usage: ${0##*/} [-h] [-t 2|test] [-m WIRELESS_MAC]
setup my router in general: dhcp, dns, etc.
-Type 2 is for setting up a backup device. Type test is for setting up a
-testing device.
+Type 2 or 3 is for setting up a backup device, there are two kinds so
+that you can switch the main device to a backup, then a backup to the
+main. Type test is for setting up a testing device.
Passing an empty string for WIRELESS_MAC will cause the device's native
mac to be used.
h) usage ;;
t)
case $2 in
- 2)
+ 2|3)
dev2=true
+ libremanage_host=wrt
+ ;;&
+ 2)
lanip=4
hostname=wrt2
- libremanage_host=wrt
+ ;;
+ 3)
+ lanip=14
+ hostname=wrt3
;;
test)
test=true
macpre=${mac:0: -1}
macsuf=${mac: -1}
+
+p_updated=false
pmirror() {
+ if $p_updated; then
+ return
+ fi
# background: upgrading all packages is not recommended because it
# doesn't go into the firmware. build new firmware if you want
# lots of upgrades. I think /tmp/opkg-lists is a pre openwrt 14 location.
f=(/var/opkg-lists/*)
if ! (( $(date -r $f +%s) + 60*60*24 > $(date +%s) )); then
- opkg update
+ if ! opkg update; then
+ echo "$0: warning: opkg update failed" >&2
+ fi
+ p_updated=true
fi
}
pi() {
- for x in "$@"; do
- if [[ ! $(opkg list-installed "$x") ]]; then
+ to_install=()
+ for p in "$@"; do
+ pname=${p##*/}
+ pname=${pname%%_*}
+ if [[ ! $(opkg list-installed "$pname") ]]; then
+ to_install+=($p)
pmirror
- opkg install "$@"
fi
done
+ if [[ $to_install ]]; then
+ opkg install ${to_install[@]}
+ fi
}
v() {
####### end uci example #####
uset() {
+ printf "+ uset %s\n" "$*"
local key="$1"
local val="$2"
local service="${key%%.*}"
# wiki says safe to do in case of fstab changes:
## ian: usb broke on old router. if that happens, can just comment this to disable problems
-echo | cedit /etc/config/fstab ||:
-cedit /etc/config/fstab <<EOF || { v block umount; v block mount; }
+# echo | cedit /etc/config/fstab ||:
+v cedit /etc/config/fstab <<EOF || { v block umount; v block mount; }
config global automount
option from_fstab 1
option anon_mount 1
uset dropbear.@dropbear[0].PasswordAuth 0
uset dropbear.@dropbear[0].RootPasswordAuth 0
uset dropbear.@dropbear[0].Port 2220
+if ! cmp -s /root/dropbear_rsa_host_key /etc/dropbear/dropbear_rsa_host_key; then
+ cp /root/dropbear_rsa_host_key /etc/dropbear/dropbear_rsa_host_key
+ dropbear_restart=true
+fi
wireless_restart=false
key=pictionary49
config redirect
- option name ssh
- option src wan
- option src_dport 22
- option dest_ip $l.8
- option dest lan
+ option name ssh
+ option src wan
+ option src_dport 22
+ option dest_ip $l.8
+ option dest lan
config rule
- option src wan
- option target ACCEPT
- option dest_port 22
+ option src wan
+ option target ACCEPT
+ option dest_port 22
config redirect
- option name sshalt
- option src wan
- option src_dport 2222
- option dest_port 22
- option dest_ip $l.3
- option dest lan
+ option name sshalt
+ option src wan
+ option src_dport 2222
+ option dest_port 22
+ option dest_ip $l.3
+ option dest lan
config rule
- option src wan
- option target ACCEPT
- option dest_port 2222
+ option src wan
+ option target ACCEPT
+ option dest_port 2222
config rule
- option src wan
- option target ACCEPT
- option dest_port 2220
+ option src wan
+ option target ACCEPT
+ option dest_port 2220
config redirect
- option src wan
- option src_dport 443
- option dest lan
- option dest_ip $l.8
- option proto tcp
+ option src wan
+ option src_dport 443
+ option dest lan
+ option dest_ip $l.8
+ option proto tcp
config rule
- option src wan
- option target ACCEPT
- option dest_port 443
- option proto tcp
+ option src wan
+ option target ACCEPT
+ option dest_port 443
+ option proto tcp
config redirect
- option src wan
- option src_dport 1196
- option dest lan
- option dest_ip $l.8
- option proto udp
+ option src wan
+ option src_dport 1196
+ option dest lan
+ option dest_ip $l.8
+ option proto udp
config rule
- option src wan
- option target ACCEPT
- option dest_port 1196
- option proto udp
+ option src wan
+ option target ACCEPT
+ option dest_port 1196
+ option proto udp
config redirect
- option src wan
- option src_dport 80
- option dest lan
- option dest_ip $l.8
- option proto tcp
+ option src wan
+ option src_dport 80
+ option dest lan
+ option dest_ip $l.8
+ option proto tcp
config rule
- option src wan
- option target ACCEPT
- option dest_port 80
- option proto tcp
+ option src wan
+ option target ACCEPT
+ option dest_port 80
+ option proto tcp
config redirect
- option name syncthing
- option src wan
- option src_dport 22001
- option dest_ip $l.8
- option dest lan
+ option name syncthing
+ option src wan
+ option src_dport 22001
+ option dest_ip $l.8
+ option dest lan
config rule
- option src wan
- option target ACCEPT
- option dest_port 22001
+ option src wan
+ option target ACCEPT
+ option dest_port 22001
+config rule
+ option name ssh-ipv6
+ option src wan
+ option dest lan
+ # note, using mac transform, we could allow all traffic to a host like this,
+ # replacing 1 as appropriate
+ #option dest_ip ::111:11ff:fe11:1111/::ffff:ffff:ffff:ffff
+ option dest_port 22
+ option target ACCEPT
+ option family ipv6
+
+config rule
+ option name http-ipv6
+ option src wan
+ option dest lan
+ option dest_port 80
+ option target ACCEPT
+ option family ipv6
+
+config rule
+ option name https-ipv6
+ option src wan
+ option dest lan
+ option dest_port 443
+ option target ACCEPT
+ option family ipv6
+
+config rule
+ option name node-exporter
+ option src wan
+ option dest lan
+ option dest_port 9101
+ option target ACCEPT
+ option family ipv6
+
+config rule
+ option name mail587-ipv6
+ option src wan
+ option dest lan
+ option dest_port 587
+ option target ACCEPT
+ option family ipv6
+
EOF
$l.7 x3
$l.8 tp b8.nz faiserver
$l.9 bb8
+$l.14 wrt3
72.14.176.105 li
+172.105.84.95 l2
# netns creation looks for next free subnet starting at 10.173, but I only
# use one, and I would keep this one as the first created.
# to start.
mkdir -p /mnt/usb/tftpboot
v cedit /etc/dnsmasq.conf <<EOF || dnsmasq_restart=true
+server=/dmarctest.b8.nz/#
+server=/_domainkey.b8.nz/#
+server=/_dmarc.b8.nz/#
+server=/ns1.b8.nz/#
+server=/ns2.b8.nz/#
+mx-host=b8.nz,mail.iankelling.org,10
+txt-record=b8.nz,"v=spf1 a ?all"
+
# https://ret2got.wordpress.com/2018/01/19/how-your-ethereum-can-be-stolen-using-dns-rebinding/
stop-dns-rebind
uset network.lan.ipaddr $l.$lanip
uset network.lan.netmask $mask
uset dhcp.wan.ignore $dev2 # default is false
+uset dhcp.lan.ignore $dev2 # default is false
if $dev2; then
uset network.lan.gateway $l.1
uset network.wan.proto none