#hostname= Buran_rod #DISTRIB_DESCRIPTION='OpenWrt 21.02.1 r16325-88151b8303' #profile = xiaomi_mi-router-3g #target = ramips #soc = mt7621 #arch = mipsel_24kc #Xiaomi Mi Router 3G custom default settings #---------------------------------------------------- #Generating cmd for install pkg #---------------------------------------------------- opkg install luci-proto-wireguard opkg install iwinfo opkg install cgi-io opkg install luci-lib-base opkg install opkg opkg install luci-app-opkg opkg install ubus opkg install rpcd opkg install luci-lib-ip opkg install libubus-lua opkg install kmod-nf-reject6 opkg install libiwinfo-lua opkg install luci-mod-system opkg install kmod-nf-flow opkg install kmod-lib-crc-ccitt opkg install getrandom opkg install kmod-gre opkg install luci-theme-bootstrap opkg install kmod-pppoe opkg install kmod-pppox opkg install luci-app-wireguard opkg install kmod-ipt-conntrack opkg install kmod-nf-reject opkg install base-files opkg install kmod-nf-nat opkg install netifd opkg install uboot-envtools opkg install dnsmasq opkg install ubusd opkg install luci-mod-status opkg install kmod-pptp opkg install kmod-usb3 opkg install firewall opkg install luci-app-firewall opkg install kmod-nf-ipt opkg install tcpdump opkg install ubi-utils opkg install kmod-ip6tables opkg install odhcp6c opkg install fstools opkg install iptables-mod-ipopt opkg install uci opkg install lua opkg install luci-ssl opkg install dropbear opkg install rpcd-mod-file opkg install mtd opkg install odhcpd-ipv6only opkg install libiwinfo-data opkg install rpcd-mod-luci opkg install urandom-seed opkg install luci-proto-ppp opkg install luci-mod-admin-full opkg install ppp opkg install luci-base opkg install kmod-leds-gpio opkg install kmod-gpio-button-hotplug opkg install logd opkg install kmod-mt7603 opkg install ppp-mod-pptp opkg install kmod-wireguard opkg install wireguard-tools opkg install luci-proto-ipv6 opkg install iptables opkg install kmod-nf-nathelper-extra opkg install jshn opkg install kmod-ipt-core opkg install kmod-ppp opkg install uhttpd opkg install kmod-nf-conntrack opkg install iptables-mod-conntrack-extra opkg install usign opkg install ip6tables opkg install kmod-nf-ipt6 opkg install luci-lib-nixio opkg install liblucihttp-lua opkg install luci-lib-jsonc opkg install luci opkg install kmod-nf-conntrack6 opkg install kmod-usb-ledtrig-usbport opkg install ubox opkg install kernel opkg install rpcd-mod-iwinfo opkg install kmod-mt76x2 opkg install luci-mod-network opkg install kmod-mppe opkg install lldpd opkg install uhttpd-mod-ubus opkg install fwtool opkg install jsonfilter opkg install hostapd-common opkg install kmod-ipt-offload opkg install urngd opkg install kmod-slhc opkg install iptables-mod-quota2 opkg install rpcd-mod-rrdns opkg install ppp-mod-pppoe opkg install kmod-ipt-nat #---------------------------------------------------- #Generating configuration Xiaomi Mi Router 3G #---------------------------------------------------- uci -q batch << EOI set dhcp.@dnsmasq[0]=dnsmasq set dhcp.@dnsmasq[0].domainneeded='1' set dhcp.@dnsmasq[0].localise_queries='1' set dhcp.@dnsmasq[0].rebind_protection='1' set dhcp.@dnsmasq[0].rebind_localhost='1' set dhcp.@dnsmasq[0].expandhosts='1' set dhcp.@dnsmasq[0].authoritative='1' set dhcp.@dnsmasq[0].readethers='1' set dhcp.@dnsmasq[0].leasefile='/tmp/dhcp.leases' set dhcp.@dnsmasq[0].resolvfile='/tmp/resolv.conf.d/resolv.conf.auto' set dhcp.@dnsmasq[0].localservice='1' set dhcp.@dnsmasq[0].ednspacket_max='1232' set dhcp.@dnsmasq[0].local='/pair.lan/' set dhcp.@dnsmasq[0].domain='pair.lan' set dhcp.@dnsmasq[0].server='/lan/10.0.254.1' set dhcp.@dnsmasq[0].address='/lampa.bb.lan/192.168.16.91' '/service.kapka.ru/10.0.254.1' '/service.lan/10.0.254.1' '/loc/10.0.254.1' '/lan/10.0.254.1' set dhcp.lan=dhcp set dhcp.lan.interface='lan' set dhcp.lan.start='100' set dhcp.lan.limit='150' set dhcp.lan.leasetime='12h' set dhcp.lan.dhcpv4='server' set dhcp.lan.ra_flags='none' set dhcp.wan=dhcp set dhcp.wan.interface='wan' set dhcp.wan.ignore='1' set dhcp.wan.start='100' set dhcp.wan.limit='150' set dhcp.wan.leasetime='12h' set dhcp.wan.ra_flags='none' set dhcp.odhcpd=odhcpd set dhcp.odhcpd.maindhcp='0' set dhcp.odhcpd.leasefile='/tmp/hosts/odhcpd' set dhcp.odhcpd.leasetrigger='/usr/sbin/odhcpd-update' set dhcp.odhcpd.loglevel='4' set dhcp.@host[0]=host set dhcp.@host[0].name='NPIB41BE2' set dhcp.@host[0].ip='172.16.1.203' set dhcp.@host[0].mac='3C:4A:92:B4:1B:E2' commit dhcp set dropbear.@dropbear[0]=dropbear set dropbear.@dropbear[0].PasswordAuth='on' set dropbear.@dropbear[0].RootPasswordAuth='on' set dropbear.@dropbear[0].Port='22' commit dropbear set firewall.@defaults[0]=defaults set firewall.@defaults[0].input='ACCEPT' set firewall.@defaults[0].output='ACCEPT' set firewall.@defaults[0].forward='REJECT' set firewall.@defaults[0].synflood_protect='1' set firewall.lan=zone set firewall.lan.name='lan' set firewall.lan.network='lan' set firewall.lan.input='ACCEPT' set firewall.lan.output='ACCEPT' set firewall.lan.forward='ACCEPT' set firewall.wan=zone set firewall.wan.name='wan' set firewall.wan.input='REJECT' set firewall.wan.output='ACCEPT' set firewall.wan.forward='REJECT' set firewall.wan.masq='1' set firewall.wan.mtu_fix='1' set firewall.wan.network='wan' 'wan6' 'inet' '' set firewall.@forwarding[0]=forwarding set firewall.@forwarding[0].src='lan' set firewall.@forwarding[0].dest='wan' set firewall.@rule[0]=rule set firewall.@rule[0].name='Allow-DHCP-Renew' set firewall.@rule[0].src='wan' set firewall.@rule[0].proto='udp' set firewall.@rule[0].dest_port='68' set firewall.@rule[0].target='ACCEPT' set firewall.@rule[0].family='ipv4' set firewall.@rule[1]=rule set firewall.@rule[1].name='Allow-Ping' set firewall.@rule[1].src='wan' set firewall.@rule[1].proto='icmp' set firewall.@rule[1].icmp_type='echo-request' set firewall.@rule[1].family='ipv4' set firewall.@rule[1].target='ACCEPT' set firewall.@rule[2]=rule set firewall.@rule[2].name='Allow-IGMP' set firewall.@rule[2].src='wan' set firewall.@rule[2].proto='igmp' set firewall.@rule[2].family='ipv4' set firewall.@rule[2].target='ACCEPT' set firewall.@rule[3]=rule set firewall.@rule[3].name='Allow-DHCPv6' set firewall.@rule[3].src='wan' set firewall.@rule[3].proto='udp' set firewall.@rule[3].src_ip='fc00::/6' set firewall.@rule[3].dest_ip='fc00::/6' set firewall.@rule[3].dest_port='546' set firewall.@rule[3].family='ipv6' set firewall.@rule[3].target='ACCEPT' set firewall.@rule[4]=rule set firewall.@rule[4].name='Allow-MLD' set firewall.@rule[4].src='wan' set firewall.@rule[4].proto='icmp' set firewall.@rule[4].src_ip='fe80::/10' set firewall.@rule[4].icmp_type='130/0' '131/0' '132/0' '143/0' set firewall.@rule[4].family='ipv6' set firewall.@rule[4].target='ACCEPT' set firewall.@rule[5]=rule set firewall.@rule[5].name='Allow-ICMPv6-Input' set firewall.@rule[5].src='wan' set firewall.@rule[5].proto='icmp' set firewall.@rule[5].icmp_type='echo-request' 'echo-reply' 'destination-unreachable' 'packet-too-big' 'time-exceeded' 'bad-header' 'unknown-header-type' 'router-solicitation' 'neighbour-solicitation' 'router-advertisement' 'neighbour-advertisement' set firewall.@rule[5].limit='1000/sec' set firewall.@rule[5].family='ipv6' set firewall.@rule[5].target='ACCEPT' set firewall.@rule[6]=rule set firewall.@rule[6].name='Allow-ICMPv6-Forward' set firewall.@rule[6].src='wan' set firewall.@rule[6].dest='*' set firewall.@rule[6].proto='icmp' set firewall.@rule[6].icmp_type='echo-request' 'echo-reply' 'destination-unreachable' 'packet-too-big' 'time-exceeded' 'bad-header' 'unknown-header-type' set firewall.@rule[6].limit='1000/sec' set firewall.@rule[6].family='ipv6' set firewall.@rule[6].target='ACCEPT' set firewall.@rule[7]=rule set firewall.@rule[7].name='Allow-IPSec-ESP' set firewall.@rule[7].src='wan' set firewall.@rule[7].dest='lan' set firewall.@rule[7].proto='esp' set firewall.@rule[7].target='ACCEPT' set firewall.@rule[8]=rule set firewall.@rule[8].name='Allow-ISAKMP' set firewall.@rule[8].src='wan' set firewall.@rule[8].dest='lan' set firewall.@rule[8].dest_port='500' set firewall.@rule[8].proto='udp' set firewall.@rule[8].target='ACCEPT' set firewall.@rule[9]=rule set firewall.@rule[9].name='Support-UDP-Traceroute' set firewall.@rule[9].src='wan' set firewall.@rule[9].dest_port='33434:33689' set firewall.@rule[9].proto='udp' set firewall.@rule[9].family='ipv4' set firewall.@rule[9].target='REJECT' set firewall.@rule[9].enabled='false' set firewall.@include[0]=include set firewall.@include[0].path='/etc/firewall.user' set firewall.@zone[2]=zone set firewall.@zone[2].name='wg' set firewall.@zone[2].input='ACCEPT' set firewall.@zone[2].output='ACCEPT' set firewall.@zone[2].forward='REJECT' set firewall.@zone[2].network='wg13' 'WG5' set firewall.@forwarding[1]=forwarding set firewall.@forwarding[1].src='wg' set firewall.@forwarding[1].dest='lan' set firewall.@forwarding[2]=forwarding set firewall.@forwarding[2].src='wg' set firewall.@forwarding[2].dest='wan' set firewall.@forwarding[3]=forwarding set firewall.@forwarding[3].src='lan' set firewall.@forwarding[3].dest='wg' commit firewall set luci.main=core set luci.main.lang='auto' set luci.main.mediaurlbase='/luci-static/bootstrap' set luci.main.resourcebase='/luci-static/resources' set luci.main.ubuspath='/ubus/' set luci.flash_keep=extern set luci.flash_keep.uci='/etc/config/' set luci.flash_keep.dropbear='/etc/dropbear/' set luci.flash_keep.openvpn='/etc/openvpn/' set luci.flash_keep.passwd='/etc/passwd' set luci.flash_keep.opkg='/etc/opkg.conf' set luci.flash_keep.firewall='/etc/firewall.user' set luci.flash_keep.uploads='/lib/uci/upload/' set luci.languages=internal set luci.sauth=internal set luci.sauth.sessionpath='/tmp/luci-sessions' set luci.sauth.sessiontime='3600' set luci.ccache=internal set luci.ccache.enable='1' set luci.themes=internal set luci.themes.Bootstrap='/luci-static/bootstrap' set luci.apply=internal set luci.apply.rollback='90' set luci.apply.holdoff='4' set luci.apply.timeout='5' set luci.apply.display='1.5' set luci.diag=internal set luci.diag.dns='openwrt.org' set luci.diag.ping='openwrt.org' set luci.diag.route='openwrt.org' commit luci set network.loopback=interface set network.loopback.device='lo' set network.loopback.proto='static' set network.loopback.ipaddr='127.0.0.1' set network.loopback.netmask='255.0.0.0' set network.globals=globals set network.globals.packet_steering='1' set network.globals.ula_prefix='fd1f:8333:f39f::/48' set network.@device[0]=device set network.@device[0].name='br-lan' set network.@device[0].type='bridge' set network.@device[0].ports='lan1' 'lan2' set network.@device[0].ipv6='0' set network.lan=interface set network.lan.device='br-lan' set network.lan.proto='static' set network.lan.netmask='255.255.255.0' set network.lan.ip6assign='60' set network.lan.ipaddr='172.16.1.1' set network.lan.delegate='0' set network.wan=interface set network.wan.device='wan' set network.wan.proto='static' set network.wan.netmask='255.255.255.0' set network.wan.ipaddr='192.168.57.195' set network.wan.gateway='192.168.57.129' set network.wan.dns='10.0.254.1' '192.168.57.129' '9.9.9.9' set network.wan6=interface set network.wan6.device='wan' set network.wan6.auto='0' set network.wan6.proto='none' set network.wg13=interface set network.wg13.proto='wireguard' set network.wg13.delegate='0' set network.wg13.addresses='10.0.2.14/30' set network.wg13.private_key='aP5OOWFJpVkC0qzxrBSja7bj+52mrx27XjiQArq1uHw=' set network.@wireguard_wg13[0]=wireguard_wg13 set network.@wireguard_wg13[0].public_key='Ez/9FgQK3VL6knCnCF95A2VTh9lsuMH6HClAy4LMAUQ=' set network.@wireguard_wg13[0].description='muromec' set network.@wireguard_wg13[0].allowed_ips='0.0.0.0/0' set network.@wireguard_wg13[0].endpoint_host='muromec.kapka.ru' set network.@wireguard_wg13[0].endpoint_port='12013' set network.inet=interface set network.inet.proto='pptp' set network.inet.username='pp_SviridovSP' set network.inet.password='123456' set network.inet.ipv6='0' set network.inet.delegate='0' set network.inet.mtu='1460' set network.inet.server='192.168.39.1' set network.inet.auto='0' set network.@device[1]=device set network.@device[1].name='eth0' set network.@device[1].ipv6='0' set network.@device[2]=device set network.@device[2].name='wan' set network.@device[2].macaddr='74:d0:2b:67:0a:0d' set network.@device[2].ipv6='0' set network.@wireguard_wg5[0]=wireguard_wg5 set network.@wireguard_wg5[0].description='reut' set network.@wireguard_wg5[0].allowed_ips='0.0.0.0/0' set network.WG5=interface set network.WG5.proto='wireguard' set network.WG5.addresses='10.0.1.6/30' set network.WG5.private_key='oCJWf4QTd4fhgs1iosYq0tmNMvyshqjcJr5AcXXN3XA=' set network.@wireguard_WG5[0]=wireguard_WG5 set network.@wireguard_WG5[0].description='turbo.kapka.ru' set network.@wireguard_WG5[0].endpoint_host='turbo.kapka.ru' set network.@wireguard_WG5[0].endpoint_port='12105' set network.@wireguard_WG5[0].allowed_ips='0.0.0.0/0' set network.@wireguard_WG5[0].public_key='uu5qWom+kaIS/LEakW7wjlFYWPtLrv+5+qxZY1S82mc=' set network.@wireguard_WG5[0].preshared_key='IOF3+lT+4x/hvKfgFwFC7Nly8UnUwy7Grl6w1IC3r1k=' commit network set rpcd.@rpcd[0]=rpcd set rpcd.@rpcd[0].socket='/var/run/ubus/ubus.sock' set rpcd.@rpcd[0].timeout='30' set rpcd.@login[0]=login set rpcd.@login[0].username='root' set rpcd.@login[0].password='$p$root' set rpcd.@login[0].read='*' set rpcd.@login[0].write='*' commit rpcd set system.@system[0]=system set system.@system[0].ttylogin='0' set system.@system[0].log_size='64' set system.@system[0].urandom_seed='0' set system.@system[0].compat_version='1.1' set system.@system[0].hostname='Buran_rod' set system.@system[0].zonename='Etc/GMT+3' set system.@system[0].timezone='<-03>3' set system.@system[0].log_proto='udp' set system.@system[0].conloglevel='8' set system.@system[0].cronloglevel='5' set system.ntp=timeserver set system.ntp.server='0.openwrt.pool.ntp.org' '1.openwrt.pool.ntp.org' '2.openwrt.pool.ntp.org' '3.openwrt.pool.ntp.org' commit system set ubootenv.@ubootenv[0]=ubootenv set ubootenv.@ubootenv[0].dev='/dev/mtd1' set ubootenv.@ubootenv[0].offset='0x0' set ubootenv.@ubootenv[0].envsize='0x1000' set ubootenv.@ubootenv[0].secsize='0x20000' commit ubootenv set ucitrack.@network[0]=network set ucitrack.@network[0].init='network' set ucitrack.@network[0].affects='dhcp' set ucitrack.@wireless[0]=wireless set ucitrack.@wireless[0].affects='network' set ucitrack.@firewall[0]=firewall set ucitrack.@firewall[0].init='firewall' set ucitrack.@firewall[0].affects='luci-splash' 'qos' 'miniupnpd' set ucitrack.@olsr[0]=olsr set ucitrack.@olsr[0].init='olsrd' set ucitrack.@dhcp[0]=dhcp set ucitrack.@dhcp[0].init='dnsmasq' set ucitrack.@dhcp[0].affects='odhcpd' set ucitrack.@odhcpd[0]=odhcpd set ucitrack.@odhcpd[0].init='odhcpd' set ucitrack.@dropbear[0]=dropbear set ucitrack.@dropbear[0].init='dropbear' set ucitrack.@httpd[0]=httpd set ucitrack.@httpd[0].init='httpd' set ucitrack.@fstab[0]=fstab set ucitrack.@fstab[0].exec='/sbin/block mount' set ucitrack.@qos[0]=qos set ucitrack.@qos[0].init='qos' set ucitrack.@system[0]=system set ucitrack.@system[0].init='led' set ucitrack.@system[0].exec='/etc/init.d/log reload' set ucitrack.@system[0].affects='luci_statistics' 'dhcp' set ucitrack.@luci_splash[0]=luci_splash set ucitrack.@luci_splash[0].init='luci_splash' set ucitrack.@upnpd[0]=upnpd set ucitrack.@upnpd[0].init='miniupnpd' set ucitrack.@ntpclient[0]=ntpclient set ucitrack.@ntpclient[0].init='ntpclient' set ucitrack.@samba[0]=samba set ucitrack.@samba[0].init='samba' set ucitrack.@tinyproxy[0]=tinyproxy set ucitrack.@tinyproxy[0].init='tinyproxy' commit ucitrack set uhttpd.main=uhttpd set uhttpd.main.listen_http='0.0.0.0:80' '[::]:80' set uhttpd.main.listen_https='0.0.0.0:443' '[::]:443' set uhttpd.main.redirect_https='0' set uhttpd.main.home='/www' set uhttpd.main.rfc1918_filter='1' set uhttpd.main.max_requests='3' set uhttpd.main.max_connections='100' set uhttpd.main.cert='/etc/uhttpd.crt' set uhttpd.main.key='/etc/uhttpd.key' set uhttpd.main.cgi_prefix='/cgi-bin' set uhttpd.main.lua_prefix='/cgi-bin/luci=/usr/lib/lua/luci/sgi/uhttpd.lua' set uhttpd.main.script_timeout='60' set uhttpd.main.network_timeout='30' set uhttpd.main.http_keepalive='20' set uhttpd.main.tcp_keepalive='1' set uhttpd.main.ubus_prefix='/ubus' set uhttpd.defaults=cert set uhttpd.defaults.days='730' set uhttpd.defaults.key_type='ec' set uhttpd.defaults.bits='2048' set uhttpd.defaults.ec_curve='P-256' set uhttpd.defaults.country='ZZ' set uhttpd.defaults.state='Somewhere' set uhttpd.defaults.location='Unknown' set uhttpd.defaults.commonname='OpenWrt' commit uhttpd set wireless.radio0=wifi-device set wireless.radio0.type='mac80211' set wireless.radio0.channel='11' set wireless.radio0.hwmode='11g' set wireless.radio0.path='1e140000.pcie/pci0000:00/0000:00:00.0/0000:01:00.0' set wireless.radio0.htmode='HT20' set wireless.radio0.cell_density='0' set wireless.default_radio0=wifi-iface set wireless.default_radio0.device='radio0' set wireless.default_radio0.network='lan' set wireless.default_radio0.mode='ap' set wireless.default_radio0.key='23637387581' set wireless.default_radio0.encryption='sae-mixed' set wireless.default_radio0.ssid='Buran' set wireless.radio1=wifi-device set wireless.radio1.type='mac80211' set wireless.radio1.channel='36' set wireless.radio1.hwmode='11a' set wireless.radio1.path='1e140000.pcie/pci0000:00/0000:00:01.0/0000:02:00.0' set wireless.radio1.htmode='VHT80' set wireless.radio1.cell_density='0' set wireless.default_radio1=wifi-iface set wireless.default_radio1.device='radio1' set wireless.default_radio1.network='lan' set wireless.default_radio1.mode='ap' set wireless.default_radio1.ssid='Buran-5G' set wireless.default_radio1.encryption='sae-mixed' set wireless.default_radio1.key='23637387581' commit wireless EOI #---------------------------------------------------- #Generating conf file #---------------------------------------------------- # WARNING: /etc/mosquitto не существует #Gen file /etc/bird.conf mkdir -p "/etc" cat << 'CFGEOF' > "/etc/bird.conf" #FIG FILE IS NOT A COMPLETE DOCUMENTATION # PLEASE LOOK IN THE BIRD DOCUMENTATION FOR MORE INFO # However, most of options used here are just for example # and will be removed in real-life configs. log syslog all; # Override router ID router id 172.16.1.1; # Turn on global debugging of all protocols #debug protocols all; ipv4 table bgpban; ipv4 table ospfmy; #ipv4 table master; # Define a route filter... # filter test_filter { # if net ~ 10.0.0.0/16 then accept; # else reject; # } filter fltOSPF { if net = 192.168.0.0/16 then reject; if net = 172.16.0.0/12 then reject; else accept; } # The direct protocol automatically generates device routes to all network # interfaces. Can exist in as many instances as you wish if you want to # populate multiple routing tables with device routes. Because device routes # are handled by Linux kernel, this protocol is usually not needed. protocol direct { interface "-wan","-3g-wan1", "*"; # Restrict network interfaces it works with ipv4;# { # table ospfmy; # table bgpban; #import where net !=0.0.0.0/0; #export where net !=0.0.0.0/0; # }; #debug all; } # This pseudo-protocol watches all interface up/down events. protocol device { scan time 10; # Scan interfaces every 10 seconds } # Static routes (again, there can be multiple instances, so that you # can disable/enable various groups of static routes on the fly). #protocol static { # export all; # Default is export none # route 0.0.0.0/0 via 62.168.0.13; # route 10.0.0.0/8 reject; # route 192.168.0.0/16 reject; #} #protocol rip { # disabled; # import all; # export all; # export filter test_filter; # port 1520; # period 7; # infinity 16; # garbage time 60; # interface "*" { mode broadcast; }; # honor neighbor; # honor always; # honor never; # authentication none; #} ######################### OSPF # This pseudo-protocol performs synchronization between BIRD's routing # tables and the kernel. You can run multiple instances of the kernel # protocol and synchronize different kernel tables with different BIRD tables. protocol kernel ospfMyKern { ipv4 { table ospfmy; # table bgpban; # import filter fltOSPF; # import all; # import where source != RTS_DEVICE; # export where source != RTS_DEVICE && net !=0.0.0.0/0; export all; }; learn; # Learn all alien routes from the kernel # persist; # Don't remove routes on bird shutdown scan time 60; # Scan kernel routing table every 20 seconds # import none; # Default is import all # import all; # export all; # Default is export none # device routes yes; kernel table 10; # merge paths switch 16; metric 10; #debug all; } protocol kernel bgpbanKern { ipv4 { table bgpban; # import all; export all; }; learn; # Learn all alien routes from the kernel # persist; # Don't remove routes on bird shutdown scan time 60; # Scan kernel routing table every 20 seconds # import none; # Default is import all # import all; # export all; # Default is export none # device routes yes; kernel table 11; # merge paths switch 16; metric 10; } #protocol kernel { # ipv4 { # table master4; ## export all; #import all; # }; # persist; # learn; # scan time 60; # kernel table 254; #} protocol pipe { table ospfmy; peer table master4; # peer table bgpban; import where net !=0.0.0.0/0; export where net !=0.0.0.0/0; #export all; #export where source != RTS_DEVICE; #debug all; } protocol ospf ASWG { # disabled; ipv4 { table ospfmy; # import filter fltOSPF; import all; export all; }; # import all; # export all; # import filter { print ">>>>>>imp net accepted:", net; accept; }; # export filter { print ">>>>>>exp net accepted:", net; accept; }; # export where source = RTS_STATIC; area 0 { # networks { # 10.0.1.0/24; # 10.0.2.0/24; # }; interface "wg13" { #9 cost 60; hello 10; retransmit 5; wait 40; dead 40; type pointopoint; priority 30; # authentication simple; # password "pass"; }; interface "wg5" { cost 5; hello 10; retransmit 5; wait 40; dead 40; type pointopoint; priority 5; # authentication simple; # password "pass"; }; }; } #########################BGP # This pseudo-protocol performs synchronization between BIRD's routing # tables and the kernel. You can run multiple instances of the kernel # protocol and synchronize different kernel tables with different BIRD tables. #protocol kernel { # table bgpban; # learn; # Learn all alien routes from the kernel # persist; # Don't remove routes on bird shutdown # scan time 60; # Scan kernel routing table every 20 seconds # import none; # Default is import all # import all; # export all; # Default is export none #} protocol bgp { # disabled; ipv4 { table bgpban; import all; export all; }; # import all; # export all; # export where source = RTS_STATIC; local as 65014; neighbor 10.0.2.13 as 65013; # multihop 20 via 10.0.2.9; # multihop; # hold time 240; # startup hold time 240; # connect retry time 120; # keepalive time 80; # defaults to hold time / 3 # start delay time 5; # How long do we wait before initial connect # error wait time 60, 300;# Minimum and maximum time we wait after an error (when consecutive # # errors occur, we increase the delay exponentially ... # error forget time 300; # ... until this timeout expires) # disable after error; # Disable the protocol automatically when an error occurs # next hop self; # Disable next hop processing and always advertise our local address as nexthop # source address 62.168.0.14; # What local address we use for the TCP connection # password "secret" # Password used for MD5 authentication # rr client; # I am a route reflector and the neighor is my client # rr cluster id 1.0.0.1 # Use this value for cluster id instead of my router id # }; } CFGEOF # WARNING: /etc/bird4.conf не существует # WARNING: /etc/init.d/y_startup не существует #Gen file /etc/rc.local mkdir -p "/etc" cat << 'CFGEOF' > "/etc/rc.local" # Put your custom commands here that should be executed once # the system init finished. By default this file does nothing. iptables -t mangle -A PREROUTING -i wan -j TTL --ttl-inc 1 iptables -t mangle -A PREROUTING -i pptp-inet -j TTL --ttl-inc 1 #use routing table 10 (OSPFmy) ip rule add priority 10 from all lookup 10 #(birdban) ip rule add priority 10 from all lookup 11 exit 0 CFGEOF # WARNING: /etc/init.d/vsftpd не существует #---------------------------------------------------- #Generating cron #---------------------------------------------------- #save config to muromec 0 3 * * 1 sh /root/bkpscript/backup_script.sh