openwrt 首次启动脚本--无线中继
主要实现:
管理员密码设置
主机名设置
时区设置
无线连接上级wifi,同时支持ipv4 ipv6两个网络接口,设置防火墙
桥接lan wifi中继
关闭LAN接口DHCP,
关闭dnsmasq,
本例上级wifi是192.168.2.0/24网段
#luci-i18n-package-manager-zh-cn luci-i18n-base-zh-cn luci-i18n-firewall-zh-cn relayd luci-proto-relay #!/bin/sh ############################################## # 集中式变量配置区(所有可调参数在此设置) ############################################## ### 系统基础配置 ### ROOT_PASSWORD="12345678" # 管理员密码 NETWORK_HOSTNAME="openwrt-print" # 设备主机名 TIMEZONE="UTC+8" # 时区设置 ZONENAME="Asia/Shanghai" # 时区名称 ### 无线客户端配置 ### WIFI_SSID='Openwrt_2.4G' # 上级WiFi名称 WIFI_ENCRYPTION='psk2' # 加密方式 WIFI_DEVICE='radio0' # 无线设备名称 WIFI_BSSID='AA:BB:CC:DD:EE:FF' # 上级AP的MAC地址 WIFI_KEY='12345678' # WiFi连接密码 WIFI_IFNAME='WifiClient' # 无线接口名称 WIFI_NETWORK_v4='wlan4' # 关联的网络接口 WIFI_NETWORK_v6='wlan6' # 关联的网络接口 ### 中继配置 ### RELAY_PROTO='relay' # 中继协议类型 RELAY_IP='192.168.2.3' # 中继IP地址(上游网段,不冲突地址) RELAY_NETMASK='255.255.255.0' # 中继子网掩码 RELAY_IFNAME='relay' # 中继接口名称 RELAY_LOCAL_IFNAME='lan' # 本地接口名称 ### 防火墙配置 ### FIREWALL_ZONE='lan' # 目标防火墙区域 ### 日志配置 ### LOG_FILE="/root/deploy.log" # 操作日志路径 ############################################## # 初始化核心逻辑(非必要请勿修改) ############################################## ### 函数定义 ### # 简易日志记录(同时输出到控制台和日志文件) log() { local timestamp=$(date '+%Y-%m-%d %H:%M:%S') echo "[$timestamp] $1" | tee -a "$LOG_FILE" } # 错误处理函数 die() { log "执行失败:$1 (错误码:$2)" echo "! 初始化失败,请检查 $LOG_FILE !" >&2 exit $2 } ### 执行流程 ### log "=== 开始执行OpenWrt网络初始化脚本 ===" ############################################## # 阶段 1/4:系统基础配置 ############################################## log "--- 阶段1/4:配置系统参数 ---" # 设置root密码 if [ -n "${ROOT_PASSWORD}" ]; then if ! (echo -e "${ROOT_PASSWORD}\n${ROOT_PASSWORD}" | passwd root 2>&1 | tee -a "$LOG_FILE"); then die "密码设置失败,请检查复杂度" 101 fi log "系统管理员密码已更新" fi # 配置基础系统参数 uci batch <<EOF 2>&1 | tee -a "$LOG_FILE" || die "系统参数写入失败" 102 set system.@system[0].hostname='${NETWORK_HOSTNAME}' set system.@system[0].timezone='${TIMEZONE}' set system.@system[0].zonename='${ZONENAME}' commit EOF log "系统主机名与时区配置完成" ############################################## # 阶段 2/4:无线客户端配置 ############################################## log "--- 阶段2/4:配置无线客户端 ---" # 创建网络接口 uci set network.${WIFI_NETWORK_v4}=interface || die "创建IPv4接口失败" 201 uci set network.${WIFI_NETWORK_v4}.proto='static' uci set network.${WIFI_NETWORK_v4}.ipaddr="${RELAY_IP}" uci set network.${WIFI_NETWORK_v4}.netmask="${RELAY_NETMASK}" uci set network.${WIFI_NETWORK_v6}=interface || die "创建IPv6接口失败" 202 uci set network.${WIFI_NETWORK_v6}.proto='dhcpv6' uci set network.${WIFI_NETWORK_v6}.reqaddress='try' uci set network.${WIFI_NETWORK_v6}.reqprefix='auto' uci set network.${WIFI_NETWORK_v6}.norelease='1' log "网络接口wlan4/wlan6初始化完成" # 配置无线设备 uci set wireless.${WIFI_DEVICE}.disabled='0' || die "启用无线设备失败" 203 uci set wireless.${WIFI_DEVICE}.cell_density='0' # 配置STA模式 uci set wireless.default_${WIFI_DEVICE}.disabled='0' uci set wireless.default_${WIFI_DEVICE}.mode='sta' uci set wireless.default_${WIFI_DEVICE}.bssid="${WIFI_BSSID}" uci set wireless.default_${WIFI_DEVICE}.ifname="${WIFI_IFNAME}" uci set wireless.default_${WIFI_DEVICE}.ipv6='1' uci set wireless.default_${WIFI_DEVICE}.device="${WIFI_DEVICE}" uci set wireless.default_${WIFI_DEVICE}.ssid="${WIFI_SSID}" uci set wireless.default_${WIFI_DEVICE}.encryption="${WIFI_ENCRYPTION}" uci set wireless.default_${WIFI_DEVICE}.key="${WIFI_KEY}" uci set wireless.default_${WIFI_DEVICE}.network="${WIFI_NETWORK_v4} ${WIFI_NETWORK_v6}" log "无线客户端配置完成(SSID:${WIFI_SSID})" ############################################## # 阶段 3/4:中继桥配置 ############################################## log "--- 阶段3/4:配置中继桥接 ---" # 创建中继接口 uci set network.${RELAY_IFNAME}=interface || die "创建中继接口失败" 301 uci set network.${RELAY_IFNAME}.proto="${RELAY_PROTO}" uci set network.${RELAY_IFNAME}.ipaddr="${RELAY_IP}" uci set network.${RELAY_IFNAME}.netmask="${RELAY_NETMASK}" # 绑定桥接网络 uci add_list network.${RELAY_IFNAME}.network="${RELAY_LOCAL_IFNAME}" uci add_list network.${RELAY_IFNAME}.network="${WIFI_NETWORK_v4}" uci add_list network.${RELAY_IFNAME}.network="${WIFI_NETWORK_v6}" log "中继桥接规则已绑定" ############################################## # 阶段 4/4:防火墙与服务配置 ############################################## log "--- 阶段4/4:配置防火墙策略 ---" # 调整防火墙区域 uci add_list firewall.@zone[0].network="${WIFI_NETWORK_v4}" || die "防火墙配置失败" 401 uci add_list firewall.@zone[0].network="${WIFI_NETWORK_v6}" # 删除防火墙区域wan uci delete firewall.@zone[1] # 禁用LAN DHCP uci set dhcp.lan.ignore='1' # 禁用dnsmasq /etc/init.d/dnsmasq disable && log "已禁用DNSmasq服务" /etc/init.d/dnsmasq stop && log "已停止DNSmasq进程" # 提交配置变更 uci commit || die "配置提交失败" 402 log "所有配置已提交" # 重启防火墙 service firewall restart || die "防火墙重启失败" 403 log "防火墙服务已重启" ############################################## # 完成提示 ############################################## log "=== 网络初始化脚本执行完毕 ===" echo "----------------------------------------" echo " 执行结果:" echo " 中继IP:$RELAY_IP" echo " 日志路径:$LOG_FILE" echo "----------------------------------------" exit 0
更新一下最新使用的版本
1、更灵活的参数区
加入 VERSION 常量、拆分 IPv4/IPv6/管理地址等变量,日志路径默认改到 /var/log/deploy.log 并自动建目录。
2、脚本结构模块化
以 configure_system / configure_wireless_client / configure_relay_bridge / configure_firewall / configure_luci_print_service 五大函数串联在 main(),每段日志自解释。
3、无线客户端与中继桥
继续创建 wlan4/wlan6,站点模式 IPv6 保持开启,中继接口和防火墙 zone 同时绑定 IPv4、IPv6 用于桥接上游地址。
4、防火墙与服务调整
逐项删除 wan zone 及其转发、规则、端口映射。
禁用下游 DHCP/DHCPv6/NDP,清空 ula_prefix,防止分发 ULA 或 DHCPv6 租约。
禁用并停止 dnsmasq,提交后直接 firewall restart。
加入阶段日志 4/5-1~4,便于定位执行过程。
5、打印服务
仍启用 p910nd,失败时仅记录日志。
6、容错策略
passwd 仅在设定密码时执行,空密码情形明确记录;其他写值失败只输出日志,不再 die 终止。
7、备用管理IP
唯一的网络接口,可以使用192.168.100.1进行管理,虽然没有DHCP,也可以在桥接失败的情况下,强制设置本机IP192.168.100.2,通过192.168.100.1进行管理。
#luci-i18n-package-manager-zh-cn luci-i18n-base-zh-cn luci-i18n-firewall-zh-cn relayd luci-proto-relay p910nd luci-app-p910nd luci-i18n-p910nd-zh-cn #!/bin/sh ############################################## # 集中式变量配置区(所有可调参数在此设置) ############################################## VERSION=2.0 ### 系统基础配置 ### ROOT_PASSWORD="" # 管理员密码 NETWORK_HOSTNAME="openwrt-print" # 设备主机名 TIMEZONE="UTC+8" # 时区设置 ZONENAME="Asia/Shanghai" # 时区名称 ### 无线客户端配置 ### WIFI_SSID='Openwrt_2.4G' # 上级WiFi名称 WIFI_ENCRYPTION='sae-mixed' # 加密方式 WIFI_DEVICE='radio0' # 无线设备名称 WIFI_BSSID='AA:BB:CC:DD:EE:FF' # 上级AP的MAC地址 WIFI_KEY='1234567890' # WiFi连接密码 WIFI_IFNAME='WifiClient' # 无线接口名称 WIFI_NETWORK_v4='wlan4' # 关联的网络接口 WIFI_NETWORK_v6='wlan6' # 关联的网络接口 ### 中继配置 ### RELAY_PROTO='relay' # 中继协议类型 RELAY_IP='192.168.2.3' # 中继IP地址(上游网段,不冲突地址) RELAY_NETMASK='255.255.255.0' # 中继子网掩码 RELAY_IFNAME='relay' # 中继接口名称 RELAY_LOCAL_IFNAME='lan' # 本地接口名称 MGMT_IP='192.168.100.1' # 本地管理地址 MGMT_NETMASK='255.255.255.0' # 本地管理子网掩码 ### 防火墙配置 ### FIREWALL_ZONE='lan' # 目标防火墙区域 ### 日志配置 ### LOG_FILE="/var/log/deploy.log" # 操作日志路径 # 确保日志目录存在 LOG_DIR="$(dirname "$LOG_FILE")" [ -d "$LOG_DIR" ] || mkdir -p "$LOG_DIR" # 简易日志记录(同时输出到控制台和日志文件) log() { local timestamp=$(date '+%Y-%m-%d %H:%M:%S') echo "[$timestamp] $1" | tee -a "$LOG_FILE" } configure_system() { log "--- 阶段1/5:配置系统参数 ---" if [ -n "${ROOT_PASSWORD}" ]; then echo -e "${ROOT_PASSWORD}\n${ROOT_PASSWORD}" | passwd root 2>&1 | tee -a "$LOG_FILE" log "系统管理员密码已更新" else log "保持 root 默认空密码" fi uci set system.@system[0].hostname="${NETWORK_HOSTNAME}" uci set system.@system[0].timezone="${TIMEZONE}" uci set system.@system[0].zonename="${ZONENAME}" uci commit system log "系统主机名与时区配置完成" log "--- 附加:配置本地管理地址 ---" uci set network.${RELAY_LOCAL_IFNAME}.proto='static' uci set network.${RELAY_LOCAL_IFNAME}.ipaddr="${MGMT_IP}" uci set network.${RELAY_LOCAL_IFNAME}.netmask="${MGMT_NETMASK}" uci set network.${RELAY_LOCAL_IFNAME}.gateway='' uci set network.${RELAY_LOCAL_IFNAME}.dns='' log "本地接口 ${RELAY_LOCAL_IFNAME} 已设置为 ${MGMT_IP}/${MGMT_NETMASK}" } configure_wireless_client() { log "--- 阶段2/5:配置无线客户端 ---" uci set network.${WIFI_NETWORK_v4}=interface uci set network.${WIFI_NETWORK_v4}.proto='static' uci set network.${WIFI_NETWORK_v4}.ipaddr="${RELAY_IP}" uci set network.${WIFI_NETWORK_v4}.netmask="${RELAY_NETMASK}" uci set network.${WIFI_NETWORK_v6}=interface uci set network.${WIFI_NETWORK_v6}.proto='dhcpv6' uci set network.${WIFI_NETWORK_v6}.reqaddress='try' uci set network.${WIFI_NETWORK_v6}.reqprefix='auto' uci set network.${WIFI_NETWORK_v6}.norelease='1' log "网络接口wlan4/wlan6初始化完成" uci set wireless.${WIFI_DEVICE}.disabled='0' uci set wireless.${WIFI_DEVICE}.cell_density='0' uci set wireless.default_${WIFI_DEVICE}.disabled='0' uci set wireless.default_${WIFI_DEVICE}.mode='sta' uci set wireless.default_${WIFI_DEVICE}.bssid="${WIFI_BSSID}" uci set wireless.default_${WIFI_DEVICE}.ifname="${WIFI_IFNAME}" uci set wireless.default_${WIFI_DEVICE}.ipv6='1' uci set wireless.default_${WIFI_DEVICE}.device="${WIFI_DEVICE}" uci set wireless.default_${WIFI_DEVICE}.ssid="${WIFI_SSID}" uci set wireless.default_${WIFI_DEVICE}.encryption="${WIFI_ENCRYPTION}" uci set wireless.default_${WIFI_DEVICE}.key="${WIFI_KEY}" uci set wireless.default_${WIFI_DEVICE}.network="${WIFI_NETWORK_v4} ${WIFI_NETWORK_v6}" log "无线客户端配置完成(SSID:${WIFI_SSID})" } configure_relay_bridge() { log "--- 阶段3/5:配置中继桥接 ---" uci set network.${RELAY_IFNAME}=interface uci set network.${RELAY_IFNAME}.proto="${RELAY_PROTO}" uci set network.${RELAY_IFNAME}.ipaddr="${RELAY_IP}" uci set network.${RELAY_IFNAME}.netmask="${RELAY_NETMASK}" uci add_list network.${RELAY_IFNAME}.network="${RELAY_LOCAL_IFNAME}" uci add_list network.${RELAY_IFNAME}.network="${WIFI_NETWORK_v4}" uci add_list network.${RELAY_IFNAME}.network="${WIFI_NETWORK_v6}" log "中继桥接规则已绑定" } configure_firewall() { log "--- 阶段4/5-1:绑定接口到防火墙 zone ---" uci add_list firewall.@zone[0].network="${WIFI_NETWORK_v4}" uci add_list firewall.@zone[0].network="${WIFI_NETWORK_v6}" log "--- 阶段4/5-2:删除 WAN 区域及相关规则 ---" local section name for section in $(uci -q show firewall | grep '=zone$' | cut -d. -f2 | cut -d= -f1); do name="$(uci -q get firewall.$section.name 2>/dev/null || echo "")" if [ "$name" = "wan" ]; then uci delete firewall.$section log "已删除防火墙区域 wan ($section)" fi done local idx=0 src dest while uci -q get firewall.@forwarding[$idx] >/dev/null 2>&1; do src="$(uci -q get firewall.@forwarding[$idx].src 2>/dev/null)" dest="$(uci -q get firewall.@forwarding[$idx].dest 2>/dev/null)" if [ "$src" = "wan" ] || [ "$dest" = "wan" ]; then uci delete firewall.@forwarding[$idx] log "已删除防火墙转发规则(@forwarding[$idx]):src=$src dest=$dest" continue fi idx=$((idx + 1)) done idx=0 while uci -q get firewall.@rule[$idx] >/dev/null 2>&1; do src="$(uci -q get firewall.@rule[$idx].src 2>/dev/null)" dest="$(uci -q get firewall.@rule[$idx].dest 2>/dev/null)" if [ "$src" = "wan" ] || [ "$dest" = "wan" ]; then uci delete firewall.@rule[$idx] log "已删除防火墙规则(@rule[$idx]):src=$src dest=$dest" continue fi idx=$((idx + 1)) done idx=0 while uci -q get firewall.@redirect[$idx] >/dev/null 2>&1; do src="$(uci -q get firewall.@redirect[$idx].src 2>/dev/null)" dest="$(uci -q get firewall.@redirect[$idx].dest 2>/dev/null)" if [ "$src" = "wan" ] || [ "$dest" = "wan" ]; then uci delete firewall.@redirect[$idx] log "已删除防火墙端口转发(@redirect[$idx]):src=$src dest=$dest" continue fi idx=$((idx + 1)) done log "--- 阶段4/5-3:写入防火墙默认策略 ---" uci -q delete firewall.@defaults[0].syn_flood uci set firewall.@defaults[0].synflood_protect='1' uci set dhcp.lan.ignore='1' uci set dhcp.lan.ra='disabled' uci set dhcp.lan.dhcpv6='disabled' uci set dhcp.lan.ndp='disabled' uci set network.globals.ula_prefix='' /etc/init.d/dnsmasq disable && log "已禁用DNSmasq服务" /etc/init.d/dnsmasq stop && log "已停止DNSmasq进程" log "--- 阶段4/5-4:提交并重载防火墙配置 ---" uci commit log "所有配置已提交" (/etc/init.d/firewall restart 2>&1 | tee -a "$LOG_FILE") || log "防火墙脚本重启时出现错误" log "防火墙服务已重新加载" } configure_luci_print_service() { log "--- 阶段5/5:启用 LuCI 打印服务 ---" uci set p910nd.@p910nd[0].enabled='1' uci commit p910nd (/etc/init.d/p910nd enable 2>&1 | tee -a "$LOG_FILE") || log "启用 p910nd 自启动失败" (/etc/init.d/p910nd start 2>&1 | tee -a "$LOG_FILE") || log "启动 p910nd 服务失败" log "p910nd 服务已启用并启动" } main() { log "=== 开始执行OpenWrt网络初始化脚本 $VERSION ===" configure_system configure_wireless_client configure_relay_bridge configure_firewall configure_luci_print_service log "=== 网络初始化脚本执行完毕 ===" echo "----------------------------------------" echo " 执行结果:" echo " 中继IP:$RELAY_IP" echo " 日志路径:$LOG_FILE" echo "----------------------------------------" } main "$@" exit 0
浙公网安备 33010602011771号