长手套长靴美女:Dual & Triple Wans on DD

Dual & Triple Wans on DD-WRT Check VLAN support
at console, type:
nvram get vlan0ports
nvram get vlan1ports
output:
nvram vlan0ports = 1 2 3 4 5*
nvram vlan1ports = 0 5

Command for troubleshoot
ifconfig
nvram get rc_startup
nvram get rc_firewall
nvram get vlan0ports
nvram get vlan1ports
nvram get vlan2ports
ls -al /jffs
ls -al /jffs/scripts
ip route
ip route show table 100
ip route show table 200
/jffs/iptables --list -nvt mangle
/jffs/iptables --list -nvt nat


Triple Wans on DD-WRT

How much JFFS Space free after cleaned?
896.00 KB / 572.00 KB this is with dual up and running!
-WRT54GL
-dd-wrt.v24_mini_wrt54g
-JFFS2 ENABLED
-PORTS 4 VLAN2
-PORTS 3 VLAN3

::Scripts below as at July.2008

nvram set vlan0ports="3 2 5*"
nvram set vlan2ports="0 5"
nvram set vlan2hwname="et0"
nvram set vlan3ports="1 5"
nvram set vlan3hwname="et0"
cd /jffs
# Get the binary IPTables
wget http://www.jbarbieri.net/dd-wrt/scripts/iptables
mkdir /jffs/scripts
cd /jffs/scripts
# Get the firewall.firewall script, change to v2.6 or v24 or v23, etc...
wget http://www.jbarbieri.net/dd-wrt/scripts/firewall.firewall-triple-v23
mv firewall.firewall-triple-v23 firewall.firewall
# Get the routes.firewall script, change also ...
wget http://www.jbarbieri.net/dd-wrt/scripts/routes-triple.firewall
mv routes-triple.firewall routes.firewall
# Get the DHCP script
wget http://www.jbarbieri.net/dd-wrt/scripts/udhcpc-wan2.script
wget http://www.jbarbieri.net/dd-wrt/scripts/udhcpc-wan3.script
chmod a+x /jffs/*
chmod a+x /jffs/sciprts/*
nvram set rc_startup='udhcpc -i vlan2 -s /jffs/scripts/udhcpc-wan2.script udhcpc -i vlan3 -s /jffs/sciprts/udhcpc-wan3.script'
echo "`date` Sleeping 30 seconds so nvram can get fully up to date"
sleep 30
/jffs/scripts/routes.firewall
echo "`date` rc_startup is now completed" >> /var/log/messages'
nvram set rc_firewall='/jffs/scripts/routes.firewall /jffs/scripts/firewall.firewall'

nvram commit
reboot


IF one WAN is fixed IP
cd /jffs/scripts
vi wan2.firewall

Code:
#!/bin/sh
WAN2_IFNAME=vlan2
WAN2_IPADDR=192.168.1.2
WAN2_BROADCAST=192.168.1.255
WAN2_GATEWAY=192.168.1.1
WAN2_NETMASK=255.255.255.0
if [ "$(nvram get wan2_ipaddr)" != "$WAN2_IPADDR" ]; then
nvram set wan2_ifname=$WAN2_IFNAME
nvram set wan2_ipaddr=$WAN2_IPADDR
nvram set wan2_gateway=$WAN2_GATEWAY
nvram set wan2_netmask=$WAN2_NETMASK
nvram set wan2_broadcast=$WAN2_BROADCAST
nvram commit
fi
ifconfig $(nvram get wan2_ifname) $(nvram get wan2_ipaddr) netmask $(nvram get wan2_netmask) broadcast $(nvram get wan2_broadcast) up


then type in the following:
nvram set rc_startup='/jffs/scripts/wan2.firewall /jffs/scripts/routes.firewall'
nvram set rc_firewall='/jffs/scripts/routes.firewall /jffs/scripts/firewall.firewall'
nvram commit
reboot




Dual Wans on DD-WRT

1 - Upgrade Router Firmware:
a. download & install the dd-wrt mini firmware
http://www.dd-wrt.com/dd-wrtv2/downloads/stable/dd-wrt.v23%20SP2/mini/dd-wrt.v23_mini_generic.bin
b. followed by the dd-wrt nokaid generic firmware over the mini
http://www.dd-wrt.com/dd-wrtv2/downloads/stable/dd-wrt.v23%20SP2/standard_nokaid/dd-wrt.v23_nokaid_generic.bin
c. for detailed installation instructions. [critical you do this correctly]
http://www.dd-wrt.com/wiki/index.php/Linksys_WRT54G/GL/GS/GX#WRT54GL

2 - VLAN Configuration: [Setup Tab] [default login/pass = root/admin]
a. log into router via http. click vlan under the setup tap
b. configure settings like <this image>. click "save" [stay logged in router]

c. telnet into router. type into the command line
nvram set vlan0ports="3 2 1 5*"
nvram set vlan2ports="0 5"
nvram set vlan2hwname=et0
nvram commit
reboot

3 - Install Router Scripts: [Administration Tab]
a. under services, enable sshd, & password login. click save
b. under managment, enable jffs2 & clean jffs2. click save
c. followed by disable clean jffs2. click save
d. in the commands tab. paste and click "save startup"
udhcpc -s /jffs/scripts/udhcpc-wan2.script -i vlan2 /jffs/scripts/routes.firewall
e. same tab, paste and click "save firewall"
/jffs/scripts/firewall.firewall
f. SSH into router
g. make new folder called "scripts" in the "jffs" folder
h. create three scripts into scripts folder as below
/jffs/script--firewall.firewall
+-route.firewall
+-udhcp wan2.script
i. change script directory ACL
chmod 777 /jffs/script

Overclock Router: [Admin Tab]
under managment change default speed from 200mhz to 250mhz. click save
note: this is a 100% safe overclock and will not damage router.
reboot, your done

Dual Wan Testing: [Optional]
- install free download manager [http://www.freedownloadmanager.org/]
- double click dualwan.reg for optimal dual wan perfornace [http://www.roadrunnerguide.com/dualwan.rar]
- test for maximum speed by downloading a linux distro like fedora

-------------------------- firewall.firewall --------------------------
#!/bin/sh
IPTABLES="/usr/sbin/iptables"
#DD-WRT firewall rules #BEGIN
#apply simple forward rules
for RULE in $(nvram get forward_spec)
do
FROM=`echo $RULE | cut -d '>' -f 1`
TO=`echo $RULE | cut -d '>' -f 2`
STATE=`echo $FROM | cut -d ':' -f 2`
PROTO=`echo $FROM | cut -d ':' -f 3`
SPORT=`echo $FROM | cut -d ':' -f 4`
DEST=`echo $TO | cut -d ':' -f 1`
DPORT=`echo $TO | cut -d ':' -f 2`

if [ "$STATE" = "on" ]; then
if [ "$PROTO" = "both" ]; then
#udp
#iptables -A FORWARD -d $(nvram get wan2_ipaddr) -p udp --dport $SPORT -j ACCEPT
iptables -A PREROUTING -t nat -p udp -d $(nvram get wan2_ipaddr) --dport $SPORT -j DNAT --to $DEST:$DPORT
#tcp
#iptables -A FORWARD -d $(nvram get wan2_ipaddr) -p tcp --dport $SPORT -j ACCEPT
iptables -A PREROUTING -t nat -p tcp -d $(nvram get wan2_ipaddr) --dport $SPORT -j DNAT --to $DEST:$DPORT
else
#iptables -A FORWARD -d $(nvram get wan2_ipaddr) -p $PROTO --dport $SPORT -j ACCEPT
iptables -A PREROUTING -t nat -p $PROTO -d $(nvram get wan2_ipaddr) --dport $SPORT -j DNAT --to $DEST:$DPORT
fi
fi
done
#apply range forward rules
for RULE in $(nvram get forward_port)
do
FROM=`echo $RULE | cut -d '>' -f 1`
TO=`echo $RULE | cut -d '>' -f 2`
STATE=`echo $FROM | cut -d ':' -f 2`
PROTO=`echo $FROM | cut -d ':' -f 3`
SPORT=`echo $FROM | cut -d ':' -f 4`
EPORT=`echo $FROM | cut -d ':' -f 5`
if [ "$STATE" = "on" ]; then
if [ "$PROTO" = "both" ]; then
#udp
#iptables -A FORWARD -d $(nvram get wan2_ipaddr) -p udp --dport $SPORT:$EPORT -j ACCEPT
iptables -A PREROUTING -t nat -p udp -d $(nvram get wan2_ipaddr) --dport $SPORT:$EPORT -j DNAT --to $TO
#tcp
#iptables -A FORWARD -d $(nvram get wan2_ipaddr) -p tcp --dport $SPORT:$EPORT -j ACCEPT
iptables -A PREROUTING -t nat -p tcp -d $(nvram get wan2_ipaddr) --dport $SPORT:$EPORT -j DNAT --to $TO
else
#iptables -A FORWARD -d $(nvram get wan2_ipaddr) -p $PROTO --dport $SPORT:$EPORT -j ACCEPT
iptables -A PREROUTING -t nat -p $PROTO -d $(nvram get wan2_ipaddr) --dport $SPORT:$EPORT -j DNAT --to $TO
fi
fi
done
iptables -A PREROUTING -t nat -p icmp -d $(nvram get wan2_ipaddr) -j DNAT --to $(nvram get lan_ipaddr)
if [ $(nvram get remote_management) -eq 1 ]; then
iptables -A PREROUTING -t nat -p tcp -d $(nvram get wan2_ipaddr) --dport $(nvram get http_wanport) -j DNAT --to $(nvram get lan_ipaddr):$(nvram get http_lanport)
fi
if [ $(nvram get dmz_enable) -eq 1 ]; then
DMZ_IP=$(nvram get lan_ipaddr | sed -r 's/[0-9]+$//')$(nvram get dmz_ipaddr)
iptables -A PREROUTING -t nat -d $(nvram get wan2_ipaddr) -j DNAT --to $DMZ_IP
fi
iptables -A PREROUTING -t nat --dest $(nvram get wan2_ipaddr) -j TRIGGER --trigger-type dnat
iptables -A FORWARD -i $(nvram get wan2_ifname) -o $(nvram get lan_ifname) -j TRIGGER --trigger-type in
#iptables -A PREROUTING -t mangle -i $(nvram get wan2_ifname) -j IMQ --todev 0
#iptables -A PREROUTING -t mangle -i $(nvram get wan2_ifname) -j SVQOS_IN
#iptables -A POSTROUTING -t mangle -o $(nvram get wan2_ifname) -j SVQOS_OUT
#DD-WRT END
$IPTABLES -F POSTROUTING -t nat
$IPTABLES -t mangle -N ETH1
$IPTABLES -t mangle -F ETH1
#$IPTABLES -t mangle -A ETH1 -p tcp -j LOG --log-prefix " MANGLE_TCP_ETH1 "
#$IPTABLES -t mangle -A ETH1 -p icmp -j LOG --log-prefix " MANGLE_ICMP_ETH1 "
$IPTABLES -t mangle -A ETH1 -j MARK --set-mark 0x100
$IPTABLES -t mangle -N ETH2
$IPTABLES -t mangle -F ETH2
#$IPTABLES -t mangle -A ETH2 -p tcp -j LOG --log-prefix " MANGLE_TCP_ETH2 "
#$IPTABLES -t mangle -A ETH2 -p icmp -j LOG --log-prefix " MANGLE_ICMP_ETH2 "
$IPTABLES -t mangle -A ETH2 -j MARK --set-mark 0x200
$IPTABLES -t nat -N SPOOF_ETH1
$IPTABLES -t nat -F SPOOF_ETH1
#$IPTABLES -t nat -A SPOOF_ETH1 -j LOG --log-prefix " SPOOF_ETH1 "
$IPTABLES -t nat -A SPOOF_ETH1 -j SNAT --to $(nvram get wan_ipaddr)
$IPTABLES -t nat -N SPOOF_ETH2
$IPTABLES -t nat -F SPOOF_ETH2
#$IPTABLES -t nat -A SPOOF_ETH2 -j LOG --log-prefix " SPOOF_ETH2 "
$IPTABLES -t nat -A SPOOF_ETH2 -j SNAT --to $(nvram get wan2_ipaddr)
$IPTABLES -A INPUT -p icmp -s 192.168.1.0/24 -d 192.168.1.1 -j ACCEPT
$IPTABLES -t mangle -A OUTPUT -o ! br0 -m random --average 50 -j ETH1
$IPTABLES -t mangle -A PREROUTING -i br0 -m random --average 50 -j ETH1
$IPTABLES -t mangle -A OUTPUT -o ! br0 -m random --average 50 -j ETH2
$IPTABLES -t mangle -A PREROUTING -i br0 -m random --average 50 -j ETH2
$IPTABLES -t nat -A POSTROUTING -o $(nvram get wan_ifname) -j SPOOF_ETH1
$IPTABLES -t nat -A POSTROUTING -o $(nvram get wan2_ifname) -j SPOOF_ETH2
RP_PATH=/proc/sys/net/ipv4/conf
for IFACE in `ls $RP_PATH`; do
echo 0 > $RP_PATH/$IFACE/rp_filter
done

-------------------------- routes.firewall --------------------------
#!/bin/sh
ip rule flush
ip rule add lookup main prio 32766
ip rule add lookup default prio 32767
ip rule add from $(nvram get wan_ipaddr) table 100 prio 100
ip rule add fwmark 0x100 table 100 prio 101
ip rule add from $(nvram get wan2_ipaddr) table 200 prio 200
ip rule add fwmark 0x200 table 200 prio 201
ip route flush table 100
ip route flush table 200
for TABLE in 100 200
do
ip route | grep link | while read ROUTE
do
ip route add table $TABLE to $ROUTE
done
done
ip route add table 100 default via $(nvram get wan_gateway)
ip route add table 200 default via $(nvram get wan2_gateway)
ip route delete default
ip route add default scope global equalize nexthop via $(nvram get wan_gateway) dev $(nvram get wan_ifname) nexthop via $(nvram get wan2_gateway) dev $(nvram get wan2_ifname)

-------------------------- udhcpc-wan2.script --------------------------
#!/bin/sh
# udhcpc script edited by Tim Riker <Tim@Rikers.org>
[ -z "$1" ] && echo "Error: should be called from udhcpc" && exit 1
ifconfig $interface up
RESOLV_CONF="/etc/resolv.conf"
[ -n "$broadcast" ] && BROADCAST="broadcast $broadcast"
[ -n "$subnet" ] && NETMASK="netmask $subnet"
case "$1" in
deconfig)
# /sbin/ifconfig $interface 0.0.0.0
;;

renew|bound)
# /sbin/ifconfig $interface $ip $BROADCAST $NETMASK
echo "$ip $BROADCAST $NETMASK"

if [ -n "$router" ] ; then
echo "deleting routers"
# while route del default gw 0.0.0.0 dev $interface ; do
# :
# done

# for i in $router ; do
# route add default gw $i dev $interface
# done
echo "$router"
fi

echo -n > $RESOLV_CONF
[ -n "$domain" ] && echo search $domain >> $RESOLV_CONF
for i in $dns ; do
echo adding dns $i
echo nameserver $i >> $RESOLV_CONF
done
nvram set wan2_ifname=$interface
nvram set wan2_gateway=$router
nvram set wan2_ipaddr=$ip
nvram set wan2_netmask=$subnet
nvram set wan2_broadcast=$broadcast
nvram commit
ifconfig $(nvram get wan2_ifname) $(nvram get wan2_ipaddr) netmask $(nvram get wan2_netmask) up
;;
esac

exit 0