Slashdot Mirror

one to which you have the source code: https://www.dd-wrt.com/site/in...

While WRT project (I am still on Tomato) is excellent solution, for every non-technical user and even most techies having access to the source code is irrelevant. You still have to outsource decision making and trust to developers. Only in this case they are open source, so it isn't typical commercial hack job but a work of motivated and well-meaning people.

one to which you have the source code:
https://www.dd-wrt.com/site/in...

This AC is exactly right actually. If you don't want to deal with some god awful proprietary firmware or go commercial grade, pick up a Netgear router with good hardware and load DD-WRT on it. Been using it for years and it is the best decision I ever made for my home setup.

You can probably manage to either replace the Airport's ease of use, or the functionality, but not both.

Custom firmware like DD-WRT on ASUS routers was what I was using up until moving to pfSense on a small atom board. The ASUS hardware was decent enough, and less eye-wateringly priced than some competitors. I still have one in use as a dumb access point.

I've seen instructions for compiling Netatalk for DD-WRT for a more complete AirPort replacement. I've used Netatalk on an Ubuntu box as a TimeMachine source which worked seamlessly, for years.

But this fails, hard, on ease of use.

Are there any Netgear Wifi routers with easily replaceable firmware?

Yes. I've put dd-wrt on several netgear wndr3400v2 routers. It was literally as simple as finding the right firmware and using the gui on the netgear router to select the file from the list and hit update.

A quick glance shows that the R7000 mentioned in the article not only supports dd-wrt but is also one of the fastest consumer grade routers on the market that does: https://dd-wrt.com/wiki/index....

A good search engine should lead you to this.

There is absolutely no reason to keep using the stock firmware (other than laziness), and many reasons not to (see this story). If you don't know where to start: https://www.dd-wrt.com/wiki/in...

Could never understand the appeal of the original WRT54G router. I think I actually have one sitting in storage that I haven't used in years (just in case). There are literally hundreds of modern routers with much higher speeds and more memory that support the same DD-WRT firmware:
http://www.dd-wrt.com/wiki/ind...
I'm using one right now, and it has 802.11ac and 5 Gigabit ports. Has been rock solid ever since I updated the stock firmware to DD-WRT.

Look into this:

https://www.dd-wrt.com/wiki/in...

You're confusing "not open source" with "sloppy mess". From the same link you sent:

DD-WRT is a third party developed firmware released under the terms of the GPL for many IEEE 802.11a/b/g/h/n wireless routers based on a Broadcom or Atheros chip reference design.

Here is a tutorial on compiling DD-WRT from source: http://www.dd-wrt.com/phpBB2/viewtopic.php?t=269372

The business model doesn't change the GPL nature. Brainslayer arranged professional versions with customization for commercial applications. (Note: Stock, GPL DD-WRT works find on the Buffalo WZR-1750, so it isn't a matter of close-source tweaks.)

I'm interested in OpenWRT because it *is* a cleaner code base and more modular in nature. I like the idea of the packages vs a monolithic system. But that doesn't address the question of why one GPL project has working code for a particular system and another can't use it for their own GPL implementation.

comes with DD-WRT straight from the factory. Full open source, etc.

No, dd-wrt cannot be considered a fully open source project, as Openwrt is. See "Building_DD-WRT_from_Source". And an excerpt:

Building DD-WRT from source is difficult and according to the text here definitly not working on first try. You will see lots of strange errors and many confusing install-scripts. The forum is full of people who were not able to make this install-procedure running through. The infos in the forum is much newer than these here, but also very confusing and mixed up. (...) Brainslayer does not have the time to do everything ...

dd-wrt really looks like more of a closed project, that still benefits from the historical confusion related to is-it-or-not-open-source. This other quote from dd-wrt wiki is interesting

At present DD-WRT is available for free, although a different business model is being drafted by BrainSlayer in order to pay his salary, as this is his full time job

. And it seems dd-wrt makes arrangements with some wrt makers - this is why their firmware is available sometimes way before Openwrt.
I tried to install dd-wrt - because for some reasons it's what recommend people in forums - on some routers, and always had a problem: either instability, settings disappearing after a few reboots, features missing...

On the other hand, Openwrt is fully open source and is easily customizable. Installed it on many routers, including for friends, shops ... never a problem, stable, efficient. I even compiled the huge source to change the way dhcp delivers info to clients. I was amazed as how the projects is clean, compiles flawlessly. A good old open source. The Openwrt volunteers put a lot of work into these small devices, and they deliver. I don't think the bigger success of dd-wrt compared to Openwrt is legitimate.

comes with DD-WRT straight from the factory. Full open source, etc.

No, dd-wrt cannot be considered a fully open source project, as Openwrt is. See "Building_DD-WRT_from_Source". And an excerpt:

Building DD-WRT from source is difficult and according to the text here definitly not working on first try. You will see lots of strange errors and many confusing install-scripts. The forum is full of people who were not able to make this install-procedure running through. The infos in the forum is much newer than these here, but also very confusing and mixed up. (...) Brainslayer does not have the time to do everything ...

dd-wrt really looks like more of a closed project, that still benefits from the historical confusion related to is-it-or-not-open-source. This other quote from dd-wrt wiki is interesting

At present DD-WRT is available for free, although a different business model is being drafted by BrainSlayer in order to pay his salary, as this is his full time job

. And it seems dd-wrt makes arrangements with some wrt makers - this is why their firmware is available sometimes way before Openwrt.
I tried to install dd-wrt - because for some reasons it's what recommend people in forums - on some routers, and always had a problem: either instability, settings disappearing after a few reboots, features missing...

On the other hand, Openwrt is fully open source and is easily customizable. Installed it on many routers, including for friends, shops ... never a problem, stable, efficient. I even compiled the huge source to change the way dhcp delivers info to clients. I was amazed as how the projects is clean, compiles flawlessly. A good old open source. The Openwrt volunteers put a lot of work into these small devices, and they deliver. I don't think the bigger success of dd-wrt compared to Openwrt is legitimate.

Don't encourage him - he'll be posting about his hosts, firewall rules package that is so much better than uBlock, AB+, etc etc

There are things like this, people are complaining about Windows 10 need to send lots of data to MS, there is a WRT router script that has blocking rules set up for them, IIRC. You'll have to google for it though.. but here's a quick result to get you started

Have you considered using SSH tunnels to communicate with each site? You could run SSH servers on each network, open up ports on the upstream firewalls and get your connectivity that way?

You could also bind RDP to a port that is known to be open (http/https?) and set up dual factor authentication.

Setting up VPNs on any standard home router isn't that hard. Where you may run into problems is when IPs change. You may consider setting up DynDNS accounts for ease of use and setting up OpenVPN connections.

Since you didn't mention anything about the subnets behind the endpoints, openvpn will probably be your best/easiest route.

This should give you some ideas:
https://www.dd-wrt.com/wiki/in...

I agree - site to site VPN at the router level seems ideal for this challenge.

Just use a couple of small business routers with built in VPN. They do all of the different subnets and wireless and all of that stuff. They're a few hundred bucks each.

And yes, you could spend a lot of money for small business routers, or you could buy routers compatible with (or pre-installed with) firmware such as DD-WRT which will allow you almost all the same functions for much cheaper, but require a little more elbow grease to get working.

http://www.dd-wrt.com/wiki/ind...

Post 1/2, stupid lameness filter:

AshFox piles on/spends "moar" more = good? Inefficient! More moving parts complexity for breakdown + SPENDING MONEY to do it ENTAILS THAT!

DD WRT is just a free opensource firmware firmware for a good chunk of Linux based consumer routers that numerous consumers likely already own, often providing better firmware than the original firmware.

Ahem:When you do a STUPID THING LIKE YOU DID, blocking COMPLETE DOMAINS when limited subdomains are the problem ONLY

I'd rather block entire domains that I know are under the control of malicious entities, risking them creating a new subdomain seems pointless considering how trivial it is with DNS.

(+ your datalists for the SAME data in blocking ARE LARGER & MORE COMPLEX for "deny" rules in DNS tables by far)

There are actually less rules because I set the domain (or subdomain) in question to have an invalid zone file, so the DNS server won't even store any information about it and just returns NXDOMAIN since it doesn't have any zone data at all. I don't need multiple entries for multiple subdomains if I cover an entire domain as well, thanks to the hierarchy nature of DNS.

The easiest solution that I've found for this at home is opendns using DNS port intercepting on a ddwrt router. Simple instructions for making this happen are at http://www.dd-wrt.com/wiki/ind.... If you give your kid a cell phone with a data plan this will be quickly side stepped, but if you take a pass on giving your preteen a phone until they are old enough to grasp some of the needed conversations, it does give some measure of reliable and configurable protection to your local network.

All the models listed except the WNR2500 are supported by DD-WRT.

Upgrade people!

google is your friend.
http://www.dd-wrt.com/wiki/ind...

current stable (v24 SP1) is dated July 2008 (Link)

In fact, if you check the official site's downloads area, you will find the the "obsolete" folder is newer than v24-sp1! (Link)

I'd say you should do a little research too.

A VPN? To connect to where, from where? Are you doing this for something to do, or because you want to implement the best solution? Do you just want better router software?

Install Tomato or DD or OpenWRT or any one of their variants on your existing router.

Building your own in the name of security isn't going to work unless you really know what you're doing, which you said you don't in your summary. That sounds like a dick thing to say, but it's not. Security is difficult for people that know what they're doing, when people who don't try to DIY it, it's almost universally bad.

I will add to that and say that the pros that do know what they are doing still use the easiest solution whenever they can, not some convoluted mess. If you're doing it to learn that's one thing, if you're doing this as a noob to protect yourself somehow, stop!

The classic router for this purpose was the Linksys WRT54G, but that is getting very long in the tooth and does not support 802.11n or 802.11ac.

The current reasonably priced (about $100) pick that supports everything and is a *working* 2.4ghz and 5ghz 802.11ac router with OpenWRT or DD-WRT is:

TP-Link Archer C7 V2 AC1750

Manufacturer Info is here -> http://www.tp-link.com/en/prod...

It can be re-flashed with either OpenWRT or DD-WRT to provide firewall and a variety of VPN types. It also has enough flash to add other features and given that it includes 2 USB 2.0 ports can also used as a low power (compared to a full hardware PC) internet server.

The disadvantage on this router is that it only supports 1750AC and not 1900AC and that the USB ports are only 2.0. There are routers that cost a lot more that provide both 1900AC and USB 3.0, but they also do not currently FULLY support OpenWRT and DD-WRT.

My personal experience is that OpenWRT is more module than DD-WRT. This makes is easier to pick and choose "packages" in any configuration you'd like. For instance, I added the stunnel package to protect a IP video camera that did not provide HTTPS for remote home monitoring. Now the router provides necessary HTTPS for that use case.

If you are looking to use either DD-WRT or OpenWRT check their home pages BEFORE purchasing a router so you know that it is fully supported by each.

The router to AVOID at the moment appears to be the Linksys 1900AC which the manufacturer FALSELY claimed in their sales literature at launch supported. It still does not.

You can view info on the OpenWRT project here -> https://openwrt.org/

And the DD-WRT project here -> http://www.dd-wrt.com/site/ind...

A VPN? To connect to where, from where? Are you doing this for something to do, or because you want to implement the best solution? Do you just want better router software?

Install Tomato or DD or OpenWRT or any one of their variants on your existing router.

Building your own in the name of security isn't going to work unless you really know what you're doing, which you said you don't in your summary. That sounds like a dick thing to say, but it's not. Security is difficult for people that know what they're doing, when people who don't try to DIY it, it's almost universally bad.

This is way too much effort, unless you happen to enjoy yanking some chains over the phone. Here's how you quit Comcast: (1) Disconnect every piece of Comcast equipment in your home. (2) Load it in a box, and put the box in your car. (3) Drive to the nearest Comcast customer center. (4) Dump the box on the counter and tell the rep: "I wish to terminate my service immediately." No one will argue with you. You have completely bypassed Comcast's customer retention process by doing this. Pay the amount due on your bill, get a receipt with a complete list of the equipment you've turned in, then go home.

Its how you quit any cable provider that plays BS games with you...take the equipment to the office, pay the final bill and churn away from them. No time wasted on the phone at all.

DSL will always be better than throttled Cable Internet and 100% of Internet providers throttle to less than DSL speeds!

Someone mod this back up...the only effective way to combat this insanity is to leave them...cut off the service and churn.

Only one exception, if there is no other service available in your area, than your screwed unless you move!

I have been with DSL (not provided by a Cable company) for a few years and love it. All the Cable operators throttle the upstream bandwith to lower than 40Kbps and the downstream bandwidth to lower than 200Kbps and DSL is way faster than this.

To see it first hand as I did, get dd-WRT on a supported firewall/router and you will see the millisecond the speed test begins the bandwidth pipe opens full speed. The millisecond the speed test ends, the service is throttled back to the less than 200Kbps/40Kbps levels.

Occasionally if you are lucky, if you are able to stream video and/or download a video the pipe will open a little more and the download will happen faster.

Ironically, a dd-WRT enabled firewall router reveals this level of throttling with Cable internet 24 x 7 x 365 days...like the pipe is saturated late at night when people are sleeping and/or when others are working during the day. Ironic and pathetic.

This is way too much effort, unless you happen to enjoy yanking some chains over the phone. Here's how you quit Comcast: (1) Disconnect every piece of Comcast equipment in your home. (2) Load it in a box, and put the box in your car. (3) Drive to the nearest Comcast customer center. (4) Dump the box on the counter and tell the rep: "I wish to terminate my service immediately." No one will argue with you. You have completely bypassed Comcast's customer retention process by doing this. Pay the amount due on your bill, get a receipt with a complete list of the equipment you've turned in, then go home.

Its how you quit any cable provider that plays BS games with you...take the equipment to the office, pay the final bill and churn away from them. No time wasted on the phone at all.

DSL will always be better than throttled Cable Internet and 100% of Internet providers throttle to less than DSL speeds!

Someone mod this back up...the only effective way to combat this insanity is to leave them...cut off the service and churn.

Only one exception, if there is no other service available in your area, than your screwed unless you move!

I have been with DSL (not provided by a Cable company) for a few years and love it. All the Cable operators throttle the upstream bandwith to lower than 40Kbps and the downstream bandwidth to lower than 200Kbps and DSL is way faster than this.

To see it first hand as I did, get dd-WRT on a supported firewall/router and you will see the millisecond the speed test begins the bandwidth pipe opens full speed. The millisecond the speed test ends, the service is throttled back to the less than 200Kbps/40Kbps levels.

Occasionally if you are lucky, if you are able to stream video and/or download a video the pipe will open a little more and the download will happen faster.

Ironically, a dd-WRT enabled firewall router reveals this level of throttling with Cable internet 24 x 7 x 365 days...like the pipe is saturated late at night when people are sleeping and/or when others are working during the day. Ironic and pathetic.

Well - the only data players where I live are Verizon FIOS and Cox. Both of which will charge you $70 per month for data only.

I had Cox at pretty good speeds for about $30/month.

That was true of FIOS, but they currently have a $30/month option with 25/25Mbit symmetric service with 2-yr contract. They also force a $5/month router rental on you, but if you do things right, you can send it back right after installation:

http://www.dd-wrt.com/wiki/ind...

Find a local router that you like the look of, see if it is on this data base http://www.dd-wrt.com/site/sup...
if yes purchase

Factory firmware is a lot more capable now than it was ten years ago, since the developers have been cribbing from DD-WRT, OpenWRT, and Tomato over the intervening time. Ten years ago, the stock firmware was much less capable than the hardware it was controlling; today, that's not nearly so much the case. However, if you want to, there's Shibby's tomato, or Merlin, or even DD-WRT itself. All support popular modern routers.

Want a narrow list of choices? DD-WRT Firmware FAQ: Which router should I buy?
Want a lot of details? OpenWRT: Table of Hardware, or DD-WRT Wiki: Supported Devices

Want a narrow list of choices? DD-WRT Firmware FAQ: Which router should I buy?
Want a lot of details? OpenWRT: Table of Hardware, or DD-WRT Wiki: Supported Devices

It's going be blast for people using the best available ARM home router at this moment, Netgear R7000 More details here: http://www.dd-wrt.com/phpBB2/v...

What strange protocol is it using? OpenVPN?

We use OpenVPN at my work and any of our users that have FiOS have issues with it. It'll be super slow and they'll get disconnected.

It's actually a known issue though and has to do with the crappy Actiontec routers Verizon uses. When you connect to OpenVPN the routing table gets screwy. Guess it's got a limited size or something.

It's easily fixable by changed the IP of the Actiontec router and then connecting a new router with the original IP.

Articles on doing so:
http://www.dd-wrt.com/wiki/index.php/Verizon_FiOS_-_Using_Your_Own_Router
http://www.jaredlog.com/?p=1042

However we don't offer this to our users since they wouldn't now how to do it and we won't do it for them.

I live in south King County and logged into my Comcast account to see what all the fuss was about. Because I have a separate router running DD-WRT and it is connected to my Arris cable modem I do not have the Xfinity WiFi option; or perhaps it is because my Arris cable modem does not have WiFi available when checking it's IP address of 192.168.100.1. Using their online Xfinity WiFi finder, one person near me has Xfinity WiFi and one person near where my dad lives does as well.

yep, then you can just be vulnerable to the NSA heartbleed instead.

You might want to research things before you go off on a tangent like this. As http://www.dd-wrt.com/site/content/heartbleed-dd-wrtdd-wrt-online-services quite well explains it, DD-WRT is only vulnerable if you run any of the following services on it: openvpn, squid, freeradius, asterisk, curl, pound, tor, transmission. None of these are enabled by default and most people don't use these services in the first place. DD-WRT's configuration interface, its own, built-in SSH-server and the likes are not vulnerable.

The link also quite conveniently mentions the following tidbit: "OpenSSL was updated immediately in the DD-WRT SVN repository. It can take a view days until we can provide updated versions for all routers."

It depends on which version of dd-wrt you installed, not necessarily when you installed it. I have a WRT54G that I just flashed r14929 on a few weeks ago, but it's fine, because that build is from 2010 and predates the Heartbleed vulnerability. The vulnerable builds are 19163 to 23882, see here.

Should be installing DD-WRT

The key thing to note is that the main vulnerability here is through the use of OpenVPN with an affected SSL library. IIRC OpenVPN is only affected when used in "pre shared key" mode instead of using client certificates (which is the recommended way of running things anyway), so there is further mitigation there (but anyone using OpenVPN needs to check they config and confirm that the server end (if using another party for that) has done so too.

There are other parts of DD-WRT that could potentially be a problem too (tor particularly as it runs a listening service) if you have them turned on. See their own advisory for more details: http://www.dd-wrt.com/site/con....

Since my primary usage of their service is to access my array of routers at networks I control, I plan on using one of these alternatives if DNSimple, where I have a paid account, doesn't implement dyndns support in the next 30 days:

http://www.dd-wrt.com/wiki/ind...

http://www.dd-wrt.com/site/ind... Why not right?

According to the article, he was told it was a voluntary interrogation. At that point, he should have just taken down the names of all the officers and movie theater staff and left.

I agree with you, jot down the names and say, "No Thank You".

Or perhaps he coud have countered, tell you what I will let you look at my data, assuming you understand it belongs to me and delete it after you look at if (if downloaded) AND if you give me 3 sets of 2 free tickets to the movies of my choice in over the next year when I prove my innocence to your insane insulting claims.

Tell them to put their money where their mouth is!

The article update states that "MPAA task force" happened to be there and was the true catalyst for this illegal search (if he had not agreed to it) and seizure.

I probably would have asked them if they had a warrant, and knowing that they did not, simply said well excuse you than. I probably would never have went back to that theatre again.

I don't blame any customer for not wanting to leave their computer, laptop, tablet, handheld or google glasses in their car where they could be stolen. Even better if you can get a google glass with a prescription and he needed the glasses to see the screen!

Don't they, MPAA, know that any 'recording' of a film looks like crap when you replay it. This is true for any recording of a movie in a theatre. You can tell as someone will walk in front of you as the movie is starting or someone will be coughing or talking with no one on the screen. If I were going to use my computer's hard disk like a VCR, watch and than erase content, I would not waste my time downloading a copy that was made from any handheld device in a theatre anyway. It would be crap and I simply would not bother watching it. Instead I would find a better source.

No one is going to make a DVD copy of a movie at the theatre, while watching a movie.

Makes the MPAA task force look even stupider than their mandate identifies them to be.

Besides, it has long been proven that allowing people to view and download content (esp music and movies), only increases sales. That is old news. Of course they would imply otherwise.

They also try to make you think there are thieving bittorrent crackers living on every street, in every neighborhood, in every city, in every county, in every state and that is why the streaming content stutters and broadband bandwdith is so pathetic. When the real reason is because either the cable internet service is oversubscribed and broadband bandwidth throttled to insanely low levels.

That excuse is laughable when you think about it! There probably is not more than two/three people living in my neighborhood who know how to set up a bittorrent and use it and there are more than a dozen streets in this neighborhood. Who does the Cable company, MPAA failed policing think they are kidding? Even a technophobe when asked with that argument, sees the stupidity of it.

Get yourself a DD-WRT enabled device (firewall/router) and see your bandwidth in real time if you do not believe me. Its obvious, watch what happens when the fake speed test ends. Watch that promised 20Mb/4Mb get throttled to 100Kb/30Kb the millisecond the fake speed test finishes. This fact is why any DSL broadband is better than Cable internet, as 100% of Cable Internet providers throttle/restrict their customers bandwidth to create the scarcity myth, their pricing so desperately depends on. The dishonesty is when you pay more, they continue the throttling and resricting which should be against the law. You (customer) can only see it with an opensource, DD-WRT, tomato or OpenWRT enabled device.

As with music, we only purchase

According to the article, he was told it was a voluntary interrogation. At that point, he should have just taken down the names of all the officers and movie theater staff and left.

I agree with you, jot down the names and say, "No Thank You".

Or perhaps he coud have countered, tell you what I will let you look at my data, assuming you understand it belongs to me and delete it after you look at if (if downloaded) AND if you give me 3 sets of 2 free tickets to the movies of my choice in over the next year when I prove my innocence to your insane insulting claims.

Tell them to put their money where their mouth is!

The article update states that "MPAA task force" happened to be there and was the true catalyst for this illegal search (if he had not agreed to it) and seizure.

I probably would have asked them if they had a warrant, and knowing that they did not, simply said well excuse you than. I probably would never have went back to that theatre again.

I don't blame any customer for not wanting to leave their computer, laptop, tablet, handheld or google glasses in their car where they could be stolen. Even better if you can get a google glass with a prescription and he needed the glasses to see the screen!

Don't they, MPAA, know that any 'recording' of a film looks like crap when you replay it. This is true for any recording of a movie in a theatre. You can tell as someone will walk in front of you as the movie is starting or someone will be coughing or talking with no one on the screen. If I were going to use my computer's hard disk like a VCR, watch and than erase content, I would not waste my time downloading a copy that was made from any handheld device in a theatre anyway. It would be crap and I simply would not bother watching it. Instead I would find a better source.

No one is going to make a DVD copy of a movie at the theatre, while watching a movie.

Makes the MPAA task force look even stupider than their mandate identifies them to be.

Besides, it has long been proven that allowing people to view and download content (esp music and movies), only increases sales. That is old news. Of course they would imply otherwise.

They also try to make you think there are thieving bittorrent crackers living on every street, in every neighborhood, in every city, in every county, in every state and that is why the streaming content stutters and broadband bandwdith is so pathetic. When the real reason is because either the cable internet service is oversubscribed and broadband bandwidth throttled to insanely low levels.

That excuse is laughable when you think about it! There probably is not more than two/three people living in my neighborhood who know how to set up a bittorrent and use it and there are more than a dozen streets in this neighborhood. Who does the Cable company, MPAA failed policing think they are kidding? Even a technophobe when asked with that argument, sees the stupidity of it.

Get yourself a DD-WRT enabled device (firewall/router) and see your bandwidth in real time if you do not believe me. Its obvious, watch what happens when the fake speed test ends. Watch that promised 20Mb/4Mb get throttled to 100Kb/30Kb the millisecond the fake speed test finishes. This fact is why any DSL broadband is better than Cable internet, as 100% of Cable Internet providers throttle/restrict their customers bandwidth to create the scarcity myth, their pricing so desperately depends on. The dishonesty is when you pay more, they continue the throttling and resricting which should be against the law. You (customer) can only see it with an opensource, DD-WRT, tomato or OpenWRT enabled device.

As with music, we only purchase

If you have the money to spend and do not want to build your own Linux media server (plan to do this with my older ZaReason Breeze 4220 PC), you could checkout ZaReason's product offerings. They build Linux boxes, you tell them what Linux distro you want on them.

ZaReason's small footprint media server, MediaBox 5440 (quad core power in a little bitty living space) or if you have room for a bigger box and are interested in 4 hot swappable sata bays, the Breeze Server 5880 looks like a very nice server.

Of course any Linux server can be made into a media server and any Linux PC can be turned into your personal DVR and a Linux server. Once you start using a Linux box this way, you will not want to 'stream' content over the internet, especially if you are a cable internet subscriber. Especially with a new LG 60 inch LED TV 1080p 300hz (Monitor wall anyone?) costing under $800! Just plug into your Linux PC and enjoy watching what you download!

Remember that 100% of Cable Internet providers throttle their bandwidth, meaning DSL is usually faster than their throttled cable bandwidth promises. DSL is usually cheaper too! The cable company's marketing bandwidth claims are lies based on this throttling!

(Run DD-WRT on a supported device to see your actual bandwidth in real time after the speed test ends, cable users will be shocked and disgusted!

A promise of 20MB/4MB gets throttled to less than 101Kb/20Kb in my experience and I guestimate you need at least 230Kb upstream for the stuttering to stop and they throttle the upstream to less than 20Kbs if you have the means to see it, granted other factors apply) This is why most of us download something before we watch it, forget about streaming over the Internet!

And with the recent net neutrality loss in the DC courts (January 14, 2014), this is going to become more of a problem for those of us wishing to download and stream content. It's going to get ugly folks!

I highly recommend Firefox with the DownloadHelper Plugin in order to download content from the Internet. Don't worry about the proprietary Windows formatted content, there are always other options, usually on the same download site. My friends and I refuse to purchase music that can not be played on any of our Linux devices (mp3, handheld, tablet, laptop, PC, server). If everyone did this, proprietary formats would be useless. And I pay for some content, just not proprietary formatted content. Even in the days of VCRs, I did not want to own every movie that I watched, only the few that I really loved, thus using a PC like a VCR, as in DVR, simply is the way we have always been doing things. If a TV/Cable Series or Movie is that good, I go buy it, usually after multiple seasons our out. Got all 10 Seasons of Stargate for under $300 at Fry's Electronics in CA, think I paid under $199, but its been awhile. Bought DVR version of "Dave" too, wish all our presidents were like Dave! Love that movie.

You can pretty much download anything down to a Linux PC and then stream it from there 'locally' on your network. This basically uses your harddrive like your own personal DVR box, no bandwidth throttling by cable companies to cause your streaming to stutter or stop. And you simply erase it after you watch it, just like we did with VCR tape recorders back in the day.

Full Disclosure, I do not work for ZaReason, just met the owners at SCaLE in Los Angeles a few years back (SCaLE 7x in 2008 I believe) and was very impressed with them, their company and their products. Became a customer i

I was pissed about that incident too... ten years ago.

Belkin hasn't repeated that bad behaviour since then, and now we are talking about a hardware platform that supports you running DD-WRT. There won't be any shenanigans here, can't be if you install the latest DD-WRT yourself.

So, is your burning hatred so powerful that it will rule out a product like this after ten years? That's a decade. I'm over it. How about you?

A quick googling pulled up this.

http://www.dd-wrt.com/wiki/index.php/DNSMasq_Local_Network

And a lot of other brands... if those are the routers where you can replace the original firmware with a more free, openly auditable alternatives like DD-WRT, Tomato, OpenWRT or others. Or even put Cummulus in supported models. Or if you go to a more generic pc like alternative, directly putting linux or some BSD flavors.

This, perhaps?

Uh. Nope. I'm looking for a disk image I could fire up on a tiny pc (or in a VM) that'd meter wifi...

DD-WRT or Tomato then?

You could also consider rolling your own solution, if you have a particular program or suite of apps in mind; basically, just install the distro of your choice, install and configure your apps, then add them to cron.

I'm sorry, I'm not sure I understand your question, and I think I'm missing something. It seems like you're just asking how you install an alternative firmware on a consumer router; if so, it's pretty easy, you just go get the firmware you want (after checking that it works on your piece of hardware, be sure to check the HW revision number too!), and then follow the instructions. Usually, they just use the standard built-in firmware upgrade process in the router's web interface, except instead of loading one of the mfgr's firmware versions, you point it to the alternative one.

If your old router isn't on the supported list, however, it's either not possible (due to hardware limitations, such as insufficient memory on the device), or no one's figured out how to get it working yet and publish a build for that router.

According to this page, IPv6 is supported by DD-WRT, but ip6tables is not built-in by default, so you may need a special build to make it an IPv6-capable firewall.

A couple years back, dd-wrt had its own security issues which was not, in my oipinion, publicized as widely as it should have been.. I remember some internal debate with some people saying it wasn't that big a deal so no need to big issue warnings/press releases. They thought posting it on the web site was enough.

Hopefully they're better at getting the word out now.

People still run their 54gl's stock???

Repeat after me: d-d--w-r-t

Turns your router into something more like one of those fancy enterprise cisco routers. The 54gl is dd-wrt's 1st platform I believe (too lazy to look it up), so compatibility is bound to be around 100%.

Sounds to me like two things you could have done to remedy this problem.

The discovered and known-to-work fixes:

1) "Overclock" the CPU of the router. They were quite capable of having the CPUs clocked up to 250 Mhz with passive cooling. With active cooling, some users had 300 Mhz or higher. One enterprising individual had his clocked to 500 Mhz with watercooling.

2) Change your ip-conntrack settings. The default settings were too low, even for non-torrent/slow connection use. I think you needed to update the number to track at minimum 2400, but the higher the connection speed, the more you needed. The optimal for fast lines was 4096 maximum ports, 600s TCP timeout, 120s UDP timeout. http://www.dd-wrt.com/wiki/index.php/Router_Slowdown has a good explanation of this.

It looks like this could work well with a Synology configured for disk redundancy, plus a home router with VPN (dd-wrt or tomato).