In December of 2005, I replaced an aging Linksys BEFW11S4 Wireless Access Point with a Linksys WRT54GS. My unit is a "version 4" (indicated by v.4 on the back, under the Linksys logo). I selected this unit because it runs Linux, and has its firmware is upgradable to allow it to take on additional non-standard features.
Installing OpenWRT with an iMac
The process of installing OpenWRT on a Linksys WRT54GS v4 is actually quite simple, but there are several important steps that need to be taken. I've outlined these steps below:
Setting the boot_wait in NVRAM
The WRT54GS v4 no longer has the standard "Ping.asp bug" that allows setting of NVRAM through the standard Linksys Ping web interface. However there is an alternative method available, which takes advantage of another Ping.asp bug:
- Grab this Perl script
- Find the section that reads:
"ping_times" => "1", "ping_ip" => "`$command >/tmp/ping.log 2>&1`",
- Change this to:
"ping_times" => "`$command >/tmp/ping.log 2>&1`", "ping_ip" => "127.0.0.1",
- Connect the port #1 on the WRT54GS directly to your iMac's Ethernet port.
- You may have to plug something (an Internet connection?) into the WAN port on the WRT54GS -- I received a "Network unreachable" error until I did this.
- Run the Perl script:
- You're now talking to the WRT54GS using a simulated terminal. Execute the following commands to set the boot_wait NVRAM setting to "on":
/usr/sbin/nvram set boot_wait=on /usr/sbin/nvram get boot_wait # Should display 'on' /usr/sbin/nvram commit
Installing the OpenWRT firmware
- Unplug the power from the router.
- Download the MacTFTP client and install.
- Start MacTFTP and enter:
- Select Send
- 192.168.1.1 for Address
- admin for Password
- Click on File and select the OpenWRT .bin firmware file you want to install.
- Click Start.
- Quickly (within 3 seconds) plug the power into the WRT54GS.
- The firmware should start transferring. If it doesn't (and you get an error), click Start again. You may have to try this a couple of times.
- Once MacTFTP is finished, wait for the WRT54GS to restart (about 5 seconds). You may have to cycle the power manually if it doesn't reboot on its own.
- In a web browser, visit http://192.168.1.1/ -- if all went well you should see the OpenWRT Admin Console.
Solving the LAN + iptables + webserver Problem
I had the following iptables rule set up on my WRT54GS (in /etc/firewall.user):
iptables -t nat -A prerouting_rule -d $DAN -p tcp --dport 80 -j DNAT --to $DANLAN iptables -A forwarding_rule -d $DANLAN -p tcp --dport 80 -j ACCEPT
This rule takes incoming web traffic on port 80 destined for IP address $DAN and redirects it to the LAN host $DANLAN. This rule worked fine for incoming web traffic from the WAN (i.e. from outside the firewall, out on the Internet), but attempts to access the webserver from inside the LAN failed. This NAT HOWTO page helped me solve my problem: what I needed, in addition, was this rule:
iptables -t nat -A POSTROUTING -d $DANLAN -s $LANIPS -p tcp --dport 80 -j SNAT --to $NETTIE
In this rule, $LANIPS is 192.168.1.0/24 and $NETTIE is the IP of the router itself. Adding this rule means that I can now access my webserver from inside the LAN exactly as I can from outside the LAN. An alternative solution to the problem (it says here) is to "run an internal DNS server which knows the real (internal) IP address of your public web site, and forward all other requests to an external DNS server." But I didn't want to go to the trouble.