Difference between revisions of "WRT54GS"

From rukapedia
Jump to: navigation, search
Line 54: Line 54:
 
* Once MacTFTP is finished, wait for the WRT54GS to restart (about 5 seconds).  You may have to cycle the power manually if it doesn't reboot on its own.
 
* Once MacTFTP is finished, wait for the WRT54GS to restart (about 5 seconds).  You may have to cycle the power manually if it doesn't reboot on its own.
 
* In a web browser, visit [http://192.168.1.1/ http://192.168.1.1/] -- if all went well you should see the OpenWRT Admin Console.
 
* In a web browser, visit [http://192.168.1.1/ http://192.168.1.1/] -- if all went well you should see the OpenWRT Admin Console.
 +
 +
==Solving the LAN + iptables + webserver Problem==
 +
 +
I had the following iptables rule set up on my WRT54GS (in /etc/firewall.user):
 +
 +
<pre>
 +
iptables -t nat -A prerouting_rule -d $DAN -p tcp --dport 80 -j DNAT --to $DANLAN
 +
iptables        -A forwarding_rule -d $DANLAN -p tcp --dport 80 -j ACCEPT
 +
</pre>
 +
 +
This rule takes incoming web traffic on port 80 destined for IP address $DAN and redirects it to the LAN host $DANLAN.  This rule worked fine for incoming web traffic from the WAN (i.e. from outside the firewall, out on the Internet), but attempts to access the webserver from ''inside the LAN'' failed.  [http://www.netfilter.org/documentation/HOWTO//NAT-HOWTO-10.html This NAT HOWTO page] helped me solve my problem: what I needed, in addition, was this rule:
 +
 +
<pre>
 +
iptables -t nat -A POSTROUTING -d $DANLAN -s $LANIPS -p tcp --dport 80 -j SNAT --to $NETTIE
 +
</pre>
 +
 +
In this rule, '''$LANIPS''' is '''192.168.1.0/24''' and '''$NETTIE''' is the IP of the router itself.  Adding this rule means that I can now access my webserver from inside the LAN exactly as I can from outside the LAN.  An alternative solution to the problem ([http://www.netfilter.org/documentation/HOWTO//NAT-HOWTO-10.html it says here]) is to "run an internal DNS server which knows the real (internal) IP address of your public web site, and forward all other requests to an external DNS server."  But I didn't want to go to the trouble.

Revision as of 10:52, 27 December 2005

In December of 2005, I replaced an aging Linksys BEFW11S4 Wireless Access Point with a Linksys WRT54GS. My unit is a "version 4" (indicated by v.4 on the back, under the Linksys logo). I selected this unit because it runs Linux, and has its firmware is upgradable to allow it to take on additional non-standard features.

Installing OpenWRT with an iMac

The process of installing OpenWRT on a Linksys WRT54GS v4 is actually quite simple, but there are several important steps that need to be taken. I've outlined these steps below:

Setting the boot_wait in NVRAM

The WRT54GS v4 no longer has the standard "Ping.asp bug" that allows setting of NVRAM through the standard Linksys Ping web interface. However there is an alternative method available, which takes advantage of another Ping.asp bug:

"ping_times"    => "1",
"ping_ip"       => "`$command >/tmp/ping.log 2>&1`",
  • Change this to:
"ping_times"    => "`$command >/tmp/ping.log 2>&1`",
"ping_ip"       => "127.0.0.1",
  • Connect the port #1 on the WRT54GS directly to your iMac's Ethernet port.
  • You may have to plug something (an Internet connection?) into the WAN port on the WRT54GS -- I received a "Network unreachable" error until I did this.
  • Run the Perl script:
./wrt54gcli.pl
  • You're now talking to the WRT54GS using a simulated terminal. Execute the following commands to set the boot_wait NVRAM setting to "on":
/usr/sbin/nvram set boot_wait=on
/usr/sbin/nvram get boot_wait  # Should display 'on'
/usr/sbin/nvram commit

Installing the OpenWRT firmware

  • Unplug the power from the router.
  • Download the MacTFTP client and install.
  • Start MacTFTP and enter:
    • Select Send
    • 192.168.1.1 for Address
    • admin for Password
  • Click on File and select the OpenWRT .bin firmware file you want to install.
  • Click Start.
  • Quickly (within 3 seconds) plug the power into the WRT54GS.
  • The firmware should start transferring. If it doesn't (and you get an error), click Start again. You may have to try this a couple of times.
  • Once MacTFTP is finished, wait for the WRT54GS to restart (about 5 seconds). You may have to cycle the power manually if it doesn't reboot on its own.
  • In a web browser, visit http://192.168.1.1/ -- if all went well you should see the OpenWRT Admin Console.

Solving the LAN + iptables + webserver Problem

I had the following iptables rule set up on my WRT54GS (in /etc/firewall.user):

iptables -t nat -A prerouting_rule -d $DAN -p tcp --dport 80 -j DNAT --to $DANLAN
iptables        -A forwarding_rule -d $DANLAN -p tcp --dport 80 -j ACCEPT

This rule takes incoming web traffic on port 80 destined for IP address $DAN and redirects it to the LAN host $DANLAN. This rule worked fine for incoming web traffic from the WAN (i.e. from outside the firewall, out on the Internet), but attempts to access the webserver from inside the LAN failed. This NAT HOWTO page helped me solve my problem: what I needed, in addition, was this rule:

iptables -t nat -A POSTROUTING -d $DANLAN -s $LANIPS -p tcp --dport 80 -j SNAT --to $NETTIE

In this rule, $LANIPS is 192.168.1.0/24 and $NETTIE is the IP of the router itself. Adding this rule means that I can now access my webserver from inside the LAN exactly as I can from outside the LAN. An alternative solution to the problem (it says here) is to "run an internal DNS server which knows the real (internal) IP address of your public web site, and forward all other requests to an external DNS server." But I didn't want to go to the trouble.