T440做服务器笔记（二）openwrt

简介：

由于T440无法硬件直通无线网卡到虚拟机，所以无线网卡做了管理接口。使用USB 8153网卡作为WAN接入。

最简单的定制openwrt，用在线编译来做一个不怕恢复出厂设置的rom - 上官飞鸿 - 博客园

 

 

##kmod-usb-net-rtl8152 luci-i18n-base-zh-cn luci-i18n-package-manager-zh-cn luci-i18n-firewall-zh-cn
#!/bin/sh

#############################################
# OpenWRT首次启动配置脚本 - PXE版本
# 功能：
# 1. 设置LAN IP为192.168.250.1/24
# 2. 设置WAN IP为192.168.137.2/24，网关192.168.137.1
# 3. 设置时区为中国
# 4. 允许WAN口访问22, 80, 443端口
# 5. 配置DHCP服务以支持PXE引导，使用外部WDS服务器(192.168.250.10)
#############################################

echo "开始配置OpenWRT系统..."

# 1. 设置LAN IP为192.168.250.1/24
echo "设置LAN IP为192.168.250.1/24..."
uci set network.lan.ipaddr='192.168.250.1'
uci set network.lan.netmask='255.255.255.0'
uci set network.lan.proto='static'

# 2. 设置WAN IP为192.168.137.2/24，网关192.168.137.1
echo "设置WAN IP为192.168.137.2/24，网关192.168.137.1..."
uci set network.wan.proto='static'
uci set network.wan.ipaddr='192.168.137.2'
uci set network.wan.netmask='255.255.255.0'
uci set network.wan.gateway='192.168.137.1'
uci set network.wan.dns='8.8.8.8 8.8.4.4'

# 3. 设置时区为中国
echo "设置时区为中国..."
uci set system.@system[0].timezone='CST-8'
uci set system.@system[0].zonename='Asia/Shanghai'
uci set system.@system[0].hostname='OpenWRT-PXE'

# 4. 允许WAN口访问22, 80, 443端口
echo "配置防火墙，允许WAN口访问22, 80, 443端口..."

# 首先确保有wan区域
if ! uci get firewall.wan >/dev/null 2>&1; then
    uci set firewall.wan=zone
    uci set firewall.wan.name='wan'
    uci set firewall.wan.input='REJECT'
    uci set firewall.wan.output='ACCEPT'
    uci set firewall.wan.forward='REJECT'
    uci set firewall.wan.masq='1'
    uci set firewall.wan.mtu_fix='1'
    uci add_list firewall.wan.network='wan'
fi

# 添加端口转发规则
uci add firewall rule
uci set firewall.@rule[-1].name='Allow-SSH-WAN'
uci set firewall.@rule[-1].src='wan'
uci set firewall.@rule[-1].proto='tcp'
uci set firewall.@rule[-1].dest_port='22'
uci set firewall.@rule[-1].target='ACCEPT'
uci set firewall.@rule[-1].enabled='1'

uci add firewall rule
uci set firewall.@rule[-1].name='Allow-HTTP-WAN'
uci set firewall.@rule[-1].src='wan'
uci set firewall.@rule[-1].proto='tcp'
uci set firewall.@rule[-1].dest_port='80'
uci set firewall.@rule[-1].target='ACCEPT'
uci set firewall.@rule[-1].enabled='1'

uci add firewall rule
uci set firewall.@rule[-1].name='Allow-HTTPS-WAN'
uci set firewall.@rule[-1].src='wan'
uci set firewall.@rule[-1].proto='tcp'
uci set firewall.@rule[-1].dest_port='443'
uci set firewall.@rule[-1].target='ACCEPT'
uci set firewall.@rule[-1].enabled='1'

# 5. PXE配置 - 使用外部WDS服务器
echo "配置DHCP和PXE支持..."

# 启用DHCP日志
uci set dhcp.@dnsmasq[0].logdhcp='1'
uci set dhcp.@dnsmasq[0].logqueries='1'

# 设置基本DHCP参数
uci set dhcp.lan=dhcp
uci set dhcp.lan.interface='lan'
uci set dhcp.lan.start='100'
uci set dhcp.lan.limit='150'
uci set dhcp.lan.leasetime='12h'
uci set dhcp.lan.ignore='0'

# 清除可能存在的旧配置
while uci delete dhcp.@match[0] 2>/dev/null; do :; done
while uci delete dhcp.@boot[0] 2>/dev/null; do :; done

# 创建匹配规则来匹配不同架构的PXE客户端
echo "创建PXE客户端匹配规则..."

# BIOS x86/x64 (Arch:00000)
uci add dhcp match
uci set dhcp.@match[-1].networkid='bios'
uci set dhcp.@match[-1].match='60,PXEClient:Arch:00000'

# UEFI x86 (Arch:00006)
uci add dhcp match
uci set dhcp.@match[-1].networkid='uefi32'
uci set dhcp.@match[-1].match='60,PXEClient:Arch:00006'

# UEFI x64 (Arch:00007)
uci add dhcp match
uci set dhcp.@match[-1].networkid='uefi64'
uci set dhcp.@match[-1].match='60,PXEClient:Arch:00007'

# UEFI x64 备用 (Arch:00009)
uci add dhcp match
uci set dhcp.@match[-1].networkid='uefi64_alt'
uci set dhcp.@match[-1].match='60,PXEClient:Arch:00009'

# 为每个架构设置不同的启动配置
echo "设置不同架构的PXE启动文件..."

# BIOS x86/x64 启动配置
uci add dhcp boot
uci set dhcp.@boot[-1].filename='boot\\x64\\wdsnbp.com'
uci set dhcp.@boot[-1].serveraddress='192.168.250.10'
uci set dhcp.@boot[-1].servername='WDS-Server'
uci add_list dhcp.@boot[-1].tag='bios'

# UEFI x86 启动配置
uci add dhcp boot
uci set dhcp.@boot[-1].filename='boot\\x86\\wdsmgfw.efi'
uci set dhcp.@boot[-1].serveraddress='192.168.250.10'
uci set dhcp.@boot[-1].servername='WDS-Server'
uci add_list dhcp.@boot[-1].tag='uefi32'

# UEFI x64 启动配置 (Arch:00007)
uci add dhcp boot
uci set dhcp.@boot[-1].filename='boot\\x64\\wdsmgfw.efi'
uci set dhcp.@boot[-1].serveraddress='192.168.250.10'
uci set dhcp.@boot[-1].servername='WDS-Server'
uci add_list dhcp.@boot[-1].tag='uefi64'

# UEFI x64 备用启动配置 (Arch:00009)
uci add dhcp boot
uci set dhcp.@boot[-1].filename='boot\\x64\\wdsmgfw.efi'
uci set dhcp.@boot[-1].serveraddress='192.168.250.10'
uci set dhcp.@boot[-1].servername='WDS-Server'
uci add_list dhcp.@boot[-1].tag='uefi64_alt'

# 添加全局DHCP选项（作为后备配置）
# 选项66: TFTP服务器地址
# 选项67: 启动文件名
uci add_list dhcp.lan.dhcp_option="66,192.168.250.10"
uci add_list dhcp.lan.dhcp_option="67,boot\\x64\\wdsnbp.com"

# 提交所有配置更改
echo "提交配置更改..."
uci commit network
uci commit system
uci commit firewall
uci commit dhcp

# 重启相关服务
echo "重启网络服务..."
/etc/init.d/network restart
sleep 3

echo "重启防火墙服务..."
/etc/init.d/firewall restart
sleep 2

echo "重启DHCP服务..."
/etc/init.d/dnsmasq restart
sleep 2

# 验证配置
echo ""
echo "验证PXE配置..."
echo "====================="

# 显示匹配规则
echo "PXE匹配规则:"
uci show dhcp.@match

# 显示启动配置
echo ""
echo "PXE启动配置:"
uci show dhcp.@boot

# 显示配置摘要
echo ""
echo "==================== 配置完成 ===================="
echo "系统信息:"
echo "  - 主机名: $(uci get system.@system[0].hostname)"
echo "  - 时区: $(uci get system.@system[0].zonename)"
echo ""
echo "网络配置:"
echo "  - LAN IP: $(uci get network.lan.ipaddr)/24"
echo "  - WAN IP: $(uci get network.wan.ipaddr)/24"
echo "  - 网关: $(uci get network.wan.gateway)"
echo ""
echo "DHCP配置:"
echo "  - 地址池: $(uci get dhcp.lan.start)-$(($(uci get dhcp.lan.start) + $(uci get dhcp.lan.limit)))"
echo "  - 租期: $(uci get dhcp.lan.leasetime)"
echo ""
echo "PXE配置:"
echo "  - TFTP服务器: 192.168.250.10"
echo "  - 支持的PXE客户端架构:"
echo "    1. BIOS x86/x64 (Arch:00000): boot\\x64\\wdsnbp.com"
echo "    2. UEFI x86 (Arch:00006): boot\\x86\\wdsmgfw.efi"
echo "    3. UEFI x64 (Arch:00007): boot\\x64\\wdsmgfw.efi"
echo "    4. UEFI x64备用 (Arch:00009): boot\\x64\\wdsmgfw.efi"
echo ""
echo "防火墙:"
echo "  - WAN口开放端口: 22(SSH), 80(HTTP), 443(HTTPS)"
echo ""
echo "注意:"
echo "  1. 确保WDS服务器(192.168.250.10)已正确配置TFTP服务"
echo "  2. 确保WDS服务器上的启动文件路径正确"
echo "  3. IPv6配置保持系统默认设置"
echo "  4. 在Luci界面中，可以在'Network -> DHCP and DNS -> Special PXE boot options'中查看配置"
echo "=================================================="

# 保存当前配置
echo "保存配置到备份文件..."
mkdir -p /etc/backup
uci show > /etc/backup/openwrt-config-backup.txt
cp /etc/config/dhcp /etc/backup/dhcp-config-backup

# 生成dnsmasq配置文件以供检查
echo "生成dnsmasq配置文件..."
dnsmasq --test --conf-file=/etc/dnsmasq.conf 2>/dev/null || echo "注意: 需要重启dnsmasq服务以应用配置"

echo "脚本执行完成！"