DD-WRT
DD-WRT is open source firmware for (wireless) routers. This firmware extends the possibilities and sometimes stability of the proprietary manufacturer firmware.
My router is a Linksys wrt54G v5 (only 2MB Flash and 8MB RAM) and I flashed DD-WRT v24-sp2 (08/07/10) micro (SVN revision 14896). Specs here and Flash instructions here.
Note: 5 may 2016 - Latest version in beta here. Running dd-wrt 3 micro generic now which runs very well.
There is almost no memory left to tweak with. However...
The GUI
The GUI is very straight forward. You can go here or here for a good read.
For an older 2.4 version there is a simulator available.
The command line
Busybox is very tiny. Not much commands due to Flash memory restrictions (only 2 MB)
Even a ls command is not included. Now that is micro.
All settings are stored in the NVRAM mtd Flash block. The GUI does this for you but you can do it from the command line too.
Using telnet these are the commands on the command line:
usage: nvram [get name] [set name=value] [unset name] [show]
nvram show (shows all settings and how much bytes you have free to store settings)
ses_script=
filter_dport_grp3=
wl_mac_deny=
wl0.1_radius_port=1812
wl1_wds4_hwaddr=
wl0_wds2_if=
opo=0
...
pptpd_client_mru=1450
oet1_fragment=0
oet5_rem=192.168.90.1
size: 21983 bytes (10785 left)
Install Ad Blocker
Using the DNSMasq feature you can build your own (Ad)Domain Blocker. It uses a hosts file from the internet that has domains
pointing to 127.0.0.1 It only works with hosts files that have only linefeed (like unix) on dd-wrt build that I use. Check this with
notepad++ if that is the case.
Blocking domains with dsnmasq
Dnsmasq reads the /tmp/dnsmas.conf file. It will create it with dhcp options when the service is started. It will not allow you to add options. But the nvram variable dnsmasq_options you can add your own via the GUI. Using the GUI goto the Services > Services tab and enable in the DNSMasq section both DNSMasq and Local DNS.
In the Additional DNSMasq Options box type two lines:
#addn-hosts=/tmp/adhosts
cache-size=250
domain-needed
bogus-priv
no-negcache
address=/2mdn.net/0.0.0.0
<add more domains here>
address=/2o7.net/0.0.0.0
Click on the Apply settings button.
Note: Doesn't work on micro build via GUI, you have to do it via Telnet
The way to set dnsmasq options in the mricro build is through telnet:
telnet <ip>
login
$ nvram show # this gives you the nvram settings and how much bytes storage is left
$ stopservice dnsmasq
$ nvram set dnsmasq_options="cache-size=250
$ domain-needed
$ bogus-priv
$ no-negcache
$ address=/2mdn.net/0.0.0.0
$ ... add your own ...
$ address=/2o7.net/0.0.0.0"
$ nvram get dnsmasq_options # visual check before commit to nvram !!
$ nvram commit
$ startservice dnsmasq
$ exit
Blocking hosts with local dnsmasq
Now goto the Administration > Commands tab and paste this text into the box:
# Tweakradje dec 2015
# dd-wrt micro startup script
#increase randomizer
echo 4096 > /proc/sys/kernel/random/poolsize #512
echo 128 > /proc/sys/kernel/random/read_wakeup_threshold #8
echo 256 >/proc/sys/kernel/random/write_wakeup_threshold #128
echo 1 > /proc/sys/net/ipv4/tcp_moderate_rcvbuf #0
# AD BLOCK with dnsmasq
# stopservice dnsmasq
# nvram set dnsmasq_options="opt1
# opt2"
# nvram commit
# startservice dnsmasq
sleep 20
# get hosts file with unix EOL
#wget -qO /tmp/adhosts http://adaway.org/hosts.txt
wget -qO- http://adaway.org/hosts.txt|grep "^127.0.0.1" >> /tmp/hosts
#wget -qO- http://www.mvps.org/winhelp2002/hosts.txt|grep "^0.0.0.0" >> /tmp/hosts
echo 127.0.0.1 ad.360yield.com >> /tmp/hosts
# re-read hosts file
killall -HUP dnsmasq
Click on the Save Startup button. Reboot the router. Hosts file must be UNIX EOL !!!
When the router boots it will use wget to get the hosts file from the URL http://adaway.org/hosts.txt and add it to /tmp/hosts
Then it will send a SIGHUP to the dnsmasq service, this will re-read the hosts file.
For testing you can also add hosts manually to the /tmp/hosts file. Re-read the hosts file (killall -HUP dnsmasq) for effect.
Or via telnet:
nvram set dnsmasq_enable=1
nvram set dhcp_dnsmasq=1
nvram set dns_dnsmasq=1
nvram set sv_localdns=<router's ip>
nvram set local_dns=1
nvram commit
Mac address filter on schedule
I use the mac addresses filter to block access for some devices on my LAN. But it would be easier to do this on a schedule.
Is it possible to use crontab for this? Yes it is.
First use the GUI to add the mac addresses you want to block. These are now stored in nvram.
To switch it ON for WLAN
# WL MAC filter on (deny mac list)
wl mac none
wl mac $(nvram get wl0_maclist)
wl macmode 1
wl down
wl up
# The GUI part
nvram set wl0_macmode1=other
nvram set wl0_macmode=deny
nvram set wl1_macmode1=other
nvram set wl1_macmode=deny
nvram commit
To switch it OFF
# WL MAC filter off (allow all)
wl macmode 0
wl down
wl up
# The GUI part
nvram set wl0_macmode1=disabled
nvram set wl0_macmode=disabled
nvram set wl1_macmode1=disabled
nvram set wl1_macmode=disabled
nvram commit
Maybe I should add $(nvram get wl1_maclist) too to the "wl mac" list?
So for crontab to block certain mac addresses in the house first add them with the GUI to the list.
Then add these lines to your contab via the GUI.
* 22 * * * root wl mac none && wl mac $(nvram get wl0_maclist) && wl macmode 1 && wl down && wl up && nvram set wl0_macmode1=other && nvram set wl0_macmode=deny && nvram set wl1_macmode1=other && nvram set wl1_macmode=deny && nvram commit
* 7 * * * root wl macmode 0 && wl down && wl up && nvram set wl0_macmode1=disabled && nvram set wl0_macmode=disabled && nvram set wl1_macmode1=disabled && nvram set wl1_macmode=disabled && nvram commit
Startup Script Netgear R6400 router
# Tweakradje dec 2016
# dd-wrt micro startup script
# AD BLOCK with dnsmasq
# stopservice dnsmasq
# nvram set dnsmasq_options="opt1
# opt2"
# nvram commit
# startservice dnsmasq
# Wait for inet connection
ping -c 1 8.8.8.8
while [ $? = 1 ] ; do ping -c 1 8.8.8.8 ; done
# get hosts file with unix EOL
##wget -qO /tmp/adhosts http://adaway.org/hosts.txt
wget -qO- http://adaway.org/hosts.txt|grep "^127.0.0.1" >> /tmp/hosts
##wget -qO- http://www.mvps.org/winhelp2002/hosts.txt|grep "^0.0.0.0" >> /tmp/hosts
echo 127.0.0.1 ad.360yield.com >> /tmp/hosts
# re-read hosts file
killall -HUP dnsmasq
sysctl -w vm.swappiness=10 #60
sysctl -w vm.vfs_cache_pressure=50 #100
sysctl -w vm.highmem_is_dirtyable=1 # faster I/O
sysctl -w vm.min_free_kbytes=2108 #1403
sysctl -w vm.dirty_ratio=40 #plenty of RAM for cache
sysctl -w kernel.random.read_wakeup_threshold=128 #64
sysctl -w kernel.random.write_wakeup_threshold=256 #128
sysctl -w net.ipv4.tcp_low_latency=1 # faster ACK / Disable Nagle
sysctl -w net.ipv4.tcp_adv_win_scale=2 # 2=1/4 space is app. buffer
#LED Off (problem on LAN PORT NAS)
#gpio enable 1
#gpio enable 2
#gpio enable 6
#gpio enable 7
#gpio enable 8
#gpio enable 9
#gpio disable 10
#gpio disable 11
#gpio enable 12
#gpio enable 13
#et robowr 0x0 0x18 0x0
Guest Wifi network
Add a second Wifi network for guests that is not connected to your LAN network, only internet. Or if you have only 802.11b clients that support WEP only use this guest feature to connect to the internet without compromising LAN security.
There are a few simple steps to achieve this. Here you can read more.
Goto Wireless settings
Click Add at the Virtual Interfaces section
Then configure like image below (choose your own SSID and password for the guest network)
Set the IP Address that you are not using on your current LAN
Click Save
Goto Wireless Security and fill in your security information
Click Save
Goto Setup Networking
At the bottom you find DHCPD, click Add and choose wl0.1 with On, Start 100, Max 50, Leasetime 3600
Click Apply
That is it.
Limit bandwidth for specific LAN clients
You can use the QOS feature to limit WAN bandwidth for specific LAN clients.
Goto the tab NAT/QOS and enable QOS. Select FQ_CODEL as queing model. Roughly enter your ISP Down/Up link speed.
Then goto the MAC Priority section and add the mac addresses from the clients you want to limit/cap.
That is it.
Tips and Tricks
Backup NVRAM
All settings are stored in NVRAM. To quickly get a copy type in your browser:
- http://<ip>/nvrambak.bin
- Save the file as nvrambak.bin
For restoring the settings use the GUI.
Backup CFE Bootloader
A backup of your bootloader is called CFE backup. You can get it via http. (More info)
- http://<ip>/backup/cfe.bin
- Save the file as cfe.bin
You may need it some day if your router is soft bricked.
Copy a file from the router
Lets copy the very minimal busybox binary from the routers running firmware
- telnet <ip>
- login with user root and the password
- cp /bin/busybox /tmp/www/bb.jpg
- http://10.0.0.1/user/bb.jpg
- Save as... the original name
Get a modern busybox
- telnet <ip>
- login with user root and the password
- wget -O /tmp/busybox http://www.busybox.net/downloads/binaries/latest/busybox-mips
- chmod 755 /tmp/busybox
- /tmp/busybox ls -l /tmp
ps: if you reboot the /tmp partition will be wiped again!
Getting the mtd FLASH partitions
- telnet <ip>
- login with user root and the password
- cat /proc/mtd
dev: size erasesize name
mtd0: 00040000 00010000 "cfe"
mtd1: 001b0000 00010000 "linux"
mtd2: 0010c400 00010000 "rootfs"
mtd3: 00010000 00008000 "nvram"
Stop and Start the Web GUI
Stopping creates 2 Mb free RAM.
- killall httpd
Start it again
- run httpd -p 80
The unix shell tricks
Fill a file with copy and paste
cat > afile
paste whatever content
press CTRL+D
The exitcode of a command can be found by using echo $?
View active connections: cat /proc/net/ip_conntrack