General information
Due to the Nanostation M2 special hardware (2 NIC, 1 RADIO) and its' original OpenWRT setup, it is necessary to change default zones so that the firewall protects the right ones.
IPv4 setup for Nanostation M2
Disabling DHCP
Editing the configuration files
Start by disabling the DHCP client running on the lan interface :
/etc/config/dhcp
config dhcp lan
option ignore 1
option interface lan
# Remove the rest of this section
Then forbid the service from starting again :
/etc/init.d/dnsmasq disable
Zones modification
Using uci
Be ready to reset the router if anything bad were to happen and you'd lock yourself out.
The objective of the zone modification is to protect the lan from the wan through the firewall.
First, we need to remove the existing lan bridge interface and create the new wan interface with wlan0.
uci delete network.lan
Then setup the wan :
uci set network.wan=interface
uci set network.wan.ifname=wlan0
uci set network.wan.proto=static
uci set network.wan.ipaddr=172.16.1.XX # Use your reserved IP from policy/numbering
uci set network.wan.netmask=255.255.255.255
Then we create the new lan zone that will contain the eth1 interface, which is the interface labeled Secondary on the Nanostation M2.
uci set network.lan=interface
uci set network.lan.ifname=eth1
You can also give that interface an IP address (static or dhcp) in your personal existing subnet so as to be able to connect to it by wire and update the software using your own Internet connection. Here's an example for a static IP setup in the 192.168.2.0/24 subnet.
uci set network.lan=interface
uci set network.lan.ifname=eth1
uci set network.lan.ipaddr=192.168.2.254
uci set network.lan.gateway=192.168.2.1
uci set network.lan.dns=192.168.2.1
uci set network.lan.proto=static
uci set network.lan.netmask=255.255.255.0
If you wanted the wan zone to route through the eth1 you could add this :
this is not really supported by our current babel setup and you'd have to open the necessary ports in the firewall.
uci set network.wan.gateway=192.168.2.254
uci set network.wan.dns=192.168.2.254
At the end don't forget to commit your changes to uci
uci commit
Editing the configuration files
/etc/config/network
config interface 'wan' # <- Rename to 'wan'
option ifname 'wlan0' # <- Remove eth0
#option type 'bridge' # <- Remove this
option proto 'static'
option ipaddr '172.16.1.22'
option netmask '255.255.255.255'
config interface 'lan' # <- Rename to 'lan'
option ifname 'eth1'
option ipaddr '192.168.2.254'
option gateway '192.168.2.1'
option dns '192.168.2.1'
option proto 'static' # <- You could also configure dhcp
option netmask '255.255.255.0'
Firewall modification
The zones have changed but the firewall rules shouldn't, since the wan and lan zones have only changed interfaces and not roles.
Don't forget to open the right ports for babel to work.
Sample babel setup for Nanostation M2
Editing the configuration files
After having installed babeld you can modify the configuration so that the mesh runs on the wan (or wlan0) interface.
/etc/config/babeld
config general
option local_server '33123'
# Redistribute local ipv4
# Equivalent to babel.conf format: redistribute local ip 172.16.1.22/12 metric 128
config filter
option type 'redistribute'
option local 'true'
option ip '172.16.1.22/32'
option action 'metric 128'
# Redistribute reseaulibre ipv4
# Equivalent to babel.conf format: redistribute ip 172.16.0.0/12 ge 13 metric 128
# 'ge 13' -> redistribute only what is below 172.16.
config filter
option type 'redistribute'
option ge '13'
option ip '172.16.0.0/12'
option action 'metric 128'
# Refuse anything else locally
config filter
option type 'redistribute'
option local 'true'
option action 'deny'
# Refuse anything else globally
config filter
option type 'redistribute'
option action 'deny'
config interface 'wan'
# alternatively you could use
# config interface 'wlan0'