usage() {
cat <<EOF
-usage: ${0##*/} [-h] [-t 2|test] [-m WIRELESS_MAC]
+usage: ${0##*/} [-h] [-t 2|3|test] [-m WIRELESS_MAC]
setup my router in general: dhcp, dns, etc.
Type 2 or 3 is for setting up a backup device, there are two kinds so
}
+
+
dev2=false
test=false
-hostname=wrt
libremanage_host=wrt2
+if [[ -e /p/router-secrets ]]; then
+ source /p/router-secrets
+fi
+rmac=$(cat /sys/class/net/eth0/address)
+if [[ $rhost ]]; then
+ hostname=${rhost[$rmac]}
+fi
+: ${hostname:=wrt}
+
+
lanip=1
while getopts hm:t: opt; do
case $opt in
case $2 in
2|3)
dev2=true
- libremanage_host=wrt
+ libremanage_host=$hostname
;;&
2)
lanip=4
fi
}
+udel() {
+ printf "+ udel %s\n" "$*"
+ local key="$1"
+ local val="$2"
+ local service="${key%%.*}"
+ restart_var=${service}_restart
+ if [[ ! ${!restart_var} ]]; then
+ eval $restart_var=false
+ fi
+ if uci get "$key" &>/dev/null; then
+ v uci set "$key"="$val"
+ uci commit $service
+ eval $restart_var=true
+ fi
+}
+
+
### network config
###
if $test; then
ssid="gnuv3"
lan=10.1.0.0
+elif [[ $hostname == cmc ]]; then
+ ssid=Svenska
+ lan=10.2.0.0
fi
+
+if [[ $rkey ]]; then
+ key=${rkey[$rmac]}
+fi
+: ${key:=pictionary49}
+
mask=255.255.0.0
cidr=16
l=${lan%.0}
fi
wireless_restart=false
-key=pictionary49
+
for x in 0 1; do
uset wireless.default_radio$x.ssid "$ssid"
uset wireless.default_radio$x.key $key
firewall_restart=false
v cedit /etc/config/firewall <<EOF || firewall_restart=true
-
config redirect
option name ssh
option src wan
option dest_port 22
config redirect
- option name sshalt
+ option name sshkd
option src wan
- option src_dport 2222
+ option src_dport 2202
option dest_port 22
- option dest_ip $l.3
+ option dest_ip $l.2
option dest lan
config rule
option src wan
option target ACCEPT
- option dest_port 2222
+ option dest_port 2202
+config redirect
+ option name sshfrodo
+ option src wan
+ option src_dport 2203
+ option dest_port 22
+ option dest_ip $l.3
+ option dest lan
config rule
option src wan
option target ACCEPT
- option dest_port 2220
+ option dest_port 2203
+config redirect
+ option name sshx2
+ option src wan
+ option src_dport 2205
+ option dest_port 22
+ option dest_ip $l.5
+ option dest lan
+config rule
+ option src wan
+ option target ACCEPT
+ option dest_port 2205
config redirect
+ option name sshx3
option src wan
- option src_dport 443
+ option src_dport 2207
+ option dest_port 22
+ option dest_ip $l.7
option dest lan
+config rule
+ option src wan
+ option target ACCEPT
+ option dest_port 2207
+
+config redirect
+ option name sshtp
+ option src wan
+ option src_dport 2208
+ option dest_port 22
option dest_ip $l.8
- option proto tcp
+ option dest lan
config rule
option src wan
option target ACCEPT
- option dest_port 443
- option proto tcp
+ option dest_port 2208
+
+
+config rule
+ option name sshwrt
+ option src wan
+ option target ACCEPT
+ option dest_port 2220
+
config redirect
+ option name vpntp
option src wan
option src_dport 1196
option dest lan
config redirect
+ option name httptp
option src wan
option src_dport 80
option dest lan
option dest_port 80
option proto tcp
+config redirect
+ option name httpstp
+ option src wan
+ option src_dport 443
+ option dest lan
+ option dest_ip $l.8
+ option proto tcp
+config rule
+ option src wan
+ option target ACCEPT
+ option dest_port 443
+ option proto tcp
+
config redirect
option name syncthing
option src wan
option family ipv6
config rule
- option name http-ipv6
+ option name https-ipv6
option src wan
option dest lan
- option dest_port 80
+ option dest_port 443
option target ACCEPT
option family ipv6
dnsmasq_restart=false
v cedit /etc/hosts <<EOF || dnsmasq_restart=true
-127.0.1.1 wrt
-$l.1 wrt
+127.0.1.1 $hostname
+$l.1 $hostname
$l.2 kd
$l.3 frodo
$l.4 wrt2
$l.5 x2
$l.6 demohost
-$l.7 x3
+#$l.7 x3
$l.8 tp b8.nz faiserver
$l.9 bb8
$l.14 wrt3
+2600:3c00::f03c:91ff:fe6d:baf8 li
72.14.176.105 li
+2a01:7e01::f03c:91ff:feb5:baec l2
+172.105.84.95 l2
# netns creation looks for next free subnet starting at 10.173, but I only
# use one, and I would keep this one as the first created.
# fi
-# avoid using the dns servers that my isp tells me about.
-if [[ $(uci get dhcp.@dnsmasq[0].resolvfile 2>/dev/null) ]]; then
- # default is '/tmp/resolv.conf.auto', we switch to the dnsmasq default of
- # /etc/resolv.conf. not sure why I did this.
- v uci delete dhcp.@dnsmasq[0].resolvfile
- uci commit dhcp
- dnsmasq_restart=true
-fi
-
uset dhcp.@dnsmasq[0].domain b8.nz
uset dhcp.@dnsmasq[0].local /b8.nz/
uset system.@system[0].hostname $hostname
# to start.
mkdir -p /mnt/usb/tftpboot
v cedit /etc/dnsmasq.conf <<EOF || dnsmasq_restart=true
+server=/dmarctest.b8.nz/#
+server=/_domainkey.b8.nz/#
+server=/_dmarc.b8.nz/#
+server=/ns1.b8.nz/#
+server=/ns2.b8.nz/#
+mx-host=b8.nz,mail.iankelling.org,10
+txt-record=b8.nz,"v=spf1 a ?all"
+
# https://ret2got.wordpress.com/2018/01/19/how-your-ethereum-can-be-stolen-using-dns-rebinding/
stop-dns-rebind
uset network.lan.ipaddr $l.$lanip
uset network.lan.netmask $mask
-uset dhcp.wan.ignore $dev2 # default is false
-uset dhcp.lan.ignore $dev2 # default is false
if $dev2; then
uset network.lan.gateway $l.1
uset network.wan.proto none
uset network.wan6.proto none
+ /etc/init.d/dnsmasq stop
+ /etc/init.d/dnsmasq disable
+ /etc/init.d/odhcpd stop
+ /etc/init.d/odhcpd disable
+ # things i tried to keep dnsmasq running but not enabled except local dns,
+ # but it didnt work right and i dont need it anyways.
+ # uset dhcp.wan.ignore $dev2 # default is false
+ # uset dhcp.lan.ignore $dev2 # default is false
+ # uset dhcp.@dnsmasq[0].interface lo
+ # uset dhcp.@dnsmasq[0].localuse 0
+ # uset dhcp.@dnsmasq[0].resolvfile /etc/dnsmasq.conf
+ # uset dhcp.@dnsmasq[0].noresolv 1
+ # todo: populate /etc/resolv.conf with a static value
+
else
# these are the defaults
uset network.lan.gateway ''
uset network.wan.proto dhcp
uset network.wan6.proto dhcpv6
+ /etc/init.d/dnsmasq start
+ # todo: figure out why this returns 1
+ /etc/init.d/dnsmasq enable ||:
+ /etc/init.d/odhcpd start
+ /etc/init.d/odhcpd enable
fi