Open-wrt Config TP-Link WR703N
- Basic Configs in UI
- Change DHCP Pool
- Enable Remote SSH
- Check Status
- NAT-ed Router
- Disable Remote Luci GUI Access
- Change MAC Address
- Play With (Post Installation)
Basic Configs in UI
- First time connect, as suggested, give a root passwd and enable SSH server.
(Though enabled, you may need to manually "start" dropbear SSH server in the "startup" menu tab.)
- Enable wireless and make it part of LAN.
- Enable security and set a passwd.
- The default device mode is bridge. To use as a router, we need to disable bridge.
- Then the eth0 will be gone, so we need to add this interface again, naming "wan", using protocol "DHCP client".
All above steps are done in "luci" UI. The following configs can be done in the busybox terminal as shown below, or by doing
vim /etc/config/network directly.
confirm eth0/wan is using DHCP
The default mode of eth0 is static ip, if no proto is selected when (re-)creating the wan/eht0 interface, we need to use
udhcpc -i eth0 to get ip from upper router.
For permanent DHCP config, use: (ref1)
uci set network.wan.proto=dhcp uci commit network ifup wan
Change DHCP Pool
If the upper router is also using 192.168.1.1/24 as ip pool, conflicts will occur, and the traffic from wrt's clients cannot be forwarded to upper router.
To change openwrt DHCP server ip pool, use the following code: (ref1)
uci set network.lan.ipaddr=192.168.2.1 uci commit network reboot
Enable Remote SSH
It is useful when having nested routers.
step 1 -- allow traffic / firewall
method 1 using gui:
Network > Firewall > Traffic Rules > New forward rule
Restrict to address family: IPv4 and IPv6
Match ICMP type: Any
Source zone: wan
Source MAC address: Any
Source address: Any
Source Port: Any
Destination zone: Device (input)
Destination address: Any
Destination Port: 22
SAVE AND APPLY
method 2 using commands:
uci add firewall rule uci set [email protected][-1].src=wan uci set [email protected][-1].target=ACCEPT uci set [email protected][-1].proto=tcp uci set [email protected][-1].dest_port=22 uci commit firewall /etc/init.d/firewall restart
method 3 appending file /etc/config/firewall:
( have NOT tried this method, may NOT work )
#Allow SSH config rule option src wan option proto tcp option dest_port ssh option target ACCEPT
step 2 -- enable ssh listening on wan (gui)
System > Administration > SSH Access -- Dropbear Instance
- Interface: change to "unspecified"
- Allow: Gateway ports
- (Already By Default) allow Password authentication & Allow root logins with password
step 3 -- restart services (gui)
Status Firewall > Restart Firewall
System Startup > Restart Button on dropbear
step 4 -- disable remote ssh after usage
remember to disable remote ssh after config !!!
- from busybox
- from client
- from busybox
- from client
If you can ping google from 703n, but not from client, it means the route is not enabled. You need routing (possiblely also NAT).
This has been discussed in another router-topic blog
Disable Remote Luci GUI Access
# vim /etc/rc.local iptables --insert INPUT 1 --in-interface eth0 -p tcp --dport 80 -j REJECT
Change MAC Address
Not possible (actions / commands will not work).
Play With (Post Installation)