{"id":570,"date":"2009-04-26T21:32:30","date_gmt":"2009-04-26T12:32:30","guid":{"rendered":"http:\/\/randt.jp\/?page_id=570"},"modified":"2009-04-26T21:32:30","modified_gmt":"2009-04-26T12:32:30","slug":"openwrt-on-la-fonera-tips","status":"publish","type":"page","link":"https:\/\/randt.jp\/?page_id=570","title":{"rendered":"OpenWrt on La fonera Tips"},"content":{"rendered":"
\n
\n

iptable\u3067\u5916\u90e8\u304b\u3089\u306essh\u3092\u9632\u3050<\/a><\/h2>\n<\/dt>\n
\n

ssh\u3092\u4f7f\u3063\u3066\u3044\u308b\u3068\u306f\u8a00\u3048\u3069\u3001\u30d1\u30b9\u30ef\u30fc\u30c9\u30ed\u30b0\u30a4\u30f3\u3067\u306f\u653b\u6483\u306e\u5bfe\u8c61\u3068\u306a\u308b\u3088\u3046\u3060\u3002\u306a\u306e\u3067\u3001\u516c\u958b\u6697\u53f7\u9375\u65b9\u5f0f\u3067\u306e\u8a8d\u8a3c\u306b\u5909\u3048\u305f\u65b9\u304c\u3088\u308a\u5b89\u5168\u3002\u53c2\u8003\uff1a\u300cOpenWRT \u3067\u306e dropbear \u306b\u95a2\u3059\u308b\u30da\u30fc\u30b8\u300d<\/a><\/p>\n

root@OpenWrt:\/etc\/config# cat dropbear\nconfig dropbear\n        option PasswordAuth 'on'   < --- \u3053\u3053\u3092off\u306b\u3059\u308c\u3070\u826f\u3044\u3002\u3082\u3061\u308d\u3093\u9375\u4f5c\u3063\u3066\u304b\u3089\u306d\u3002\n        option Port         '22'\n<\/pre>\n
\u3057\u304b\u3057\u306a\u304c\u3089\u3001\u30d1\u30b9\u30ef\u30fc\u30c9\u30ed\u30b0\u30a4\u30f3\u3092\u5b8c\u5168\u306b\u3084\u3081\u3061\u3083\u3046\u3068\u30e1\u30f3\u30c6\u30ca\u30f3\u30b9\u6642\u306b\u30ed\u30b0\u30a4\u30f3\u3067\u304d\u306a\u304f\u3066\u56f0\u3063\u3061\u3083\u3046\u304b\u3082\u3057\u308c\u306a\u3044\u3002\u30b7\u30ea\u30a2\u30eb\u30b1\u30fc\u30d6\u30eb\u306f\u6301\u3061\u6b69\u304b\u306a\u3044(La Fonera\u306f\u5b9f\u5bb6\u3060:-))\u3057\u3001\u3044\u3064\u3082\u3068\u9055\u3046PC\u3067\u30ed\u30b0\u30a4\u30f3\u3057\u305f\u3044\u5834\u5408\u3082\u3042\u308b\u304b\u3082\u3002<\/p>\n
\u3060\u304b\u3089\u3001wan\u5074\u306e\u30dd\u30fc\u30c8\u3092iptables\u3067\u9589\u3058\u3066\u304a\u304f\u3053\u3068\u3067\u5bfe\u51e6\u3002<\/p>\n
root@OpenWrt:\/etc# cat firewall.user\niptables -I INPUT 1 -p tcp -i [\u30a4\u30f3\u30bf\u30fc\u30d5\u30a7\u30fc\u30b9 ex)eth0] --dport 22 -j DROP\nroot@OpenWrt:\/etc# \/etc\/init.d\/firewall restart\n<\/pre>\n
root@OpenWrt:\/etc# iptables -L -v -t filter\nChain INPUT (policy ACCEPT 0 packets, 0 bytes)\n pkts bytes target     prot opt in     out     source               destination\n    0     0 DROP       tcp  --  eth0   any     anywhere             anywhere            tcp dpt:22\n    0     0 DROP       all  --  any    any     anywhere             anywhere            state INVALID\n :\n<\/pre>\n
\u5916\u304b\u3089ssh\u3067\u30a2\u30af\u30bb\u30b9(eth0=192.168.100.2)\u3059\u308b\u3068\u3001\u5fdc\u7b54\u7121\u3057\u72b6\u614b\u304b\u3089\u30bf\u30a4\u30e0\u30a2\u30a6\u30c8\u306b\u306a\u308b\u3002<\/p>\n
root@OpenWrt:\/etc# ssh root@192.168.100.2\nssh: exited: Error connecting: Connection timed out<\/pre>\n<\/dd>\n
\n
IP\u306e\u521d\u671f\u8a2d\u5b9a\u3092\u5909\u66f4<\/h2>\n<\/dt>\n
\n
root@OpenWrt:~# cd \/etc\/config\/\nroot@OpenWrt:\/etc\/config# ls\ndhcp         firewall     httpd        luci_ethers  network      ucitrack\ndropbear     fstab        luci         luci_hosts   system       wireless\nroot@OpenWrt:\/etc\/config# vi network\n<\/pre>\n
\n# Copyright (C) 2006 OpenWrt.org\n\nconfig interface loopback\n        option ifname   lo\n        option proto    static\n        option ipaddr   127.0.0.1\n        option netmask  255.0.0.0\n\nconfig interface lan\n        option ifname   eth0\n        option type     bridge\n        option proto    static\n        option ipaddr   192.168.10.1 < ----\u3053\u3053\u3092\u7de8\u96c6\u3059\u308b\n        option netmask  255.255.255.0\n<\/pre>\n<\/dd>\n
\n
ssh\u3067\u30ed\u30b0\u30a4\u30f3\u3067\u304d\u308b\u3088\u3046\u306b\u3059\u308b<\/h2>\n<\/dt>\n
\n
\u307e\u305a\u3001root\u306e\u30d1\u30b9\u30ef\u30fc\u30c9\u3092\u8a2d\u5b9a\u3059\u308b\u3002doropbear\u3092\u6709\u52b9\u3059\u308b\u3002<\/p>\n
root@OpenWrt:~# \/etc\/init.d\/dropbear enable<\/pre>\n<\/p>\n
\u518d\u8d77\u52d5\u5f8c\u3001\u30ea\u30e2\u30fc\u30c8\u304b\u3089ssh\u30ed\u30b0\u30a4\u30f3\u3057\u3066\u307f\u308b\u3002<\/p>\n
~$ ssh root@192.168.10.1\nroot@192.168.10.1's password:\n\n\nBusyBox v1.11.2 (2009-01-05 06:34:55 CET) built-in shell (ash)\nEnter 'help' for a list of built-in commands.\n\n  _______                     ________        __\n |       |.-----.-----.-----.|  |  |  |.----.|  |_\n |   -   ||  _  |  -__|     ||  |  |  ||   _||   _|\n |_______||   __|_____|__|__||________||__|  |____|\n          |__| W I R E L E S S   F R E E D O M\n KAMIKAZE (8.09, r14511) ----------------------------\n  * 10 oz Vodka       Shake well with ice and strain\n  * 10 oz Triple sec  mixture into 10 shot glasses.\n  * 10 oz lime juice  Salute!\n ---------------------------------------------------\nroot@OpenWrt:~#\n<\/pre>\n<\/dd>\n
\n
\u7121\u7ddaIF\u3092\u6709\u52b9\u306b\u3059\u308b<\/h2>\n<\/dt>\n
\n
\u307e\u305a\u306f\u6709\u52b9\u306b\u3057\u3066\u307f\u308b<\/p>\n
root@OpenWrt:~# iwconfig\nlo        no wireless extensions.\n\neth0      no wireless extensions.\n\nwifi0     no wireless extensions.\n\nbr-lan    no wireless extensions.\nroot@OpenWrt:~# vi \/etc\/config\/wireless\n<\/pre>\n
\nconfig wifi-device  wifi0\n        option type     atheros\n        option channel  auto\n\n        # REMOVE THIS LINE TO ENABLE WIFI:\n        option disabled 0      < --- 1\u30920\u306b\u5909\u66f4\u3059\u308b\n\nconfig wifi-iface\n        option device   wifi0\n        option network  lan\n        option mode     ap\n        option ssid     OpenWrt\n        option encryption none\n<\/pre>\n
\u4f7f\u3048\u308b\u69d8\u306b\u306a\u3063\u305f\uff5e(^^\/<\/p>\n
\nroot@OpenWrt:~# \/etc\/init.d\/network restart\nroot@OpenWrt:~# iwconfig\nlo        no wireless extensions.\n\neth0      no wireless extensions.\n\nwifi0     no wireless extensions.\n\nbr-lan    no wireless extensions.\n\nath0      IEEE 802.11g  ESSID:\"OpenWrt\"  Nickname:\"\"\n          Mode:Master  Frequency:2.417 GHz  Access Point: 00:18:84:24:03:A1\n          Bit Rate:0 kb\/s   Tx-Power:18 dBm   Sensitivity=1\/1\n          Retry:off   RTS thr:off   Fragment thr:off\n          Encryption key:off\n          Power Management:off\n          Link Quality=0\/70  Signal level=-96 dBm  Noise level=-96 dBm\n          Rx invalid nwid:0  Rx invalid crypt:0  Rx invalid frag:0\n          Tx excessive retries:0  Invalid misc:0   Missed beacon:0\n<\/pre>\n<\/p>\n<\/dd>\n
\n
\u7121\u7ddaWIFI\u7aef\u672b\u306b\u3057\u3066\u307f\u308b<\/h2>\n<\/dt>\n
\n
\u6697\u53f7\u5316\u306a\u3069\u306f\u7f6e\u3044\u3068\u3044\u3066\u3001\u3068\u308a\u3042\u3048\u305a\u7e4b\u3050\u3060\u3051\u306e\u8a2d\u5b9a\u3002dhcp<\/p>\n
root@OpenWrt:\/# vi \/etc\/config\/wireless<\/pre>\n
\nconfig wifi-device  wifi0\n        option type     atheros\n        option channel  auto\n\n        # REMOVE THIS LINE TO ENABLE WIFI:\n        option disabled 0\n\nconfig wifi-iface\n        option device   wifi0\n        # option network  lan < ----\u3053\u306e\u884c\u306f\u30b3\u30e1\u30f3\u30c8\u30a2\u30a6\u30c8\u3059\u308b\n        option mode   sta <---- ap\u3092sta\u306b\u5909\u66f4\u3059\u308b\n        option ssid     ********\n        option encryption none\n        option nosbeacon 1 <---- \u3053\u306e\u884c\u3092\u8ffd\u52a0\u3059\u308b\n        option network wan <---- \u3053\u306e\u884c\u3092\u8ffd\u52a0\u3059\u308b(\/etc\/confic\/network\u306b\u66f8\u304finterface\u540d\n<\/pre>\n
root@OpenWrt:~# vi \/etc\/config\/network<\/pre>\n
# Copyright (C) 2006 OpenWrt.org\n\nconfig interface loopback\n        option ifname   lo\n        option proto    static\n        option ipaddr   127.0.0.1\n        option netmask  255.0.0.0\n\nconfig interface lan\n        option ifname   eth0\n        option type     bridge\n        option proto    static\n        option ipaddr   192.168.10.1\n        option netmask  255.255.255.0\n\n#\u3053\u3053\u304b\u3089\u4e0b\u3092\u8ffd\u52a0\u3059\u308b\nconfig interface wan\n        option ifname   \"ath0\"\n        option proto    dhcp\n<\/pre>\n
root@OpenWrt:~# vi \/etc\/config\/dhcp<\/pre>\n
config dnsmasq\n        option domainneeded     1\n        option boguspriv        1\n        option filterwin2k      '0'  #enable for dial on demand\n        option localise_queries 1\n        option local    '\/lan\/'\n        option domain   'lan'\n        option expandhosts      1\n        option nonegcache       0\n        option authoritative    1\n        option readethers       1\n        option leasefile        '\/tmp\/dhcp.leases'\n        option resolvfile       '\/tmp\/resolv.conf.auto'\n\nconfig dhcp lan\n        option interface        lan\n        option start    100\n        option limit    150\n        option leasetime        12h\n#\u3053\u3053\u304b\u3089\u4e0b\u304c\u53c2\u7167\u3055\u308c\u308b\u6a21\u69d8\nconfig dhcp wan\n        option interface        wan\n        option ignore   1\n<\/pre>\n<\/dd>\n
\n
eth0\u3092WAN\u5074\u306b\u63a5\u7d9a\u3059\u308b\u3001\u304b\u3064\u3001\u30e1\u30f3\u30c6\u30ca\u30f3\u30b9\u7528\u3068\u3057\u3066\u3082\u4f7f\u3048\u308b\u3088\u3046\u3059\u308b-\u5931\u6557<\/h2>\n<\/dt>\n
\n
La fonera\u306fethernet\u30dd\u30fc\u30c8\u3092\u4e00\u3064\u3057\u304b\u6301\u3063\u3066\u3044\u306a\u3044\u3002\u30a2\u30af\u30bb\u30b9\u30dd\u30a4\u30f3\u30c8\u3068\u3057\u3066\u4f7f\u3046\u3068\u304d\u306fethernet\u3092WAN\u5074(dhcp)\u306b\u3059\u308b\u306e\u3060\u3051\u308c\u3069\u3001\u306a\u306b\u304b\u3042\u3063\u305f\u3068\u304d\u306bethernet\u3067\u63a5\u7d9a\u3057\u3066\u30e1\u30f3\u30c6\u3067\u304d\u308b\u3068\u4fbf\u5229\u3060\u3002\u305d\u3053\u3067\u3001\u4eee\u60f3IF\u3092\u8a2d\u5b9a\u3059\u308b\u3002<\/p>\n
WAN\u7528\u3092eth0:1(dhcp)\u3001\u30e1\u30f3\u30c6\u7528\u3092eth0(static)\u3068\u3059\u308b\u3002<\/p>\n
root@OpenWrt:~# vi \/etc\/config\/network<\/pre>\n
# Copyright (C) 2006 OpenWrt.org\n\nconfig interface loopback\n        option ifname   lo\n        option proto    static\n        option ipaddr   127.0.0.1\n        option netmask  255.0.0.0\n\n# WAN\u5074\u306e\u8a2d\u5b9a\nconfig interface ethwan\n        option ifname   eth0:1\n        option proto    dhcp\n\n# \u30e1\u30f3\u30c6\u7528\u306e\u8a2d\u5b9a\nconfig interface mente\n        option ifname   eth0\n        option proto    static\n        option ipaddr   192.168.10.1\n        option netmask  255.255.255.0\n :\n<\/pre>\n
root@OpenWrt:~# vi \/etc\/config\/dhcp<\/pre>\n
\n  :\n#WAN\u5074\u306eDHCP\u8a2d\u5b9a\nconfig dhcp ethwan\n        option interface        ethwan\n        option ignore   1\n<\/pre>\n<\/dd>\n
\n
ntp\u3067\u6642\u523b\u5408\u308f\u305b<\/h2>\n<\/dt>\n
\n
\u30a4\u30f3\u30b9\u30c8\u30fc\u30eb<\/p>\n
root@OpenWrt:\/etc# opkg install ntpclient\nInstalling ntpclient (2007_365-1) to root...\nDownloading http:\/\/downloads.openwrt.org\/kamikaze\/8.09\/atheros\/packages\/.\/ntpclient_2007_365-1_mips.ipk\nConnecting to downloads.openwrt.org (195.56.146.238:80)\nntpclient_2007_365-1 100% |**********************************************| 11583  00:00:00 ETA\nConfiguring ntpclient\n<\/pre>\n
\u6642\u523b\u30b5\u30fc\u30d0\u306f\u65e5\u672c\u6a19\u6e96\u6642\u30d7\u30ed\u30b8\u30a7\u30af\u30c8\u306e\u516c\u958bNTP\u30b5\u30fc\u30d0<\/a>\u3092\u5229\u7528\u3059\u308b\u3002<\/p>\n
root@OpenWrt:~# vi \/etc\/config\/ntpclient<\/pre>\n
config ntpserver\n        option hostname 'ntp.nict.jp'\n        option port     '123'\n        option count    1\n\nconfig ntpdrift\n        option freq     '0'\n\nconfig ntpclient\n        option interval 60\n        #option count   10<\/pre>\n
\u30bf\u30a4\u30e0\u30be\u30fc\u30f3\u3082\u8a2d\u5b9a\u3057\u3066\u304a\u304f<\/p>\n
root@OpenWrt:\/etc\/config# uci show | grep timezone\nuci: Entry not found\nsystem.@system[0].timezone=UTC\nroot@OpenWrt:\/etc\/config# uci set system.@system[0].timezone=\"JST-9\"\nroot@OpenWrt:\/etc\/config# uci set system.@system[0].zonename=\"Asis\/Tokyo\"\nroot@OpenWrt:\/etc\/config# uci commit\nroot@OpenWrt:\/etc\/config# uci show system.@system[0]\nsystem.cfg0243cc=system\nsystem.cfg0243cc.hostname=OpenWrt\nsystem.cfg0243cc.timezone=JST-9\nsystem.cfg0243cc.zonename=Asis\/Tokyo\nroot@OpenWrt:\/etc\/config#<\/pre>\n
\u518d\u8d77\u52d5\u3057\u3066\u78ba\u8a8d<\/p>\n
root@OpenWrt:\/etc\/config# cat \/var\/TZ\nJST-9\nroot@OpenWrt:\/etc\/config# cat \/etc\/TZ\nJST-9\nroot@OpenWrt:\/etc\/config# ps ax | egrep ntp\n  868 root      1388 S    \/usr\/sbin\/ntpclient -i 60 -s -l -D -p 123 -h ntp.nict\nroot@OpenWrt:\/etc\/config# date\nSun May  3 01:18:41 JST 2009\nroot@OpenWrt:\/etc\/config#<\/pre>\n<\/dd>\n<\/dl>\n","protected":false},"excerpt":{"rendered":"
iptable\u3067\u5916\u90e8\u304b\u3089\u306essh\u3092\u9632\u3050 ssh\u3092\u4f7f\u3063\u3066\u3044\u308b\u3068\u306f\u8a00\u3048\u3069\u3001\u30d1\u30b9\u30ef\u30fc\u30c9\u30ed\u30b0\u30a4\u30f3\u3067\u306f\u653b\u6483\u306e\u5bfe\u8c61\u3068\u306a\u308b\u3088\u3046\u3060\u3002\u306a\u306e\u3067\u3001\u516c\u958b\u6697\u53f7\u9375\u65b9\u5f0f\u3067\u306e\u8a8d\u8a3c\u306b\u5909\u3048\u305f\u65b9\u304c\u3088\u308a\u5b89\u5168\u3002\u53c2\u8003\uff1a\u300cOpenWRT \u3067\u306e dropbear \u306b\u95a2 …<\/p>\n
 Continue reading<\/span><\/i><\/a> <\/p>\n","protected":false},"author":4,"featured_media":0,"parent":247,"menu_order":0,"comment_status":"open","ping_status":"open","template":"","meta":{"footnotes":""},"class_list":["post-570","page","type-page","status-publish","hentry"],"_links":{"self":[{"href":"https:\/\/randt.jp\/index.php?rest_route=\/wp\/v2\/pages\/570","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/randt.jp\/index.php?rest_route=\/wp\/v2\/pages"}],"about":[{"href":"https:\/\/randt.jp\/index.php?rest_route=\/wp\/v2\/types\/page"}],"author":[{"embeddable":true,"href":"https:\/\/randt.jp\/index.php?rest_route=\/wp\/v2\/users\/4"}],"replies":[{"embeddable":true,"href":"https:\/\/randt.jp\/index.php?rest_route=%2Fwp%2Fv2%2Fcomments&post=570"}],"version-history":[{"count":0,"href":"https:\/\/randt.jp\/index.php?rest_route=\/wp\/v2\/pages\/570\/revisions"}],"up":[{"embeddable":true,"href":"https:\/\/randt.jp\/index.php?rest_route=\/wp\/v2\/pages\/247"}],"wp:attachment":[{"href":"https:\/\/randt.jp\/index.php?rest_route=%2Fwp%2Fv2%2Fmedia&parent=570"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}