Wiki Search

Actions

Translations

You are here: OpenWrt Wiki » Documentation » The UCI System » Network configuration
Table of Contents

Network configuration

The central network configuration is located in /etc/config/network. This configuration is responsible for defining switch VLANs, interface configurations and network routes.

Hint: After editing /etc/config/network you need to execute 

/etc/init.d/network restart
to make your new configuration take effect. There is no need to reboot the router.

Sections

Below is an overview of the section types that may be defined in the network configuration. A minimal network configuration for a router usually consists of at least two interfaces (lan and wan) and a switch section if applicable.

Switch

The switch section is responsible for partitionating the switch into several VLANs which appear as independant interfaces in the system although they share the same hardware. Not every OpenWrt supported device has a programmable switch, therefore this section might not be present on some platforms.

There are currently two different configuration formats in use, one for the legacy /proc/switch/ API and one for the newer swconfig based switch infrastructure.

/proc/switch

This variant is only found on Broadcom devices like the WRT54GL.

A typical configuration for it looks like this: 

config 'switch' 'eth0'
        option 'vlan0' '0 1 2 3 5*'
        option 'vlan1' '4 5'

The eth0 identifier specifies the switch the section is belonging to. VLANs are defined by vlan# options with # being the VLAN number. For further information refer to the switch documentation.

swconfig

The newer swconfig framework is intended to replace the legacy switch configuration.

The typical filepath for the config is /etc/config/network

Swconfig based configurations have a different structure with one extra section per vlan. The example below shows a typical configuration: 

config 'switch' 'eth0'
        option 'reset' '1'
        option 'enable_vlan' '1'

config 'switch_vlan' 'eth0_1'
        option 'device' 'eth0'
        option 'vlan' '1'
        option 'ports' '0 1 2 3 5t'

config 'switch_vlan' 'eth0_2'
        option 'device' 'eth0'
        option 'vlan' '2'
        option 'ports' '4 5t'

Common properties are defined within the switch section, vlan specific properties are located in additional switch_vlan sections linked to the switch section through the device option. The complete layout is explained in the switch documentation.

Interfaces

Sections of the type interface declare logical networks serving as container for ip address settings, aliases, routes, physical interface names and firewall rules - they play a central role within the OpenWrt configuration concept.

A minimal interface declaration consists of the following lines: 

config 'interface' 'wan'
        option 'proto' 'dhcp'
        option 'ifname' 'eth0.1'

  • wan is a unique logical interface name
  • dhcp specifies the interface protocol, DHCP in this example
  • eth0.1 is the physical interface associated with this section

The interface protocol may be one of the following:

Protocol Description Program
static Static configuration with fixed address and netmask ip/ifconfig
dhcp Address and netmask are assigned by DHCP udhcpc (Busybox)
ppp PPP protocol - dialup modem connections pppd
pppoe PPP over Ethernet - DSL broadband connection pppd + plugin rp-pppoe.so
pppoa PPP over ATM - DSL connection using a builtin modem pppd + plugin …
3g CDMA, UMTS or GPRS connection using an AT-style 3G modem comgt
pptp Connection via PPtP VPN ?
6in4 IPv6-in-IPv4 tunnel for use with Tunnel Brokers like HE.net ?
6to4 Stateless IPv6 over IPv4 transport ?
none Unspecified protocol -

Depending on the used interface protocol several other options may be required for a complete interface declaration. The corresponding options for each protocol are listed below. Options marked as "yes" in the "Required" column must be defined in the interface section if the corresponding protocol is used, options marked as "no" may be defined but can be omitted as well.

Options valid for all protocol types

Name Type Required Default Description
ifname interface name(s) yes(*) (none) Physical interface name to assign to this section, list of interfaces if type bridge is set.
(*) This option may be empty or missing if only a wireless interface references this network or if the protocol type is pptp, pppoa or 6in4
type string no (none) If set to "bridge", a bridge containing the given ifnames is created
stp boolean no 0 Only valid for type "bridge", enables the Spanning Tree Protocol
macaddr mac address no (none) Override MAC address of this interface
mtu number no (none) Override the default MTU on this interface
auto boolean no 0 for proto none, else 1 Specifies whether to bring up interface on boot
accept_ra boolean no 1 for protocol dhcp, else 0 Specifies whether to accept IPv6 Router Advertisements on this interface
send_rs boolean no 1 for protocol static, else 0 Specifies whether to send Router Solicitations on this interface

Protocol "static"

Name Type Required Default Description
ipaddr ip address yes, if no ip6addr is set (none) IP address
netmask netmask yes, if no ip6addr is set (none) Netmask
gateway ip address no (none) Default gateway
broadcast ip address no (none) Broadcast address (autogenerated if not set)
ip6addr ipv6 address yes, if no ipaddr is set (none) Assign given IPv6 address to this interface (CIDR notation)
ip6gw ipv6 address no (none) Assign given IPv6 default gateway to this interface
dns list of ip addresses no (none) DNS server(s)
metric integer no 0 Specifies the default route metric to use

Protocol "dhcp"

Name Type Required Default Description
gateway string no (none) Supresses DHCP-assigned default gateway if set to 0.0.0.0
broadcast boolean no 0 Enable the broadcast flag in DHCP requests, required for certain ISPs, e.g. Charter with DOCSIS 3
hostname string no (none) Hostname to include in DHCP requests
clientid string no system default Override client identifier in DHCP requests
vendorclass string no system default Override the vendor class in DHCP requests
dns list of ip addresses no (none) Override DHCP-assigned DNS server(s)
metric integer no 0 Specifies the default route metric to use
reqopts  list of strings no (none) Specifies a list of additional DHCP options to request

Protocol "ppp" (PPP over Modem)

:!: The package ppp must be installed to use PPP.

Name Type Required Default Description
device file path yes (none) Modem device node
username string no(?) (none) Username for PAP/CHAP authentication
password string no(?) (none) Password for PAP/CHAP authentication
connect file path no (none) Path to custom PPP connect script
disconnect file path no (none) Path to custom PPP disconnect script
keepalive number no (none) Number of connection failures before reconnect
demand number no (none) Number of seconds to wait before closing the connection due to inactivity
defaultroute boolean no 1 Replace existing default route on PPP connect
peerdns boolean no 1 Use peer-assigned DNS server(s)
dns list of ip addresses no (none) Override peer-assigned DNS server(s)
ipv6 boolean no 0 Enable IPv6 on the PPP link
pppd_options string no (none) Additional command line arguments to pass to the pppd daemon

Protocol "pppoe" (PPP over Ethernet)

:!: The package ppp-mod-pppoe must be installed to use PPPoE.

Name Type Required Default Description
username string no(?) (none) Username for PAP/CHAP authentication
password string no(?) (none) Password for PAP/CHAP authentication
ac string no (none) Specifies the Access Concentrator to connect to. If unset, pppd uses the first discovered one
service string no (none) Specifies the Service Name to connect to, If unset, pppd uses the first discovered one
connect file path no (none) Path to custom PPP connect script
disconnect file path no (none) Path to custom PPP disconnect script
keepalive number no (none) Number of connection failures before reconnect
demand number no (none) Number of seconds to wait before closing the connection due to inactivity
defaultroute boolean no 1 Replace existing default route on PPP connect
peerdns boolean no 1 Use peer-assigned DNS server(s)
dns list of ip addresses no (none) Override peer-assigned DNS server(s)
ipv6 boolean no 0 Enable IPv6 on the PPP link
pppd_options string no (none) Additional command line arguments to pass to the pppd daemon

Protocol "pppoa" (PPP over ATM AAL5)

:!: The package ppp-mod-pppoa must be installed to use PPPoA.

Name Type Required Default Description
vci number no 35 PPPoA VCI
vpi number no 8 PPPoA VPI
atmdev number no 0 Specifies the ATM adapter number starting with 0. Most systems only have one ATM device and do not need this option
encaps string no llc PPPoA encapsulation mode: 'llc' (LLC) or 'vc' (VC)
username string no(?) (none) Username for PAP/CHAP authentication
password string no(?) (none) Password for PAP/CHAP authentication
connect file path no (none) Path to custom PPP connect script
disconnect file path no (none) Path to custom PPP disconnect script
keepalive number no (none) Number of connection failures before reconnect
demand number no (none) Number of seconds to wait before closing the connection due to inactivity
defaultroute boolean no 1 Replace existing default route on PPP connect
peerdns boolean no 1 Use peer-assigned DNS server(s)
dns list of ip addresses no (none) Override peer-assigned DNS server(s)
ipv6 boolean no 0 Enable IPv6 on the PPP link
pppd_options string no (none) Additional command line arguments to pass to the pppd daemon

Protocol "3g" (PPP over EV-DO, CDMA, UMTS or GRPS)

:!: The package comgt must be installed to use 3G. Check 3gdongle for further help with that.

Name Type Required Default Description
device file path yes (none) Modem device node
service string yes umts 3G service type: cdma/evdo, umts
apn string yes (none) Used APN
pincode number no (none) PIN code to unlock SIM card
maxwait number no 20 Number of seconds to wait for modem to become ready
username string no(?) (none) Username for PAP/CHAP authentication
password string no(?) (none) Password for PAP/CHAP authentication
keepalive number no (none) Number of connection failures before reconnect
demand number no (none) Number of seconds to wait before closing the connection due to inactivity
defaultroute boolean no 1 Replace existing default route on PPP connect
peerdns boolean no 1 Use peer-assigned DNS server(s)
dns list of ip addresses no (none) Override peer-assigned DNS server(s)
ipv6 boolean no 0 Enable IPv6 on the PPP link

Protocol "pptp" (Point-to-Point Tunneling Protocol)

:!: The package pptp must be installed to use PPtP. There is a separate Howto for this: vpn.client.pptp. You need to have another section to configure the "parent" device, and you might need to add "<vpn>" to your "wan" zone in the firewall (<vpn> being the "logical interface name" of this section).

Name Type Required Default Description
server ip address yes (none) Remote PPtP server
username string no(?) (none) Username for PAP/CHAP authentication
password string no(?) (none) Password for PAP/CHAP authentication
buffering boolean no 1 Enables buffering and reordering of packets, 0 disables it (–nobuffer)
keepalive integer no ? Number of attempts to reconnect
iface string no(?) pptp-<vpn> Name of the physical interface. Defaults to pptp-<vpn> no matter what you use

Protocol "6in4" (IPv6-in-IPv4 Tunnel)

:!: The package 6in4 must be installed to use this protocol.

Name Type Required Default Description
ipaddr IPv4 address no Current WAN IPv4 address Local IPv4 endpoint address
peeraddr IPv4 address yes (none) Remote IPv4 endpoint address
ip6addr IPv6 address (CIDR) yes (none) Local IPv6 address delegated to the tunnel endpoint
defaultroute boolean no 1 Whether to create an IPv6 default route over the tunnel
ttl  integer no 64 TTL used for the tunnel interface
mtu integer no 1280 MTU used for the tunnel interface
wan_device string no (none) Interface from where client IPv4 endpoint address is derived (used for endpoint update)
tunnelid integer no (none) HE.net global tunnel ID (used for endpoint update)
username string no (none) HE.net user ID (used for endpoint update)
password string no (none) HE.net password (used for endpoint update)
metric integer no 0 Specifies the default route metric to use

Note: This protocol type does not need an ifname option set in the interface section. The interface name is derived from the section name, e.g. config interface sixbone would result in an interface named 6in4-sixbone.

Protocol "6to4" (IPv6-in-IPv4 Tunnel)

:!: The package 6to4 must be installed to use this protocol.

Name Type Required Default Description
ipaddr IPv4 address no Current WAN IPv4 address Local IPv4 endpoint address
defaultroute boolean no 1 Whether to create an IPv6 default route over the tunnel
ttl integer no 64 TTL used for the tunnel interface
mtu integer no 1280 MTU used for the tunnel interface
adv_interface string no lan The logical interface name of the network the subnet should be advertised on. Multiple interface names can be given.
adv_subnet hex number no 1 A subnet ID between 1 and FFFF which selects the advertised /64 prefix from the mapped 6to4 space. The subnet ID is incremented by 1 for every interface specified in adv_interface.
adv_valid_lifetime integer no 300 Overrides the advertised valid prefix lifetime, in seconds (see also radvd prefix options)
adv_preferred_lifetime integer no 120 Overrides the advertised preferred prefix lifetime, in seconds (see also radvd prefix options)
metric integer no 0 Specifies the default route metric to use

Note: This protocol type does not need an ifname option set in the interface section. The interface name is derived from the section name, e.g. config interface wan6 would result in an interface named 6to4-wan6.
Note: If radvd is installed an enabled, the 6to4 scripts will add a temporary prefix and interface declaration to the radvd uci configuration and perform a daemon restart if required.

Protocol "l2tp" (L2TP Pseudowire Tunnel)

:!: The package l2tpv3tun must be installed to use this protocol.
:!: This protocol is only supported on 2.6.35 and newer kernels.

Name Type Required Default Description
localaddr IPv4 address yes, if no local6addr is set (none) Local IPv4 endpoint address
peeraddr IPv4 address yes, if no peer6addr is set (none) Remote IPv4 endpoint address
local6addr IPv6 address yes, if no localaddr is set (none) Local IPv6 endpoint address
peer6addr IPv6 address yes, if no peeraddr is set (none) Remote IPv6 endpoint address
encap string no udp L2TPv3 encapsulation mode, either ip or udp
sport port number no 1701 L2TPv3 source port, only applicable to UDP encapsulation
dport port number no 1701 L2TPv3 destination port, only applicable to UDP encapsulation
tunnel_id integer no Next unused tunnel ID Local L2TPv3 tunnel ID
peer_tunnel_id integer no Value of tunnel_id Remote L2TPv3 tunnel ID
session_id integer no Next unused session ID Local L2TPv3 session ID
peer_session_id integer no Value of session_id Remote L2TPv3 session ID
Additionally all options defined for the static protocol type can be specified

Protocol "relay" (Relayd Pseudo Bridge)

:!: The package relayd must be installed to use this protocol.

Name Type Required Default Description
network list of logical interface names yes (none) Specifies the networks between which traffic is relayed
gateway IPv4 address no (network default) Override the gateway address sent to clients within DHCP responses
expiry integer no 30 Host expiry timeout in seconds
retry integer no 5 Number of ARP ping retries before a host is considered dead
table integer no 16800 Table ID for automatically added routes
forward_bcast boolean no 1 Enables forwarding of broadcast traffic, 0 disables it
forward_dhcp boolean no 1 Enables forwarding of DHCP requests and responses, 0 disables it

ATM Bridges (Ethernet over ATM AAL5)

:!: The package br2684ctl must be installed to use Ethernet over AAL5.

ATM bridges use a special config section called atm-bridge. Each atm-bridge section maps the specified ATM curcuit an atm# pseudo ethernet device which can be used for example in conjunction with pppoe to establish a DSL connection to the ISP.

A typical bridge section looks like this: 

config atm-bridge
       option unit     '0'
       option vpi      '8'
       option vci      '35'

  • Unit 0 will let br2684ctl create a nas0 pseudo device
  • VPI 0 and VCI 35 specifies the circuit to bridge. Those values are ISP dependant.

The atm-bridge section allows the following options:

Name Type Required Default Description
unit number yes 0 Specifies the br2684 interface number. If ommitted, 0 is assumed which would result in a nas0 pseudo interface.
vci number no 35 PPPoA VCI
vpi number no 8 PPPoA VPI
atmdev number no 0 Specifies the ATM adapter number starting with 0. Most systems only have one ATM device and do not need this option
encaps string no llc PPPoA encapsulation mode: 'llc' (LLC) or 'vc' (VC)
payload string no bridged PPPoA forwarding mode: 'routed' or 'bridged'

Aliases

Alias sections can be used to define further IPv4 and IPv6 addresses for interfaces. They also allow combinations like DHCP on the main interface and a static IPv6 address in the alias, for example to deploy IPv6 on wan while keeping normal internet connectivity. Each interface can have multiple aliases attached to it.

A minimal alias declaration consists of the following lines: 

config 'alias'
        option 'interface' 'lan'
        option 'proto' 'static'
        option 'ipaddr' '10.0.0.1'
        option 'netmask' '255.255.255.0'

  • lan is the logical interface name of the parent interface
  • static is the alias interface protocol
  • 10.0.0.1 specifies the alias ip address
  • 255.255.255.0 specifies the alias netmask

At the time of writing, only the static protocol type is allowed for aliases. Defined options for alias sections are listed below.

Name Type Required Default Description
interface string yes (none) Specifies the logical interface name of the parent (or master) interface this alias is belonging to, must refer to one of the defined interface sections
proto string yes (none) Specifies the alias interface protocol
ipaddr ip address yes, if no ip6addr is set (none) IP address
netmask netmask yes, if no ip6addr is set (none) Netmask
gateway ip address no (none) Default gateway
broadcast ip address no (none) Broadcast address (autogenerated if not set)
ip6addr ipv6 address yes, if no ipaddr is set (none) IPv6 address (CIDR notation)
ip6gw ipv6 address no (none) IPv6 default gateway
dns list of ip addresses no (none) DNS server(s)
layer integer no 3 Selects the interface to attach to for stacked protocols (tun over bridge over eth, ppp over eth or similar).
3: attach to layer 3 interface (tun*, ppp* if parent is layer 3 else fallback to 2)
2: attach to layer 2 interface (br-* if parent is bridge else fallback to layer 1)
1: attach to layer 1 interface (eth*, wlan*)

IPv4 Routes

It is possible to define arbitary IPv4 routes on specific interfaces using route sections. As for aliases, multiple sections can be attached to an interface.

A minimial example looks like this: 

config 'route'
        option 'interface' 'lan'
        option 'target' '172.16.123.0'
        option 'netmask' '255.255.255.0'

  • lan is the logical interface name of the parent interface
  • 172.16.123.0 is the network address of the route
  • 255.255.255.0 specifies the route netmask

Legal options for IPv4 routes are:

Name Type Required Default Description
interface string yes (none) Specifies the logical interface name of the parent (or master) interface this route is belonging to, must refer to one of the defined interface sections
target ip address yes (none) Network address
netmask netmask no (none) Route netmask. If ommitted, 255.255.255.255 is assumed which makes target a host address
gateway ip address no (none) Network gateway. If ommitted, the gateway from the parent interface is taken, if set to 0.0.0.0 no gateway will be specified for the route
metric number no 0 Specifies the route metric to use
mtu number no interface MTU Define a specific MTU for this route

IPv6 Routes

IPv6 routes can be specified as well by defining one or more route6 sections.

A minimial example looks like this: 

config 'route6'
        option 'interface' 'lan'
        option 'target' '2001:0DB8:100:F00:BA3::1/64'
        option 'gateway' '2001:0DB8:99::1'

  • lan is the logical interface name of the parent interface
  • 2001:0DB8:100:F00:BA3::1/64 is the routed IPv6 subnet in CIDR notation
  • 2001:0DB8:99::1 specifies the IPv6 gateway for this route

Legal options for IPv6 routes are:

Name Type Required Default Description
interface string yes (none) Specifies the logical interface name of the parent (or master) interface this route is belonging to, must refer to one of the defined interface sections
target ipv6 address yes (none) IPv6 network address
gateway ipv6 address no (none) IPv6 gateway. If ommitted, the gateway from the parent interface is taken
metric number no 0 Specifies the route metric to use
mtu number no interface MTU Define a specific MTU for this route

Examples

Below are a few examples for special, non-standard interface configurations.

Bridge without IP

config 'interface' 'example'
        option 'type'    'bridge'
        option 'proto'   'none'
        option 'ifname'  'eth0 eth1'
        option 'auto'    '1'

DHCP without default gateway

config 'interface' 'example'
        option 'proto'   'dhcp'
        option 'ifname'  'eth0'
        option 'gateway' '0.0.0.0'

DHCP and IPv6

config 'interface' 'example'
        option 'proto'     'dhcp'
        option 'ifname'    'eth0'

config 'alias'
        option 'interface' 'example'
        option 'proto'     'static'
        option 'ip6addr'   '2001:0DB8:100:F00:BA3::1'

Static IP configuration and default gateway with non-zero metric

config 'interface' 'example'
        option 'proto'     'static'
        option 'ifname'    'eth0'
        option 'ipaddr'    '192.168.1.200'
        option 'netmask'   '255.255.255.0'
        option 'dns'       '192.168.1.1'

config 'route'
        option 'interface' 'example'
        option 'target'    '0.0.0.0'
        option 'netmask'   '0.0.0.0'
        option 'gateway'   '192.168.1.1'
        option 'metric'    '100'

PPtP-over-PPPoE internet connection

config 'interface' 'wan'
        option 'proto'     'pppoe'
        option 'ifname'    'eth1'
        option 'username'  'user'
        option 'password'  'pass'
        option 'timeout'   '10'

config 'interface' 'vpn'
        option 'proto'     'pptp'
        option 'ifname'    'vpn'
        option 'username'  'vpnuser'
        option 'password'  'vpnpass'
        option 'server'    'vpn.example.org'

:!: Additionally the "wan" firewall zone must include both interfaces in /etc/config/firewall: 

config 'zone'
        option 'name'      'wan'
        option 'network'   'wan vpn'  # Important
        option 'input'     'REJECT'
        option 'forward'   'REJECT'
        option 'output'    'ACCEPT'
        option 'masq'      '1'

Static IPv6-in-IPv4 tunnel

The example below illustrates a static tunnel configuration for the Hurricane Electric (he.net) broker. Option ipaddr specifies the local IPv4 address, peeraddr is the broker IPv4 address and ip6addr the local IPv6 address routed via the tunnel. 

config 'interface' 'henet'
        option 'proto'     '6in4'
        option 'ipaddr'    '178.24.115.19'
        option 'peeraddr'  '216.66.80.30'
        option 'ip6addr'   '2001:0DB8:1f0a:1359::2/64'

:!: To apply IPv6 firewall rules to the tunnel interface, add it to the "wan" zone in /etc/config/firewall: 

config 'zone'
        option 'name'      'wan'
        option 'network'   'wan henet'  # Important
        option 'input'     'REJECT'
        option 'forward'   'REJECT'
        option 'output'    'ACCEPT'
        option 'masq'      '1'

:!: If you define a new, dedicated zone just for the tunnel interface, make sure to set option conntrack 1 in order to force enabling connection tracking, otherwise unidirectional forwarding rules will not work.

Dynamic IPv6-in-IPv4 tunnel (HE.net only)

The example below illustrates a dynamic tunnel configuration for the Hurricane Electric (he.net) broker with enabled IP update. The local IPv4 address is automatically determined and tunnelid, username and password are provided for IP update. 

config 'interface' 'henet'
        option 'proto'     '6in4'
        option 'peeraddr'  '216.66.80.30'
        option 'ip6addr'   '2001:0DB8:1f0a:1359::2/64'
        option 'tunnelid'  '12345'
        option 'username'  '098f6bcd4621d373cade4e832627b4f6'
        option 'password'  'secret'

:!: To apply IPv6 firewall rules to the tunnel interface, add it to the "wan" firewall zone, see example above for details.

L2TPv3 Pseudowire bridged to LAN

This example establishes a Pseudowire Tunnel and bridges it to the LAN ports. The existing lan interface is reused with protocol l2tp instead of static. 

config 'interface' 'lan'
        option 'proto'     'l2tp'
        option 'type'      'bridge'
        option 'ifname'    'eth0'
        option 'ipaddr'    '192.168.1.1'
        option 'netmask'   '255.255.255.0'
        option 'localaddr' '178.24.154.19'
        option 'peeraddr'  '89.44.33.61'
        option 'encap'     'udp'
        option 'sport'     '4000'
        option 'dport'     '5410'

Relay between LAN and Wireless Station

This example setups a relayd pseudo bridge between a wireless client network and LAN, so that it works similar to the Broadcom Bridged Client mode.

Wireless configuration (excerpt): 

config wifi-iface
        option 'device'     'radio0'
        option 'mode'       'sta'
        option 'ssid'       'Some Wireless Network'
        option 'encryption' 'psk2'
        option 'key'        '12345678'
        option 'network'    'wwan'

Network configuration (excerpt):
:!: Note that the LAN subnet must be different from the one used by wireless network's DHCP. 

config 'interface' 'lan'
        option 'ifname'     'eth0.1'
        option 'proto'      'static'
        option 'ipaddr'     '192.168.1.1'
        option 'netmask'    '255.255.255.0'

config 'interface' 'wwan'
        option 'proto'      'dhcp'

config 'interface' 'stabridge'
        option 'proto'      'relay'
        option 'network'    'lan wwan'

In contrast to true bridging, traffic forwarded in this manner is affected by firewall rules, therfore both the wireless client network and the lan network should be covered by the same LAN firewall zone with forward policy set to accept to allow traffic flow between both interfaces: 

config 'zone'
        option 'name'        'lan'
        option 'network'     'lan wwan'  # Important
        option 'input'       'ACCEPT'
        option 'forward'     'ACCEPT'    # Important
        option 'output'      'ACCEPT'

Network management

The complete network configuration can be re-applied by running /etc/init.d/network restart. Individual interfaces can be brought up with ifup name or down with ifdown name where name corresponds to the logical interface name of the corresponding config interface section. An ifup implies a prior ifdown so there is no need to invoke both when reloading an interface.

Note that wireless interfaces are managed externally and ifup may break the relation to existing bridges. In such a case it is required to run wifi up after ifup in order to re-establish the bridge connection.

Determining Linux interface names

In order to derive a Linux interface name like eth1 from a logical network name like wan for use in scripts or tools like ifconfig and route the uci utility can be used like illustrated in the iptables example below which opens port 22 on the interface. 

WANIF=$(uci -P/var/state get network.wan.ifname)
iptables -I INPUT -i $WANIF -p tcp --dport 22 -j ACCEPT

Back to top

doc/uci/network.txt · Last modified: 2011/10/07 12:29 by orca