OpenWRT Update

14 posts / 0 new
Last post
bzing2
bzing2's picture
OpenWRT Update

Hi all,

I have just updated my OpenWRT WGR614L "Bleeding Edge" Environment. This includes the changes to ngr-flash and mkchkimg. The summery is:

  • mkchkimg updated to fix build problem on 64bit machines
  • ngr-flash utility updated and adds hooks to sysupgrade
  • trx file has fs_mark appended to the end

 

I am in the process of attempting to get these patches accepted upstream in OpenWRT. So with any luck this will be the last update! I will keep you all posted. I intend to write an article here once its been accepted on how to build images.

I would love to know if anyone is actually using this; does it work, are there bugs? Anything missing? Would a pre-build image be more useful?

bzing2
bzing2's picture
OpenWRT provides a command

OpenWRT provides a command line only interface... However The X-Wrt Project is the web interface for end users. This is why there is nothing in /www (the webserver is added as its part of busybox and thus part of OpenWRT).

If one were to build an image for the end user it would seem sensible to add X-Wrt to that, so there is some kind of interface.

I have to confess that I have not tested the wireless either; however as far as I can tell it works. The same brcm code is used on other platforms successfully, so I am sure its not an issue. I believe there is still a minor bug in the sflash driver, but as yet I have not tracked it down!

bzing2
bzing2's picture
If you follow the X-Wrt

If you follow the X-Wrt instructions its fairly easy to add the user interface. If you like you could integrate it into the set of stuff I have produced (a patch is fine) I just haven't needed to do so.

As for the wireless. I just tried what you suggested, and it seems to work correctly for me, at about 2ms. You could give me the output from "route -n", "ifconfig", "brctl show" and "iwconfig wl0". Perhaps the answer is in how its setup!

achilles
achilles's picture
Hi,

Hi,
I have flashed my WGR614L with OpenWRT WGR614L "Bleeding Edge" and it seems to me that NAT is not working properly in this image .
I have taken the interface eth0.1 (i.e WAN iface) out of the bridge and have given it an IP 192.168.10.55 , the other iface eth0.0 is in bridge with IP 192.168.1.1 .
I have connected my PC to the lan port of the board and connected WAN port of the board to a 10.x network.
Then I am givin the following command on my PC

"route add -net 192.168.10.0 netmask 255.255.255.0 gw 192.168.1.1 dev eth0"

to set up the route.
But I am not able to ping 10.x network from my PC ... I have taken an ethreal capture on a PC in 10.x network and observed that src address was still 1.x ...
Based on this observation I think that NAT is not working properly here ...

If anybody knows how to overcome it ...plz let me know ....

bzing2
bzing2's picture
Check your iptables rules,

Check your iptables rules, "iptables -t nat -L". I am guessing that you have not added a natting rule, thus its not natting. You may find the following useful...

iptables -t nat -A POSTROUTING -o eth0.1 -j MASQUERADE

I would suggest adding X-Wrt to your image. It provides a user interface that will help you configure OpenWRT to do what you want.

achilles
achilles's picture
thnx for the input ... I will

thnx for the input ... I will add natting rules and check it ...

achilles
achilles's picture
Hi ,

Hi ,
I tried to add natting rules using the commands suggested by you but MASQUERADE option is not getting recognized and I am getting an error message if I give the command

iptables -t nat -A POSTROUTING -o eth0.1 -j MASQUERADE

any suggestions regarding this ....

bzing2
bzing2's picture
I am going to make some

I am going to make some educated guesses; which may well be wrong, but here goes.

iptables v1.3.8: can't initialize iptables table `nat': Table does not exist (d)Perhaps iptables or your kernel needs to be upgraded.

The cause of that is not having the "iptables-mod-nat" and "kmod-ipt-nat" packages installed.

To be honest you probably want to select the firewall package, along with iptables-mod-* packages. I would suggest the following in menuconfig:

# From: Base Config
CONFIG_PACKAGE_firewall=y

# From: Base Config -> iptables
CONFIG_PACKAGE_iptables=y
CONFIG_PACKAGE_iptables-mod-conntrack=y
CONFIG_PACKAGE_iptables-mod-conntrack-extra=y
CONFIG_PACKAGE_iptables-mod-extra=y
CONFIG_PACKAGE_iptables-mod-filter=y
CONFIG_PACKAGE_iptables-mod-imq=y
CONFIG_PACKAGE_iptables-mod-ipopt=y
CONFIG_PACKAGE_iptables-mod-iprange=y
CONFIG_PACKAGE_iptables-mod-ipsec=y
CONFIG_PACKAGE_iptables-mod-ipset=y
CONFIG_PACKAGE_iptables-mod-nat=y
CONFIG_PACKAGE_iptables-mod-nat-extra=y
CONFIG_PACKAGE_iptables-mod-ulog=y
CONFIG_PACKAGE_iptables-utils=y

# From: Kernel Modules -> Netfilter Extensions
CONFIG_PACKAGE_kmod-arptables is not set
CONFIG_PACKAGE_kmod-ip6tables is not set
CONFIG_PACKAGE_kmod-ipt-core=y
CONFIG_PACKAGE_kmod-ipt-conntrack=y
CONFIG_PACKAGE_kmod-ipt-conntrack-extra=y
CONFIG_PACKAGE_kmod-ipt-extra=y
CONFIG_PACKAGE_kmod-ipt-filter=y
CONFIG_PACKAGE_kmod-ipt-imq=y
CONFIG_PACKAGE_kmod-ipt-ipopt=y
CONFIG_PACKAGE_kmod-ipt-iprange=y
CONFIG_PACKAGE_kmod-ipt-ipsec=y
CONFIG_PACKAGE_kmod-ipt-ipset=y
CONFIG_PACKAGE_kmod-ipt-nat=y
CONFIG_PACKAGE_kmod-ipt-nat-extra=y
CONFIG_PACKAGE_kmod-ipt-nathelper=y
CONFIG_PACKAGE_kmod-ipt-nathelper-extra=y
CONFIG_PACKAGE_kmod-ipt-queue=y
CONFIG_PACKAGE_kmod-ipt-ulog=y
achilles
achilles's picture
Hi ,

Hi ,
I tried with the configuration option suggested by you but I am not able to complile my code now , I am getting following error messages

mipsel-linux-uclibc-gcc -Os -pipe -mips32 -mtune=mips32 -funit-at-a-time -fhonour-copts -fpic -Wall -Wunused -I/home/netgear_work/openwrt-wgr614l/trunk/build_dir/linux-brcm-2.4/linux-2.4.35.4/include -Iinclude/ -DIPTABLES_VERSION=\"1.3.8\" -DNO_SHARED_LIBS=1 -DIPT_LIB_DIR=\"/usr/lib/iptables\" -rdynamic -static-libgcc -o iptables iptables-standalone.c iptables.o extensions/libext.a libiptc/libiptc.a
iptables.o: In function `find_match':
iptables.c:(.text+0x804): undefined reference to `dlopen'
iptables.c:(.text+0x858): undefined reference to `dlerror'
iptables.o: In function `find_target':
iptables.c:(.text+0x19b8): undefined reference to `dlopen'
iptables.c:(.text+0x1a08): undefined reference to `dlerror'
extensions/libext.a(initext.o): In function `init_extensions':
initext.c:(.text+0x358): undefined reference to `ipt_IMQ_init'
collect2: ld returned 1 exit status
make[4]: *** [iptables] Error 1

Please not that I have chnged the Makefile of iptables to uncomment the options

# uncomment this to get a fully statically linked version
NO_SHARED_LIBS = 1

# uncomment this to disable IPv6 support
DO_IPV6 = 0

Plz suggest me some way to get it compiled ... meanwhile I am trying to get it compiled on my own ...

bzing2
bzing2's picture
If you have set NO_SHARED

If you have set NO_SHARED_LIBS then iptables.c should not be calling dlopen, so I think something has gone funny with your build system there!

I am worried that dlopen is not defined, thats really critical to most things working! I suggest you start a fresh build tree and see if you get the same error!

achilles
achilles's picture
thnx ... I did a make clean

thnx ... I did a make clean and then make and it got compiled .... I think I had made some mistake in configuration previously ....

achilles
achilles's picture
Well I have compiled the code

Well I have compiled the code and now I am not getting the error for command :
iptables -t nat -A POSTROUTING -o eth0.1 -j MASQUERADE

but with this image I am getting ICMP error : Destination Port Unreachable ,
if I try to ping a PC in the network connected to WAN side of board.
Moreover previously I observed that host in the WAN side network would get packet
though with incorrect sorce IP , but now it is not getting any packet from host connected to LAN side of the board ....
Please suggest me a way out ....

bzing2
bzing2's picture
If you have installed the

If you have installed the firewall package you probably don't want to be adding iptables rules yourself! I would suggest editing /etc/config/firewall and /etc/config/network. I would also make sure that you have a "config interface wan" or your going to find that things don't work...

achilles
achilles's picture
Yes , I have taken the

Yes , I have taken the firewall and hence not adding iptables rules ... I have edited the firewall and network files and things are working now ....