Have been using OpenWRT to power my home adsl connection for the past month. Running Kamikaze on a Netgear DG834 v2, as detailed in my last post, and it's solid.
08:11:03 up 20 days, 3:39, load average: 0.00, 0.03, 0.08
Here is what I have done since then:
Connection
Modify /etc/init.d/network and remove all the /sbin/wifi up lines (I don't have Wifi). Also have /sbin/ifup wan under the boot section of /etc/init.d/network to get ppp to come up after booting.
ppp will automatically reconnect if it drops out. I also placed a script under /etc/ppp/ip-up.d/log_ppp_up that will log when my last connection
#!/bin/sh
pubip=$(ip route show dev ppp0 | awk '{ print $7 }')
uptime > /www/ppp-status.html
echo " wan ip: $pubadd" >> /www/ppp-status.html
Cron
Open wrt has cron, run crontab -e (same as vim /etc/crontabs/root) to setup jobs. There is however a bug in Busybox that makes cron leave an error message in your syslog everytime a task executes (other than the cron.err it seems to work fine).
Syslog
Use the logread command to view the syslog, and logger "some message" to write to it. To forward the system log to another machine in /etc/config/system under config 'system' add:
option 'log_ip' '192.168.1.10'
option 'log_port' '514'
option 'log_size' '16'
option 'log_type' 'circular'
Packages
The opkg package manager, http://code.google.com/p/opkg/, an actively developed fork of ipkg, is installed with OpenWRT. Before installing new packages I usually have to run the update command first.
Realtime bandwidth monitoring with ifstat package:
root@OpenWrt:~# opkg intsall ifstat
root@OpenWrt:~# ifstat -S
Time eth0 br-lan imq0 ppp0
HH:MM:SS KB/s in KB/s out KB/s in KB/s out KB/s in KB/s out KB/s in KB/s out
12:38:45 3.75 112.54 2.87 112.54 117.19 111.33 117.19 2.46
lsof is also a handy debugging tool that can be installed with opkg.
Somewhat worrying watching space shrink on my jffs parition when I install packages. Made the mistake of maxing out my disk once, it segfaulted and after a reboot it was luckily all okay.
Time Setup
Install the ntpclient to keep time on the device as there is no bios battery to keep time. Configure settings (ntpclient --hep) in /etc/config/ntpclient after install:
root@OpenWrt:~# opkg intsall ntpclient
Also be sure to set the correct time zone in /etc/config/system
Network traffic monitoring
It's very handy having tcpdump on your router :-)
root@OpenWrt:~# opkg intsall tcpdump
Forwarding all outgoing http traffic through a proxy on my LAN, add this to /etc/config/firewall
config redirect
option src_dport 80
option proto tcp
option src lan
option dest_ip 192.168.1.100
option dest_port 8080
Read more of firewall documentation for other examples http://wiki.openwrt.org/doc/uci/firewall
LEDS
OpenWRT does not fully support the leds on this model of router yet. The leds on the network swtich work fine, but there is no indication of wan status out of the box. I found this script on pitt-pladdy.com. Use scp or wget to place it on the modem:
root@OpenWrt:/etc/init.d# cd /etc/init.d/
root@OpenWrt:/etc/init.d# wget http://192.168.1.11/local-adsl-led
root@OpenWrt:/etc/init.d# ./local-adsl-led enable
root@OpenWrt:/etc/init.d# ./local-adsl-led start
The 3 front leds are now: (power) (cpu?) (wan up/wan down).
Further securing
- Install ssh keys for dropbear. root@OpenWrt:~# vim /etc/dropbear/authorized_keys root@OpenWrt:~# chmod 0600 authorized_keys
- Remove telnet now that a password for root has been set and ssh is working: root@OpenWrt:~# rm /etc/init.d/telnet
Future plans
I really like the OpenWRT platform and plan to keep messing with it, there are some cool mods out there. I also have a Netgear dg834g (v1) at home that I plan to install OpenWRT on next, but after that I might have buy a Linksys WRT router.
There are plenty of interesting things to do with routers:
Also I noticed that tor is available in the opkg repository, however its version 0.2.0.31-1 which is an old version. It might be worth looking at a project of installing the latest version of tor on another router, and have it all setup purely for secure anonymous web access.
