OpenWrt is an operating system for network routers.
I use OpenWrt because my network at home is my privacy.
The web interface LuCI is used to configure OpenWrt.
Configuration files are stored in the directory /etc/config/
.
These files can also be edited with an editor over SSH.
Select Interfaces under Network to edit the WAN interface.
Protocols like PPPoE (for VDSL) or DHCP work out of the box.
Support for other protocols can be added by installing additional packages.
To use a custom DNS server (like Google Public DNS) for name resolution,
edit the following file:
/etc/config/network
config interface 'wan'
#...
option peerdns '0'
option dns '8.8.8.8'
Select System to set the local time and the timezone of the system.
On a fresh installation of OpenWrt, the wireless access point is disabled.
Select Wireless under Network to setup the SSID,
configure the encryption and enable the access point.
Additional software can be installed using the web interface or
using the command line via SSH.
The web interface LuCI provides a convenient way of managing software packages.
Select Software under System to install additional packages.
Click Update lists... to update the list of available packages.
The command line tool opkg
is used as package manager.
To update the list of available packages:
opkg update
To install a package:
opkg install <pkg>
Common internet service providers assign IP addresses dynamically.
A dynamic DNS service updates the assigned IP address automatically
on a name server.
/etc/config/ddns
config service 'myddns_ipv4'
#...
option use_https '1'
option cacert '/etc/ssl/certs/ca-certificates.crt'
To allow SSH access from the WAN interface, the firewall needs to be configured.
Select Firewall under Network to add a custom rule.
Custom firewall rules are stored in the following file:
/etc/firewall.user
iptables -A input_wan_rule -p tcp --dport 22 -m conntrack --ctstate NEW \
-m recent --set --name SSH
iptables -A input_wan_rule -p tcp --dport 22 -m conntrack --ctstate NEW \
-m recent --update --seconds 60 --hitcount 8 --rttl --name SSH -j DROP
iptables -A input_wan_rule -p tcp --dport 22 -j ACCEPT
ip6tables -A input_wan_rule -p tcp --dport 22 -m conntrack --ctstate NEW \
-m recent --set --name SSH
ip6tables -A input_wan_rule -p tcp --dport 22 -m conntrack --ctstate NEW \
-m recent --update --seconds 60 --hitcount 8 --rttl --name SSH -j DROP
ip6tables -A input_wan_rule -p tcp --dport 22 -j ACCEPT