海运的博客

N1盒子armbian编译内核开启iptables透明代理重定向REDIRECT模块

发布时间:November 17, 2018 // 分类: // 2 Comments

armbian默认内核开启REDIRECT涉及的选项较多,不能使用仅编译内核模块方式,可编译内核并替换。

首先开启Netfilter nf_tables support,然后选择nf_tables redirect support,路径见图片顶部。

2018-11-17_154225.png

开启ipv4 nf_tables support、ipv4 redirect support for nf_tables、redirect target support:

2018-11-17_153925.png

开启ipv6 nf_tables support和ipv6 redirect support for nf_tables:

2018-11-17_154122.png

ubuntu18.04编译使用transmission2.92跳过校验

发布时间:November 16, 2018 // 分类:PT // No Comments

安装编译环境及transmission依赖:

apt-get install ca-certificates libcurl4-openssl-dev libssl-dev pkg-config build-essential checkinstall libevent-dev intltool

下载编译transmission:

wget http://archive.ubuntu.com/ubuntu/pool/main/t/transmission/transmission_2.92.orig.tar.gz
tar zxvf transmission_2.92.orig.tar.gz 
cd transmission-2.92
wget http://archive.ubuntu.com/ubuntu/pool/main/t/transmission/transmission_2.92-3ubuntu2.debian.tar.xz
tar Jxvf transmission_2.92-3ubuntu2.debian.tar.xz 
#打openssl补丁,不然编译失败
patch -p 1 < debian/patches/f91cf5ad8c677b61ceb0bf5877b87f9e93256dd7.patch 
#patch -p 1 < debian/patches/8c8386a7f3f482a9c917f51d28e0042e55f56b3e.patch 
#patch -p 1 < debian/patches/transmission-fix-dns-rebinding-vuln.patch 
#transmission跳过校验patch
wget https://github.com/superlukia/transmission-2.92_skiphashcheck/commit/56e327d1dacb5b3453954b76a6d0edd30edb7a34.patch
patch -p 1 < 56e327d1dacb5b3453954b76a6d0edd30edb7a34.patch
./configure 
make 
#替换已安装的transmission-daemon
mv /usr/bin/transmission-daemon /usr/bin/transmission-daemon.bak
cp daemon/transmission-daemon /usr/bin/transmission-daemon

在WEB界面添加种子后校验时右键点击种子Ask tracker for more peers即可跳过校验。
另类方法:
https://www.jianshu.com/p/ab2df4282e59
参考:
https://github.com/superlukia/transmission-2.92_skiphashcheck

路由iptables允许转发动态IPV6地址指定后缀

发布时间:November 16, 2018 // 分类: // No Comments

使用前缀为内网机器分配公网IP地址,如果需要在外网通过IPV6访问内网机器资源,由于前缀不固定,后缀是通过mac生成的,可以用ip6tables指定后缀允许访问:

ip6tables -I FORWARD -i pppoe-wan -d ::74f2:eac0:59d4:25ed/::ffff:ffff:ffff:ffff -j ACCEPT

参考:
https://superuser.com/questions/1181445/allow-traffic-through-a-firewall-to-a-dynamic-ipv6-address

ImageBuilder制作k2p潘多拉/PandoraBox固件

发布时间:November 2, 2018 // 分类:K2P // 8 Comments

基于ubuntu 18.04,安装依赖:

apt install build-essential libncurses5-dev zlib1g-dev gawk git  libssl-dev wget unzip python ocaml-nox help2man texinfo yui-compressor

下载最新版本18.10的ImageBuilder:

https://downloads.pangubox.com/pandorabox/18.10/targets/ralink/mt7621/PandoraBox-ImageBuilder-ralink-mt7621.Linux-x86_64.tar.xz
tar Jxf PandoraBox-ImageBuilder-ralink-mt7621.Linux-x86_64.tar.xz
cd PandoraBox-ImageBuilder-ralink-mt7621.Linux-x86_64

查看可编译的固件型号及其包含的软件包:

make info

制作固件:

#info显示的所有机型固件
make image
#仅制作k2p固件
make image PROFILE="k2p"
#安装额外的软件包,自编译软件先把软件放到packages/目录下
make image PROFILE="k2p" PACKAGES="wget"
#添加files目录内文件到固件内,如files/etc/config/network网络配置文件
make image PROFILE="k2p" FILES="files"
#查看更多选项
make help

默认的软件包在以下两个文件内:

include/target.mk
.profiles.mk 

开始使用默认配置制作k2p固件:

make image PROFILE="k2p"

遇到以下错误:

 regexp could be something like 'pkgname*' '*file*' or similar
 e.g. opkg info 'libstd*' or opkg search '*libop*' or opkg remove 'libncur*'
Makefile:140: recipe for target 'package_install' failed
make[2]: *** [package_install] Error 1
make[2]: Leaving directory '/tmp/PandoraBox-ImageBuilder-ralink-mt7621.Linux-x86_64'
Makefile:110: recipe for target '_call_image' failed
make[1]: *** [_call_image] Error 2
make[1]: Leaving directory '/tmp/PandoraBox-ImageBuilder-ralink-mt7621.Linux-x86_64'
Makefile:196: recipe for target 'image' failed
make: *** [image] Error 2

因为在Makerfile 144行要预先安装kernel文件,而package没kernel软件包,下载kernel:

wget https://downloads.pangubox.com/pandorabox/18.10/targets/ralink/mt7621/packages/kernel_3.14.79-1_mipsel_1004kc_dsp.ipk -P packages/

再次执行又出现错误:

Collected errors:
 * opkg_install_cmd: Cannot install package dosfsck.
 * opkg_install_cmd: Cannot install package fkmod-leds-gpio.
 * opkg_install_cmd: Cannot install package kmod-ipt-nathelper.
 * opkg_install_cmd: Cannot install package mkdosfs.
 * satisfy_dependencies_for: Cannot satisfy the following dependencies for ralink-utils:
 *      kmod-ipt-nathelper-extra * 
Makefile:140: recipe for target 'package_install' failed
make[2]: *** [package_install] Error 255
make[2]: Leaving directory '/tmp/PandoraBox-ImageBuilder-ralink-mt7621.Linux-x86_64'
Makefile:110: recipe for target '_call_image' failed
make[1]: *** [_call_image] Error 2
make[1]: Leaving directory '/tmp/PandoraBox-ImageBuilder-ralink-mt7621.Linux-x86_64'
Makefile:196: recipe for target 'image' failed
make: *** [image] Error 2

因为新版的openwrt将kmod-ipt-nathelper-extra 更改为kmod-nf-nathelper-extra,而潘多拉的源package没修改依赖,使用以下脚本在制作时更新源后修改软件依赖项kmod-ipt-nathelper-extra为kmod-nf-nathelper-extra:

#!/bin/bash
for file in `ls dl/18.10*`;do 
        echo $file;
        mv $file $file.gz
        gunzip $file.gz
        sed -i 's/kmod-ipt-nathelper-extra/kmod-nf-nathelper-extra/g' $file
        gzip -9 $file
        mv $file.gz $file
done
sed -i 's/kmod-ipt-nathelper/kmod-nf-nathelper/g' include/target.mk 

将以上保存为fix.sh到image build目录加可执行权限,并修改Makefile文件在122行$(MAKE) package_install前插入:

$(TOPDIR)/fix.sh

再次执行又遇到以下错误:

Collected errors:
 * opkg_install_cmd: Cannot install package dosfsck.
 * opkg_install_cmd: Cannot install package fkmod-leds-gpio.
 * opkg_install_cmd: Cannot install package mkdosfs.

因为上面这3个软件有的改名,有的名字写错,修复下:

sed -i 's/fkmod-leds-gpio/kmod-leds-gpio/g' .profiles.mk
sed -i 's/mkdosfs dosfsck/dosfstools/g' .profiles.mk

再次执行终于制作完成k2p固件,将制作的固件scp到路由/tmp/目录开始刷机:

scp bin/targets/ralink/mt7621/PandoraBox-ralink-mt7621-k2p-2018-10-26-git-85c67caa2-squashfs-sysupgrade.bin 192.168.168.1:/tmp/

k2p路由内使用sysupgrade命令刷机

sysupgrade -n -v /tmp/PandoraBox-ralink-mt7621-k2p-2018-10-26-git-85c67caa2-squashfs-sysupgrade.bin

curl和wget指定ssl ca证书

发布时间:November 2, 2018 // 分类: // No Comments

openwrt下curl使用mbedtls,校验ssl要安装ca-bundle,wget使用libssl,校验ssl要安装ca-certificates,索性单独下载ca证书文件,curl和wget用配置文件指定ca证书。

curl -k https://www.haiyun.me/download/ss/cacert.pem -o /etc/ssl/certs/ca-certificates.crt
echo 'ca-certificate = /etc/ssl/certs/ca-certificates.crt' > ~/.wgetrc
echo 'cacert=/etc/ssl/certs/ca-certificates.crt' > ~/.curlrc
分类
最新文章
最近回复
  • 海运: 抱歉,没用过wireguard,不了解具体情况。看错误提示是创建虚拟网卡的类型wireguar...
  • zhu tie: 本人小白我想在n1上装wireguard,安装后错误信息如下:wg-quick up wg0[...
  • 海运: 软件版本的问题吧,用ubuntu18.04试试。
  • rxy: 18.07编译成功了,不过编译18.10的失败了,提示安装yui-compressor,事实上...
  • 海运: 将fix.sh第一行更改为#!/bin/bash
  • rxy: 不会是ubuntu版本不同的原因吧?我的是ubuntu16.04
  • 海运: 我用18.07试了下,制作成功,fix.sh保存在image build目录,并加执行权限。
  • rxy: 用了fix.还是出现这个错误:Updated list of available packag...
  • 海运: 文中有脚本内容复制保存为fix.sh文件
  • rxy: fix.sh放哪个目录里?我怎么不成功?
归档
页面执行耗时:0.2913秒。-->