Hacking the Linksys WRT54G

Michael Torrie torriem at chem.byu.edu
Sun Jul 17 16:33:38 MDT 2005


On Sat, 2005-03-12 at 13:49 -0700, Corey Edwards wrote:
> On Sat, 2005-03-12 at 12:49, Gabriel Gunderson wrote:
> > Anyone messed around with putting a different Linux on one of these
> > wireless routers?  What works best?  What has the least risk?  What are
> > you doing with it now that it's opened up?
> 
> There was a discussion on the list a while ago starting here:

I just finished configuring my wireless wrt54gs the way I wanted it and
I thought I'd give a littler report.  (and resurrect a very old thread)

I had experience with sveasoft's firmware and quite liked it, but there
are numerous short-comings.  For instance the last version I tried had
only nvram for storing customizations such as firewalling scripts and so
forth.  There was no way to add your own init script or do any fancy
scripting on boot.  You could store your script in an nvram variable and
then write it to /tmp on boot and execute it, but this is very
cumbersome.  Also sveasoft's attitude towards its customers and the GPL
is appalling, so I hesitate to support a person like James Ewing
(sp?)[1].  Fortunately there are "hacked" (oh the irony) versions [2] of
this GPL firmware available without the heavy hand of Mr. Ewing hanging
over them [3].  These "liberated" firmware images are very good choices
if you want a little more than the stock linksys (need ssh, etc) but you
have no need to do anything fancy, such as custom vlans, true dmzs,
security zones, etc.

After reviewing the alternatives, I settled on openwrt[4].  Openwrt
takes a more debian-like approach to life.  Everything is stripped out
down to a core image (kernel, basic utilities).  Then you add packages
containing stuff you want on top of that.  For instance, openvpn, ntp,
wpa stuff, kernel modules for things like nfs, and even http guis.
OpenWRT won't just work out of the box.  You have to set it up like any
normal linux box.  The nice thing about openwrt is the core image is in
cramfs, and then they create a jffs2 file system across the remaining
flash where you can install new software, edit or create scripts, etc.
Also a rudimentary init script system is there.  Openwrt uses a stock
kernel with a few special drivers and things.  I never found the need to
recompile anything, since a ipkg install <package> found everything I
needed, including a program that updates those web-based dynamic dns
sites (not to be confused with dynamic updates for DNS :).  There are
many docs scattered around that helped greatly.  

I was able to set up a system where the wireless and some of the ports
on the back are put in a special vlan (security zones, really) and
strict firewalling using iptables keeps the wireless apart from my
trusted wired (just 2 ports on the back), and routes and nats everything
across the WAN (according to my rules).  Port forwards and QoS can all
be done using standard linux commands (iptables, etc).

OpenWRT can be as secure as you'd like.  It is just a linux box after
all.  I am very impressed with how much I can do with just a few
megabytes.

Michael


[1] http://slashdot.org/~TheIndividual/journal/, specifically
http://wrt54g.atw.hu/gmail_commented.html
[2] http://wrt54g.serwer.net/
[3] http://wrt54g.thermoman.de/#readingpleasure
[4] http://www.openwrt.org

-- 
Michael Torrie <torriem at chem.byu.edu>



More information about the PLUG mailing list