Router - jamesmacwhite/hh70-ee GitHub Wiki
The router OS is a modified version of OpenWrt and is based off 14.07 Barrier Breaker release branch. The revision identifies as unknown.
DISTRIB_ID="OpenWrt"
DISTRIB_RELEASE="Bleeding Edge"
DISTRIB_REVISION="unknown"
DISTRIB_CODENAME="barrier_breaker"
DISTRIB_TARGET="ipq806x/generic"
DISTRIB_DESCRIPTION="OpenWrt Barrier Breaker unknown"
DISTRIB_TAINTS="no-all busybox override"
The running kernel version is 3.14.43.
/etc/config/network
config interface 'loopback'
option ifname 'lo'
option proto 'static'
option ipaddr '127.0.0.1'
option netmask '255.0.0.0'
config globals 'globals'
option ula_prefix 'auto'
config interface 'lan'
option ifname 'eth1'
option type 'bridge'
option proto 'static'
option netmask '255.255.255.0'
option ip6assign '60'
option ipaddr '192.168.2.1'
config interface 'wan'
option ifname 'usb0'
option proto 'static'
option ipaddr '192.168.225.111'
option netmask '255.255.255.0'
option gateway '192.168.225.1'
option dns '192.168.225.1'
config interface 'wan6'
option ifname '@wan'
option proto 'dhcpv6'
config interface 'wan2'
option ifname 'eth0'
option proto 'dhcp'
option auto_wanlan '1'
option auto_wl_time '15000'
option force_link '0'
config switch
option name 'switch0'
option reset '1'
option enable_vlan '1'
config switch_vlan
option device 'switch0'
option vlan '1'
option ports '0t 2 3 4 5'
config switch_vlan
option device 'switch0'
option vlan '2'
option ports '0t 1'
config switch_ext
option device 'switch0'
option name 'QosPtMode'
option port_id '1'
option mode 'dscp'
option status 'enable'
config switch_ext
option device 'switch0'
option name 'QosPtMode'
option port_id '2'
option mode 'dscp'
option status 'enable'
config switch_ext
option device 'switch0'
option name 'QosPtMode'
option port_id '3'
option mode 'dscp'
option status 'enable'
config switch_ext
option device 'switch0'
option name 'QosPtMode'
option port_id '4'
option mode 'dscp'
option status 'enable'
config switch_ext
option device 'switch0'
option name 'QosPtMode'
option port_id '5'
option mode 'dscp'
option status 'enable'
/etc/config/firewall
The router implements several default firewall rules from OpenWrt and some custom ones that mainly prevent access to various services on the modem IP 192.168.225.1 to the WAN side.
config defaults
option syn_flood '1'
option input 'ACCEPT'
option output 'ACCEPT'
option forward 'REJECT'
option disabled '0'
config zone
option name 'lan'
list network 'lan'
option input 'ACCEPT'
option output 'ACCEPT'
option forward 'ACCEPT'
config zone
option name 'wan'
list network 'wan'
list network 'wan2'
list network 'wan6'
option input 'REJECT'
option output 'ACCEPT'
option forward 'REJECT'
option masq '1'
option mtu_fix '1'
config forwarding
option src 'lan'
option dest 'wan'
config rule
option name 'Allow-DHCP-Renew'
option src 'wan'
option proto 'udp'
option dest_port '68'
option target 'ACCEPT'
option family 'ipv4'
config rule
option name 'Allow-Ping'
option src 'wan'
option proto 'icmp'
option icmp_type 'echo-request'
option family 'ipv4'
option target 'ACCEPT'
option enabled '0'
config rule
option name 'Allow-DHCPv6'
option src 'wan'
option proto 'udp'
option src_ip 'fe80::/10'
option src_port '547'
option dest_ip 'fe80::/10'
option dest_port '546'
option family 'ipv6'
option target 'ACCEPT'
config rule
option name 'Allow-ICMPv6-Input'
option src 'wan'
option proto 'icmp'
list icmp_type 'echo-request'
list icmp_type 'echo-reply'
list icmp_type 'destination-unreachable'
list icmp_type 'packet-too-big'
list icmp_type 'time-exceeded'
list icmp_type 'bad-header'
list icmp_type 'unknown-header-type'
list icmp_type 'router-solicitation'
list icmp_type 'neighbour-solicitation'
list icmp_type 'router-advertisement'
list icmp_type 'neighbour-advertisement'
option limit '1000/sec'
option family 'ipv6'
option target 'ACCEPT'
config rule
option name 'Allow-ICMPv6-Forward'
option src 'wan'
option dest '*'
option proto 'icmp'
list icmp_type 'echo-request'
list icmp_type 'echo-reply'
list icmp_type 'destination-unreachable'
list icmp_type 'packet-too-big'
list icmp_type 'time-exceeded'
list icmp_type 'bad-header'
list icmp_type 'unknown-header-type'
option limit '1000/sec'
option family 'ipv6'
option target 'ACCEPT'
config rule
option name 'Disable-dhcp-Forward'
option src 'lan'
option dest 'wan'
option proto 'udp'
option dest_port '67'
option target 'DROP'
option family 'ipv4'
config include
option path '/etc/firewall.user'
config rule
option name 'drop-samba138-forward'
option src 'lan'
option dest 'wan'
option proto 'udp'
option dest_ip '192.168.225.1'
option dest_port '138'
option target 'DROP'
option family 'ipv4'
option enabled '0'
config rule
option name 'drop-samba139-forward'
option src 'lan'
option dest 'wan'
option proto 'tcp'
option dest_ip '192.168.225.1'
option dest_port '139'
option target 'DROP'
option family 'ipv4'
config rule
option name 'drop-samba389-forward'
option src 'lan'
option dest 'wan'
option proto 'tcp'
option dest_ip '192.168.225.1'
option dest_port '389'
option target 'DROP'
option family 'ipv4'
config rule
option name 'drop-samba445-forward'
option src 'lan'
option dest 'wan'
option proto 'tcp'
option dest_ip '192.168.225.1'
option dest_port '445'
option target 'DROP'
option family 'ipv4'
config rule
option name 'drop-ssh-forward'
option src 'lan'
option dest 'wan'
option proto 'tcp'
option dest_ip '192.168.225.1'
option dest_port '22'
option target 'DROP'
option family 'ipv4'
config rule
option name 'drop-telnet-forward'
option src 'lan'
option dest 'wan'
option proto 'tcp'
option dest_ip '192.168.225.1'
option dest_port '23'
option target 'DROP'
option family 'ipv4'
config rule
option name 'drop-nc8888-forward'
option src 'lan'
option dest 'wan'
option proto 'tcp'
option dest_ip '192.168.225.1'
option dest_port '8888'
option target 'DROP'
option family 'ipv4'
config rule
option name 'drop-core_app2016-forward'
option src 'lan'
option dest 'wan'
option proto 'tcp'
option dest_ip '192.168.225.1'
option dest_port '2016'
option target 'DROP'
option family 'ipv4'
config include 'miniupnpd'
option type 'script'
option path '/usr/share/miniupnpd/firewall.include'
option family 'ipv4'
option reload '1'
/etc/config/wireless
The default SSID follows the format of 4GEE_Router_ followed by the last 4 digits of the IMEI and then the interface being either 2.4GHz or 5Ghz
config wifi-device 'wifi0'
option type 'qcawifi'
option channel 'auto'
option hwmode '11ng'
option enable_ol_stats '1'
option country 'GB'
option htmode 'HT40+'
option disabled '1'
config wifi-iface
option device 'wifi0'
option network 'lan'
option mode 'ap'
option wps_pbc '1'
option ssid '4GEE_Router_****_2.4GHz'
option hidden '0'
option encryption 'psk2+tkip+ccmp'
option key '***REDACTED***'
option isolate '0'
option maxsta '32'
option disablecoext '0'
option ht40intol '1'
option instance '1'
config wifi-device 'wifi1'
option type 'qcawifi'
option channel 'auto'
option hwmode '11ac'
option enable_ol_stats '1'
option country 'GB'
option htmode 'HT80'
option disabled '1'
config wifi-iface
option device 'wifi1'
option network 'lan'
option mode 'ap'
option wps_pbc '1'
option blockdfschan '1'
option ieee80211w '1'
option add_sha256 '0'
option add_sha1 '0'
option hidden '0'
option encryption 'psk2+tkip+ccmp'
option key '***REDACTED***'
option isolate '0'
option maxsta '32'
option disablecoext '0'
option instance '2'
option ssid '4GEE_Router_****_5GHz'
/etc/config/radvd
config interface
option interface 'lan'
option AdvSendAdvert 1
option AdvManagedFlag 0
option AdvOtherConfigFlag 0
list client ''
option ignore 1
config prefix
option interface 'lan'
# If not specified, a non-link-local prefix of the interface is used
list prefix ''
option AdvOnLink 1
option AdvAutonomous 1
option AdvRouterAddr 0
option ignore 1
config route
option interface 'lan'
list prefix ''
option ignore 1
config rdnss
option interface 'lan'
# If not specified, the link-local address of the interface is used
list addr ''
option ignore 1
config dnssl
option interface 'lan'
list suffix ''
option ignore 1
netstat
Active Internet connections (only servers)
Proto Recv-Q Send-Q Local Address Foreign Address State PID/Program name
tcp 0 0 192.168.1.1:80 0.0.0.0:* LISTEN 8343/webs
tcp 0 0 0.0.0.0:53 0.0.0.0:* LISTEN 1624/dnsmasq
tcp 0 0 192.168.1.1:22 0.0.0.0:* LISTEN 9102/dropbear
tcp 0 0 :::53 :::* LISTEN 1624/dnsmasq
tcp 0 0 2a01:4c8:xxx:xxxx:xxxx:xxx:xxx:xxx:22 :::* LISTEN 9102/dropbear
udp 0 0 0.0.0.0:53 0.0.0.0:* 1624/dnsmasq
udp 0 0 0.0.0.0:67 0.0.0.0:* 1624/dnsmasq
udp 0 0 :::546 :::* 1019/odhcp6c
udp 0 0 :::547 :::* 8144/odhcpd
udp 0 0 :::53 :::* 1624/dnsmasq