Open-wrt Config TP-Link WR703N

Open-wrt Config TP-Link WR703N

2016-07-12. Category & Tags: Openwrt, TL-WR703N, TP-Link, 703N

Basic Configs in UI #

  1. First time connect, as suggested, give a root passwd and enable SSH server. (Though enabled, you may need to manually “start” dropbear SSH server in the “startup” menu tab.)
  2. Enable wireless and make it part of LAN.
  3. Enable security and set a passwd.
  4. The default device mode is bridge. To use as a router, we need to disable bridge.
  5. Then the eth0 will be gone, so we need to add this interface again, naming “wan”, using protocol “DHCP client”.

All above steps are done in “luci” UI. The following configs can be done in the busybox terminal as shown below, or by doing vim /etc/config/network directly.

confirm eth0/wan is using DHCP #

The default mode of eth0 is static ip, if no proto is selected when (re-)creating the wan/eht0 interface, we need to use udhcpc -i eth0 to get ip from upper router. For permanent DHCP config, use: (ref1)

uci set network.wan.proto=dhcp
uci commit network
ifup wan

Change DHCP Pool #

If the upper router is also using 192.168.1.1/24 as ip pool, conflicts will occur, and the traffic from wrt’s clients cannot be forwarded to upper router.

To change openwrt DHCP server ip pool, use the following code: (ref1)

uci set network.lan.ipaddr=192.168.2.1
uci commit network
reboot

Enable Remote SSH #

It is useful when having nested routers.
ref

step 1 – allow traffic / firewall #

method 1 using gui: #

Network > Firewall > Traffic Rules > New forward rule
Name: SSH
Restrict to address family: IPv4 and IPv6
Protocol: TCP
Match ICMP type: Any
Source zone: wan
Source MAC address: Any
Source address: Any
Source Port: Any
Destination zone: Device (input)
Destination address: Any
Destination Port: 22
Action: Accept
SAVE AND APPLY

method 2 using commands: #

uci add firewall rule
uci set firewall.@rule[-1].src=wan
uci set firewall.@rule[-1].target=ACCEPT
uci set firewall.@rule[-1].proto=tcp
uci set firewall.@rule[-1].dest_port=22
uci commit firewall
/etc/init.d/firewall restart

method 3 appending file /etc/config/firewall: #

( have NOT tried this method, may NOT work )

#Allow SSH
config rule
        option src              wan
        option proto            tcp
        option dest_port        ssh
        option target           ACCEPT

step 2 – enable ssh listening on wan (gui) #

System > Administration > SSH Access – Dropbear Instance

  • Interface: change to “unspecified”
  • Allow: Gateway ports
  • (Already By Default) allow Password authentication & Allow root logins with password

step 3 – restart services (gui) #

Status Firewall > Restart Firewall
System Startup > Restart Button on dropbear

step 4 – disable remote ssh after usage #

remember to disable remote ssh after config !!!

Check Status #

ping 8.8.8.8

  • from busybox
  • from client

DNS prob

  • from busybox
  • from client

If you can ping google from 703n, but not from client, it means the route is not enabled. You need routing (possiblely also NAT).

NAT-ed Router #

This has been discussed in another router-topic blog

Disable Remote Luci GUI Access #

# vim /etc/rc.local
iptables --insert INPUT 1 --in-interface eth0 -p tcp --dport 80 -j REJECT

Change MAC Address #

Not possible (actions / commands will not work).

Play With (Post Installation) #

ref