OpenWrt is a powerful router operating system, and it can also be used for other purposes. Currently, it is most widely used as a router.
The core function of a router is, of course, networking. Familiarity with OpenWrt network configuration is essential for both developers and enthusiasts. I believe OpenWrt is the best system to learn Linux networking, as it not only allows you to learn basic network configuration but also lets you study the Linux protocol stack in conjunction with the Linux kernel. Here, I will introduce the basic configuration of OpenWrt networking.
This article mainly explains through the command line, as many people install OpenWrt on an x86 virtual machine and often feel lost when the network is not working during the initial configuration. By knowing how to configure OpenWrt using the command line, you can configure OpenWrt networking without needing the web interface, which greatly facilitates enthusiasts tinkering with x86 or virtual machines.
Configuration Files
All OpenWrt configurations are stored in the /etc/config directory. The following are the main network configuration files:
-
Network interface configuration /etc/config/network -
Network service configuration /etc/config/dhcp -
Firewall configuration /etc/config/firewall
Network Interfaces
OpenWrt network interfaces generally include LAN and WAN ports. However, if it is an x86 device with only one network card, it will only generate LAN port information. In a virtual machine, we typically configure only one network card by default to facilitate network configuration. After familiarizing yourself with the basic network configurations, you can try turning OpenWrt into a router.
Viewing Network Card Configuration and IP Information
In previous tutorials, we set the network card IP to dynamically obtain an IP address. So, what are the ways to view the network card and IP information?
-
View through the web interfaceThis is our most commonly used viewing method. However, as a developer, you should learn the following command line methods to view it. -
ifconfig
ifconfig is a command used to display and configure network interfaces in Linux/Unix operating systems.
The ifconfig command can display information about all available network interfaces in the current system, such as IP address, MAC address, subnet mask, broadcast address, etc.
Command format: ifconfig $ifname For example, to view LAN port information: ifconfig br-lan
br-lan Link encap:Ethernet HWaddr 00:0C:29:9F:9A:35
inet addr:192.168.10.161 Bcast:192.168.10.255 Mask:255.255.255.0
inet6 addr: fdf1:f344:c0d9::1/60 Scope:Global
inet6 addr: fe80::20c:29ff:fe9f:9a35/64 Scope:Link
UP BROADCAST RUNNING MULTICAST MTU:1500 Metric:1
RX packets:71256 errors:0 dropped:0 overruns:0 frame:0
TX packets:50883 errors:0 dropped:0 overruns:0 carrier:0
collisions:0 txqueuelen:1000
RX bytes:19697329 (18.7 MiB) TX bytes:48109633 (45.8 MiB)
To view all interfaces: ifconfig
Since ifconfig only shows IP and subnet mask information, you also need to use the ip or route command to view routing information.
root@OpenWrt:~# ip route
default via 192.168.10.1 dev br-lan src 192.168.10.161
192.168.10.0/24 dev br-lan scope link src 192.168.10.161
root@OpenWrt:~#
root@OpenWrt:~#
root@OpenWrt:~# route
Kernel IP routing table
Destination Gateway Genmask Flags Metric Ref Use Iface
default 192.168.10.1 0.0.0.0 UG 0 0 0 br-lan
192.168.10.0 * 255.255.255.0 U 0 0 0 br-lan
root@OpenWrt:~#
-
View through ubus command
ubus is a lightweight RPC (Remote Procedure Call) mechanism in OpenWrt used for inter-process communication. ubus supports JSON-based messaging and asynchronous communication, and can be used to perform various operations on OpenWrt devices, such as obtaining device status, configuring network settings, querying system information, etc.
You can use the ubus command to view network information of OpenWrt devices.
The specific steps are as follows:
Get detailed information about a specific network interface (interface name, MAC address, IP address, subnet mask, broadcast address, gateway, DNS server)
ubus call network.interface.<interface_name> status
Where <interface_name> is the name of the network interface. For example, to get detailed information about the LAN interface: ubus call network.interface.lan status
{
"up": true,
"pending": false,
"available": true,
"autostart": true,
"dynamic": false,
"uptime": 14506,
"l3_device": "br-lan",
"proto": "dhcp",
"device": "br-lan",
"metric": 0,
"dns_metric": 0,
"delegation": true,
"ipv4-address": [
{
"address": "192.168.10.161",
"mask": 24
}
],
"ipv6-address": [
],
"ipv6-prefix": [
],
"ipv6-prefix-assignment": [
{
"address": "fdf1:f344:c0d9::",
"mask": 60,
"local-address": {
"address": "fdf1:f344:c0d9::1",
"mask": 60
}
}
],
"route": [
{
"target": "0.0.0.0",
"mask": 0,
"nexthop": "192.168.10.1",
"source": "192.168.10.161/32"
}
],
"dns-server": [
"192.168.10.1"
],
"dns-search": [
],
"neighbors": [
],
"inactive": {
"ipv4-address": [
],
"ipv6-address": [
],
"route": [
],
"dns-server": [
],
"dns-search": [
],
"neighbors": [
]
},
"data": {
"dhcpserver": "192.168.10.1",
"hostname": "OpenWrt",
"leasetime": 1800
}
}
-
View configurationWe can also obtain network card configuration information by reading the configuration, but if it is set to DHCP mode, the status data will not be stored in the configuration. This method is suitable for viewing basic information, such as IP address acquisition method, interface information, etc. View file commandcat /etc/config/network
root@OpenWrt:~# cat /etc/config/network
config interface 'loopback'
option device 'lo'
option proto 'static'
option ipaddr '127.0.0.1'
option netmask '255.0.0.0'
config globals 'globals'
option ula_prefix 'fdf1:f344:c0d9::/48'
config device
option name 'br-lan'
option type 'bridge'
list ports 'eth0'
config interface 'lan'
option device 'br-lan'
option ipaddr '192.168.1.1'
option netmask '255.255.255.0'
option ip6assign '60'
option proto 'dhcp'
uci configuration viewing command uci show network
root@OpenWrt:~# uci show network
network.loopback=interface
network.loopback.device='lo'
network.loopback.proto='static'
network.loopback.ipaddr='127.0.0.1'
network.loopback.netmask='255.0.0.0'
network.globals=globals
network.globals.ula_prefix='fdf1:f344:c0d9::/48'
network.@device[0]=device
network.@device[0].name='br-lan'
network.@device[0].type='bridge'
network.@device[0].ports='eth0'
network.lan=interface
network.lan.device='br-lan'
network.lan.ipaddr='192.168.1.1'
network.lan.netmask='255.255.255.0'
network.lan.ip6assign='60'
network.lan.proto='dhcp'
uci show network.lan
root@OpenWrt:~# uci show network.lan
network.lan=interface
network.lan.device='br-lan'
network.lan.ipaddr='192.168.1.1'
network.lan.netmask='255.255.255.0'
network.lan.ip6assign='60'
network.lan.proto='dhcp'
Network Configuration Commands
-
Configure dynamic acquisition uci set network.lan.proto=dhcp -
Configure static IP
Set IP configuration method:
uci set network.lan.proto='static'
Set the IP address of the LAN port:
uci set network.lan.ipaddr='192.168.10.100'
Set the subnet mask of the LAN port:
uci set network.lan.netmask='255.255.255.0'
Set the gateway address of the LAN port:
uci set network.lan.gateway='192.168.10.1'
Set the DNS server address:
uci set network.lan.dns='8.8.8.8'
If there are multiple DNS servers, you can separate multiple IP addresses with spaces, for example:
uci set network.lan.dns='8.8.8.8 8.8.4.4'
Save the modified configuration:
uci commit network
Finally, restart the network service to take effect
/etc/init.d/network reload
After completing the above steps, the LAN port of the OpenWrt device will be configured with a static IP address of 192.168.10.100, subnet mask of 255.255.255.0, gateway of 192.168.10.1, and DNS of 8.8.8.8.
Complete command:
uci set network.lan.proto='static'
uci set network.lan.ipaddr='192.168.10.100'
uci set network.lan.netmask='255.255.255.0'
uci set network.lan.gateway='192.168.10.1'
uci set network.lan.dns='8.8.8.8'
uci commit network
/etc/init.d/network reload
After executing, you can view uci and configuration files
root@OpenWrt:~# uci set network.lan.proto='static'
root@OpenWrt:~# uci set network.lan.ipaddr='192.168.10.100'
root@OpenWrt:~# uci set network.lan.netmask='255.255.255.0'
root@OpenWrt:~# uci set network.lan.gateway='192.168.10.1'
root@OpenWrt:~# uci set network.lan.dns='8.8.8.8'
root@OpenWrt:~# uci commit network
root@OpenWrt:~#
root@OpenWrt:~#
root@OpenWrt:~# uci show network.lan
network.lan=interface
network.lan.device='br-lan'
network.lan.netmask='255.255.255.0'
network.lan.ip6assign='60'
network.lan.proto='static'
network.lan.ipaddr='192.168.10.100'
network.lan.gateway='192.168.10.1'
network.lan.dns='8.8.8.8'
LAN interface modified configuration
config interface 'lan'
option device 'br-lan'
option netmask '255.255.255.0'
option ip6assign '60'
option proto 'static'
option ipaddr '192.168.10.100'
option gateway '192.168.10.1'
option dns '8.8.8.8'
Network Restart Commands
After modifying the network configuration, there are various ways to make the configuration effective:
-
/etc/init.d/network reload -
/etc/init.d/network restart -
ubus call network reload
DHCP Server Configuration
The DHCP server is used to assign IP addresses to clients on the local area network. The DHCP server for the default LAN port is enabled. If the LAN virtual network card is set to bridge mode, the LAN port and PC are in the same broadcast domain, and the PC may obtain an IP assigned by the OpenWrt system.
To prevent multiple DHCP servers, we need to either change the LAN port to obtain an IP via DHCP or disable the DHCP server. Here, I will teach you how to disable the DHCP server.
-
The DHCP server configuration file is stored in /etc/config/dhcp, which contains the DHCP server configuration and interface DHCP configuration.
-
Disable LAN port DHCP
Ignore LAN port DHCP: uci set dhcp.lan.ignore=1 Save configuration: uci commit dhcp Restart service: /etc/init.d/dnsmasq restart
WAN Port Configuration
If it is a router, the WAN interface is included by default. However, if it is a virtual machine with only one network card configured, it is necessary to configure the WAN interface to build a routing environment. For specific details, see the last tutorial on building OpenWrt virtual network environments.
View WAN port configuration
uci show network.wan
Common Configurations The WAN port configuration is similar to the LAN port. It can also be set to static, DHCP, PPPoE, etc. We can modify it using the uci command or edit the /etc/config/network configuration file using the vi command. The configuration activation method is the same as for the LAN port.
The following are various interface configurations in /etc/config/network:
-
DHCP mode
config interface 'wan'
option device 'eth1'
option proto 'dhcp'
-
Static IP
config interface 'wan'
option device 'eth1'
option proto 'static'
option ipaddr '192.168.10.171'
option netmask '255.255.255.0'
list dns '192.168.10.1'
list dns '8.8.8.8'
-
PPPoE Dial-up
config interface 'wan'
option device 'eth1'
option proto 'pppoe'
option username 'test'
option password '123456'
option ipv6 'auto'
Building a Virtual Machine Routing Environment
-
Add a Virtual Network Card When we install the system through a virtual machine, only one network card is configured by default. Therefore, we need to add another network card for the WAN port.
-
Network Planning
To facilitate the simulation of data forwarding from LAN to WAN, we need to add a virtual PC that is in the same local area network as the OpenWrt LAN port, while the OpenWrt WAN port is in the same local area network as the physical PC (either through bridging or NAT mode). This way, the virtual PC’s internet data will be processed by OpenWrt, which acts as a router.
Network Topology Configure the OpenWrt LAN interface as host mode bound to vmnet10 (others that are not occupied can also be used), so that all network cards in vmnet10 are in the same local area network as the OpenWrt LAN. The WAN port network card is set to bridge mode, so that the WAN port can obtain an IP assigned by the router and be in the same subnet as the PC network card.
The network topology diagram is as follows: 
According to the network topology, you also need to add a client that binds its network card to vmnet10. This client can connect to the internet via the OpenWrt virtual machine. It is recommended to clone the OpenWrt system and then modify the network card configuration for use as a client. Of course, you can also add a Windows or Ubuntu virtual machine to connect to the OpenWrt router’s LAN port.
Managing OpenWrt After deploying according to the above topology, you may notice a problem: the physical PC cannot directly access OpenWrt, because the PC and the OpenWrt WAN port are in the same subnet, while the OpenWrt LAN is not in the same subnet. How can we manage and configure the OpenWrt system?
Here are two solutions:
-
Add a virtual PC connected to the OpenWrt LAN port, so you can directly manage OpenWrt from the virtual PC. -
Access the OpenWrt system through the WAN port. Note that by default, you cannot directly access through the WAN port because OpenWrt has the WAN port firewall enabled by default, which needs to be disabled first.
Disable WAN Port Firewall Open the firewall configuration, find the configuration rules for the WAN port, change REJECT to ACCEPT, and then reload the firewall rules using vi /etc/config/firewall.
/etc/init.d/firewall restart
After this, you will be able to access the OpenWrt system via the web interface using the WAN port IP. You can also access the backend by connecting to the WAN port IP via SSH. Note that for older versions of OpenWrt, you need to bind the SSH service to the WAN port to access it. The SSH configuration file is /etc/config/dropbear, bind it to WAN and restart the service. To restart the SSH service, use the command /etc/init.d/dropbear restart.
Reply “666” in the backend to get the purchase link for the OpenWrt anti-addiction router, which can control children’s gaming, video watching, and game record checking.
Welcome to follow our official account
Sharing OpenWrt router technology insights