====== OpenWRT ======

====== First steps ======
To use SSH, first telnet to router and set root password.

====== Enable SSH on WAN ======

<code bash>
uci add firewall rule
uci set firewall.@rule[-1].src=wan
uci set firewall.@rule[-1].target=ACCEPT
uci set firewall.@rule[-1].proto=tcp
uci set firewall.@rule[-1].dest_port=22
uci commit firewall
/etc/init.d/firewall restart
</code>

====== Multiple WAN IP ======
===== same provider ====
There are two method defining multiple WAN IP [[https://wiki.openwrt.org/doc/uci/network#multiple_ip_addresses]].
In both cases, addresses are added to the same interface.
It is not possible to create 2nd firewall zone, like WAN2, because all iptables rules are using physical interface name to connect iptables chain, and physical interface is the same.

Better is to create second OpenWRT interface "WAN2" but assign it to firewall zone "WAN". 
To use other external IP firewall needs to be configured manually by:
<file bash | /etc/firewall.user>
iptables -A input_wan_rule -d $WAN2_NET/29 -j reject
iptables -t nat -A prerouting_wan_rule -p tcp -d $WAN2_IP3 --dport 80  -j DNAT --to-destination 192.168.0.90:80  -m comment --comment "Web server"

# goal is to do not pass into default WAN rules
iptables -t nat -A prerouting_wan_rule -d $WAN2_NET/29 -j ACCEPT
</file>


====== PXE boot ======

<file | /etc/dnsmasq.conf>

# set tag "ENH" if request comes from iPXE ("iPXE" user class)
dhcp-userclass=set:ENH,iPXE

# alternative way, look for option 175
#dhcp-match=set:ENH,175

# UNDI
dhcp-boot=tag:!ENH,netboot.xyz-undionly.kpxe,myserver,192.168.0.231

# PXE
dhcp-boot=tag:ENH,netboot.xyz.kpxe,myserver,192.168.0.231
</file>




====== Backup ======
[[https://wiki.openwrt.org/doc/howto/generic.backup]]

====== Periodic reboot ======

===== cron job =====
<code>
# Reboot at 4:30am every day
# Note: To avoid infinite reboot loop, wait 70 seconds
# and touch a file in /etc so clock will be set
# properly to 4:31 on reboot before cron starts.
30 4 * * * sleep 70 && touch /etc/banner && reboot
</code>

or independent on system time
<code>
30 4 * * *  [ $( cat /proc/uptime | cut -d '.' -f 1 ) -gt 3600 ] && reboot
</code>

===== watchcat =====
<code bash>
opkg install watchcat luci-app-watchcat
</code>

And ''luci'' menu will be available under ''Services''

====== Issues ======
Problem: Port-forwarded traffic are always from router local IP instead of real external IP address.
Solution: Disable masq option for LAN zone (should be only on WAN) zone