Hola a todos!
Despues de 6 horas intentando enteder por que no me funcionaba, la solución fue bastante tonta. Os cuento que he conseguido hacer funcionar un router TP-Link wr-1043ND version 1.8 comprado en ciudadwireless como a finales de 2010 con la instalación de FTTH de Movistar, sustituyendo el actual Belkin Play Max con Tomato RAF 1.28.9013, consiguiendo en este paso poder acceder a VoIP desde un softphone.
Hasta ahora tenia puesto DD-WRT versión v24-sp2 std build 21153. El paso a OpenWRT no ha sido directo, pues al intentar fashsear desde DD-WRT no deja. Asi que lei que con el paso intermedio de ponerlo con el firmware original se pudo llevar a cabo, podeis encontrar este firware
aquiUna vez con el firmware original, vamos a la página de OpenWRT, y buscamos la version que deseamos descargar, en mi caso
openwrt-ar71xx-tl-wr1043nd-v1-squashfs-factory.bin como segun informa la pagina de OpenWRT que nos corresponde instalar para la version 1.8 de este router. Las instalación se demora unos 5 minutos. El usuario y la contraseña son: root y admin.
Una vez conseguido esto, accedemos al router, cambiamos la contraseña, asi como la red de la parte lan, en mi caso paso de la 192.168.1.x a la 192.168.10.x. Hecho esto, y con ayuda de los tutoriales que pueden encontrar en el primer post de este hilo, configuramos el router. Para no repetir lo que ya esta puesto en los tutoriales de manera muy clara, os añado la configuración de /etc/config/network que me ha funcionado y donde tenia el error que me impedia navegar, aunque si tuviese acceso a la VoIP de Movistar.
/etc/config/network
config 'switch'
option 'name' 'rtl8366rb'
option 'reset' '1'
option 'enable_vlan' '1'
config 'switch_vlan'
option 'device' 'rtl8366rb'
option 'vlan' '1'
option 'ports' '1 2 3 4 5t'
config 'switch_vlan'
option 'device' 'rtl8366rb'
option 'ports' '0t 5t'
option 'vlan' '6'
config 'switch_vlan'
option 'device' 'rtl8366rb'
option 'ports' '0t 5t'
option 'vlan' '3'
config 'interface' 'loopback'
option 'ifname' 'lo'
option 'proto' 'static'
option 'ipaddr' '127.0.0.1'
option 'netmask' '255.0.0.0'
config 'interface' 'lan'
option 'ifname' 'eth0.1'
option 'type' 'bridge'
option 'proto' 'static'
option 'netmask' '255.255.255.0'
option 'ipaddr' '192.168.10.1'
option 'dns' '8.8.8.8 8.8.4.4'
config 'interface' 'wan'
option 'proto' 'pppoe'
option 'username' 'adsl@telefonicanetpa'
option 'password' 'adslppp'
option 'ifname' 'eth0.6'
config 'interface' 'voip'
option 'ifname' 'eth0.3'
option 'proto' 'dhcp'
#option 'accept_ra' '0'
option 'defaultroute' '0'
option 'peerdns' '0'
option 'gateway' '0.0.0.0'
Y ya que estoy pongo el /etc/config/firewall, que como vereis solo esta añadido lo que pone en los tutoriales
/etc/config/firewall
config defaults
option syn_flood 1
option input ACCEPT
option output ACCEPT
option forward REJECT
# Uncomment this line to disable ipv6 rules
# option disable_ipv6 1
config zone
option name lan
option network 'lan'
option input ACCEPT
option output ACCEPT
option forward REJECT
config zone
option name wan
option network 'wan'
option input REJECT
option output ACCEPT
option forward REJECT
option masq 1
option mtu_fix 1
config zone
option name voip
option network 'voip'
option input ACCEPT
option output ACCEPT
option forward REJECT
option masq 1
config forwarding
option src lan
option dest wan
config forwarding
option dest 'voip'
option src 'lan'
# We need to accept udp packets on port 68,
# see https://dev.openwrt.org/ticket/4108
config rule
option name Allow-DHCP-Renew
option src wan
option proto udp
option dest_port 68
option target ACCEPT
option family ipv4
# Allow IPv4 ping
config rule
option name Allow-Ping
option src wan
option proto icmp
option icmp_type echo-request
option family ipv4
option target ACCEPT
# Allow DHCPv6 replies
# see https://dev.openwrt.org/ticket/10381
config rule
option name Allow-DHCPv6
option src wan
option proto udp
option src_ip fe80::/10
option src_port 547
option dest_ip fe80::/10
option dest_port 546
option family ipv6
option target ACCEPT
# Allow essential incoming IPv6 ICMP traffic
config rule
option name Allow-ICMPv6-Input
option src wan
option proto icmp
list icmp_type echo-request
list icmp_type destination-unreachable
list icmp_type packet-too-big
list icmp_type time-exceeded
list icmp_type bad-header
list icmp_type unknown-header-type
list icmp_type router-solicitation
list icmp_type neighbour-solicitation
list icmp_type router-advertisement
list icmp_type neighbour-advertisement
option limit 1000/sec
option family ipv6
option target ACCEPT
# Allow essential forwarded IPv6 ICMP traffic
config rule
option name Allow-ICMPv6-Forward
option src wan
option dest *
option proto icmp
list icmp_type echo-request
list icmp_type echo-reply
list icmp_type destination-unreachable
list icmp_type packet-too-big
list icmp_type time-exceeded
list icmp_type bad-header
list icmp_type unknown-header-type
option limit 1000/sec
option family ipv6
option target ACCEPT
# include a file with users custom iptables rules
config include
option path /etc/firewall.user
### EXAMPLE CONFIG SECTIONS
# do not allow a specific ip to access wan
#config rule
# option src lan
# option src_ip 192.168.45.2
# option dest wan
# option proto tcp
# option target REJECT
# block a specific mac on wan
#config rule
# option dest wan
# option src_mac 00:11:22:33:44:66
# option target REJECT
# block incoming ICMP traffic on a zone
#config rule
# option src lan
# option proto ICMP
# option target DROP
# port redirect port coming in on wan to lan
#config redirect
# option src wan
# option src_dport 80
# option dest lan
# option dest_ip 192.168.16.235
# option dest_port 80
# option proto tcp
### FULL CONFIG SECTIONS
#config rule
# option src lan
# option src_ip 192.168.45.2
# option src_mac 00:11:22:33:44:55
# option src_port 80
# option dest wan
# option dest_ip 194.25.2.129
# option dest_port 120
# option proto tcp
# option target REJECT
#config redirect
# option src lan
# option src_ip 192.168.45.2
# option src_mac 00:11:22:33:44:55
# option src_port 1024
# option src_dport 80
# option dest_ip 194.25.2.129
# option dest_port 120
# option proto tcp
Y por último para que no quede descolgado la configuración de bird4.
/etc/bird4.conf
# THIS CONFIG FILE IS NOT A COMPLETE DOCUMENTATION
# PLEASE LOOK IN THE BIRD DOCUMENTATION FOR MORE INFO
# However, most of options used here are just for example
# and will be removed in real-life configs.
log syslog all;
# Override router ID
router id 192.168.10.1;
# Turn on global debugging of all protocols
#debug protocols all;
# Define a route filter...
# filter test_filter {
# if net ~ 10.0.0.0/16 then accept;
# else reject;
# }
# The direct protocol automatically generates device routes to all network
# interfaces. Can exist in as many instances as you wish if you want to
# populate multiple routing tables with device routes. Because device routes
# are handled by Linux kernel, this protocol is usually not needed.
# protocol direct {
# interface "*"; # Restrict network interfaces it works with
# }
# This pseudo-protocol performs synchronization between BIRD's routing
# tables and the kernel. You can run multiple instances of the kernel
# protocol and synchronize different kernel tables with different BIRD tables.
protocol kernel {
# learn; # Learn all alien routes from the kernel
persist; # Don't remove routes on bird shutdown
scan time 20; # Scan kernel routing table every 20 seconds
import all; # Default is import all
export all; # Default is export none
}
# This pseudo-protocol watches all interface up/down events.
protocol device {
scan time 10; # Scan interfaces every 10 seconds
}
# Static routes (again, there can be multiple instances, so that you
# can disable/enable various groups of static routes on the fly).
protocol static {
export none; # Default is export none
# route 0.0.0.0/0 via 62.168.0.13;
# route 10.0.0.0/8 reject;
# route 192.168.0.0/16 reject;
}
protocol rip {
# disabled;
import all;
export all;
# export filter test_filter;
# port 1520;
# period 7;
# infinity 16;
# garbage time 60;
# interface "*" { mode broadcast; };
interface "eth0.3";
# honor neighbor;
# honor always;
# honor never;
# authentication none;
}
#protocol ospf {
# disabled;
# import all;
# export all;
# export where source = RTS_STATIC;
# area 0 {
# interface "eth*" {
# cost 10;
# hello 3;
# retransmit 2;
# wait 5;
# dead 20;
# type broadcast;
# authentication simple;
# password "pass";
# };
# };
#}
#protocol bgp {
# disabled;
# import all;
# export all;
# export where source = RTS_STATIC;
# local as 65000;
# neighbor 192.168.1.1 as 65001;
# multihop 20 via 192.168.2.1;
# hold time 240;
# startup hold time 240;
# connect retry time 120;
# keepalive time 80; # defaults to hold time / 3
# start delay time 5; # How long do we wait before initial connect
# error wait time 60, 300;# Minimum and maximum time we wait after an error (when consecutive
# # errors occur, we increase the delay exponentially ...
# error forget time 300; # ... until this timeout expires)
# disable after error; # Disable the protocol automatically when an error occurs
# next hop self; # Disable next hop processing and always advertise our local address as nexthop
# source address 62.168.0.14; # What local address we use for the TCP connection
# password "secret" # Password used for MD5 authentication
# rr client; # I am a route reflector and the neighor is my client
# rr cluster id 1.0.0.1 # Use this value for cluster id instead of my router id
# };
#}
Hasta aquí solo ha sido adaptar el tutorial de Noltari a la configuración de openWrt que venia de "fabrica".
Lo que me tuvo horas y horas, es que a pesar de que el router funcionaba, se conectactaba a la red de movistar, y me daba ip en la lan, no podia navegar. Como siempre un error tonto: Desmarcar la opción "User defaul gategay" del interfaz VoIP, en "Advanced Settings", aunque seguramente el que copie y pegue mi configuración, aparte de llevarse la Lan a 192.168.10.x, no llevará ya este problema, pues la sentencia "option gateway 0.0.0.0" ya lo soluciona.
Muchas gracias, Noltari, me has ahorrado 80 pavos en un router, y me has hecho aprender un rato.
Espero que sea de ayuda.
Un saludo.
David Tenorio.