OpenWRT实现有线+WiFi的STA模式双WAN叠加

haothree

OpenWRT实现有线+WiFi的STA模式双WAN叠加

本文系转载，原文作者LvSin

配置/etc/config/network文件

1. <font color="#000000">config switch 'eth1'
   
2.         option reset '0'
   
3.         option enable_vlan '0'
   
4. 
   
5. config interface 'loopback'
   
6.         option ifname 'lo'
   
7.         option proto 'static'
   
8.         option ipaddr '127.0.0.1'
   
9.         option netmask '255.0.0.0'
   
10. 
    
11. config interface 'lan'
    
12.         option ifname 'eth1'
    
13.         option proto 'static'
    
14.         option ipaddr '192.168.6.1'
    
15.         option netmask '255.255.255.0'
    
16. 
    
17. config interface 'wan0'
    
18.         option ifname 'wlan0'
    
19.         option proto 'dhcp'
    
20. 
    
21. config interface 'wan1'
    
22.         option ifname 'eth0'
    
23.         option proto 'dhcp'
    
24.     option ifname eth0
    
25.     option proto dhcp</font>

复制代码

注意：wan0与wan1的配置，ifname的值要对应准确，此处interface的编号要被dhcp、wireless配置文件所使用。
配置/etc/config/dhcp         实现wan0、wan1自动dhcp获取IP地址功能

1. <font color="#000000">config dnsmasq
   
2.         option domainneeded '1'
   
3.         option boguspriv '1'
   
4.         option filterwin2k '0'
   
5.         option localise_queries '1'
   
6.         option rebind_protection '1'
   
7.         option rebind_localhost '1'
   
8.         option local '/lan/'
   
9.         option domain 'lan'
   
10.         option expandhosts '1'
    
11.         option nonegcache '0'
    
12.         option authoritative '1'
    
13.         option readethers '1'
    
14.         option leasefile '/tmp/dhcp.leases'
    
15.         option resolvfile '/tmp/resolv.conf.auto'
    
16. 
    
17. config dhcp 'lan'
    
18.         option interface 'lan'
    
19.         option start '100'
    
20.         option limit '150'
    
21.         option leasetime '12h'
    
22.         option dhcpv6 'server'
    
23.         option ra 'server'
    
24. 
    
25. config dhcp 'wan0'
    
26.         option interface 'wan0'
    
27.         option ignore '1'
    
28. 
    
29. config dhcp 'wan1'
    
30.         option interface 'wan1'
    
31.         option ignore '1'
    
32. 
    
33. config odhcpd 'odhcpd'
    
34.         option maindhcp '0'
    
35.         option leasefile '/tmp/hosts/odhcpd'
    
36.         option leasetrigger '/usr/sbin/odhcpd-update'</font>

复制代码

配置/etc/config/wireless

1. <font color="#000000">config wifi-device 'radio0'
   
2.         option type 'mac80211'
   
3.         option channel '0'
   
4.         option hwmode '11g'
   
5.         option path 'platform/ar933x_wmac'
   
6.         option htmode 'HT20'
   
7. 
   
8. config wifi-iface
   
9.         option device 'radio0'
   
10.         option network 'wan0'
    
11.         option mode 'sta'
    
12.         option ssid 'wifi名称'
    
13.         option encryption 'psk2'
    
14.         option key 'wifi密码'</font>

复制代码

注意：option network的值要与/etc/config/network中的interface编号对应。
配置/etc/config/firewall

1. <font color="#000000">config defaults
   
2.         option syn_flood '1'
   
3.         option input 'ACCEPT'
   
4.         option output 'ACCEPT'
   
5.         option forward 'REJECT'
   
6. 
   
7. config zone
   
8.         option name 'lan'
   
9.         option network 'lan'
   
10.         option input 'ACCEPT'
    
11.         option output 'ACCEPT'
    
12.         option forward 'ACCEPT'
    
13. 
    
14. config zone
    
15.         option name 'wan'
    
16.         list network 'wan0'
    
17.         list network 'wan1'
    
18.         list network 'wan6'
    
19.         option input 'ACCEPT'
    
20.         option output 'ACCEPT'
    
21.         option forward 'ACCEPT'
    
22.         option masq '1'
    
23.         option mtu_fix '1'
    
24. 
    
25. config forwarding
    
26.         option src 'lan'
    
27.         option dest 'wan'
    
28. 
    
29. config rule
    
30.         option name 'Allow-DHCP-Renew'
    
31.         option src 'wan'
    
32.         option proto 'udp'
    
33.         option dest_port '68'
    
34.         option target 'ACCEPT'
    
35.         option family 'ipv4'
    
36. 
    
37. config rule
    
38.         option name 'Allow-Ping'
    
39.         option src 'wan0'
    
40.         option proto 'icmp'
    
41.         option icmp_type 'echo-request'
    
42.         option family 'ipv4'
    
43.         option target 'ACCEPT'
    
44. 
    
45. config rule
    
46.         option name 'Allow-DHCPv6'
    
47.         option src 'wan'
    
48.         option proto 'udp'
    
49.         option src_ip 'fe80::/10'
    
50.         option src_port '547'
    
51.         option dest_ip 'fe80::/10'
    
52.         option dest_port '546'
    
53.         option family 'ipv6'
    
54.         option target 'ACCEPT'
    
55. 
    
56. config rule
    
57.         option name 'Allow-ICMPv6-Input'
    
58.         option src 'wan0'
    
59.         option proto 'icmp'
    
60.         option icmp_type 'echo-request echo-reply destination-unreachable packet-too-big time-exceeded bad-header unknown-header-type router-solicitation neighbout'
    
61.         option limit '1000/sec'
    
62.         option family 'ipv6'
    
63.         option target 'ACCEPT'
    
64. 
    
65. config rule
    
66.         option name 'Allow-ICMPv6-Forward'
    
67.         option src 'wan'
    
68.         option dest '*'
    
69.         option proto 'icmp'
    
70.         option icmp_type 'echo-request echo-reply destination-unreachable packet-too-big time-exceeded bad-header unknown-header-type'
    
71.         option limit '1000/sec'
    
72.         option family 'ipv6'
    
73.         option target 'ACCEPT'
    
74. 
    
75. config include
    
76.         option path '/etc/firewall.user'</font>

复制代码

一键配置脚本代码示例         
所有的配置操作均使用OpenWRT系统提供的uci命令，也是OpenWRT开发中比较正统的操作方法，当然也并不局限于此，如果不怕麻烦的话，直接修改配置文件也能达到同样效果。

1. <font color="#000000">#!/bin/sh
   
2. 
   
3. ENCRYPTION="psk2"   #接入wifi加密方式
   
4. SSID="test"       #接入wifi的SSID
   
5. KEY="12345678"      #接入wifi的密码
   
6. 
   
7. _wifi_sta_set_firewall(){
   
8.     echo > /etc/config/firewall
   
9.     uci add firewall defaults 1>/dev/null
   
10.     uci set firewall.@defaults[0]=defaults
    
11.     uci set firewall.@defaults[0].syn_flood=1
    
12.     uci set firewall.@defaults[0].input=ACCEPT
    
13.     uci set firewall.@defaults[0].output=ACCEPT
    
14.     uci set firewall.@defaults[0].forward=REJECT
    
15. 
    
16.     uci add firewall zone 1>/dev/null
    
17.     uci set firewall.@zone[0]=zone
    
18.     uci set firewall.@zone[0].name=lan
    
19.     uci set firewall.@zone[0].network=lan
    
20.     uci set firewall.@zone[0].input=ACCEPT
    
21.     uci set firewall.@zone[0].output=ACCEPT
    
22.     uci set firewall.@zone[0].forward=ACCEPT
    
23. 
    
24.     uci add firewall zone 1>/dev/null
    
25.     uci set firewall.@zone[1]=zone
    
26.     uci set firewall.@zone[1].name=wan
    
27.     uci add_list firewall.@zone[1].network=wan0
    
28.     uci add_list firewall.@zone[1].network=wan1
    
29.     #uci add_list firewall.@zone[1].network=wan6
    
30.     uci set firewall.@zone[1].input=ACCEPT
    
31.     uci set firewall.@zone[1].output=ACCEPT
    
32.     uci set firewall.@zone[1].forward=ACCEPT
    
33.     uci set firewall.@zone[1].masq=1
    
34.     uci set firewall.@zone[1].mtu_fix=1
    
35. 
    
36.     uci add firewall forwarding 1>/dev/null
    
37.     uci set firewall.@forwarding[0]=forwarding
    
38.     uci set firewall.@forwarding[0].src=lan
    
39.     uci set firewall.@forwarding[0].dest=wan
    
40. 
    
41.     uci add firewall rule 1>/dev/null
    
42.     uci set firewall.@rule[0]=rule
    
43.     uci set firewall.@rule[0].name=Allow-DHCP-Renew
    
44.     uci set firewall.@rule[0].src=wan
    
45.     uci set firewall.@rule[0].proto=udp
    
46.     uci set firewall.@rule[0].dest_port=68
    
47.     uci set firewall.@rule[0].target=ACCEPT
    
48.     uci set firewall.@rule[0].family=ipv4
    
49. 
    
50.     uci add firewall rule 1>/dev/null
    
51.     uci set firewall.@rule[1]=rule
    
52.     uci set firewall.@rule[1].name=Allow-Ping
    
53.     uci set firewall.@rule[1].src=wan
    
54.     uci set firewall.@rule[1].proto=icmp
    
55.     uci set firewall.@rule[1].icmp_type=echo-request
    
56.     uci set firewall.@rule[1].family=ipv4
    
57.     uci set firewall.@rule[1].target=ACCEPT
    
58. 
    
59.     uci add firewall rule 1>/dev/null
    
60.     uci set firewall.@rule[2]=rule
    
61.     uci set firewall.@rule[2].name=Allow-DHCPv6
    
62.     uci set firewall.@rule[2].src=wan
    
63.     uci set firewall.@rule[2].proto=udp
    
64.     uci set firewall.@rule[2].src_ip=fe80::/10
    
65.     uci set firewall.@rule[2].src_port=547
    
66.     uci set firewall.@rule[2].dest_ip=fe80::/10
    
67.     uci set firewall.@rule[2].dest_port=546
    
68.     uci set firewall.@rule[2].family=ipv6
    
69.     uci set firewall.@rule[2].target=ACCEPT
    
70. 
    
71.     #uci add firewall rule 1>/dev/null
    
72.     #uci set firewall.@rule[3]=rule
    
73.     #uci set firewall.@rule[3].name=Allow-ICMPv6-Input
    
74.     #uci set firewall.@rule[3].src=wan
    
75.     #uci set firewall.@rule[3].proto=icmp
    
76.     #uci set firewall.@rule[3].icmp_type='echo-request echo-reply destination-unreachable packet-too-big time-exceeded bad-header unknown-header-type router-solicitation neighbout'
    
77.     #uci set firewall.@rule[3].limit=1000/sec
    
78.     #uci set firewall.@rule[3].family=ipv6
    
79.     #uci set firewall.@rule[3].target=ACCEPT
    
80. 
    
81.     #uci add firewall rule 1>/dev/null
    
82.     #uci set firewall.@rule[4]=rule
    
83.     #uci set firewall.@rule[4].name='Allow-ICMPv6-Forward'
    
84.     #uci set firewall.@rule[4].src=wan
    
85.     #uci set firewall.@rule[4].dest=*
    
86.     #uci set firewall.@rule[4].proto=icmp
    
87.     #uci set firewall.@rule[4].icmp_type='echo-request echo-reply destination-unreachable packet-too-big time-exceeded bad-header unknown-header-type'
    
88.     #uci set firewall.@rule[4].limit='1000/sec'
    
89.     #uci set firewall.@rule[4].family='ipv6'
    
90.     #uci set firewall.@rule[4].target='ACCEPT'
    
91. 
    
92.     echo OK
    
93.     uci add firewall include 1>/dev/null
    
94.     uci set firewall.@include[0]=include
    
95.     uci set firewall.@include[0].path='/etc/firewall.user'
    
96.     uci commit
    
97. }
    
98. 
    
99. _wifi_sta_set_network(){
    
100.     echo > /etc/config/network
     
101.     uci set network.eth1=switch
     
102.     uci set network.eth1.reset=0
     
103.     uci set network.eth1.enable_vlan=0
     
104.     uci set network.loopback=interface
     
105.     uci set network.loopback.ifname=lo
     
106.     uci set network.loopback.proto=static
     
107.     uci set network.loopback.ipaddr=127.0.0.1
     
108.     uci set network.loopback.netmask=255.0.0.0
     
109.     uci set network.lan=interface
     
110.     uci set network.lan.ifname=eth1
     
111.     uci set network.lan.proto=static
     
112.     uci set network.lan.ipaddr=192.168.6.1
     
113.     uci set network.lan.netmask=255.255.255.0
     
114.     uci set network.wan0=interface
     
115.     uci set network.wan0.ifname=wlan0
     
116.     uci set network.wan0.proto=dhcp
     
117.     uci set network.wan1=interface
     
118.     uci set network.wan1.ifname=eth0
     
119.     uci set network.wan1.proto=dhcp
     
120.     uci commit
     
121. }
     
122. 
     
123. #wifi在STA模式下设置dhcp参数
     
124. _wifi_sta_set_dhcp(){
     
125.     uci delete dhcp.wan 2>/dev/null
     
126.     uci set dhcp.lan=dhcp
     
127.     uci set dhcp.lan.interface=lan
     
128.     uci set dhcp.lan.start=100
     
129.     uci set dhcp.lan.limit=150
     
130.     uci set dhcp.lan.leasetime=12h
     
131.     uci set dhcp.lan.dhcpv6=server
     
132.     uci set dhcp.lan.ra=server
     
133.     uci set dhcp.wan0=dhcp
     
134.     uci set dhcp.wan0.interface=wan0
     
135.     uci set dhcp.wan0.ignore=1
     
136.     uci set dhcp.wan1=dhcp
     
137.     uci set dhcp.wan1.interface=wan1
     
138.     uci set dhcp.wan1.ignore=1
     
139.     uci set dhcp.odhcpd=odhcpd
     
140.     uci set dhcp.odhcpd.maindhcp=0
     
141.     uci set dhcp.odhcpd.leasefile=/tmp/hosts/odhcpd
     
142.     uci set dhcp.odhcpd.leasetrigger=/usr/sbin/odhcpd-update
     
143.     uci commit
     
144. }
     
145. 
     
146. #param: <ssid> <encrymode> <key>
     
147. #   <ssid>      连接AP的SSID名称
     
148. #   <encrymode> AP加密方式
     
149. #   <key>       AP密码
     
150. wifi_connect_to(){
     
151.     echo > /etc/config/wireless
     
152.     uci set wireless.radio0=wifi-device
     
153.     uci set wireless.radio0.type=mac80211
     
154.     uci set wireless.radio0.channel=0
     
155.     uci set wireless.radio0.hwmode=11g
     
156.     uci set wireless.radio0.path=platform/ar933x_wmac
     
157.     uci set wireless.radio0.htmode=HT20
     
158.     if ! uci get wireless.@wifi-iface[0] 1>/dev/null 2>/dev/null
     
159.     then
     
160.         uci add wireless wifi-iface 1>/dev/null 2>/dev/null
     
161.     fi
     
162.     uci set wireless.@wifi-iface[0]=wifi-iface
     
163.     uci set wireless.@wifi-iface[0].device=radio0
     
164.     uci set wireless.@wifi-iface[0].network=wan0
     
165.     uci set wireless.@wifi-iface[0].mode=sta
     
166.     uci set wireless.@wifi-iface[0].ssid=$1
     
167.     uci set wireless.@wifi-iface[0].encryption=$2
     
168.     uci set wireless.@wifi-iface[0].key=$3
     
169.     uci commit
     
170. }
     
171. 
     
172. _wifi_sta_set_firewall #设置firewall参数
     
173. _wifi_sta_set_network  #设置network参数
     
174. _wifi_sta_set_dhcp     #设置dhcp参数
     
175. wifi_connect_to $SSID $ENCRYPTION $KEY  #连接wifi
     
176. 
     
177. /etc/init.d/firewall enable
     
178. /etc/init.d/firewall restart
     
179. #/etc/init.d/network restart</font>

复制代码