In December of 2005, I replaced an aging Linksys BEFW11S4 Wireless Access Point with a Linksys WRT54GS. My unit is a "version 4" (indicated by v.4 on the back, under the Linksys logo). I selected this unit because it runs Linux, and has its firmware is upgradable to allow it to take on additional non-standard features.
Installing OpenWRT with an iMac
The process of installing OpenWRT on a Linksys WRT54GS v4 is actually quite simple, but there are several important steps that need to be taken. I've outlined these steps below:
Setting the boot_wait in NVRAM
The WRT54GS v4 no longer has the standard "Ping.asp bug" that allows setting of NVRAM through the standard Linksys Ping web interface. However there is an alternative method available, which takes advantage of another Ping.asp bug:
- Grab this Perl script
- Find the section that reads:
"ping_times" => "1", "ping_ip" => "`$command >/tmp/ping.log 2>&1`",
- Change this to:
"ping_times" => "`$command >/tmp/ping.log 2>&1`", "ping_ip" => "127.0.0.1",
- Connect the port #1 on the WRT54GS directly to your iMac's Ethernet port.
- You may have to plug something (an Internet connection?) into the WAN port on the WRT54GS -- I received a "Network unreachable" error until I did this.
- Run the Perl script:
- You're now talking to the WRT54GS using a simulated terminal. Execute the following commands to set the boot_wait NVRAM setting to "on":
/usr/sbin/nvram set boot_wait=on /usr/sbin/nvram get boot_wait # Should display 'on' /usr/sbin/nvram commit
Installing the OpenWRT firmware
- Unplug the power from the router.
- Download the MacTFTP client and install.
- Start MacTFTP and enter:
- Select Send
- 192.168.1.1 for Address
- admin for Password
- Click on File and select the OpenWRT .bin firmware file you want to install.
- Click Start.
- Quickly (within 3 seconds) plug the power into the WRT54GS.
- The firmware should start transferring. If it doesn't (and you get an error), click Start again. You may have to try this a couple of times.
- Once MacTFTP is finished, wait for the WRT54GS to restart (about 5 seconds). You may have to cycle the power manually if it doesn't reboot on its own.
- In a web browser, visit http://192.168.1.1/ -- if all went well you should see the OpenWRT Admin Console.
Solving the LAN + iptables + webserver Problem
I had the following iptables rule set up on my WRT54GS (in /etc/firewall.user):
iptables -t nat -A prerouting_rule -d $DAN -p tcp --dport 80 -j DNAT --to $DANLAN iptables -A forwarding_rule -d $DANLAN -p tcp --dport 80 -j ACCEPT
This rule takes incoming web traffic on port 80 destined for IP address $DAN and redirects it to the LAN host $DANLAN. This rule worked fine for incoming web traffic from the WAN (i.e. from outside the firewall, out on the Internet), but attempts to access the webserver from inside the LAN failed. This NAT HOWTO page helped me solve my problem: what I needed, in addition, was this rule:
iptables -t nat -A POSTROUTING -d $DANLAN -s $LANIPS -p tcp --dport 80 -j SNAT --to $NETTIE
In this rule, $LANIPS is 192.168.1.0/24 and $NETTIE is the IP of the router itself. Adding this rule means that I can now access my webserver from inside the LAN exactly as I can from outside the LAN. An alternative solution to the problem (it says here) is to "run an internal DNS server which knows the real (internal) IP address of your public web site, and forward all other requests to an external DNS server." But I didn't want to go to the trouble.
Setting Up SNMP/MRTG traffic monitoring
Here's what I did to get snmpd running on the WRTG54GS:
- From the OpenWRT System | Installed Software panel, I clicked "Update Package Lists" to ensure I had an up-to-date list of available packages.
- Under "Available packages," I clicked on the "Install" link for snmp-utils and then, once it had installed, for snmpd.
- No configuration was required -- I used the stock /etc/snmp/snmpd.conf that came with the packages.
- I started the SNMP daemon by SSHing to the WRT54GS and running /etc/init.d/snmpd
With SNMP running on the WRT54GS, I configured my webserver's MRTG to talk to the SNMP server on the router (I already had MRTG installed on the webserver, so I won't go into its download and configuration here). The name of my WRT54GS is nettie, so I used cfgmaker as follows:
# cfgmaker public@nettie --global "Workdir: /www/htdocs-mrtg" --output /etc/mrtg/mrtg.cfg
This created an mrtg.cfg file. I already had a cron job set up to run MRTG every five minutes. After it ran the first time with this configuration, the files in my /www/htdocs-mrtg directory were:
[htdocs-mrtg]# ls index.php nettie_3.old nettie_4-week.png nettie_5-year.png mrtg-l.png nettie_3-week.png nettie_4-year.png nettie_6-day.png mrtg-m.png nettie_3-year.png nettie_5-day.png nettie_6.html mrtg-r.png nettie_4-day.png nettie_5.html nettie_6.log nettie_3-day.png nettie_4.html nettie_5.log nettie_6-month.png nettie_3.html nettie_4.log nettie_5-month.png nettie_6.old nettie_3.log nettie_4-month.png nettie_5.old nettie_6-week.png nettie_3-month.png nettie_4.old nettie_5-week.png nettie_6-year.png
The index.php file is a little index file I created manually that has links to the nettie_?.html files.
The result: I now have MRTG graphs for each of the WRT54GS's Ethernet interfaces.