[HamWAN PSDR] Reconfiguring w/ firewall ...
Dean Gibson AE7Q
hamwan at ae7q.net
Sat Mar 15 23:25:03 PDT 2014
OK, after seeing the number of "random" IP addresses hitting the radio
from outside the 44.0.0.0 net, I didn't like the fact that the firewall
filters were removed in the web site's suggested configuration, so I
decided to start from scratch. I learned a couple things ...
/# -- Restore the radio to a factory fresh state --//
///system reset//
//
//# === At this point you must connect via MAC address ===//
///user set admin password="This is not it ..."//
///console clear-history//
///system identity set name="CALL-Paine"//
//
///ip//
//dns set allow-remote-requests=no//
//address remove [find]//
//
///ip firewall mangle//
//add action=change-mss chain=output new-mss=1378 protocol=tcp
tcp-flags=syn tcp-mss=!0-1378//
//add action=change-mss chain=forward new-mss=1378 protocol=tcp
tcp-flags=syn tcp-mss=!0-1378//
//
///ip dhcp-server//
//remove [find]//
//network remove [find]//
//
///ip dhcp-client//
//add add-default-route=no dhcp-options=hostname,clientid disabled=no
interface=ether1 use-peer-dns=no//
//# -- The following is already configured --//
//#add add-default-route=yes dhcp-options=hostname,clientid disabled=no
interface=wlan1//
//
//# -- Do the following if you need to move the radio to a different
network --//
///system shutdown//
//
//# === At this point you can connect via IP address ===//
///system logging//
//action set remote bsd-syslog=yes remote=my.lcl.log.svr remote-port=514
src-address=my.lcl.ether.ip syslog-facility=local1 syslog-severity=info//
//add action=remote disabled=no prefix="" topics=!debug,!snmp
/
Note that I have "bsd-syslog" set to "yes". This *appears to be
necessary* if you want a remote system to see "syslog-facility" and
"syslog-severity" (the radio doesn't save/display those settings otherwise).
/
///system ntp client set enabled=yes mode=unicast
primary-ntp=my.lcl.ntp.svr1 secondary-ntp=my.lcl.ntp.svr2//
//
///interface wireless //
//channels add band=5ghz-onlyn comment="Cell site sector centered at 360
degrees" frequency=5920 list=HamWAN name="Sector300-060" width=5//
//channels add band=5ghz-onlyn comment="Cell site sector centered at 120
degrees" frequency=5905 list=HamWAN name="Sector060-180" width=5//
//channels add band=5ghz-onlyn comment="Cell site sector centered at 240
degrees" frequency=5890 list=HamWAN name="Sector180-300" width=5//
///delay 5//
//set 0 radio-name="CALL/Location-Paine"//
//set 0 disabled=no frequency-mode=superchannel scan-list=HamWAN
ssid=HamWAN wireless-protocol=nv2//
//
///tool dns-update dns-server=my.lcl.dns.svr key="MD5 key ..."
key-name=ddns ttl=3600 zone=ae7q.net name=hamwan-1 address=my.ham.wan.ip//
///console clear-history//
//
//monitor 0//
/
I like my sector names better than just numbers...
These "scripts" (when altered) can just be pasted into a command window
(otherwise the "/delay 5" above is not necessary).
Oh, I can sometimes connect through my CLOSED window, but that's not
reliable enough for anything useful.
-- Dean
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://mail.hamwan.net/pipermail/psdr/attachments/20140315/26c46d9e/attachment.html>
More information about the PSDR
mailing list