MikroTik RouterBoard RB532A

From Wildsong
Jump to navigationJump to search

Overview

I am setting this Mikrotik RouterBoard RB532A up to work as a home gateway router, and I am thinking about putting Asterisk on it too. I already have Asterisk running on an Ubuntu server so moving it over should not be too hard.

Board specs

       Board type: 532A                                                        
    Serial number: 16C901CD44DB                                                
 Firmware version: 2.10                                                        
    CPU frequency: 399 MHz                                                     
      Memory size: 64 MB                                                       
 eth1 MAC address: 00:0C:42:10:1C:6C                                           
 eth2 MAC address: 00:0C:42:10:1C:6D                                           
 eth3 MAC address: 00:0C:42:10:1C:6E   

Set up

Support for the RouterBoard in OpenWrt seems to be pretty good, they have the latest releases prebuilt for the RouterBoard.

Install took 10 minutes including opening up the case. OpenWrtDocs/Hardware/Mikrotik/RB532

Support in dd-wrt is not good. There is an old beta.

Reflashing with OpenWrt X-Wrt

http://wiki.openwrt.org/OpenWrtDocs/Hardware/Mikrotik/RB532

The simplest way is to download the CF image file from http://downloads.x-wrt.org/xwrt/kamikaze/ and then use 'dd' to copy it to a CF card, then put the CF into the RouterBoard and off you go.

Get the 128k image. The 128k refers to the block size in the filesystem and it's good for CF cards.

Use the 'dd' command under Linux or Macintosh to copy the image to the CF card. Cygwin includes a 'dd' command so if you are burdened with Windows you can still use dd. I did not get it working and ended up simply usng Linux. YMMV http://www.groupsrv.com/linux/about17777.html

dd if=/dev/sdb of=backupimage.bin
dd if=openwrt-rb532-jffs2-128k.bin of=/dev/sdb

The backup image is 256MB because that's the device size. Wastes some disk space but then again I delete it as soon as the RouterBoard is up and running again.

On my Macintosh with a USB card reader the command is almost the same, Macs are pretty cool actually.

sudo dd if=openwrt-rb532-jffs2-12k.bin of=/dev/disk1


Configuraion as gateway router

To-do

  • Fix routing table
  • dyndns updates
  • ntp server? (client is working) (ntpd is installed)
  • QoS
  • netmeeting - use dmz
  • dmz - allow OpenVpn access ?
  • WiFi -
  • DHCP for LAN?
  • OpenVPN
  • Scheduled QoS control?
  • Crow? or similar
  • WoL

Serial console setting

Connect a serial cable and use "screen /dev/ttyS0 115200"

Password

Root password set from the console port command line using "passwd". Set to the usual root password.

Ethernet ports

There are three, the one to the left of the serial port is eth0 To the right are eth1 and eth2

Network

This is the /etc/config/network file, hand edited to create two networks. There is a third etherport port (eth1) that is currently unused.

config 'interface' 'loopback'
        option 'ifname' 'lo'
        option 'proto' 'static'
        option 'ipaddr' '127.0.0.1'
        option 'netmask' '255.0.0.0'

config 'interface' 'wan'
        option 'ifname' 'eth0'
        option 'proto' 'dhcp'

config 'interface' 'lan'
        option 'ifname' 'eth2'
        option 'proto' 'static'
        option 'ipaddr' '192.168.123.254'
        option 'netmask' '255.255.255.0'

Route command

At the console, add a default route through the old router (bellman) so that you can get the webif stuff running initially; you need to add some packages.

route add default gw 192.168.123.1

Update resolv.conf

search wildsong.biz
nameserver 192.168.123.1

Packages added

After getting webif running use it to make these package additions/deletions. Dependencies are shown in parentheses.

asterisk16-sounds (asterisk16, libncurses, libopenssl, libpopt, librt, libpthread, zlib)
asterisk16-chan-iax2
etherwake
ntpd
openvpn (kmod-tun liblzo)
updatedd-mod-dyndns (updatedd)

Packages removed

ppp
ppp-mod-pppoe

DHCP

/etc/config/dhcp
config dhcp                                                                     
        option interface        lan                                             
        option ignore   1                                                       
                                                                                
config dhcp                                                                     
        option interface        dmz                                             
        option start    190                                                     
        option limit    199                                                     
        option leasetime        1h                                             
                                                                                
config dhcp                                                                     
        option interface        wan                                             
        option ignore   1 

Dyndns

Comes with changeip client, which can be configured with your username password

Firewall

Set up from WebIf. Note that the rule names cannot have spaces in them

config 'defaults'                                                               
        option 'syn_flood' '1'                                                  
        option 'input' 'ACCEPT'                                                 
        option 'output' 'ACCEPT'                                                
        option 'forward' 'REJECT'                                               
                                                                                
config 'zone'                                                                   
        option 'name' 'lan'                                                     
        option 'input' 'ACCEPT'                                                 
        option 'output' 'ACCEPT'                                                
        option 'forward' 'REJECT'                                               
                                                                                
config 'zone'                                                                   
        option 'name' 'wan'                                                     
        option 'input' 'REJECT'                                                 
        option 'output' 'ACCEPT'                                                
        option 'forward' 'REJECT'                                               
        option 'masq' '1'                                                       
                                                                                
config 'forwarding'                                                             
        option 'src' 'lan'                                                      
        option 'dest' 'wan'                                                     
                                                                                
config 'redirect' 'Bellman_SSH'                                                 
        option 'src' 'wan'                                                      
        option 'dest_ip' '192.168.123.1'                                         
        option 'dest_port' '22'                                                 
        option 'proto' 'tcp'                                                    
        option 'src_ip' ''                                                      
        option 'src_dport' '22'                                                 
                                                                                
config 'redirect' 'AsteriskIAX2'                                                
        option 'src' 'wan'                                                      
        option 'dest_ip' '10.127.32.28'                                         
        option 'dest_port' '4569'                                               
        option 'proto' 'udp'                                                    
        option 'src_ip' ''                                                      
        option 'src_dport' '4569'                                               
                                                                                                                                                                                                        
config 'redirect' 'OpenVpn'                                                     
        option 'src' 'wan'                                                      
        option 'proto' 'udp'                                                    
        option 'dest_ip' '10.127.32.27'                                         
        option 'dest_port' '1194'                                               
        option 'src_ip' ''                                                      
        option 'src_dport' '1194'                                               
                                                                                                                             
                                                                                
config 'forwarding'                                                             
        option 'src' 'lan'                                                      
        option 'dest' 'dmz'                                                     
                                                                                
config 'forwarding'                                                             
        option 'src' 'dmz'                                                      
        option 'dest' 'wan'         

NTP

Set timezone to US/Pacific Set servers to {0,1,2}.pool.ntp.org

Add this line to ntp.conf

restrict 192.168.123.0 mask 255.255.255.0

Add link to /etc/rc.d so that ntpd will start, you can do this in webIf services page.

QoS

Install but not configured yet. I'd like to use this to control bandwidth used for offsite backups. I want full utilization at night and 200 Kbps during business hours. A way to switch it down to a low bandwidth manually would be good.

SNMP

Installed but not configured yet.

SSL

Installed MatrixSSL so that we can connect to router using a secure connection.

Syslog

Set to log to Bellman.

Wake-On-Lan

Installed not configured yet

VPN

OpenVPN

This end will connect with AGI's and keep the connection nailed up. I suppose I could also allow access back in from the world at large but that is not my primary objective.

So I do the usual - copy the config files from the AGI server and then start it up.

Asterisk PBX server