This post was last edited by HonestQiao on 2022-9-3 20:45
The Mir MYC-J1028X development board is based on the NXP LS1028A processor, dual-core Cortex-A72, clocked at 1.5GHz, and supports 6 Gigabit network ports, all of which support TSN (the development board supports 5 Gigabit industrial network ports).
With powerful performance and abundant Gigabit network ports, it is perfect for use as a router.
This article shares how to build a super powerful OpenWRT soft router.
Table of contents:
1. Network structure description
2. Construction steps
1. Install Docker
2. Set up normal user management docker permissions
3. Ubuntu host network interface settings
4. Docker environment network settings
5. Start the docker instance of openwrt
6. Intercommunication and access settings
7. Assign physical network interfaces Ethernet 1~4 to OpenWRT
8. Configure OpenWRT basic network
9. OpenWRT Firewall Settings
10. Intercommunication test
11. Port forwarding settings
12 Log in to the OpenWRT management interface
13. Subnet Settings
3. Actual effect (with video)
IV. Conclusion
1. Network structure description
The network structure of this OpenWRT soft router is as follows:
It is said that OpenWRT already supports NXP LS1028A. You can find relevant information here:
The difference between OK1028 and LS1028ARDB - Powered by Discuz! (witech.com.cn)
[OpenWrt Wiki] OpenWrt v21.02.0 Changelog
But I didn't find any specific applications. In order to avoid falling into the trap, I chose a safer way. I ran the official Ubuntu on the Mir MYC-J1028X development board, then installed docker, and ran OpenWRT in docker. This solution is now very mature.
The final effect is:
1. The development board runs Ubuntu;
2. OpenWRT runs in docker;
3. Of the five Gigabit Ethernet ports on the development board, one is reserved for Ubuntu to connect to the Internet, and the others are all allocated to OpenWRT
4. Ubuntu and OpenWRT can access each other
5. OpenWRT connects to the Internet directly through a network port, rather than through Docker and then through Ubuntu, in order to achieve optimal performance
6. OpenWRT manages a complete subnet
The network segment planning involved:
1. Main router: 192.168.1.1/24 network segment
2. Ubuntu:
- Network IP: 192.168.1.237 (acquired by DHCP)
- Intercommunication IP with OpenWRT: 192.168.10.253 (fixed)
3. OpenWRT:
- Network IP: 192.168.1.246 (DHCP acquisition)
- IP address for communication with Ubuntu: 192.168.10.254 (fixed)
- Subnet: 192.168.11.254/24
Note: The IP address obtained through DHCP is not fixed and will change according to actual conditions.
2. Construction steps
1. Install Docker
sudo apt update
sudo apt upgrade -y
sudo apt install docker-ce -y
2. Set up normal users to manage docker permissions:
If you are building as root, you can skip this, but it is strongly recommended to run as your own user, not root.
sudo usermod -aG docker $USER
newgrp docker
docker ps -a
3. Ubuntu host network interface settings:
The system default network interface names are eno0, eno2, swp0, swp1, swp2, and swp3.
Among them: eno0 corresponds to Ethernet 0, swp0~3 correspond to Ethernet1~4, and eno2 is the main Ethernet interface of the DSA Ethernet switch.
For specific network interface information, please refer to the official manual:
Now we just need to know:
- Ethernet 0: allocated to each Ubuntu, used for host system networking
- Ethernet 1~4: allocated to the OpenWRT system
- Ethernet 1: For OpenWRT networking
- Ethernet 2~4: used as LAN interface; of course, if there are multiple network accesses, they can be freely allocated for multiple WAN accesses
For easier identification, we can modify the system configuration to make the names of the network interfaces more readable, changing swp0~3 to eth1~4
First, use the following command to obtain the network interface name configuration file:
sudo grep -rn swp0 /etc/udev
sudo vim /etc/udev/rules.d/73-fsl-enetc-networking.rules
# Change swp0~3 to eth1-4
Then restart to take effect:
sudo reboot
After rebooting, use ifconfig -a and you will see that swp0~3 has changed to eth1~4
Then, we also need to enable eth1~4 and set the promiscuous mode of the network interfaces so that they can be assigned to OpenWRT for use:
# Enable the network interface
sudo ifconfig eth1 up
sudo ifconfig eth2 up
sudo ifconfig eth3 up
sudo ifconfig eth4 up
# Set promiscuous mode
sudo ip link set eth1 promisc on
sudo ip link set eth2 promisc on
sudo ip link set eth3 promisc on
sudo ip link set eth4 promisc on
# Check the network interface status:
ip addr show
If PROMISC appears in the corresponding network interface information, it means that the promiscuous mode is successfully enabled.
4. Docker environment network settings:
In order to make Ubuntu and OpenWRT communicate with each other, a network segment 192.168.10.0/24 is specially set up for the IP settings of both parties, which is parasitic on eno0
docker network create -d macvlan \
--subnet=192.168.10.0/24 \
--ip-range=192.168.10.0/24 \
-o macvlan_mode=bridge \
-o parent=eno0 macnet1
After setting, you can view the docker network status:
docker network ls
5. Start the docker instance of openwrt
There are many docker images for openwrt. After understanding, I chose the raymondwong/openwrt_r9 image.
docker pull raymondwong/openwrt_r9:autobuild-22.2.12-arm64
docker run --name openwrt \
--restart always \
-d --network macnet1 \
--ip=192.168.10.254 \
--privileged raymondwong/openwrt_r9:autobuild-22.2.12-arm64 /sbin/init
Normally, when starting a docker image, you do not need to specify the network and IP address, as Docker will automatically set them.
But in order for both parties to communicate with each other, it is set here to the macnet1 we just created and specified as 192.168.10.254.
For information about docker's network and the use of macvlan, please refer to the official docker documentation.
After startup, you can view the currently running instance:
docker ps
6. Intercommunication and access settings:
At this point, you need to add a virtual network interface on Ubuntu, bridge it to macvlan, and set the IP to 192.168.10.253
sudo ip link add mymacvlan link eno0 type macvlan mode bridge
sudo ip addr add 192.168.10.253/24 dev mymacvlan
sudo ifconfig mymacvlan up
After setting, you can view the status of the virtual network interface:
ip add show mymacvlan
7. Assign physical network interfaces Ethernet 1~4 to OpenWRT:
Use docker exec openwrt ifconfig to view the network interface currently mounted by OpenWRT.
To assign a network interface to OpenWRT, you need to set it to the Docker Namespace isolation space of OpenWRT.
Follow the steps below to do this:
First, get the current OpenWRT Namespace isolation space:
nspid=$(sudo docker inspect -f '{{.State.Pid}}' openwrt)
echo $nspid
If it is displayed normally, it means that it has been obtained; if the OpenWRT container is not running, it cannot be obtained.
Then set it up:
sudo mkdir -p /var/run/netns/
sudo ln -s /proc/$nspid/ns/net /var/run/netns/$nspid
echo $nspid
ip netns list
If the two are consistent, it means that the ns space is set correctly, and then set the ownership of the network interface:
sudo ip link set eth1 netns $nspid
sudo ip link set eth2 netns $nspid
sudo ip link set eth3 netns $nspid
sudo ip link set eth4 netns $nspid
At this point, you can check whether OpenWRT has obtained the correct access rights to these network interfaces:
implement:
docker exec openwrt ifconfig
or:
sudo ip netns exec $nspid ifconfig
If the settings are correct, you will see eth1~4, which have been allocated to OpenWRT.
However, if you execute ifconfig -a on the Ubuntu host, you will no longer see these network interfaces.
Then, enable these network interfaces for OpenWRT:
sudo ip netns exec $nspid ip link set eth1 up
sudo ip netns exec $nspid ip link set eth2 up
sudo ip netns exec $nspid ip link set eth3 up
sudo ip netns exec $nspid ip link set eth4 up
sudo ip netns exec $nspid ifconfig
8. Configure the basic network of OpenWRT:
After setting up the network interface, you can configure the basic network of OpenWRT to facilitate subsequent management by entering the graphical interface.
Because OpenWRT's Docker is already running, we can use the docker command to connect directly to the OpenWRT environment for configuration:
docker exec -it openwrt sh
Use the above instructions to enter the OpenWRT shell environment, and then edit the network configuration file:
vi /etc/config/network
config interface 'lan'
option ifname 'eth0'
option proto 'static'
option ipaddr '192.168.10.254'
option netmask '255.255.255.0'
config interface 'wan'
option ifname 'eth1'
option proto 'dhcp'
The main parts that need to be modified are as follows:
The purpose is to set the fixed IP address of eth0 to 192.168.10.254 so that it can communicate with Ubuntu.
Then, set eth1 as the WAN network interface and obtain the IP address from the main router through DHCP.
After the configuration is complete, restart the network to make it effective:
/etc/init.d/network restart
Use ifconfig to view the network status:
Because DHCP is used, the actual IP displayed by eht1 may be inconsistent with the picture we posted, because it is obtained by DHCP.
9. OpenWRT Firewall Settings:
After setting up, can we still access it directly from Ubuntu? We also need to set up the firewall:
vi /etc/firewall.user
# Add the following at the end:
# user
iptables -I INPUT -s 192.168.10.0/24 -j ACCEPT
iptables -t nat -I POSTROUTING -o eth1 -j MASQUERADE
The details are as follows:
Among them, iptable has two lines set up. The first line allows the 192.168.10.0/24 subnet to access management, and the second line allows eth1 to act as NAT to allow subnet devices to access the Internet.
10. Intercommunication test:
On OpenWRT, ping 192.168.10.253
On Ubuntu, ping 192.168.10.254
On Ubuntu, access OpenWRT's luci service:
curl -v http://192.168.10.254/
At this point, mutual communication and visits have been successful.
11. Port forwarding settings:
However, this is the communication between Ubuntu and OpemWRT. We also need to be able to manage OpenWRT through luci on other computers.
Because Ubuntu is mounted on the main router, the network segment is 192.168.1.0/24, the IP is 192.168.1.237, and my MacBook Pro is also mounted on this network segment, so further configuration is required so that OpenWRT can be accessed by accessing 192.168.1.237 through a browser.
This can be achieved on Ubuntu through the port forwarding function of iptables, or through software.
Because there will be other tests later, I use harpoxy, a special proxy software, to implement it.
sudo apt install haproxy
sudo vim /etc/haproxy/haproxy.cfg
# Add the following configuration
frontend web_in
mode http
maxconn 1000
bind *:8000
use_backend openwrt_server
backend openwrt_server
mode http
balance roundrobin
option httpclose
server openwrt 192.168.10.254:80 check
The specific operation is as follows:
The above configuration means that port 8000 is reverse proxied to port 80 of 192.168.10.254, and subsequent access is http://192.168.1.237:8000/
Haproxy is very powerful and its configuration is concise and clear. It is recommended to learn it.
After configuration, you can check the configuration. If it is correct, you can run it:
sudo haproxy -f /etc/haproxy/haproxy.cfg -c
sudo /etc/init.d/haproxy start
Now that the basic settings are in place, you can enter the OpenWRT graphical management interface.
12 Log in to the OpenWRT management interface:
Just visit http://192.168.1.237:8000/: [192.168.1.237 is the IP address obtained by Ubuntu from the main router]
The default username and password are: root password
After entering, you can enter the management interface:
raymondwong/openwrt_r9 is a very powerful version that integrates many features:
However, this article is mainly about construction, so I will not go into details here. Students who are interested can learn more about it.
13. Subnet settings:
Previously, we assigned Ethernet1~4 to OpenWRT, and connected them to eth1~4 respectively, where eth1 is used for WAN networking, and eth2~4 can be used as LAN interfaces.
If you understand MWAN, you can allocate eth2~4 to MWAN for use and achieve multi-network access.
Enter the Network-Interface interface to view the currently set network interface:
From the above we can see:
eth0 is set as LAN, with the IP address 192.168.10.254, which is used for communication with Ubuntu.
eth1 is set as WAN to obtain an IP from the main router and access the network
Next, click Add New Interface to apply the remaining network interfaces:
Here, name it lan2, set it to bridge mode, and bridge eth2, 3, and 4 together.
I have tried to bridge eth0 together, but it will cause the DHCP broadcast of the main router to be polluted through macvlan.
Then, set the address of LAN2:
The above address can also be set to 192.168.11.1, which looks more powerful. It’s up to you.
Pay attention to the firewall part, just check lan:
There is a DHCP setting at the bottom, just turn it on:
Finally click Save and Apply to take effect:
After saving the application, return to the interface list page and click the corresponding connection to officially enable it:
If the IP address is not displayed in the LAN2 section, it means it is not enabled and you need to click Connect.
At this point, the subnet has been set up, and you can connect other network devices to test on Ethernet 2~4.
3. Actual effect:
In my actual test, three devices were connected:
Ethernet 2: Connect to the Starlight Pi single-board computer
Ethernet 3: Connect to ThinkPad notebook
Ethernet 4: Connecting to Dell laptop
All successfully obtain IP addresses automatically and connect to the Internet successfully:
The network access speed is fast and good, and 1080P playback is stress-free:
In the OpenWRT management interface, you can also view the currently connected device information:
Let's take a look at the effect of five network ports firing simultaneously:
3506_1662208165
IV. Conclusion
At this point, we have completed the construction of this super powerful OpenWRT soft router. As for the specific functions of OpenWRT, students can continue to explore.
Thanks to the powerful NXP LS1028A processor based on the Mir MYC-J1028X development board, this soft router has good performance and fast network speed, it is awesome!!!
During the construction process, we encountered many problems and read dozens of documents. The following is some of the content, which may be missing. I would like to express my deep gratitude to all the authors of the documents I have read.
If you want to learn more, you can refer to the above references and official materials such as Docker and OpenWRT for further study.
提升卡
变色卡
千斤顶
京公网安备 11010802033920号
