Slashdot Mirror
Linux Distro For Linksys WRT54G
scubacuda writes "Here is a tiny Linux distro for the Linksys wrt54g (d/l the distro here). In just a few seconds, you can give your access point's ramdisk syslog, telnetd, httpd (with cgi-bin support), vi, snort, mount, insmod, rmmod, top, grep, etc."
Interesting -- "The script installs strictly to the ram disk of the box. No permanent changes are made. If you mess something up, power-cycle it."
does it still function as an AP properly?
This comes with vi and NOT emacs, as 95% of all distributions don't come with emacs!
yeah i was looking and i hit refresh and his counter jumped about 200 hits in a couple seconds so heres the article in case slashdot kills another site:
/var/modules/ in the following order : sunrpc.o, lockd.o, nfs.o then mount your disk.
/var/bin/snort -c /var/etc/snort.conf &
/var/log/snort
Jim Buzbee
September 05 2003
Mini wrt54g distribution Version 0.1
This is a mini Linux distribution for the Linksys wrt54g. In about 20 seconds, you can install a small set of Linux tools to your access point's ramdisk.
Upon completion of the installation, you will have a system with basic tools such as syslog, telnetd, httpd (with cgi-bin support), vi, snort, mount, insmod, rmmod, top, grep, etc.
To install, modify the script wrt54g.sh for your ip address and password. By default the script uses Java to move files to the wrt54g. If you would prefer wget, uncomment the wget lines in the script. I had a problem with older version of wget translating escaped characters before passing the URL on to the server. Your mileage may vary.
The distribution has been tested on firmware version v1.30.7, Jul. 8, 2003. The installation has been tested on Linux and OSX
The script installs strictly to the ram disk of the box. No permanent changes are made. If you mess something up, power-cycle it.
Upon successful execution of the script, you will be able to telnet to your box and start exploring its capabilities. Note that there is no login prompt, you telnet directly in as root. Be careful.
An alternate web server is installed on port 8000 of the box.
The nfs drivers are not loaded by default If you would like to mount a nfs disk, insmod the drivers from
To run snort, execute the following command on the box :
The snort configuration file should be changed for your network configuration and needs. Snort logs will be written to
If you wish to change the files sent to the box, untar distro.tar and add or subtract files. Normally you should not run the install script more than once for a power-cycle of the box. i.e. if you want to run the install again, reset the wrt54g first.
I have attempted to limit all changes to the ram disk, but there are no guarantees that you will not damage your unit by using these tools.
Download the distribution
Visit my wrt54g snort page
Thanks to Ross Jordan, C. J. Collier, Ben Grech and others who did the heavy lifting in figuring out how to get new code on the box
Jim Buzbee jbuzbee@nyx.net
consolevision roxors!
For us that buying a linksys router is even more preferable. For a personal user to any business criteria the advantage over having full source to this hardware is incredible. Certainly its going to ensure that they stay high on our prefered supplier list provising we can access the boxes and code. incidentally we install WiFi in Public spots for the UK which is being kinda slow to take this up.
And thats why Firecrackers and kittens don't mix.
Why not SSHD? Nobody in his right mind uses telnet nowadays.
http://blog.astyran.sg
None of them support Rendezous (AKA zeroconf), at least not on the level of Apple's airport base stations. That's a hack I'd really like to see.
---If you can't trust a nerd, who can you trust?
not terribly practical? Running snort on a wireless router isn't practical?
Slow? 125mhz MIPS is slow?
Might want to better explain what you mean.
OK, this Linksys has only been out for like a few weeks or something, and they've got a linux distro for it... Yet my Toastmaster 5000xdr Quad-port (with FG-200R bagel attachment) STILL isn't supported!
I mean, the linksys probably works fine out-of-box... But my Toastmaster STILL can't check with my Mr.Refrigeration Model XII to see if I'm out of butter and order more online. Sheesh, technology SUCKS!
I'm really not trying to be a troll, this is a serious question. What does making an access point into linux box atually do? Will it still retain all of its normal functions? Will this increase its functionality in any way? Being able to telnet into something as root automatically doesn't seem the safest thing to do for whatever this is, either.
I was going to post "But Does it RUN LINUX!?" but then I RTFA. Grr....
125 Mhz MIPS CPU is fast enough to do some interesting things, but the box only has 16 Mb of RAM, and no local disk for paging. That's going to be the limiting factor for most of the fun things you'd like to do with this box.
Could this be used to establish ssh tunneling from clients to the AP? That would, in my eyes, be far preferable to the somewhat lacking link security that 802.11 offers today.
Trust the Computer. The Computer is your friend.
Snort logs will be written to /var/log/snort
Ramdisk based snort logs aren't too enticing to me.
Another HTTP server on 8000 doesn't do anything for me either, especially when the one on port 80 is already like molases running up hill in winter.
The fact is that this might be useful in troubleshootingsomething on the router but, for production use it isn't terribly practical. But, then again who's going to rely on this router for any real production use. This is after all, a home or small office device.
But still no linux driver for the corresponding WPC54G PCMCIA card?
ssh tunnels are very bad performance. what you want is a VPN.
unfortunately you can't replace the kernel on the box with one that supports cool things because of the proprietary broadcom driver.
(here's to whoever takes the time to write a thunking layer for the linksys 2.4.5 broadcom driver to let it work with modern 2.4.22+ kernels!)
Has anyone tried this on a Linksys router other than the WRT54G? My BEFSR41 4 port cable/dsl router is still running strong, and I would love to have telnetd and the such on running on it!
Thanks!
- Cary
wrt54g.tar.gz (1.07MB) mirrors
:)
Posted anon, I'm no whore.
www.sk3tch.com/wrt54g.tar.gz
www2.sk3tch.com/wrt54g.tar.gz
www3.sk3tch.com/wrt54g.tar.gz
The article has already been posted, if the file becomes unavailible due to the /. effect a temporary mirror of the file is availible at: http://lightntrax.com/ben/wrt54g.tar.tar
From the article:
Yes, un-authenticated open telnet as root seems really dumb to me too, but you could always remove telnetd and add SSH w SSH2 RSA only authentication.
The "ssh tunnels are very bad performance" statement may be elaborated a bit more on this page titled "Why TCP Over TCP Is A Bad Idea".
We should be fighting this not supporting it.
transmission_err
1. AirSnort, already working.
8 /29/232022 8
2. Something like the MIT rootnet.
http://slashdot.org/article.pl?sid=03/0
By having the routing in the AP, it would participate in the roofnet without a server. Servers use more electricity and are noisy.
3. Security for open accesspoints.
You might leave our accesspoints open to share it with others. But you might want some extra security:
a) Block port 25 for others so they don't send spam and get you blacklistet.
b) Some VPN/SSH tunnels for privacy.
c)Traffic shaping. You would like to reserve some bandwidth for yourself.
Putting this sort of stuff in that device is a cool hack but totally the wrong thing.
It should run a little file server, serving something like 9p whihc would allow you to read/write settings and stream off the full data packets read for snorting.
fools.
There are places where the networks are not touching,and there are places where they are-Boeing's Lori Gunter
(Full Disclosure: I designed part of OpenSSH's tunnelling subsystem.)
TCP over TCP has issues when both stacks attempt to respond to the same error conditions. This happens very commonly with PPP over SSH. However, TCP port forwards in OpenSSH actually terminate at the daemon, which extracts the payloads, repacks them into completely independent streams, and sends them on their way.
In other words, an error condition on the routerexternal_site link doesn't show up on the clientrouter link.
OpenSSH tunnels have surprisingly high performance (it certainly beats most proxy implementation hands down). Easy to set up, too: Simply SSH into your host of choice with the -D option(say, ssh -D1080 user@host), set the SOCKS4 proxy in your application to 127.0.0.1:1080, and you're done. It's really quite simple.
--Dan
I own one of these little guys and I must say it's a neat little box. However, please be aware of the following issues that you might run into with it:
1) it runs quite hot. make sure it gets plenty of air. we had ours sitting on the carpet with the DSL modem on top and it would frequently over heat. Moving the modem off and setting the wrt54g on a board seemed to fix this.
2) it requires that you have good wiring. you may be shocked to know this, but if you live in an old house (like many college students) your wiring has a good chance of being miswired. The wrt54g will not work with wiring faults (even though many devices work just fine). the solution is to put a good surge protector or UPS between the device and the outlet. this seems to fix everything.
3) the dhcp implementation is a little funky and sometimes seems to reply with a DHCP NAK on an address request when it otherwise shouldn't.
All that aside, it's a great little box. It works well with my 802.11b card in the laptop and manages the wired stuff just fine. I can't comment on 802.11g because there aren't any cards with linux support out there (except maybe the minipci card in the wrt54g, but that's a binary driver).
I've gotten some interesting stuff to run on it, mainly some simple home automation stuff for a pervasive computing environment that was part of my research, but it's nice having everything together. Although, truthfully you're probably still better off with an EPIA board and a 256 meg stick of ram.
My Slashdot account is old enough to drink...
So in your view, Linux sucks. In most of the rest of the world's view, MicroSoft sucks.
Methinks you are obviously just another MicroSoft plant, sowing FUD. Imagine-- the 'x' in Linux makes it communistic. I suppose the same goes for Unix, and maybe even Mac OS X?
Jeesh!
While logging may not be too cool, controling what goes on may be. The gui does alot sure but you can do SO much more with rule based stuff. Like this machine can talk this way while that one can not...
How about a bind caching server ? How about a blackhole ad removal server? How about a time server? How about pushing the logs to another machine? While it may be slow these things do not have to be lightning fast, just fast enough. It is afterall just a simple router. Its not meant for 300 machines all trying to get the interenet. Its meant for like 4-5 computers. Also a 125mhz mips processor will do alot more than an equiv x86 machine. The mips processor is AWSOME in pumping data. The limiting factor here will be the 16mb of memory... I used to work on a 25mhz 4 way mips machine. It wasnt till i got to a 766 x86 that I found a computer that was AS good.
Also some logging may not be a bad idea. As it is wireless do you REALLY trust it? What if your leet 12yr old neighbor decides your wireless is cool. Do you really trust him? Sure he may be exploring but do you want him in your network? No you want to know what is going on. And I dont know about you but the logging on this router, as it currently is, SUCKS. It just shows who and what. But does not show when and does not resolve the name. IP A.B.C.D means nothing to me, but www.yahoo.com DOES. I for one will be playing with it...
...with running a connection through a tool like stunnel? Both are doing encryption, SSH likes keys, stunnel/SSL likes certificates, but after that I'm somewhat ignorant.
I've been tunnelling all kinds of stuff through OpenSSH for years, and while I've heard of stunnel, I only just recently started using it (encrypting an IMAP connection because IMAPS isn't supported).
I'm not asking for an hour-long briefing on /. or anything, but if you know of any web pages, pointers would be appreciated.
You cannot apply a technological solution to a sociological problem. (Edwards' Law)
i wonder what would happen if i ran the installer on my wap11 :D
slashdot: where everyone yells sarcastic metaphors to themselves to understand the issue
I have owned many, many pieces of Linksys gear, and while they may not be the "performance leaders", I have never seen one just die. I can't help but to wonder about the power situation in your home.
I would suggest getting some better UPS protection for your routers and switches. You would be surprised at how bad typical electrical service is, and routers and switches tend to stay on 24/7, thus pretty vulnerable. I run everything on UPS. Monitor, routers, hubs, everything. I live in the country (terrible for spikes and brownouts) and have all kinds of gear that is old beyond usefullness, but still works. Even an old UPS that doesn't hold a charge is better than none, since most spikes/brownouts only need about 5 to 10 seconds of power before returning to normal.
This doesn't change the fact that they may be more delicate that you care for, but my guess is you have a power problem.
Tequila: It's not just for breakfast anymore!
There's not a SINGLE "Imagine a beowulf cluster of these" comment yet? What the hell is going on here???
Will running Linux on this router allow you to use iptables? If so, then perhaps this could be used as a 'real' firewall with stateful packet inspection, rather than just NAT.
Of course, I'd prefer that this Linux OS be changed so it accepts a root password, but other than that, this could be a a great alternative to the default Linksys software.
It's more than that - I've used it to bridge several remote locations (1800 ft+) with external antennae.
Very reliable.Lowest price search results from pricegrabber.com. Lowest I could find on Pricewatch was $103 + shipping.
Amazon has it for $100 after rebate with free shipping.
There was a new firmware put out about 6 weeks ago. Here's the details.
Bad boys rape our young girls but Violet gives willingly.
Well the AP1100 and 1200 already support IOS. The AP 350 is going to support IOS soon, but the 340 never will. So you will very likely get your wish. The best part is that there is going to a subset of IOS for the 2600/3600/3700 routers as well as most IOS-based switches (Catalyst 6500, 4500, 3550, 2950, 3570) where on the Ethernet interfaces that connects to the Cisco/Linksys AP, you can configure all the AP parameters right in the interface configuration.
... and Netgear with the 108Mbps WGT624 AP and WG511T card.
We're testing the AP 1200 802.11 a/b dual-mode with the WLSE (wireless solutions engine linux box which does mini site-surveys, code pushes, management, mass upgrades, etc) with all the latest features... Secure Fast Roaming, Wifi Protected Access, et al.
Cisco/Linksys do make good devices, although the competition is stepping up... SMC with the Media Player competitive unit (Cisco/Linksys only does pictures, while the SMC unit does MPEG and other video streaming)
IPv4 allocations for hobbyists? join the ipalloc-l mailing-list! www.operations.net/mailman/listinfo/ipalloc-l
Another wireless access point that runs Linux is Netgear WG602. You can find some very limited information about it here.
Is anyone working on something similar for this device?
Blog Ho