转载-openwrt 公网控制攻略

原文转载自: 公网控制全攻略, 网络高手是这样炼成的
http://blog.chinaunix.net/uid-27194309-id-3773990.html

• 常用端口汇总

ftp   21/tcp   # File Transfer [Control] (XAMPP: FTP Default Port)
smtp   25/tcp   mail # Simple Mail Transfer (XAMPP: SMTP Default Port)
http   80/tcp   # World Wide Web HTTP (XAMPP: Apache Default Port)
pop3   110/tcp   # Post Office Protocol - Version 3 (XAMPP: POP3 Default Port)
imap   143/tcp   # Internet Message Access Protocol (XAMPP: IMAP Default Port)
https   443/tcp   # http protocol over TLS/SSL (XAMPP: Apache SSL Port)
mysql   3306/tcp   # MySQL (XAMPP: MySQL Default Port)
AJP/1.3   8009   # AJP/1.3 (XAMPP: Tomcat AJP/1.3 Port)
http-alt  8080/tcp   # HTTP Alternate (see port 80) (XAMPP: Tomcat Default Port)

一. 已有路由做一级路由, OP做二级路由(LUCI中Network->Interfaces 的页面可以看到MAC地址)
1. OP做二级路由, 刷好特定固件
1)一级路由没有WIFI, OP路由只能设置为有线为WAN, 无线为LAN, 需要用网线连接到一级路由.
利用命令获取MAC地址: uci get network.wan.macaddr

2)一级路由有WIFI, OP路由可以设置为中继模式以WIFI连接到一级路由, 具体操作参考如下
http://blog.chinaunix.net/uid-27194309-id-3519153.html
利用命令获取MAC地址: uci get network.wwan.macaddr

root@OpenWrt:/xutest# ifconfig
br-lan    Link encap:Ethernet  HWaddr 38:83:45:36:0C:F0  
          inet addr:192.168.2.1  Bcast:192.168.2.255  Mask:255.255.255.0
          UP BROADCAST RUNNING MULTICAST  MTU:1500  Metric:1
          RX packets:266 errors:0 dropped:81 overruns:0 frame:0
          TX packets:101 errors:0 dropped:0 overruns:0 carrier:0
          collisions:0 txqueuelen:0 
          RX bytes:27528 (26.8 KiB)  TX bytes:14711 (14.3 KiB)

eth0      Link encap:Ethernet  HWaddr 38:83:45:36:0C:F0  
          UP BROADCAST MULTICAST  MTU:1500  Metric:1
          RX packets:0 errors:0 dropped:0 overruns:0 frame:0
          TX packets:0 errors:0 dropped:0 overruns:0 carrier:0
          collisions:0 txqueuelen:1000 
          RX bytes:0 (0.0 B)  TX bytes:0 (0.0 B)
          Interrupt:4 

lo        Link encap:Local Loopback  
          inet addr:127.0.0.1  Mask:255.0.0.0
          UP LOOPBACK RUNNING  MTU:16436  Metric:1
          RX packets:71 errors:0 dropped:0 overruns:0 frame:0
          TX packets:71 errors:0 dropped:0 overruns:0 carrier:0
          collisions:0 txqueuelen:0 
          RX bytes:9521 (9.2 KiB)  TX bytes:9521 (9.2 KiB)

mon.wlan0 Link encap:UNSPEC  HWaddr 38-83-45-36-0C-F0-00-48-00-00-00-00-00-00-00-00  
          UP BROADCAST RUNNING MULTICAST  MTU:1500  Metric:1
          RX packets:72700 errors:0 dropped:0 overruns:0 frame:0
          TX packets:0 errors:0 dropped:0 overruns:0 carrier:0
          collisions:0 txqueuelen:32 
          RX bytes:9609626 (9.1 MiB)  TX bytes:0 (0.0 B)

wlan0     Link encap:Ethernet  HWaddr 38:83:45:36:0C:F0  
          UP BROADCAST RUNNING MULTICAST  MTU:1500  Metric:1
          RX packets:256 errors:0 dropped:0 overruns:0 frame:0
          TX packets:233 errors:0 dropped:0 overruns:0 carrier:0
          collisions:0 txqueuelen:32 
          RX bytes:31167 (30.4 KiB)  TX bytes:38226 (37.3 KiB)

wlan0-1   Link encap:Ethernet  HWaddr 3A:83:45:36:0C:F1  
          inet addr:192.168.8.145  Bcast:192.168.8.255  Mask:255.255.255.0
          UP BROADCAST RUNNING MULTICAST  MTU:1500  Metric:1
          RX packets:26120 errors:0 dropped:5753 overruns:0 frame:0
          TX packets:4781 errors:0 dropped:0 overruns:0 carrier:0
          collisions:0 txqueuelen:32 
          RX bytes:2905650 (2.7 MiB)  TX bytes:3538122 (3.3 MiB)

1. 一级路由设置, 需要做3个设置
   1) 设置二级路由的静态IP, 一般在DHCP页面->静态IP, 将特定的MAC地址固定为特定IP以方便操作
   2) 端口转发: 一般在虚拟服务器页面, 设置8081, 8082端口转发到上步所设置的静态IP
   3) 动态DNS: 大部分路由器支持花生壳, 磊科的路由器支持 meibu.
   花生壳注册: https://console.oray.com/passport/register.html?fromurl=http%3A%2F%2Fwww.oray.com%2F
   控制台->产品管理->域名管理->免费域名, 可以看到自己的免费域名, 如我的DDNS为: qiushui-007.vicp.cc
   路由器上输入自己用户名和密码, 一般在界面上能看到成功的连接显示并列出相关的动态DNS

2. 更进一步, 一级路由仅需开启UPNP, 无需做其他设置
   1)DDNS: openwrt下支持3322, 修改 /etc/config/ddns, 做为二级路由获得公网IP

    option 'ip_source' 'web'
    option 'ip_url' 'http://www.3322.org/dyndns/getip'

2) UPnP: openwrt下安装 miniupnpc, 具体操作参考
http://blog.chinaunix.net/uid-27194309-id-3785869.html

    root@OpenWrt:/xutest# upnpc -a 192.168.8.146 8081 8081 TCP
upnpc : miniupnpc library test client. (c) 2006-2011 Thomas Bernard
Go to http://miniupnp.free.fr/ or http://miniupnp.tuxfamily.org/
for more information.
List of UPNP devices found on the network :
 desc: http://192.168.8.1:2058/rootDesc.xml
 st: urn:schemas-upnp-org:device:InternetGatewayDevice:1

Found valid IGD : http://192.168.8.1:2058/ctl/IPConn
Local LAN ip address : 192.168.8.146
ExternalIPAddress = 10.51.203.181
InternalIP:Port = 192.168.8.146:8081
external 10.51.203.181:8081 TCP is redirected to internal 192.168.8.146:8081 (duration=0)

然后, 登陆一级路由器 选择 转发规则–>upnp 设置→ 刷新 就可以看到添加了一条 UPnP 规则

测试: 家里和公司的路由器无需手工端口映射, 只用upnpc 即可成功
但家里的路由允许闭环测试, 可以在内网用公网IP直接测试,
公司的路由器不运行闭环测试, 必须增加手工端口映射才可以用公网IP测试.

有的酒店的路由是没开启UPnP的, 比如翰林大酒店, 执行 upnpc -l, 信息如下
No IGD UPnP Device found on the network !

正确时的信息如下:

root@OpenWrt:~# upnpc -l
upnpc : miniupnpc library test client. (c) 2005-2013 Thomas Bernard
Go to http://miniupnp.free.fr/ or http://miniupnp.tuxfamily.org/
for more information.
List of UPNP devices found on the network :
 desc: http://192.168.8.1:2109/rootDesc.xml
 st: urn:schemas-upnp-org:device:InternetGatewayDevice:1

Found valid IGD : http://192.168.8.1:2109/ctl/IPConn
Local LAN ip address : 192.168.8.102
Connection Type : IP_Routed
Status : Connected, uptime=2025s, LastConnectionError : ERROR_NONE
  Time started : Thu Nov  6 13:30:19 2014
MaxBitRateDown : 4200000 bps (4.2 Mbps)   MaxBitRateUp 4200000 bps (4.2 Mbps)
ExternalIPAddress = 10.50.160.66
 i protocol exPort->inAddr:inPort description remoteHost leaseTime
 0 TCP  8082->192.168.8.147:8082  'miniupnpc' '' 0
 1 TCP  8081->192.168.8.147:8081  'miniupnpc' '' 0
GetGenericPortMappingEntry() returned 713 (SpecifiedArrayIndexInvalid)

如果上级路由支持UPnP, 就可以用脚本来完成. 文件: upnp.sh

#! /bin/sh
port1=8082
port2=8081
#local_ip=192.168.8.145
#网口做WAN, 无线中继时的名称不同,
eth_name=auto
#eth_name=eth0
#eth_name=wlan0-1
/xutest/get_local_ip $eth_name > /tmp/local_ip
local_ip=$(cat /tmp/local_ip)
#echo local_ip=$local_ip
#先删除再增加
upnpc -d $port1 TCP
upnpc -d $port2 TCP
upnpc -a $local_ip $port1 $port1 TCP
upnpc -a $local_ip $port2 $port2 TCP

4 内网操作
1) 通过LAN连接到二级路由, 浏览器中输入其IP(我的一般都为192.168.2.1)
http://192.168.2.1:8082/javascript_simple.html
2) 浏览器中输入二级路由在一级路由的静态IP(参考1->1)), 如我的为 192.168.8.128
http://192.168.8.128:8082/javascript_simple.html

1. 外网操作
   直接用公网IP测试, 如: http://222.208.10.247:8082/javascript_simple.html

2. 抽空写个脚本, 开机时将公网和内网的IP都发到自己的Email, 特别适用于不会申请DDNS或者记不住自己的DDNS的朋友.
   亲, 您不会也将自己的Email也忘记了吧?

#! /bin/sh
current_date=`date +%Y_%m_%d`
current_time=`date +%H_%M_%S`
echo $current_date
echo $current_time
wget http://members.3322.org/dyndns/getip -O getip
#必须删除文件中的空格, 否则作为smtp_xu的参数时错误. 222.208.10. 247
#cat getip
sed 's/ //g' getip > getip1
cat getip1
#网口做WAN, 无线中继时的名称不同,
eth_name=auto
#eth_name=eth0
#eth_name=wlan0-1
/xutest/get_local_ip $eth_name > /tmp/local_ip
local_ip=$(cat /tmp/local_ip)
echo $local_ip
#各个变量都不能带空格.
public1=http://$(cat getip1):8082/javascript_simple.html
title=office_fish_tank
subject=today:$current_date,$current_time,$local_ip,$public1
mailto=xxg6688@163.com
echo $mailto
echo $title
echo $subject
sleep_second=5
if [ -f getip1 ]; then
#/xutest/smtp_xu [email protected] router_ip $current_date$current_time$(cat getip1)
/xutest/smtp_xu $mailto $title $subject
fi