Openwrt install shorewall

Introduction to Shorewall. Caution This configuration places all interfaces in the net zone. Man Pages. Comments in configuration files. Using Shell Variables.

Attach Comment to Netfilter Rules. Using DNS Names. Line Continuation. See the OpenWrt installation instructions for your router if this is a first time installation and the router has not had OpenWrt on it before toh. You can now use opkg to install the modules as usual. For example,. You are now ready to install Shorewall-lite on the router. Once complete, the Shorewall-lite firewall is loaded and started on the router.

Install part is not needed as Shorewall Lite is available as the package now. The standard OpenWrt releases will work for many users, if you are one of them, skip this section, it is not germane. Those wanting to install Shorewall-lite on a resource constrained router, or to get both a full ip and tc setup with their Shorewall-lite may need more free space than is immediately available.

Booting from a USB drive eliminates space restrictions that might limit adding tools to the OpenWrt router. For those without USB ports who need to run the router with constrained file space, the OpenWrt build system toolchain provides the requisite advantages critical to such users: more free space for routines, and the inclusion of modules and tools in the firmware.

The first build takes a long time, however. Use the web interface to first construct the interface names and networks, and then to backup those settings.

Your settings will be inherited by the second pass firmware, installed by a sysupgrade. Next, reflash the router using a sysupgrade with the small footprint firmware you built see below. If not already in the firmware, use opkg to install the tc and ip-full modules. For more information about building OpenWrt, see: Table of known prerequisites and their corresponding packages. Use the two stanzas above to make a. It will make a production firmware that has tc and ip-full already included, and room for Shorewall-lite.

To make the firmware from this. The menuconfig takes a moment to come up. Choose your target profile select your device from the list , save and exit, then run:. In that instance:. The next build will reconstruct all the dependencies, that may repair the problem. The content of this topic has been archived on 31 Mar There are no obvious gaps in this topic, but there may still be some posts missing at the end.

First we need to set up your router's physical networks. If you run a different router or you've tweaked your network configuration heavily, you're on your own with this section, but my Shorewall configuration should still work for you if you change the appropriate interface lines. Remove the entire section labeled " LAN configuration". If you do not have this section, find the "config interface lan" line and remove this entire section.

In its place add two new sections:. Replace the IP addresses and netmasks of the interfaces as you see fit. Be sure to define these static mappings outside the DHCP ranges. As long as they fall within the subnet defined by the IP and netmask on an interface, DNSmasq will still put the clients in the correct subnet with the accompanying gateways and such. Note that if you have any subnets living behind any machines on these networks VPN server, for example that you want to route back and forth to your main network, you should set that up here with a "config route" stanza.

For example:. Of course, Don't worry if you want to add some firewalling to this; Shorewall will give us that power later. Remove the "config dhcp" section with "option interface br0" and replace it with:. This will serve IP's between Again, change the "start" and "limit" values to suit your environment.