import of files/ from BBHN 1.0.0 (bbhn svn 273)

files/bin/login

@@ -0,0 +1,14 @@
+#!/bin/sh
+# Copyright (C) 2006 OpenWrt.org
+
+cat << EOF
+ === IMPORTANT ============================
+
+  Use 'mount_root' before changing anything, including the password
+  Use 'setpasswd' to set your login password
+  When finished, cycle the power to reboot
+
+ === IMPORTANT ============================
+EOF
+
+exec /bin/ash --login

files/etc/config.ap/_setup

@@ -0,0 +1,22 @@
+wifi_proto = bridge
+wifi_mode = ap
+wifi_ssid = <NODE>
+wifi_txpower = 19
+wifi_channel = 6
+wifi_rxant = 3
+wifi_txant = 3
+wifi_distance = 0
+wifi_hidden = 0
+
+lan_proto = static
+lan_ip = 172.27.1.1
+lan_mask = 255.255.255.0
+lan_dhcp = 1
+
+dhcp_start = 5
+dhcp_end = 25
+dhcp_limit = 20
+
+wan_proto = dhcp
+wan_dns1 = 8.8.8.8
+wan_dns2 = 8.8.4.4

files/etc/config.ap/_setup.default

@@ -0,0 +1,22 @@
+wifi_proto = bridge
+wifi_mode = ap
+wifi_ssid = <NODE>
+wifi_txpower = 19
+wifi_channel = 6
+wifi_rxant = 3
+wifi_txant = 3
+wifi_distance = 0
+wifi_hidden = 0
+
+lan_proto = static
+lan_ip = 172.27.1.1
+lan_mask = 255.255.255.0
+lan_dhcp = 1
+
+dhcp_start = 5
+dhcp_end = 25
+dhcp_limit = 20
+
+wan_proto = dhcp
+wan_dns1 = 8.8.8.8
+wan_dns2 = 8.8.4.4

files/etc/config.ap/dhcp

@@ -0,0 +1,10 @@
+config dhcp
+	option interface	lan
+	option start 		<dhcp_start>
+	option limit		<dhcp_limit>
+	option leasetime	1h
+        option ignore           <lan_dhcp>
+
+config dhcp
+	option interface	wan
+	option ignore		1

files/etc/config.ap/dropbear

@@ -0,0 +1,3 @@
+config dropbear
+	option PasswordAuth 'on'
+	option Port         '2222'

files/etc/config.ap/firewall

@@ -0,0 +1,56 @@
+# Copyright (C) 2006 OpenWrt.org
+#
+# RULE SYNTAX:
+#
+# forward:<intf>:<match>:<target>[:<port>]
+# 	- forwards all packets matched by <match> to <target>,
+# 	  optionally changing the port to <port>
+#
+# accept:<intf>:<match>
+# 	- accepts all traffic matched by <match>
+#
+# drop:<intf>:<match>
+#	- drops all traffic matched by <match>
+#
+# <intf> is the external interface to which the rule applies
+#        value is either "wifi" or "wan"
+#
+#
+# MATCHING OPTIONS:
+#
+# src=<ip>
+# 	- match the source ip <ip>
+#
+# dest=<ip>
+# 	- match the destination ip <ip>
+#
+# proto=<proto>
+# 	- match the protocol by name or number
+#
+# sport=<port(s)>
+# 	- match the source port(s), see below for syntax
+#
+# dport=<port(s)>
+# 	- match the destination port(s), see below for syntax
+#
+#
+#
+# PORT SYNTAX:
+#
+# Arbitrary lists of ports and port ranges are in the following format:
+#   - 22,53,993,1000-1024 
+#
+# If you don't set the protocol to tcp or udp, it will apply to both
+#
+#
+#
+# EXAMPLES:
+#
+# drop:wan:dport=22 src=1.3.3.7
+# accept:wifi:proto=tcp dport=22
+# forward:wifi:dport=60168:192.168.1.2:60169
+
+accept:wan:dport=2222 proto=tcp
+accept:wan:dport=8080 proto=tcp
+accept:wifi:dport=2222 proto=tcp
+accept:wifi:dport=8080 proto=tcp

files/etc/config.ap/firewall.user

@@ -0,0 +1,30 @@
+#!/bin/sh
+# Copyright (C) 2006 OpenWrt.org
+
+iptables -F input_rule
+iptables -F output_rule
+iptables -F forwarding_rule
+iptables -t nat -F prerouting_rule
+iptables -t nat -F postrouting_rule
+
+# The following chains are for traffic directed at the IP of the 
+# WAN interface
+
+iptables -F input_wan
+iptables -F forwarding_wan
+iptables -t nat -F prerouting_wan
+
+### Open port to WAN
+## -- This allows port 22 to be answered by (dropbear on) the router
+# iptables -t nat -A prerouting_wan -p tcp --dport 22 -j ACCEPT 
+# iptables        -A input_wan      -p tcp --dport 22 -j ACCEPT
+
+### Port forwarding
+## -- This forwards port 8080 on the WAN to port 80 on 192.168.1.2
+# iptables -t nat -A prerouting_wan -p tcp --dport 8080 -j DNAT --to 192.168.1.2:80
+# iptables        -A forwarding_wan -p tcp --dport 80 -d 192.168.1.2 -j ACCEPT
+
+### DMZ
+## -- Connections to ports not handled above will be forwarded to 192.168.1.2
+# iptables -t nat -A prerouting_wan -j DNAT --to 192.168.1.2
+# iptables        -A forwarding_wan -d 192.168.1.2 -j ACCEPT

files/etc/config.ap/network

@@ -0,0 +1,29 @@
+include /etc/vlan
+
+#### Loopback configuration
+config interface loopback
+	option ifname	"lo"
+	option proto	static
+	option ipaddr	127.0.0.1
+	option netmask	255.0.0.0
+
+
+#### LAN configuration
+config interface lan
+	option type 	bridge
+	option ifname	"eth0.0"
+	option proto	<lan_proto>
+	option ipaddr	<lan_ip>
+	option netmask	<lan_mask>
+	option dns	"<wan_dns1> <wan_dns2>"
+	option gateway	<lan_gw>
+
+
+#### WAN configuration
+config interface	wan
+	option ifname	"eth0.1"
+	option proto	<wan_proto>
+	option ipaddr   <wan_ip>
+	option netmask  <wan_mask>
+	option gateway  <wan_gw>
+

files/etc/config.ap/system

@@ -0,0 +1,3 @@
+config 'system'
+	option 'hostname' '<NODE>'
+

files/etc/config.ap/wireless

@@ -0,0 +1,15 @@
+config wifi-device  wl0
+	option type     broadcom
+	option channel  <wifi_channel>
+	option rxant	<wifi_rxant>
+	option txant	<wifi_txant>
+	option distance	<wifi_distance>
+
+config wifi-iface
+	option device   wl0
+	option network	lan
+	option mode     <wifi_mode>
+	option ssid     "<wifi_ssid>"
+	option hidden   <wifi_hidden>
+	option encryption none
+

files/etc/config.client/_setup

@@ -0,0 +1,20 @@
+wifi_proto = dhcp
+wifi_mode = sta
+wifi_ssid = linksys
+wifi_txpower = 19
+wifi_rxant = 3
+wifi_txant = 3
+wifi_distance = 0
+
+lan_proto = static
+lan_ip = 172.27.2.1
+lan_mask = 255.255.255.0
+lan_dhcp = 1
+
+dhcp_start = 5
+dhcp_end = 25
+dhcp_limit = 20
+
+wan_proto = disabled
+wan_dns1 = 8.8.8.8
+wan_dns2 = 8.8.4.4

files/etc/config.client/_setup.default

@@ -0,0 +1,20 @@
+wifi_proto = dhcp
+wifi_mode = sta
+wifi_ssid = linksys
+wifi_txpower = 19
+wifi_rxant = 3
+wifi_txant = 3
+wifi_distance = 0
+
+lan_proto = static
+lan_ip = 172.27.2.1
+lan_mask = 255.255.255.0
+lan_dhcp = 1
+
+dhcp_start = 5
+dhcp_end = 25
+dhcp_limit = 20
+
+wan_proto = disabled
+wan_dns1 = 8.8.8.8
+wan_dns2 = 8.8.4.4

files/etc/config.client/dhcp

@@ -0,0 +1,14 @@
+config dhcp
+	option interface	lan
+	option start 		<dhcp_start>
+	option limit		<dhcp_limit>
+	option leasetime	1h
+        option ignore           <lan_dhcp>
+
+config dhcp
+	option interface	wan
+	option ignore		1
+
+config dhcp
+	option interface	wifi
+	option ignore		1

files/etc/config.client/dropbear

@@ -0,0 +1,3 @@
+config dropbear
+	option PasswordAuth 'on'
+	option Port         '2222'

files/etc/config.client/firewall

@@ -0,0 +1,56 @@
+# Copyright (C) 2006 OpenWrt.org
+#
+# RULE SYNTAX:
+#
+# forward:<intf>:<match>:<target>[:<port>]
+# 	- forwards all packets matched by <match> to <target>,
+# 	  optionally changing the port to <port>
+#
+# accept:<intf>:<match>
+# 	- accepts all traffic matched by <match>
+#
+# drop:<intf>:<match>
+#	- drops all traffic matched by <match>
+#
+# <intf> is the external interface to which the rule applies
+#        value is either "wifi" or "wan"
+#
+#
+# MATCHING OPTIONS:
+#
+# src=<ip>
+# 	- match the source ip <ip>
+#
+# dest=<ip>
+# 	- match the destination ip <ip>
+#
+# proto=<proto>
+# 	- match the protocol by name or number
+#
+# sport=<port(s)>
+# 	- match the source port(s), see below for syntax
+#
+# dport=<port(s)>
+# 	- match the destination port(s), see below for syntax
+#
+#
+#
+# PORT SYNTAX:
+#
+# Arbitrary lists of ports and port ranges are in the following format:
+#   - 22,53,993,1000-1024 
+#
+# If you don't set the protocol to tcp or udp, it will apply to both
+#
+#
+#
+# EXAMPLES:
+#
+# drop:wan:dport=22 src=1.3.3.7
+# accept:wifi:proto=tcp dport=22
+# forward:wifi:dport=60168:192.168.1.2:60169
+
+accept:wan:dport=2222 proto=tcp
+accept:wan:dport=8080 proto=tcp
+accept:wifi:dport=2222 proto=tcp
+accept:wifi:dport=8080 proto=tcp

files/etc/config.client/firewall.user

@@ -0,0 +1,30 @@
+#!/bin/sh
+# Copyright (C) 2006 OpenWrt.org
+
+iptables -F input_rule
+iptables -F output_rule
+iptables -F forwarding_rule
+iptables -t nat -F prerouting_rule
+iptables -t nat -F postrouting_rule
+
+# The following chains are for traffic directed at the IP of the 
+# WAN interface
+
+iptables -F input_wan
+iptables -F forwarding_wan
+iptables -t nat -F prerouting_wan
+
+### Open port to WAN
+## -- This allows port 22 to be answered by (dropbear on) the router
+# iptables -t nat -A prerouting_wan -p tcp --dport 22 -j ACCEPT 
+# iptables        -A input_wan      -p tcp --dport 22 -j ACCEPT
+
+### Port forwarding
+## -- This forwards port 8080 on the WAN to port 80 on 192.168.1.2
+# iptables -t nat -A prerouting_wan -p tcp --dport 8080 -j DNAT --to 192.168.1.2:80
+# iptables        -A forwarding_wan -p tcp --dport 80 -d 192.168.1.2 -j ACCEPT
+
+### DMZ
+## -- Connections to ports not handled above will be forwarded to 192.168.1.2
+# iptables -t nat -A prerouting_wan -j DNAT --to 192.168.1.2
+# iptables        -A forwarding_wan -d 192.168.1.2 -j ACCEPT

files/etc/config.client/network

@@ -0,0 +1,23 @@
+include /etc/vlan
+
+#### Loopback configuration
+config interface loopback
+	option ifname	"lo"
+	option proto	static
+	option ipaddr	127.0.0.1
+	option netmask	255.0.0.0
+
+
+#### LAN configuration
+config interface lan
+	option ifname	"eth0.0"
+	option proto	<lan_proto>
+	option ipaddr	<lan_ip>
+	option netmask	<lan_mask>
+        option dns      "<wan_dns1> <wan_dns2>"
+
+
+#### WAN configuration
+config interface	wan
+	option ifname	"wl0"
+	option proto	<wifi_proto>

files/etc/config.client/system

@@ -0,0 +1,3 @@
+config 'system'
+	option 'hostname' '<NODE>'
+

files/etc/config.client/wireless

@@ -0,0 +1,13 @@
+config wifi-device  wl0
+	option type     broadcom
+	option rxant    <wifi_rxant>
+	option txant    <wifi_txant>
+        option distance <wifi_distance>
+
+config wifi-iface
+	option device   wl0
+	option network	wan
+	option mode     <wifi_mode>
+	option ssid     "<wifi_ssid>"
+	option encryption none
+

files/etc/config.mesh/_setup

@@ -0,0 +1,27 @@
+wifi_proto = static
+wifi_ip = 10.<MAC2>
+wifi_mask = 255.0.0.0
+wifi_ssid = BroadbandHamnet-v1
+wifi_mode = adhoc
+wifi_txpower = 19
+wifi_channel = 1
+wifi_rxant = 3
+wifi_txant = 3
+wifi_distance = 0
+
+dmz_mode = 3
+lan_proto = static
+lan_ip = 172.27.0.1
+lan_mask = 255.255.255.0
+lan_dhcp = 1
+
+dhcp_start = 5
+dhcp_end = 25
+dhcp_limit = 20
+
+olsrd_bridge = 0
+olsrd_gw = 0
+
+wan_proto = dhcp
+wan_dns1 = 8.8.8.8
+wan_dns2 = 8.8.4.4

files/etc/config.mesh/_setup.default

@@ -0,0 +1,27 @@
+wifi_proto = static
+wifi_ip = 10.<MAC2>
+wifi_mask = 255.0.0.0
+wifi_ssid = BroadbandHamnet-v1
+wifi_mode = adhoc
+wifi_txpower = 19
+wifi_channel = 1
+wifi_rxant = 3
+wifi_txant = 3
+wifi_distance = 0
+
+dmz_mode = 3
+lan_proto = static
+lan_ip = 172.27.0.1
+lan_mask = 255.255.255.0
+lan_dhcp = 1
+
+dhcp_start = 5
+dhcp_end = 25
+dhcp_limit = 20
+
+olsrd_bridge = 0
+olsrd_gw = 0
+
+wan_proto = dhcp
+wan_dns1 = 8.8.8.8
+wan_dns2 = 8.8.4.4

files/etc/config.mesh/dhcp

@@ -0,0 +1,14 @@
+config dhcp
+	option interface	lan
+	option start 		<dhcp_start>
+	option limit		<dhcp_limit>
+	option leasetime	1h
+        option ignore           <lan_dhcp>
+
+config dhcp
+	option interface	wan
+	option ignore		1
+
+config dhcp
+	option interface	wifi
+	option ignore		1

files/etc/config.mesh/dropbear

@@ -0,0 +1,3 @@
+config dropbear
+	option PasswordAuth 'on'
+	option Port         '2222'

files/etc/config.mesh/firewall

@@ -0,0 +1,58 @@
+# Copyright (C) 2006 OpenWrt.org
+#
+# RULE SYNTAX:
+#
+# forward:<intf>:<match>:<target>[:<port>]
+# 	- forwards all packets matched by <match> to <target>,
+# 	  optionally changing the port to <port>
+#
+# accept:<intf>:<match>
+# 	- accepts all traffic matched by <match>
+#
+# drop:<intf>:<match>
+#	- drops all traffic matched by <match>
+#
+# <intf> is the external interface to which the rule applies
+#        value is either "wifi" or "wan"
+#
+#
+# MATCHING OPTIONS:
+#
+# src=<ip>
+# 	- match the source ip <ip>
+#
+# dest=<ip>
+# 	- match the destination ip <ip>
+#
+# proto=<proto>
+# 	- match the protocol by name or number
+#
+# sport=<port(s)>
+# 	- match the source port(s), see below for syntax
+#
+# dport=<port(s)>
+# 	- match the destination port(s), see below for syntax
+#
+#
+#
+# PORT SYNTAX:
+#
+# Arbitrary lists of ports and port ranges are in the following format:
+#   - 22,53,993,1000-1024 
+#
+# If you don't set the protocol to tcp or udp, it will apply to both
+#
+#
+#
+# EXAMPLES:
+#
+# drop:wan:dport=22 src=1.3.3.7
+# accept:wifi:proto=tcp dport=22
+# forward:wifi:dport=60168:192.168.1.2:60169
+
+accept:wan:dport=2222 proto=tcp
+accept:wan:dport=8080 proto=tcp
+accept:wifi:dport=2222 proto=tcp
+accept:wifi:dport=8080 proto=tcp
+accept:wifi:dport=698 proto=udp
+accept:wifi:dport=1978 proto=tcp

files/etc/config.mesh/firewall.user

@@ -0,0 +1,30 @@
+#!/bin/sh
+# Copyright (C) 2006 OpenWrt.org
+
+iptables -F input_rule
+iptables -F output_rule
+iptables -F forwarding_rule
+iptables -t nat -F prerouting_rule
+iptables -t nat -F postrouting_rule
+
+# The following chains are for traffic directed at the IP of the 
+# WAN interface
+
+iptables -F input_wan
+iptables -F forwarding_wan
+iptables -t nat -F prerouting_wan
+
+### Open port to WAN
+## -- This allows port 22 to be answered by (dropbear on) the router
+# iptables -t nat -A prerouting_wan -p tcp --dport 22 -j ACCEPT 
+# iptables        -A input_wan      -p tcp --dport 22 -j ACCEPT
+
+### Port forwarding
+## -- This forwards port 8080 on the WAN to port 80 on 192.168.1.2
+# iptables -t nat -A prerouting_wan -p tcp --dport 8080 -j DNAT --to 192.168.1.2:80
+# iptables        -A forwarding_wan -p tcp --dport 80 -d 192.168.1.2 -j ACCEPT
+
+### DMZ
+## -- Connections to ports not handled above will be forwarded to 192.168.1.2
+# iptables -t nat -A prerouting_wan -j DNAT --to 192.168.1.2
+# iptables        -A forwarding_wan -d 192.168.1.2 -j ACCEPT

files/etc/config.mesh/network

@@ -0,0 +1,36 @@
+include /etc/vlan
+
+#### Loopback configuration
+config interface loopback
+	option ifname	"lo"
+	option proto	static
+	option ipaddr	127.0.0.1
+	option netmask	255.0.0.0
+
+
+#### LAN configuration
+config interface lan
+	option ifname	"eth0.0"
+	option proto	<lan_proto>
+	option ipaddr	<lan_ip>
+	option netmask	<lan_mask>
+	option dns	"<wan_dns1> <wan_dns2>"
+	option gateway	<lan_gw>
+
+
+#### WAN configuration
+config interface	wan
+	option ifname	"eth0.1"
+	option proto	<wan_proto>
+	option ipaddr	<wan_ip>
+	option netmask	<wan_mask>
+	option gateway  <wan_gw>
+	
+	
+#### WIFI configuration
+config interface wifi
+	option ifname	"wl0"
+	option proto	<wifi_proto>
+	option ipaddr	<wifi_ip>
+	option netmask	<wifi_mask>
+

files/etc/config.mesh/olsrd.conf

@@ -0,0 +1,545 @@
+#
+# OLSR.org routing daemon config file
+# This file contains ALL available options and explanations about them
+#
+# Lines starting with a # are discarded
+#
+
+#### ATTENTION for IPv6 users ####
+# Because of limitations in the parser IPv6 addresses must NOT
+# begin with a ":", so please add a "0" as a prefix.
+
+###########################
+### Basic configuration ###
+###########################
+# keep this settings at the beginning of your first configuration file
+
+# Debug level (0-9)
+# If set to 0 the daemon runs in the background, unless "NoFork" is set to true
+# (Default is 1)
+
+DebugLevel  0
+
+# IP version to use (4 or 6)
+# (Default is 4)
+
+# IpVersion 4
+
+#################################
+### OLSRd agent configuration ###
+#################################
+# this parameters control the settings of the routing agent which are not
+# related to the OLSR protocol and it's extensions
+
+# Clear the screen each time the internal state changes
+# (Default is yes)
+
+# ClearScreen     yes
+
+# Should olsrd keep on running even if there are
+# no interfaces available? This is a good idea
+# for a PCMCIA/USB hotswap environment.
+# (Default is yes)
+
+# AllowNoInt  yes
+
+# LockFile
+# The lockfile is used to prevent multiple OLSR instances running at the same
+# time.
+# (Linux/BSD default is "/var/run/olsrd-ipv(4/6).lock")
+# (Win32 default is "<configfile>-ipv(4/6).lock")
+
+# LockFile "olsrd.lock"
+
+# Polling rate for OLSR sockets in seconds (float). 
+# (Default is 0.05)
+
+# Pollrate  0.05
+
+# Interval to poll network interfaces for configuration changes (in seconds).
+# Linux systems can detect interface statechange via netlink sockets.
+# (Defaults is 2.5)
+
+# NicChgsPollInt  2.5
+
+# TOS(type of service) value for the IP header of control traffic.
+# (Default is 16)
+
+# TosValue 16
+
+# FIBMetric controls the metric value of the host-routes OLSRd sets.
+# - "flat" means that the metric value is always 2. This is the preferred value
+#   because it helps the linux kernel routing to clean up older routes
+# - "correct" use the hopcount as the metric value.
+# - "approx" use the hopcount as the metric value too, but does only update the
+#   hopcount if the nexthop changes too
+# (Default is "flat")
+
+# FIBMetric "flat"
+
+#######################################
+### Linux specific OLSRd extensions ###
+#######################################
+# these parameters are only working on linux at the moment, but might become
+# useful on BSD in the future
+
+# SrcIpRoutes tells OLSRd to set the Src flag of host routes to the originator-ip
+# of the node. In addition to this an additional localhost device is created
+# to make sure the returning traffic can be received.
+# (Default is "no")
+
+# SrcIpRoutes no
+
+# Specify the proto tag to be used for routes olsr inserts into kernel
+# currently only implemented for linux
+# valid values under linux are 1 .. 254
+# 1 gets remapped by olsrd to 0 UNSPECIFIED (1 is reserved for ICMP redirects)
+# 2 KERNEL routes (not very wise to use)
+# 3 BOOT (should in fact not be used by routing daemons)
+# 4 STATIC 
+# 8 .. 15 various routing daemons (gated, zebra, bird, & co)
+# (defaults to 0 which gets replaced by an OS-specific default value
+# under linux 3 (BOOT) (for backward compatibility)
+
+# RtProto 0
+
+# Specifies the routing Table olsr uses
+# RtTable is for host routes, RtTableDefault for the route to the default
+# internet gateway (2 in case of IPv6+NIIT) and RtTableTunnel is for
+# routes to the ipip tunnels, valid values are 1 to 254
+# There is a special parameter "auto" (choose default below)
+# (with smartgw: default is 254/223/224)
+# (without smartgw: default is 254/254/254, linux main table)
+
+# RtTable auto
+# RtTableDefault auto
+# RtTableTunnel auto
+
+# Specifies the policy rule priorities for the three routing tables and
+# a special rule for smartgateway routing (see README-Olsr-Extensions)
+# Priorities can only be set if three different routing tables are set.
+# if set the values must obey to condition
+# RtTablePriority < RtTableDefaultOlsrPriority
+# < RtTableTunnelPriority < RtTableDefaultPriority.
+# There are two special parameters, "auto" (choose fitting to SmartGW
+# mode) and "none" (do not set policy rule)
+# (with smartgw: default is none/32776/32776/32796)
+# (without smartgw: default is none/none/none/none)
+
+# RtTablePriority auto
+# RtTableDefaultOlsrPriority auto
+# RtTableTunnelPriority auto
+# RtTableDefaultPriority auto
+
+# Activates (in IPv6 mode) the automatic use of NIIT
+# (see README-Olsr-Extensions)
+# (default is "yes")
+
+# UseNiit yes
+
+# Activates the smartgateway ipip tunnel feature.
+# See README-Olsr-Extensions for a description of smartgateways.
+# (default is "yes")
+
+SmartGateway no
+
+# Allows the selection of a smartgateway with NAT (only for IPv4)
+# (default is "yes")
+
+# SmartGatewayAllowNAT yes
+
+# Defines what kind of Uplink this node will publish as a
+# smartgateway. The existence of the uplink is detected by
+# a route to 0.0.0.0/0, ::ffff:0:0/96 and/or 2000::/3.
+# possible values are "none", "ipv4", "ipv6", "both"
+# (default is "both")
+
+# SmartGatewayUplink "both"
+
+# Specifies if the local ipv4 uplink use NAT
+# (default is "yes")
+
+# SmartGatewayUplinkNAT yes
+
+# Specifies the speed of the uplink in kilobit/s.
+# First parameter is upstream, second parameter is downstream
+# (default is 128/1024)
+
+# SmartGatewaySpeed 128 1024
+
+# Specifies the EXTERNAL ipv6 prefix of the uplink. A prefix
+# length of more than 64 is not allowed.
+# (default is 0::/0
+
+# SmartGatewayPrefix 0::/0
+
+##############################
+### OLSR protocol settings ###
+##############################
+
+# For testing purposes it may be nice to use another port for olsrd
+# for using another port than the IANA assigned one 
+# for a production network, there should be a good reason!!
+# valid values are integers >1, please be careful with using reserved
+# port numbers
+# (default is 698, the IANA assigned olsr-port)
+
+# OlsrPort 698
+
+# Sets the main IP (originator ip) of the router. This IP will NEVER
+# change during the uptime of olsrd.
+# (default is 0.0.0.0, which triggers usage of the IP of the first interface)
+
+# MainIp 10.0.0.1
+MainIp <wifi_ip>
+
+# The fixed willingness to use (0-7)
+# If not set willingness will be calculated
+# dynamically based on battery/power status
+# (default is 3)
+
+# Willingness     3
+
+# HNA (Host network association) allows the OLSR to announce
+# additional IPs or IP subnets to the net that are reachable
+# through this node.
+# Syntax for HNA4 is "network-address    network-mask"
+# Syntax for HNA6 is "network-address    prefix-length"
+# (default is no HNA)
+Hna4
+{
+# Internet gateway
+# 0.0.0.0   0.0.0.0
+# specific small networks reachable through this node
+# 15.15.0.0 255.255.255.0
+}
+Hna6
+{
+# Internet gateway
+#   0::                     0
+# specific small networks reachable through this node
+#   fec0:2200:106:0:0:0:0:0 48
+}
+
+
+# Hysteresis for link sensing (only for hopcount metric)
+# Hysteresis adds more robustness to the link sensing
+# but delays neighbor registration.
+# (defaults to yes)
+
+# UseHysteresis yes
+
+# Hysteresis parameters (only for hopcount metric)
+# Do not alter these unless you know what you are doing!
+# Set to auto by default. Allowed values are floating point
+# values in the interval 0,1
+# THR_LOW must always be lower than THR_HIGH!!
+# (default is 0.5/0.8/0.3)
+
+# HystScaling  0.50
+# HystThrHigh  0.80
+# HystThrLow 0.30
+
+# TC redundancy
+# Specifies how much neighbor info should be sent in
+# TC messages. Because of a design problem in the 0.5.x
+# dijkstra implementation this value must be set to 2.
+# 2 - send all neighbors
+# (default is 2)
+
+# TcRedundancy  2
+
+# MPR coverage specifies how many MPRs a node should
+# try select to reach every 2 hop neighbor. Because of
+# a design problem in the 0.5.x dijkstra algorithm this
+# value should be set to 7.
+# (default is 7)
+
+# MprCoverage 7
+
+################################
+### OLSR protocol extensions ###
+################################
+
+# Link quality level switch between hopcount and 
+# cost-based (mostly ETX) routing. Because of
+# a design problem in the 0.5.x dijkstra algorithm this
+# value should not be set to 1.
+# 0 = do not use link quality
+# 2 = use link quality for MPR selection and routing
+# (default is 2)
+
+# LinkQualityLevel 2
+
+# Link quality algorithm (only for lq level 2)
+# (see README-Olsr-Extensions)
+# - "etx_float", a floating point  ETX with exponential aging
+# - "etx_fpm", same as ext_float, but with integer arithmetic
+# - "etx_ff" (ETX freifunk), an etx variant which use all OLSR
+#   traffic (instead of only hellos) for ETX calculation
+# - "etx_ffeth", an incompatible variant of etx_ff that allows
+#   ethernet links with ETX 0.1.
+# (defaults to "etx_ff")
+
+# LinkQualityAlgorithm    "etx_ff"
+
+# Link quality aging factor (only for lq level 2)
+# Tuning parameter for etx_float and etx_fpm, smaller values
+# mean slower changes of ETX value. (allowed values are
+# between 0.01 and 1.0)
+# (default is 0.05)
+
+# LinkQualityAging 0.05
+
+# Fisheye mechanism for TCs (0 meansoff, 1 means on)
+# (default is 1)
+
+# LinkQualityFishEye  1
+
+#
+# NatThreshold 
+#
+# (currently this is only in the freifunk firmware)
+# If the NAT-Endpoint (the preferred 0/0 HNA emitting node)
+# is to be changed, the ETX value of the current 0/0 is 
+# multiplied with the NatThreshold value before being
+# compared to the new one.
+# The parameter can be a value between 0.1 and 1.0, but
+# should be close to 1.0 if changed.
+# WARNING: This parameter should not be used together with
+# the etx_ffeth metric !!
+# (defaults to 1.0)
+
+# NatThreshold  1.0
+
+#############################################################
+### Configuration of the IPC to the windows GUI interface ###
+#############################################################
+
+IpcConnect
+{
+     # Determines how many simultaneously
+     # IPC connections that will be allowed
+     # Setting this to 0 disables IPC
+
+     # MaxConnections  0
+
+     # By default only 127.0.0.1 is allowed
+     # to connect. Here allowed hosts and networks can
+     # be added
+
+     # Host            127.0.0.1
+     # Host            10.0.0.5
+     # Net             192.168.1.0 255.255.255.0     
+}
+
+#####################################
+### Example plugin configurations ###
+#####################################
+# Olsrd plugins to load
+# This must be the absolute path to the file
+# or the loader will use the following scheme:
+# - Try the paths in the LD_LIBRARY_PATH 
+#   environment variable.
+# - The list of libraries cached in /etc/ld.so.cache
+# - /lib, followed by /usr/lib
+#
+# the examples in this list are for linux, so check if the plugin is
+# available if you use windows/BSD.
+# each plugin should have a README file in it's lib subfolder
+
+LoadPlugin "olsrd_arprefresh.so.0.1"
+{
+}
+
+LoadPlugin "olsrd_dot_draw.so.0.3"
+{
+    PlParam      "accept"        "127.0.0.1"
+    PlParam      "port"          "2003"
+}
+
+LoadPlugin "olsrd_httpinfo.so.0.1"
+{
+    # port number the httpinfo plugin will be listening, default 1978
+#   PlParam     "port"   "8000"
+    
+    # ip address that can access the plugin, use "0.0.0.0"
+    # to allow everyone
+#   PlParam     "Host"   "127.0.0.1"
+#   PlParam     "Host"   "80.23.53.22"
+    
+    # networks that can access the plugin (ip/netmask)
+    # careful with 0.0.0.0/0, makes (ddos) attacks poss.
+    PlParam     "Net"    "0.0.0.0 0.0.0.0"
+#   PlParam     "Net"    "192.168.0.0 255.255.0.0"
+    PlParam     "Resolve" "true"
+}
+
+LoadPlugin "olsrd_txtinfo.so.0.1"
+{
+    # port number the txtinfo plugin will be listening, default 2006
+#   PlParam     "port"   "81"
+    # ip address that can access the plugin, use "0.0.0.0"
+    # to allow everyone
+    PlParam     "Accept"   "0.0.0.0"
+}
+
+#LoadPlugin "olsrd_secure.so.0.6"
+#{
+#    PlParam     "Keyfile"   "/etc/olsrd.key"
+#}
+
+#LoadPlugin "olsrd_dyn_gw.so.0.5"
+#{
+    # The plugin check interval can be set here in milliseconds.
+    # The default is 1000 ms (1 second).
+#    PlParam     "CheckInterval"  "5000"
+    
+    # The ping check interval in case there is any pinged host specified.
+    # The default is 5 seconds.
+#    PlParam     "PingInterval"   "40"
+    
+    # If one or more IPv4 addresses are given, do a ping on these in
+    # descending order to validate that there is not only an entry in
+    # routing table, but also a real network connection. If any of
+    # these addresses could be pinged successfully, the test was
+    # succesful, i.e. if the ping on the 1st address was successful,the
+    # 2nd won't be pinged.
+    #
+    # The Ping list applies to the group of HNAs specified above or to the 
+		# default internet gateway when no HNA is specified.
+		#
+		# Running the plugin without parameters acts as the 'old' dyn_gw_plain.
+    
+    #   The following ping entries for the internet gateway
+#    PlParam "Ping"   "141.1.1.1"
+#    PlParam "Ping"   "194.25.2.129"
+    
+    #   First group of HNAs with related ping host
+#    PlParam	"HNA"	   "192.168.80.0 255.255.255.0"
+#    PlParam	"HNA"	   "192.168.81.0 255.255.255.0"
+#    PlParam	"Ping"	 "192.168.81.12"
+    
+    #   Second HNA group with multiple related ping hosts.
+    #   Specifying multiple ping hosts provides redundancy.
+#    PlParam "HNA"    "192.168.100.0 255.255.255.0"
+#    PlParam "HNA"    "192.168.101.0 255.255.255.0"
+#    PlParam "HNA"    "192.168.102.0 255.255.255.0"
+#    PlParam "Ping"   "192.168.100.10"
+#    PlParam "Ping"   "192.168.101.10"
+    
+    #   Third HNA group without ping check
+#    PlParam "HNA"    "192.168.200.0 255.255.255.0"
+#    PlParam "HNA"    "192.168.201.0 255.255.255.0"
+#    PlParam "HNA"    "192.168.202.0 255.255.255.0"
+#}
+
+#LoadPlugin "olsrd_dyn_gw_plain.so.0.4"
+#{
+#}
+
+LoadPlugin "olsrd_watchdog.so.0.1"
+{
+    PlParam      "file"        "/tmp/olsrd.watchdog"
+    PlParam      "interval"    "5"
+}
+
+#############################################
+### OLSRD default interface configuration ###
+#############################################
+# the default interface section can have the same values as the following
+# interface configuration. It will allow you so set common options for all
+# interfaces.
+
+InterfaceDefaults {
+    # Ip4Broadcast      255.255.255.255
+}
+
+######################################
+### OLSRd Interfaces configuration ###
+######################################
+# multiple interfaces can be specified for a single configuration block
+# multiple configuration blocks can be specified
+
+# WARNING, don't forget to insert your interface names here !
+Interface <olsrd_bridge>
+{
+    # Interface Mode is used to prevent unnecessary
+    # packet forwarding on switched ethernet interfaces
+    # valid Modes are "mesh" and "ether"
+    # (default is "mesh")
+
+    # Mode "mesh"
+
+    # IPv4 broadcast address for outgoing OLSR packets.
+    # One usefull example would be 255.255.255.255
+    # The second useful value would be to
+    # specify the peer adress of an ptp-tunnel.
+    # another name of this parameter is "IPv4Multicast"
+    # (default is 0.0.0.0, which triggers the usage of the
+    # interface broadcast IP)
+    
+    # Ip4Broadcast      0.0.0.0
+
+    # IPv6 multicast address
+    # (default is FF02::6D, the manet-router linklocal multicast)
+
+    # IPv6Multicast	FF02::6D
+
+    # IPv4 src address for outgoing OLSR packages
+    # (default is 0.0.0.0, which triggers usage of the interface IP)
+
+    # IPv4Src 0.0.0.0
+
+    # IPv6 src prefix. OLSRd will choose one of the interface IPs
+    # which matches the prefix of this parameter.
+    # (default is 0::/0, which triggers the usage
+    # of a not-linklocal interface IP)
+
+    # IPv6Src 0::/0
+    
+    # Emission intervals in seconds.
+    # If not defined, Freifunk network defaults are used
+    # (default is 2.0/20.0 for Hello and 5.0/300.0 for Tc/Mid/Hna)
+
+    # HelloInterval       2.0
+    # HelloValidityTime  20.0
+    # TcInterval          5.0
+    # TcValidityTime    300.0
+    # MidInterval         5.0
+    # MidValidityTime   300.0
+    # HnaInterval         5.0
+    # HnaValidityTime   300.0
+    
+    # When multiple links exist between hosts
+    # the weight of interface is used to determine
+    # the link to use. Normally the weight is
+    # automatically calculated by olsrd based
+    # on the characteristics of the interface,
+    # but here you can specify a fixed value.
+    # Olsrd will choose links with the lowest value.
+    # Note:
+    # Interface weight is used only when LinkQualityLevel is set to 0.
+    # For any other value of LinkQualityLevel, the interface ETX
+    # value is used instead.
+    # Weight 0
+
+    # If a certain route should be preferred 
+    # or ignored by the mesh, the Link Quality 
+    # value of a node can be multiplied with a factor 
+    # entered here. In the example the route 
+    # using 192.168.0.1 would rather be ignored.
+    # A multiplier of 0.5 will result in a small
+    # (bad) LinkQuality value and a high (bad)
+    # ETX value.
+    # Note:
+    # Link quality multiplier is used only when
+    # LinkQualityLevel is > 0.
+
+    # example 1: reduce LQ to 192.168.0.1 by half
+    # LinkQualityMult 192.168.0.1 0.5
+
+    # example 2: reduce LQ to all nodes on this interface by 20%
+    # LinkQualityMult default 0.8
+}
+

files/etc/config.mesh/system

@@ -0,0 +1,3 @@
+config 'system'
+	option 'hostname' '<NODE>'
+

files/etc/config.mesh/wireless

@@ -0,0 +1,14 @@
+config wifi-device  wl0
+	option type     broadcom
+	option channel  <wifi_channel>
+	option rxant    <wifi_rxant>
+	option txant    <wifi_txant>
+        option distance <wifi_distance>
+
+config wifi-iface
+	option device   wl0
+	option network	wifi
+	option mode     <wifi_mode>
+	option ssid     "<wifi_ssid>"
+	option encryption none
+

files/etc/config.mesh_ap/_setup

@@ -0,0 +1,23 @@
+wifi_proto = bridge
+wifi_mode = ap
+wifi_ssid = <NODE>
+wifi_txpower = 19
+wifi_channel = 6
+wifi_rxant = 3
+wifi_txant = 3
+wifi_distance = 0
+wifi_hidden = 0
+
+lan_proto = static
+lan_ip = 172.27.0.2
+lan_mask = 255.255.255.0
+lan_dhcp = 0
+lan_gw = 172.27.0.1
+
+dhcp_start = 5
+dhcp_end = 25
+dhcp_limit = 20
+
+wan_proto = disabled
+wan_dns1 = 8.8.8.8
+wan_dns2 = 8.8.4.4

files/etc/config.mesh_ap/_setup.default

@@ -0,0 +1,23 @@
+wifi_proto = bridge
+wifi_mode = ap
+wifi_ssid = <NODE>
+wifi_txpower = 19
+wifi_channel = 6
+wifi_rxant = 3
+wifi_txant = 3
+wifi_distance = 0
+wifi_hidden = 0
+
+lan_proto = static
+lan_ip = 172.27.0.2
+lan_mask = 255.255.255.0
+lan_dhcp = 0
+lan_gw = 172.27.0.1
+
+dhcp_start = 5
+dhcp_end = 25
+dhcp_limit = 20
+
+wan_proto = disabled
+wan_dns1 = 8.8.8.8
+wan_dns2 = 8.8.4.4

files/etc/config.mesh_ap/dhcp

@@ -0,0 +1,10 @@
+config dhcp
+	option interface	lan
+	option start 		<dhcp_start>
+	option limit		<dhcp_limit>
+	option leasetime	1h
+        option ignore           <lan_dhcp>
+
+config dhcp
+	option interface	wan
+	option ignore		1

files/etc/config.mesh_ap/dropbear

@@ -0,0 +1,3 @@
+config dropbear
+	option PasswordAuth 'on'
+	option Port         '2222'

files/etc/config.mesh_ap/firewall

@@ -0,0 +1,56 @@
+# Copyright (C) 2006 OpenWrt.org
+#
+# RULE SYNTAX:
+#
+# forward:<intf>:<match>:<target>[:<port>]
+# 	- forwards all packets matched by <match> to <target>,
+# 	  optionally changing the port to <port>
+#
+# accept:<intf>:<match>
+# 	- accepts all traffic matched by <match>
+#
+# drop:<intf>:<match>
+#	- drops all traffic matched by <match>
+#
+# <intf> is the external interface to which the rule applies
+#        value is either "wifi" or "wan"
+#
+#
+# MATCHING OPTIONS:
+#
+# src=<ip>
+# 	- match the source ip <ip>
+#
+# dest=<ip>
+# 	- match the destination ip <ip>
+#
+# proto=<proto>
+# 	- match the protocol by name or number
+#
+# sport=<port(s)>
+# 	- match the source port(s), see below for syntax
+#
+# dport=<port(s)>
+# 	- match the destination port(s), see below for syntax
+#
+#
+#
+# PORT SYNTAX:
+#
+# Arbitrary lists of ports and port ranges are in the following format:
+#   - 22,53,993,1000-1024 
+#
+# If you don't set the protocol to tcp or udp, it will apply to both
+#
+#
+#
+# EXAMPLES:
+#
+# drop:wan:dport=22 src=1.3.3.7
+# accept:wifi:proto=tcp dport=22
+# forward:wifi:dport=60168:192.168.1.2:60169
+
+accept:wan:dport=2222 proto=tcp
+accept:wan:dport=8080 proto=tcp
+accept:wifi:dport=2222 proto=tcp
+accept:wifi:dport=8080 proto=tcp

files/etc/config.mesh_ap/firewall.user

@@ -0,0 +1,30 @@
+#!/bin/sh
+# Copyright (C) 2006 OpenWrt.org
+
+iptables -F input_rule
+iptables -F output_rule
+iptables -F forwarding_rule
+iptables -t nat -F prerouting_rule
+iptables -t nat -F postrouting_rule
+
+# The following chains are for traffic directed at the IP of the 
+# WAN interface
+
+iptables -F input_wan
+iptables -F forwarding_wan
+iptables -t nat -F prerouting_wan
+
+### Open port to WAN
+## -- This allows port 22 to be answered by (dropbear on) the router
+# iptables -t nat -A prerouting_wan -p tcp --dport 22 -j ACCEPT 
+# iptables        -A input_wan      -p tcp --dport 22 -j ACCEPT
+
+### Port forwarding
+## -- This forwards port 8080 on the WAN to port 80 on 192.168.1.2
+# iptables -t nat -A prerouting_wan -p tcp --dport 8080 -j DNAT --to 192.168.1.2:80
+# iptables        -A forwarding_wan -p tcp --dport 80 -d 192.168.1.2 -j ACCEPT
+
+### DMZ
+## -- Connections to ports not handled above will be forwarded to 192.168.1.2
+# iptables -t nat -A prerouting_wan -j DNAT --to 192.168.1.2
+# iptables        -A forwarding_wan -d 192.168.1.2 -j ACCEPT

files/etc/config.mesh_ap/network

@@ -0,0 +1,25 @@
+include /etc/vlan
+
+#### Loopback configuration
+config interface loopback
+	option ifname	"lo"
+	option proto	static
+	option ipaddr	127.0.0.1
+	option netmask	255.0.0.0
+
+
+#### LAN configuration
+config interface lan
+	option type 	bridge
+	option ifname	"eth0.0"
+	option proto	<lan_proto>
+	option ipaddr	<lan_ip>
+	option netmask	<lan_mask>
+	option gateway	<lan_gw>
+        option dns      <lan_gw>
+
+
+#### WAN configuration
+config interface	wan
+	option ifname	"eth0.1"
+	option proto	<wan_proto>

files/etc/config.mesh_ap/system

@@ -0,0 +1,3 @@
+config 'system'
+	option 'hostname' '<NODE>'
+

files/etc/config.mesh_ap/wireless

@@ -0,0 +1,15 @@
+config wifi-device  wl0
+	option type     broadcom
+	option channel  <wifi_channel>
+	option rxant	<wifi_rxant>
+	option txant	<wifi_txant>
+	option distance	<wifi_distance>
+
+config wifi-iface
+	option device   wl0
+	option network	lan
+	option mode     <wifi_mode>
+	option ssid     "<wifi_ssid>"
+	option hidden   <wifi_hidden>
+	option encryption none
+

files/etc/config.router/_setup

@@ -0,0 +1,14 @@
+wifi_proto = disabled
+
+lan_proto = static
+lan_ip = 172.27.3.1
+lan_mask = 255.255.255.0
+lan_dhcp = 1
+
+dhcp_start = 5
+dhcp_end = 25
+dhcp_limit = 20
+
+wan_proto = dhcp
+wan_dns1 = 8.8.8.8
+wan_dns2 = 8.8.4.4

files/etc/config.router/_setup.default

@@ -0,0 +1,14 @@
+wifi_proto = disabled
+
+lan_proto = static
+lan_ip = 172.27.3.1
+lan_mask = 255.255.255.0
+lan_dhcp = 1
+
+dhcp_start = 5
+dhcp_end = 25
+dhcp_limit = 20
+
+wan_proto = dhcp
+wan_dns1 = 8.8.8.8
+wan_dns2 = 8.8.4.4

files/etc/config.router/dhcp

@@ -0,0 +1,10 @@
+config dhcp
+	option interface	lan
+	option start 		<dhcp_start>
+	option limit		<dhcp_limit>
+	option leasetime	1h
+        option ignore           <lan_dhcp>
+
+config dhcp
+	option interface	wan
+	option ignore		1

files/etc/config.router/dropbear

@@ -0,0 +1,3 @@
+config dropbear
+	option PasswordAuth 'on'
+	option Port         '2222'

files/etc/config.router/firewall

@@ -0,0 +1,56 @@
+# Copyright (C) 2006 OpenWrt.org
+#
+# RULE SYNTAX:
+#
+# forward:<intf>:<match>:<target>[:<port>]
+# 	- forwards all packets matched by <match> to <target>,
+# 	  optionally changing the port to <port>
+#
+# accept:<intf>:<match>
+# 	- accepts all traffic matched by <match>
+#
+# drop:<intf>:<match>
+#	- drops all traffic matched by <match>
+#
+# <intf> is the external interface to which the rule applies
+#        value is either "wifi" or "wan"
+#
+#
+# MATCHING OPTIONS:
+#
+# src=<ip>
+# 	- match the source ip <ip>
+#
+# dest=<ip>
+# 	- match the destination ip <ip>
+#
+# proto=<proto>
+# 	- match the protocol by name or number
+#
+# sport=<port(s)>
+# 	- match the source port(s), see below for syntax
+#
+# dport=<port(s)>
+# 	- match the destination port(s), see below for syntax
+#
+#
+#
+# PORT SYNTAX:
+#
+# Arbitrary lists of ports and port ranges are in the following format:
+#   - 22,53,993,1000-1024 
+#
+# If you don't set the protocol to tcp or udp, it will apply to both
+#
+#
+#
+# EXAMPLES:
+#
+# drop:wan:dport=22 src=1.3.3.7
+# accept:wifi:proto=tcp dport=22
+# forward:wifi:dport=60168:192.168.1.2:60169
+
+accept:wan:dport=2222 proto=tcp
+accept:wan:dport=8080 proto=tcp
+accept:wifi:dport=2222 proto=tcp
+accept:wifi:dport=8080 proto=tcp

files/etc/config.router/firewall.user

@@ -0,0 +1,30 @@
+#!/bin/sh
+# Copyright (C) 2006 OpenWrt.org
+
+iptables -F input_rule
+iptables -F output_rule
+iptables -F forwarding_rule
+iptables -t nat -F prerouting_rule
+iptables -t nat -F postrouting_rule
+
+# The following chains are for traffic directed at the IP of the 
+# WAN interface
+
+iptables -F input_wan
+iptables -F forwarding_wan
+iptables -t nat -F prerouting_wan
+
+### Open port to WAN
+## -- This allows port 22 to be answered by (dropbear on) the router
+# iptables -t nat -A prerouting_wan -p tcp --dport 22 -j ACCEPT 
+# iptables        -A input_wan      -p tcp --dport 22 -j ACCEPT
+
+### Port forwarding
+## -- This forwards port 8080 on the WAN to port 80 on 192.168.1.2
+# iptables -t nat -A prerouting_wan -p tcp --dport 8080 -j DNAT --to 192.168.1.2:80
+# iptables        -A forwarding_wan -p tcp --dport 80 -d 192.168.1.2 -j ACCEPT
+
+### DMZ
+## -- Connections to ports not handled above will be forwarded to 192.168.1.2
+# iptables -t nat -A prerouting_wan -j DNAT --to 192.168.1.2
+# iptables        -A forwarding_wan -d 192.168.1.2 -j ACCEPT

files/etc/config.router/network

@@ -0,0 +1,29 @@
+include /etc/vlan
+
+#### Loopback configuration
+config interface loopback
+	option ifname	"lo"
+	option proto	static
+	option ipaddr	127.0.0.1
+	option netmask	255.0.0.0
+
+
+#### LAN configuration
+config interface lan
+	option type 	bridge
+	option ifname	"eth0.0"
+	option proto	<lan_proto>
+	option ipaddr	<lan_ip>
+	option netmask	<lan_mask>
+        option dns      "<wan_dns1> <wan_dns2>"
+	option gateway	<lan_gw>
+
+
+#### WAN configuration
+config interface	wan
+	option ifname	"eth0.1"
+	option proto	<wan_proto>
+	option ipaddr   <wan_ip>
+	option netmask  <wan_mask>
+	option gateway  <wan_gw>
+

files/etc/config.router/system

@@ -0,0 +1,3 @@
+config 'system'
+	option 'hostname' '<NODE>'
+

files/etc/config.router/wireless

@@ -0,0 +1,12 @@
+config wifi-device  wl0
+	option type     broadcom
+	option channel  <wifi_channel>
+	option disabled 1
+
+config wifi-iface
+	option device   wl0
+	option network	lan
+	option mode     <wifi_mode>
+	option ssid     "<wifi_ssid>"
+	option encryption none
+

files/etc/config/dhcp

@@ -0,0 +1,9 @@
+config dhcp
+	option interface	lan
+	option start 	5
+	option limit	20
+	option leasetime	12h
+
+config dhcp
+	option interface	wan
+	option ignore	1

files/etc/config/dropbear

@@ -0,0 +1,3 @@
+config dropbear
+	option PasswordAuth 'on'
+	option Port         '2222'

files/etc/config/firewall

@@ -0,0 +1,53 @@
+# Copyright (C) 2006 OpenWrt.org
+
+# RULE SYNTAX:
+#
+# forward:<match>:<target>[:<port>]
+# 	- forwards all packets matched by <match> to <target>,
+# 	  optionally changing the port to <port>
+#
+# accept:<match>
+# 	- accepts all traffic matched by <match>
+#
+# drop:<match>
+#	- drops all traffic matched by <match>
+#
+#
+# MATCHING OPTIONS:
+#
+# src=<ip>
+# 	- match the source ip <ip>
+#
+# dest=<ip>
+# 	- match the destination ip <ip>
+#
+# proto=<proto>
+# 	- match the protocol by name or number
+#
+# sport=<port(s)>
+# 	- match the source port(s), see below for syntax
+#
+# dport=<port(s)>
+# 	- match the destination port(s), see below for syntax
+#
+#
+#
+# PORT SYNTAX:
+#
+# You can enter an arbitrary list of ports and port ranges in the following format:
+#   - 22,53,993,1000-1024 
+#
+# If you don't set the protocol to tcp or udp, it will apply to both
+#
+#
+#
+# EXAMPLES:
+#
+# drop:dport=22 src=1.3.3.7
+# accept:proto=tcp dport=22
+# forward:dport=60168:192.168.1.2:60169
+
+accept:wan:dport=2222 proto=tcp
+accept:wan:dport=8080 proto=tcp
+accept:wifi:dport=2222 proto=tcp
+accept:wifi:dport=8080 proto=tcp

files/etc/config/system

@@ -0,0 +1,3 @@
+config 'system'
+	option 'hostname' 'NOCALL'
+

files/etc/config/wireless

@@ -0,0 +1,15 @@
+config wifi-device  wl0
+	option type     broadcom
+	option channel  1
+	option rxant    3
+	option txant    3
+        option distance 0
+
+config wifi-iface
+	option device   wl0
+	option network	lan
+	option mode     ap
+	option ssid     "MeshNode"
+	option hidden   0
+	option encryption none
+

files/etc/crontabs/root

@@ -0,0 +1 @@
+*/5 * * * * /usr/local/bin/fccid

files/etc/dnsmasq.conf

@@ -0,0 +1,28 @@
+# filter what we send upstream
+domain-needed
+bogus-priv
+filterwin2k
+localise-queries
+
+# allow /etc/hosts and dhcp lookups via *.lan
+#local=/lan/
+domain=local.mesh
+expand-hosts
+no-negcache
+resolv-file=/tmp/resolv.conf.auto
+
+# include olsr nameservice
+addn-hosts=/var/run/hosts_olsr
+
+dhcp-authoritative
+dhcp-leasefile=/tmp/dhcp.leases
+
+# use /etc/ethers for static hosts; same format as --dhcp-host
+# <hwaddr> <ipaddr>
+read-ethers
+
+# other useful options:
+# default route(s): dhcp-option=3,192.168.1.1,192.168.1.2
+#    dns server(s): dhcp-option=6,192.168.1.1,192.168.1.2
+
+strict-order

files/etc/hosts

@@ -0,0 +1,4 @@
+# automatically generated file - do not edit
+# use /etc/hosts.user for custom entries
+127.0.0.1	localhost
+172.27.0.1	localnode

files/etc/httpd.conf

@@ -0,0 +1,3 @@
+/cgi-bin/setup:root:hsmm
+/cgi-bin/ports:root:hsmm
+/cgi-bin/admin:root:hsmm

files/etc/init.d/dnsmasq

@@ -0,0 +1,265 @@
+#!/bin/sh /etc/rc.common
+# Copyright (C) 2007 OpenWrt.org
+
+START=60
+DNS_SERVERS=""
+
+dhcp_calc() {
+	local ip="$1"
+	local res=0
+
+	while [ -n "$ip" ]; do
+		part="${ip%%.*}"
+		res="$(($res * 256))"
+		res="$(($res + $part))"
+		[ "${ip%.*}" != "$ip" ] && ip="${ip#*.}" || ip=
+	done
+	echo "$res"
+}
+
+append_bool() {
+	local section="$1"
+	local option="$2"
+	local value="$3"
+	local _loctmp
+	config_get_bool _loctmp "$section" "$option"
+	[ "$_loctmp" -gt 0 ] && append args "$3"
+}
+
+append_not_bool() {
+	local section="$1"
+	local option="$2"
+	local value="$3"
+	local _loctmp
+	config_get_bool _loctmp "$section" "$option"
+	[ "$_loctmp" -eq 0 ] && append args "$3"
+}
+
+append_parm() {
+	local section="$1"
+	local option="$2"
+	local switch="$3"
+	local _loctmp
+	config_get _loctmp "$section" "$option"
+	[ -z "$_loctmp" ] && return 0
+	append args "$switch $_loctmp"
+}
+
+dnsmasq() {
+	local cfg="$1"
+	append_bool "$cfg" authoritative "-K"
+	append_bool "$cfg" nodaemon "-d"
+	append_bool "$cfg" domainneeded "-D"
+	append_bool "$cfg" filterwin2k "-f"
+	append_bool "$cfg" nohosts "-h"
+	append_bool "$cfg" nonegcache "-N"
+	append_bool "$cfg" strictorder "-o"
+	append_bool "$cfg" logqueries "-q"
+	append_bool "$cfg" noresolv "-R"
+	append_bool "$cfg" localise_queries "-y"
+	append_bool "$cfg" readethers "-Z"
+	append_bool "$cfg" dbus "-l"
+
+	append_parm "$cfg" dnsforwardmax "-0"
+	append_parm "$cfg" port "-p"
+	append_parm "$cfg" ednspacket_max "-P"
+	append_parm "$cfg" dhcpleasemax "-X"
+
+	config_get addnhosts "$cfg" addnhosts
+	config_get interface "$cfg" interface
+	config_get exceptinterface "$cfg" exceptinterface
+	config_get queryport "$cfg" queryport
+	config_get domain "$cfg" domain
+}
+
+dhcp_subscrid_add() {
+	local cfg="$1"
+
+	config_get name "$cfg" name
+	[ -n "$name" ] || return 0
+
+	config_get subscriberid "$cfg" subscriberid
+	[ -n "$subscriberid" ] || return 0
+
+	append args "--dhcp-subscrid=$name,$subscriberid"
+
+	dhcp_option_add "$cfg" "$name"
+}
+
+dhcp_remoteid_add() {
+	local cfg="$1"
+
+	config_get name "$cfg" name
+	[ -n "$name" ] || return 0
+
+	config_get remoteid "$cfg" remoteid
+	[ -n "$remoteid" ] || return 0
+
+	append args "--dhcp-remoteid=$name,$remoteid"
+
+	dhcp_option_add "$cfg" "$name"
+}
+
+dhcp_circuitid_add() {
+	local cfg="$1"
+
+	config_get name "$cfg" name
+	[ -n "$name" ] || return 0
+
+	config_get circuitid "$cfg" circuitid
+	[ -n "$circuitid" ] || return 0
+
+	append args "--dhcp-circuitid=$name,$circuitid"
+
+	dhcp_option_add "$cfg" "$name"
+}
+
+dhcp_userclass_add() {
+	local cfg="$1"
+
+	config_get name "$cfg" name
+	[ -n "$name" ] || return 0
+
+	config_get userclass "$cfg" userclass
+	[ -n "$userclass" ] || return 0
+
+	append args "--dhcp-userclass=$name,$userclass"
+
+	dhcp_option_add "$cfg" "$name"
+}
+
+dhcp_vendorclass_add() {
+	local cfg="$1"
+
+	config_get name "$cfg" name
+	[ -n "$name" ] || return 0
+
+	config_get vendorclass "$cfg" vendorclass
+	[ -n "$vendorclass" ] || return 0
+
+	append args "--dhcp-vendorclass=$name,$vendorclass"
+
+	dhcp_option_add "$cfg" "$name"
+}
+
+dhcp_host_add() {
+	local cfg="$1"
+
+	config_get name "$cfg" name
+	[ -n "$name" ] || return 0
+
+	config_get mac "$cfg" mac
+	[ -n "$mac" ] || return 0
+
+
+	append args "--dhcp-host=$mac,$ip"
+
+	dhcp_option_add "$cfg" "$name"
+}
+
+dhcp_mac_add() {
+	local cfg="$1"
+
+	config_get name "$cfg" name
+	[ -n "$name" ] || return 0
+
+	config_get mac "$cfg" mac
+	[ -n "$mac" ] || return 0
+
+	append args "--dhcp-mac=$name,$mac"
+
+	dhcp_option_add "$cfg" "$name"
+}
+
+dhcp_add() {
+	local cfg="$1"
+	config_get net "$cfg" interface
+	[ -n "$net" ] || return 0
+
+	config_get name "$cfg" name
+	[ -n "$name" ] || name="$net"
+
+	config_get ifname "$net" ifname
+	[ -n "$ifname" ] || return 0
+
+	config_get dnsserver "$net" dns
+	[ -n "$dnsserver" ] && {
+		DNS_SERVERS="$DNS_SERVERS $dnsserver"
+	}
+
+	if [ "$ifname" == "eth0.0" ]; then
+		append_bool "$cfg" ignore "--no-dhcp-interface=eth0.0"
+	else
+		append_bool "$cfg" ignore "-I $ifname"
+	fi
+
+	config_get proto "$net" proto
+	[ static = "$proto" ] || return 0
+
+	config_get ipaddr "$net" ipaddr
+	config_get netmask "$net" netmask
+
+	#check for an already active dhcp server on the interface, unless 'force' is set
+	config_get_bool force "$cfg" force 0
+	[ "$force" -gt 0 ] || {
+		udhcpc -n -q -R -s /bin/true -t 1 -i $ifname >&- && return 0
+	}
+
+	config_get start "$cfg" start
+	config_get limit "$cfg" limit
+	config_get leasetime "$cfg" leasetime
+	config_get options "$cfg" options
+
+	leasetime="${leasetime:-12h}"
+	start="$(dhcp_calc "${start:-100}")"
+	limit="$((${limit:-150} + 1))"
+	eval "$(ipcalc.sh $ipaddr $netmask $start $limit)"
+	append_not_bool "$cfg" ignore "--dhcp-range=$name,$START,$END,$NETMASK,$leasetime${options:+ $options}"
+
+	dhcp_option_add "$cfg" "$name"
+}
+
+dhcp_option_add() {
+	local cfg="$1"
+	local name="$2"
+
+	for count in $(seq 0 100); do
+		eval current_value=\$CONFIG_"$cfg"_dhcp"$count"
+		if [ -z "$current_value" ]; then
+			let "count-=1"
+			break
+		fi
+		append args "-O $name","$current_value"
+	done
+
+}
+
+start() {
+	include /lib/network
+	scan_interfaces
+	config_load /var/state/network
+	config_load dhcp
+
+	args=""
+	config_foreach dnsmasq dnsmasq
+	config_foreach dhcp_host_add host
+	config_foreach dhcp_mac_add mac
+	config_foreach dhcp_vendorclass_add vendorclass
+	config_foreach dhcp_userclass_add userclass
+	config_foreach dhcp_circuitid_add circuitid
+	config_foreach dhcp_remoteid_add remoteid
+	config_foreach dhcp_subscrid_add subscrid
+	config_foreach dhcp_add dhcp
+
+	/usr/sbin/dnsmasq $args && {
+		rm -f /tmp/resolv.conf
+		DNS_SERVERS="127.0.0.1 $DNS_SERVERS"
+		for DNS_SERVER in $DNS_SERVERS ; do
+			echo "nameserver $DNS_SERVER" >> /tmp/resolv.conf
+		done
+	}
+}
+
+stop() {
+	killall dnsmasq
+}

files/etc/init.d/dropbear

@@ -0,0 +1,57 @@
+#!/bin/sh /etc/rc.common
+# Copyright (C) 2006 OpenWrt.org
+START=50
+# Copyright (C) 2006 Carlos Sobrinho
+
+config_cb() {
+	local cfg="$CONFIG_SECTION"
+	local nopasswd
+	local cfgt
+	config_get cfgt "$cfg" TYPE
+
+	case "$cfgt" in
+		dropbear)
+			config_get passauth $cfg PasswordAuth
+			config_get port $cfg Port
+
+			case "$passauth" in
+				no|off|disabled|0) nopasswd=1;;
+			esac
+			DROPBEAR_ARGS="${nopasswd:+-s }${port:+-p $port}"
+		;;
+	esac
+}
+
+keygen() {
+	for keytype in rsa dss; do
+		# check for keys
+		key=dropbear/dropbear_${keytype}_host_key
+		[ -f /tmp/$key -o -f /etc/$key ] || {
+			# generate missing keys
+			mkdir -p /tmp/dropbear
+			[ -x /usr/bin/dropbearkey ] && {
+				/usr/bin/dropbearkey -t $keytype -f /tmp/$key 2>&- >&- && exec /etc/rc.common "$initscript" start
+			} &
+		exit 0
+		}
+	done
+
+	lock /tmp/.switch2jffs
+	mkdir -p /etc/dropbear
+	mv /tmp/dropbear/dropbear_* /etc/dropbear/
+	lock -u /tmp/.switch2jffs
+	chown root /etc/dropbear
+	chmod 0700 /etc/dropbear
+}
+
+start() {
+	[ -f /etc/dropbear/dropbear_rsa_host_key -a \
+	  -f /etc/dropbear/dropbear_dss_host_key ] || keygen
+	
+	config_load dropbear
+	/usr/sbin/dropbear $DROPBEAR_ARGS
+}
+
+stop() {
+	killall dropbear
+}

files/etc/init.d/firewall

@@ -0,0 +1,163 @@
+#!/bin/sh /etc/rc.common
+# Copyright (C) 2006 OpenWrt.org
+
+## Please make changes in /etc/firewall.user
+START=45
+start() {
+	include /lib/network
+	scan_interfaces
+	config_load /var/state/network
+	
+	config_get WAN wan ifname
+	config_get WANDEV wan device
+	config_get LAN lan ifname
+	config_get LAN_IP lan ipaddr
+	config_get LAN_MASK lan netmask
+	config_get WIFI wifi ifname
+	config_get WIFI_MASK wifi netmask
+	
+	if [ -n "$WIFI" ]; then
+		WIFI_IP=`ifconfig $WIFI | grep "inet addr" | cut -f2 -d: | cut -f1 -d' '`
+		[ -n "$WIFI_IP" ] || WIFI=""
+	fi
+
+	## CLEAR TABLES
+	for T in filter nat; do
+		iptables -t $T -F
+		iptables -t $T -X
+	done
+	
+	iptables -N input_rule
+	iptables -N input_wan
+	iptables -N input_wifi
+	iptables -N output_rule
+	iptables -N forwarding_rule
+	iptables -N forwarding_wan
+	iptables -N forwarding_wifi
+
+	iptables -t nat -N NEW
+	iptables -t nat -N prerouting_rule
+	iptables -t nat -N prerouting_wan
+	iptables -t nat -N prerouting_wifi
+	iptables -t nat -N postrouting_rule
+	
+	iptables -N LAN_ACCEPT
+	[ -z "$WIFI" ] || iptables -A LAN_ACCEPT -i "$WIFI" -j RETURN
+	[ -z "$WAN" ]  || iptables -A LAN_ACCEPT -i "$WAN"  -j RETURN
+	[ -z "$WANDEV" -o "$WANDEV" = "$WAN" ] || iptables -A LAN_ACCEPT -i "$WANDEV" -j RETURN
+	iptables -A LAN_ACCEPT -j ACCEPT
+	
+	### INPUT
+	###  (connections with the router as destination)
+	
+	# base case
+	iptables -P INPUT DROP
+	[ -z "$WIFI" ] || iptables -A INPUT -i $WIFI -d \! $WIFI_IP -j ACCEPT
+	iptables -A INPUT -m state --state INVALID -j DROP
+	iptables -A INPUT -m state --state RELATED,ESTABLISHED -j ACCEPT
+	iptables -A INPUT -p tcp --tcp-flags SYN SYN --tcp-option \! 2 -j  DROP
+	
+	# accept everything for the node when in dmz mode (now known as direct mode)
+	[ -e /etc/config/dmz-mode ] && iptables -A INPUT -d $WIFI_IP -j ACCEPT
+	
+	#
+	# insert accept rule or to jump to new accept-check table here
+	#
+	iptables -A INPUT -j input_rule
+	[ -z "$WIFI" ] || iptables -A INPUT -i $WIFI -j input_wifi
+	[ -z "$WAN" ]  || iptables -A INPUT -i $WAN  -j input_wan
+	
+	# allow
+	iptables -A INPUT -j LAN_ACCEPT	# allow from lan/wifi interfaces 
+	iptables -A INPUT -p icmp	-j ACCEPT	# allow ICMP
+	iptables -A INPUT -p gre	-j ACCEPT	# allow GRE
+	
+	# reject (what to do with anything not allowed earlier)
+	iptables -A INPUT -p tcp -j REJECT --reject-with tcp-reset
+	iptables -A INPUT -j REJECT --reject-with icmp-port-unreachable
+	
+	### OUTPUT
+	### (connections with the router as source)
+	
+	# base case
+	iptables -P OUTPUT DROP
+	iptables -A OUTPUT -m state --state INVALID -j DROP
+	iptables -A OUTPUT -m state --state RELATED,ESTABLISHED -j ACCEPT
+	
+	#
+	# insert accept rule or to jump to new accept-check table here
+	#
+	iptables -A OUTPUT -j output_rule
+	
+	# allow
+	iptables -A OUTPUT -j ACCEPT		#allow everything out
+	
+	### FORWARDING
+	### (connections routed through the router)
+	
+	# base case
+	iptables -P FORWARD DROP 
+	[ -z "$WIFI" ] || iptables -A FORWARD -i $WIFI -d \! $WIFI_IP -j ACCEPT
+	iptables -A FORWARD -m state --state INVALID -j DROP
+	iptables -A FORWARD -p tcp --tcp-flags SYN,RST SYN -j TCPMSS --clamp-mss-to-pmtu
+	iptables -A FORWARD -m state --state RELATED,ESTABLISHED -j ACCEPT
+	
+	#
+	# insert accept rule or to jump to new accept-check table here
+	#
+	iptables -A FORWARD -j forwarding_rule
+	[ -z "$WIFI" ] || iptables -A FORWARD -i $WIFI -j forwarding_wifi
+	[ -z "$WAN" ]  || iptables -A FORWARD -i $WAN  -j forwarding_wan
+	
+	# allow
+	iptables -A FORWARD -i $LAN -o $LAN -j ACCEPT
+	[ -z "$WIFI" ] || iptables -A FORWARD -i $LAN -o $WIFI -j ACCEPT
+	[ -z "$WAN" ]  || iptables -A FORWARD -i $LAN -o $WAN  -j ACCEPT
+	
+	# reject (what to do with anything not allowed earlier)
+	iptables -A FORWARD -j REJECT
+	
+	### MASQ
+	if [ -z "$WIFI" -o -e /etc/config/dmz-mode ]; then
+	    iptables -t nat -A PREROUTING -m state --state NEW -p tcp -j NEW 
+	    iptables -t nat -A PREROUTING -j prerouting_rule
+	    [ -z "$WAN" ]  || iptables -t nat -A PREROUTING -i "$WAN"  -j prerouting_wan
+	    iptables -t nat -A POSTROUTING -j postrouting_rule
+	    [ -z "$WAN" ]  || iptables -t nat -A POSTROUTING -o $WAN  -j MASQUERADE
+	    iptables -t nat -A NEW -m limit --limit 50 --limit-burst 100 -j RETURN && \
+		iptables -t nat -A NEW -j DROP
+	else
+	    eval `ipcalc.sh $WIFI_IP $WIFI_MASK`
+	    iptables -t nat -A PREROUTING -m state --state NEW -p tcp -j NEW 
+	    iptables -t nat -A PREROUTING -j prerouting_rule
+	    [ -z "$WIFI" ] || iptables -t nat -A PREROUTING -i "$WIFI" -j prerouting_wifi
+	    [ -z "$WAN" ]  || iptables -t nat -A PREROUTING -i "$WAN"  -j prerouting_wan
+	    iptables -t nat -A POSTROUTING -j postrouting_rule
+	    [ -z "$WIFI" ] || iptables -t nat -A POSTROUTING -s \! $NETWORK/$PREFIX -o $WIFI -j MASQUERADE
+	    [ -z "$WAN" ]  || iptables -t nat -A POSTROUTING -o $WAN  -j MASQUERADE
+	    iptables -t nat -A NEW -m limit --limit 50 --limit-burst 100 -j RETURN && \
+		iptables -t nat -A NEW -j DROP
+	fi
+
+	## USER RULES
+	[ -f /etc/config/firewall.user ] && . /etc/config/firewall.user
+	[ \( -n "$WAN" -o -n "$WIFI" \) -a -e /etc/config/firewall ] && {
+		[ -z "$WIFI" ] || export WIFI
+		[ -z "$WAN" ]  || export WAN
+		eval `ipcalc.sh $LAN_IP $LAN_MASK`
+		awk -f /usr/lib/common.awk -f /usr/lib/firewall.awk LAN_NET=$NETWORK/$PREFIX /etc/config/firewall | ash
+	}
+}
+
+stop() {
+	iptables -P INPUT ACCEPT
+	iptables -P OUTPUT ACCEPT
+	iptables -P FORWARD ACCEPT
+	iptables -F
+	iptables -X
+	iptables -t nat -P PREROUTING ACCEPT
+	iptables -t nat -P POSTROUTING ACCEPT
+	iptables -t nat -P OUTPUT ACCEPT
+	iptables -t nat -F
+	iptables -t nat -X
+}

files/etc/init.d/httpd

@@ -0,0 +1,14 @@
+#!/bin/sh /etc/rc.common
+# Copyright (C) 2006 OpenWrt.org
+START=50
+
+start() {
+	include /lib/network
+	scan_interfaces
+        config_get ifname wan hostname
+	[ -d /www ] && httpd -p 8080 -h /www -r ${hostname:-OpenWrt}
+}
+
+stop() {
+	killall httpd
+}

files/etc/init.d/linkled

@@ -0,0 +1,13 @@
+#!/bin/sh /etc/rc.common
+# Copyright (C) 2006 OpenWrt.org
+
+START=95
+
+start() {
+  #/usr/local/bin/linkled
+  echo -n
+}
+
+stop() {
+  killall linkled
+}

files/etc/init.d/local

@@ -0,0 +1,19 @@
+#!/bin/sh /etc/rc.common
+# Copyright (C) 2006 OpenWrt.org
+
+START=99
+boot() {
+  
+  # extract kamikaze generated vlan config
+  [ -f /etc/vlan ] || head -n5 /etc/config/network > /etc/vlan
+  
+  # setup nvram variables
+  # now just a remnant of what was /usr/local/bin/nvram-setup
+  if [ "`nvram get boot_wait`" != "on" ]; then
+    nvram set boot_wait=on
+    nvram commit
+  fi
+
+  # run mode specific setup
+  [ -x /etc/config/local ] && /etc/config/local
+}

files/etc/init.d/netconfig

@@ -0,0 +1,154 @@
+#!/bin/sh /etc/rc.common
+# Copyright (C) 2006 OpenWrt.org
+
+START=05
+
+start() {
+	[ -e /etc/config/network ] && exit 0
+
+	mkdir -p /etc/config
+
+	(
+		if grep -E 'mtd0: 000(6|a)0000' /proc/mtd 2>&- >&-; then
+			# WGT634u
+			echo boardtype=wgt634u
+		else
+			strings "$(find_mtd_part nvram)"
+		fi
+	) | awk '
+	function p(cfgname, name) {
+		if (c[name] != "") print "	option " cfgname "	\"" c[name] "\""
+	}
+
+	function macinc(mac, maca, i, result) {
+		split(mac, maca, ":")
+		for (i = 1; i <= 6; i++) maca[i] = "0x" maca[i]
+		if (++maca[6] > 0xff) {
+			maca[5]++
+			maca[6] = 0
+		}
+		for (i = 1; i <= 6; i++) {
+			if (i != 1) result = result ":"
+			result = result sprintf("%02x", maca[i])
+		}
+		return result
+	}
+
+	BEGIN {
+		FS="="
+		c["lan_ifname"]="eth0.0"
+		c["wan_ifname"]="eth0.1"
+		c["vlan0ports"]="1 2 3 4 5*"
+		c["vlan1ports"]="0 5"
+		getline < "/proc/diag/model"
+		model=$0
+		for (i = 0; i < 6; i++) {
+			if (mac_check != "") mac_check = mac_check ":"
+			mac_check = mac_check "[0-9a-fA-F][0-9a-fA-F]"
+		}
+	}
+
+	($1 == "boardnum") || ($1 == "boardtype") || ($1 == "boardflags") || ($1 ~ /macaddr/) {
+		nvram[$1] = $2
+	}
+
+	END {
+		if ((model == "ASUS WL-HDD") || (model == "ASUS WL-300g") || (model == "Linksys WAP54G V1")) {
+			c["wan_ifname"] = ""
+			c["lan_ifname"] = "eth1"
+		}
+		if (model == "ASUS WL-500g") {
+			c["wan_ifname"] = "eth1"
+			c["lan_ifname"] = "eth0"
+		}
+		if (model == "Dell TrueMobile 2300") {
+			c["vlan0ports"] = "0 1 2 3 5*"
+			c["vlan1ports"] = "4 5"
+		}
+		if (nvram["boardtype"] == "bcm94710r4") {
+			# Toshiba WRC-1000
+			c["lan_ifname"] = "eth0"
+			c["wan_ifname"] = "eth1"
+		}
+		if (nvram["boardtype"] == "wgt634u") {
+			c["vlan0ports"] = "0 1 2 3 5*"
+			c["vlan1ports"] = "4 5"
+		}
+		if (nvram["boardtype"] == "0x0467") {
+			c["vlan0ports"] = "0 1 2 3 5*"
+			c["vlan1ports"] = "4 5"
+		}
+		if ((nvram["boardtype"] == "0x042f") || (nvram["boardtype"] == "0x0472")) {
+			if (nvram["boardnum"] == "45") {
+				# WL-500gP
+				c["vlan0ports"] = "1 2 3 4 5*"
+				c["vlan1ports"] = "0 5"
+			} else {
+				# Generic BCM94704
+				c["vlan0ports"] = "0 1 2 3 4 5u"
+				c["vlan1ports"] = ""
+				c["lan_ifname"] = "eth0"
+				c["wan_ifname"] = "eth1"
+
+				# MAC addresses on 4704 tend to be screwed up. Add a workaround here
+				if (nvram["et0macaddr"] ~ mac_check) {
+					c["lan_macaddr"] = nvram["et0macaddr"]
+					c["wan_macaddr"] = macinc(c["lan_macaddr"])
+				}
+			}
+		}
+
+		# WAP54G
+		if ((nvram["boardnum"] == "2") || \
+			(nvram["boardnum"] == "1024")) {
+			c["lan_ifname"]="eth0"
+			c["wan_ifname"]=""
+		}
+
+		# ASUS WL-700gE
+		# These are actually same as defaults above. For some reason this script applies
+		# Generic BCM94704 settings instead so we revert to proper settings here.
+		# Hopefully someone will fix this properly soon.
+		if (model == "ASUS WL-700gE") {
+			c["lan_ifname"]="eth0.0"
+			c["wan_ifname"]="eth0.1"
+			c["vlan0ports"]="1 2 3 4 5*"
+			c["vlan1ports"]="0 5"
+		}
+
+		if (model == "Motorola WR850G V2/V3") {
+			c["vlan0ports"]="0 1 2 3 5*"
+			c["vlan1ports"]="4 5"
+		}
+
+		print "#### VLAN configuration "
+		print "config switch eth0"
+		p("vlan0", "vlan0ports")
+		p("vlan1", "vlan1ports")
+		print ""
+		print ""
+		print "#### Loopback configuration"
+		print "config interface loopback"
+		print "	option ifname	\"lo\""
+		print "	option proto	static"
+		print "	option ipaddr	127.0.0.1"
+		print "	option netmask	255.0.0.0"
+		print ""
+		print ""
+		print "#### LAN configuration"
+		print "config interface lan"
+		print "	option type 	bridge"
+		p("ifname", "lan_ifname")
+		p("macaddr", "lan_macaddr")
+		print "	option proto	static"
+		print "	option ipaddr	172.27.0.1"
+		print "	option netmask	255.255.255.0"
+		print ""
+		print ""
+		print "#### WAN configuration"
+		print "config interface	wan"
+		p("ifname", "wan_ifname")
+		p("macaddr", "wan_macaddr")
+		print "	option proto	dhcp"
+	}' > /etc/config/network
+}

files/etc/init.d/ntpclient

@@ -0,0 +1,14 @@
+#!/bin/sh /etc/rc.common
+START=70
+
+start() {
+  {
+    while ! ping -c1 us.pool.ntp.org >/dev/null 2>&1; do sleep 60; done
+    /usr/sbin/ntpclient -s -l -h us.pool.ntp.org >/dev/null 2>&1;
+  } &
+}
+
+stop() {
+  killall ntpclient
+}
+

files/etc/init.d/olsrd

@@ -0,0 +1,27 @@
+#!/bin/sh /etc/rc.common
+# Copyright (C) 2006 OpenWrt.org
+START=50
+
+BIN=olsrd
+DEFAULT=/etc/default/olsrd
+RUN_D=/var/run
+PID_F=$RUN_D/$BIN.pid
+
+start() {
+	# generate the config file
+        /usr/local/bin/olsrd-config || exit 1
+
+	# start the daemon
+	[ -f $DEFAULT ] && . $DEFAULT
+	$BIN -f /tmp/olsrd.conf -nofork $OPTIONS &
+	
+	# write pid file (but strip out own pid ($$))
+	mkdir -p $RUN_D
+	PID=`pidof $BIN`
+	echo ${PID%$$} > $PID_F
+}
+
+stop() {
+	killall olsrd
+}
+

files/etc/ipkg.conf

@@ -0,0 +1,4 @@
+src release http://broadband-hamnet.org/download/kamikaze/7.09/brcm-2.4/packages
+src packages http://broadband-hamnet.org/download/kamikaze/7.09/packages/mipsel
+dest root /
+dest ram /tmp

files/etc/mesh-release

@@ -0,0 +1 @@
+1.0.0

files/etc/olsrd.key

@@ -0,0 +1 @@
+64509bfa335a2864a34a0e7e296593c9

files/etc/passwd

@@ -0,0 +1,2 @@
+root:$1$HKbcBnZl$Nl5jwzjejikuGScKRKBrT1:0:0:root:/tmp:/bin/ash
+nobody:*:65534:65534:nobody:/var:/bin/false

files/etc/permpkg

@@ -0,0 +1,35 @@
+base-files-brcm-2.4
+bridge
+busybox
+dnsmasq
+dropbear
+ip6tables
+iptables
+kernel
+kmod-brcm-wl
+kmod-diag
+kmod-ipt-nathelper
+kmod-iptunnel4
+kmod-ipv6
+kmod-ppp
+kmod-pppoe
+kmod-switch
+kmod-wlcompat
+libgcc
+libpthread
+microperl
+mrd6
+mtd
+ndisc6
+ntpclient
+nvram
+ppp
+ppp-mod-pppoe
+rdisc6
+tcptraceroute6
+uclibc
+uclibcxx
+udp-broadcast-relay
+wireless-tools
+wlc
+xinetd

files/etc/profile

@@ -0,0 +1,14 @@
+#!/bin/sh
+[ -f /etc/banner ] && cat /etc/banner
+
+export PATH=/usr/local/bin:/bin:/sbin:/usr/bin:/usr/sbin
+export HOME=/tmp
+export PS1='\u@\h:\w\$ '
+
+[ -x /bin/more ] || alias more=less
+[ -x /usr/bin/vim ] && alias vi=vim || alias vim=vi
+
+[ -z "$KSH_VERSION" -o \! -s /etc/mkshrc ] || . /etc/mkshrc
+
+[ -x /sbin/arp ] || arp() { cat /proc/net/arp; }
+[ -z /bin/ldd ] || ldd() { LD_TRACE_LOADED_OBJECTS=1 $*; }

files/etc/services

@@ -0,0 +1,46 @@
+## Keyword         Decimal    Description                     References
+# -------         -------    -----------                     ----------
+#                 0/tcp    Reserved
+#                 0/udp    Reserved
+#                          Jon Postel <postel@isi.edu>
+tcpmux            1/tcp    # TCP Port Service Multiplexer
+tcpmux            1/udp    # TCP Port Service Multiplexer
+compressnet       2/tcp    # Management Utility
+compressnet       2/udp    # Management Utility
+compressnet       3/tcp    # Compression Process
+compressnet       3/udp    # Compression Process
+rje               5/tcp    # Remote Job Entry
+rje               5/udp    # Remote Job Entry
+echo              7/tcp    Echo
+echo              7/udp    Echo
+discard           9/tcp    # Discard 
+discard           9/udp    # Discard 
+discard           9/dccp   # Discard SC:DISC
+systat           11/tcp    users	# Active Users
+systat           11/udp    users	# Active Users
+daytime          13/tcp    # Daytime (RFC 867)
+daytime          13/udp    # Daytime (RFC 867)
+netstat          15/tcp    # Unassigned [was netstat]
+qotd             17/tcp    quote	# Quote of the Day
+qotd             17/udp    quote	# Quote of the Day
+msp              18/tcp    # Message Send Protocol
+msp              18/udp    # Message Send Protocol
+chargen          19/tcp    # Character Generator
+chargen          19/udp    # Character Generator
+ftp-data         20/tcp    # File Transfer [Default Data]
+ftp-data         20/udp    # File Transfer [Default Data]
+ftp              21/tcp    # File Transfer [Control]
+fsp              21/udp    # File Transfer [Control]
+ssh              22/tcp    # SSH Remote Login Protocol
+ssh              22/udp    # SSH Remote Login Protocol
+telnet           23/tcp    # Telnet
+telnet           23/udp    # Telnet
+smtp             25/tcp    mail		# Simple Mail Transfer
+smtp             25/udp    mail		# Simple Mail Transfer
+nsw-fe           27/tcp    # NSW User System FE
+nsw-fe           27/udp    # NSW User System FE
+msg-icp          29/tcp    # MSG ICP
+msg-icp          29/udp    # MSG ICP
+msg-auth         31/tcp    # MSG Authentication
+msg-auth         31/udp    # MSG Authentication
+dotdraw          2004/tcp  # olsrd dot draw plugin

files/etc/xinetd.d/dotdraw

@@ -0,0 +1,15 @@
+# description: a workaround for the overly restrictive olsr dot_draw plugin
+# - open up the port to anyone instead of just one specific ip address
+
+service dotdraw
+{
+        disable         = no
+        socket_type     = stream
+        protocol        = tcp
+        wait            = no
+        user            = root
+        group           = root
+        server          = /usr/bin/nc
+        server_args     = 127.0.0.1 2003
+}
+                                                                                

files/lib/wifi/broadcom.sh

@@ -0,0 +1,275 @@
+append DRIVERS "broadcom"
+
+scan_broadcom() {
+	local device="$1"
+	local wds
+	local adhoc sta apmode
+	local adhoc_if sta_if ap_if
+
+	config_get vifs "$device" vifs
+	for vif in $vifs; do
+		config_get mode "$vif" mode
+		case "$mode" in
+			adhoc)
+				adhoc=1
+				adhoc_if="$vif"
+			;;
+			sta)
+				sta=1
+				sta_if="$vif"
+			;;
+			ap)
+				apmode=1
+				ap_if="${ap_if:+$ap_if }$vif"
+			;;
+			wds)
+				config_get addr "$vif" bssid
+				[ -z "$addr" ] || append wds "$addr"
+			;;
+			*) echo "$device($vif): Invalid mode";;
+		esac
+	done
+	config_set "$device" wds "$wds"
+
+	local _c=
+	for vif in ${adhoc_if:-$sta_if $ap_if}; do
+		config_set "$vif" ifname "wl0${_c:+.$_c}"
+		_c=$((${_c:-0} + 1))
+	done
+	config_set "$device" vifs "${adhoc_if:-$sta_if $ap_if}"
+
+	ifdown="down"
+	for vif in 0 1 2 3; do
+		append ifdown "vif $vif" "$N"
+		append ifdown "enabled 0" "$N"
+	done
+
+	ap=1
+	infra=1
+	mssid=1
+	apsta=0
+	radio=1
+	case "$adhoc:$sta:$apmode" in
+		1*)
+			ap=0
+			mssid=0
+			infra=0
+		;;
+		:1:1)
+			apsta=1
+			wet=1
+		;;
+		:1:)
+			wet=1
+			ap=0
+			mssid=0
+		;;
+		::)
+			radio=0
+		;;
+	esac
+}
+
+disable_broadcom() {
+	set_wifi_down "$1"
+	wlc down
+	(
+		include /lib/network
+
+		# make sure the interfaces are down and removed from all bridges
+		for dev in wl0 wl0.1 wl0.2 wl0.3; do
+			ifconfig "$dev" down 2>/dev/null >/dev/null && {
+				unbridge "$dev"
+			}
+		done
+	)
+	true
+}
+
+enable_broadcom() {
+	local _c
+	config_get channel "$device" channel
+	config_get country "$device" country
+	config_get maxassoc "$device" maxassoc
+	config_get wds "$device" wds
+	config_get vifs "$device" vifs
+	config_get distance "$device" distance
+	config_get slottime "$device" slottime
+	config_get rxant "$device" rxant
+	config_get txant "$device" txant
+	local vif_pre_up vif_post_up vif_do_up
+
+	_c=0
+	nas="$(which nas)"
+	nas_cmd=
+	if_up=
+
+	[ -z "$slottime" ] && {
+		[ -n "$distance" ] && {
+			slottime=$((10 + ($distance / 150)))
+                        [ $distance = 0 ] && slottime=-1
+		}
+	} || {
+		slottime="${slottime:--1}"
+	}
+
+	for vif in $vifs; do
+		config_get mode "$vif" mode
+		append vif_pre_up "vif $_c" "$N"
+		append vif_post_up "vif $_c" "$N"
+		
+		[ "$mode" = "sta" ] || {
+			config_get_bool hidden "$vif" hidden 0
+			append vif_pre_up "closed $hidden" "$N"
+			config_get_bool isolate "$vif" isolate 0
+			append vif_pre_up "ap_isolate $isolate" "$N"
+		}
+
+		wsec_r=0
+		eap_r=0
+		wsec=0
+		auth=0
+		nasopts=
+		config_get enc "$vif" encryption
+		case "$enc" in
+			WEP|wep)
+				wsec_r=1
+				wsec=1
+				defkey=1
+				config_get key "$vif" key
+				case "$key" in
+					[1234])
+						defkey="$key"
+						for knr in 1 2 3 4; do
+							config_get k "$vif" key$knr
+							[ -n "$k" ] || continue
+							[ "$defkey" = "$knr" ] && def="=" || def=""
+							append vif_pre_up "wepkey $def$knr,$k" "$N"
+						done
+					;;
+					"");;
+					*) append vif_pre_up "wepkey =1,$key" "$N";;
+				esac
+			;;
+			*psk*|*PSK*)
+				wsec_r=1
+				config_get key "$vif" key
+				case "$enc" in
+					wpa*+wpa2*|WPA*+WPA2*|*psk+*psk2|*PSK+*PSK2) auth=132; wsec=6;;
+					wpa2*|WPA2*|*PSK2|*psk2) auth=128; wsec=4;;
+					*) auth=4; wsec=2;;
+				esac
+				eval "${vif}_key=\"\$key\""
+				nasopts="-k \"\$${vif}_key\""
+			;;
+			*wpa*|*WPA*)
+				wsec_r=1
+				eap_r=1
+				config_get key "$vif" key
+				config_get server "$vif" server
+				config_get port "$vif" port
+				case "$enc" in
+					wpa*+wpa2*|WPA*+WPA2*) auth=66; wsec=6;;
+					wpa2*|WPA2*) auth=64; wsec=4;;
+					*) auth=2; wsec=2;;
+				esac
+				eval "${vif}_key=\"\$key\""
+				nasopts="-r \"\$${vif}_key\" -h $server -p $port"
+			;;
+		esac
+		append vif_post_up "wsec $wsec" "$N"
+		append vif_post_up "wpa_auth $auth" "$N"
+		append vif_post_up "wsec_restrict $wsec_r" "$N"
+		append vif_post_up "eap_restrict $eap_r" "$N"
+		
+		config_get ssid "$vif" ssid
+		append vif_post_up "vlan_mode 0" "$N"
+		append vif_post_up "ssid $ssid" "$N"
+		case "$mode" in
+			sta|adhoc) append vif_do_up "ssid $ssid" "$N";;
+		esac
+		
+		append vif_post_up "enabled 1" "$N"
+		
+		config_get ifname "$vif" ifname
+		#append if_up "ifconfig $ifname up" ";$N"
+		local net_cfg bridge
+		net_cfg="$(find_net_config "$vif")"
+		[ -z "$net_cfg" ] || {
+			bridge="$(bridge_interface "$net_cfg")"
+			append if_up "start_net '$ifname' '$net_cfg'" ";$N"
+			append if_up "set_wifi_up '$vif' '$ifname'" ";$N"
+		}
+		[ -z "$nasopts" ] || {
+			eval "${vif}_ssid=\"\$ssid\""
+			nas_mode="-A"
+			use_nas=1
+			[ "$mode" = "sta" ] && {
+				nas_mode="-S"
+				[ -z "$bridge" ] || {
+					append vif_pre_up "supplicant 1" "$N"
+					append vif_pre_up "passphrase $key" "$N"
+					
+					use_nas=0
+				}
+			}
+			[ -z "$nas" -o "$use_nas" = "0" ] || nas_cmd="${nas_cmd:+$nas_cmd$N}$nas -P /var/run/nas.$ifname.pid -H 34954 ${bridge:+ -l $bridge} -i $ifname $nas_mode -m $auth -w $wsec -s \"\$${vif}_ssid\" -g 3600 $nasopts &"
+		}
+		_c=$(($_c + 1))
+	done
+	killall -KILL nas >&- 2>&-
+	wlc stdin <<EOF
+$ifdown
+
+ap $ap
+mssid $mssid
+apsta $apsta
+infra $infra
+${wet:+wet 1}
+802.11d 0
+802.11h 0
+rxant ${rxant:-3}
+txant ${txant:-3}
+
+radio ${radio:-1}
+macfilter 0
+maclist none
+wds none
+${wds:+wds $wds}
+${channel:+channel $channel}
+country ${country:-IL0}
+maxassoc ${maxassoc:-128}
+slottime ${slottime:--1}
+
+$vif_pre_up
+up
+$vif_post_up
+EOF
+	eval "$if_up"
+	wlc stdin <<EOF
+$vif_do_up
+EOF
+	eval "$nas_cmd"
+}
+
+
+detect_broadcom() {
+	[ -f /proc/net/wl0 ] || return
+	config_get type wl0 type
+	[ "$type" = broadcom ] && return
+	cat <<EOF
+config wifi-device  wl0
+	option type     broadcom
+	option channel  5
+
+	# REMOVE THIS LINE TO ENABLE WIFI:
+	option disabled 1
+
+config wifi-iface
+	option device   wl0
+	option network	lan
+	option mode     ap
+	option ssid     OpenWrt
+	option encryption none
+EOF
+}

files/usr/bin/perl

@@ -0,0 +1 @@
+microperl

files/usr/lib/common.awk

@@ -0,0 +1,68 @@
+# Copyright (C) 2006 OpenWrt.org
+
+function portstr(type, str) {
+	gsub(/-/, ":", str)
+	if (insmod_mport != 1) {
+		print "insmod ipt_multiport >&- 2>&-"
+		insmod_mport = 1
+	}
+	if (type == "src") return " -m multiport --sports " str
+	else return " -m multiport --dports " str
+}
+
+function str2ipt(str) {
+	str2data(str)
+	_cmd = ""
+	if (_l["src"] != "") _cmd = _cmd " -s " _l["src"]
+	if (_l["dest"] != "") _cmd = _cmd " -d " _l["dest"]
+	if (_l["proto"] != "") {
+		_cmd = _cmd " -p " _l["proto"]
+	}
+	# scripts need to check for proto="" and emit two rules in that case
+	if ((_l["proto"] == "") || (_l["proto"] == "tcp") || (_l["proto"] == "udp")) {
+		if (_l["sport"] != "") _cmd = _cmd portstr("src", _l["sport"])
+		if (_l["dport"] != "") _cmd = _cmd portstr("dest", _l["dport"])
+	}
+	if (_l["layer7"] != "") {
+		if (insmod_l7 != 1) {
+			print "insmod ipt_layer7 >&- 2>&-"
+			insmod_l7 = 1
+		}
+		_cmd = _cmd " -m layer7 --l7proto " _l["layer7"]
+	}
+	return _cmd
+}
+
+function str2data(str) {
+	delete _l
+	_n = split(str, _o, "[\t ]")
+	for (_i = 1; _i <= _n; _i++) {
+		_n2 = split(_o[_i], _c, "=")
+		if (_n2 == 2) _l[_c[1]] = _c[2]
+	}
+}
+
+function bitcount(c) {
+	c=and(rshift(c, 1),0x55555555)+and(c,0x55555555)
+	c=and(rshift(c, 2),0x33333333)+and(c,0x33333333)
+	c=and(rshift(c, 4),0x0f0f0f0f)+and(c,0x0f0f0f0f)
+	c=and(rshift(c, 8),0x00ff00ff)+and(c,0x00ff00ff)
+	c=and(rshift(c,16),0x0000ffff)+and(c,0x0000ffff)
+	return c
+}
+
+function validate_netmask(nm) {
+	return and(-nm,compl(nm))
+}
+
+function ip2int(ip) {
+	for (ret=0,n=split(ip,a,"\."),x=1;x<=n;x++) ret=or(lshift(ret,8),a[x]) 
+	return ret
+}
+
+function int2ip(ip,ret,x) {
+	ret=and(ip,255)
+	ip=rshift(ip,8)
+	for(;x<3;ret=and(ip,255)"."ret,ip=rshift(ip,8),x++);
+	return ret
+}

files/usr/lib/firewall.awk

@@ -0,0 +1,83 @@
+# Copyright (C) 2006 OpenWrt.org
+
+BEGIN {
+	FS=":"
+}
+
+($1 == "accept") || ($1 == "drop") || ($1 == "forward") {
+	delete _opt
+	str2data($3)
+	if ((_l["proto"] == "") && (_l["sport"] _l["dport"] != "")) {
+		_opt[0] = " -p tcp"
+		_opt[1] = " -p udp"
+	} else {
+		_opt[0] = ""
+	}
+}
+
+($1 == "accept") {
+        print "#\n# rules for " $_
+	target = " -j ACCEPT"
+	for (o in _opt) {
+		print "iptables -t nat -A prerouting_" $2 _opt[o] str2ipt($3) target
+		# this one is to allow LAN access to node services when a DMZ server is in use
+		if ($2 == "wifi") print "iptables -t nat -A PREROUTING " _opt[o] str2ipt($3) target
+		print "iptables        -A input_" $2 "     " _opt[o] str2ipt($3) target
+	}
+}
+
+($1 == "drop") {
+        print "#\n# rules for " $_
+	for (o in _opt) {
+		print "iptables -t nat -A prerouting_" $2 _opt[o] str2ipt($3) " -j DROP"
+	}
+}
+
+#    1      2                    3                       4      5
+# forward:wifi:dport=80 proto=tcp dest=10.122.140.13:172.27.0.5:80
+
+($1 == "forward") {
+        print "#\n# rules for " $_
+	target = " -j DNAT --to " $4
+	fwopts = ""
+	if ($5 != "") {
+		if ((_l["proto"] == "tcp") || (_l["proto"] == "udp") || (_l["proto"] == "")) {
+			if (_l["proto"] != "") fwopts = " -p " _l["proto"]
+			fwopts = fwopts " --dport " $5
+			target = target ":" $5
+		}
+		else fwopts = ""
+	}
+	for (o in _opt) {
+		print "iptables -t nat -A prerouting_" $2 _opt[o] str2ipt($3) target
+		# everything seems to work without this rule
+		#print "iptables        -A forwarding_" $2 _opt[o] " -d " $4 fwopts " -j ACCEPT"
+
+		# the wan is more restricted so it needs extra rules
+		if($2 == "wan") {
+		    fwopts = _opt[o]
+		    if ((_l["proto"] != "") && (_opt[0] == "")) fwopts = " -p " _l["proto"]
+		    if(_l["dport"] ~ /-/) {
+			dport = portstr("dst", _l["dport"])
+			print "iptables        -A input_" $2 fwopts " -d " $4 dport " -j ACCEPT"
+		    } else {
+			print "iptables        -A input_" $2 fwopts " -d " $4 " --dport " $5 " -j ACCEPT"
+		    }
+		}
+
+		# rules to give lan hosts access to port forwarded services
+		if ($2 == "wifi") {
+		    fwopts = _opt[o]
+		    dport = ""
+		    if ((_l["proto"] != "") && (_opt[0] == "")) fwopts = " -p " _l["proto"]
+		    if (_l["dport"] != "") dport = portstr("dst", _l["dport"])
+		    print "iptables -t nat -A PREROUTING " fwopts " -s " LAN_NET " -d " _l["dest"] dport target
+		}
+	}
+
+	# nat the packet source for requests that came from the lan
+	# this doesn't work for the wan yet
+	if ($2 == "wifi") {
+	    print "iptables -t nat -A POSTROUTING -s " LAN_NET " -d " $4 " -j SNAT --to " _l["dest"]
+	}
+}