sriano%6 Irsialing Open RT on a Raspecry Pas 8 New Home Firewall - Envato Tuts Computer Skis tile Start your free 10 Day trial of Envato Tuts+ now! —_Get started x @ tuts+ = Installing OpenWRT on a Raspberry Pi as a New Home Firewall byBen Miller. 8Nov 2013 @ 19 Comments Gx vs @ OpenWRT is an active and vibrant home firewall project that was born on the Linksys WRT54G line of home routers. It has grown and expanded to support an amazing array of old and new hardware alike. The list of compatible hardware is large enough to require its own index. With the recent interest in the Raspberry Pi there is of course is an OpenWRT build for it as well. In this tutorial | will show you how to install OpenWRT on a Raspberry Pi, add a second network interface, and replace your home firewall with your new OpenWRT firewall. OpenWRT Of course, a Raspberry Pi could be used as a firewall with the default Raspbian distribution with the right configuration, packages, and tweaks. The key value of OpenWRT, however, is that it provides an easy to use and manage firewall solution for those who are not linux power users. Most common operations can be done through the friendly web interface. Please note that the OpenWRT image for the Raspberry Pi is very new and still hip llcompuers tulslus comiariclosinstaling-openrt-on-a-raspborry-p-as-e-new-home-irewall--mac-S5864 9snazote Inaling OpeWRT ana Raspry 3 a New Hare Firenal = Ent Ts Comput Sil Wrtcle under development. This tutorial uses a modified version of the default image to fix boot issues and SD Card stability. Refer to this article about the modifications for an in-depth explanation. I'll be using the pre-built, modified image so no custom compiling or advanced knowledge is required. Gather the Components + Raspberry Pi Model B. Check out the Raspberry Pi Buyer's Guide for buying options + Power adapter + SD Card * P| Case + INTELLINET Hi-Speed USB 2.0 + Ethernet cable connected to home network « Ethernet cable to connect to Internet Interface (Cable Modem/DSL Modem/etc) * HDMI monitor - setup only + USB Keyboard - setup only + Computer for SD Card image creation and configuration - setup only Tip: When purchasing components for use with your RasPi elinux.org has a list of verified peripherals. The instructions below assume that you have access to an existing private network to download and setup the firewall. In my case, | built my OpenWRT RasPi firewall behind my old firewall before replacing it. I'm going to use my process as the model for this tutorial. Additionally, this tutorial assumes you have a separate switch for your network that is not integrated with your home router. This diagram shows how the networking is going to configured in the finished product. The OpenWRT will replace a standard two interface firewalll. This tutorial will not cover adding WAP functionality to the firewall, although that may be a future topic. hip llcompuers tulslus comiariclosinstaling-openrt-on-a-raspborry-p-as-e-new-home-irewall--mac-S5864 angsrieno%6 Irsialing Opes RT on a Raspecry Pas 8 New Home Firewall - Envato Tus Computer Skis tile wan uN PublicNetwork PrivateNetwork @&- Network Diagram DSL/CableModem RasPiOpenWeT Homeswitch Gather Information You will need some basic information about your network. Write down your internal IP address space information for later use. In this example | will use the network 192.168.1.0, netmask 255.255.255.0, and broadcast 192.168.1.255 as this is a very common home setup Write down the IP address of your current firewall. In this example it is 192.168.1.1 Finally, find an unused IP address to use temporarily in this process. I'll use 192.168.1.2 in my example. Most of this information can be discovered by interrogating your existing firewall. Assemble the Raspberry Pi « Put the RasPi in it's case * Attach the monitor and USB Keyboard * Plug in the USB Network card - don't attach a cable * Plug in a network cable from your home network to the RasPi's built in network interface + Get the power ready to plug in but do not attach it yet Create Boot SD Card hip llcompuers tulslus comiariclosinstaling-openrt-on-a-raspborry-p-as-e-new-home-irewall--mac-S5864 anesirar0%6 Instaling OperWRT ona Raspbecry a8 a New Home Firewol-EnvtoTust Comper Skil Artcle Download the modified Uncompress the bz2 image (use bunzip2 for Linux or OSX and 7zip for Windows ) Write the extracted image to the SD Card using the methods described in the tutorial Insert the SD card into your RasPi Attach power At this point your should see typical boot messages scroll on you monitor. Boot the Pi and Change the Default Password Once the console has stopped scrolling messages hit the enter key to open the command line prompt. You will see something like this: LEMUU IOI into mixing eri comen Ce OpenWRT Issue Making the Attitude Adjustment drink is optional and not required for this tutorial. It may be fun however if you have the ingredients on hand, If you choose to follow the instructions, ensure to pick back up here afterwards. hip llcompuers tulslus comiariclosinstaling-openrt-on-a-raspborry-p-as-e-new-home-irewall--mac-S5864 angsriano%6 Irsialing Open RT on a Raspecry Pi as 8 New Home Firewall - Envato Tuts Computer Skis tile + Enter the command ifconfig ethe and you should see something like this: eth@ Link encap: Ethernet HWaddr 88:27:EB:5C:B3:3F inet addr:192.168.1.126 Bcast:192.168.1.255 Mask:255.255.255.0 UP BROADCAST RUNNING MULTICAST MTU:1500 Metric:1 RX packets :67533 errors:@ dropped:@ overruns:@ frame:@ TX packets:71487 errors:@ dropped:@ overruns:@ carrien:@ collisions:@ txqueuelen:1000 RX bytes: 24032301 (22.9 MiB) TX bytes:12706941 (12.1 MiB) Nounune Pay attention to the inet addr line, above. This is the current IP address the system received by DHCP. You will need this address to login and manage the device. In this example the IP is 192.168.1.126 + Open a web browser to the IP address you identified above. You will see a warning that that the password has not been set. Click the link to set it. « Enter root as the username and click the login button to login first without a password + Enter a password into the Password and Confirmation fields * Click Save & Apply status J system [network Logout iSite) Administration |sepwenesesStartup ami sche niles Tesksiual ED Contioureton ilibackiey Router Password ‘Changes the administrator password for accessing the device Password > a Confirmation w Change Password Install the Drivers for the USB Ethernet Adapter The next step is to download and install the kernel drivers for the USB Ethernet adapter. OpenWRT has a nice web based package manager that will allow you to filter on an appropriate package and install or remove it as needed, hip llcompuers tulslus comiariclosinstaling-openrt-on-a-raspborry-p-as-e-new-home-irewall--mac-S5864 59snazote Instatrg Ope ona Raspbcry a a New Home Final EnvtoTas+ Computer Sis Article Click on the System > Software tab Click the Update lists button to update the available package list Type mes7830 in the Find Package field Click Find Package + Click the Available Packages tab below the filter field + Click Install next to the knod-usb-net-ncs783@ package Displaying only packages containing "mes7830" @Reset Free space: 56% (88.10 MB) Download and install package: ox: Fiter: fres7e00_________] Find package Status ‘Available packages (mcs7830) Package name Version Description Install —_kmod-usb-net-mcs7830 3.3.8-1 Kernel module for USB-to-Ethernet MCS7830 convertors: Install Keel Module Create the WAN Interface The new USB network interface eth1 will be the external or WAN interface for the router. | recommend this particular adapter because it is a true USB 2.0 device and is not limited to the lower speeds of a 1.0 or 1.1 USB device. These next step will define the eth1 device as the WAN interface which OpenWRT understands and will automatically apply the correct firewall policy. * Click on the Network > Interfaces tab hip llcompuers tulslus comiariclosinstaling-openrt-on-a-raspborry-p-as-e-new-home-irewall--mac-S5864 anysnazote Inaling OpeWRT ana Raspry 3 a New Hare Firenal = Ent Ts Comput Sil Wrtcle + Click Add new interface + Enter wan as the interface name + Select eth from the list of available physical interfaces + Select DHCP for as the Protocol + Click the Firewall Settings tab and select Wan for the firewall zone + Click Save & Apply Sous [aren | Netore I sa | Interfaces | OMCPand ONS _Hostnames Static Routes Firewall Diagnostics Interfaces Interface Overview Network Status Actions Uptime: 2c Oh 15m 48s MAC-Address: 88:27:68:38:38:38, z RX: 55.09 MB (208398 Pkts.) Ente 6 oes 4 ee TX: 40.08 MB (217743 Pts.) Teva: 192,168.1.1/24 Uptime: 2d oh 15m 485 [WAN MAC-Address: (00:87:25:30:30:: 2 RX: 56.32 MB (419096 Pkts.) ett TX: 71.15 MB (181106 Pkts.) IPvd: 192.168.77.125/24 | OpenWRT Interfaces Prepare to Cut Over to the Pi Next, configure the internal interface to be static and enable the DNS/DHCP services on the internal network to allow internal dynamic |P addressing and name services. The temporary IP address is used in these steps to allow us to change the protocol to static, enable the DHCP services, and reconnect to the OpenWRT firewall later without jumping through too many hoops or having to statically assign an IP to your computer later in the process. * Click on the Network > Interfaces tab hip llcompuers tulslus comiariclosinstaling-openrt-on-a-raspborry-p-as-e-new-home-irewall--mac-S5864 m9svan0%6 Instatrg Ope ona Raspbcry a a New Home Final EnvtoTas+ Computer Sis Article + Click Edit next to the eth0 LAN interface + Change the protocol to Static address + Confirm that you wish to change the protocol + Enter the unused address you collected earlier into the IPv4 Address field. In this example: 192.168.1.2 + Enter your subnet mask, most likely 255.255.255.0 in the IPv4 netmask field. + Enter the broadcast address collected earlier in the IPv4 broadcast field. For example 192.168.1.255 * Click Save & Apply - The results will not return to your browser because you just moved the Pi to a different address. + Give the Pi a few minutes to commit the changes. + Put the new IP address in your browser and connect to the Pi again * Click on the System > Reboot tab * Click on the Perform Reboot link and confirm + Log in when the system has rebooted Confirm That Firewall and DHCP/DNS Services Are Set for Startup * Click on the System > Startup tab + Ensure that all services are enabled. + Click on the red X next to a service if it is disabled to enable it. network, dnsmasq and firewall are of particular importance to have running, hip llcompuers tulslus comiariclosinstaling-openrt-on-a-raspborry-p-as-e-new-home-irewall--mac-S5864 aresriano%6 Irsialing Open RT on a Raspecry Pas 8 New Home Firewall - Envato Tuts Computer Skis tile ‘Status J System [J Network Logout Initscripts become inaccesable! Start priority Initscript Enable/Disable 5 luci_fixtime ‘@Enabled 10 boot Enabled a ubus ‘@Enabled 20 network @eEnabled 39 usb, ‘@Enabled 45 firewall Enabled 50 cron ‘@Enabled 50 dropbear Enabled 50 telnet ‘@Enabled 50 unttpa Enabled 59 luci_dhep_migrate ‘@Enabled 60 dnsmasq Enabled 90 hwelock ‘@Enabled 95 done Enabled 96 led ‘@Enabled 97 watchdog Enabled 98 sysntpd ‘@Enabled 99 sysctl @Enabied All Services Set to Startup Replace Existing Firewall + Tum off your existing firewall + Put the Raspberry Pi in place ‘Start Gstart Gstart Gstart Gstart Gstart Gstart Gstart Gstart Gstart Gstart Gstart Gstart Gstart Gstart Gstart Gstart Gstart Gstart + Plug the Internet/Modem facing cable into the USB interface + Plug the LAN cable from your home network switch into the on-board interface + Tum on the Raspberry Pi hip llcompuers tulslus comiariclosinstaling-openrt-on-a-raspborry-p-as-e-new-home-irewall--mac-S5864 ‘You can enable or disable installed init scripts here. Changes will applied after a device reboot. Warning: If you disable essential init scripts like "network", your device might x)Stop x)Stop x)Stop )stop x)Stop x)Stop x)Stop e)stop )Stop e)stop )Stop e)stop )Stop e)stop )Stop e)stop x )Stop a9sriano%6 Irsialing Open RT on a Raspecry Pas 8 New Home Firewall - Envato Tuts Computer Skis tile Ti : If you don’t leave a keyboard and monitor attached to your firewall it will still continue to work just fine. You can reconnect the monitor and keyboard if you need to troubleshoot or connect to the firewall via its serial interface (Instructions can be found at the elinux.org RPi Serial Connection page). Most online troubleshooting can be done by logging into the Pi via SSH. A monitor and keyboard may only be needed if it does not appear on the network. Reconfigure the Internal Interface This final reconfiguration of the interface will move it over to the address the old firewall was using. This will allow any existing DHCP leases or hard coded addresses in your home to continue using the Internet without interruption. + Login to the temporary IP address 192.168.1.2 + Click on the Network>Interfaces tab + Click Edit next to the LAN interface + Change the IPv4 Address to be the address of your previous firewall. Example: 192.168.1.1 + Click Save & Apply - Again the task will not complete in the browser as you have changed the address of the Firewall + Login to the OpenWRT Raspberry Pi at its new address you assigned i.e. 192.168.1.1 sue Galaxy Note5 vo With siaesyne ao Feature hip llcompuers tulslus comiariclosinstaling-openrt-on-a-raspborry-p-as-e-new-home-irewall--mac-S5864 1019sriano%6 Irsialing Open RT on a Raspecry Pas 8 New Home Firewall - Envato Tuts Computer Skis tile ‘Advertisement Perform Final Reboot and Test On rare occasions | discovered that the system needed a reboot to align all the rules and services after moving interfaces around. This last reboot is more to verify that everything is setup right from cold boot. This means next time the power goes out you'll still be in good shape after it comes back on. Click on the System > Reboot tab Click on the Perform Reboot link and confirm Wait approximately 60 seconds for the firewall to boot Test that your workstation has indeed getting a new DHCP address and can surf the Internet, Congratulations! You have a brand new firewall, Another Attitude Adjustment drink is optional. Summary In this tutorial | have installed OpenWRT onto a Raspberry Pi, added a second USB network interface, and replaced your home firewall. The simple web interface of OpenWRT provides a powerful and easy way to manage your new firewall. This default install provides basic home firewall functionality including Address Masquerading, DHCP, and DNS services. These capabilities are just the beginning. There is a rich catalogue of software available for the openWRT that can be accessed via the System > Software tab. Packages exist to provide VPN, Web server, and many other features well beyond the capabilities of off the shelf home firewalls. hip llcompuers tulslus comiariclosinstaling-openrt-on-a-raspborry-p-as-e-new-home-irewall--mac-S5864 wwi9sirar0%6 Irsialing Open RT on a Raspecry Pas 8 New Home Firewall - Envato Tus Computer Skis tile EARN TWO WORLD-CLASS DEGREES FROM TWO OF THE BEST BUSINESS SCHOOLS Categories: Electronics ‘Translations. Envato Tuts+ tutorials are translated into other languages by our community members—you can be involved too! Powered by YY native About Ben Miller (RB Bers 2 co-founder of Bluelock.com and gets to invent cool new cloud computing services during his day + Expand Bio Fp sleomputers usps. cava lsinstaling-oponwrt-on-rasphory-p-as-2-new-home-frewall-mae-55084 raosirar0%6 Irsialing Open RT on a Raspecry Pas 8 New Home Firewall - Envato Tus Computer Skis tile samsut Galaxy Notes with Faster Charging Feature Fing Out Now Averisemene Related Tutorials Se Creating Time-lapse Photography With a Raspberry Pi Computer Skis 8 How to Build a Stop Motion Animation Studio With a Raspberry Pi Computer Skits How to Set Up a Real Time Business Statistics Dashboard Computer Skits Apps BambooHR: wietoik G2 03k oe. ‘ribeHR_ (rs OAS De Workforce Management & HR ‘oho Peo psn 2a Human Resources Information S Envato Market Item Fp sleomputers usps. cava lsinstaling-oponwrt-on-rasphory-p-as-2-new-home-frewall-mae-55084 sai9sirar0%6 Irsialing Open RT on a Raspecry Pas 8 New Home Firewall - Envato Tuts Computer Skis tile aikal Startup IO ir meek ¢— What Would You Like to Learn? to the content editorial team at Envato Tuts+ 19Comments — Mactuts+ @ Recommenc Re The OpenWRT image download link you are reffering is so slow. | stil managed to download it and | wrote it in a sdeard. But Raspberry Pi didn't boot, | wonder what happened. | couldn't figure out what went wrong. Would be nice if you made this image file available from another place. | would try it again. Thank you. | need a video on how to make a firewall with raspberry for the final project .. step by step, because i don't understand... lsinstaling-oponwrt-ona-rasphary-p-as-2-new-home-frewall--ae-55084 wo Fp sleomputers usps. comasriano%6 Irsialing Open RT on a Raspecry Pas 8 New Home Firewall - Envato Tuts Computer Skis tile + Reply + Sh mingmey - ear age hello sir, | did flashed the openwrt and got ip address given to my pi aslo. but nothing happens when i put that ip in my browser. it says the web page in not available, Do i need to install web interface or ...? please help. + Reply + Sh Riad - $ ag¢ Hello all, have a question, i'm french and i want know how to plug my raspi into my "LaBox" by Numericable with USB cable. How to force my "LaBox" to redirect the flux "WAN" in his USB port Thanx a lot for your answer(s) ! Riad. hoatienii - 2 years 9) can add wifi adapter on raspberry run openwrt + Reply + She UnaClocker - Thanks for posting this. Worked excellent for me, Worth noting, OpenWRT has official versions for the Raspberry Pi now, so | recommend everyone fetch the latest one rather than using the 2 year old custom image linked in this article. + Reply + Share TRE Hi, thank you for your Image - | downloaded the file and flashed the sd as usual. The issue is that nothing happens at the pi- the system isn’t booting at all. There is the red led burning and for a short moment the green one - then just a black screen and nothing happens. | tried different SD Cards. Please help me!! Thank you + Reply + Shar Baylink - 2 years agc A step you should add: When unplugging the old router, and plugging the Pi into your DSL or cablemodem, power cycle the modem. Most DSL connections, and nearly all cablemodems | know about, still MAC-Iock their LAN interface; the first MAC it sees is the only device it will ever talk to until a hip llcompuers tulslus comiariclosinstalng-openart-on-a-raspberry-p-as-2-new-home-irowall--mac-S5864 1819sriano%6 Irsialing Open RT on a Raspecry Pas 8 New Home Firewall - Envato Tuts Computer Skis tile power cycle. + Reply +» Shar Helen Fornazier - ears age Hi Ben, Thanks for this post. | am trying to use your image of OpenWRT, but when | get the message "Please, press enter to activate this console" It blocks, If | press enter it does nothing. | am using a wireless keyboard but | am pretty sure it works because it was working with the Raspbian. | am attaching the log. | tested with two raspberries pi and two sdeards. If you have a clue in what it is going on | would really appreciate your help. Thanks :) Hani Umer 4 Helen Fomazier + 7 month C Hey mate | am trying to get this to work on an rpi b+, At first I got the boot screen but keyboard was unresponsive so couldnt enter the console. Please help mate I have bookmarked this for ages and would like to set one up just like this. + Reply + Shar This comment was deleted. Helen Fornazier Guest - Sorry if | offended you =/ Itwas easier, | couldn't copy and paste + Reply « Shae blub « hi, ihave as 2nd networkdevice the wifi rti8188cu. | dont find a driver to install. Could u please tell me how i get this working thank + Repl e Jim - ar Hello, Is SSH enable at the first boot with OpenWRT? | can only try with SSH conection. + Reply + Shar hip llcompuers tulslus comiariclosinstaling-openrt-on-a-raspborry-p-as-e-new-home-irewall--mac-S5864 19sriano%6 Irsialing Open RT on a Raspecry Pas 8 New Home Firewall - Envato Tuts Computer Skis tile DEVESH PARMAR - i followed all the steps of flashing but since i dont have monitor therefore to get the console of Open WRT iused ssh connection using putty but it require login and password so for login i use root but i have no idea about what would be the password, Thanks Leigh de Paor > Dé http:/Awiki.openwrt.org/dociho... Leigh de Paor > http://wiki.openwrt.org/doc/ho. alex - Do you mind sharing the config file that you used for compiling the modified image ? | did try to compile from attitude_adjustment branch but somehow it did not issue DHCP to get IP address. | do not have monitor connected so i have no idea what's going on. imad - Galaxy Note Charging oot J a aes Fing Out Now Aovertisement o tuts+ Teaching skills to millions worldwide 21,059 Tutorials 694 Video Courses hip llcompuers tulslus comiariclosinstalng-openart-on-a-raspborry-p-as--new-home-irowall--mac-S5864 amgsriano%6 Irsialing Open RT on a Raspecry Pas 8 New Home Firewall - Envato Tuts Computer Skis tile Meet Envato + Join our Community + Help and Support + Email Newsletters Get Envato Tuts+ updates, news, surveys & offers. Email Address Subscribe Privacy Polic eee) Beautiful Resumes Doc Check out Envato Browse Resumes on Studio nicRiver Follow Envato Tuts+ swi9‘wiar6 Instating OpenWwRT on a Raspberry Pi as a New Home Firewall -Envato Tus+ Computer Skills Article © 2ut9 envato Hy Lia. tragemiarks ana oranas are ine property or tneir respective owners. bipllcmputers tsps comiariclesinstaling-eperw-on-e-aspberry-p-88-a-ne-home:frewal-mae-S5004 1919