修改默认主题
- E103-W20_Openwrt-23.05/feeds/luci/collections/luci-light/Makefile
- E103-W20_Openwrt-23.05/feeds/luci/collections/luci-nginx/Makefile
- E103-W20_Openwrt-23.05/feeds/luci/collections/luci-ssl-nginx/Makefile
替换上述三处的luci-theme-bootstrap为你想要的主题即可。
查看SPI Flash容量
OPENWRT里输入: dmesg | grep spi
输出:
[ 0.434003] spi-mt7621 10000b00.spi: sys_freq: 191666666
[ 0.465044] spi-nor spi0.0: w25q128 (16384 Kbytes)
[ 0.470013] 7 fixed-partitions partitions found on MTD device spi0.0
可以看到Flash是16MB的。
网口led配置
- 修改dts:E103-W20_Openwrt-23.05/target/linux/ramips/dts/mt7628an_hilink_hlk-7628n.dts
leds {
compatible = "gpio-leds";
wlan {
label = "green:wlan";
gpios = <&gpio 44 GPIO_ACTIVE_LOW>;
};
wan {
label = "green:wan";
gpios = <&gpio 43 GPIO_ACTIVE_LOW>;
};
lan1 {
label = "green:lan1";
gpios = <&gpio 42 GPIO_ACTIVE_LOW>;
};
lan2 {
label = "green:lan2";
gpios = <&gpio 41 GPIO_ACTIVE_LOW>;
};
lan3 {
label = "green:lan3";
gpios = <&gpio 40 GPIO_ACTIVE_LOW>;
};
lan4 {
label = "green:lan4";
gpios = <&gpio 39 GPIO_ACTIVE_LOW>;
};
};
- 修改led脚本:E103-W20_Openwrt-23.05/target/linux/ramips/mt76x8/base-files/etc/board.d/01_leds
第42行开始:
hilink,hlk-7628n|\
skylab,skw92a)
ucidef_set_led_netdev "wifi_led" "wifi" "green:wlan" "wlan0"
+ ucidef_set_led_switch "lan1" "lan1" "green:lan1" "switch0" "0x2"
+ ucidef_set_led_switch "lan2" "lan2" "green:lan2" "switch0" "0x4"
+ ucidef_set_led_switch "lan3" "lan3" "green:lan3" "switch0" "0x8"
+ ucidef_set_led_switch "lan4" "lan4" "green:lan4" "switch0" "0x10"
+ ucidef_set_led_switch "wan" "wan" "green:wan" "switch0" "0x01"
;;
配置Wifi是否开启、Wifi名和密码等
文件:E103-W20_Openwrt-23.05/package/kernel/mac80211/files/lib/wifi/mac80211.sh
206行左右:set wireless.${name}.disabled=0
即可
set wireless.${name}=wifi-device
set wireless.${name}.type=mac80211
${dev_id}
set wireless.${name}.country=CN # 国家代码
set wireless.${name}.channel=13 # 信道
set wireless.${name}.band=${mode_band}
set wireless.${name}.htmode=HT40 # 强制40MHz频宽
set wireless.${name}.disabled=0 # 是否禁用wifi,0--否 1--是
set wireless.${name}.cell_density=1 # 无线信号覆盖密度 0--禁用 1--正常 2--高 3--非常高
set wireless.default_${name}=wifi-iface
set wireless.default_${name}.device=${name}
set wireless.default_${name}.network=lan
set wireless.default_${name}.mode=ap
set wireless.default_${name}.ssid=M.K # Wifi名
set wireless.default_${name}.encryption=1234567890 # Wifi密码
Openwrt-21.02版本:
set wireless.radio${devidx}=wifi-device set wireless.radio${devidx}.type=mac80211 ${dev_id} set wireless.radio${devidx}.channel=13 set wireless.radio${devidx}.band=${mode_band} set wireless.radio${devidx}.htmode=HT40 set wireless.radio${devidx}.disabled=0 set wireless.radio${devidx}.txpower='15' set wireless.radio${devidx}.country='CN' set wireless.radio${devidx}.cell_density='1' set wireless.default_radio${devidx}=wifi-iface set wireless.default_radio${devidx}.device=radio${devidx} set wireless.default_radio${devidx}.network=lan set wireless.default_radio${devidx}.mode=ap set wireless.default_radio${devidx}.ssid=M.K set wireless.default_radio${devidx}.encryption=1234567890
UA2F(统一UA)
链接地址:https://github.com/Zxilly/UA2F
git clone https://github.com/Zxilly/UA2F.git package/UA2F
git clone https://github.com/lucikap/luci-app-ua2f.git package/luci-app-ua2f
编译选项:
- UA2F: Network -> Routing and Redirection -> ua2f
luci-app-ua2f: LuCI -> 3. Applications -> luci-app-ua2f
RKP-IPID
链接地址:https://github.com/CHN-beta/rkp-ipid
编译选项:
- ipid: Kernel modules -> Other modules -> kmod-rkp-ipid
MTK_AES(MT7628硬件加密库)
链接地址:https://github.com/Mkiring/MTK_AES
这里采用本人Fork验证过的代码,原项目的代码有些小问题,不建议使用。
编译选项:
- Kernel modules -> Cryptographic API modules -> kmod-crypto-hw-mtk-aes
修改登陆密码
位置:E103-W20_Openwrt-23.05/package/base-files/files/etc/shadow
把$1$kQXijsev$6.WovY1Gu2SzE1cchNaJx/替换成你自己的加密后的口令即可。
如果不知道怎么生成口令,可以先编译一个初始版本固件,然后在其系统中执行passwd root
更改完密码后在/etc/shadow文件中复制即可。
root:$1$kQXijsev$6.WovY1Gu2SzE1cchNaJx/::0:99999:7:::
修改NTP时钟服务和主机名
位置:E103-W20_Openwrt-23.05/package/base-files/files/bin/config_generate
- 主机名 文件第312行开始:
delete system.@system[0]
add system system
set system.@system[-1].hostname='LAPTOP-BQECF4' # 主机名
set system.@system[-1].timezone='CST-8'
set system.@system[-1].zonename='Asia/Shanghai'
set system.@system[-1].ttylogin='0'
set system.@system[-1].log_size='64'
set system.@system[-1].urandom_seed='0'
- NTP:在文件第320行开始:
delete system.ntp
set system.ntp='timeserver'
set system.ntp.enabled='1'
set system.ntp.enable_server='1' # 启用本地NTP服务器
add_list system.ntp.server='ntp1.aliyun.com'
add_list system.ntp.server='time1.cloud.tencent.com'
add_list system.ntp.server='stdtime.gov.hk'
add_list system.ntp.server='pool.ntp.org'
set system.ntp.interface='lan' # 绑定NTP服务器到LAN口
UA2F + IPID iptables默认规则
位置:Openwrt-19.07-10/package/network/config/firewall/files/firewall.user
# 通过 rkp-ipid 设置 IPID
iptables -t mangle -N IPID_MOD
iptables -t mangle -A FORWARD -j IPID_MOD
iptables -t mangle -A OUTPUT -j IPID_MOD
iptables -t mangle -A IPID_MOD -d 0.0.0.0/8 -j RETURN
iptables -t mangle -A IPID_MOD -d 127.0.0.0/8 -j RETURN
# 注:注释掉即代表进程会代理/修改该ip数据包,否则代表不修改直接放行
# 由于本校局域网是A类网,所以我将这一条注释掉了,具体要不要注释结合你所在的校园网
# iptables -t mangle -A IPID_MOD -d 10.0.0.0/8 -j RETURN
# 由于本校局域网是C类网,所以我将这一条注释掉了,具体要不要注释结合你所在的校园网
# iptables -t mangle -A IPID_MOD -d 172.16.0.0/12 -j RETURN
iptables -t mangle -A IPID_MOD -d 192.168.0.0/16 -j RETURN
iptables -t mangle -A IPID_MOD -d 255.0.0.0/8 -j RETURN
iptables -t mangle -A IPID_MOD -j MARK --set-xmark 0x10/0x10
# ua2f 改UA
iptables -t mangle -N ua2f
# 由于本校局域网是A类网,所以我将这一条注释掉了,具体要不要注释结合你所在的校园网
# iptables -t mangle -A ua2f -d 10.0.0.0/8 -j RETURN
iptables -t mangle -A ua2f -d 127.0.0.0/8 -j RETURN
iptables -t mangle -A ua2f -d 192.168.0.0/16 -j RETURN # 不处理流向保留地址的包
iptables -t mangle -A ua2f -p tcp --dport 443 -j RETURN # 不处理 https
iptables -t mangle -A ua2f -p tcp --dport 22 -j RETURN # 不处理 SSH
iptables -t mangle -A ua2f -p tcp --dport 80 -j CONNMARK --set-mark 44
iptables -t mangle -A ua2f -m connmark --mark 43 -j RETURN # 不处理标记为非 http 的流 (实验性)
iptables -t mangle -A ua2f -m set --set nohttp dst,dst -j RETURN
iptables -t mangle -A ua2f -j NFQUEUE --queue-num 10010
iptables -t mangle -A FORWARD -p tcp -m conntrack --ctdir ORIGINAL -j ua2f
iptables -t mangle -A FORWARD -p tcp -m conntrack --ctdir REPLY
# 防时钟偏移检测
iptables -t nat -N ntp_force_local
iptables -t nat -I PREROUTING -p udp --dport 123 -j ntp_force_local
iptables -t nat -A ntp_force_local -d 0.0.0.0/8 -j RETURN
iptables -t nat -A ntp_force_local -d 127.0.0.0/8 -j RETURN
iptables -t nat -A ntp_force_local -d 192.168.0.0/16 -j RETURN
iptables -t nat -A ntp_force_local -s 192.168.0.0/16 -j DNAT --to-destination 192.168.1.1
# 通过 iptables 修改 TTL 值
iptables -t mangle -A POSTROUTING -j TTL --ttl-set 64
# iptables 拒绝 AC 进行 Flash 检测
iptables -I FORWARD -p tcp --sport 80 --tcp-flags ACK ACK -m string --algo bm --string " src=\"http://1.1.1." -j DROP
修改内存和Flash大小
内存(目前尚未用到)
reg = <0x0 0x10000000>; // 256MB RAM reg = <0x0 0x8000000>; // 128MB RAM reg = <0x0 0x4000000>; // 64MB RAM
Flash
//dts文件,spi flash路径下: partition@50000 { compatible = "denx,uimage"; label = "firmware"; reg = <0x50000 0xfb0000>; //这里 }; //reg = <0x50000 0x7b0000>; // 8MB flash //reg = <0x50000 0xfb0000>; // 16MB RAM //reg = <0x50000 0x1fb0000>; // 32MB RAM
[...]其他请参考此文章: E103-W20的OpenWRT开发问题总结[...]