Linksys router hacking

[Bob George]

Tom Metro wrote:
> Anyone tried hacking the Linksys WRT54G WiFi router? Either modifying 
> the stock distribution or installing one of the 3rd party distributions?

Yep, I've been running OpenWRT for about a month now, and loving it. I 
had steadfastly ignored the appliance firewall alternatives, preferring 
to roll my own using Linux. This gave me the best of both worlds!

> See:
> http://www.linuxjournal.com/article/7609
> 
> for links to resources and an article on the topic.

www.openwrt.org seems to be the best. The yahoogroups list isn't 
particularly active.

Many long-winded, ultimately uninteresting discussions can be had about 
the GPL implications of sveasoft, but if you want a nice, featureful 
device while maintaining the web-based GUI of the original linksys, 
check out:

www.sveasoft.com

I'm running both, but prefer openwrt for the same reason I prefer to run 
a firewall without a GUI. Both work very well though.

> I decided to pick one up this week when the price dropped to $50. Hard 
> to beat that price for a hackable Linux network appliance.

You may also want to check out the alternative firmware available for 
the Linksys NSLU2 USB network storage device at:

www.nslu2-linux.org

I've run that for a similar period of time, also with very good results. 
I'm using rsync to back up my server to the nslu every night, and it's 
working like a champ. I've been able to modify the Samba config to allow 
it to play well in my existing Windows network, and my users (home) have 
a ready backup of all their data at hand for when I'm away and unable to 
help. It also can function as an NFS server. Other packages allow it to 
function as an itunes server and other interesting things.

> The last time I looked into what was going on with the 3rd party 
> distributions, the emphasis seemed to be on boosting the wireless range 
> (particularly the Sveasoft firmware).

That's an immediate gain (from 28mW to 48mW with the public release), 
but keep in mind that turning up the power level doesn't necessarily 
equate to a better signal. On the sveasoft forums, there's a parallel 
drawn to turning your stereo volume knob up past 10. You may see equal 
or better gains by using a better antenna configuration.

There are many other features free for the asking:

- Client/Mesh/WDS repeater modes
- Quagga routing (ospf etc.)
- QoS (I'm using wondershaper)
- Firewall (iptables)
- VLAN (5 port router for < $100!)
- tcpdump
- openssh
- pptp server
- kismet wireless sniffer
- Dyndns client
- DNSmasq dhcp server & dns proxy

> My interest is more in using it as a cheap router platform that isn't 
> shackled by a GUI that implements only simplistic routing rules.

Same here. I definitely recommend it!

> For example, it sounds like it has adequate hardware to setup a real DMZ. 

Or several DMZs.

> Similarly, it should be possible to firewall the WiFi segment from the 
> LAN, which most consumer WiFi routers don't seem to be able to do (at 
> least not based on their marketing).

That was my primary interest. At some point, you get beyond what can 
easily be done with the GUI, so I made the jump to OpenWRT accordingly. 
You have to make some fundamental configuration changes to remove the 
wireless and internal switch ports from the default bridged 
configuration, but thereafter, eth1 is an interface just as with any 
other Linux configuration.

My ultimate goal (as-yet unrealized due to travel) is to "turn around" 
the configuration, with a single port facing inward, and the rest 
outward as external interfaces for DMZs (incl. wireless).

On a related note, I was able to locate some firmware for a German 
product that was based on the same hardware as my otherwise-useless 
Netgear AP, adding WDS repeater mode to its capabilities. I'm using it 
to connect to a Linksys WRT-54GS, thanks to the added Sveasoft 
capabilities. I also have a Buffalo unit using WDS repeater mode to talk 
to the Linksys. These aren't running Linux, but I understand that the 
Buffalo units can also run Sveasoft.

- Bob