MikroTik RouterBoard RB532A: Difference between revisions

From Wildsong
Jump to navigationJump to search
Brian Wilson (talk | contribs)
Brian Wilson (talk | contribs)
Line 103: Line 103:
  route add default gw 192.168.123.1
  route add default gw 192.168.123.1


=== Update resolv.conf
=== Update resolv.conf ===


  search wildsong.biz
  search wildsong.biz

Revision as of 14:45, 27 May 2010

Overview

I am setting this Mikrotik RouterBoard RB532A up to work as a home gateway router, and I am thinking about putting Asterisk on it too. I already have Asterisk running on an Ubuntu server so moving it over should not be too hard.

Board specs

       Board type: 532A                                                        
    Serial number: 16C901CD44DB                                                
 Firmware version: 2.10                                                        
    CPU frequency: 399 MHz                                                     
      Memory size: 64 MB                                                       
 eth1 MAC address: 00:0C:42:10:1C:6C                                           
 eth2 MAC address: 00:0C:42:10:1C:6D                                           
 eth3 MAC address: 00:0C:42:10:1C:6E   

Set up

Support for the RouterBoard in OpenWrt seems to be pretty good, they have the latest releases prebuilt for the RouterBoard.

Install took 10 minutes including opening up the case. OpenWrtDocs/Hardware/Mikrotik/RB532

Support in dd-wrt is not good. There is an old beta.

Reflashing with OpenWrt X-Wrt

http://wiki.openwrt.org/OpenWrtDocs/Hardware/Mikrotik/RB532

The simplest way is to download the CF image file from http://downloads.x-wrt.org/xwrt/kamikaze/ and then use 'dd' to copy it to a CF card, then put the CF into the RouterBoard and off you go.

Get the 128k image. The 128k refers to the block size in the filesystem and it's good for CF cards.

Use the 'dd' command under Linux or Macintosh to copy the image to the CF card. Cygwin includes a 'dd' command so if you are burdened with Windows you can still use dd. I did not get it working and ended up simply usng Linux. YMMV http://www.groupsrv.com/linux/about17777.html

dd if=/dev/sdb of=backupimage.bin
dd if=openwrt-rb532-jffs2-128k.bin of=/dev/sdb

The backup image is 256MB because that's the device size. Wastes some disk space but then again I delete it as soon as the RouterBoard is up and running again.

On my Macintosh with a USB card reader the command is almost the same, Macs are pretty cool actually.

sudo dd if=openwrt-rb532-jffs2-12k.bin of=/dev/disk1


Configuraion as gateway router

To-do

  • Fix routing table
  • dyndns updates
  • ntp server? (client is working) (ntpd is installed)
  • QoS
  • netmeeting - use dmz
  • dmz - allow OpenVpn access ?
  • WiFi -
  • DHCP for LAN?
  • OpenVPN
  • Scheduled QoS control?
  • Crow? or similar
  • WoL

Serial console setting

Connect a serial cable and use "screen /dev/ttyS0 115200"

Password

Root password set from the console port command line using "passwd". Set to the usual root password.

Ethernet ports

There are three, the one to the left of the serial port is eth0 To the right are eth1 and eth2

Network

This is the /etc/config/network file, hand edited to create two networks. There is a third etherport port (eth1) that is currently unused.

config 'interface' 'loopback'
        option 'ifname' 'lo'
        option 'proto' 'static'
        option 'ipaddr' '127.0.0.1'
        option 'netmask' '255.0.0.0'

config 'interface' 'wan'
        option 'ifname' 'eth0'
        option 'proto' 'dhcp'

config 'interface' 'lan'
        option 'ifname' 'eth2'
        option 'proto' 'static'
        option 'ipaddr' '192.168.123.254'
        option 'netmask' '255.255.255.0'

Route command

At the console, add a default route through the old router (bellman) so that you can get the webif stuff running initially; you need to add some packages.

route add default gw 192.168.123.1

Update resolv.conf

search wildsong.biz
nameserver 192.168.123.1

Packages added

After getting webif running use it to make these package additions/deletions. Dependencies are shown in parentheses.

asterisk16-sounds (asterisk16, libncurses, libopenssl, libpopt, librt, libpthread, zlib)
etherwake
ntpd
openvpn
wol
nbd's QoS scripts

Packages removed

ppp
ppp-mod-pppoe

DHCP

/etc/config/dhcp
config dhcp                                                                     
        option interface        lan                                             
        option ignore   1                                                       
                                                                                
config dhcp                                                                     
        option interface        dmz                                             
        option start    190                                                     
        option limit    199                                                     
        option leasetime        1h                                             
                                                                                
config dhcp                                                                     
        option interface        wan                                             
        option ignore   1 

Dyndns

Comes with changeip client, which can be configured with your username password

Firewall

Set up from WebIf. Note that the rule names cannot have spaces in them

config 'defaults'                                                               
        option 'syn_flood' '1'                                                  
        option 'input' 'ACCEPT'                                                 
        option 'output' 'ACCEPT'                                                
        option 'forward' 'REJECT'                                               
                                                                                
config 'zone'                                                                   
        option 'name' 'lan'                                                     
        option 'input' 'ACCEPT'                                                 
        option 'output' 'ACCEPT'                                                
        option 'forward' 'REJECT'                                               
                                                                                
config 'zone'                                                                   
        option 'name' 'wan'                                                     
        option 'input' 'REJECT'                                                 
        option 'output' 'ACCEPT'                                                
        option 'forward' 'REJECT'                                               
        option 'masq' '1'                                                       
                                                                                
config 'forwarding'                                                             
        option 'src' 'lan'                                                      
        option 'dest' 'wan'                                                     
                                                                                
config 'redirect' 'Kilchis_SSH'                                                 
        option 'src' 'wan'                                                      
        option 'dest_ip' '10.127.32.27'                                         
        option 'dest_port' '22'                                                 
        option 'proto' 'tcp'                                                    
        option 'src_ip' ''                                                      
        option 'src_dport' '22'                                                 
                                                                                
config 'redirect' 'AsteriskIAX2'                                                
        option 'src' 'wan'                                                      
        option 'dest_ip' '10.127.32.28'                                         
        option 'dest_port' '4569'                                               
        option 'proto' 'udp'                                                    
        option 'src_ip' ''                                                      
        option 'src_dport' '4569'                                               
                                                                                
config 'redirect' 'ODOT_ProdDemo'                                               
        option 'src' 'wan'                                                      
        option 'dest_ip' '10.127.32.34'                                         
        option 'dest_port' '80'                                                 
        option 'proto' 'tcp'                                                    
        option 'src_ip' ''                                                      
        option 'src_dport' '80'                                                 
                                                                                
config 'redirect' 'SCint'                                                       
        option 'src' 'wan'                                                      
        option 'dest_ip' '10.127.32.34'                                         
        option 'dest_port' '8082'                                               
        option 'proto' 'tcp'                                                    
        option 'src_ip' ''                                                      
        option 'src_dport' '8082'                                               
                                                                                
config 'redirect' 'OpenVpn'                                                     
        option 'src' 'wan'                                                      
        option 'proto' 'udp'                                                    
        option 'dest_ip' '10.127.32.27'                                         
        option 'dest_port' '1194'                                               
        option 'src_ip' ''                                                      
        option 'src_dport' '1194'                                               
                                                                                
config 'redirect' 'Subversion'                                                  
        option 'src' 'wan'                                                      
        option 'proto' 'tcp'                                                    
        option 'dest_port' '44555'                                              
        option 'dest_ip' '10.127.32.27'                                         
        option 'src_ip' ''                                                      
        option 'src_dport' '44555'                                              
                                                                                
config 'redirect' 'NetMotion'                                                   
        option 'src' 'wan'                                                      
        option 'proto' 'udp'                                                    
        option 'src_ip' ''                                                      
        option 'src_dport' '5008'                                               
        option 'dest_ip' '10.127.32.69'                                         
        option 'dest_port' '5008'                                               
                                                                                
config 'forwarding'                                                             
        option 'src' 'lan'                                                      
        option 'dest' 'dmz'                                                     
                                                                                
config 'forwarding'                                                             
        option 'src' 'dmz'                                                      
        option 'dest' 'wan'         


NTP

Set timezone to US/Pacific Set servers to {0,1,2}.pool.ntp.org

QoS

Install but not configured yet. I'd like to use this to control bandwidth used for offsite backups. I want full utilization at night and 200 Kbps during business hours. A way to switch it down to a low bandwidth manually would be good.

SNMP

Installed but not configured yet.

SSL

Installed MatrixSSL so that we can connect to router using a secure connection.

Syslog

Set to log to Bellman.

Wake-On-Lan

Installed not configured yet

VPN

OpenVPN

Installed package. Not configured yet.

dmesg output

# dmesg                                                           
Linux version 2.6.24.7 ([email protected]) (gcc version 4.1.2) #1 Fr8
CPU revision is: 0001800a (MIPS 4Kc)                                            
Determined physical RAM map:                                                    
 memory: 03fffa00 @ 00000400 (usable)                                           
Wasting 32 bytes for tracking 1 unused pages                                    
Entering add_active_range(0, 1, 16383) 0 entries of 256 used                    
Initrd not found or empty - disabling initrd                                    
Zone PFN ranges:                                                                
  Normal          1 ->    16383                                                 
Movable zone start PFN for each node                                            
early_node_map[1] active PFN ranges                                             
    0:        1 ->    16383                                                     
On node 0 totalpages: 16382                                                     
  Normal zone: 127 pages used for memmap                                        
  Normal zone: 0 pages reserved                                                 
  Normal zone: 16255 pages, LIFO batch:3                                        
  Movable zone: 0 pages used for memmap                                         
Built 1 zonelists in Zone order, mobility grouping on.  Total pages: 16255      
Kernel command line: console=ttyS0,115200 gpio=16383 kmac=00:0C:42:10:1C:6C boa 
korina mac = 00:0C:42:10:1C:6C                                                  
Primary instruction cache 8kB, VIPT, 4-way, linesize 16 bytes.                  
Primary data cache 8kB, 4-way, VIPT, no aliases, linesize 16 bytes              
Synthesized clear page handler (26 instructions).                               
Synthesized copy page handler (46 instructions).                                
Synthesized TLB refill handler (20 instructions).                               
Synthesized TLB load handler fastpath (32 instructions).                        
Synthesized TLB store handler fastpath (32 instructions).                       
Synthesized TLB modify handler fastpath (31 instructions).                      
Initializing IRQ's: 168 out of 256                                              
PID hash table entries: 256 (order: 8, 1024 bytes)                              
calculating r4koff... 001e846c(1999980)                                         
CPU frequency 400.00 MHz                                                        
console [ttyS0] enabled                                                         
Dentry cache hash table entries: 8192 (order: 3, 32768 bytes)                   
Inode-cache hash table entries: 4096 (order: 2, 16384 bytes)                    
Memory: 60992k/65528k available (2069k kernel code, 4468k reserved, 566k data, )
Calibrating delay loop... 398.95 BogoMIPS (lpj=1994752)                         
Mount-cache hash table entries: 512                                             
net_namespace: 64 bytes                                                         
NET: Registered protocol family 16                                              
PCI: Initializing PCI                                                           
registering PCI controller with io_map_base unset                               
NET: Registered protocol family 2                                               
Time: MIPS clocksource has been installed.                                      
IP route cache hash table entries: 1024 (order: 0, 4096 bytes)                  
TCP established hash table entries: 2048 (order: 2, 16384 bytes)                
TCP bind hash table entries: 2048 (order: 1, 8192 bytes)                        
TCP: Hash tables configured (established 2048 bind 2048)                        
TCP reno registered                                                             
squashfs: version 3.0 (2006/03/15) Phillip Lougher                              
JFFS2 version 2.2. (NAND) (SUMMARY)  �© 2001-2006 Red Hat, Inc.                 
yaffs Nov  7 2008 15:30:24 Installing.                                          
io scheduler noop registered                                                    
io scheduler deadline registered (default)                                      
Serial: 8250/16550 driver $Revision: 1.90 $ 2 ports, IRQ sharing disabled       
serial8250: ttyS0 at MMIO 0x0 (irq = 104) is a 16550A                           
cf-mips module loaded                                                           
cf-mips: resetting..                                                            
cf-mips: identify drive..                                                       
cf-mips: CF card detected, C/H/S=998/16/32 sectors=510976 (249MB) Serial=ASH   0
cf-mips: detecting block size                                                   
cf-mips: multiple sectors = 1                                                   
init done<6> cfa: cfa1 cfa2                                                     
eth0: Rx IRQ 40, Tx IRQ 41, 00:0c:42:10:1c:6c                                   
via-rhine.c:v1.10-LK1.4.3 2007-03-06 Written by Donald Becker                   
PCI: Enabling device 0000:00:02.0 (0080 -> 0083)                                
PCI: Setting latency timer of device 0000:00:02.0 to 64                         
io_map_base of root PCI bus 0000:00 unset.  Trying to continue but you better   
fix this issue or report it to [email protected] or your vendor.        
To avoid data corruption io_map_base MUST be set with multiple PCI domains.<6>e.
eth1: MII PHY found at address 1, status 0x7849 advertising 05e1 Link 0000.     
PCI: Enabling device 0000:00:03.0 (0080 -> 0083)                                
PCI: Setting latency timer of device 0000:00:03.0 to 64                         
eth2: VIA Rhine III at 0xb8800100, 00:0c:42:10:1c:6e, IRQ 143.                  
eth2: MII PHY found at address 1, status 0x7849 advertising 05e1 Link 0000.     
block2mtd: version $Revision: 1.30 $                                            
Creating 1 MTD partitions on "/dev/cfa2":                                       
0x00000000-0x03020000 : "/dev/cfa2"                                             
block2mtd: mtd0: [/dev/cfa2] erase_size = 128KiB [131072]                       
NAND device: Manufacturer ID: 0xad, Chip ID: 0xf1 (Hynix NAND 128MiB 3,3V 8-bit)
Scanning device for bad blocks                                                  
Bad eraseblock 61 at 0x007a0000                                                 
Creating 2 MTD partitions on "NAND 128MiB 3,3V 8-bit":                          
0x00000000-0x00400000 : "Routerboard NAND boot"                                 
0x00400000-0x08000000 : "rootfs"                                                
mtd: partition "rootfs" set to be root filesystem                               
split_squashfs: no squashfs found in "NAND 128MiB 3,3V 8-bit"                   
No IRQF_TRIGGER set_type function for IRQ 1 (RB500)                             
input: gpio-keys as /devices/platform/gpio-keys/input/input0                    
Registered led device: rb500led:amber                                           
nf_conntrack version 0.5.0 (1024 buckets, 4096 max)                             
TCP vegas registered                                                            
NET: Registered protocol family 1                                               
NET: Registered protocol family 17                                              
802.1Q VLAN Support v1.8 Ben Greear <[email protected]>                   
All bugs added by David S. Miller <[email protected]>                            
jffs2_scan_eraseblock(): End of filesystem marker found at 0x220000             
jffs2_build_filesystem(): unlocking the mtd device... done.                     
jffs2_build_filesystem(): erasing all blocks after the end marker... done.      
VFS: Mounted root (jffs2 filesystem) readonly.                                  
Freeing unused kernel memory: 128k freed                                        
Please be patient, while OpenWrt loads ...                                      
Algorithmics/MIPS FPU Emulator v1.5                                             
PPP generic driver version 2.4.2                                                
ip_tables: (C) 2000-2006 Netfilter Core Team                                    
wlan: trunk                                                                     
ath_hal: module license 'Proprietary' taints kernel.                            
ath_hal: 2008-10-02 (AR5210, AR5211, AR5212, AR5416, RF5111, RF5112, RF2413, RF)
ath_rate_minstrel: Minstrel automatic rate control algorithm 1.2 (trunk)        
ath_rate_minstrel: look around rate set to 10%                                  
ath_rate_minstrel: EWMA rolloff level set to 75%                                
ath_rate_minstrel: max segment size in the mrr set to 6000 us                   
wlan: mac acl policy registered                                                 
ath_pci: trunk                                                                  
root@OpenWrt:/#