root@OpenWrt-Donetsk:~# cat /etc/config/network
config 'switch' 'eth0'
option 'vlan0' '0 1 2 3 5*'
option 'vlan1' '4 5'
config 'interface' 'loopback'
option 'ifname' 'lo'
option 'proto' 'static'
option 'ipaddr' '127.0.0.1'
option 'netmask' '255.0.0.0'
config 'interface' 'lan'
option 'type' 'bridge'
option 'ifname' 'eth0.0'
option 'proto' 'static'
option 'ipaddr' '192.168.1.1'
option 'netmask' '255.255.255.0'
config 'interface' 'wan1'
option 'ifname' 'eth0.1'
option 'macaddr' '00:17:f2:c4:38:5f'
option 'proto' 'dhcp'
config 'interface' 'wan'
option 'ifname' 'ppp0'
option 'proto' 'pptp'
option 'server' 'vpn.somenet.ua'
# option 'mtu' '1482'
option 'username' 'yourlogin'
option 'password' 'yourpasswd'
option 'keepalive' '10
root@OpenWrt-Donetsk:~# cat /etc/init.d/done
#!/bin/sh /etc/rc.common
# Copyright (C) 2006 OpenWrt.org
START=95
boot() {
[ -d /tmp/root ] & # set leds to normal state
. /etc/diag.sh
set_state done
ifdown wan
kill -9 `ps |grep call |grep pptp| awk '{print $1}'`
sleep 15
ifup wan
}
root@OpenWrt-Donetsk:~# cat /etc/ppp/options
#debug
logfile /dev/null
noaccomp
nopcomp
nocrtscts
lock
maxfail 0
lcp-echo-failure 5
lcp-echo-interval 1
root@OpenWrt-Donetsk:~# cat /etc/ppp/options.pptp
#connect /bin/true
lock
noauth
nobsdcomp
nodeflate
idle 0
usepeerdns
defaultroute
replacedefaultroute
maxfail 0
root@OpenWrt-Donetsk:~# cat /etc/ppp/ip-up
#!/bin/sh
. /etc/functions.sh
PPP_IFACE="$1"
PPP_TTY="$2"
PPP_SPEED="$3"
PPP_LOCAL="$4"
PPP_REMOTE="$5"
PPP_IPPARAM="$6"
export PPP_IFACE PPP_TTY PPP_SPEED PPP_LOCAL PPP_REMOTE PPP_IPPARAM
[ -z "$PPP_IPPARAM" -o -z "$PPP_LOCAL" ] || {
uci_set_state network "$PPP_IPPARAM" ipaddr "$PPP_LOCAL"
uci_set_state network "$PPP_IPPARAM" gateway "$PPP_REMOTE"
}
[ -z "$PPP_IPPARAM" ] || env -i ACTION="ifup" INTERFACE="$PPP_IPPARAM"
DEVICE="$PPP_IFACE" PROTO=ppp /sbin/hotplug-call "iface"
[ -d /etc/ppp/ip-up.d ] &/sbin/route add -net 0.0.0.0/1 gw $5
/sbin/route add -net 128.0.0.0/1 gw $5
root@OpenWrt-Donetsk:~# cat /etc/init.d/firewall
#!/bin/sh
iptables -F
iptables -t nat -F
iptables -P OUTPUT ACCEPT
iptables -P FORWARD ACCEPT
iptables -P INPUT ACCEPT
iptables -A INPUT -i lo -j ACCEPT
iptables -A INPUT -m state --state INVALID -j REJECT
iptables -A INPUT -m state --state RELATED,ESTABLISHED -j ACCEPT
iptables -A INPUT -p tcp --dport 2222 -m state --state NEW -j ACCEPT
#iptables -A INPUT -p icmp -j ACCEPT
iptables -A INPUT -i eth0.1 -p icmp --icmp-type 8 -j REJECT --reject-with proto-unreach
iptables -A INPUT -i eth0.1 -p icmp --icmp-type 0 -j ACCEPT
iptables -A INPUT -i eth0.1 -p icmp --icmp-type 3 -j ACCEPT
iptables -A INPUT -i ppp0 -p icmp --icmp-type 8 -j REJECT --reject-with proto-unreach
iptables -A INPUT -i ppp0 -p icmp --icmp-type 0 -j ACCEPT
iptables -A INPUT -i ppp0 -p icmp --icmp-type 3 -j ACCEPT
iptables -A INPUT -i eth0.1 -j DROP
iptables -A INPUT -i ppp0 -j DROP
iptables -t nat -A POSTROUTING -o eth0.1 -j MASQUERADE
iptables -t nat -A POSTROUTING -o ppp0 -j MASQUERADE