OpenWrt / LEDE - alternative firmware | [firmware] OpenWrt / LEDE - discussion and problem solving
In the wiki OpenWRT for some time there isClaimed instructions, you can try on it.
What I wrote was written by the crumbles of information collected from different parts of the old wiki, and worked at least during the time of 15.x, for sure, and since 18.x, the need for the transfer of an overlay has already disappeared.
Post has been editedDart raiden - 06.03.20, 23:10
What I wrote was written by the crumbles of information collected from different parts of the old wiki, and worked at least during the time of 15.x, for sure, and since 18.x, the need for the transfer of an overlay has already disappeared.
Post has been editedDart raiden - 06.03.20, 23:10
Grey087 @ 06.03.20, 17:24
Tell me, do not change the password only possible, but also login to the admin area, as is done in Padawan? And then login root ....
Nothing bad in the login root is not if you do not put the router in the Internet.
I really want to change in the / etc / passwd file
But if you put in the Internet SSH, it is better to add an unprivileged user, hang another port for SSH in which it is forbidden to input for root, and install SU.
There will be a type like this: we entered the usual user and made "su -".
Install SU.
--------------------------------
opkg update
Opkg Install Shadow-Su
Add user
--------------------------------
User = "UserName"
UID = "999"
Gid = "$ uid"
Home = "/ TMP"
Shell = "/ bin / ash"
echo "$ {user}: x: $ {uid}: $ {gid} :: $ {home}: $ {shell}">>/ Etc / passwd
Echo "$ {User}: *: 0: 0: 99999: 7 :::">>/ etc / shadow
Echo "$ {User}: X: $ {gid}:">>/ Etc / group
Set user password
--------------------------------
Passwd "$ User"
Set up dropbear.
--------------------------------
In DropBear, for external SSH port (for example 222)
Prohibit root authorization option RootPasswordauth:
Nano / etc / Config / Dropbear
-----
config dropbear
option PasswordAuth 'on'
OPTION PORT '222'
OPTION ROOTPASSWORDAUTH 'OFF'
-----
Restart service
--------------------------------
/etc/init.d/dropbear Restart.
--------------------------------
opkg update
Opkg Install Shadow-Su
Add user
--------------------------------
User = "UserName"
UID = "999"
Gid = "$ uid"
Home = "/ TMP"
Shell = "/ bin / ash"
echo "$ {user}: x: $ {uid}: $ {gid} :: $ {home}: $ {shell}">>/ Etc / passwd
Echo "$ {User}: *: 0: 0: 99999: 7 :::">>/ etc / shadow
Echo "$ {User}: X: $ {gid}:">>/ Etc / group
Set user password
--------------------------------
Passwd "$ User"
Set up dropbear.
--------------------------------
In DropBear, for external SSH port (for example 222)
Prohibit root authorization option RootPasswordauth:
Nano / etc / Config / Dropbear
-----
config dropbear
option PasswordAuth 'on'
OPTION PORT '222'
OPTION ROOTPASSWORDAUTH 'OFF'
-----
Restart service
--------------------------------
/etc/init.d/dropbear Restart.
Post has been editedmnsold - 07.03.20, 01:38
MNSOLD @ 07.03.20, 03:37
But if you exhibit in the Internet SSH, it is better to add an unprivileged user ...
Dropbear Public-Key Authentication (OpenWrt.org)
salexa The solution is correct, but not always necessary and convenient, for example, you need to connect to the device on which the key is not pre-installed, but to keep the key so that in the case of which it can be obtained, so-so a solution.
mnsold If you are set in the Internet - authentication is done on the key, and the password input is turned off, and the SSH port from 22 changes, otherwise the SSH in the Internet is better not to set, they say Chinese bots will agal to pick up the password ... although you can make as Padavan who 3 times incorrectly enters the password, I don't know how much it can help Post has been editedMultik001 - 07.03.20, 14:56
Tell me how the option works and what does it affect the "disable tracking the inactivity of customers" in additional Wi-Fi settings?
I have a Wi-Fi TV when turned on for a long time. In the range of 5GHz there are no longer customers. Previously, Padavan stood, Wi-Fi was turned on there immediately, there is apparently shutdown goes on inactivity: blush:
Post has been editedgrey087 - 07.03.20, 18:17
I have a Wi-Fi TV when turned on for a long time. In the range of 5GHz there are no longer customers. Previously, Padavan stood, Wi-Fi was turned on there immediately, there is apparently shutdown goes on inactivity: blush:
Post has been editedgrey087 - 07.03.20, 18:17
Good evening all. Maybe someone came to tell. Little to LUCI on LEDE Latest OpenWrt 19.07.1 R10911, Router TP Link 1043, the memory is transferred to the pocket in it SSD, SWAP, too, with overlay on it. The following in the following, when copying to the repository Router speed fell C ~ 15-20 MB / s. On 10. Nobody noticed this? Maybe there is some solution? The network is connected to 1GB / s.
Posted on 07/03/2020, 20:14
And also, stopped seeing a pocket who worked on Luci without problems and on normal speed. After the transition did not have the ice, I had to find another. You don't see such a coatroller. Ice.
Posted on 07/03/2020, 20:14
And also, stopped seeing a pocket who worked on Luci without problems and on normal speed. After the transition did not have the ice, I had to find another. You don't see such a coatroller. Ice.
Tell me what needs to be installed in OpenWRT 07/19/02 In order for this setting in Windows?
The problem is that after installation from the LUCI-App-UPNP web interface, while only one game cannot configure the redirection on the PC, any torrent is set up, so in Windows there is no "General" tab. But any other firmware (Padavan, official from Xiaomi) gives such an opportunity, and they use the same miniUPNPD. I ask for help.
Post has been editedDuToM - 07.03.20, 21:03
Multik001, There is no sense from changing the port, calculated at times
not that the passwords are constantly picking up, but 2 real attempts watched at home, one in August 2018, the second in January 2020, both times the attack went about 20 days, then throw, but they scan straight constantly, and not only the Chinese, yes And there is a lock on ip, too, only not according to authorization attempts, and even at the compound stage
Thanks for the advice, but the choice is conscious
ugdvor , Can someone help with EXTROOT extension or somehow expand the repository for cakes and applications?
Can anyone tell me how to implement NAT LOOPBACK for UPNP?
Post has been editedBRINEY - 08.03.20, 11:48
Post has been editedBRINEY - 08.03.20, 11:48
Briney, what for?
Inside the network to go to the same network via NAT on a perimeter?
Post has been editedsegerist - 08.03.20, 11:53
Segerist @ 08.03.20, 15:53
what for?
There is a certain resource for nat, you have to fall on it both within the network, and outside through the external IP from any device without additional settings on the device itself
Briney @ 03/08/20, 11:56
There is a certain resource for nat, you need to fall on it as within the network
Inside the network, this resource has internal IP
on it and should be
Briney @ 03/08/20, 11:56
So outside through external IP
This is done by the Rule of Publication of the Resource (port forwarding (s)) on Fervol
Briney @ 03/08/20, 11:56
from any device without additional settings on the device itself
The resource apparently has some name, for example, www.resurs.ru
In order for this name within the network, to enter the IP address inside the same network - you need to configureDNS In this network, so that the name www.resurs.ru was allowed to local IP
Thus, any device will refer to a resource named www.resusrs.ru, being "in the Internet" will fall on the external IP, and being inside the network will fall on the internal IP
It will be right
Post has been editedsegerist - 08.03.20, 12:08
segerist, Internal and external port vary
If you specify a port through Port Forwards - NAT LOOPBACK is used there, the question of how to configure it for ports open via UPNP
Post has been editedBRINEY - 08.03.20, 12:11
Briney @ 08.03.20, 12:09
Internal and external port vary
If this is a web resource, then it can be hung on two ports.
Post has been editedsegerist - 08.03.20, 12:11
Briney @ 08.03.20, 12:12
Other ports are used
What other? unclear
Use the same port to use the same port on which resource is published outside?
can
segerist You can not, for example, within the network, the resource for 80 ports, I can not 80 port on the exterior, as it is busy. I also can't change the port on the piece of iron itself. There is NAT LOOPBACK and he always worked on Padavan and DDWR. Here it also works, but only for manual forwarding, but for UPNP there.©savagemessiahzine.com2005-2020 All rights reserved.
savagemessiahzine.com®- registered trademark.
Terms of Use | Denial of responsibility | Advertising placement
savagemessiahzine.com®- registered trademark.
Terms of Use | Denial of responsibility | Advertising placement