WRTSL54GS动手玩 之 DD-WRT篇 1/3

mye***

原文链接, 请大家指教:
http://hi.baidu.com/myeyre/blog/ ... 98ebf1431694b3.html

恩山一次贴不下, 分三次:

WRTSL54GS动手玩 之 DD-WRT篇

WRTSL54GS v1.0: BCM4704 rev8 266M/8M Flash(Intel TE28F640 J3C120)/32M RAM(Hynix HY5DU561622DT-J)/USB2.0(NEC D720101F1)(BGA)
WRTSL54GS v1.1: BCM4704 rev9 266M/8M Flash(Intel TE28F640 J3C120??)/32M RAM(Hynix HY5DU561622DT-J??)/USB2.0(NEC D720101F1)(BGA)

Linksys WRT54G series:
http://en.wikipedia.org/wiki/Wrt54g

WRT54G系列, 这是一个传奇的产品线, 拥有十数款百多种型号的无线路由, 开创了在家用电子设备上使用GNU/Linux的先河(后期有些型号转向VxWorks), 由此引发了官司, 和解, 开放源码和第三方固件的大爆发.

这个系列是如此经典, 第三方固件是如此耐玩, 以致直到现在Linksys还有一个怀旧型号WRT54GL在卖, 以致国内的玩家为了玩到这系列的路由, 宁肯出高价去买洋垃圾.

这个系列中, 个人喜欢WRTSL54GS和WTR54GS. WRTSL54GS是系列中唯一有USB接口的型号, USB+第三方固件+较完善的包管理系统(ipkg/opkg)=无限可能:) 而WTR54GS的傲人身材, 使其成为居家旅行必备之物(v1配置较高, 口水...).

生命在于折腾.


0)  xxxed

1) 准备工作: 安装Optware支持文件
Optware是由NSLU2-Linux项目提供的面向DD-WRT, OpenWRT等嵌入式Linux的包管理系统:
http://www.nslu2-linux.org/wiki/Optware/HomePage

DD-WRT上的安装参照: http://www.dd-wrt.com/wiki/index.php/Optware

安装DD-WRT(Mega or USB), 连接网络(此处以Client模式接入主路由, WAN口自动获取, LAN地址设为192.168.11.1), 启用USB支持, 挂载优盘或硬盘:

安装OptWare运行时环境:
wget http://www.wlan-sat.com/boleo/optware/optware-install-ddwrt.sh  -O - | tr -d '\r' > /opt/optware-install.sh
sh /opt/optware-install.sh

安装功能更全的BusyBox:
ipkg-opt install busybox

如果找不到你熟悉的*nix指令:
ipkg-opt install coreutils
ipkg-opt install util-linux-ng

启用交换分区或文件, 以满足众多软件的内存需求, 大小为内存*2, 我是不喜欢移动硬盘多个分区的:
dd if=/dev/zero of=/opt/swap bs=1024 count=65536
mkswap /opt/swap
swapon /opt/swap

如果使用交换分区, 把/opt/swap换成设备名就好了.

确认交换空间正确启用:
free

建议挂载/opt后即启用交换空间:
cat > /opt/start_opt.sh
#!/bin/sh

#cat > /opt/start_opt_wrapper.sh
##!/bin/sh
#
#/opt/start_opt.sh >> /opt/start_opt.log

#nvram set usb_runonmount=/opt/start_opt_wrapper.sh
#nvram commit
#nvram get usb_runonmount

#wait till network comes up
sleep 10

#set > /opt/env.txt

echo "Adding user for samba..."
grep -q nobody /etc/passwd || echo 'nobody:*:65534:65534:nobody:/nonexistent:/bin/false
eric:*:0:0:Alias of root,,,:/opt/home/eric:/bin/sh
emily:*:1000:1000:Home User,,,:/opt/home/emily:/bin/false
X:*:2000:2000:Guest User,,,:/opt/home/X:/bin/false
dummy:*:2001:2000:Dummy User for Samba Guest,,,:/nonexistent:/bin/false' >> /etc/passwd

grep -q nogroup /etc/group || echo 'nogroup:x:65534:
home:x:1000:
guests:x:2000:' >>/etc/group

#为各种p2p应用打开防火墙端口:
#@iptables Transmission: /opt/share/transmission/settings.json "peer-port": 51413,
iptables -I INPUT -p tcp --dport 51413 -j ACCEPT
iptables -I INPUT -p udp --dport 51413 -j ACCEPT
#@iptables rTorrent: /opt/etc/rtorrent.conf port_range = 51777-51780
iptables -I INPUT -p tcp --dport 51777:51780 -j ACCEPT
iptables -I INPUT -p udp --dport 51777:51780 -j ACCEPT
#@iptables rTorrent: /opt/etc/rtorrent.conf dht_port = 6881
iptables -I INPUT -p udp --dport 6881 -j ACCEPT
#@iptables aMule: /opt/share/amule/.aMule/amule.conf Port=4662
#@iptables aMule: 4665: "Extended server requests UDP port"
#@iptables aMule: /opt/share/amule/.aMule/amule.conf UDPPort=4672
iptables -I INPUT -p tcp --dport 4662 -j ACCEPT
iptables -I INPUT -p udp --dport 4665 -j ACCEPT
iptables -I INPUT -p udp --dport 4672 -j ACCEPT
##@iptables MLDonkey: /opt/mlnet/.mldonkey/bittorrent.ini 含: BitTorrent及内置Tracker端口, no DHT??
#iptables -I INPUT -p tcp --dport 6882 -j ACCEPT
#iptables -I INPUT -p udp --dport 6882 -j ACCEPT
#iptables -I INPUT -p tcp --dport 6881 -j ACCEPT
#@iptables MLDonkey: /opt/mlnet/.mldonkey/donkey.ini 含: eDonkey, Overnet, Kademlia
iptables -I INPUT -p tcp --dport 20511 -j ACCEPT
iptables -I INPUT -p tcp --dport 11390 -j ACCEPT
iptables -I INPUT -p tcp --dport 15280 -j ACCEPT

iptables -L INPUT

echo "Enabling swap..."
/opt/sbin/swapon /opt/swap
free

/opt/etc/init.d/S99monit start

#echo "Starting Optware programs..."
#for x in /opt/etc/init.d/S* ; do
#  echo $x start
#  $x start
#done
^D

为避免直接断电带来的文件系统损坏, 断电前把/opt umount掉.
卸载/opt前需要停止后台进程, 禁用交换空间:
cat > /opt/stop_opt.sh
#!/bin/sh

#nvram set rc_shutdown=/opt/stop_opt.sh
#nvram commit
#nvram get rc_shutdown

if [ `dirname $0` != '/tmp/root' ]
then
        #
        if [ `dirname $0` = '' ]
        then
                cp `which $0` /tmp/root
        else
                cp $0 /tmp/root
        fi
       
        chmod a+x /tmp/root/`basename $0`
        exec /tmp/root/`basename $0`
fi

#set > /opt/env.txt

echo "Stoping Optware programs..."
for x in /opt/etc/init.d/S* ; do
  echo $x stop
  $x stop
done

echo "Disabling swap..."
/opt/sbin/swapoff /opt/swap
free

sleep 1

#/bin/umount
echo "umounting /opt..."
/bin/umount /opt
df -k
^D



2) NAS - Samba+FTP文件服务器:
先来实现原厂固件的功能Samba+FTP:

Samba:
不知道出于什么原因, DD-WRT连NAS基本的Samba都没有内置. (固件大小限制?? )
先来安装软件包:
ipkg-opt install samba
##SWAT SUCKS. Go ahead if you want to be sucked.
#ipkg-opt install samba3-swat

安装包非常礼貌的提醒你要手工创建/opt/etc/samba/smb.conf, 但由于SWAT这个Web配置工具实在蹩脚, 我们只好手工创建smb.conf:

--------------------------------------------------------------------------------

cat > /opt/etc/samba/smb.conf

#/opt/etc/samba/smb.conf for Optware, 配置参考了:
#http://www.5ilinux.com/samba.html
#http://us3.samba.org/samba/docs/man/manpages-3/smb.conf.5.html
#
#SWAT SUCKS.
#
[global]
        workgroup = WORKGROUP
        netbios name = DD-WRT
        server string = Samba %v on %h
        interfaces = 192.168.11.1/255.255.255.0 br0
        bind interfaces only = yes
        log file = /opt/var/samba/log.%m
        max log size = 1024
        syslog = 0
        encrypt passwords = true
        smb passwd file = /opt/etc/samba/smbpasswd
        map to guest = bad user
        guest account = dummy
        printcap name = /dev/null
        load printers = no
        hosts deny = ALL
#        hosts allow = 192.168.11.
        hosts allow = ALL


#允许用户访问自己的home目录, 使用如下命令添加用户或修改密码:
#smbpasswd -a root
#smbpasswd root
[homes]
        comment = Home Directories
        browseable = no
        writable = yes
        create mask = 0640
        directory mask = 0750
        valid users = %S


#整个文件系统的管理共享, 仅eric可以访问
[root]
        comment = Full filesystem access for eric
        path = /
        public = no
        browseable = no
        valid users = root, eric
        write list = root, eric
        printable = no


#共享下载目录, home组用户和X用户可以访问, 但只有home组用户可写
#mkdir -p /opt/home/share
#chmod 777 /opt/home/share
#并将下载目录链接到该文件夹
[Share]
        comment = Torrents downloaded and eDonkey incomings
        path = /opt/home/share
        public = no
#        browseable = no
        valid users = @root, @home, X
        write list = @root, @home
        printable = no


#browseable = no 将对其他用户隐藏该共享, 效果与$共享类似, 可用作临时文件夹
#mkdir -p /opt/home/xxx
#chmod 777 /opt/home/xxx
[xxx]
        comment = xxx
        path = /opt/home/xxx
        public = no
        browseable = no
        valid users = @root, @home, X
        write list = @root, @home
        printable = no



#文件交换目录exchange，所有人都能读写，但不能删除其他人的文件。
#通过以下命令设置该目录的粘着位:
#mkdir -p /opt/home/exchange
#chmod -R 1777 /opt/home/exchange
[Exchage]
        comment = Exchange Directory
        path = /opt/home/exchange
#        browseable = no
        valid users = @root, @home, X
        writable = yes


#公共的只读文件夹public
#mkdir -p /opt/home/public
[Public]
        comment = Read Only Public
        path = /opt/home/public
        public = yes
        read only = yes


^D

--------------------------------------------------------------------------------

#启动smb前使用以下命令为Samba用户建立系统账号并将其添加到smbpasswd:
#dummy账户仅在使用错误的用户名登陆时使用, 此时用户仅可以访问Public共享.
#在DD-WRT下, /etc/passwd的修改会在路由重启后消失, 建议将其加入开始Startup脚本或/opt/etc/init.d/S08samba
grep -q nobody /etc/passwd || echo 'nobody:*:65534:65534:nobody:/nonexistent:/bin/false
eric:*:0:0:Alias of root,,,:/opt/home/eric:/bin/sh
emily:*:1000:1000:Home User,,,:/opt/home/emily:/bin/false
X:*:2000:2000:Guest User,,,:/opt/home/X:/bin/false
dummy:*:2001:2000:Dummy User for Samba Guest,,,:/nonexistent:/bin/false' >> /etc/passwd

grep -q nogroup /etc/group || echo 'nogroup:x:65534:
home:x:1000:
guests:x:2000:' >>/etc/group


##用户home目录
#for user in eric emily
#do
#  mkdir -p /opt/home/$user
#  chown $user:home /opt/home/$user
#done
mkdir -p /opt/home/eric
mkdir -p /opt/home/emily
chown eric:home /opt/home/eric
chown emily:home /opt/home/emily

mkdir -p /opt/home/X
chown X:guest /opt/home/X

#共享下载目录
mkdir -p /opt/home/share
chmod 777 /opt/home/share

#隐藏共享目录
mkdir -p /opt/home/xxx
chmod 777 /opt/home/xxx

#文件交换目录
mkdir -p /opt/home/exchange
chmod -R 1777 /opt/home/exchange

#公用的只读目录
mkdir -p /opt/home/public

#添加用户到smbpasswd前需先创建/opt/etc/samba/smb.conf
smbpasswd -a root
smbpasswd -a eric
smbpasswd -a emily
smbpasswd -a X
smbpasswd -a dummy


--------------------------------------------------------------------------------


#修改/opt/etc/init.d/S08samba设置"samba_active=1", 之后启动smb:
/opt/etc/init.d/S08samba
sleep 1;ps|grep -i mbd

#停止smb:
killall smbd
killall nmbd



ftpd:
DD-WRT(Mega or USB_FTP)自带了一个ProFTPD, "用户名 密码(明文, md5不支持??)" 写到一行上就好了.
mount -o bind /opt /mnt


如果对内置的ftpd不满意, 几个流行的ftpd如proftpd, vsftpd, pureftpd都可以ipkg安装. 不太用, 略去不提.

rzd***

沙发，强帖留名

空虚***

文章不错，鼓励一下

ps：能不能请lz发这篇文章的时候禁用表情符号？