여러분의 dd-wrt 라우터를 이용해서 2개의 SSID(하나는 FON서비스용, 다른 하나는 개인적인 보안연결에 사용)를 사용하는 세팅을 합니다. I have a test firewall that limits access for the FON users to certain services (to inet only). 먼저 최신버전의 펌웨어로 업그레이드를 해야합니다.
각 페이지마다 수정이 끝난 후에는 반드시 "SAVE" 버튼을 누르는 것을 잊지마세요!
초기 관리자 계정은 root / admin 입니다.
이제 시작합니다.
1. Administration > Services: Secure Shell
1. SSHd: enabled [optional]
2. Administration > Management:
1. set username & password
2. Web Access:
1. Info Site Password Protection: Enabled [선택사항]
2. Protocol: httpS [선택사항]
3. Remote Access:
1. Web GUI Management: Enable [선택사항]
2. Use HTTPS: * [선택사항]
3. SSH Management: enable [선택사항]
3. Setup > Basic Setup (Network Address Server Settings (DHCP))
1. Use DNSMasq for DHCP: DISabled
2. Use DNSMasq for DNS: DISabled
4. wireless > basic settings:
1. add virtual interface:
1. Wireless Network Name (SSID): FON_JACKIE
2. Wireless SSID Broadcast: Enable
3. AP Isolation: Enable
2. wireless networkmode: B [선택사항]
3. Wireless Channel: 1 ~ 11 사이의 채널 선택
4. Wireless Network Name (SSID): 이름지정
5. Wireless SSID Broadcast: disable
('Save Settings')
밤에는 무선을 꺼두시길 원하신다면[선택사항]:
* Wireless > Advanced Settings - Radio Time Restrictions
아래 박스의 내용을 Chillispot & Firewall Administration > Commands 에 복사해 넣으세요.
"Save Startup" 버튼을 클릭하세요.
Administration > Commands 에 다음의 내용을 넣으세요.
'Save Firewall' 버튼을 클릭하세요.
아래의 내용을 넣으세요.
'Run Commands' 버튼을 클릭하시면, firewall 과 rc_startup 필드가 공백이 될 것입니다.(그 내용은 파일에 저장됩니다.).
아래의 내용을 넣으세요.
'Save Startup' 을 클릭하세요.
아래의 내용을 넣으세요
'Run Commands' 버튼을 클릭하세요.
아래의 내용을 넣으세요.
'Save Startup' 버튼을 클릭하세요.
라우터를 재부팅합니다. (Administration-Management 의 하단에 "Reboot Router" 버튼을 클릭하세요.) 그러면, 재부팅이 완료되고 난 후에 작동될 것입니다!
- 1. 최신의 V24펌웨어를 구합니다.(저는 20060830 버전을 사용했습니다.)
2. 공장초기값으로 설정 돌리기 : Administration > Factory Defaults
3. 펌웨어 업그레이드하기 (reset to defaults): Administration > Firmware Upgrade
각 페이지마다 수정이 끝난 후에는 반드시 "SAVE" 버튼을 누르는 것을 잊지마세요!
초기 관리자 계정은 root / admin 입니다.
이제 시작합니다.
1. Administration > Services: Secure Shell
1. SSHd: enabled [optional]
2. Administration > Management:
1. set username & password
2. Web Access:
1. Info Site Password Protection: Enabled [선택사항]
2. Protocol: httpS [선택사항]
3. Remote Access:
1. Web GUI Management: Enable [선택사항]
2. Use HTTPS: * [선택사항]
3. SSH Management: enable [선택사항]
3. Setup > Basic Setup (Network Address Server Settings (DHCP))
1. Use DNSMasq for DHCP: DISabled
2. Use DNSMasq for DNS: DISabled
4. wireless > basic settings:
1. add virtual interface:
1. Wireless Network Name (SSID): FON_JACKIE
2. Wireless SSID Broadcast: Enable
3. AP Isolation: Enable
2. wireless networkmode: B [선택사항]
3. Wireless Channel: 1 ~ 11 사이의 채널 선택
4. Wireless Network Name (SSID): 이름지정
5. Wireless SSID Broadcast: disable
('Save Settings')
- 1. virtual interface:
1. IP Address: 192.168.2.1
2. SubnetMask: 255.255.255.255
1. wireless > wireless security (Physical Interface)
1. Security Mode: WPA2 preshared key mixed
2. WPA Algorithms: TKIP
3. WPA Shared Key: 원하는비밀번호
2. If only one antenna in use: wireless > Advanced:
1. AP Isolation: Enable
2. TX Antenna: right [선택사항]
3. RX Antenna: right [선택사항]
3. Administration & Gaming > QOS [선택사항]:
1. Start QoS: Enable
2. Uplink (kbps): 업로드 최대속도
3. Downlink (kbps): 다운로드 최대속도
밤에는 무선을 꺼두시길 원하신다면[선택사항]:
* Wireless > Advanced Settings - Radio Time Restrictions
아래 박스의 내용을 Chillispot & Firewall Administration > Commands 에 복사해 넣으세요.
#!/bin/sh
#
# This is automatically generated file. DO NOT MODIFY !
#
# Firewall Builder fwb_ipt v2.0.9-1
#
# Generated Mon Aug 28 20:19:11 2006 CEST by jhaarman
#
# files: * dd-wrt-1-1-1-1.fw
#
#
set -x
PATH="/sbin:/usr/sbin:/bin:/usr/bin:${PATH}"
export PATH
log() {
echo "$1"
test -x "$LOGGER" && $LOGGER -p info "$1"
}
va_num=1
add_addr() {
addr=$1
nm=$2
dev=$3
type=""
aadd=""
L=`$IP -4 link ls $dev | head -n1`
if test -n "$L"; then
OIFS=$IFS
IFS=" /:,<"
set $L
type=$4
IFS=$OIFS
L=`$IP -4 addr ls $dev to $addr | grep inet | grep -v :`
if test -n "$L"; then
OIFS=$IFS
IFS=" /"
set $L
aadd=$2
IFS=$OIFS
fi
fi
if test -z "$aadd"; then
if test "$type" = "POINTOPOINT"; then
$IP -4 addr add $addr dev $dev scope global label $dev:FWB${va_num}
va_num=`expr $va_num + 1`
fi
if test "$type" = "BROADCAST"; then
$IP -4 addr add $addr/$nm dev $dev brd + scope global label $dev:FWB${va_num}
va_num=`expr $va_num + 1`
fi
fi
}
getInterfaceVarName() {
echo $1 | sed 's/\./_/'
}
getaddr() {
dev=$1
name=$2
L=`$IP -4 addr show dev $dev | grep inet | grep -v :`
test -z "$L" && {
eval "$name=''"
return
}
OIFS=$IFS
IFS=" /"
set $L
eval "$name=$2"
IFS=$OIFS
}
getinterfaces() {
NAME=$1
$IP link show | grep ": $NAME" | while read L; do
OIFS=$IFS
IFS=" :"
set $L
IFS=$OIFS
echo $2
done
}
LSMOD="/sbin/lsmod"
MODPROBE="/sbin/modprobe"
IPTABLES="/usr/sbin/iptables"
IPTABLES_RESTORE="iptables-restore"
IP="/usr/sbin/ip"
LOGGER="/usr/bin/logger"
if $IP link ls >/dev/null 2>&1; then
echo;
else
echo "iproute not found"
exit 1
fi
INTERFACES="vlan1 br0 lo wl0.1 tun0 "
for i in $INTERFACES ; do
$IP link show "$i" > /dev/null 2>&1 || {
log "Interface $i does not exist"
exit 1
}
done
$IP -4 neigh flush dev br0 >/dev/null 2>&1
$IP -4 addr flush dev br0 secondary label "br0:FWB*" >/dev/null 2>&1
$IP -4 neigh flush dev wl0.1 >/dev/null 2>&1
$IP -4 addr flush dev wl0.1 secondary label "wl0.1:FWB*" >/dev/null 2>&1
$IP -4 neigh flush dev tun0 >/dev/null 2>&1
$IP -4 addr flush dev tun0 secondary label "tun0:FWB*" >/dev/null 2>&1
add_addr 192.168.1.1 24 br0
$IP link set br0 up
add_addr 127.0.0.1 8 lo
$IP link set lo up
add_addr 192.168.2.1 24 wl0.1
$IP link set wl0.1 up
add_addr 192.168.182.1 24 tun0
$IP link set tun0 up
getaddr vlan1 i_vlan1
#
# This is automatically generated file. DO NOT MODIFY !
#
# Firewall Builder fwb_ipt v2.0.9-1
#
# Generated Mon Aug 28 20:19:11 2006 CEST by jhaarman
#
# files: * dd-wrt-1-1-1-1.fw
#
#
set -x
PATH="/sbin:/usr/sbin:/bin:/usr/bin:${PATH}"
export PATH
log() {
echo "$1"
test -x "$LOGGER" && $LOGGER -p info "$1"
}
va_num=1
add_addr() {
addr=$1
nm=$2
dev=$3
type=""
aadd=""
L=`$IP -4 link ls $dev | head -n1`
if test -n "$L"; then
OIFS=$IFS
IFS=" /:,<"
set $L
type=$4
IFS=$OIFS
L=`$IP -4 addr ls $dev to $addr | grep inet | grep -v :`
if test -n "$L"; then
OIFS=$IFS
IFS=" /"
set $L
aadd=$2
IFS=$OIFS
fi
fi
if test -z "$aadd"; then
if test "$type" = "POINTOPOINT"; then
$IP -4 addr add $addr dev $dev scope global label $dev:FWB${va_num}
va_num=`expr $va_num + 1`
fi
if test "$type" = "BROADCAST"; then
$IP -4 addr add $addr/$nm dev $dev brd + scope global label $dev:FWB${va_num}
va_num=`expr $va_num + 1`
fi
fi
}
getInterfaceVarName() {
echo $1 | sed 's/\./_/'
}
getaddr() {
dev=$1
name=$2
L=`$IP -4 addr show dev $dev | grep inet | grep -v :`
test -z "$L" && {
eval "$name=''"
return
}
OIFS=$IFS
IFS=" /"
set $L
eval "$name=$2"
IFS=$OIFS
}
getinterfaces() {
NAME=$1
$IP link show | grep ": $NAME" | while read L; do
OIFS=$IFS
IFS=" :"
set $L
IFS=$OIFS
echo $2
done
}
LSMOD="/sbin/lsmod"
MODPROBE="/sbin/modprobe"
IPTABLES="/usr/sbin/iptables"
IPTABLES_RESTORE="iptables-restore"
IP="/usr/sbin/ip"
LOGGER="/usr/bin/logger"
if $IP link ls >/dev/null 2>&1; then
echo;
else
echo "iproute not found"
exit 1
fi
INTERFACES="vlan1 br0 lo wl0.1 tun0 "
for i in $INTERFACES ; do
$IP link show "$i" > /dev/null 2>&1 || {
log "Interface $i does not exist"
exit 1
}
done
$IP -4 neigh flush dev br0 >/dev/null 2>&1
$IP -4 addr flush dev br0 secondary label "br0:FWB*" >/dev/null 2>&1
$IP -4 neigh flush dev wl0.1 >/dev/null 2>&1
$IP -4 addr flush dev wl0.1 secondary label "wl0.1:FWB*" >/dev/null 2>&1
$IP -4 neigh flush dev tun0 >/dev/null 2>&1
$IP -4 addr flush dev tun0 secondary label "tun0:FWB*" >/dev/null 2>&1
add_addr 192.168.1.1 24 br0
$IP link set br0 up
add_addr 127.0.0.1 8 lo
$IP link set lo up
add_addr 192.168.2.1 24 wl0.1
$IP link set wl0.1 up
add_addr 192.168.182.1 24 tun0
$IP link set tun0 up
getaddr vlan1 i_vlan1
"Save Startup" 버튼을 클릭하세요.
Administration > Commands 에 다음의 내용을 넣으세요.
log 'Activating firewall script generated Mon Aug 28 20:19:11 2006 by jhaarman'
$IPTABLES -P OUTPUT DROP
$IPTABLES -P INPUT DROP
$IPTABLES -P FORWARD DROP
ip6tables -L -n > /dev/null 2>&1 && {
ip6tables -P OUTPUT DROP
ip6tables -P INPUT DROP
ip6tables -P FORWARD DROP
}
cat /proc/net/ip_tables_names | while read table; do
test "X$table" = "Xmangle" && continue
$IPTABLES -t $table -L -n | while read c chain rest; do
if test "X$c" = "XChain" ; then
$IPTABLES -t $table -F $chain
fi
done
$IPTABLES -t $table -X
done
$IPTABLES -A INPUT -m state --state ESTABLISHED,RELATED -j ACCEPT
$IPTABLES -A OUTPUT -m state --state ESTABLISHED,RELATED -j ACCEPT
$IPTABLES -A FORWARD -m state --state ESTABLISHED,RELATED -j ACCEPT
echo "Rule 0 (NAT)"
#
$IPTABLES -t nat -A POSTROUTING -o vlan1 -s 192.168.0.0/16 -j MASQUERADE
echo "Rule 0 (lo)"
#
$IPTABLES -A INPUT -i lo -m state --state NEW -j ACCEPT
$IPTABLES -A OUTPUT -o lo -m state --state NEW -j ACCEPT
echo "Rule 0 (tun0)"
#
$IPTABLES -N Cid44F4A009.0
$IPTABLES -A INPUT -i tun0 -d 255.255.255.255 -m state --state NEW -j Cid44F4A009.0
$IPTABLES -A Cid44F4A009.0 -p udp -m udp -m multiport --dports 68,67 -j ACCEPT
$IPTABLES -N Cid44F4A009.1
$IPTABLES -A OUTPUT -o tun0 -d 255.255.255.255 -m state --state NEW -j Cid44F4A009.1
$IPTABLES -A Cid44F4A009.1 -p udp -m udp -m multiport --dports 68,67 -j ACCEPT
$IPTABLES -N Cid44F4A009.2
$IPTABLES -A FORWARD -o tun0 -d 255.255.255.255 -m state --state NEW -j Cid44F4A009.2
$IPTABLES -A Cid44F4A009.2 -p udp -m udp -m multiport --dports 68,67 -j ACCEPT
echo "Rule 1 (tun0)"
#
$IPTABLES -N Cid44F49FBE.0
$IPTABLES -A INPUT -i tun0 -s 192.168.182.0/24 -m state --state NEW -j Cid44F49FBE.0
$IPTABLES -A Cid44F49FBE.0 -p tcp -m tcp --dport 53 -j ACCEPT
$IPTABLES -A Cid44F49FBE.0 -p udp -m udp --dport 53 -j ACCEPT
$IPTABLES -N Cid44F49FBE.1
$IPTABLES -A FORWARD -i tun0 -s 192.168.182.0/24 -m state --state NEW -j Cid44F49FBE.1
$IPTABLES -A Cid44F49FBE.1 -p tcp -m tcp --dport 53 -j ACCEPT
$IPTABLES -A Cid44F49FBE.1 -p udp -m udp --dport 53 -j ACCEPT
echo "Rule 2 (tun0)"
#
$IPTABLES -A INPUT -i tun0 -s 192.168.182.0/24 -d 192.168.182.255 -m state --state NEW -j ACCEPT
$IPTABLES -A INPUT -i tun0 -s 192.168.182.0/24 -d 192.168.182.1 -m state --state NEW -j ACCEPT
echo "Rule 3 (tun0)"
#
$IPTABLES -N Cid44F49FF3.0
$IPTABLES -A INPUT -i tun0 -s 192.168.182.0/24 -j Cid44F49FF3.0
$IPTABLES -A Cid44F49FF3.0 -d 10.0.0.0/8 -j DROP
$IPTABLES -A Cid44F49FF3.0 -d 192.168.0.0/16 -j DROP
$IPTABLES -A Cid44F49FF3.0 -d 172.16.0.0/12 -j DROP
$IPTABLES -N Cid44F49FF3.1
$IPTABLES -A FORWARD -i tun0 -s 192.168.182.0/24 -j Cid44F49FF3.1
$IPTABLES -A Cid44F49FF3.1 -d 10.0.0.0/8 -j DROP
$IPTABLES -A Cid44F49FF3.1 -d 192.168.0.0/16 -j DROP
$IPTABLES -A Cid44F49FF3.1 -d 172.16.0.0/12 -j DROP
echo "Rule 5 (tun0)"
#
$IPTABLES -N Cid44F4A041.0
$IPTABLES -A INPUT -i tun0 -s 192.168.182.0/24 -m state --state NEW -j Cid44F4A041.0
$IPTABLES -A Cid44F4A041.0 -p icmp -m icmp --icmp-type 8/0 -j ACCEPT
$IPTABLES -A Cid44F4A041.0 -p tcp -m tcp --dport 5222:5223 -j ACCEPT
$IPTABLES -A Cid44F4A041.0 -p tcp -m tcp -m multiport --dports 22,80,443,5060,143,993,110,995,1812 -j ACCEPT
$IPTABLES -A Cid44F4A041.0 -p udp -m udp --dport 5000:5020 -j ACCEPT
$IPTABLES -A Cid44F4A041.0 -p udp -m udp --dport 8000:8020 -j ACCEPT
$IPTABLES -A Cid44F4A041.0 -p udp -m udp --dport 5060 -j ACCEPT
$IPTABLES -N Cid44F4A041.1
$IPTABLES -A FORWARD -i tun0 -s 192.168.182.0/24 -m state --state NEW -j Cid44F4A041.1
$IPTABLES -A Cid44F4A041.1 -p icmp -m icmp --icmp-type 8/0 -j ACCEPT
$IPTABLES -A Cid44F4A041.1 -p tcp -m tcp --dport 5222:5223 -j ACCEPT
$IPTABLES -A Cid44F4A041.1 -p tcp -m tcp -m multiport --dports 22,80,443,5060,143,993,110,995,1812 -j ACCEPT
$IPTABLES -A Cid44F4A041.1 -p udp -m udp --dport 5000:5020 -j ACCEPT
$IPTABLES -A Cid44F4A041.1 -p udp -m udp --dport 8000:8020 -j ACCEPT
$IPTABLES -A Cid44F4A041.1 -p udp -m udp --dport 5060 -j ACCEPT
echo "Rule 6 (tun0)"
#
$IPTABLES -A INPUT -i tun0 -j DROP
$IPTABLES -A FORWARD -i tun0 -j DROP
$IPTABLES -A OUTPUT -o tun0 -j DROP
$IPTABLES -A FORWARD -o tun0 -j DROP
echo "Rule 14 (global)"
#
$IPTABLES -A OUTPUT -m state --state NEW -j ACCEPT
$IPTABLES -A INPUT -m state --state NEW -j ACCEPT
$IPTABLES -A FORWARD -m state --state NEW -j ACCEPT
#
#
echo 1 > /proc/sys/net/ipv4/ip_forward
$IPTABLES -P OUTPUT DROP
$IPTABLES -P INPUT DROP
$IPTABLES -P FORWARD DROP
ip6tables -L -n > /dev/null 2>&1 && {
ip6tables -P OUTPUT DROP
ip6tables -P INPUT DROP
ip6tables -P FORWARD DROP
}
cat /proc/net/ip_tables_names | while read table; do
test "X$table" = "Xmangle" && continue
$IPTABLES -t $table -L -n | while read c chain rest; do
if test "X$c" = "XChain" ; then
$IPTABLES -t $table -F $chain
fi
done
$IPTABLES -t $table -X
done
$IPTABLES -A INPUT -m state --state ESTABLISHED,RELATED -j ACCEPT
$IPTABLES -A OUTPUT -m state --state ESTABLISHED,RELATED -j ACCEPT
$IPTABLES -A FORWARD -m state --state ESTABLISHED,RELATED -j ACCEPT
echo "Rule 0 (NAT)"
#
$IPTABLES -t nat -A POSTROUTING -o vlan1 -s 192.168.0.0/16 -j MASQUERADE
echo "Rule 0 (lo)"
#
$IPTABLES -A INPUT -i lo -m state --state NEW -j ACCEPT
$IPTABLES -A OUTPUT -o lo -m state --state NEW -j ACCEPT
echo "Rule 0 (tun0)"
#
$IPTABLES -N Cid44F4A009.0
$IPTABLES -A INPUT -i tun0 -d 255.255.255.255 -m state --state NEW -j Cid44F4A009.0
$IPTABLES -A Cid44F4A009.0 -p udp -m udp -m multiport --dports 68,67 -j ACCEPT
$IPTABLES -N Cid44F4A009.1
$IPTABLES -A OUTPUT -o tun0 -d 255.255.255.255 -m state --state NEW -j Cid44F4A009.1
$IPTABLES -A Cid44F4A009.1 -p udp -m udp -m multiport --dports 68,67 -j ACCEPT
$IPTABLES -N Cid44F4A009.2
$IPTABLES -A FORWARD -o tun0 -d 255.255.255.255 -m state --state NEW -j Cid44F4A009.2
$IPTABLES -A Cid44F4A009.2 -p udp -m udp -m multiport --dports 68,67 -j ACCEPT
echo "Rule 1 (tun0)"
#
$IPTABLES -N Cid44F49FBE.0
$IPTABLES -A INPUT -i tun0 -s 192.168.182.0/24 -m state --state NEW -j Cid44F49FBE.0
$IPTABLES -A Cid44F49FBE.0 -p tcp -m tcp --dport 53 -j ACCEPT
$IPTABLES -A Cid44F49FBE.0 -p udp -m udp --dport 53 -j ACCEPT
$IPTABLES -N Cid44F49FBE.1
$IPTABLES -A FORWARD -i tun0 -s 192.168.182.0/24 -m state --state NEW -j Cid44F49FBE.1
$IPTABLES -A Cid44F49FBE.1 -p tcp -m tcp --dport 53 -j ACCEPT
$IPTABLES -A Cid44F49FBE.1 -p udp -m udp --dport 53 -j ACCEPT
echo "Rule 2 (tun0)"
#
$IPTABLES -A INPUT -i tun0 -s 192.168.182.0/24 -d 192.168.182.255 -m state --state NEW -j ACCEPT
$IPTABLES -A INPUT -i tun0 -s 192.168.182.0/24 -d 192.168.182.1 -m state --state NEW -j ACCEPT
echo "Rule 3 (tun0)"
#
$IPTABLES -N Cid44F49FF3.0
$IPTABLES -A INPUT -i tun0 -s 192.168.182.0/24 -j Cid44F49FF3.0
$IPTABLES -A Cid44F49FF3.0 -d 10.0.0.0/8 -j DROP
$IPTABLES -A Cid44F49FF3.0 -d 192.168.0.0/16 -j DROP
$IPTABLES -A Cid44F49FF3.0 -d 172.16.0.0/12 -j DROP
$IPTABLES -N Cid44F49FF3.1
$IPTABLES -A FORWARD -i tun0 -s 192.168.182.0/24 -j Cid44F49FF3.1
$IPTABLES -A Cid44F49FF3.1 -d 10.0.0.0/8 -j DROP
$IPTABLES -A Cid44F49FF3.1 -d 192.168.0.0/16 -j DROP
$IPTABLES -A Cid44F49FF3.1 -d 172.16.0.0/12 -j DROP
echo "Rule 5 (tun0)"
#
$IPTABLES -N Cid44F4A041.0
$IPTABLES -A INPUT -i tun0 -s 192.168.182.0/24 -m state --state NEW -j Cid44F4A041.0
$IPTABLES -A Cid44F4A041.0 -p icmp -m icmp --icmp-type 8/0 -j ACCEPT
$IPTABLES -A Cid44F4A041.0 -p tcp -m tcp --dport 5222:5223 -j ACCEPT
$IPTABLES -A Cid44F4A041.0 -p tcp -m tcp -m multiport --dports 22,80,443,5060,143,993,110,995,1812 -j ACCEPT
$IPTABLES -A Cid44F4A041.0 -p udp -m udp --dport 5000:5020 -j ACCEPT
$IPTABLES -A Cid44F4A041.0 -p udp -m udp --dport 8000:8020 -j ACCEPT
$IPTABLES -A Cid44F4A041.0 -p udp -m udp --dport 5060 -j ACCEPT
$IPTABLES -N Cid44F4A041.1
$IPTABLES -A FORWARD -i tun0 -s 192.168.182.0/24 -m state --state NEW -j Cid44F4A041.1
$IPTABLES -A Cid44F4A041.1 -p icmp -m icmp --icmp-type 8/0 -j ACCEPT
$IPTABLES -A Cid44F4A041.1 -p tcp -m tcp --dport 5222:5223 -j ACCEPT
$IPTABLES -A Cid44F4A041.1 -p tcp -m tcp -m multiport --dports 22,80,443,5060,143,993,110,995,1812 -j ACCEPT
$IPTABLES -A Cid44F4A041.1 -p udp -m udp --dport 5000:5020 -j ACCEPT
$IPTABLES -A Cid44F4A041.1 -p udp -m udp --dport 8000:8020 -j ACCEPT
$IPTABLES -A Cid44F4A041.1 -p udp -m udp --dport 5060 -j ACCEPT
echo "Rule 6 (tun0)"
#
$IPTABLES -A INPUT -i tun0 -j DROP
$IPTABLES -A FORWARD -i tun0 -j DROP
$IPTABLES -A OUTPUT -o tun0 -j DROP
$IPTABLES -A FORWARD -o tun0 -j DROP
echo "Rule 14 (global)"
#
$IPTABLES -A OUTPUT -m state --state NEW -j ACCEPT
$IPTABLES -A INPUT -m state --state NEW -j ACCEPT
$IPTABLES -A FORWARD -m state --state NEW -j ACCEPT
#
#
echo 1 > /proc/sys/net/ipv4/ip_forward
'Save Firewall' 버튼을 클릭하세요.
아래의 내용을 넣으세요.
/usr/sbin/nvram get rc_startup > /tmp/firewall.eo
/usr/sbin/nvram get rc_firewall >> /tmp/firewall.eo
/usr/sbin/nvram unset rc_firewall
/usr/sbin/nvram unset rc_startup
/usr/sbin/nvram get rc_firewall >> /tmp/firewall.eo
/usr/sbin/nvram unset rc_firewall
/usr/sbin/nvram unset rc_startup
'Run Commands' 버튼을 클릭하시면, firewall 과 rc_startup 필드가 공백이 될 것입니다.(그 내용은 파일에 저장됩니다.).
아래의 내용을 넣으세요.
/usr/sbin/nvram set fwb="`cat /tmp/firewall.eo`"
'Save Startup' 을 클릭하세요.
아래의 내용을 넣으세요
/usr/sbin/nvram get rc_startup|sh
/usr/sbin/nvram commit
/usr/sbin/nvram commit
'Run Commands' 버튼을 클릭하세요.
아래의 내용을 넣으세요.
echo '00 03 * * * root /usr/bin/wget "http://download.fon.com/heartbeat.php?mac=`nvram get il0macaddr|sed s/:/-/g`" -O /tmp/inet.html' > /tmp/cron.d/heartbeat
sleep 15; echo -n "radiusserver1 radius01.fon.com
radiusserver2 radius02.fon.com
radiussecret garrafon
dhcpif wl0.1
uamhomepage http://startu.net/splash.html
uamserver https://login.fon.com/cp/index.php
dns1 " > /tmp/chilli2.conf;echo `nvram get wan_get_dns`>> /tmp/chilli2.conf;echo -n "uamsecret garrafon
uamanydns
uamallowed www.fon.com,login.fon.com,192.168.1.1,en.fon.com,acceso.fon.com,startu.net,www.paypal.com,www.paypalobjects.com,lernu.net,esperanto.net,www.google.com,www.gmail.com
radiusnasid " >> /tmp/chilli2.conf;echo `nvram get il0macaddr|sed s/:/-/g`>> /tmp/chilli2.conf;echo "net 192.168.182.0/24
dynip 192.168.182.0/24" >> /tmp/chilli2.conf; killall chilli; /usr/sbin/chilli -c /tmp/chilli2.conf; /usr/sbin/nvram get fwb|sh
sleep 15; echo -n "radiusserver1 radius01.fon.com
radiusserver2 radius02.fon.com
radiussecret garrafon
dhcpif wl0.1
uamhomepage http://startu.net/splash.html
uamserver https://login.fon.com/cp/index.php
dns1 " > /tmp/chilli2.conf;echo `nvram get wan_get_dns`>> /tmp/chilli2.conf;echo -n "uamsecret garrafon
uamanydns
uamallowed www.fon.com,login.fon.com,192.168.1.1,en.fon.com,acceso.fon.com,startu.net,www.paypal.com,www.paypalobjects.com,lernu.net,esperanto.net,www.google.com,www.gmail.com
radiusnasid " >> /tmp/chilli2.conf;echo `nvram get il0macaddr|sed s/:/-/g`>> /tmp/chilli2.conf;echo "net 192.168.182.0/24
dynip 192.168.182.0/24" >> /tmp/chilli2.conf; killall chilli; /usr/sbin/chilli -c /tmp/chilli2.conf; /usr/sbin/nvram get fwb|sh
'Save Startup' 버튼을 클릭하세요.
라우터를 재부팅합니다. (Administration-Management 의 하단에 "Reboot Router" 버튼을 클릭하세요.) 그러면, 재부팅이 완료되고 난 후에 작동될 것입니다!
출처 : DD-WRT Forum (http://www.dd-wrt.com)
