Difference between revisions of "Configuring Netgear Nighthawk R7000 router with DD-WRT"

From One-Eyed Man Wiki
Jump to navigation Jump to search
 
m (1 revision imported)
 
(No difference)

Latest revision as of 11:59, 14 May 2022

Configuring Netgear Nighthawk R7000 router with DD-WRT Configure NAT and Firewall

In Administration > Commands:

Startup section:

##STARTUP
WANIF=`get_wanface`
ifconfig $WANIF:1 xxx.xxx.xxx.227 netmask 255.255.255.248 broadcast xxx.xxx.xxx.231
# ifconfig $WANIF:2 xxx.xxx.xxx.228 netmask 255.255.255.248 broadcast xxx.xxx.xxx.231
ifconfig $WANIF:3 xxx.xxx.xxx.229 netmask 255.255.255.248 broadcast xxx.xxx.xxx.231
ifconfig $WANIF:4 xxx.xxx.xxx.230 netmask 255.255.255.248 broadcast xxx.xxx.xxx.231

Firewall section:

### Firewall

## NAT

# WAN xxx.xxx.xxx.229 -> LAN 192.168.1.2 (host.example.com)
iptables -t nat -I PREROUTING -i vlan2 -d xxx.xxx.xxx.229 -j DNAT --to 192.168.1.2
iptables -t nat -I POSTROUTING -o vlan2 -s 192.168.1.2 -j SNAT --to xxx.xxx.xxx.229

# WAN xxx.xxx.xxx.227 -> LAN 192.168.1.7 (host.example.com)
iptables -t nat -I PREROUTING -i vlan2 -d xxx.xxx.xxx.227 -j DNAT --to 192.168.1.7
iptables -t nat -I POSTROUTING -o vlan2 -s 192.168.1.7 -j SNAT --to xxx.xxx.xxx.227

# WAN xxx.xxx.xxx.228 -> LAN 192.168.1.8 (host.example.com)
# iptables -t nat -I PREROUTING -i vlan2 -d xxx.xxx.xxx.228 -j DNAT --to 192.168.1.8
# iptables -t nat -I POSTROUTING -o vlan2 -s 192.168.1.8 -j SNAT --to xxx.xxx.xxx.228

## Failed attempts at loopback NAT
# iptables -t nat -A POSTROUTING -o vlan2 -s 192.168.1.0/24 -d 192.168.1.0/24 -j MASQUERADE

# iptables -t mangle -A PREROUTING -i ! `get_wanface` -d `nvram get wan_ipaddr` -j MARK --set-mark 0xd001
# iptables -t mangle -A PREROUTING -j CONNMARK --save-mark
# iptables -t nat -A POSTROUTING -m mark --mark 0xd001 -j MASQUERADE 

## Port-forwarding 

## mono.oneeyedman.net
# SSH
iptables -I FORWARD -d 192.168.1.2 -i vlan2 -p tcp --dport 22 -j ACCEPT
# DNS (UDP)
iptables -I FORWARD -d 192.168.1.2 -i vlan2 -p udp --dport 53 -j ACCEPT
# DNS (TCP)
iptables -I FORWARD -d 192.168.1.2 -i vlan2 -p tcp --dport 53 -j ACCEPT
# HTTP
iptables -I FORWARD -d 192.168.1.2 -i vlan2 -p tcp --dport 80 -j ACCEPT
# IMAPS
iptables -I FORWARD -d 192.168.1.2 -i vlan2 -p tcp --dport 143 -j ACCEPT
# HTTPS
iptables -I FORWARD -d 192.168.1.2 -i vlan2 -p tcp --dport 443 -j ACCEPT
# SMTP-STARTTLS
iptables -I FORWARD -d 192.168.1.2 -i vlan2 -p tcp --dport 587 -j ACCEPT
# IMAPS-SSL/TLS
iptables -I FORWARD -d 192.168.1.2 -i vlan2 -p tcp --dport 993 -j ACCEPT
# SMTP
iptables -I FORWARD -d 192.168.1.2 -i vlan2 -p tcp --dport 25 -j ACCEPT

## Port-forwarding for host.example.com
# SSH
iptables -I FORWARD -d 192.168.1.7 -i vlan2 -p tcp --dport 22 -j ACCEPT
# HTTP
iptables -I FORWARD -d 192.168.1.7 -i vlan2 -p tcp --dport 80 -j ACCEPT
# HTTPS (Tor)
iptables -I FORWARD -d 192.168.1.7 -i vlan2 -p tcp --dport 443 -j ACCEPT
# DirPort (Tor)
iptables -I FORWARD -d 192.168.1.7 -i vlan2 -p tcp --dport 9030 -j ACCEPT

# SMTP
#iptables -I FORWARD -d 192.168.1.7 -i vlan2 -p tcp --dport 25 -j ACCEPT
# DNS (UDP)
#iptables -I FORWARD -d 192.168.1.7 -i vlan2 -p udp --dport 53 -j ACCEPT
# DNS (TCP)
#iptables -I FORWARD -d 192.168.1.7 -i vlan2 -p tcp --dport 53 -j ACCEPT
# SMTP-STARTTLS
#iptables -I FORWARD -d 192.168.1.7 -i vlan2 -p tcp --dport 587 -j ACCEPT
# IMAPS-SSL/TLS
#iptables -I FORWARD -d 192.168.1.7 -i vlan2 -p tcp --dport 993 -j ACCEPT

## Port-forwarding for host.example.com
# HTTP
iptables -I FORWARD -d 192.168.1.8 -i vlan2 -p tcp --dport 80 -j ACCEPT
# HTTPS (Tor)
iptables -I FORWARD -d 192.168.1.8 -i vlan2 -p tcp --dport 443 -j ACCEPT
# DirPort (Tor)
iptables -I FORWARD -d 192.168.1.8 -i vlan2 -p tcp --dport 9030 -j ACCEPT

## Port-forwarding for host.example.com
# Gnutella
iptables -I FORWARD -d 192.168.1.10 -i vlan2 -p tcp --dport 6346 -j ACCEPT
iptables -I FORWARD -d 192.168.1.10 -i vlan2 -p udp --dport 6346 -j ACCEPT

Set up internal (LAN) DNS

Enable JFFS support (Source: https://unfinishedbitness.info/2013/02/24/enabling-jffs-on-dd-wrt/)

  1. Login to the router web page.
  2. Click "Administration".
  3. Look for the "JFFS2 Support" section.
  4. For the JFFS2 option, click the "Enable" radio button.
  5. Click "Save" at the bottom. Wait a few seconds. Â Once the screen refreshes, click "Apply" at the bottom and wait again. Look for the "JFFS2 Support" section again.
  6. For the "Clean JFFS" option, click the "Enable" radio button.
  7. DO NOT click "Save" at the bottom! Instead, click "Apply" at the bottom. The router will format the available space. Â Wait until the web GUI is back which may take a minute or two.
  8. Look for the "JFFS2 Support" section again.
  9. For the "Clean JFFS" option, click the "Disable" radio button.
  10. Click Save at the bottom. Click the "Administration" tab.
  11. Click the "Maintenance" tab. Click "Reboot Router" at the bottom.

After the boot is complete there will be a "/jffs" filesystem present. It will have a "tmp/ipkg" directory in it which you can ignore. Just leave it there.

Populate Persistent Data:

Now you can create a storage location(s) in the JFFS filesystem to hold those things you want to preserve across boots (ie: hosts file, startup scripts, web pages, etc). Login via ssh as root, then create the directories. I created these:

cd /jffs
mkdir etc
mkdir bin
mkdir web

Now you can scp the files you need into those directories, or use vi and create them manually.

Set up DHCP and DNS (follow the directions at https://unfinishedbitness.info/2013/03/26/using-dd-wrt-for-local-dns-and-dhcp/)

The content of /jffs/etc/hosts.home:

root@jackpot:/jffs/etc# cat hosts.westnet
 192.168.1.2 xxxxx example.com example.com www.example.com
 192.168.1.7 yyyyy host.example.com