侧边栏壁纸
博主头像
liveJQ博主等级

沒有乐趣,何来开始

  • 累计撰写 162 篇文章
  • 累计创建 66 个标签
  • 累计收到 2 条评论

ImmortalWrt 安装后的初始化及相关问题

liveJQ
2024-08-10 / 0 评论 / 0 点赞 / 50 阅读 / 6,363 字 / 正在检测是否收录...
广告 广告

安装系统

系统版本:immortalwrt-23.05.3-x86-64-generic-squashfs-combined-efi.img

固件下载参考文末链接,安装好系统之后,默认登录地址http://192.168.1.1 账号 root 密码空,也可以通过配置文件修改管理页面 IP 地址。
cat /etc/config/network

config interface 'loopback'
        option device 'lo'
        option proto 'static'
        option ipaddr '127.0.0.1'
        option netmask '255.0.0.0'

config globals 'globals'
        option ula_prefix 'fd25:be8c:eef5::/48'
        option packet_steering '1'

config device
        option name 'br-lan'
        option type 'bridge'
        list ports 'eth0'

config interface 'lan'
        option device 'br-lan'
        option proto 'static'
        option ipaddr '192.168.1.1'
        option gateway '192.168.1.254'
        option netmask '255.255.255.0'
        option ip6assign '60'

常用软件包

主题

luci-theme-argon
luci-app-argon-config

终端

ttyd
luci-app-ttyd
luci-i18n-ttyd-zh-cn

Passwall

ttyd
luci-app-passwall
luci-i18n-passwall-zh-cn

安装 Passwall 依赖

系统未安装iptables或ipset或Dnsmasq没有开启ipset支持

需要先安装相关依赖包,然后重启系统。

ipset
ipt2socks
kmod-ipt-nat
iptables-mod-conntrack-extra
iptables-mod-iprange
iptables-mod-socket
iptables-mod-tproxy

Xray分流:[分流总节点] 无法生效

报错日志

Failed to start: main: failed to load config files: [/tmp/etc/passwall/acl/default/TCP_UDP_SOCKS.json] > infra/conf: invalid field rule > infra/conf: failed to parse domain rule: geosite:category-games@cn > infra/conf: failed to load geosite: CATEGORY-GAMES@CN > infra/conf: failed to load file: geosite.dat > infra/conf: failed to open file: geosite.dat > open /usr/share/v2ray/geosite.dat: no such file or directory

第一次使用时,需要先手动点击更新 geoip 和 geosite,这会自动下载 geoip.dat 和 geosite.dat 这两个文件到
/usr/share/v2ray/目录。

安装主题重启系统崩溃

软件包不能乱安装,胡乱安装非常有可能导致下次重启系统崩溃,特别是系统主题(要注意版本兼容性)。

崩溃日志

Error
Unhandled exception during request dispatching
/usr/lib/lua/luci/ucodebridge.lua:23: /usr/lib/lua/luci/template.lua:181: Failed to execute template 'themes/design/header'.
A runtime error occurred: /usr/lib/lua/luci/dispatcher.lua:68: attempt to index global '__entries' (a nil value)
stack traceback:
	/usr/lib/lua/luci/dispatcher.lua:68: in function 'node'
	[string "/usr/lib/lua/luci/view/themes/design/header..."]:22: in main chunk

In error(), file [C]
  called from function run (/usr/lib/lua/luci/ucodebridge.lua:23)
  called from function [anonymous function] (/usr/lib/lua/luci/ucodebridge.lua:37)

In [anonymous function](), file /usr/share/ucode/luci/runtime.uc, line 133, byte 10:
  called from function [arrow function] (/usr/share/ucode/luci/runtime.uc:141:63)
  called from function render ([C])
  called from function [anonymous function] (/usr/share/ucode/luci/runtime.uc:141:64)
  called from function [anonymous function] (/usr/share/ucode/luci/dispatcher.uc:941:44)
  called from anonymous function (/www/cgi-bin/luci:39:13)

 `            die(ex);`
  Near here --------^

需要先进入控制台界面手动编辑系统配置文件更改主题,我这里是需要移除 design 主题并且恢复成 argon 主题。

cat /etc/config/luci

config core 'main'
        option lang 'auto'
        option mediaurlbase '/luci-static/design'
        option resourcebase '/luci-static/resources'
        option ubuspath '/ubus/'

config extern 'flash_keep'
        option uci '/etc/config/'
        option dropbear '/etc/dropbear/'
        option openvpn '/etc/openvpn/'
        option passwd '/etc/passwd'
        option opkg '/etc/opkg.conf'
        option firewall '/etc/firewall.user'
        option uploads '/lib/uci/upload/'

config internal 'languages'
        option zh_cn '简体中文 (Chinese Simplified)'

config internal 'sauth'
        option sessionpath '/tmp/luci-sessions'
        option sessiontime '3600'

config internal 'ccache'
        option enable '1'

config internal 'themes'
        option Bootstrap '/luci-static/bootstrap'
        option BootstrapDark '/luci-static/bootstrap-dark'
        option BootstrapLight '/luci-static/bootstrap-light'
        option Material '/luci-static/material'
        option Argon '/luci-static/argon'
        option Design'/luci-static/design'

config internal 'apply'
        option rollback '90'
        option holdoff '4'
        option timeout '5'
        option display '1.5'

config internal 'diag'
        option dns 'immortalwrt.org'
        option ping 'immortalwrt.org'
        option route 'immortalwrt.org'

移除option Design'/luci-static/design'并将option mediaurlbase '/luci-static/design'修改为option mediaurlbase '/luci-static/argon'

最后将之前安装的主题包移除掉,比如我之前安装的 design 主题。需要注意卸载顺序,第二个包依赖第三个,所以先卸载。

opkg remove luci-theme-design
opkg remove luci-i18n-design-config-zh-cn
opkg remove luci-app-design-config

最后重启恢复正常。

修改防火墙导致无法访问界面

这种情况只能将设备接显示器进入控制台操作了,虚拟机的话更方便,直接打开 VNC 就行了。

cat /etc/config/firewall

config defaults
        option input 'ACCEPT'
        option output 'ACCEPT'
        option forward 'ACCEPT'
        option flow_offloading '1'
        option flow_offloading_hw '1'
        option fullcone '1'

config zone
        option name 'lan'
        option input 'ACCEPT'
        option output 'ACCEPT'
        option forward 'ACCEPT'
        list network 'lan'

config zone
        option name 'wan'
        list network 'wan'
        list network 'wan6'
        option input 'REJECT'
        option output 'ACCEPT'
        option forward 'REJECT'
        option masq '1'
        option mtu_fix '1'

config forwarding
        option src 'lan'
        option dest 'wan'

config rule
        option name 'Allow-DHCP-Renew'
        option src 'wan'
        option proto 'udp'
        option dest_port '68'
        option target 'ACCEPT'
        option family 'ipv4'

config rule
        option name 'Allow-Ping'
        option src 'wan'
        option proto 'icmp'
        option icmp_type 'echo-request'
        option family 'ipv4'
        option target 'ACCEPT'

config rule
        option name 'Allow-IGMP'
        option src 'wan'
        option proto 'igmp'
        option family 'ipv4'
        option target 'ACCEPT'

config rule
        option name 'Allow-DHCPv6'
        option src 'wan'
        option proto 'udp'
        option dest_port '546'
        option family 'ipv6'
        option target 'ACCEPT'

config rule
        option name 'Allow-MLD'
        option src 'wan'
        option proto 'icmp'
        option src_ip 'fe80::/10'
        list icmp_type '130/0'
        list icmp_type '131/0'
        list icmp_type '132/0'
        list icmp_type '143/0'
        option family 'ipv6'
        option target 'ACCEPT'

config rule
        option name 'Allow-ICMPv6-Input'
        option src 'wan'
        option proto 'icmp'
        list icmp_type 'echo-request'
        list icmp_type 'echo-reply'
        list icmp_type 'destination-unreachable'
        list icmp_type 'packet-too-big'
        list icmp_type 'time-exceeded'
        list icmp_type 'bad-header'
        list icmp_type 'unknown-header-type'
        list icmp_type 'router-solicitation'
        list icmp_type 'neighbour-solicitation'
        list icmp_type 'router-advertisement'
        list icmp_type 'neighbour-advertisement'
        option limit '1000/sec'
        option family 'ipv6'
        option target 'ACCEPT'

config rule
        option name 'Allow-ICMPv6-Forward'
        option src 'wan'
        option dest '*'
        option proto 'icmp'
        list icmp_type 'echo-request'
        list icmp_type 'echo-reply'
        list icmp_type 'destination-unreachable'
        list icmp_type 'packet-too-big'
        list icmp_type 'time-exceeded'
        list icmp_type 'bad-header'
        list icmp_type 'unknown-header-type'
        option limit '1000/sec'
        option family 'ipv6'
        option target 'ACCEPT'

config rule
        option name 'Allow-IPSec-ESP'
        option src 'wan'
        option dest 'lan'
        option proto 'esp'
        option target 'ACCEPT'

config rule
        option name 'Allow-ISAKMP'
        option src 'wan'
        option dest 'lan'
        option dest_port '500'
        option proto 'udp'
        option target 'ACCEPT'

config include 'passwall'
        option type 'script'
        option path '/var/etc/passwall.include'
        option reload '1'

config include 'passwall_server'
        option type 'script'
        option path '/var/etc/passwall_server.include'
        option reload '1'

看你修改了什么,删掉后重启服务。我这里是单网口 lan 做旁路,除了最后两个是 passwall 自动加的外,其他应该都是默认的。

service firewall restart

相关资料

  1. 下载适用于您设备的 ImmortalWrt 固件
  2. 手动选择固件下载
  3. Issues:系统未安装iptables或ipset,无法透明代理
  4. 透明代理
0

评论区