Solutions you want. Done.
Beef Up Your Wireless Router
February 26, 2007 on 11:27 pm by Josh Kuo | In Open source, Linux, Networking, q!News |
(Article originally posted at InfoWorld Magazine)
Sure you have one. Everyone nowadays has at least one wireless router at home, be it Linksys, NetGear, D-Link, or Buffalo. With new wireless products being released nearly every month, I am willing to bet that some of you even have a couple of the older wireless routers collecting dust in your closet. Well, it’s time to take them out and put them to good use.
Check out the OpenWRT project. OpenWRT is a Linux distribution for embedded devices, and it brings a lot of exciting possibilities to your humble wireless router. Although still in its release candidate stage (currently at RC6), OpenWRT is very usable and feature-rich right out of the box. Be warned, you could void your manufacturer warranty by installing OpenWRT on your wireless routers.
So what can you do with an embedded Linux device running on limited RAM and very small storage? As it turns out, quite a lot actually. You can install asterisk, and have your personal, customizable PBX (private branch exchange). If you already have a SIP phone or some kind of VoIP phone interface (such as the Cisco ATA 186 adapter), you can have your very own VoIP system at home, all running out of your low power-consumption embedded hardware.
Put your router/firewall on steroids by installing packages like nmap (network security scanner), snort (intrusion detection), and tcpdump (packet sniffer). Together with iptables (which comes with the Linux kernel), you can turn your OpenWRT box into a powerful security tool. Install openvpn, and you have a very affordable VPN device. And if it strikes your fancy, you can install quagga and turn your dusty little Linksys into an OSPF and BGP-capable router.
Want to provide your own wireless hotspot? No problem. Install chillispot, and you are ready to go. You can even install FreeRADIUS on the OpenWRT for the authentication back-end, and WPA (wifi protected access) for the added security.
You can turn it into an all purpose office server by installing DHCP, cups (print server), lighthttpd (web server), NTP (time server) and OpenSSH or dropbear (secure remote administration). If your router has a USB port, you can also turn it into a file server by hooking it up with a USB hard drive and installing NFS.
And don’t forget that this is a wireless router. It has a wireless card, so take advantage of it! Install kismet on it, and you have a wireless sniffer. This can prove to be invaluable if you ever need to analyze the airwaves at a remote location, but don’t want to leave your expensive laptop on-site. Drop in place a $50 OpenWRT box loaded with kismet instead.
Here is one way to use your old wireless router: In the past, I had setup a few cheap Linksys WRT54g boxes with OpenWRT and vtun, and dropped one at each of our remote locations. This gave me the ability to have layer 2 tunnels to each of the remote sites. I kept one in my house, and if I ever needed to troubleshoot a remote network problem, I just setup the tunnel between the two OpenWRT boxes, connected my laptop or testing equipment to the OpenWRT sitting on my desk, and it was like being on the remote physical network! This saved me a number of times, being able to perform packet capturing on the remote network, observing the network traffic in real-time, requesting and obtaining DHCP addresses… essentially, I could experience exactly what the remote user was experiencing, all from the comfort of my own home.
This is just the beginning of what embedded Linux can do for you. To find out more what embedded Linux can do fo r your enterprise, check out Secure Linux Appliances in Your Enterprise. So dig up your old wireless router, check it against the hardware compatibility list, and see if your router is OpenWRT compatible, and open yourself up to a wrt of possibilities!
Josh Kuo
Co-Owner of q!Bang Solutions
31 Comments »
RSS feed for comments on this post. TrackBack URI
Leave a comment
Powered by WordPress with Pool theme design by Borja Fernandez.
Entries and comments feeds.
Valid XHTML and CSS. ^Top^
It’s a damn shame that it’s taken you so long to find this! People have been using this for years!
Please note that Linksys WRT54GL is the one to get of the WRT54G series now, since v4 and v5 aren’t as good!
Comment by John — March 18, 2007 #
I have been using OpenWRT for more than 18 months now, it just took me this long to get to write something about it… Thanks for the information on v4 and v5, I am fully aware of it and have been getting some of the v2’s from eBay, since it’s probably cheaper than buying a brand-new GL.
Comment by Josh Kuo — March 18, 2007 #
you might find something interesting here as well:
http://www.dd-wrt.com/dd-wrtv2/index.php
that’s the firmware i use that lets me use my WRT54G as a repeater.
Comment by G-Man — March 18, 2007 #
I built a nice self contained wireless weather station with one of these (wrt54GS). Openwrt, one-wire weather and rrdtool make up the special sauce. The eeather hardware is from www.aagelectronica.com
Its been up and running over 2 years now.
I also have a cheap network camera hooked on one of the extra wired ports so I can have a look around.
Comment by kraftor — March 18, 2007 #
Should consider looking into Tomato as well. It’s pretty robust, and looks really nice with a graphical format for the bandwidth, sorted by QoS and colorcoded into pie charts. Started using it in January 07, and enjoyed it since.
www.polarcloud.com/tomato
Comment by 3ball — March 18, 2007 #
“Should consider looking into Tomato as well. It’s pretty robust” Not really, I mean WAY more than a standard router and it’s very pretty, but noting too exotic.
Comment by indolering — March 18, 2007 #
Good stuff — I never thought about installing other packages on my WRT54GL, but I sure am loving DD-WRT! It’s so much more stable than the Linksys original firmware.
Comment by Collin Allen — March 18, 2007 #
How about a free router to install dd-wrt?
http://www.i-hacked.com/content/view/250/42/
astralab@boxbe.com
Comment by Roy Koh — March 18, 2007 #
Great article. Thanks!
Comment by Randy Bryan — March 18, 2007 #
Don’t forget about X-WRT. It puts a nice GUI on OpenWRT - handy for those of us who are not linux gurus but appreciate the power and versatility of OpenWRT.
http://x-wrt.org
Comment by adept1 — March 18, 2007 #
OpenWRT provides with a lot more customization potential, since recent releases come with writable JFFS partition and the distribution is much smaller than DD-WRT. DD-WRT has a very slick UI, but that comes at a cost of less free space and less transparency if you want to do something that distro does not know how.
My only gripe with both is the not related to them per se, but rather to uClibc that has a few limitations that bit me in the past (e.g. getHostByName fails miserably if DNS server returns more than 20 entries).
Comment by ceesaxp — March 18, 2007 #
I’ve been considering getting one of these, but I wonder how their performance is, network-wise? I’m on a university provided link that easily pulls 4-5MB/s when connected directly to my desktop computer. They use 802.1x for authentication, but I don’t think each packet is encrypted (wpa-supplicant says they’re not).
So, how fast are these cute little boxes, really?
Comment by Philus — March 19, 2007 #
Another interesting firmware for the Linksys routers is Tomato, with features like realtime network stats displayed with SVG graphics and more sophisticated Quality of Service configuration. Check it out here: http://www.polarcloud.com/tomato
Comment by neurox — March 19, 2007 #
And of course not to forget FreeWRT
http://www.freewrt.org
Forked from OpenWRT and provides a more generic framework for developing embedded linux systems.
Comment by Martin — March 19, 2007 #
actually the WRT54G v4 is a great router. It’s V5 and V6 that aren’t good because they use the new OS and have less memory.
http://en.wikipedia.org/wiki/WRT54G
Comment by phinn — March 19, 2007 #
you guys should also check out the following:
http://www.linksysinfo.org/
Will provide tons of info on various firmwares, including OpenWRT.
Personally if you want most of those features but an easier to deal with experience I recommend getting Thibor’s (15c or 17c) firmware, it’s awesome.
Comment by phinn — March 19, 2007 #
Just think if you could load drivers for a USB hub using OpenWRT. That would make my netgear wireless print server usable.
Comment by Tim Graupmann — March 19, 2007 #
I’ve used DD-WRT and OpenWRT, and I give my vote to Tomato hands down. Regular releases and a consistent, well-defined interface. It’s more than just pretty graphics. The configuration forms are simplified and automated to an exemplary degree, illuminating and clarifying the underlying functionality rather than obscuring it. Excellent example is the QOS class definition form. Tomato is perfect for the user that is more interested in enabling advanced functionality rather than hacking for days and days and fighting unintelligent user interfaces. (No affiliation to the author, just an extremely satisified user.)
Comment by Mike McG — March 19, 2007 #
The one thing I haven’t found a way to make the alternative firmwares do is log AOL and Yahoo Messenger traffic. I trust my kids, but with so many bad people in the world I want to make sure I’m keeping an eye on their chatting! Any suggestions?
Comment by DangerMouse — March 19, 2007 #
> I trust my kids, but with so many bad people in
> the world I want to make sure I’m keeping an eye
> on their chatting! Any suggestions?
I have a good suggestion. Respect other people (and even your kids) privacy. No need to “homeland secure” them.
A parent should provide love, guidance and support to their children. Not policing. They need to learn from their own mistakes.
Comment by Anonymous Coward — March 19, 2007 #
I personally had no luck with chillispot on my WRT54GL. It used too much memory on the WRT and crashed about once a day. Had to move it to standard linux box and use an ordinary old access point.
Comment by Roger — March 20, 2007 #
I have tried most of the firmwares listed and my vote goes to DD-WRT. I have several friends and family members using it. I am very comfortable with Linux, so I also like to mess around with OpenWRT.
Comment by FCS — March 20, 2007 #
DangerMouse,
I have had to think about the same stuff with my kids.. I do not want to get into monitoring everything though… If kids go around someones back then their is another problem to solve… not the stuff said “secretly”.
I recommend setting IM defaults to not allow any IM except from people on your kids buddy lists. That will eliminate most potentially “bad messages”. Then talk with your kids about IM, phone, and other communication with their friends.
To go one step further you may set a “rule” that your kids tell you who they are wanting to add to their buddy list. That would be similar to who they are going to go hang out with somewhere.. just getting to know their friends.
Comment by tcc — March 20, 2007 #
For those of you who want to monitor your kids’ online activities… I am not going to debate/discuss the moral issues about that, that’s for each parent to decide. As for the network traffic monitoring, the easiest way I can think of off the top of my head is to run tcpdump and send the output somewhere. For example, if my WRT box is 192.168.1.1, I can run this command from any other machine with storage (for the potentially large dump):
$ ssh root@192.168.1.1 “tcpdump -i eth0 ‘tcp port 80′” > /var/log/http-dump &
This command will execute tcpdump on the remote machine 192.168.1.1 via SSH, records every packet that is sent to/from port 80 on eth0, and save it to a local file /var/log/http-dump. I will leave the exact syntax of tcpdump up to you to figure out.
A word of caution, this will slow down your WRT router’s performance.
Comment by Josh Kuo — March 20, 2007 #
Unless you are a die hard, paranoid parent, good luck on keeping up with the logging. While you are at it, you can add monitoring text messaging via cellphones. There is too much information to monitor everything. Education is your best and first line of defense.
Comment by sBox — March 20, 2007 #
Kraftor: Please get in touch with me, i would need help to copy your weather station setup. my email is : mark at kiteibiza.com
thanks a million!
Comment by markvanhaze — March 27, 2007 #
OpenWRT provides a great deal of flexibility, and there have been a few interesting packages that have been built on top of it. My personal favorite is a security package that adds functions such as IDS/IPS, VPN, AV, and more.
www.packetprotector.org
Comment by Haus — April 1, 2007 #
Hey Tomato does exactly what I want it to do: 1) I want to be able to boost the power output. 2) It blocks users past a certain distance, so even though I am high powered, I can keep my neighbors off my router 3) It has security 4) It’s Ajax Powered, at least the web bases interface is… ! I would use tomato just for this one feature only! 5) Did I mention that it has Ajax?
Randy
Comment by Randy Bryan — July 21, 2007 #
very interesting, but I don’t agree with you
Idetrorce
Comment by Idetrorce — December 15, 2007 #
I appreciate all the comments. I’ve learned a lot here.
However, i have a question: I have a wireless router that has been discontinued but it still works fine (but it can’t access the internet).
Right now i’m using it as a switch but i was wondering, would i be able to use it as a print server? Any feedback or suggestions would be greatly appreciated. Thanks.
Comment by grandnube — January 27, 2008 #
Grandnube:
Regarding your discontinued wireless router, if it has a USB or parallel port to which you can connect a printer, then you could likely use OpenWRT/DDWRT/Tomato to turn it into a print server. However, if there are only ethernet ports then you will not be able to use it as a print server.
Comment by high — February 1, 2008 #