New Buffalo DD-WRT Config && nix box && dnsmasq-dhcpd-tftpd-pxe

I got a new router (for use with Comcast) and I found a Buffalo one at Frys which runs full DD-WRT. Here is some sample configurations I’m using on it at the moment:

  • Home Network Goals: (w/ magic help from AP isolation mode)
    • Auths to FreeRADIUS with EAP-TTLS-MSCHAPv2 WPA2-CCMP-AES
    • Blocks ARP replies not from the correct modem/server/wifi
    • Blocks DHCP replies coming in from the wifi lan
    • Maps/learns/watches/monitors ARP replies from the correct clients
    • Supports IPv6 wan with the same requirements as above for IPv4

  

#!/usr/bin/python
import os
import re
import sys
import subprocess
import time
os.system("rm -fv /root/icmp*")
os.system("tcpdump -lnni br0 icmp6 -s65535 -C 1 -W 3 -w /root/icmp6 &")
hist = []
while (1):
	pids = []
	for x in range(0, 10):
		pobj = subprocess.Popen(["tcpdump", "-lnnr", "/root/icmp6"+str(x)], stdout=subprocess.PIPE, stderr=subprocess.STDOUT)
		plis = pobj.stdout.readlines()
		for line in plis:
			line = line.strip()
			indx = line.find("who has 2601:9:3400:aa9:1337:")
			if ((indx > -1) and (not line in hist)):
				addr = re.sub("[^0-9A-Fa-f:]+.*$", "", line[indx+8:])
				neih = subprocess.check_output(["ip", "-6", "neigh", "show"])
				if (not addr in neih):
					print("address",addr)
					pidn = os.fork()
					if (pidn == 0):
						os.system("ip -6 addr add '"+addr+"/128' dev br0 ; sleep 3 ; ip -6 addr del '"+addr+"/128' dev br0")
						sys.exit()
					else:
						pids.append(pidn)
				hist.append(line)
	while (len(hist) > 1000000):
		hist.pop(0)
	#print("sleeping...")
	time.sleep(5)
	for pidn in pids:
		try:
			os.waitpid(pidn, 0)
		except:
			pass

#!/bin/bash
while true
do
	cat /var/lib/misc/dnsmasq.leases | while read line
	do
		m=`echo "$line" | awk '{ print $2 }'`
		i=`echo "$line" | awk '{ print $3 }'`
		c=`echo "$i" | grep -i '[0-9][0-9]*\.[0-9][0-9]*\.[0-9][0-9]*\.[0-9][0-9]*'`
		if [ "$c" == "" ]
		then
			continue
		fi
		arp -s "$i" "$m"
	done
	sleep 5
done

#!/bin/bash


echo > /etc/resolv.conf
echo 'nameserver 4.2.2.1' >> /etc/resolv.conf
echo 'nameserver 8.8.8.8' >> /etc/resolv.conf


brctl addbr br0
brctl addif br0 eth0 eth2

ip link set dev br0 up
ip link set dev eth0 up
ip link set dev eth1 up
ip link set dev eth2 up


iptables -F ; iptables -X
iptables -F -t nat ; iptables -X -t nat

ip address add 10.0.0.10/24 dev br0
ip route add 0.0.0.0/0 via 10.0.0.1

iptables -t nat -A POSTROUTING -o br0 -s 10.10.10.0/24 -j SNAT --to 10.0.0.10

echo 1 > /proc/sys/net/ipv4/ip_forward


ip6tables -F ; ip6tables -X
ip6tables -F -t nat ; ip6tables -X -t nat

ip -6 address add 2601:9:3400:aa9::1337/80 dev br0
ip -6 route add ::/0 via 2601:9:3400:aa9::1

ip6tables -t nat -A POSTROUTING -o br0 -s 1337:1337:1337:1337::/64 -j SNAT --to 1337:1337:1337:1337::1337

echo 1 > /proc/sys/net/ipv6/conf/all/forwarding


ip address add 10.10.10.10/24 dev eth1
ip -6 address add 2601:9:3400:aa9:1337::1337/80 dev eth1

cat > /etc/dns.cfg << EOF
interface=eth1
listen-address=10.10.10.10
port=0
bind-interfaces
dhcp-range=10.10.10.20,10.10.10.90,24,10.10.10.255,1h
dhcp-range=2601:9:3400:aa9:1337:0000:0000:aaaa,2601:9:3400:aa9:1337:ffff:ffff:cccc,80,1h
dhcp-option=3,10.10.10.10
dhcp-option=6,4.2.2.1,8.8.8.8
enable-ra
EOF

killall tcpdump ; killall tcpdump
killall python ; killall python

/usr/sbin/dnsmasq -C /etc/dns.cfg
/bin/bash /root/sarp.sh &
/usr/bin/python /root/ipvs.py &

#firewall

echo > /etc/resolv.conf
echo 'nameserver 4.2.2.1' >> /etc/resolv.conf
echo 'nameserver 8.8.8.8' >> /etc/resolv.conf

ifconfig br0 2601:9:3400:aa9:1337::7331/80 up
ifconfig vlan4 2601:9:3400:aa9::7331/80 up

route -A inet6 add ::/0 gw 2601:9:3400:aa9:1337::1337

ebtables -F ; ebtables -X
ebtables -t nat -F ; ebtables -t nat -X

iptables -F ; iptables -X
iptables -t nat -F ; iptables -t nat -X

#pxe server install

curl -sL 'http://www.thekelleys.org.uk/dnsmasq/dnsmasq-2.71.tar.gz' > dns.tgz
tar -xzvf dns.tgz
cd dnsmasq*
make ; ( echo 'dhcp-leasefile=/tmp/dnsmasq.leases' ; echo 'dhcp-range=10.0.0.20,10.0.0.30,255.255.255.0,1h' ; echo 'dhcp-option=3,10.0.0.10' ; echo 'dhcp-boot=pxelinux.0' ; echo 'enable-tftp' ; echo 'tftp-root=/tmp/tftpd' ) > dns.cfg
mkdir -p /tmp/tftpd

curl -sL 'http://ftp.openbsd.org/pub/OpenBSD/5.5/amd64/pxeboot' > /tmp/tftpd/pxeboot ; curl -sL 'http://ftp.openbsd.org/pub/OpenBSD/5.5/amd64/bsd.rd' > /tmp/tftpd/bsd.rd
cp /tmp/tftpd/bsd.rd /tmp/tftpd/bsd

curl -sL 'http://ftp.nl.debian.org/debian/dists/wheezy/main/installer-amd64/current/images/netboot/netboot.tar.gz' > /tmp/tftpd/netboot.tar.gz
tar -xzvf /tmp/tftpd/netboot.tar.gz -C /tmp/tftpd/ ; cp -frv /tmp/tftpd/debian-installer/amd64/* /tmp/tftpd/

#sudo ifconfig en4 inet 10.0.0.10 netmask 255.255.255.0 up
sudo killall dnsmasq
sudo ./src/dnsmasq -C ./dns.cfg

One thought on “New Buffalo DD-WRT Config && nix box && dnsmasq-dhcpd-tftpd-pxe

  1. Pingback: Quick Blog Summary | Jon's FOSS Blog ~

Leave a reply to Quick Blog Summary | Jon's FOSS Blog Cancel reply