MikroTik RouterBoard RB532A: Difference between revisions
Brian Wilson (talk | contribs) m →SNMP |
Brian Wilson (talk | contribs) m →PPTP |
||
| Line 149: | Line 149: | ||
12/22/07 Not set up yet for X-WRT | 12/22/07 Not set up yet for X-WRT | ||
== Dump of iptables == | |||
12/22/07 | |||
<pre> | |||
iptables -L -n | |||
Chain INPUT (policy DROP) | |||
target prot opt source destination | |||
DROP all -- 0.0.0.0/0 0.0.0.0/0 state INVALID | |||
ACCEPT all -- 0.0.0.0/0 0.0.0.0/0 state RELATED,ESTABLISHED | |||
DROP tcp -- 0.0.0.0/0 0.0.0.0/0 tcp option=!2 flags:0x02/0x02 | |||
input_rule all -- 0.0.0.0/0 0.0.0.0/0 | |||
input_wan all -- 0.0.0.0/0 0.0.0.0/0 | |||
LAN_ACCEPT all -- 0.0.0.0/0 0.0.0.0/0 | |||
ACCEPT icmp -- 0.0.0.0/0 0.0.0.0/0 | |||
ACCEPT 47 -- 0.0.0.0/0 0.0.0.0/0 | |||
REJECT tcp -- 0.0.0.0/0 0.0.0.0/0 reject-with tcp-reset | |||
REJECT all -- 0.0.0.0/0 0.0.0.0/0 reject-with icmp-port-unreachable | |||
Chain FORWARD (policy DROP) | |||
target prot opt source destination | |||
DROP all -- 0.0.0.0/0 0.0.0.0/0 state INVALID | |||
TCPMSS tcp -- 0.0.0.0/0 0.0.0.0/0 tcp flags:0x06/0x02 TCPMSS clamp to PMTU | |||
ACCEPT all -- 0.0.0.0/0 0.0.0.0/0 state RELATED,ESTABLISHED | |||
forwarding_rule all -- 0.0.0.0/0 0.0.0.0/0 | |||
forwarding_wan all -- 0.0.0.0/0 0.0.0.0/0 | |||
ACCEPT all -- 0.0.0.0/0 0.0.0.0/0 | |||
ACCEPT all -- 0.0.0.0/0 0.0.0.0/0 | |||
Chain OUTPUT (policy DROP) | |||
target prot opt source destination | |||
DROP all -- 0.0.0.0/0 0.0.0.0/0 state INVALID | |||
ACCEPT all -- 0.0.0.0/0 0.0.0.0/0 state RELATED,ESTABLISHED | |||
output_rule all -- 0.0.0.0/0 0.0.0.0/0 | |||
ACCEPT all -- 0.0.0.0/0 0.0.0.0/0 | |||
REJECT tcp -- 0.0.0.0/0 0.0.0.0/0 reject-with tcp-reset | |||
REJECT all -- 0.0.0.0/0 0.0.0.0/0 reject-with icmp-port-unreachable | |||
Chain LAN_ACCEPT (1 references) | |||
target prot opt source destination | |||
RETURN all -- 0.0.0.0/0 0.0.0.0/0 | |||
ACCEPT all -- 0.0.0.0/0 0.0.0.0/0 | |||
Chain forwarding_rule (1 references) | |||
target prot opt source destination | |||
Chain forwarding_wan (1 references) | |||
target prot opt source destination | |||
ACCEPT tcp -- 0.0.0.0/0 10.127.32.28 tcp dpt:4569 | |||
ACCEPT tcp -- 0.0.0.0/0 10.127.32.27 tcp dpt:22 | |||
ACCEPT tcp -- 0.0.0.0/0 10.127.32.65 tcp dpt:8081 | |||
ACCEPT tcp -- 0.0.0.0/0 10.127.32.34 tcp dpt:80 | |||
ACCEPT udp -- 0.0.0.0/0 10.127.32.27 udp dpt:1194 | |||
ACCEPT tcp -- 0.0.0.0/0 10.127.32.31 tcp dpt:44555 | |||
ACCEPT tcp -- 0.0.0.0/0 10.127.32.150 tcp dpt:3577 | |||
ACCEPT tcp -- 0.0.0.0/0 10.127.32.148 tcp dpt:3577 | |||
ACCEPT tcp -- 0.0.0.0/0 10.127.32.149 tcp dpt:3577 | |||
ACCEPT tcp -- 0.0.0.0/0 10.127.32.207 tcp dpt:3577 | |||
Chain input_rule (1 references) | |||
target prot opt source destination | |||
Chain input_wan (1 references) | |||
target prot opt source destination | |||
Chain output_rule (1 references) | |||
target prot opt source destination | |||
</pre> | |||
Revision as of 22:45, 22 December 2007
RouterBoard 532A
In DNS, it's called OpenWRT and can be reached via ssh or https://openwrt or from outside the lan at https://alseageo.dyndns.biz/
Support for it in OpenWrt seems to be pretty good, they have the latest releases prebuilt for it. I used instructions in this page to get it loaded.
I installed KAMIKAZE (7.09) then later I found out about X-WRT and installed their version from http://downloads.x-wrt.org/xwrt/kamikaze/7.09/
I no longer put all 4 screws into the MicroTik case. :-)
Install took 10 minutes including opening up the case. OpenWrtDocs/Hardware/Mikrotik/RB532
Support in dd-wrt is not good. There is an old beta.
CF layout
Kamikaze fits in a 16MB flash so any old CF card will do for booting.
Ethernet ports
There are three, the one to the left of the serial port is eth0 To the right are eth1 and eth2
By default in Kamikaze eth0 is in DHCP so it would make a good WAN port
MAC numbers
- eth0 00:0c:42:10:1c:6c
- eth1 00:0c:42:10:1c:6d
- eth2 00:0c:42:10:1c:6e
Miscellaneous onfiguration
Password
Root password set from the console port command line using "passwd". Set to the usual root password.
Network
Putting the D-Link mac address assures we wull get the same IP address assigned by Comcast.
/etc/config/network
config interface loopback
option ifname lo
option proto static
option ipaddr 127.0.0.1
option netmask 255.0.0.0
config interface wan
option ifname eth0
option proto dhcp
option macaddr xx:xx:xx:xx:xx put the dlink mac here
config interface lan
option ifname eth1
option proto static
option ipaddr 10.127.32.5
option netmask 255.0.0.0
config interface dmz
option ifname eth2
option proto static
option ipaddr 192.168.123.1
option netmask 255.255.255.0
Route command
Adding a default route so that you can get the webif stuff running initially
route add -net 0.0.0.0 gw 192.168.123.254
DHCP
We provide DHCP only to the DMZ zone.
/etc/config/dhcp
config dhcp
option interface lan
option ignore 1
config dhcp
option interface dmz
option start 100
option limit 150
option leasetime 12h
config dhcp
option interface wan
option ignore 1
Dyndns
Installed changeip client.
Firewall
Not set up yet.
NTP
Set timezone to US/Pacific Installed client.
QoS
Install but not configured yet. I'd like to use this to control bandwidth used for offsite backups. I want full utilization at night and 200 Kbps during business hours. A way to switch it down to a low bandwidth manually would be good.
SNMP
Installed but not configured yet. Could be set to log to cacti on Kilchis
SSL
Installed MatrixSSL so that we can connect to router using a secure connection.
Syslog
Set to log to Kilchis. 10.127.32.27/514 Do a MARK every 20 minutes.
Wake-On-Lan
12/22/07 Not available yet in X-Wrt. This would allow us to power on Desktop machines remotely.
VPN
L2TPns
Have not looked into this one yet. Package is installed.
OpenVPN
Installed package. Not configured yet.
PPTP
12/22/07 Not set up yet for X-WRT
Dump of iptables
12/22/07
iptables -L -n Chain INPUT (policy DROP) target prot opt source destination DROP all -- 0.0.0.0/0 0.0.0.0/0 state INVALID ACCEPT all -- 0.0.0.0/0 0.0.0.0/0 state RELATED,ESTABLISHED DROP tcp -- 0.0.0.0/0 0.0.0.0/0 tcp option=!2 flags:0x02/0x02 input_rule all -- 0.0.0.0/0 0.0.0.0/0 input_wan all -- 0.0.0.0/0 0.0.0.0/0 LAN_ACCEPT all -- 0.0.0.0/0 0.0.0.0/0 ACCEPT icmp -- 0.0.0.0/0 0.0.0.0/0 ACCEPT 47 -- 0.0.0.0/0 0.0.0.0/0 REJECT tcp -- 0.0.0.0/0 0.0.0.0/0 reject-with tcp-reset REJECT all -- 0.0.0.0/0 0.0.0.0/0 reject-with icmp-port-unreachable Chain FORWARD (policy DROP) target prot opt source destination DROP all -- 0.0.0.0/0 0.0.0.0/0 state INVALID TCPMSS tcp -- 0.0.0.0/0 0.0.0.0/0 tcp flags:0x06/0x02 TCPMSS clamp to PMTU ACCEPT all -- 0.0.0.0/0 0.0.0.0/0 state RELATED,ESTABLISHED forwarding_rule all -- 0.0.0.0/0 0.0.0.0/0 forwarding_wan all -- 0.0.0.0/0 0.0.0.0/0 ACCEPT all -- 0.0.0.0/0 0.0.0.0/0 ACCEPT all -- 0.0.0.0/0 0.0.0.0/0 Chain OUTPUT (policy DROP) target prot opt source destination DROP all -- 0.0.0.0/0 0.0.0.0/0 state INVALID ACCEPT all -- 0.0.0.0/0 0.0.0.0/0 state RELATED,ESTABLISHED output_rule all -- 0.0.0.0/0 0.0.0.0/0 ACCEPT all -- 0.0.0.0/0 0.0.0.0/0 REJECT tcp -- 0.0.0.0/0 0.0.0.0/0 reject-with tcp-reset REJECT all -- 0.0.0.0/0 0.0.0.0/0 reject-with icmp-port-unreachable Chain LAN_ACCEPT (1 references) target prot opt source destination RETURN all -- 0.0.0.0/0 0.0.0.0/0 ACCEPT all -- 0.0.0.0/0 0.0.0.0/0 Chain forwarding_rule (1 references) target prot opt source destination Chain forwarding_wan (1 references) target prot opt source destination ACCEPT tcp -- 0.0.0.0/0 10.127.32.28 tcp dpt:4569 ACCEPT tcp -- 0.0.0.0/0 10.127.32.27 tcp dpt:22 ACCEPT tcp -- 0.0.0.0/0 10.127.32.65 tcp dpt:8081 ACCEPT tcp -- 0.0.0.0/0 10.127.32.34 tcp dpt:80 ACCEPT udp -- 0.0.0.0/0 10.127.32.27 udp dpt:1194 ACCEPT tcp -- 0.0.0.0/0 10.127.32.31 tcp dpt:44555 ACCEPT tcp -- 0.0.0.0/0 10.127.32.150 tcp dpt:3577 ACCEPT tcp -- 0.0.0.0/0 10.127.32.148 tcp dpt:3577 ACCEPT tcp -- 0.0.0.0/0 10.127.32.149 tcp dpt:3577 ACCEPT tcp -- 0.0.0.0/0 10.127.32.207 tcp dpt:3577 Chain input_rule (1 references) target prot opt source destination Chain input_wan (1 references) target prot opt source destination Chain output_rule (1 references) target prot opt source destination
