From rukapedia
Jump to: navigation, search

In December of 2005, I replaced an aging Linksys BEFW11S4 Wireless Access Point with a Linksys WRT54GS. My unit is a "version 4" (indicated by v.4 on the back, under the Linksys logo). I selected this unit because it runs Linux, and has its firmware is upgradable to allow it to take on additional non-standard features.

Installing OpenWRT with an iMac

The process of installing OpenWRT on a Linksys WRT54GS v4 is actually quite simple, but there are several important steps that need to be taken. I've outlined these steps below:

Setting the boot_wait in NVRAM

The WRT54GS v4 no longer has the standard "Ping.asp bug" that allows setting of NVRAM through the standard Linksys Ping web interface. However there is an alternative method available, which takes advantage of another Ping.asp bug:

"ping_times"    => "1",
"ping_ip"       => "`$command >/tmp/ping.log 2>&1`",
  • Change this to:
"ping_times"    => "`$command >/tmp/ping.log 2>&1`",
"ping_ip"       => "",
  • Connect the port #1 on the WRT54GS directly to your iMac's Ethernet port.
  • You may have to plug something (an Internet connection?) into the WAN port on the WRT54GS -- I received a "Network unreachable" error until I did this.
  • Run the Perl script:
  • You're now talking to the WRT54GS using a simulated terminal. Execute the following commands to set the boot_wait NVRAM setting to "on":
/usr/sbin/nvram set boot_wait=on
/usr/sbin/nvram get boot_wait  # Should display 'on'
/usr/sbin/nvram commit

Installing the OpenWRT firmware

  • Unplug the power from the router.
  • Download the MacTFTP client and install.
  • Start MacTFTP and enter:
    • Select Send
    • for Address
    • admin for Password
  • Click on File and select the OpenWRT .bin firmware file you want to install.
  • Click Start.
  • Quickly (within 3 seconds) plug the power into the WRT54GS.
  • The firmware should start transferring. If it doesn't (and you get an error), click Start again. You may have to try this a couple of times.
  • Once MacTFTP is finished, wait for the WRT54GS to restart (about 5 seconds). You may have to cycle the power manually if it doesn't reboot on its own.
  • In a web browser, visit -- if all went well you should see the OpenWRT Admin Console.

Solving the LAN + iptables + webserver Problem

I had the following iptables rule set up on my WRT54GS (in /etc/firewall.user):

iptables -t nat -A prerouting_rule -d $DAN -p tcp --dport 80 -j DNAT --to $DANLAN
iptables        -A forwarding_rule -d $DANLAN -p tcp --dport 80 -j ACCEPT

This rule takes incoming web traffic on port 80 destined for IP address $DAN and redirects it to the LAN host $DANLAN. This rule worked fine for incoming web traffic from the WAN (i.e. from outside the firewall, out on the Internet), but attempts to access the webserver from inside the LAN failed. This NAT HOWTO page helped me solve my problem: what I needed, in addition, was this rule:

iptables -t nat -A POSTROUTING -d $DANLAN -s $LANIPS -p tcp --dport 80 -j SNAT --to $NETTIE

In this rule, $LANIPS is and $NETTIE is the IP of the router itself. Adding this rule means that I can now access my webserver from inside the LAN exactly as I can from outside the LAN. An alternative solution to the problem (it says here) is to "run an internal DNS server which knows the real (internal) IP address of your public web site, and forward all other requests to an external DNS server." But I didn't want to go to the trouble.

Setting Up SNMP/MRTG traffic monitoring

Here's what I did to get snmpd running on the WRTG54GS:

  • From the OpenWRT System | Installed Software panel, I clicked "Update Package Lists" to ensure I had an up-to-date list of available packages.
  • Under "Available packages," I clicked on the "Install" link for snmp-utils and then, once it had installed, for snmpd.
  • No configuration was required -- I used the stock /etc/snmp/snmpd.conf that came with the packages.
  • I started the SNMP daemon by SSHing to the WRT54GS and running /etc/init.d/snmpd

With SNMP running on the WRT54GS, I configured my webserver's MRTG to talk to the SNMP server on the router (I already had MRTG installed on the webserver, so I won't go into its download and configuration here). The name of my WRT54GS is nettie, so I used cfgmaker as follows:

# cfgmaker public@nettie --global "Workdir: /www/htdocs-mrtg" --output /etc/mrtg/mrtg.cfg

This created an mrtg.cfg file. I already had a cron job set up to run MRTG every five minutes. After it ran the first time with this configuration, the files in my /www/htdocs-mrtg directory were:

[htdocs-mrtg]# ls
index.php           nettie_3.old        nettie_4-week.png   nettie_5-year.png
mrtg-l.png          nettie_3-week.png   nettie_4-year.png   nettie_6-day.png
mrtg-m.png          nettie_3-year.png   nettie_5-day.png    nettie_6.html
mrtg-r.png          nettie_4-day.png    nettie_5.html       nettie_6.log
nettie_3-day.png    nettie_4.html       nettie_5.log        nettie_6-month.png
nettie_3.html       nettie_4.log        nettie_5-month.png  nettie_6.old
nettie_3.log        nettie_4-month.png  nettie_5.old        nettie_6-week.png
nettie_3-month.png  nettie_4.old        nettie_5-week.png   nettie_6-year.png

The index.php file is a little index file I created manually that has links to the nettie_?.html files.

The result: I now have MRTG graphs for each of the WRT54GS's Ethernet interfaces.