Sign inCreate account
bitbang.social is part of the decentralized social network powered by Mastodon.
Hey, do you like old things? Beeps and boops? Welcome home!

Administered by:

Server stats:

245
active users
Learn more

bitbang.social: About · Profiles directory · Privacy policy

Mastodon: About · Get the app · Keyboard shortcuts · View source code · v4.0.15

Sarah Brown

Dark arts mastery: Created a Linux x86 VM on my M1 Pro MacBook Pro

Within that Linux VM, created a docker container of Ubuntu with some personalised stuff.

On that container, built another one with the OpenWRT builder for RPi 4

Used that docker container to build a new OpenWRT image

Booted it on a spare RPi 4 and restored the backup of my OpenWRT config to it.

Took my actual OpenWRT router down, inserted the flash card I'd just created, and powered it back up.

Everything. Worked.

If you roll your own router, it's useful to know that you can recreate it were it to go tits-up, and I can!

Sarah Brown

Also, TIL: The OpenWRT web interface, Luci, by default listens on 0.0.0.0:80, (via uhttpd) which one may think is madness, because you don't want the WAN or non admin VLANs accessing it.

So I changed it to 192.168.1.1:80, but it turns out that this is pointless. It was always firewalled from the WAN anyway (and indeed, port 80 and 443 incoming are forwarded to my Friendica server), and it turns out that it still accepts connections from other VLAN subnets because of funky loopback shit.

So you need to firewall the router from potentially hostile VLAN subnets and just allow DNS and DHCP via port forwarding (if that's how you roll) through anyway.

(Aside, I wondered what the fuck the "input" zone forwarding was on the OpenWRT firewall. Turns out it means traffic aimed at the router, and only the router. Live and learn.)

And also, if you try and bind it to the main LAN, it comes up before that interface does, notices the interface doesn't exist, and promptly quits.

And then you have to go in via ssh and start it manually.

So don't do that. It's set to 0.0.0.0:80 in /etc/config/uhttpd for a reason, and we shouldn't fuck about with it.

Rolling your own Internet router is fun, but there are all sorts of fun ways to screw yourself.

Gen X-Wing

@goatsarah OpenWRT is useful (using it on two APs currently), but boy can networking and setting it up be an endless circle of confusion:(

Good luck!

Oct 30, 2023, 21:40 · · Ivory for iOS · 0 · 0
Sarah Brown
@breadbin I don't run it on any APs, but I love having it on my gateway!
Gen X-Wing

@goatsarah Got a box for a router now, so it’s going to be pfSense or OpnSense for now. Hoping they will give me lots of good features.

But swapping over will be a bit of a nervous thing. But also why I need APs :)

Also running on open software, because I don’t trust networking stuff anymore. Especially not the terrible ISPs:(

ExploreLocalFederated
About

Trending now

#meermittwoch27 people in the past 2 days
#gymequipmentasongorpoem18 people in the past 2 days
#clinicaltrialasongorpoem19 people in the past 2 days