teach your linksys wrt54gs v2.1 router new tricks with dd-wrt

10/1/11 6:58 PMTeach your router new tricks with DD-WRT

of 9http://www.infoworld.com/print/174050

Published on InfoWorld (http://www.infoworld.com)

Home > Test Center > Networking > Teach your router new tricks with DD-WRT > Teach yourrouter new tricks with DD-WRT

Teach your router new tricks with DD-WRTBy Serdar YegulalpCreated 2011-09-28 03:00AM

With each passing year, hardware devices growless dependent on proprietary components andmore reliant on open source technologies.Network routers are among the mainbeneficiaries of this trend, especially those thatcan support a variety of third-party open sourcefirmware projects. One variant, DD-WRT [1], hasbecome a common out-of-the-box option formany routers, but also exists in stand-aloneimplementations that can be placed on routersthat support it. Hundreds of routers can run DD-WRT firmware, including nearly 100 Linksysmodels alone.

DD-WRT has a slightly convoluted history. In2002, Linksys started releasing a variety ofrouter, the WRT54G line, that used Linux as anembedded system. The company waseventually obliged to release the source codefor those routers under the terms of the GPL.Another company, Sveasoft, picked up on theresults and created its own third-party firmware(aka Alchemy). Eventually this work was turnedinto a commercial offering, which encouragedthe folks at DD-WRT.com to launch their ownbranch of the project.

[ Also on InfoWorld: Bossie Awards 2011:The best open source software of the year [2]

| Follow the latest in open sourcedevelopments and thinking with InfoWorld'sTechnology: Open Source newsletter [3]. ]

The project was successful enough that DD-WRT has itself become the basis for other firmware created by router manufacturers themselves.Consequently, while DD-WRT has been released under the terms of the GPL, there are



commercial builds of the firmware that incorporate much non-GPL code. It's therefore best to saythat while DD-WRT has its roots in open source, it has a more commercial flavor than some ofthe projects in the same vein, such as the Tomato firmware or OpenWRT.

Why use DD-WRT?For me, the single biggest reason to go with DD-WRT is the balance it strikes betweenconvenience and openness. I can go out and buy a router that runs DD-WRT out of the box --such as the Buffalo router I currently use -- and either upgrade it at my leisure to other builds ofDD-WRT or rely on Buffalo's own official (albeit proprietary) builds.

In the past I've bought a router, upgraded it faithfully as new revisions to the router firmwarecome out, then ground my teeth in disgust when I discover, 18 months to two years later, it'ssuddenly no longer supported. This is dismaying, given the number of security flaws that havebeen found in consumer-level routers, not all of which are due to user misconfiguration. The onlything worse than no protection at all is a false sense of security, so I like the idea of usingsomething that has at least a modicum of third-party oversight.

A full list of the features in DD-WRT would spill over to pages on end, but here's a rundown of themost significant stuff you'll likely use:

Firewall [4]. Every router these days comes with a firewall, but the one included with DD-WRT is based on the iptables [5] firewall in Linux and, thus, is extremely powerful andconfigurable. You can edit the firewall through DD-WRT's own Web-based interface or usea tool like Firewall Builder [6] to do most of the heavy lifting for you.IPv6 support [7]. With the world rapidly running out of IPv4 address space, it's nice to knowyour router can speak IPv6 natively if it has to. DD-WRT has native IPv6 functionality, aswell as the 6to4 [8] address-translation system.Quality-of-service controls [9]. Most routers have some basic QoS management, but someof the DD-WRT builds (mainly the commercially available version) can give you moresophisticated QoS settings, allowing you to specify such items as maximum bandwidth pernetmask or MAC address. UPnP media streaming is also included as a standard item onjust about every DD-WRT build.DNS controls. These include Dnsmasq [10], a local DNS server that speeds up host-namelookups, and support for dynamic DNS providers like TZO, No-IP, and DynDNS.Afterburner [11]. A speed-enhancement system supported by some wireless network devicesbased on the Broadcom chip set. You should use it only if your router and your othernetwork hardware support it, or you'll actually see a net loss in performance.Kai Daemon. This one's for gamers. It's a service to allow network tunneling for gameconsoles -- mainly Microsoft's Xbox -- so that they can connect to the XLink Kai gamingnetwork [12].

Many DD-WRT functions are designed for using the router as a public-access hotspot. If you'resetting up one of these in a business or residence, it's handy to have them in the box and notneed to put them together by hand.

Client isolation. Wireless clients can see only the access point and not each other -- quiteimportant if you want multiple people to share the same access point and not get into eachother's shared files.



Sputnik Agent [13]. An add-on that allows an access point manager to use the SputnikNet [14]

remote-management system for controlling multiple access points from a single Web-basedconsole. SputnikNet has both free and for-pay management tiers, depending on yourneeds.Hotspot System [15]. This appropriately named service lets you manage multiple locations,as well as the billing of clients who connect to your hotspot.Wifidog [16]. Another access-point portal solution, Wifidog provides a broad range of optionsfrom simply displaying a splash page for users (for no-strings-attached access) to requiringactual purchase of access time.ChilliSpot [17]. Yet another open source access controller for hotspots, ChilliSpot usesRADIUS authentication. Note that ChilliSpot is a legacy project that is no longer activelymaintained, but is included with many DD-WRT builds as a backward-compatibilitymeasure.

Some things are not included in every build of DD-WRT. OpenVPN [18], for instance, is limited tojust a few builds. If you're using virtual private networks to connect to remote servers, you'll wantone of the DD-WRT builds that includes OpenVPN [19], which lets you make VPN connectionswithout needing client software on the PC connected to the router.

Finally, DD-WRT includes extensions to allow the truly adventurous to do things with their routerthat the manufacturer never intended -- adding external USB connectors or aftermarket memorycard readers, for instance. Though beyond the realm of most ordinary users, they open upfascinating possibilities for the hard-core hacker.

Finding a suitable router and DD-WRT buildThe first step to take if you want to make use of DD-WRT is to find a router that supports it, ordetermine whether or not a router you have access to can support it. This isn't terribly difficult,since the DD-WRT site contains a list of supported devices [20] that's updated regularly. If you'vehad good results with a particular manufacturer in the past, look for its name on the list and picka recent model.

My manufacturer of choice is Buffalo [21], and my current DD-WRT router is the WHR-HP-G300N[21], most recently given a DD-WRT update by Buffalo itself back in May 2011. Belkin, D-Link,Netgear, and Linksys also have DD-WRT routers in their lineup, as do a whole slew of smallermanufacturers you may or may not have had experience with, including Accton, Gateworks, andRosewill.

The next step is to pick a specific model of router. DD-WRT routers fall into roughly two camps,based on the chip sets they use:

1. Routers built with the Broadcom chip set can use a slightly wider variety of DD-WRT builds(more on this below).

2. Routers built with the Atheros and Ralink chip sets use builds that are made specifically forthe router model. For example, my Buffalo router is built on Atheros and needs a buildmade specifically for it by Buffalo, but with a little work you can replace it with an unbrandedDD-WRT build.

Broadcom routers also use two different flavors of DD-WRT depending on their make:



1. The "normal" build, also referred to in DD-WRT's documentation as NEWD. This is the oneto use for recently manufactured routers.

2. The VINT build, which uses an older wireless driver designed for earlier revisions of theBroadcom chip set -- specifically, the 4710 and 4712 CPUs.

DD-WRT also comes in a number of different "sizes," with various features included or omitted[22]. The smaller builds allow routers with less flash memory to use DD-WRT, albeit at a loss offunctionality. The "micro" build, for instance, is designed to fit in a 2MB flash space and, thus,omits IPv6, OpenVPN, and the firewall. The "standard" build, with the vast majority of features,requires 4MB; the "mega" build (everything plus the kitchen sink) requires 8MB.

If you're in doubt about which build to flash, check the supported device list [20] in DD-WRT's wiki.Each entry in the list contains some instructions on how to flash and which firmware build to use.

[23]

Like other routers based on the Atheros chip set, the Buffalo AirStation WHR-HP-G300Nrequires a build of DD-WRT specifically for the router model.

Flashing a router with DD-WRTIf you've picked up a router preloaded with DD-WRT, find out which version of the DD-WRT



firmware it's currently running and see if it needs updating. If you're using a router that has a DD-WRT build supplied by the manufacturer, look for an update from the manufacturer first. Themanufacturer may have hardware-specific adaptations of DD-WRT that you can't find anywhereelse, or (like Buffalo) it may have firmware that is encrypted and can run only on that router.

The exact way to check if you need an update varies between routers, but the short version goessomething like this:

1. In the router's manual, look up how to access the router's properties/administration pages.This usually involves connecting to a local address (for example, 192.168.1.1) via a Webbrowser.

2. Look there for the revision number of the loaded firmware. This might be listed either as abuild number (say, 14998), a date (May 25, 2011), or both at once.

3. Go to the router manufacturer's website and look up the download page for that exactmodel of router. Router manufacturers often use abominably confusing namingconventions, so read carefully and look for all the details you can. For instance, Actiontec'sMI424WR router comes in three hardware flavors: revisions A, C, and D. The mostdefinitive way to find out which router hardware you have to is to check the underside or theback, and look for a label that describes the model number.

4. Check the date on the firmware available for that router against the firmware alreadyloaded. If the available firmware is newer than the preloaded firmware, it's time to upgrade.

The process for flashing a router with DD-WRT firmware will depend on whether themanufacturer supports DD-WRT directly. If so, you can simply download and flash the firmwarethey provide. The DD-WRT firmware's management page includes a Web interface for uploadingand automatically flashing the router, so the process is little more than a couple of clicks. Justmake sure you're feeding the router the correct firmware file. Also, if there's an option to reset therouter to its default settings, use that to make sure no legacy settings are lingering and mightcreate initialization problems.

If the manufacturer does not support DD-WRT, you'll need to look up your router in the DD-WRTwiki and hunt for specific instructions on how to do this. Here things can get complicated. Somedevices require a "TFTP flash [24]" technique, where you connect to the router via the network anduse a Trivial File Transfer Protocol [25] client to upload the firmware. Or consider the flashingdirections for the D-Link DIR-615 Rev. C [26] router, which requires some hackwork involving ahex editor on the firmware image. Those who have no fear of a command line and can followdirections closely shouldn't have a problem with the more advanced flashing techniques. If youdon't count yourself in that category, you're best off either getting a local guru to do it for you or,once again, dropping the money on a router that has DD-WRT out of the box.



A number of routers -- such as my Buffalo AirStation -- ship with the manufacturer's own,customized version of DD-WRT, in which case you can update the firmware via DD-WRT'sWeb interface. Be sure the "After flashing, reset to default settings" option is enabled.

Recovering from a bad flashOccasionally, a flashing attempt goes bad, leaving the router "bricked" -- it seems to be startingup, but otherwise doesn't provide network access and the management pages are unreachable.Another common symptom: The power light on the front panel of the router flashes nonstop.

Fortunately, a flash problem is rare, and there are ways to recover from it. The first thing to do istry a hard reset, or a "30/30/30" as the DD-WRT folks call it:

1. Unplug the router from the network (but not the power) and hold the hardware reset buttonfor 30 seconds.

2. Keep the reset button held down and remove the power cord for 30 seconds.3. Plug the power back in and keep holding reset for 30 seconds.4. Let go of the reset button and unplug the power one last time for a minute or so. Restore

power.

This resets the router to its factory default state, which is sometimes needed to get it to bootproperly after a flash. If that doesn't work, then you'll need to look into one of the more advancedrecovery procedures [27] listed on the DD-WRT wiki. These include recovering via TFTP (asmentioned above) or using a JTAG cable [28] -- a physical cable connected directly to the router --for repair. If that sounds hairy, it is. JTAG involves hardware hacking, so is probably best suited



for the hardcore and those who have absolutely no other choice. A truly wizardly DD-WRThacker may also add his own boot logic (such as Micro Redboot [29]), especially if he plans ontrying out a variety of different firmwares.

DD-WRT features and functionsOnce you have your DD-WRT router booted up and configured, log into the router'sadministration page (be sure to change the default password!) and find out which features yourrouter supports. A full breakdown of all the features in DD-WRT would require a book and mightwell be redundant since many of the features are common to most routers. However, here's asampling of features included with DD-WRT but that might not be present on other routers you'veworked with. (Note that not all routers support these options.)

AOSS [30]. Short for AirStation One-Touch Secure System [31], AOSS is supported in someclients and routers (they'll have some statement to the effect in their documentation). If yourrouter supports it, you'll be able to press a button on the face of the device to allow anAOSS-enabled client to connect without the need for a password. Many portable gameconsoles, like Sony's PSP, use AOSS.Boot wait. When enabled, the router pauses for five seconds at boot time to allow the userto connect remotely and flash a new firmware if the current one is bricked. Leave this on,as you never know when it'll be useful -- and what's five measly seconds out of a rebootcycle?Logging [32]. DD-WRT can maintain running logs of its most crucial events and behaviors.The log can either be kept locally or be written to a remote IP address that has a syslogdaemon [33] listening on the appropriate port. This can be left off by default, but it's useful totoggle it on if you need to do any detailed troubleshooting (for instance, to find out if somespecific action is messing things up).NTP client. With this, you can specify a remote timeserver that the router will use tosynchronize its own clock. This is a good idea generally, since it saves you the trouble ofhaving to set the clock by hand, and it allows for more accurate deployment of scheduledreboots (see below).Overclocking. Some routers support the ability to overclock, or they run the CPU fasterthan the manufacturer normally recommends. There are few cases where this is needed,especially since overclocking any hardware often leads to instability.Scheduled reboot. [34] You can force the router to reset itself at a given time of day, after acertain interval, or on a specific day of the week. Some claim this improves performance,although in my own experience it doesn't seem to make much difference. Thedocumentation (linked above) shows you how to do this via a command line, but somebuilds -- including the one in my Buffalo router -- let you set this in the GUI underAdministration/Keep Alive. Note that in order to use this, you'll need to enable the Cronoption as well.Telnet. The telnet daemon should be running if you plan on connecting via telnet toperform administration (such as to manually flash new firmware). If you're worried about thesecurity implications of leaving telnet running, you can shut it off until you need it.Trasmit power and antenna gain [35]. These let you control the power to the wirelessantenna and the amount of gain or "focus" used to single out weaker signals. Most of thetime these options should be left as-is -- especially if they're already specified by yourrouter's manufacturer in its DD-WRT stock firmware -- but you can experiment with the gain



function to see if it improves reception in your environment. Note that raising transmitpower can cause some routers to overheat, so don't fool with it and then forget about it.Watchdog. If enabled, the router will attempt to ping other computers regularly and willreboot itself if it doesn't receive a response. This should not normally be needed, but it canbe useful if you have a flaky network gateway. Just be sure to use sane intervals for thepings -- anything less than five minutes is probably overkill -- and make sure you're pingingsomething whose inaccessibility will be a sure sign of trouble (Google, for instance, or yourISP's home page).

Last words for the DD-WRT userOnce you have things running the way you want, keep a few final details in mind for smoothsailing in the future:

Back up your router settings every so often. DD-WRT lets you save your router'ssettings to a file that can be stored on a PC, then reloaded into the router if needed. If youmake a lot of elaborate custom settings -- port forwardings, for instance -- and then have todo a 30/30/30 reset, it's good to have all that stuff backed up so that you don't have tomanually punch it in again.Set passwords. Not just for your wireless connection -- and be sure to use WPA2 if yourclients can support it -- but also for the administration panel itself. Pick a different usernameand password for the admin panel than the out-of-the-box settings, as both are trivially easyto crack if you leave them as-is.Check for updates about once a month. Bookmark the page where your router hasupdates posted and check it every so often for new versions of the firmware. There's notmuch point in using DD-WRT if you're not keeping it current.Finally, if it ain't broke, don't fix it. This may sound counterintuitive, but if your mainreason for picking up a DD-WRT-powered router is stability and functionality, don't shootyourself in the foot by tinkering with it too much. For the most part, DD-WRT should workwith the default settings, especially if it's provided out of the box with your new router.

Of course, if you're using DD-WRT explicitly in order to tinker with it, that's another story!

This article, "Teach your router new tricks with DD-WRT [36]," was originally published atInfoWorld.com [37]. Follow the latest developments in networking [38] and open source [39] atInfoWorld.com. For the latest business technology news, follow InfoWorld.com on Twitter [40].

Networking Open Source Software Network Router Networking

Source URL (retrieved on 2011-10-01 03:45PM): http://www.infoworld.com/d/networking/teach-your-router-new-tricks-dd-wrt-174050

Links:[1] http://www.dd-wrt.com/[2] http://www.infoworld.com/d/open-source-software/bossie-awards-2011-the-best-open-source-software-the-year-171567-1?source=fssr[3] http://www.infoworld.com/newsletters/subscribe?showlist=infoworld_open_source&source=ifwelg_fssr[4] http://www.dd-wrt.com/wiki/index.php/Iptables[5] http://www.netfilter.org/[6] http://www.dd-wrt.com/wiki/index.php/Firewall_Builder[7] http://www.dd-wrt.com/wiki/index.php/IPv6



[8] http://www.dd-wrt.com/wiki/index.php/IPv6#6to4_Setup[9] http://www.dd-wrt.com/wiki/index.php/QoS[10] http://thekelleys.org.uk/dnsmasq/doc.html[11] http://www.dd-wrt.com/wiki/index.php/Afterburner[12] http://teamxlink.co.uk/[13] http://www.sputnik.com/products/wifi_devices/sputnik_agent/index.html[14] http://www.sputnik.com/products/sputniknet/[15] http://www.hotspotsystem.com/[16] http://dev.wifidog.org/[17] http://www.chillispot.info/[18] http://www.dd-wrt.com/wiki/index.php/OpenVPN[19] http://openvpn.net/[20] http://www.dd-wrt.com/wiki/index.php/Supported_Devices[21] http://www.buffalo-technology.com/products/wireless/wireless-n-nfiniti/whr-hp-g300n-airstation-wireless-n-300mbps-cable-router/[22] http://www.dd-wrt.com/wiki/index.php/What_is_DD-WRT?#File_Versions[23] http://www.infoworld.com/sites/infoworld.com/files/media/image/39TC-dd-wrt-status_lg.gif[24] http://www.dd-wrt.com/wiki/index.php/Tftp_flash[25] http://en.wikipedia.org/wiki/Trivial_File_Transfer_Protocol[26] http://www.dd-wrt.com/wiki/index.php/DIR-615C[27] http://www.dd-wrt.com/wiki/index.php/Recover_from_a_Bad_Flash[28] http://www.dd-wrt.com/wiki/index.php/JTAG[29] http://www.dd-wrt.com/wiki/index.php/Micro_Redboot[30] http://www.dd-wrt.com/wiki/index.php/AOSS[31] http://en.wikipedia.org/wiki/AOSS[32] http://www.dd-wrt.com/wiki/index.php/Logging_with_DD-WRT[33] http://en.wikipedia.org/wiki/Syslog[34] http://www.dd-wrt.com/wiki/index.php/Scheduled_reboot[35] http://www.dd-wrt.com/wiki/index.php/Atheros/ath_wireless_settings#TX_Power[36] http://www.infoworld.com/d/networking/teach-your-router-new-tricks-dd-wrt-174050?source=footer[37] http://www.infoworld.com/?source=footer[38] http://www.infoworld.com/d/networking?source=footer[39] http://www.infoworld.com/d/open-source?source=footer[40] http://twitter.com/infoworld

teach your linksys wrt54gs v2.1 router new tricks with dd-wrt

Documents