Those wanting to install Shorewall-lite on a resource constrained router, or to get both a full ip and tc setup with their Shorewall-lite may need more free space than is immediately available. The standard OpenWrt releases will work for many users, if you are one of them, skip this section, it is not germane. You are now ready to install Shorewall-lite on the router. You should now have an OpenWrt device with ip-full, & tc.
Opkg update opkg install ip-full opkg install tc You can now use opkg to install the modules as usual. Next, edit the /etc/opkg/nf and swap your source url into the text, and last, run opkg update. If you included modules in your build, and you want to use opkg to install them on the router, edit the router’s /etc/nf file to prefix a line like: “src/gz snapshots ” ( replace the example URL link with your own web server hosting the firmware files), that adds the new opkg repository to the router. See the OpenWrt installation instructions for your router if this is a first time installation and the router has not had OpenWrt on it before ( toh). To sysupgrade, use scp to copy your built firmware (for example, openwrt-ar71xx-generic-dir-601-b1-squashfs-sysupgrade.bin) from the openwrt/bin/ar71xx/ directory to /tmp on the router, and there use: sysupgrade openwrt-ar71xx-generic-dir-601-b1-squashfs-sysupgrade.bin to install the firmware. That image will inherit your configuration, otherwise, assert your own /etc/config, & /etc/ files to set up the interface names and networks.
If your router already had OpenWrt on it, from the Two Step method or some prior install, use the sysupgrade image. If you have a resource constrained router, install the image you’ve built, that has room for or already includes ip-full, tc, and for shorewall-lite. Proceed to the next step to reflash the device with the production firmware once the router has a basic configuration ready for Shorewall-lite. All efforts to use sysupgrade -r break the router and require a failsafe/firstboot/sysupgrade repair. Keep that as a reference, but DO NOT RESTORE THAT FILE with sysupgrade. Use the System/Backup to make and export the configuration.
If you have enough free space, or set up the extroot USB boot drive, you can now install ip-full and tc, and skip directly to the Install Shorewall-lite on the router section below.īy using a two step installation on a constrained router, you will later be able to manage the config files from the CLI, but will first use Luci and the standard OpenWrt setups to make the initial configuration files. Use that release to configure the router. Install a release OpenWrt Luci-ready image for your device ( toh) from their server ( ) or from a Luci-ready release-like firmware you’ve built (see below). If you want to provide your own router configuration files, skip this section and go to the One Step section below, otherwise: Install Shorewall to administrative system Also have the administrative system ready to install Shorewall. Proceed to the next step once you are ready to install an OpenWrt firmware on your router using the one or two step methods, discussed below. NB: The first run through the OpenWrt build takes hours, overnight is a good time to make the first run. However, users that cannot manage with the stock OpenWrt firmwares will want to first skip the next section and instead go straight to the Using the OpenWrt build system step. Unless you need to use the build system, ignore the topic and details in that section below, it is much less work to use the OpenWrt snapshot trunk firmware with opkg installed ip-full and tc modules. Both methods offer a small footprint firmware without Luci/web setup support and you’ll need to configure the router from configuration files, not the web interface, or use the two step method discussed below. If your router is one of the space constrained devices, you can opt for the easy way, using a pre-built daily snapshot “trunk image” ( ), or if you need to compile kernel modules or packages, you can build your own firmware as described in Using the OpenWrt build system below (the hard way). Routers that have more than 4 MB flash or have USB ports are relatively facile, as there is enough space to directly install Shorewall-lite locally, or on a USB boot drive (→ extroot_configuration), and one can use a stock release of the OpenWrt firmware and tools for the task.