English Language flag
// Log In
// CVSweb
Project: FreeWRT
// Summary // Activity // Search // Tracker // Lists // News // SCM // Wiki

SCM Repository

ViewVC logotype

Contents of /trunk/freewrt/Docs/handbook/user/handbook.tex

Parent Directory Parent Directory | Revision Log Revision Log


Revision 3648 - (show annotations) (download) (as text)
Mon Oct 29 16:51:02 2007 UTC (6 years, 3 months ago) by tg
File MIME type: application/x-tex
File size: 52134 byte(s)
you cannot use a hash sign in /etc/network/interfaces, not do you need it there
thanks to “honzer” on IRC for noticing

1 \documentclass[12pt,a4paper,openany,smallheadings,
2 headinclude,headsepline,final]{scrreprt}
3 \usepackage[utf8]{inputenc}
4 \usepackage{amsmath}
5 \usepackage{amsfonts}
6 \usepackage{amssymb}
7 \usepackage{caption2}
8 \usepackage[canadian]{babel}
9 \usepackage{varioref}
10 \usepackage{txfonts}
11 \usepackage[pdftex]{graphicx}
12 %\usepackage{listings}
13 \usepackage{makeidx}
14 \usepackage[T1]{fontenc}
15
16 % fancy verbatim enables changing of font, fontsize, etc. in verbatim code
17 % also set smaller font and a frame as default
18 \usepackage{fancyvrb}
19 \fvset{fontsize=\small, frame=single}
20
21 % marvosym macht Pfeil kaputt, also sichern
22 % line 28, /usr/share/texmf/tex/latex/marvosym/marvosym.sty
23 \let\RescueRightarrow=\Rightarrow
24 \usepackage{marvosym}
25 \renewcommand{\Rightarrow}{\RescueRightarrow}
26
27 \usepackage[pdftex]{color}
28 \definecolor{skyblue}{rgb}{0,0.3323,0.5720}
29 \usepackage[%
30 colorlinks=true,anchorcolor=red,
31 breaklinks=true,linkcolor=blue,urlcolor=red,
32 citecolor=skyblue,
33 pdfauthor={The FreeWRT Team},
34 pdftitle={FreeWRT User Handbook},
35 pdfcreator={tetex and VIM},
36 pdfsubject={Open Source},
37 pdfview=FitV,
38 pdfstartview=FitV,
39 pdfstartpage={1},
40 pdfpagelayout=SinglePage,
41 pdfpagemode=None,
42 pdfkeywords={FreeWRT}]{hyperref}
43 %\usepackage{thumbpdf}
44 \usepackage{cancel}
45 %\usepackage[final, activate, verbose=true]{microtype}
46 \usepackage{ngerman}
47 %\usepackage{bookman}
48 %\usepackage[a4paper,twoside,rmargin=2cm,lmargin=2cm,tmargin=2.5cm]{geometry}
49 \usepackage[a4paper,rmargin=2cm,lmargin=2cm,tmargin=2.5cm,bmargin=3.5cm]{geometry}
50 %\usepackage{ncntrsbk}
51 \usepackage{float}
52 \restylefloat{figure}
53 %\bibliographystyle{alphadin}
54 \bibliographystyle{alpha}
55
56 % Change Section, Chapter Layout
57 % http://www.mackichan.com/index.html?techtalk/518.htm~mainFrame
58 %\usepackage{sectsty}
59 %\allsectionsfont{\raggedleft}
60 %\chapterfont{\raggedleft}
61
62 % BEGIN Fancy Header Extensions
63 % Save Graphics in Latex box
64 %\renewcommand{\headheight}{30pt} %Make height wider so picture is ok
65 %\renewcommand{\footskip}{45pt} %Make height wider so picture is ok
66
67 \usepackage{fixltx2e, mparhack}
68
69 % Generate index in preamble
70 \makeindex
71 \begin{document}
72 \setlength{\marginparwidth}{10mm}
73 \include{cover}
74 \renewcommand{\thepage}{\roman{page}}
75 \tableofcontents
76 %Set Arabic Numbering 1,2,3,...
77 % Clear needed to renumber from the right position
78 \cleardoublepage
79 \renewcommand{\thepage}{\arabic{page}}
80 %Reset Counter
81 %\setcounter{page}{1}
82
83 % Set marks where it should Change
84 \renewcommand{\chaptermark}[1]{%
85 \markboth{\large \thechapter.\ \normalsize \scshape #1}{}}
86 \renewcommand{\sectionmark}[1]{\markright{\thesection.\ \scshape #1}}
87
88 %Bilitz
89 %\newcommand{\blitz}{ \mbox{\Huge \Lightning} }
90 \newcommand{\blitz}{ \Lightning }
91 \newcommand{\entspr}{\stackrel{\wedge}{=}}
92
93
94
95 \chapter{Introduction}
96
97 Welcome to FreeWRT! This handbook covers the building, installation and usage
98 aspects of the FreeWRT 1.1 Linux distribution. FreeWRT is a portable, secure
99 and functional Linux distribution for embedded systems. As FreeWRT is a source
100 code distribution, it does not provide any pre-compiled firmware for embedded
101 systems. The latest version of this document is always available at the
102 FreeWRT website. If you have any comments, criticism or found some wrong
103 description, please send us an e-mail to freewrt-handbook@freewrt.org, we are
104 always happy about getting feedback to this document, and will try to update
105 or correct the issues mentioned by you.
106
107 The handbook is split into six chapters. We start with the introduction of the
108 Web Image Builder (WIB). The second chapter, Appliance Development Kit, covers
109 the building of FreeWRT firmware images from source. The third section,
110 Installing FreeWRT, covers all aspects regarding the installation and
111 deinstallation of FreeWRT firmware images. The fourth section is a detailed
112 description of the startup process of FreeWRT. The fifth section, Using
113 FreeWRT, covers administrational tasks, such as network configuration, the
114 FreeWRT configuration filesystem, package management and update mechanism. The
115 last section helps troubleshooting problems and recovering a bad firmware
116 installation. The appendix contains board specific information.
117
118 The intended audience for this handbook are advanced users with basic
119 knowledge about Linux, networking and software development. The reader should
120 be aware of basic command line tools, the vi editor and a shell. FreeWRT does
121 not contain any high level administration tools (e.g. web based
122 administration) and is fully configured via command line.
123
124 \section{Typographic Conventions}
125
126 Examples starting with \# indicate a command that must be invoked as super
127 user. You can use su to gain super user privileges.
128
129 \begin{Verbatim}
130 # fwcf commit
131 \end{Verbatim}
132
133 Examples starting with \$ indicate a command that can be invoked as a normal
134 user. The default user account on a freshly installed FreeWRT system is
135 ,,admin'', the password ,,FreeWRT''.
136
137 \begin{Verbatim}
138 $ cat /etc/banner
139 \end{Verbatim}
140
141 \chapter{Web Image Builder (WIB)}
142
143 The WIB is a Ruby-on-Rails webapplication, which combines pre-compiled parts of
144 the FreeWRT Linux distribution, into firmware images. In just five steps you get
145 a ready-to-go firmware image for one of the supported embedded devices.
146
147 See a complete list here:
148
149 \begin{itemize}
150 \item Asus WL500g
151 \item Asus WL500g deluxe
152 \item Asus WL500g premium
153 \item Linksys WRT54G[L]\footnote{see a complete list of all supported revisions on our website}
154 \item Linksys WRT54GS (v1.0/v1.1)
155 \item Linksys WRT54GSv4
156 \item Linksys WRT54G3G
157 \item Mikrotik Routerboard 532
158 \item Netgear WGT634u
159 \end{itemize}
160
161 The five steps are,
162 \begin{itemize}
163 \item choose your target
164 \item choose a Linux Kernel version (2.4/2.6)
165 \end{itemize}
166
167 \chapter{Appliance Development Kit (ADK)}
168
169 The ADK is the core of FreeWRT. It contains all the magic to create the FreeWRT
170 firmware for your embedded system. It will download the needed software
171 packages from the internet and will prepare, compile and combine all components
172 into a ready-to-go firmware image. The ADK is a combination of Makefiles, the
173 Kernel 2.6 configuration system, shell scripts and some other helper
174 applications. The ADK contains over 350 software packages.
175
176 \section{Prerequisites}
177
178 Here is a list of all supported and tested host systems. The host system is
179 needed to create a firmware for your embedded system.
180
181 The list of supported GNU/Linux build systems is not an exclusive one, these are just the ones tested and verified. The other millions of linux distributions are very likely to work, too.
182
183 \begin{itemize}
184 \item Debian GNU/Linux
185 \item Gentoo Linux
186 \item OpenSuSE
187 \item Ubuntu GNU/Linux
188 \item Fedora Core
189 \item OpenBSD (partial support)\footnote{some addon packages does not compile}
190 \item MirOS BSD (partial support)\footnote{some addon packages does not compile}
191 \end{itemize}
192
193 Please install the following software, which is needed to build a basic
194 firmware image. If you choose more packages some more prerequisites might be
195 needed. The ADK host checks will warn you about any software you need to install to
196 compile a specific package. Here is a list of the required software:
197
198 \begin{itemize}
199 \item gcc3 or higher
200 \item g++
201 \item binutils
202 \item patch
203 \item gzip
204 \item bzip2
205 \item unzip
206 \item flex
207 \item bison
208 \item zlib (+headers)
209 \item ncurses (+headers)
210 \item (g)libc headers
211 \end{itemize}
212
213 The ADK scripts will check for the required versions of these tools in advance.
214
215 To build FreeWRT with the ADK it is recommended to have an unprivileged
216 user. Please \underline{never} build FreeWRT as super user. Because all necessary source
217 tarballs are downloaded from the internet automatically, your host system
218 needs a working internet connection.
219
220 \section{Getting the source}
221
222 Now go to a directory where you want to build the firmware. Depending on the
223 features you select you will need about 2.5-5 GB free disk space. This
224 includes the ADK itself, any source archives which will be downloaded
225 and their extracted copies (for compiling).
226
227 To get the latest stable FreeWRT ADK try one of these commands:
228 Via HTTP protocol:
229 \begin{verbatim}
230 $ svn co http://www.freewrt.org/svn/tags/freewrt_1_1_x freewrt
231 \end{verbatim}
232 Via subversion protocol:
233 \begin{verbatim}
234 $ svn co svn://www.freewrt.org/itags/freewrt_1_1_x freewrt
235 \end{verbatim}
236
237 The value \dq{}x\dq{} is a place holder for the latest minor release number.
238 Take a look at our project page to find out which minor release number is the latest one.
239
240 After successfully downloading, enter the directory:
241
242 \begin{Verbatim}
243 $ cd freewrt
244 \end{Verbatim}
245
246 This directory will be referred to as the ADK root later on.
247
248 \section{Some Theory First}
249
250 Building a FreeWRT firmware image is just like building a new Linux kernel,
251 but a little more complex. There is a ncurses-based configuration menu at the
252 beginning, the changes made are saved into a file named ,,.config'' in the ADK
253 root. The build is done by the various Makefiles, compiling and linking the
254 sources together accordingly to the symbols defined in ,,.config''.
255
256 Unlike kernel compilation, FreeWRT needs to be cross-compiled. This
257 leads to special premises, as most of the tools need to be specially build.
258 But no panic, FreeWRT will do this all for you. In fact, this is done at the
259 second run of \texttt{make} (the first one opens the configuration), and
260 therefore can be seen as part of the first firmware build. For clarity
261 though, we will discuss these two things separately.
262
263 \section{Preparing the Build Process}
264
265 After downloading the FreeWRT ADK, it's time to prepare the ADK for the
266 building of firmware images (for explanations see the chapter above).
267
268 \subsection{Creating A Configuration}
269 The first step is to run \texttt{make}. After checking some prerequisites (see
270 ,,Troubleshooting'' below for aid in problems), a console based configuration
271 menu should start. Theoretically no choices have to be made, but it's proven
272 useful to at least:
273 \begin{itemize}
274 \item select a target (menu: ,,Embedded System'')
275 \item select the root filesystem type (menu: ,,Target Firmware type'')
276 \end{itemize}
277
278 Then quit saving changes. If you forgot that, just run \texttt{make} again, redo
279 your changes, then save.
280
281 \subsection{Building ADK}
282
283 Now that you have a first minimal configuration, it is time to build the toolchain
284 for cross-compiling. To do this, just enter {{{make}}} again. The build starts
285 downloading and compiling each needed part of the toolchain, and later continues
286 with building the first firmware image. Later one can be taken as proof of a
287 working ADK.
288
289 Already experienced in compiling gcc? Then you know... If not, better be told
290 that it takes \underline{really long} to finish. In the meantime I suggest reading the
291 next chapter dealing with internals about cross-compiling.
292
293 \section{Details Of Cross-Compiling}
294
295 A cross-compile toolchain exists of a set of tools: a compiler, linker, assembler,
296 debugger and a c library. A cross-compile toolchain runs on your host system and
297 creates native binaries for your target system. A cross-compile toolchain is
298 basically created in six steps:
299
300 \begin{enumerate}
301 \item Get and prepare the Kernel and C Library headers of your target system
302 \item Compile the binutils package for your target
303 \item Compile a static C compiler for your target
304 \item Compile and install a C library for your target
305 \item Compile and install a full C/C++ compiler
306 \item Compile and install the GNU debugger
307 \end{enumerate}
308
309 The cross-compile toolchain is created in
310 ,,staging\_dir\_\$(cpu\_arch)''\footnote{f.e. mipsel, which stands for MIPS Little
311 Endian)}. All the tools running on the host, but used to create, analyze or debug
312 for the target are kept in this directory. All addon headers and libraries
313 are installed to this directory.
314
315 If you want to compile a simple application without using the ADK, just use the
316 compiler directly (f.e. compiling a MIPS Little Endian application):
317 \begin{verbatim}
318 ./staging_dir_mipsel/bin/mipsel-linux-uclibc-gcc -o myapp myapp.c
319 \end{verbatim}
320
321 Check with ,,file'' if you got a MIPS binary:
322 \begin{verbatim}
323 $ file myapp
324 myapp: ELF 32-bit LSB MIPS-I executable, MIPS, version 1 (SYSV), dynamically
325 linked (uses shared libs), not stripped
326 \end{verbatim}
327
328 \section{Building A FreeWRT Firmware Image}
329
330 Your local copy of the FreeWRT ADK should now be prepared for building firmware
331 images. The next step is to do an extensive configuration for the image you
332 want to create. To start the configuration menu, type ,,\texttt{make menuconfig}''.
333
334 When selecting packages, \texttt{<*>} means it will be inserted into the firmware
335 images and \texttt{<M>} means it will be build as an addon package which can be
336 installed later at runtime.
337
338 The target device and filesystem should already been chosen by you to the right
339 value, if not you will have to issue a ,,\texttt{make clean}'' before actually
340 building the firmware image. Otherwise things get messed up. A smooth
341 rebuild is a missing feature in the current ADK. For the packages, if unsure, you
342 can just select one of the package collections. After that, you can still manually
343 check the choices made by the collection and correct them if appropriate. Do not
344 forget to save your configuration when leaving!
345
346 After leaving the menubased configuration, type ,,\texttt{make}'' again to build
347 the new FreeWRT firmware image. Depending on your package selections and
348 underlying hardware, this will take different amounts of time. For your spare time
349 there is the following chapter giving some explanation about what is done at this
350 point.
351
352 \section{Firmware Build Process In Detail}
353
354 Just like when building the ADK's toolchain, the sources for the selected
355 packages are downloaded from the internet first, then build using the
356 cross-compiler and libraries of the ADK.
357
358 The detailed order of firmware image building is:
359
360 \begin{itemize}
361 \item compile the Linux kernel and all supported kernel modules
362 \item compile all selected packages
363 \item clean the target root directory
364 \item install all packages to the target root directory
365 \item create the root filesystem image
366 \item create the firmware image (bootloader, kernel and root filesystem)
367 \end{itemize}
368
369 The result of the build process is created in the ,,bin'' directory.
370 You will find a firmware image in the top level directory. Check the size of
371 the bin-file to see if it is small enough to fit into flash memory of
372 your embedded system. Furthermore there is a ,,package'' directory, which
373 contains all base and addon packages.
374
375 \section{Troubleshooting}
376
377 This section deals with various tips for problems with the ADK installation.
378
379 \subsection{Errors During Prerequisites Check}
380 To re-issue the checks, use ,,make prereq''.
381
382 % FIXME, check for zlib missing on host
383 \begin{itemize}
384 \item GNU make 3.80 too old
385 On a Fedora Core 4 hostsystem the first you'll get is
386 \begin{verbatim}
387 $ make
388 GNU make 3.80 too old.
389 Please install GNU make 3.81 or higher to continue.
390 You can override this check, see http://www.freewrt.org/faq for details.
391 It is suggested to upgrade your copy of bison to
392 GNU Bison 2.3 because of its bug fixes.
393 make: *** [.prereq_done] Error 1
394 \end{verbatim}
395
396 it is quite a nice error that tells you to use more up to date software, but we can
397 anyhow give this hostsystem a try and tell make to ignore those errors/warnings:
398 \begin{verbatim}
399 make prereq-noerror
400 \end{verbatim}
401 \end{itemize}
402
403 \subsection{Compilation errors}
404
405 If you encounter any compilation errors, then first try to reproduce the error.
406 First update your ADK tree via ,,svn update'', to be sure that the error is not
407 already fixed in the subversion repository. After that do a ,,make clean \&\&
408 make'', to reproduce your problem.
409
410 If you can reproduce the problem, please file a bug report. Please always
411 report following information:
412 \begin{itemize}
413 \item Operating system type and version
414 \item GCC and binutils versions of your host system
415 \item complete error message, not only the last 4 lines
416 \end{itemize}
417
418 \chapter{Installing FreeWRT Firmware Images}
419
420 The FreeWRT ADK produces a single image holding both kernel and root
421 filesystem. This image can be written into your hardware's builtin flash memory
422 on serveral ways (ordered by needed skills, increasing downwards):
423 \begin{itemize} % TODO: insert \ref's to jump to the appropriate section?
424 \item via the original firmware's web interface
425 \item via \texttt{mtd} when reflashing or migrating from another third party distribution
426 \item via network using a TFTP client
427 \end{itemize}
428
429 \section{Flashing The Firmware}
430
431 \subsection{Web Interface Method}
432 The following text describes how to use the original firmware's web interface
433 to flash FreeWRT. The object of demonstration is an Asus WL500gP, but this
434 guide should fit more or less fine for other systems, too.
435
436 If you flash a router from Linksys, we strongly suggest to use the popular
437 \textbf{ping exploit} to allow recovery, if your image is broken or the flash
438 process was interrupted by a power shortage.
439
440 There are some things that you should have done previously:
441 \begin{itemize}
442 \item read the special documentation page about your hardware in our wiki, some
443 systems need special precaution before flashing
444 \item a firmware image has to be built (matching the used hardware, of course)
445 \item the router has to be powered on
446 \item your computer needs to be connected to one of the LAN ports (using IP
447 address 192.168.1.2)
448 \end{itemize}
449
450 \parbox{17em}{
451 After preparation is complete, open your favourite browser and type
452 \texttt{192.168.1.1} into the address bar. You should reach the web interface's
453 startup page:
454 }\hfill\parbox{20em}{\includegraphics[width=20em]{pics/asus-startup.png}} \\ [1em]
455 \parbox{17em}{
456 Then click \textit{System Setup}:
457 }\hfill\parbox{20em}{\includegraphics[width=20em]{pics/asus-system_setup.png}} \\ [1em]
458 \parbox{17em}{
459 Then click \textit{Firmware Upgrade}, and enter the name of your firmware image
460 into the appropriate field:
461 }\hfill\parbox{20em}{\includegraphics[width=20em]{pics/asus-fw_upgrade.png}} \\ [1em]
462 Finally click \textit{Upload}. As the whole process of writing the image to
463 flash and rebooting (don't forget that it creates ssh hostkeys on first boot)
464 takes quite long, better go and get a coffee or tea.
465
466 When everything went good, you can login using ssh. The default username is
467 \dq{}admin\dq{}. The default password for images created via WIB or ADK is
468 \dq{}FreeWRT\dq{}. It is possible to change this password in the ADK, before image
469 creation.
470
471 % FIXME: fwupdate
472 \subsection{\texttt{mtd} -- The Flash Utility}
473
474 For this method to work, you need to copy the file containing the firmware
475 image to the router, preferably into /tmp, the memory filesystem should be
476 big enough to hold the full image. If not, use wget to get the image
477 via http or ftp and pipe the result into \texttt{mtd}.
478
479 Then the image is written to flash using
480 \texttt{mtd}, optionally giving additional options (see below).
481
482 The \texttt{mtd} utility was written with simplicity and code size in mind.
483 It's features were derived from the mtd-utils, %TODO: insert \ref to homepage
484 combining the needed parts into a single small tool providing all the
485 functionality necessary for FreeWRT, and leaving everything out that's not.
486
487 \texttt{mtd} provides the following features:
488 \begin{description}
489 \item[unlock] some chips need unlocking before they can be written to
490 \item[erase] this is a filesystem independent method to delete all contents on
491 the flash. Basically this is like \texttt{format} in MS--DOS.
492 \item[write] this is generally the same functionality as using
493 \texttt{dd} or \texttt{rawrite}, but \texttt{mtd} takes care of the quirks
494 that have to be paid attention to for correctly handling the type of flash
495 in use
496 \end{description}
497
498 Further it can request your system to reboot. Some of the features mentioned here can
499 also be combined, so it is e.g. possible to immediately reboot the system after
500 the flash has been written.
501
502 Mostly, similar to the sample usage shown in the help output should be all that has to be
503 done to write the firmware to flash:
504 \begin{Verbatim}
505 # mtd -e linux -r write freewrt.bin linux &
506 \end{Verbatim}
507 Or via wget pipe:
508 \begin{Verbatim}
509 # wget -O - http://www.yourserver.com/freewrt.bin | mtd -e linux -r write - linux &
510 \end{Verbatim}
511 The parameters explained in detail: \\
512 \begin{tabular}{l|l}
513 -e linux & erase existing data in flash\\
514 -r & trigger rebooting right after finishing work\\
515 write & write the firmware image contained in the file given as next parameter
516 to flash\\
517 freewrt.bin & the actual image to write - ignore the suffix, it is detected at
518 runtime\\
519 linux & this is an abstract identifier for a certain partition in flash, so
520 don't change this\\
521 \& & put the process into background, to prevent accidentally stopping\\
522 \end{tabular}
523
524 \subsection{Installation using TFTP}
525
526 All supported target devices are shipped with a builtin bootloader, comparable to
527 the BIOS of x86--machines. This bootloader is used to bootstrap the system until
528 it can boot a regular operating system. Besides the ability to load
529 the executable code from flash, it can be received from another node in the
530 local area network via the famous TFTP protocol.
531
532 For doing this, there are two ways: \\
533 \begin{itemize}
534 \item the device acts as a client, asks the local dhcpd for a lease, the
535 address of the next tftpd and the filename to download
536 \item the device acts as a server, having a known IP address and waiting for
537 any TFTP client to connect and send the file
538 \end{itemize}
539
540 Most of the hardware supported by FreeWRT 1.0 uses the second method. Only the
541 device Netgear WGT634u is using the first method, the bootloader provides a
542 DHCP/TFTP client. Though this may be a little confusing to people being familiar
543 with netboot technologies, it is definitely the easier way of doing it. Otherwise
544 one had to setup both DHCP and TFTP servers and configure them right.
545
546 The even quite simple task of sending the flash image to the target device is
547 made even more easy by providing a little shell script for the job. Invocation
548 is as follows:
549 \begin{Verbatim}
550 $ ./scripts/flash.sh firmware.bin [address]
551 \end{Verbatim}
552 The second Parameter \textit{address} is used to specify a different IP address
553 of the target device than the default \textit{192.168.1.1}.
554
555 \textbf{Beware:} do not rename the firmware image before flashing it using the
556 script as the original name is parsed to guess what hardware is to be flashed.
557
558 To actually being able to flash the device, it has to wait for a tftp
559 connection when booting. To complicate installation of third vendor's firmware
560 images and to improve bootup time, of course, this feature is disabled by
561 default. The following list shows what has to be done for a certain device to
562 get it to wait at boot: \\
563 \begin{center}\begin{tabular}{l|l|l} % TODO: fill this table
564 \textbf{Target Device} & \textbf{Action to be taken} & \textbf{Comments} \\
565 \hline
566 All supported Linksys models & Ping Exploit & nvram variable boot\_wait needs to be on \\
567 All supported Asus models & Recovery mode & power off, push and hold the
568 reset button, power on, power led is flashing\\
569 \end{tabular}\end{center}
570
571 \chapter{FreeWRT Administration}
572
573 After the FreeWRT firmware image has been built by the ADK and later flashed
574 onto the hardware, the resulting operating system has to be configured. This
575 section provides the necessary information to do that, including tips and
576 guides for using FreeWRT in general, of course.
577
578 \section{Network Configuration}
579
580 The device names for real network interfaces in Linux are named ethx (x is
581 0-9). If the device has a switch, the different ports are separated via VLAN
582 technology. The vlan interfaces are named ethx.y. The network configuration in
583 FreeWRT is managed via Busybox's ifupdown implementation. Busybox's ip builtin
584 command configures the network interfaces. There is no \texttt{ifconfig} or \texttt{route}.
585 To show all configured network interfaces use:
586 \begin{Verbatim}
587 $ ip addr show
588 \end{Verbatim}
589 To show the kernel routing table use:
590 \begin{Verbatim}
591 $ ip route show
592 \end{Verbatim}
593
594 All available network settings can be found in \texttt{/etc/network/interfaces}
595 which has the common form:
596 \begin{Verbatim}[label=/etc/network/interfaces]
597 auto <iface-name>
598 iface <iface-name> inet <method>
599 <option-x> <value>
600 <option-y> <value>
601 <option-z> <value>
602 \end{Verbatim}
603
604 \texttt{auto <iface-name>} is optional and, if set, tells the "ifup" script to
605 start this interface automatically on bootup.
606
607 Each interface needs a unique name which, depending on the method, represents
608 either a physical interface or a logical interface name like "eth0.1" for a
609 physical VLAN or "umts" as a logical name for a PPP interface.
610
611 Possible methods are:
612 \begin{description}
613 \item[static] use the given options to configure the interface statically
614 \item[dhcp] just start a dhcp client using the interface \texttt{iface-name}
615 \item[manual] don't configure the interface but start pre-up.d hook scripts
616 \item[ppp] run \texttt{pon <provider>} where \texttt{<provider>} is given as an interface option
617 \end{description}
618
619 \subsection{Switch/VLAN}
620 The switch built-in into the most routers is capable of separating each port
621 using VLAN tagging. You can configure the switch by simply adding the interface
622 to the config file and giving the desired switch-ports:
623 \begin{Verbatim}[label=/etc/network/interfaces]
624 auto eth0.0
625 iface eth0.0 inet static
626 switch-ports 1 2 5*
627 address 192.168.1.1
628 netmask 255.255.255.0
629
630 auto eth0.1
631 iface eth0.1 inet static
632 switch-ports 3 4 5
633 address 192.168.2.1
634 netmask 255.255.255.0
635
636 auto eth0.2
637 iface eth0.2 inet static
638 switch-ports 0 5
639 address 172.16.1.42
640 netmask 255.255.255.0
641 gateway 172.16.1.1
642 \end{Verbatim}
643
644 This configures three VLAN interfaces \texttt{eth0.0} on ports 1 and 2,
645 \texttt{eth0.1} on port 3 and 4 and \texttt{eth0.2} on port 0.
646
647
648 If you need to do some advanced settings, because you have for example
649 a powerful switch with a VLAN trunking port connected to one of your switch
650 ports, the configuration would look like this:
651
652 \begin{Verbatim}[label=/etc/network/interfaces]
653 auto eth0.1
654 iface eth0.1 inet static
655 switch-ports 2 3 4 5*
656 address 192.168.1.1
657 netmask 255.255.255.0
658
659 auto eth0.2
660 iface eth0.2 inet static
661 switch-ports 1t 5
662 address 10.2.0.1
663 netmask 255.255.255.0
664 broadcast +
665
666 auto eth0.3
667 iface eth0.3 inet static
668 switch-ports 1t 5
669 address 10.3.0.1
670 netmask 255.255.255.0
671 broadcast +
672
673 auto eth0.4
674 iface eth0.4 inet static
675 switch-ports 1t 5
676 address 10.4.0.1
677 netmask 255.255.255.0
678 broadcast +
679
680 \end{Verbatim}
681
682 This configures four VLAN interfaces, \texttt{eth0.1} on physical ports 2, 3 and 4.
683 The interfaces \texttt{eth0.2}, \texttt{eth0.3} and \texttt{eth0.4} are three
684 different networks with VLAN ID 2-4. The physical port 1 needs to be connected
685 to a VLAN trunking port on a switch with knows the same VLAN IDs.
686
687
688 Explanation:
689 \begin{description}
690 \item[port 0] this is typically the port labeled as WAN
691 \item[port 1-4] these are typically the ports labeled as LAN
692 \item[port 5] this special port represents the port where the router-board is
693 connected to the switch
694 \item[*] one interface always need an asterisk behind port 5 which means it is
695 the default interface and gets all the packages with unknown tags.
696 \end{description}
697
698 \subsection{Static IP configuration}
699 As you can see in the VLAN example three interfaces were configured with static
700 IP settings, so these are the commonly used options:
701 \begin{description}
702 \item[address] the IP address - required
703 \item[netmask] the netmask - required
704 \item[broadcast] broadcast address - only required for legacy applications (if using +, it will calculated automatically by the kernel)
705 \item[gateway] an IP address added as default gateway if present
706 \item[mac-address] if you need to change your MAC address (required for some DSL providers)
707 \end{description}
708
709 \subsection{DHCP}
710 That's just as simple as:
711 \begin{Verbatim}[label=/etc/network/interfaces]
712 auto eth0.1
713 iface eth0.1 inet dhcp
714 switch-ports 0 5
715 \end{Verbatim}
716 Typically this configures the WAN-Port to start a DHCP request on bootup.
717
718 \subsection{Bridging}
719
720 This is mostly needed to combine LAN and WLAN to a homogeneous network.
721 Be sure you have installed the package \texttt{bridge-utils}.
722
723 \begin{Verbatim}[label=/etc/network/interfaces]
724 auto eth0.0
725 iface eth0.0 inet manual
726 switch-ports 1 2 3 4 5*
727
728 auto eth1
729 iface eth1 inet manual
730 wireless-bridge-if br0
731 [... other wifi-settings, see below ...]
732
733 auto br0
734 iface br0 inet static
735 bridge-ifaces eth0.0 eth1
736 address 192.168.1.1
737 netmask 255.255.255.0
738 broadcast +
739 \end{Verbatim}
740
741 This creates a new bridging interface \texttt{br0} which combines the VLAN
742 interface \texttt{eth0.0} (representing the LAN-ports 1-4) and the WLAN interface
743 \texttt{eth1} (on some devices like Asus WL500gP this might be \texttt{eth2}).
744 The bridge interface needs always be the last one, otherwise it can not find
745 the interfaces in bridge-ifaces.
746
747 \subsection{WLAN}
748
749 A router containing a WLAN interface has an additional ethernet device
750 representing it. On Broadcom-based hardware it is typically \texttt{wl0} or on
751 Netgear WGT634u which has a Atheros WLAN chip, it is \texttt{ath0},
752 \texttt{ath1}, etc. You can use these interfaces standalone or bridged with
753 other devices, e.g. the internal LAN.
754
755 \subsubsection{Basic Settings}
756
757 Mandatory options and default parameters are in bold font.
758
759 \begin{tabular}{l|l|l}
760 \textbf{Option} & \textbf{Parameter} & \textbf{Description} \\
761 \hline
762 \textbf{type}& broadcom & Broadcom based card \\
763 & atheros & Madwifi driver \\
764 \textbf{mode}& ap & Access point mode \\
765 & sta & Client mode \\
766 & adhoc & Ad-Hoc mode \\
767 & wds & WDS point-to-point link over wireless\\
768 & monitor & The node acts as a passive monitor and only receives packets \\
769 \textbf{ssid}& <String> & Set the SSID (Network Name) \\
770 country & {ALL|DE|JP|US|...} & The country code used to determine the regulatory settings. \\
771 \end{tabular}
772
773 \subsubsection{Security Settings}
774 \begin{tabular}{l|l|l}
775 \textbf{Option} & \textbf{Parameter} & \textbf{Description} \\
776 \hline
777 \textbf{security}& none & No authorization \\
778 & wep & WEP key \\
779 & wpa-psk & WPA with preshared key \\
780 & 8021x & IEEE 802.1X authentication \\
781 \textbf{authorization}& & \textbf{wpa-psk} \\
782 & psk & WPA PSK \\
783 & psk2 & WPA2 PSK \\
784 & psk psk2 & WPA PSK and WPA2 PSK \\
785 & & \textbf{8021x} \\
786 & wpa & WPA with RADIUS \\
787 & wpa2 & WPA2 with RADIUS \\
788 & wpa wpa2 & WPA and WPA2 \\
789 \textbf{encryption}& & \textbf{wep} \\
790 & - & not needed, automatically by key size \\
791 & & \textbf{wpa-psk} \\
792 & tkip & RC4 encryption \\
793 & aes & AES encryption \\
794 & aes+tkip & support both \\
795 & & \textbf{8021x} \\
796 & wep & RC4 encryption (static) \\
797 & tkip & RC4 encryption \\
798 & aes & AES encryption \\
799 & aes+tkip & support both \\
800 eap-type & & \textbf{8021x} \\
801 & \textbf{tls} & Transport Layer Security \\
802 & ttls & Tunnelled TLS \\
803 & peap & Protected EAP \\
804 & leap & Cisco Wireless \\
805 key & & \textbf{wep} \\
806 &\{\textbf{1}|2|3|4\}& Select WEP key to use. \\
807 key[1..4] & & \textbf{wep} \\
808 & <String> & WEP key. The key must be 5, 13 or 16 bytes
809 long, or 10, 26, 32, or 64 hex digits long. The encryption
810 algorithm is automatically selected based on the key size. key1 is
811 the key for WEP client mode. \\
812 wpa-key & & \textbf{wpa-psk} \\
813 & <String> & Password to use with WPA/WPA2 PSK (at least 8,
814 up to 63 chars) \\
815 wpa-gtk-rekey & & \textbf{wpa-psk}, \textbf{8021x} \\
816 & <Int> (\textbf{3600}) & Rekeying interval in seconds. \\
817 \textbf{radius-ipaddr}& & \textbf{8021x} \\
818 & <a.b.c.d> & IP to connect. \\
819 radius-port & & \textbf{8021x} \\
820 & <Int> (\textbf{1812}) & RADIUS-Port no. to connect \\
821 \textbf{radius-key}& & \textbf{8021x} \\
822 & <String> & Shared Secret for connection to the Radius server \\
823 \end{tabular}
824
825 \subsubsection{MAC filter}
826 \begin{tabular}{l|l|l}
827 \textbf{Option} & \textbf{Parameter} & \textbf{Description} \\
828 macmode & {0|1|2} & 0 - Disable MAC address matching. \\
829 & & 1 - Deny association to stations on the MAC list. \\
830 & & 2 - Allow association to stations on the MAC list. \\
831 maclist & <MAC1> ... <MACn> & List of space separated mac addresses to
832 allow/deny according to ''macmode''. Addresses should be entered with colons,
833 e.g.: 00:02:2D:08:E2:1D 00:03:3E:05:E1:1B\\
834 \end{tabular}
835
836 \subsubsection{Wireless Distribution System (WDS)}
837 \begin{tabular}{l|l|l}
838 \texttt{Option} & \texttt{Parameter} & \texttt{Description} \\
839 lazywds & {0|1} & Accept WDS connections from anyone \\
840 wds-bridge & {brX} & Add WDS peers to bridge brX \\
841 wds-security & {wpa-psk} & secure the wds bridge with WPA (optional)\\
842 wds-encryption & {aes|tkip} & Use AES or TKIP as cipher\\
843 wds-wpa-key & <String> & Password to use with WPA PSK (at least 8, up to 63 chars) \\
844 wds & <MAC1> ... <MACn> & List of WDS peer mac addresses (xx:xx:xx:xx:xx:xx, space separated) \\
845 \end{tabular}
846
847 \subsubsection{Miscellaneous}
848 \begin{tabular}{l|l|l}
849 \textbf{Option} & \textbf{Parameter} & \textbf{Description} \\
850 channel & \{1-14\} & The wifi channel \\
851 maxassoc & \{1-255\} & Maximum number of associated clients \\
852 gmode & \{LegacyB| \textbf{Auto}| GOnly| BDeferred| Performance| LRS\} & Set the 54g Mode \\
853 frameburst & \{\textbf{0}|1\} & Disable/Enable frameburst mode. \\
854 txpower & \{0-255|\textbf{-1}\} & Set the transmit power in dBm \\
855 rate & <Int> (\textbf{-1}) & force a fixed rate \\
856 & & valid values for 802.11a are (6, 9, 12, 18, 24, 36, 48, 54) \\
857 & & valid values for 802.11b are (1, 2, 5.5, 11) \\
858 & & valid values for 802.11g are (1, 2, 5.5, 6, 9, 11, 12, 18, 24, 36, 48, 54) \\
859 & &-1 means automatically determine the best rate \\
860 rts & \{0-2347\} & Set the RTS threshhold. \\
861 frag & \{256-2346\} & Set the fragmentation threshhold. \\
862 afterburner & \{\textbf{0}|1\} & Enable Afterburner capability \\
863 isolate & \{\textbf{0}|1\} & Hide Clients from each other \\
864 bridge-if & \{br0...brX\} & The bridge interface (optional)
865 \end{tabular}
866
867 \subsubsection{Examples}
868 WLAN with WEP128
869 \begin{Verbatim}
870 iface wl0 inet static
871 address 192.168.10.1
872 netmask 255.255.255.0
873 broadcast +
874 wireless-type broadcom
875 wireless-country DE
876 wireless-mode ap
877 wireless-ssid FreeWRT
878 wireless-security wep
879 wireless-key1 11223344556677889900112233
880 wireless-channel 11
881 \end{Verbatim}
882
883 WLAN without encryption
884 \begin{Verbatim}
885 iface wl0 inet static
886 address 192.168.10.1
887 netmask 255.255.255.0
888 broadcast +
889 wireless-type broadcom
890 wireless-country DE
891 wireless-mode ap
892 wireless-ssid FreeWRT
893 wireless-security none
894 wireless-channel 11
895 \end{Verbatim}
896
897 WLAN with WPA2 (AES)
898 \begin{Verbatim}
899 iface wl0 inet static
900 address 192.168.10.1
901 netmask 255.255.255.0
902 broadcast +
903 wireless-type broadcom
904 wireless-country DE
905 wireless-mode ap
906 wireless-ssid FreeWRT
907 wireless-security wpa-psk
908 wireless-authorization psk2
909 wireless-encryption aes
910 wireless-wpa-key 12345678
911 wireless-channel 11
912 \end{Verbatim}
913
914 If you want to do MAC filtering, add the following to the sample above:
915 \begin{Verbatim}
916 wireless-macmode 2
917 wireless-mac 00:01:02:03:04:05 06:07:08:09:0a:0b
918 \end{Verbatim}
919 this enables the filter and defines the list to contain addresses that should be allowed.
920
921 To enhance wireless performance, you can enable some flags like Broadcom's SpeedBooster. Normally, these flags are not dangerous:
922 \begin{Verbatim}
923 wireless-gmode performance
924 wireless-frameburst 1
925 wireless-afterburner 1
926 \end{Verbatim}
927
928 WLAN client with WPA2 (AES)
929 \begin{Verbatim}
930 iface wl0 inet static
931 address 192.168.10.1
932 netmask 255.255.255.0
933 broadcast +
934 wireless-type broadcom
935 wireless-country DE
936 wireless-mode sta
937 wireless-ssid FreeWRT
938 wireless-security wpa-psk
939 wireless-authorization psk2
940 wireless-encryption aes
941 wireless-wpa-key 12345678
942 \end{Verbatim}
943
944 WLAN client with WEP128
945 \begin{Verbatim}
946 iface wl0 inet dhcp
947 wireless-type broadcom
948 wireless-country DE
949 wireless-mode sta
950 wireless-ssid FreeWRT
951 wireless-security wep
952 wireless-key1 11223344556677889900112233
953 \end{Verbatim}
954
955 WLAN with WDS nodes, the WDS nodes need to have the same
956 SSID, channel and encryption parameters.
957
958 WDS node 1 (MAC of Wireless 06:05:04:03:02:01)
959 \begin{Verbatim}
960 iface br0 inet static
961 bridge-ifaces wl0
962 address 192.168.10.1
963 netmask 255.255.255.0
964 broadcast +
965 wireless-type broadcom
966 wireless-country DE
967 wireless-mode wds
968 wireless-ssid FreeWRT-WDS
969 wireless-security none
970 wireless-lazywds 0
971 wireless-wds 01:02:03:04:05:06
972 wireless-wds-bridge br0
973 \end{Verbatim}
974 WDS node 2 (MAC of Wireless 01:02:03:04:05:06)
975 \begin{Verbatim}
976 iface br0 inet static
977 bridge-ifaces wl0
978 address 192.168.10.2
979 netmask 255.255.255.0
980 broadcast +
981 wireless-type broadcom
982 wireless-country DE
983 wireless-mode wds
984 wireless-ssid FreeWRT-WDS
985 wireless-security none
986 wireless-lazywds 0
987 wireless-wds 06:05:04:03:02:01
988 wireless-wds-bridge br0
989 \end{Verbatim}
990
991 Peer-to-Peer/AdHoc mode (no encryption, IP must be static)
992 \begin{Verbatim}
993 iface wl0 inet static
994 address 192.168.10.1
995 netmask 255.255.255.0
996 broadcast +
997 wireless-type broadcom
998 wireless-country DE
999 wireless-mode adhoc
1000 wireless-ssid FreeWRT
1001 wireless-security none
1002 wireless-channel 11
1003 \end{Verbatim}
1004
1005 \subsection{PPP}
1006
1007 PPP comes in various flavours for different situations, the most commonly
1008 needed will likely be DSL and for WRT54G3G users UMTS. So there exists a
1009 hook-script that evaluates a "use-template" option and generates a ppp-peer.
1010 This way everything needed so far can be configured within the
1011 \texttt{interfaces} file. Be sure you have installed the packages
1012 \texttt{kmod-ppp}, \texttt{ppp} and \texttt{ppp-mod-pppoe}. For providers
1013 using PPTP for authentication, instead of PPPoE, you need to install \texttt{pptp}.
1014
1015 \subsubsection{DSL with PPPoE}
1016 \begin{Verbatim}
1017 auto ppp0
1018 iface ppp0 inet ppp
1019 use-template dsl
1020 provider foobar
1021 ppp-username 1234567890121234567890120001@bar.de
1022 ppp-password bar
1023 ppp-device eth0.1
1024 \end{Verbatim}
1025
1026 Now your DSL connection will be started on boot (\texttt{auto ppp0})
1027 and you can manually shut it down with \texttt{ifdown ppp0} or start it up with
1028 \texttt{ifup ppp0}.
1029 The template \texttt{dsl} will configure a typical PPPoE peer for you.
1030
1031 \subsubsection{DSL with PPTP}
1032 \begin{Verbatim}
1033 auto ppp0
1034 iface ppp0 inet ppp
1035 use-template pptp
1036 provider foobar
1037 ppp-username foo
1038 ppp-password bar
1039 ppp-modemip 10.0.0.1
1040 ppp-mtu 1480
1041 ppp-device eth0.1
1042 \end{Verbatim}
1043
1044 Now your DSL connection will be started on boot (\texttt{auto ppp0})
1045 and you can manually shut it down with \texttt{ifdown ppp0} or start it up with
1046 \texttt{ifup ppp0}.
1047 The template \texttt{pptp} will configure a typical PPTP peer for you.
1048
1049 \subsubsection{UMTS}
1050 Same footprint different template and some specific options. That is all that
1051 is needed for an UMTS connection to Vodafone as it can be seen in this example.
1052 \begin{Verbatim}
1053 iface ppp0 inet ppp
1054 use-template umts
1055 provider umts
1056 #ppp-username ""
1057 #ppp-password ""
1058 ppp-device /dev/noz0
1059 umts-apn web.vodafone.de
1060 umts-pincode 1234
1061 umts-mode umts_first
1062 \end{Verbatim}
1063 As you can see: unneeded options like \texttt{ppp-username} or
1064 \texttt{ppp-password} can just be removed or commented out. Don't leave them
1065 without a value as that causes a failure in \texttt{ipup}. It does work if you
1066 give empty double quotes as value like "".
1067
1068 Note that you have to set the correct APN, username and password for your provider!
1069
1070 You may also remove the pin from your SIM-card and the configuration if you like.
1071
1072 For Linksys WRT54G3G a package called \texttt{broadcom-watchbutton} will be
1073 installed, this is a small daemon that monitors the UMTS-button of the router
1074 and executes \texttt{ifup umts} or \texttt{ifdown umts} on a button press.
1075 You have to set \texttt{watchbutton=YES} in /etc/rc.conf to have it start automatically.
1076
1077 This is totally independent from the \texttt{auto umts} setting. Even if you
1078 start the connection on bootup you can shut it down again with a button press.
1079
1080 \subsection{custom interface hooks}
1081 \subsubsection{per interface}
1082 You can execute various commands on interface startup or shutdown with special option:
1083 \begin{Verbatim}
1084 iface foobar inet static
1085 [...]
1086 pre-up <command>
1087 up <command>
1088 up <command>
1089 down <command>
1090 post-down <command>
1091 \end{Verbatim}
1092
1093 You can give each option multiple times and their commands will be executed in given order.
1094 \begin{description}
1095 \item[pre-up] before the interface will be started
1096 \item[up] after the interface was started successfully
1097 \item[down] before the interface goes down
1098 \item[post-down] after the interface shut down
1099 \end{description}
1100
1101 \subsubsection{general hooks}
1102 Additionally you can write scripts executed for each interface if you put them in
1103 \begin{itemize}
1104 \item \texttt{/etc/network/if-pre-up.d}
1105 \item \texttt{/etc/network/if-up.d}
1106 \item \texttt{/etc/network/if-down.d}
1107 \item \texttt{/etc/network/if-post-down.d}
1108 \end{itemize}
1109 Same semantics as above.
1110
1111 \section{FWCF - FreeWRT Configuration Filesystem}
1112
1113 FWCF is a separate flash partition for all changes made to the /etc directory.
1114 There is a small tool named \texttt{fwcf}, which is used to setup the system or
1115 to commit changes to the fwcf partition.
1116
1117 On bootup the script \texttt{/sbin/mount\_root} is executed, which calls \dq{}fwcf
1118 setup\dq{} to setup /etc as memory filesystem and overlay the changes committed
1119 to the fwcf partition.
1120
1121 If you change anything in /etc and like to keep the change, it is required to
1122 execute \dq{}fwcf commit\dq{}. This will compress all changed or new files in /etc
1123 and write the result into the fwcf partition. The fwcf partition is 128 Kb in
1124 size. This size is not changeable at the moment.
1125
1126 If you need more detailed information, please read the specification of FWCF,
1127 which can be found
1128 here \url{http://www.freewrt.org/trac/wiki/Documentation/Specs/FwCf}
1129
1130 If you want to remove all your changes and start your configuration from scratch,
1131 use \dq{}fwcf erase\dq{}. This is also required if you switch between compression
1132 plugins. Right now LZO plugin is default.
1133
1134 \section{IPKG - Packagemanagement}
1135
1136 All software for FreeWRT is available as a IPKG package. IPKG is a package manager
1137 very similar to Debian's dpkg/apt-get utilities. It is specially designed for
1138 embedded systems and is widely used. The FreeWRT project use a special version,
1139 which is embedded to the busybox binary. Normally the command line tool
1140 \texttt{ipkg} is pre-installed.
1141
1142 IPKG uses a configuration file similar to /etc/apt/sources.list, which
1143 contains a list of software repositories available via HTTP or FTP.
1144 The configuration file \texttt{/etc/ipkg.conf} contains the official
1145 FreeWRT 1.1 repository for your board and kernel version.
1146
1147 To update the list of available packages execute following command as root:
1148 \begin{verbatim}
1149 # ipkg update
1150 \end{verbatim}
1151
1152 This command requires a working internet connection, because it will fetch a
1153 package list from every repository declared in /etc/ipkg.conf.
1154
1155 To install a new package use following command:
1156 \begin{verbatim}
1157 # ipkg install tcpdump
1158 \end{verbatim}
1159
1160 This will install the package tcpdump and all dependencies onto the flash.
1161 Where the data is saved depends on the root filesystem you decided to use while
1162 installing FreeWRT. If you use jffs2 as root filesystem, then the package is
1163 installed on the big linux partition. If you use squashfs-overlay, then the
1164 package is installed on the mini-fo overlay filesystem which writes its data
1165 to the jffs2 data partition. If you use a squashfs-symlinks filesystem, then the
1166 package data is directly install into the jffs2 data partition, containing
1167 symlinks to the read-only squashfs partition.
1168
1169 You can also remove packages, but this is only useful if you are using JFFS2
1170 as root filesystem:
1171 \begin{verbatim}
1172 # ipkg remove tcpdump
1173 \end{verbatim}
1174
1175 This will not remove any dependencies, installed earlier. For example, libpcap
1176 is still installed after executing this command.
1177 On jffs2 root filesystem you should never remove any essential packages like
1178 busybox, fwcf or uclibc, otherwise you make the embedded system unusable.
1179
1180 Nearly the same as for removing packages, counts for ipkg upgrade. Please
1181 \textbf{never ever} use ipkg upgrade to update your embedded system. This command
1182 is only useful to upgrade single packages on a jffs2 rootfilesystem or data
1183 partition.
1184
1185 \section{Startup scripts}
1186
1187 Some of the available packages containing software which start services at boot
1188 time. For that we provide simple startup scripts, which are installed into the
1189 directory \texttt{/etc/init.d}. See following example for the package
1190 \texttt{dnsmasq}, a combined dns and dhcp server daemon:
1191
1192 \begin{verbatim}
1193 #FWINIT 50
1194 . /etc/rc.conf
1195
1196 case $1 in
1197 autostart)
1198 test x"${dns_dhcp:-NO}" = x"NO" && exit 0
1199 exec $0 start
1200 ;;
1201 start)
1202 [ -f /etc/dnsmasq.conf ] || exit
1203 /usr/sbin/dnsmasq
1204 ;;
1205 stop)
1206 killall dnsmasq
1207 ;;
1208 restart)
1209 $0 stop
1210 $0 start
1211 ;;
1212 *)
1213 echo "Usage: $0 {start | stop | restart}"
1214 ;;
1215 esac
1216 exit 0
1217 \end{verbatim}
1218
1219 After installation the package postinst script will add all needed changes to the
1220 /etc directory. For example packages can add new user and groups, add new
1221 variables to /etc/rc.conf or just add new values to existing files as
1222 /etc/services. It is FreeWRT policy to do not start any services after
1223 installation or in case of a new boot. To start services on bootup you need to set
1224 \$servicename=YES in /etc/rc.conf and commit your changes via \dq{}fwcf
1225 commit\dq{}. For every policy exist a exception, we start all essential services
1226 by default, like ssh daemon, syslog and network initialisation scripts.
1227
1228 For some services you can control the startup behavior by modifying
1229 the services\_flags variable in /etc/rc.conf.
1230
1231 For example the variable \$ssh\_opts is provided as argument to the dropbear
1232 ssh daemon to control its behavior.
1233
1234 Having this policy helps you to configure your FreeWRT embedded system without
1235 shooting yourself in the foot. For example if you try to realize a firewall
1236 system and trying to set the rules in /etc/firewall.user, which is read by
1237 /etc/init.d/firewall, if the FreeWRT firewall package (fwfirewall) is
1238 installed. You can just reload the changed ruleset via
1239 \begin{verbatim}
1240 /etc/init.d/firewall restart
1241 \end{verbatim}
1242
1243 If you managed to kick yourself out of the system, you can just reboot the
1244 system and you gain access again. As soon as your are ready with the firewall
1245 configuration and you decide to activate the firewall rules on bootup, you set
1246 \$firewall=YES in /etc/rc.conf, commit your changes via \dq{}fwcf commit\dq{}
1247 and reboot. Now the firewall rules will be activated on bootup.
1248
1249 \chapter{Troubleshooting}
1250
1251 \section{Failsafe Mode}
1252
1253 Failsafe mode is very useful if you misconfigured your embedded system, so that
1254 you can not access it anymore. E.g. if you accidentially disabled secure shell,
1255 forgot your password or misconfigured the firewall, so that you can not login
1256 any more.
1257
1258 When in failsafe mode, the device won't interpret any networking setup files.
1259 It stops even before the root filesystem gets mounted read--write, and fwcf is
1260 set up. It will just set the LAN interface up and give it the IP address
1261 192.168.1.1 and netmask 255.255.255.0. Then it will start a telnet daemon, so
1262 you get straight access (without depending on the installed SSH--daemon).
1263
1264 \subsection{How It Works}
1265
1266 To get FreeWRT into failsafe mode you need physical access to the device and
1267 the failsafe utility. The failsafe utility is built inside our ADK and
1268 is available in the directory bin/ after a successful build.
1269
1270 If you just want to compile the tool and not a complete firmware image,
1271 use following command:
1272
1273 \begin{Verbatim}
1274 $ make subdir=tools/failsafe install
1275 \end{Verbatim}
1276
1277 For some operating systems we provide ready to go binaries of failsafe.
1278 Take a look at http://www.freewrt.org/downloads/tools/failsafe
1279
1280 The tool just opens a network socket and waits for a special UDP packet
1281 from the embedded device. FreeWRT sends the UDP packet via the first
1282 recognized network interface (eth0).
1283
1284 \subsection{Enabling Failsafe Mode}
1285
1286 Connect your computer to the embedded system via direct or crossed network
1287 cable. Use the failsafe port (in most cases one of the LAN ports),
1288 see the device specific page for the exact network port.
1289
1290 Configure your network interface to the IP address 192.168.1.2 with network
1291 mask 255.255.255.0. Now start the failsafe utility on your computer.
1292
1293 \begin{Verbatim}
1294 $ ./failsafe
1295 \end{Verbatim}
1296
1297 After that power on your embedded system and wait for the following message in
1298 your failsafe application running on your computer:
1299
1300 \begin{Verbatim}
1301 Press reset now to enter Failsafe!
1302 \end{Verbatim}
1303
1304 As soon as this message is displayed you should push the reset button of
1305 your embedded system. You have 2 seconds time to push the button. If you
1306 successfully enabled the failsafe mode, following message will be displayed:
1307
1308 \begin{Verbatim}
1309 Entering Failsafe!
1310 \end{Verbatim}
1311
1312 Now you should be able to login to your embedded system via a telnet
1313 application. Just use:
1314
1315 \begin{Verbatim}
1316 $ telnet 192.168.1.1
1317 \end{Verbatim}
1318
1319 \subsection{Repairing Your FreeWRT Configuration}
1320
1321 If you want to repair your configuration, you first need to
1322 mount the root filesystem read--writeable. This is best done via:
1323
1324 \begin{Verbatim}
1325 # mount_root
1326 \end{Verbatim}
1327
1328 After that you need to enable the FreeWRT configuration filesystem:
1329
1330 \begin{Verbatim}
1331 # fwcf setup
1332 \end{Verbatim}
1333
1334 Now you can change files in /etc and repair your broken configuration.
1335 Do not forget to commit your changes afterwards.
1336
1337 \begin{Verbatim}
1338 # fwcf commit
1339 \end{Verbatim}
1340
1341 If you want to start over with the default /etc directory, just remove the fwcf
1342 partition content with following command:
1343
1344 \begin{Verbatim}
1345 mtd erase fwcf
1346 \end{Verbatim}
1347
1348 You can either use "reboot -f" or "-r" for mtd to reboot the system.
1349
1350 %\section{Serial Console}
1351
1352 %\section{JTAG}
1353
1354 % Erstmal auskommentieren. Sind ja paar Seiten die erstmal keiner braucht
1355 %\begin{appendix}
1356 %\include{A-blaetter}
1357 %\end{appendix}
1358
1359 %\cleardoublepage
1360 %\addcontentsline{toc}{chapter}{\glossaryname}
1361 \end{document}

root@freewrt.org:443
ViewVC Help
Powered by ViewVC 1.1.20