DD-WRT

DD-WRT is open source firmware for (wireless) routers. This firmware extends the possibilities and sometimes stability of the proprietary manufacturer firmware.

My router is a Linksys wrt54G v5 (only 2MB Flash and 8MB RAM) and I flashed DD-WRT v24-sp2 (08/07/10) micro (SVN revision 14896). Specs here and Flash instructions here.

Note: 5 may 2016 - Latest version in beta here. Running dd-wrt 3 micro generic now which runs very well.

There is almost no memory left to tweak with. However...

The GUI

The GUI is very straight forward. You can go here or here for a good read.

For an older 2.4 version there is a simulator available.

The command line

Busybox is very tiny. Not much commands due to Flash memory restrictions (only 2 MB)

Even a ls command is not included. Now that is micro.

All settings are stored in the NVRAM mtd Flash block. The GUI does this for you but you can do it from the command line too.

Using telnet these are the commands on the command line:

usage: nvram [get name] [set name=value] [unset name] [show]

nvram show (shows all settings and how much bytes you have free to store settings)

ses_script=

filter_dport_grp3=

wl_mac_deny=

wl0.1_radius_port=1812

wl1_wds4_hwaddr=

wl0_wds2_if=

opo=0

...

pptpd_client_mru=1450

oet1_fragment=0

oet5_rem=192.168.90.1

size: 21983 bytes (10785 left)

Install Ad Blocker

Using the DNSMasq feature you can build your own (Ad)Domain Blocker. It uses a hosts file from the internet that has domains

pointing to 127.0.0.1 It only works with hosts files that have only linefeed (like unix) on dd-wrt build that I use. Check this with

notepad++ if that is the case.

Blocking domains with dsnmasq

Dnsmasq reads the /tmp/dnsmas.conf file. It will create it with dhcp options when the service is started. It will not allow you to add options. But the nvram variable dnsmasq_options you can add your own via the GUI. Using the GUI goto the Services > Services tab and enable in the DNSMasq section both DNSMasq and Local DNS.

In the Additional DNSMasq Options box type two lines:

#addn-hosts=/tmp/adhosts

cache-size=250

domain-needed

bogus-priv

no-negcache

address=/2mdn.net/0.0.0.0

<add more domains here>

address=/2o7.net/0.0.0.0

Click on the Apply settings button.

Note: Doesn't work on micro build via GUI, you have to do it via Telnet

The way to set dnsmasq options in the mricro build is through telnet:

telnet <ip>

login

$ nvram show # this gives you the nvram settings and how much bytes storage is left

$ stopservice dnsmasq

$ nvram set dnsmasq_options="cache-size=250

$ domain-needed

$ bogus-priv

$ no-negcache

$ address=/2mdn.net/0.0.0.0

$ ... add your own ...

$ address=/2o7.net/0.0.0.0"

$ nvram get dnsmasq_options # visual check before commit to nvram !!

$ nvram commit

$ startservice dnsmasq

$ exit

Blocking hosts with local dnsmasq

Now goto the Administration > Commands tab and paste this text into the box:

# Tweakradje dec 2015

# dd-wrt micro startup script

#increase randomizer

echo 4096 > /proc/sys/kernel/random/poolsize #512

echo 128 > /proc/sys/kernel/random/read_wakeup_threshold #8

echo 256 >/proc/sys/kernel/random/write_wakeup_threshold #128

echo 1 > /proc/sys/net/ipv4/tcp_moderate_rcvbuf #0

# AD BLOCK with dnsmasq

# stopservice dnsmasq

# nvram set dnsmasq_options="opt1

# opt2"

# nvram commit

# startservice dnsmasq

sleep 20

# get hosts file with unix EOL

#wget -qO /tmp/adhosts http://adaway.org/hosts.txt

wget -qO- http://adaway.org/hosts.txt|grep "^127.0.0.1" >> /tmp/hosts

#wget -qO- http://www.mvps.org/winhelp2002/hosts.txt|grep "^0.0.0.0" >> /tmp/hosts

echo 127.0.0.1 ad.360yield.com >> /tmp/hosts

# re-read hosts file

killall -HUP dnsmasq

Click on the Save Startup button. Reboot the router. Hosts file must be UNIX EOL !!!

When the router boots it will use wget to get the hosts file from the URL http://adaway.org/hosts.txt and add it to /tmp/hosts

Then it will send a SIGHUP to the dnsmasq service, this will re-read the hosts file.

For testing you can also add hosts manually to the /tmp/hosts file. Re-read the hosts file (killall -HUP dnsmasq) for effect.

Or via telnet:

nvram set dnsmasq_enable=1

nvram set dhcp_dnsmasq=1

nvram set dns_dnsmasq=1

nvram set sv_localdns=<router's ip>

nvram set local_dns=1

nvram commit

Mac address filter on schedule

I use the mac addresses filter to block access for some devices on my LAN. But it would be easier to do this on a schedule.

Is it possible to use crontab for this? Yes it is.

First use the GUI to add the mac addresses you want to block. These are now stored in nvram.

To switch it ON for WLAN

# WL MAC filter on (deny mac list)

wl mac none

wl mac $(nvram get wl0_maclist)

wl macmode 1

wl down

wl up

# The GUI part

nvram set wl0_macmode1=other

nvram set wl0_macmode=deny

nvram set wl1_macmode1=other

nvram set wl1_macmode=deny

nvram commit

To switch it OFF

# WL MAC filter off (allow all)

wl macmode 0

wl down

wl up

# The GUI part

nvram set wl0_macmode1=disabled

nvram set wl0_macmode=disabled

nvram set wl1_macmode1=disabled

nvram set wl1_macmode=disabled

nvram commit

Maybe I should add $(nvram get wl1_maclist) too to the "wl mac" list?

So for crontab to block certain mac addresses in the house first add them with the GUI to the list.

Then add these lines to your contab via the GUI.

* 22 * * * root wl mac none && wl mac $(nvram get wl0_maclist) && wl macmode 1 && wl down && wl up && nvram set wl0_macmode1=other && nvram set wl0_macmode=deny && nvram set wl1_macmode1=other && nvram set wl1_macmode=deny && nvram commit

* 7 * * * root wl macmode 0 && wl down && wl up && nvram set wl0_macmode1=disabled && nvram set wl0_macmode=disabled && nvram set wl1_macmode1=disabled && nvram set wl1_macmode=disabled && nvram commit

Startup Script Netgear R6400 router

# Tweakradje dec 2016

# dd-wrt micro startup script

# AD BLOCK with dnsmasq

# stopservice dnsmasq

# nvram set dnsmasq_options="opt1

# opt2"

# nvram commit

# startservice dnsmasq

# Wait for inet connection

ping -c 1 8.8.8.8

while [ $? = 1 ] ; do ping -c 1 8.8.8.8 ; done

# get hosts file with unix EOL

##wget -qO /tmp/adhosts http://adaway.org/hosts.txt

wget -qO- http://adaway.org/hosts.txt|grep "^127.0.0.1" >> /tmp/hosts

##wget -qO- http://www.mvps.org/winhelp2002/hosts.txt|grep "^0.0.0.0" >> /tmp/hosts

echo 127.0.0.1 ad.360yield.com >> /tmp/hosts

# re-read hosts file

killall -HUP dnsmasq

sysctl -w vm.swappiness=10 #60

sysctl -w vm.vfs_cache_pressure=50 #100

sysctl -w vm.highmem_is_dirtyable=1 # faster I/O

sysctl -w vm.min_free_kbytes=2108 #1403

sysctl -w vm.dirty_ratio=40 #plenty of RAM for cache

sysctl -w kernel.random.read_wakeup_threshold=128 #64

sysctl -w kernel.random.write_wakeup_threshold=256 #128

sysctl -w net.ipv4.tcp_low_latency=1 # faster ACK / Disable Nagle

sysctl -w net.ipv4.tcp_adv_win_scale=2 # 2=1/4 space is app. buffer

#LED Off (problem on LAN PORT NAS)

#gpio enable 1

#gpio enable 2

#gpio enable 6

#gpio enable 7

#gpio enable 8

#gpio enable 9

#gpio disable 10

#gpio disable 11

#gpio enable 12

#gpio enable 13

#et robowr 0x0 0x18 0x0

Guest Wifi network

Add a second Wifi network for guests that is not connected to your LAN network, only internet. Or if you have only 802.11b clients that support WEP only use this guest feature to connect to the internet without compromising LAN security.

There are a few simple steps to achieve this. Here you can read more.

• Goto Wireless settings

• Click Add at the Virtual Interfaces section

• Then configure like image below (choose your own SSID and password for the guest network)