Router - jamesmacwhite/hh70-ee GitHub Wiki

The router OS is a modified version of OpenWrt and is based off 14.07 Barrier Breaker release branch. The revision identifies as unknown.

DISTRIB_ID="OpenWrt"
DISTRIB_RELEASE="Bleeding Edge"
DISTRIB_REVISION="unknown"
DISTRIB_CODENAME="barrier_breaker"
DISTRIB_TARGET="ipq806x/generic"
DISTRIB_DESCRIPTION="OpenWrt Barrier Breaker unknown"
DISTRIB_TAINTS="no-all busybox override"

The running kernel version is 3.14.43.

/etc/config/network

config interface 'loopback'
	option ifname 'lo'
	option proto 'static'
	option ipaddr '127.0.0.1'
	option netmask '255.0.0.0'

config globals 'globals'
	option ula_prefix 'auto'

config interface 'lan'
	option ifname 'eth1'
	option type 'bridge'
	option proto 'static'
	option netmask '255.255.255.0'
	option ip6assign '60'
	option ipaddr '192.168.2.1'

config interface 'wan'
	option ifname 'usb0'
	option proto 'static'
	option ipaddr '192.168.225.111'
	option netmask '255.255.255.0'
	option gateway '192.168.225.1'
	option dns '192.168.225.1'

config interface 'wan6'
	option ifname '@wan'
	option proto 'dhcpv6'

config interface 'wan2'
	option ifname 'eth0'
	option proto 'dhcp'
	option auto_wanlan '1'
	option auto_wl_time '15000'
	option force_link '0'

config switch
	option name 'switch0'
	option reset '1'
	option enable_vlan '1'

config switch_vlan
	option device 'switch0'
	option vlan '1'
	option ports '0t 2 3 4 5'

config switch_vlan
	option device 'switch0'
	option vlan '2'
	option ports '0t 1'

config switch_ext
	option device 'switch0'
	option name 'QosPtMode'
	option port_id '1'
	option mode 'dscp'
	option status 'enable'

config switch_ext
	option device 'switch0'
	option name 'QosPtMode'
	option port_id '2'
	option mode 'dscp'
	option status 'enable'

config switch_ext
	option device 'switch0'
	option name 'QosPtMode'
	option port_id '3'
	option mode 'dscp'
	option status 'enable'

config switch_ext
	option device 'switch0'
	option name 'QosPtMode'
	option port_id '4'
	option mode 'dscp'
	option status 'enable'

config switch_ext
	option device 'switch0'
	option name 'QosPtMode'
	option port_id '5'
	option mode 'dscp'
	option status 'enable'

/etc/config/firewall

The router implements several default firewall rules from OpenWrt and some custom ones that mainly prevent access to various services on the modem IP 192.168.225.1 to the WAN side.

config defaults
	option syn_flood '1'
	option input 'ACCEPT'
	option output 'ACCEPT'
	option forward 'REJECT'
	option disabled '0'

config zone
	option name 'lan'
	list network 'lan'
	option input 'ACCEPT'
	option output 'ACCEPT'
	option forward 'ACCEPT'

config zone
	option name 'wan'
	list network 'wan'
	list network 'wan2'
	list network 'wan6'
	option input 'REJECT'
	option output 'ACCEPT'
	option forward 'REJECT'
	option masq '1'
	option mtu_fix '1'

config forwarding
	option src 'lan'
	option dest 'wan'

config rule
	option name 'Allow-DHCP-Renew'
	option src 'wan'
	option proto 'udp'
	option dest_port '68'
	option target 'ACCEPT'
	option family 'ipv4'

config rule
	option name 'Allow-Ping'
	option src 'wan'
	option proto 'icmp'
	option icmp_type 'echo-request'
	option family 'ipv4'
	option target 'ACCEPT'
	option enabled '0'

config rule
	option name 'Allow-DHCPv6'
	option src 'wan'
	option proto 'udp'
	option src_ip 'fe80::/10'
	option src_port '547'
	option dest_ip 'fe80::/10'
	option dest_port '546'
	option family 'ipv6'
	option target 'ACCEPT'

config rule
	option name 'Allow-ICMPv6-Input'
	option src 'wan'
	option proto 'icmp'
	list icmp_type 'echo-request'
	list icmp_type 'echo-reply'
	list icmp_type 'destination-unreachable'
	list icmp_type 'packet-too-big'
	list icmp_type 'time-exceeded'
	list icmp_type 'bad-header'
	list icmp_type 'unknown-header-type'
	list icmp_type 'router-solicitation'
	list icmp_type 'neighbour-solicitation'
	list icmp_type 'router-advertisement'
	list icmp_type 'neighbour-advertisement'
	option limit '1000/sec'
	option family 'ipv6'
	option target 'ACCEPT'

config rule
	option name 'Allow-ICMPv6-Forward'
	option src 'wan'
	option dest '*'
	option proto 'icmp'
	list icmp_type 'echo-request'
	list icmp_type 'echo-reply'
	list icmp_type 'destination-unreachable'
	list icmp_type 'packet-too-big'
	list icmp_type 'time-exceeded'
	list icmp_type 'bad-header'
	list icmp_type 'unknown-header-type'
	option limit '1000/sec'
	option family 'ipv6'
	option target 'ACCEPT'

config rule
	option name 'Disable-dhcp-Forward'
	option src 'lan'
	option dest 'wan'
	option proto 'udp'
	option dest_port '67'
	option target 'DROP'
	option family 'ipv4'

config include
	option path '/etc/firewall.user'

config rule
	option name 'drop-samba138-forward'
	option src 'lan'
	option dest 'wan'
	option proto 'udp'
	option dest_ip '192.168.225.1'
	option dest_port '138'
	option target 'DROP'
	option family 'ipv4'
	option enabled '0'

config rule
	option name 'drop-samba139-forward'
	option src 'lan'
	option dest 'wan'
	option proto 'tcp'
	option dest_ip '192.168.225.1'
	option dest_port '139'
	option target 'DROP'
	option family 'ipv4'

config rule
	option name 'drop-samba389-forward'
	option src 'lan'
	option dest 'wan'
	option proto 'tcp'
	option dest_ip '192.168.225.1'
	option dest_port '389'
	option target 'DROP'
	option family 'ipv4'

config rule
	option name 'drop-samba445-forward'
	option src 'lan'
	option dest 'wan'
	option proto 'tcp'
	option dest_ip '192.168.225.1'
	option dest_port '445'
	option target 'DROP'
	option family 'ipv4'

config rule
	option name 'drop-ssh-forward'
	option src 'lan'
	option dest 'wan'
	option proto 'tcp'
	option dest_ip '192.168.225.1'
	option dest_port '22'
	option target 'DROP'
	option family 'ipv4'

config rule
	option name 'drop-telnet-forward'
	option src 'lan'
	option dest 'wan'
	option proto 'tcp'
	option dest_ip '192.168.225.1'
	option dest_port '23'
	option target 'DROP'
	option family 'ipv4'

config rule
	option name 'drop-nc8888-forward'
	option src 'lan'
	option dest 'wan'
	option proto 'tcp'
	option dest_ip '192.168.225.1'
	option dest_port '8888'
	option target 'DROP'
	option family 'ipv4'

config rule
	option name 'drop-core_app2016-forward'
	option src 'lan'
	option dest 'wan'
	option proto 'tcp'
	option dest_ip '192.168.225.1'
	option dest_port '2016'
	option target 'DROP'
	option family 'ipv4'	

config include 'miniupnpd'
	option type 'script'
	option path '/usr/share/miniupnpd/firewall.include'
	option family 'ipv4'
	option reload '1'

/etc/config/wireless

The default SSID follows the format of 4GEE_Router_ followed by the last 4 digits of the IMEI and then the interface being either 2.4GHz or 5Ghz

config wifi-device 'wifi0'
	option type 'qcawifi'
	option channel 'auto'
	option hwmode '11ng'
	option enable_ol_stats '1'
	option country 'GB'
	option htmode 'HT40+'
	option disabled '1'

config wifi-iface
	option device 'wifi0'
	option network 'lan'
	option mode 'ap'
	option wps_pbc '1'
	option ssid '4GEE_Router_****_2.4GHz'
	option hidden '0'
	option encryption 'psk2+tkip+ccmp'
	option key '***REDACTED***'
	option isolate '0'
	option maxsta '32'
	option disablecoext '0'
	option ht40intol '1'
	option instance '1'

config wifi-device 'wifi1'
	option type 'qcawifi'
	option channel 'auto'
	option hwmode '11ac'
	option enable_ol_stats '1'
	option country 'GB'
	option htmode 'HT80'
	option disabled '1'

config wifi-iface
	option device 'wifi1'
	option network 'lan'
	option mode 'ap'
	option wps_pbc '1'
	option blockdfschan '1'
	option ieee80211w '1'
	option add_sha256 '0'
	option add_sha1 '0'
	option hidden '0'
	option encryption 'psk2+tkip+ccmp'
	option key '***REDACTED***'
	option isolate '0'
	option maxsta '32'
	option disablecoext '0'
	option instance '2'
	option ssid '4GEE_Router_****_5GHz'

/etc/config/radvd

config interface
	option interface	'lan'
	option AdvSendAdvert	1
	option AdvManagedFlag	0
	option AdvOtherConfigFlag 0
	list client		''
	option ignore		1

config prefix
	option interface	'lan'
	# If not specified, a non-link-local prefix of the interface is used
	list prefix		''
	option AdvOnLink	1
	option AdvAutonomous	1
	option AdvRouterAddr	0
	option ignore		1

config route
	option interface	'lan'
	list prefix		''
	option ignore		1

config rdnss
	option interface	'lan'
	# If not specified, the link-local address of the interface is used
	list addr		''
	option ignore		1

config dnssl
	option interface	'lan'
	list suffix		''
	option ignore		1

netstat

Active Internet connections (only servers)
Proto Recv-Q Send-Q Local Address           Foreign Address         State       PID/Program name    
tcp        0      0 192.168.1.1:80          0.0.0.0:*               LISTEN      8343/webs
tcp        0      0 0.0.0.0:53              0.0.0.0:*               LISTEN      1624/dnsmasq
tcp        0      0 192.168.1.1:22          0.0.0.0:*               LISTEN      9102/dropbear
tcp        0      0 :::53                   :::*                    LISTEN      1624/dnsmasq
tcp        0      0 2a01:4c8:xxx:xxxx:xxxx:xxx:xxx:xxx:22 :::*                    LISTEN      9102/dropbear
udp        0      0 0.0.0.0:53              0.0.0.0:*                           1624/dnsmasq
udp        0      0 0.0.0.0:67              0.0.0.0:*                           1624/dnsmasq
udp        0      0 :::546                  :::*                                1019/odhcp6c
udp        0      0 :::547                  :::*                                8144/odhcpd
udp        0      0 :::53                   :::*                                1624/dnsmasq