MikroTik RouterBoard RB532A
RouterBoard 532A
To-do:
- Fix routing table
- dyndns updates
- ntp server? (client is working) (ntpd is installed)
- QoS
- netmeeting - use dmz
- dmz - allow OpenVpn access ?
- WiFi -
- DHCP for LAN?
- OpenVPN
- Scheduled QoS control?
- Crow? or similar
- WoL
Board type: 532A Serial number: 16C901CD44DB Firmware version: 2.10 CPU frequency: 399 MHz Memory size: 64 MB eth1 MAC address: 00:0C:42:10:1C:6C eth2 MAC address: 00:0C:42:10:1C:6D eth3 MAC address: 00:0C:42:10:1C:6E
Reflashing
http://wiki.openwrt.org/OpenWrtDocs/Hardware/Mikrotik/RB532
The simplest way is to simply download the CF image file from http://downloads.x-wrt.org/xwrt/kamikaze/ and then use 'dd' to copy it to a CF card, then put the CF into the RouterBoard and off you go.
Get the 128k image. The 128k refers to the block size in the filesystem and it's good for CF cards.
The healthy way to copy binary images to CF is 'dd' under Linux. Cygwin includes a 'dd' command so if you are burdened with Windows you can still use dd. I did not get it working and ended up simply usng Linux. YMMV http://www.groupsrv.com/linux/about17777.html
dd if=/dev/sdb of=backupimage.bin dd if=openwrt-rb532-jffs2-128k.bin of=/dev/sdb
The backup image is 256MB because that's the device size. Wastes some disk space but then again I delete it as soon as the RouterBoard is up and running again.
Serial console
115200 8n1
AGI
In our internal DNS, it's called OpenWRT and can be reached via ssh or https://openwrt/ or from outside the lan at https://alseageo.dyndns.biz/
Support for it in OpenWrt seems to be pretty good, they have the latest releases prebuilt for it. I used instructions in this page to get it loaded.
I installed KAMIKAZE (7.09) then later I found out about X-WRT and installed their version from http://downloads.x-wrt.org/xwrt/kamikaze/
I no longer put all 4 screws into the MicroTik case. :-)
Install took 10 minutes including opening up the case. OpenWrtDocs/Hardware/Mikrotik/RB532
Support in dd-wrt is not good. There is an old beta.
CF layout
Kamikaze fits in a 16MB flash so any old CF card will do for booting.
Ethernet ports
There are three, the one to the left of the serial port is eth0 To the right are eth1 and eth2
By default in Kamikaze eth0 is in DHCP so it would make a good WAN port
Miscellaneous onfiguration
Password
Root password set from the console port command line using "passwd". Set to the usual root password.
Network
This is the /etc/config/network file, hand edited to create three networks. The WAN interface has its MAC address overridden so that it uses the same MAC as the old D-Link router. That way switching back and forth between the RouterBoard and the D-Link should not cause our Comcast DHCP address to change.
config 'interface' 'loopback' option 'ifname' 'lo' option 'proto' 'static' option 'ipaddr' '127.0.0.1' option 'netmask' '255.0.0.0' config 'interface' 'wan' option 'ifname' 'eth0' option 'proto' 'dhcp' option 'macaddr' '00:0D:88:5F:E8:90' config 'interface' 'lan' option 'ifname' 'eth1' option 'proto' 'static' option 'ipaddr' '10.127.32.5' option 'netmask' '255.0.0.0' config 'interface' 'dmz' option 'ifname' 'eth2' option 'proto' 'static' option 'ipaddr' '192.168.123.249' # at home for testing option 'netmask' '255.255.255.0'
Route command
Adding a default route so that you can get the webif stuff running initially; you need to add some packages.
route add default gw 192.168.123.254
Packages added
After getting webif running I use it to make these package additions/deletions.
etherwake ntpd openvpn tcpdump wol nbd's QoS scripts
Packages removed
ppp ppp-mod-pppoe
DHCP
We provide DHCP only to the DMZ zone.
/etc/config/dhcp config dhcp option interface lan option ignore 1 config dhcp option interface dmz option start 190 option limit 199 option leasetime 1h config dhcp option interface wan option ignore 1
Dyndns
Comes with changeip client, which can be configured with your username password
Firewall
Set up from WebIf. Note that the rule names cannot have spaces in them
config 'defaults' option 'syn_flood' '1' option 'input' 'ACCEPT' option 'output' 'ACCEPT' option 'forward' 'REJECT' config 'zone' option 'name' 'lan' option 'input' 'ACCEPT' option 'output' 'ACCEPT' option 'forward' 'REJECT' config 'zone' option 'name' 'wan' option 'input' 'REJECT' option 'output' 'ACCEPT' option 'forward' 'REJECT' option 'masq' '1' config 'forwarding' option 'src' 'lan' option 'dest' 'wan' config 'redirect' 'Kilchis_SSH' option 'src' 'wan' option 'dest_ip' '10.127.32.27' option 'dest_port' '22' option 'proto' 'tcp' option 'src_ip' '' option 'src_dport' '22' config 'redirect' 'AsteriskIAX2' option 'src' 'wan' option 'dest_ip' '10.127.32.28' option 'dest_port' '4569' option 'proto' 'udp' option 'src_ip' '' option 'src_dport' '4569' config 'redirect' 'ODOT_ProdDemo' option 'src' 'wan' option 'dest_ip' '10.127.32.34' option 'dest_port' '80' option 'proto' 'tcp' option 'src_ip' '' option 'src_dport' '80' config 'redirect' 'SCint' option 'src' 'wan' option 'dest_ip' '10.127.32.34' option 'dest_port' '8082' option 'proto' 'tcp' option 'src_ip' '' option 'src_dport' '8082' config 'redirect' 'OpenVpn' option 'src' 'wan' option 'proto' 'udp' option 'dest_ip' '10.127.32.27' option 'dest_port' '1194' option 'src_ip' '' option 'src_dport' '1194' config 'redirect' 'Subversion' option 'src' 'wan' option 'proto' 'tcp' option 'dest_port' '44555' option 'dest_ip' '10.127.32.27' option 'src_ip' '' option 'src_dport' '44555' config 'redirect' 'NetMotion' option 'src' 'wan' option 'proto' 'udp' option 'src_ip' '' option 'src_dport' '5008' option 'dest_ip' '10.127.32.69' option 'dest_port' '5008' config 'forwarding' option 'src' 'lan' option 'dest' 'dmz' config 'forwarding' option 'src' 'dmz' option 'dest' 'wan'
NTP
Set timezone to US/Pacific Set servers to {0,1,2}.pool.ntp.org
QoS
Install but not configured yet. I'd like to use this to control bandwidth used for offsite backups. I want full utilization at night and 200 Kbps during business hours. A way to switch it down to a low bandwidth manually would be good.
SNMP
Installed but not configured yet. Could be set to log to cacti on Kilchis
SSL
Installed MatrixSSL so that we can connect to router using a secure connection.
Syslog
Set to log to Kilchis. 10.127.32.27/514
Wake-On-Lan
Installed not configured
VPN
OpenVPN
Installed package. Not configured yet.
dmesg output
# dmesg Linux version 2.6.24.7 ([email protected]) (gcc version 4.1.2) #1 Fr8 CPU revision is: 0001800a (MIPS 4Kc) Determined physical RAM map: memory: 03fffa00 @ 00000400 (usable) Wasting 32 bytes for tracking 1 unused pages Entering add_active_range(0, 1, 16383) 0 entries of 256 used Initrd not found or empty - disabling initrd Zone PFN ranges: Normal 1 -> 16383 Movable zone start PFN for each node early_node_map[1] active PFN ranges 0: 1 -> 16383 On node 0 totalpages: 16382 Normal zone: 127 pages used for memmap Normal zone: 0 pages reserved Normal zone: 16255 pages, LIFO batch:3 Movable zone: 0 pages used for memmap Built 1 zonelists in Zone order, mobility grouping on. Total pages: 16255 Kernel command line: console=ttyS0,115200 gpio=16383 kmac=00:0C:42:10:1C:6C boa korina mac = 00:0C:42:10:1C:6C Primary instruction cache 8kB, VIPT, 4-way, linesize 16 bytes. Primary data cache 8kB, 4-way, VIPT, no aliases, linesize 16 bytes Synthesized clear page handler (26 instructions). Synthesized copy page handler (46 instructions). Synthesized TLB refill handler (20 instructions). Synthesized TLB load handler fastpath (32 instructions). Synthesized TLB store handler fastpath (32 instructions). Synthesized TLB modify handler fastpath (31 instructions). Initializing IRQ's: 168 out of 256 PID hash table entries: 256 (order: 8, 1024 bytes) calculating r4koff... 001e846c(1999980) CPU frequency 400.00 MHz console [ttyS0] enabled Dentry cache hash table entries: 8192 (order: 3, 32768 bytes) Inode-cache hash table entries: 4096 (order: 2, 16384 bytes) Memory: 60992k/65528k available (2069k kernel code, 4468k reserved, 566k data, ) Calibrating delay loop... 398.95 BogoMIPS (lpj=1994752) Mount-cache hash table entries: 512 net_namespace: 64 bytes NET: Registered protocol family 16 PCI: Initializing PCI registering PCI controller with io_map_base unset NET: Registered protocol family 2 Time: MIPS clocksource has been installed. IP route cache hash table entries: 1024 (order: 0, 4096 bytes) TCP established hash table entries: 2048 (order: 2, 16384 bytes) TCP bind hash table entries: 2048 (order: 1, 8192 bytes) TCP: Hash tables configured (established 2048 bind 2048) TCP reno registered squashfs: version 3.0 (2006/03/15) Phillip Lougher JFFS2 version 2.2. (NAND) (SUMMARY) �© 2001-2006 Red Hat, Inc. yaffs Nov 7 2008 15:30:24 Installing. io scheduler noop registered io scheduler deadline registered (default) Serial: 8250/16550 driver $Revision: 1.90 $ 2 ports, IRQ sharing disabled serial8250: ttyS0 at MMIO 0x0 (irq = 104) is a 16550A cf-mips module loaded cf-mips: resetting.. cf-mips: identify drive.. cf-mips: CF card detected, C/H/S=998/16/32 sectors=510976 (249MB) Serial=ASH 0 cf-mips: detecting block size cf-mips: multiple sectors = 1 init done<6> cfa: cfa1 cfa2 eth0: Rx IRQ 40, Tx IRQ 41, 00:0c:42:10:1c:6c via-rhine.c:v1.10-LK1.4.3 2007-03-06 Written by Donald Becker PCI: Enabling device 0000:00:02.0 (0080 -> 0083) PCI: Setting latency timer of device 0000:00:02.0 to 64 io_map_base of root PCI bus 0000:00 unset. Trying to continue but you better fix this issue or report it to [email protected] or your vendor. To avoid data corruption io_map_base MUST be set with multiple PCI domains.<6>e. eth1: MII PHY found at address 1, status 0x7849 advertising 05e1 Link 0000. PCI: Enabling device 0000:00:03.0 (0080 -> 0083) PCI: Setting latency timer of device 0000:00:03.0 to 64 eth2: VIA Rhine III at 0xb8800100, 00:0c:42:10:1c:6e, IRQ 143. eth2: MII PHY found at address 1, status 0x7849 advertising 05e1 Link 0000. block2mtd: version $Revision: 1.30 $ Creating 1 MTD partitions on "/dev/cfa2": 0x00000000-0x03020000 : "/dev/cfa2" block2mtd: mtd0: [/dev/cfa2] erase_size = 128KiB [131072] NAND device: Manufacturer ID: 0xad, Chip ID: 0xf1 (Hynix NAND 128MiB 3,3V 8-bit) Scanning device for bad blocks Bad eraseblock 61 at 0x007a0000 Creating 2 MTD partitions on "NAND 128MiB 3,3V 8-bit": 0x00000000-0x00400000 : "Routerboard NAND boot" 0x00400000-0x08000000 : "rootfs" mtd: partition "rootfs" set to be root filesystem split_squashfs: no squashfs found in "NAND 128MiB 3,3V 8-bit" No IRQF_TRIGGER set_type function for IRQ 1 (RB500) input: gpio-keys as /devices/platform/gpio-keys/input/input0 Registered led device: rb500led:amber nf_conntrack version 0.5.0 (1024 buckets, 4096 max) TCP vegas registered NET: Registered protocol family 1 NET: Registered protocol family 17 802.1Q VLAN Support v1.8 Ben Greear <[email protected]> All bugs added by David S. Miller <[email protected]> jffs2_scan_eraseblock(): End of filesystem marker found at 0x220000 jffs2_build_filesystem(): unlocking the mtd device... done. jffs2_build_filesystem(): erasing all blocks after the end marker... done. VFS: Mounted root (jffs2 filesystem) readonly. Freeing unused kernel memory: 128k freed Please be patient, while OpenWrt loads ... Algorithmics/MIPS FPU Emulator v1.5 PPP generic driver version 2.4.2 ip_tables: (C) 2000-2006 Netfilter Core Team wlan: trunk ath_hal: module license 'Proprietary' taints kernel. ath_hal: 2008-10-02 (AR5210, AR5211, AR5212, AR5416, RF5111, RF5112, RF2413, RF) ath_rate_minstrel: Minstrel automatic rate control algorithm 1.2 (trunk) ath_rate_minstrel: look around rate set to 10% ath_rate_minstrel: EWMA rolloff level set to 75% ath_rate_minstrel: max segment size in the mrr set to 6000 us wlan: mac acl policy registered ath_pci: trunk root@OpenWrt:/#