Banana Pi R2 as a router

So I’ve tried to install OpenWRT and ubuntu + steps to install OpenWRT and have had no success. Has anyone actually setup OpenWRT on the R2? What steps did you take and are these steps on a web site for me to follow? If not OpenWRT, what did you use and what steps did you take?

i use debian and configured as router

  • setup basic lan (lan0 as vlan-trunk and untagged, lan1+2 bridged) with static ip-adresses (/etc/network/interfaces)
  • setup ppp(oE) (adsl2+ modem connected to r2)
  • enable packet forwarding and nat
  • setup firewall (iptables)
  • setup 2 hostapd (ap0 and wlan1=mt76 on pcie)

all configuration (except ppp/pppoe) you’ve found in my wiki https://www.fw-web.de/dokuwiki

But you don’t state HOW you did it. Your Help/Documentation states nothing about how you did this tho.

You say you used Debian but you have 3 different versions of Debian on your Wiki. Which one did you use?

on my gdrive there is only 1 debian (only with different kernelversion), just take the last one

So use deb_stretch_emmc.img.gz.md5 or deb_stretch_emmc.img.gz? What program did you use to burn that image onto a microSD card? Once debian boots, did you do the software updates first or after all the work?

In your link to the lan-config, did you only use the part called permanent?

When it comes to NAT, are we suppose to do everything under NAT? Are there parts we aren’t suppose to do?

So say “section routing,” are you referencing adding static routes to other networks?

When it comes to iptables, are you saying we need to do everything you state under IPv4?

emmc-install is a bit more complex, i have moved the old images to old-folder…

start with the only one image now existing the folder (SD-image with 4.14.80), unpack it and burn it to sd-card like any other image (i use dd).

the permanent section shows a basic config which works (if your clients are in the same subnet)…a bit more ip-knowledge is helpful

you need nat to get more than 1 client into internet with only 1 public ip-address (default for ipv4 home-gateways). NAT translates your local ip-adresses into public-ip:port an remembers this change if the answer comes back from server.

if your router has only 1 default-gateway (like my r2 - ppp0) you need no static routes…only the option in sysfs (echo …). all other linux does for you

read more about iptables…i try to post my (much more complicated) iptables rules…you can use other options depending on your needs…make sure you define the variables used there (eg. ipt=/sbin/iptables,if_int=lan0,if_ext=ppp0)…

I agree that someone with a bit more knowledge about networking would be beneficial but for someone like me that knows nothing, your instructions are overwhelming and don’t have enough detail for me to understand that what I am doing is right and if there’s issues, how to troubleshoot them. I apologize if I’m coming across as a jerk but if the directions are written for you to understand how you did these things, great. But for someone that’s just learning the world of Raspberry Pi and Banana Pi, the fact that the amount of help from the Banana Pi community compared to the Raspberry Pi community is really different.

I’ve gotten so much help with setting up Pi-hole and other ways to use my Raspberry Pi’s compared to Banana Pi where I feel like no one has any idea how to use this technology but people still keep buying this stuff in hopes that it will eventually work out.

building a debian-router is independend from harware-plattform…

start small…try to configure lan-ports (maybe bridged or only one) with fixed-ip address and an dhcp-server and route (default route) to your existing router

and for firewall you NEED a basic knowledge or you create holes in it and you will be an easy target for hackers.

basicly operating in whitelist-mode (block all except specific known things) => policy drop, allow traffic from inside but block traffic initiated (state new) from outside.

so you end up with this rules:

#delete previous rules
${ipt} -F
${ipt} -X
${ipt} -t nat -F
${ipt} -t nat -X
${ipt} -t mangle -F
${ipt} -t mangle -X

# Default-Rule for IPv4: drop all
${ipt} -P INPUT   DROP
${ipt} -P OUTPUT  DROP
${ipt} -P FORWARD DROP

# localhost
${ipt} -A INPUT  -i lo -j ACCEPT
${ipt} -A OUTPUT -o lo -j ACCEPT

${ipt} -A OUTPUT -j ACCEPT
${ipt} -A FORWARD -i ${if_int} -o ${if_ext} -j ACCEPT #Forwarding Int->Ext
${ipt} -A FORWARD -i ${if_ext} -o ${if_int} -m state --state ESTABLISHED,RELATED -j ACCEPT #Forwarding Ext->Int (only existing/requested connections)

${ipt} -A INPUT -i ${if_int} -j ACCEPT #accept all request from internal