[Note: This post is now obsolete - the calling syntax was rewritten in RT 2.5 and the script does not stay resident in memory, it is only called when required by ppp ip-up and ip-down scripts, see readme in firmware distribution]
OK I have now incorporated the iptables commands above, but left the default route command in because the default route seems to get lost when changing the ppp IP address.
The script now attempts to do all the configuration required, using the local IP addresses, lease time and a web based enable (fudge) flag.
To use this script.
1. The modem/router must be set up and operate successfully in normal 'NAT routing mode' with time set via sntp, dyndns updated by ddns etc.
2. Important variables for half bridge mode are
a) The LAN dhcp lease_time. This defaults to 3600 seconds in the web GUI, for half bridge mode this should be set to about 60 seconds. The script will read the value set through the web screen when it starts - this allows the user to customize. A longer time means changes are not picked up quickly but processor/ bandwidth wasted in dhcp messages is reduced.
b) The string "pppHB" must be added to the hostname or domain (default AR7D) in the LAN Group setup. This is a 'fudge' it just turns out it is easy for the script to monitor this string, if it is not there the half bridge script will exit. If everything goes wrong resetting to defaults will also disable the half-bridge script. Adding a custom web screen flag is not easy - I won't be doing that!
c) The modem will continue to be accessible from the LAN using whatever the Local IP address is set to (default 192.168.1.1, but it generally recommended to change this). If something goes wrong with the dhcp IP address transfer - setting the client PC to a static IP address in the same range as the modem should restore access to the modem for diagnostics.
The attached script is intended to be run in the future using the Routertech Autoexec.sh function, after the modem has booted, set the time, updated ddns, sent welcome emails etc. In half bridge mode the modem itself doesn't have internet access so the script attempts to turn off NAT,SNTP,DNS,UPNP using CLI commands equivalent to those used by the web interface (see Routertech guide in firmware distribution for more info). If settings are "saved" while in half-bridge mode these changes will also be saved which may not be what you want.
Brief documentation on the script
Stage 1, Initialization
The script accepts one parameter, the main loop pause time which defaults to 30 seconds. The script will not start if the string b) above doesn't appear in the 'hosts file'.
Stage 2, setup operation managing the dhcp process, initially with the same configuration file as set by the user through the web interface.
Stage 3, main loop
Continuously monitor DSL and ppp state setting up routing and dhcp configuration as appropriate to enable the connected PC/router to obtain and operate with the ISP supplied IP address, netmask and Gateway.
The attached script was last edited on my modem, then compressed with
Code: Select all
/var/nvramdir # tar -cz -f pppHB.tgz pppHB.sh
Then zipped under windows as this message board doesn't allow tgz attachments.
If you would like to test it - it needs to be unzipped, untarred, got onto the modem and made executable before running.
If sufficient positive feedback I hope it will be distributable with next version of Routertech firmware which will make this a bit easier!
Note - it seems to work for me. Main issue to be addressed is configuration of firewall with IPtables commands. The outgoing firewall is configured as discussed above in this thread. The incoming firewall is not deliberately disabled but turning off NAT effectively disables it.[*] Some additional rules may be added to ensure access to the modem from the WAN is prevented - but in half -bridge mode everything should be passed on to the connected machine which needs the firewall for the LAN. Further configuration may also be needed for 'multicast' (as above).
In final testing on both Windows and Linux I have observed some warning error messages which I may be able to get rid off. When changing IP address it appears the rules using ppp0 sometimes disappear and do not need to be explicitly deleted removed. Other improvements will be bug fixes and more checks to make the script more robust for 'general use'.
Unfortunately this does not work with my WRT54GS because the WRT54GS firmware expects the gateway to be in the same network as the IP address. This can be fixed with 2 extra route commands on the WRT54GS, but an alternative method is to spoof the netmask given to the router. I have now added this as an option to the script, and will post update when passed my tests - but this is added with it running... I have also fixed the problem with the WRT54GS by adding a custom firewall script - details over at linksysinfo Hyperwrt forum. The same firewall script also appears to work with the same half-bridge Gateway problem using Tomato [update]and dd-wrt[/update] firmware:
http://www.linksysinfo.org/forums/showt ... hp?t=52937
New version attached, accepts a second parameter to spoof the netmask should the router need it
Code: Select all
# RouterTech AR7* Firmware Shell Script
# Function: Manage ppp Half-Bridge mode
# Author: mstombs
# Date: 13 May 2007 Amended 16 May 2007 BETA 2
# Usage: ./pppHB.sh [check_wait] [N8 N16 N24 N32]
# The second parameter instructs the modem to ignore the ISP
# netmask and force a specific netmask to be used
# -----------------------------------------------
Choices for netmask are
N8) NETMASK="255.0.0.0" ;;
N16) NETMASK="255.255.0.0" ;;
N24) NETMASK="255.255.255.0" ;;
N32) NETMASK="255.255.255.255" ;;
I've also found out how to send messages to the system log so a successful boot into half-bridge mode now looks like
Code: Select all
May 11 22:06:09 | Valid Configuration Tree
May 11 22:06:09 | NTP Polling Timer for DHCP Started succesfully.
May 11 22:06:09 | DSL Polling Timer Started succesfully.
May 11 22:06:09 | PSP Boot environment Modem Modulation Change: 0x3
May 11 22:06:10 | Firewall NAT service started
May 11 22:06:10 | Bridge Created: br0
May 11 22:06:12 | Bridge Created: br1
May 11 22:06:13 | Bridge Created: br2
May 11 22:06:14 | Bridge Interface Added: eth0
May 11 22:06:16 | Add Bridge Iface Error: 1
May 11 22:06:16 | crond 2.3.2 dillon, started, log level 8
May 11 22:06:19 | DSL Carrier is down
May 11 22:06:29 | DSL Carrier is up
May 11 22:06:30 | sar read trained mode (1)(ADSL_G.dmt)
May 11 22:06:30 | pppd 2.4.1 started by root, uid 0
May 11 22:06:30 | Connect: ppp0 {--}
May 11 22:06:30 | Couldn't increase MTU to 1500
May 11 22:06:31 | PPPoA Connect with IP Address 89.243.45.142
May 11 22:06:31 | PPPoA Connection Successfully Established
May 11 22:06:31 | PPPoA Connect with Gateway IP Address: 89.243.32.1
May 11 22:06:31 | local IP address 89.243.45.142
May 11 23:06:32 | remote IP address 89.243.32.1
May 11 23:06:32 | primary DNS address 62.24.252.135
May 11 23:06:32 | secondary DNS address 62.24.252.134
May 11 23:06:35 | PPPD Successfully Started
May 11 23:06:42 | DDNS dyndns: Update Successful ip 89.243.45.142 from ppp0
May 16 23:48:35 | pppHB: Using main loop wait time of 20 seconds
May 16 23:48:36 | Firewall NAT service stopped
May 16 23:48:38 | pppHB: udhcpd started with conf /var/tmp/pppHBdefault.conf
May 16 23:48:39 | pppHB: DSL Conn status US Rate: 448 DS Rate: 7904
May 16 23:48:39 | pppHB: IP=89.243.45.142 ;GW=89.243.32.1 ;MK=255.255.255.255
May 16 23:48:39 | pppHB: udhcpd started for 89.243.45.142
May 16 23:48:48 | time disparity of 7242 minutes detected
If half bridge mode stopped from web screen (clear "pppHB" from hostname) modem is now put back into NAT with FIREWALL and normal dhcp enabled.
I have tidied up the code as far as I can - now does pretty much all I want...
[update post: adding html instructions in form of FAQ]
[update: An updated version of the script now built into Routertech 2.3, this uses the new RT2.3 function cm_cli_ex to configure the modem, so the example script that was posted here has been removed]
[*] WARNING, the firewall is completely disabled by the script, can be restarted and checked by the Linux commands
Code: Select all
/var # echo 1 >/proc/net/firewall_start
/var # cat /proc/net/firewall_start
Current Firewall State is 1.
[update in response to query, not yet in html doc]The half bridge script can be made to auto run on router boot up without also leaving autoexec.sh running with a pair of environment variables
Code: Select all
setenv RT_CMD_1 "cd /var;echo \"pppHB.sh &\" >hb.sh;chmod +x hb.sh"
setenv autoexec.sh /var/hb.sh
The first creates a small executable script file called by the second run by the autoexec.sh. This 2 step approach seems to be needed to be able to get the trailing "&" on the command in - this allows the calling script to continue and exit leaving just pppHB.sh running.