan
option dest wan
# We need to accept udp packets on port 68,
# see https://dev.openwrt.org/ticket/4108
config rule
option name Allow-DHCP-Renew
option src wan
option proto udp
option dest_port 68
option target ACCEPT
option family ipv4
# Allow IPv4 ping
config rule
option name Allow-Ping
option src wan
option proto icmp
option icmp_type echo-request
option family ipv4
option target ACCEPT
# Allow DHCPv6 replies
# see https://dev.openwrt.org/ticket/10381
config rule
option name Allow-DHCPv6
option src wan
option proto udp
option src_ip fe80::/10
option src_port 547
option dest_ip fe80::/10
option dest_port 546
option family ipv6
option target ACCEPT
# Allow essential incoming IPv6 ICMP traffic
config rule
option name Allow-ICMPv6-Input
option src wan
option proto icmp
list icmp_type echo-request
list icmp_type echo-reply
list icmp_type destination-unreachable
list icmp_type packet-too-big
list icmp_type time-exceeded
list icmp_type bad-header
list icmp_type unknown-header-type
list icmp_type router-solicitation
list icmp_type neighbour-solicitation
option limit 1000/sec
option family ipv6
option target ACCEPT
# Allow essential forwarded IPv6 ICMP traffic
config rule
option name Allow-ICMPv6-Forward
option src wan
option dest *
option proto icmp
list icmp_type echo-request
list icmp_type echo-reply
list icmp_type destination-unreachable
list icmp_type packet-too-big
list icmp_type time-exceeded
list icmp_type bad-header
list icmp_type unknown-header-type
option limit 1000/sec
option family ipv6
option target ACCEPT
# include a file with users custom iptables rules
config include
option path /etc/firewall.user
option syn_flood 1
option input ACCEPT
option output ACCEPT
option forward REJECT
# Uncomment this line to disable ipv6 rules
# option disable_ipv6 1
config zone
option name lan
option network 'lan wwan'
option input ACCEPT
option output ACCEPT
option forward ACCEPT
config zone
option name wan
option network 'wan'
option input REJECT
option output ACCEPT
option forward REJECT
option masq 1
option mtu_fix 1
config forwarding
option src lan
option dest wan
# We need to accept udp packets on port 68,
# see https://dev.openwrt.org/ticket/4108
config rule
option name Allow-DHCP-Renew
option src wan
option proto udp
option dest_port 68
option target ACCEPT
option family ipv4
# Allow IPv4 ping
config rule
option name Allow-Ping
option src wan
option proto icmp
option icmp_type echo-request
option family ipv4
option target ACCEPT
# Allow DHCPv6 replies
# see https://dev.openwrt.org/ticket/10381
config rule
option name Allow-DHCPv6
option src wan
option proto udp
option src_ip fe80::/10
option src_port 547
option dest_ip fe80::/10
option dest_port 546
option family ipv6
option target ACCEPT
# Allow essential incoming IPv6 ICMP traffic
config rule
option name Allow-ICMPv6-Input
option src wan
option proto icmp
list icmp_type echo-request
list icmp_type echo-reply
list icmp_type destination-unreachable
list icmp_type packet-too-big
list icmp_type time-exceeded
list icmp_type bad-header
list icmp_type unknown-header-type
list icmp_type router-solicitation
list icmp_type neighbour-solicitation
option limit 1000/sec
option family ipv6
option target ACCEPT
# Allow essential forwarded IPv6 ICMP traffic
config rule
option name Allow-ICMPv6-Forward
option src wan
option dest *
option proto icmp
list icmp_type echo-request
list icmp_type echo-reply
list icmp_type destination-unreachable
list icmp_type packet-too-big
list icmp_type time-exceeded
list icmp_type bad-header
list icmp_type unknown-header-type
option limit 1000/sec
option family ipv6
option target ACCEPT
# include a file with users custom iptables rules
config include
option path /etc/firewall.user
config dnsmasq
option domainneeded 1
option boguspriv 1
option filterwin2k 0 # enable for dial on demand
option localise_queries 1
option rebind_protection 1 # disable if upstream must serve RFC1918 addresses
option rebind_localhost 1 # enable for RBL checking and similar services
#list rebind_domain example.lan # whitelist RFC1918 responses for domains
option local '/lan/'
option domain 'lan'
option expandhosts 1
option nonegcache 0
option authoritative 1
option readethers 1
option leasefile '/tmp/dhcp.leases'
option resolvfile '/tmp/resolv.conf.auto'
#list server '/mycompany.local/1.2.3.4'
#option nonwildcard 1
#list interface br-lan
#list notinterface lo
#list bogusnxdomain '64.94.110.11'
config dhcp lan
option interface lan
option start 100
option limit 150
option leasetime 12h
option ignore 1
config dhcp wan
option interface wan
option ignore 1
option domainneeded 1
option boguspriv 1
option filterwin2k 0 # enable for dial on demand
option localise_queries 1
option rebind_protection 1 # disable if upstream must serve RFC1918 addresses
option rebind_localhost 1 # enable for RBL checking and similar services
#list rebind_domain example.lan # whitelist RFC1918 responses for domains
option local '/lan/'
option domain 'lan'
option expandhosts 1
option nonegcache 0
option authoritative 1
option readethers 1
option leasefile '/tmp/dhcp.leases'
option resolvfile '/tmp/resolv.conf.auto'
#list server '/mycompany.local/1.2.3.4'
#option nonwildcard 1
#list interface br-lan
#list notinterface lo
#list bogusnxdomain '64.94.110.11'
config dhcp lan
option interface lan
option start 100
option limit 150
option leasetime 12h
option ignore 1
config dhcp wan
option interface wan
option ignore 1
Die Einstellungen können dann mit folgenden Befehlen übernommen werden:
root@OpenWrt:~# /etc/init.d/dnsmasq restart
root@OpenWrt:~# /etc/init.d/firewall restart
root@OpenWrt:~# wifi down; wifi
root@OpenWrt:~# /etc/init.d/firewall restart
root@OpenWrt:~# wifi down; wifi
3. May 2012 at 17:53
[...] mal hier schauen: http://www.project-insanity.org/2012/03/speedport-w-500v-wifi-pseudobridge-mit-openwrt/ Teilen:Related [...]
5. August 2012 at 19:00
Vielen Dank! Jetzt läuft mein alter W500V auch unter Open WRT.
6. March 2013 at 22:51
Lässt sich da auch ein VPN server wie
http://ivacy.com/
oder xxx?
definieren ?
6. March 2013 at 23:11
uwe: Das geht auf jeden Fall mit OpenWRT, entweder via PPTP oder OpenVPN (siehe dazu auch den Blogpost zu Fonera Freifunk hier im Blog)