OpenWrt的两种模式：桥接模式与路由模式-Linux大棚

admin 管理员组

文章数量: 1087131

OpenWrt的两种模式：桥接模式与路由模式

OpenWrt的两种模式：桥接模式与路由模式 1、桥接模式（Bridged AP Mode ）：通过OpenWrt 设备做桥，连接到OpenWrt的无线设备是由此网段192.168.1.0网段中的路由来分配IP地址的，所以此网段中的所有设备都是互通互连的！ OpenWrt设备的桥接配置方式： [plain] root@OpenWrt:~# cat /etc/config/network config interface 'loopback' option ifname 'lo' option proto 'static' option ipaddr '127.0.0.1' option netmask '255.0.0.0' config interface 'lan' option ifname 'eth0' option type 'bridge' option proto 'static' option ipaddr '192.168.1.129' option netmask '255.255.255.0' option gateway '192.168.1.1' option dns '202.101.172.46' root@OpenWrt:~# cat /etc/config/wireless config wifi-device radio0 option type mac80211 option channel 11 option hwmode 11ng option path 'platform/ar933x_wmac' option htmode HT20 list ht_capab SHORT-GI-20 list ht_capab SHORT-GI-40 list ht_capab RX-STBC1 list ht_capab DSSS_CCK-40 # REMOVE THIS LINE TO ENABLE WIFI: # option disabled 1 config wifi-iface option device radio0 option network lan option mode ap option ssid OpenWrt option encryption none root@OpenWrt:~# cat /etc/config/firewall config defaults option syn_flood 1 option input ACCEPT option output ACCEPT option forward REJECT # Uncomment this line to disable ipv6 rules # option disable_ipv6 1 config zone option name lan option network 'lan' option input ACCEPT option output ACCEPT option forward REJECT config zone option name wan option network 'wan' option input REJECT option output ACCEPT option forward REJECT option masq 1 option mtu_fix 1 config forwarding option src lan option dest wan # We need to accept udp packets on port 68, # see config rule option name Allow-DHCP-Renew option src wan option proto udp option dest_port 68 option target ACCEPT option family ipv4 # Allow IPv4 ping config rule option name Allow-Ping option src wan option proto icmp option icmp_type echo-request option family ipv4 option target ACCEPT # Allow DHCPv6 replies # see config rule option name Allow-DHCPv6 option src wan option proto udp option src_ip fe80::/10 option src_port 547 option dest_ip fe80::/10 option dest_port 546 option family ipv6 option target ACCEPT # Allow essential incoming IPv6 ICMP traffic config rule option name Allow-ICMPv6-Input option src wan option proto icmp list icmp_type echo-request list icmp_type echo-reply list icmp_type destination-unreachable list icmp_type packet-too-big list icmp_type time-exceeded list icmp_type bad-header list icmp_type unknown-header-type list icmp_type router-solicitation list icmp_type neighbour-solicitation list icmp_type router-advertisement list icmp_type neighbour-advertisement option limit 1000/sec option family ipv6 option target ACCEPT # Allow essential forwarded IPv6 ICMP traffic config rule option name Allow-ICMPv6-Forward option src wan option dest * option proto icmp list icmp_type echo-request list icmp_type echo-reply list icmp_type destination-unreachable list icmp_type packet-too-big list icmp_type time-exceeded list icmp_type bad-header list icmp_type unknown-header-type option limit 1000/sec option family ipv6 option target ACCEPT # Block ULA-traffic from leaking out config rule option name Enforce-ULA-Border-Src option src * option dest wan option proto all option src_ip fc00::/7 option family ipv6 option target REJECT config rule option name Enforce-ULA-Border-Dest option src * option dest wan option proto all option dest_ip fc00::/7 option family ipv6 option target REJECT # include a file with users custom iptables rules config include option path /etc/firewall.user ### EXAMPLE CONFIG SECTIONS # do not allow a specific ip to access wan #config rule # option src lan # option src_ip 192.168.45.2 # option dest wan # option proto tcp # option target REJECT # block a specific mac on wan #config rule # option dest wan # option src_mac 00:11:22:33:44:66 # option target REJECT # block incoming ICMP traffic on a zone #config rule # option src lan # option proto ICMP # option target DROP # port redirect port coming in on wan to lan #config redirect # option src wan # option src_dport 80 # option dest lan # option dest_ip 192.168.16.235 # option dest_port 80 # option proto tcp # port redirect of remapped ssh port (22001) on wan #config redirect # option src wan # option src_dport 22001 # option dest lan # option dest_port 22 # option proto tcp # allow IPsec/ESP and ISAKMP passthrough #config rule # option src wan # option dest lan # option protocol esp # option target ACCEPT #config rule # option src wan # option dest lan # option src_port 500 # option dest_port 500 # option proto udp # option target ACCEPT ### FULL CONFIG SECTIONS #config rule # option src lan # option src_ip 192.168.45.2 # option src_mac 00:11:22:33:44:55 # option src_port 80 # option dest wan # option dest_ip 194.25.2.129 # option dest_port 120 # option proto tcp # option target REJECT #config redirect # option src lan # option src_ip 192.168.45.2 # option src_mac 00:11:22:33:44:55 # option src_port 1024 # option src_dport 80 # option dest_ip 194.25.2.129 # option dest_port 120 # option proto tcp 2、路由模式（Routed AP Mode）： OpenWrt 设备做路由时，连接到OpenWrt的无线设备是由OpenWrt路由设备本身来分配IP地址的，所以通过无线连接到OpenWrt网段中的所有设备都与原来的192.168.1.0网段的设备不通（OpenWrt设备本身除外）！ OpenWrt设备的路由配置方式： [plain] root@OpenWrt:/# vi /etc/config/network config interface 'loopback' option ifname 'lo' option proto 'static' option ipaddr '127.0.0.1' option netmask '255.0.0.0' config interface 'wan' option ifname 'eth0' option proto 'static' option ipaddr '192.168.1.129' option netmask '255.255.255.0' option gateway '192.168.1.1' option dns '202.101.172.46' config 'interface' 'wifi' option 'proto' 'static' option 'ipaddr' '192.168.2.1' option 'netmask' '255.255.255.0' root@OpenWrt:/# vi /etc/config/wireless config wifi-device radio0 option type mac80211 option channel 11 option hwmode 11ng option path 'platform/ar933x_wmac' option htmode HT20 list ht_capab SHORT-GI-20 list ht_capab SHORT-GI-40 list ht_capab RX-STBC1 list ht_capab DSSS_CCK-40 # REMOVE THIS LINE TO ENABLE WIFI: config wifi-iface option device radio0 option network wifi option mode ap option ssid OpenWrt option encryption none root@OpenWrt:/# vi /etc/config/dhcp config dnsmasq option domainneeded 1 option boguspriv 1 option filterwin2k 0 # enable for dial on demand option localise_queries 1 option rebind_protection 1 # disable if upstream must serve RFC1918 addresses option rebind_localhost 1 # enable for RBL checking and similar services #list rebind_domain example.lan # whitelist RFC1918 responses for domains option local '/lan/' option domain 'lan' option expandhosts 1 option nonegcache 0 option authoritative 1 option readethers 1 option leasefile '/tmp/dhcp.leases' option resolvfile '/tmp/resolv.conf.auto' #list server '/mycompany.local/1.2.3.4' #option nonwildcard 1 #list interface br-lan #list notinterface lo #list bogusnxdomain '64.94.110.11' config dhcp lan option interface lan option start 100 option limit 150 option leasetime 12h config dhcp wan option interface wan option ignore 1 config dhcp wifi option interface wifi option start 100 option limit 150 option leasetime 12h root@OpenWrt:/# vi /etc/config/firewall config defaults option syn_flood '1' option input 'ACCEPT' option output 'ACCEPT' option forward 'REJECT' config zone option name 'wifi' option input 'ACCEPT' option output 'ACCEPT' option forward 'ACCEPT' config zone option name 'lan' option network 'lan' option input 'ACCEPT' option output 'ACCEPT' option forward 'ACCEPT' config zone option name 'wan' option network 'wan' option output 'ACCEPT' option masq '1' option mtu_fix '1' option input 'REJECT' option forward 'REJECT' config forwarding option src 'lan' option dest 'wan' config forwarding option src 'wifi' option dest 'wan' config forwarding option src 'lan' option dest 'wifi' config forwarding option src 'wifi' option dest 'lan' config rule option name 'Allow-DHCP-Renew' option src 'wan' option proto 'udp' option dest_port '68' option target 'ACCEPT' option family 'ipv4' config rule option name 'Allow-Ping' option src 'wan' option proto 'icmp' option icmp_type 'echo-request' option family 'ipv4' option target 'ACCEPT' config rule option name 'Allow-DHCPv6' option src 'wan' option proto 'udp' option src_ip 'fe80::/10' option src_port '547' option dest_ip 'fe80::/10' option dest_port '546' option family 'ipv6' option target 'ACCEPT' config rule option name 'Allow-ICMPv6-Input' option src 'wan' option proto 'icmp' list icmp_type 'echo-request' list icmp_type 'echo-reply' list icmp_type 'destination-unreachable' list icmp_type 'packet-too-big' list icmp_type 'time-exceeded' list icmp_type 'bad-header' list icmp_type 'unknown-header-type' list icmp_type 'router-solicitation' list icmp_type 'neighbour-solicitation' list icmp_type 'router-advertisement' list icmp_type 'neighbour-advertisement' option limit '1000/sec' option family 'ipv6' option target 'ACCEPT' config rule option name 'Allow-ICMPv6-Forward' option src 'wan' option dest '*' option proto 'icmp' list icmp_type 'echo-request' list icmp_type 'echo-reply' list icmp_type 'destination-unreachable' list icmp_type 'packet-too-big' list icmp_type 'time-exceeded' list icmp_type 'bad-header' list icmp_type 'unknown-header-type' option limit '1000/sec' option family 'ipv6' option target 'ACCEPT' config rule option name 'Enforce-ULA-Border-Src' option src '*' option dest 'wan' option proto 'all' option src_ip 'fc00::/7' option family 'ipv6' option target 'REJECT' config rule option name 'Enforce-ULA-Border-Dest' option src '*' option dest 'wan' option proto 'all' option dest_ip 'fc00::/7' option family 'ipv6' option target 'REJECT' config include option path '/etc/firewall.user' 重启相应配置： [ html] root@OpenWrt:/# /etc/init.d/network restart Configuration file: /var/run/hostapd-phy0.conf Using interface wlan0 with hwaddr ec:17:2f:9e:12:f2 and ssid "OpenWrt" root@OpenWrt:/# /etc/init.d/dnsmasq restart

本文标签： OpenWrt的两种模式桥接模式与路由模式

版权声明：本文标题：OpenWrt的两种模式：桥接模式与路由模式内容由网友自发贡献，该文观点仅代表作者本人，转载请联系作者并注明出处：http://www.roclinux.cn/b/1687730596a134488.html，本站仅提供信息存储空间服务，不拥有所有权，不承担相关法律责任。如发现本站有涉嫌抄袭侵权/违法违规的内容，一经查实，本站将立刻删除。

Linux大棚 – 不忘初心的技术博客，浮躁时代的安静角落

OpenWrt的两种模式：桥接模式与路由模式

OpenWrt的两种模式：桥接模式与路由模式

更多相关文章

OpenWrt的两种模式：桥接模式与路由模式

发表评论

推荐文章

javascript - Jest mock for react-select or react-testing-library on change not firing on target change - Stack Overflow

javascript - .eslintignore is not ignoring my directory - Stack Overflow

javascript - Google Maps API using Express and Node.js - Stack Overflow

Win11如何删除WiFi记录？Win11删除WiFi连接记录的方法

Windows系统下MD5，SHA1或者SHA256三种校验方式

热门文章

javascript - Appropriate way to add progress circle in AngularJS - Stack Overflow

Integration of CSS, Javascript and HTML - Stack Overflow

javascript - How to make my off-canvas menu scroll? - Stack Overflow

html - PrimeNG Mega Menu open submenu on hover - Stack Overflow

javascript - Delay until fully loaded - Stack Overflow

javascript - Using $scope.$watch when using `this` scope in controller - Stack Overflow

python调用windows系统声音

【ShuQiHere】Windows远程桌面配置教程：远程桌面协议（Remote Desktop Protocol, RDP）及其使用方法 ️✨

一加ACE3最详细刷类原生教程（20250501修订）

使用Psexec.exe 命令行远程windows执行命令

最新文章

javascript - How do I toggle the readonly attribute of all child element with jquery - Stack Overflow

javascript - Might it be possible to block an entire US state from accessing my site, using PHP? - Stack Overflow

c++ - Is dereferencing std::span::end always undefined? - Stack Overflow

javascript - Delay function execution if it has been called recently - Stack Overflow

javascript - Google Maps Autocomplete List - Stack Overflow

U盘重装win11系统专业版—启动盘制作与安装

‌Gemini 2.5 Pro 与 ChatGPT 的综合对比

关于我的ChatGPT账号降智后的恢复（Downgrade）

【实战篇】集成 ChatGPT API 的详细攻略：从零开始到全面掌握

Word中单页横向排版设置指南

Exploring the Finest Accommodations: A Comprehensive Guide to Ruston LA Hotels

The Enchanting Experience of ScaliniTella NYC: A Culinary Gem in the Heart of Manhattan

Exploring the Exquisite Aloft Chicago O'Hare: A Blend of Modern Luxury and Convenience

A Culinary Journey: Discovering the Finest Dining Experiences in Waco, TX

A Culinary Journey: Discovering the Finest Dining Experiences in Athens, GA