Creating A Super-Router

Aaron writes "Kind of an interesting discussion and story over at Broadband Reports about the flurry of vendors releasing modified Linux based firmware updates for the Linksys WRT54G router. The updates bring a whole new level of functionality Linksys couldn't be bothered to incorporate. Among a long list of free improvements is the incorporation of bandwidth management, allowing users to end the days of choppy VoIP conversations without swapping out hardware."

For the do it yourselfer

[yebb]

Want to hack your Linksys WRT54G Router yourself?

Here's a detailed guide on how to do just that.

Re:For the do it yourselfer

[epiphani]

And for the lazyass:

This guy has packaged firmware flashes that incorporate the most popular expansions. All I wanted was some basic SNMP, and it provided - along with some other handy features.

Re:For the do it yourselfer

[Sloppy]

Want to hack your Linksys WRT54G Router yourself?

Here's a detailed guide on how to do just that.

How strange the world has become, when following someone else's detailed guide, is referred to as "hacking." ;-)

NOW they tell me

[unbiasedbystander]

It's wonderful to learn that I could have powered it up before I sold the piece of junk. *sigh* www.ebay.com

Wondershaper...

[garcia]

For those of you that don't know, and are interested, Wondershaper can be found HERE.

It is AMAZING.

Sample config:

DOWNLINK=6000
UPLINK=200
DEV=eth0

# low priority source ports
NOPRIOPORTSRC="6881 6882 6883 6884 6885 6886 6887 6888 6889 80"

Sets those ports to only use up 200k of my 256k upstream leaving me the rest for SSH etc. I never have any problems w/my remote connection speeds this way. It's fantastic.

I have only had a single problem, recently, with Debian unstable... It removed my libatm for some reason. I reinstalled that and all was well.

Highly recommended for everyone, not just users of this "hackable" router.

Re:Wondershaper...

[pacman+on+prozac]

Sets those ports to only use up 200k of my 256k upstream leaving me the rest for SSH etc.

Not quite, you're shaping your entire uplink to 200kb and not using the extra at all. To quote the wondershaper source:

# shape everything at $UPLINK speed - this prevents huge queues in your
# DSL modem which destroy latency:
# main class

tc class add dev $DEV parent 1: classid 1:1 cbq rate ${UPLINK}kbit \
allot 1500 prio 5 bounded isolated

Thats the class all uploads are shaped through. If you read the script all the other traffic classes are set with parent 1:1 which is the classid of the above. With tc you have to run all traffic through the available classes otherwise it gets 0kb rather than any remaining bandwidth, I accidently broke a netcafe once by forgetting to put DNS traffic into any class. Wondershaper does actually assign all traffic to 3 classes within the above, each with differing priority.

The ports you mention are given lower priority but within that class, so within that bandwidth set in $UPLINK.

Cisco will try to stop this somehow

Cisco only bought Linksys to prevent their routers from getting more advanced and competing with their expensive stuff.

Re:Cisco will try to stop this somehow

[dasmegabyte]

There is a LOT of truth to this.

Last month, my company was looking for a replacement for the overly expensive, hard to manage firewall. Our favorite consultants (who seem think we are idiots and yet don't understand the words "packet filtering") tried to sell us on a Cisco firewall device that was something like $2000. I thought this was insane, seeing as all we needed was a nice interface to ipchains (nobody but me knows Linux here, so that wasn't an option). I look at LinkSys, but they didn't have anything which would do anything more advanced than direct NAT. This seemed strange to me, as at home I had a Linksys firewall router that allowed me to do pretty much whatever I liked when it came to mapping ports and setting up load balancing.

Dlink -- who used to be a direct competitor to Linksys in every segment of the market -- had an awesome device which rivalled the features of the Cisco router for only $300. I had a problem with the first one they sent out, got good support and they sent me a replacement. I had that one up and running in an afternoon without a problem (well, with one problem, but that was due to the Cisco cable router, not the Dlink). And we saved so much money, we could afford a nice spam filter and a new development server. And the new device has a nice, fairly unbuggy web interface that is way easier to use than plain ipchains/iptables with MOST of the functionality (it does bomb out after a certain number of NAT mappings, but since this thing is only 300 MHz I suppose that's for the best).

Re:Cisco will try to stop this somehow

[dagnabit]

I have a friend who used to work at Cisco. After the Linksys acquisition, they put management barriers in place so that people from the Cisco side of the house would be blocked from "infiltrating" and/or influencing Linksys with anything Cisco-related.

Cisco (at the time anyway) wanted to keep them "as is"... dunno if that's still the case or not.

Re:Cisco will try to stop this somehow

[NerveGas]

and a lot of the routing logic is hardware based so they are able to scale & perform much better than the latter

That's only true if you're not doing anything but routing. Start adding in any features that are remotely useful, and you've gone from CEF/fast switching to process switching. And that means you take a 5x to 10x performance hit.

You actually have to purchase a *VERY* expensive Cisco to get one that can't be out-performed by even a relatively modest PC.

And even on the high-end, there are PC's that will completely blow away any but the very largest offerings from Cisco.

There are, of course, several real advantages to using a Cisco router instead of a PC. First and foremost, if you have the money for it, you're going to be able to find a network interface for almost any type of network you can imagine. DSL to SONET, the interfaces are there for the buying. I'd *almost* say that they would "just work", but that's not always the case. I just had to upgrade the IOS versio on one of my Ciscos (a *paid* upgrade) to get nothing but support for an additional ethernet WIC.

Another large (perhaps HUGE) advantage is the fact that as long as you want to keep paying the money for it, there will always be someone there to back you up and make sure your problem gets resolved, even if you're not capable of fixing it yourself.

So, I'm not saying that there's no use for Cisco. I'm just saying that absolute performance (and especially price-for-performance) are not real advantages for them.

I don't know why they would want to hold back Linksys development though

You can't? Let's think about it: Do you think they'd rather sell a $200 Linksys router, or a $2,000+ Cisco router?

I know, it sounds cynical. Unfortunately, I've worked in enough corporations to know that is *exactly* how decisions are made on these things.

They'll keep the Linksys line around for the low-end market, the home users that don't demand much. But for anything above that, they're never going to let Linksys compete with their Cisco line. They're not stupid.

steve

Not true

[Rosco+P.+Coltrane]

One of the problems with VoIP has been choppy communications when users are making heavy use of their broadband connection.

Tha t's abs olutel y n ot true.

-- Reg ards
Sanf ord Wall ace

Re:Not true

[Luyseyal]

Heh, sounds like Marketplace on NPR yesterday... a VoIP advocate was dialed into the studio via VoIP and his connection kept dropping out. It was pretty funny.

-l

Re:Not true

[Short+Circuit]

I wouldn't say he was an advocate. He merely said he understood why wired companies were freaking out.

However, I definately noticed a drop in the sound quality when he switched back to VOIP. I also noticed he hadn't canceled his landline subscription yet. ;)

Re:Not true

[Goldfinger7400]

For those of you who missed it, there is a RealPlayer feed on marketplace.org.

And how exactly are we to distinguish the VoIP dropoffs from the RealPlayer dropoffs?

For free?

[burgburgburg]

Is that free as in beer, free as in software, free as in "Freedom's just another word for nothing left to lose, Nothing, and that's all that Bobbie left me" or free as in "If you free me from these handcuffs now, I promise not to press charges". I always get them confused.

Re:For free?

[ColaMan]

Free as in "whateva-you-can-pull-outta-the-dumpsta-before-the -truck-comes" free.

so, that's "free, but it stinks?"

hack for WAP54G - higher power output

[davids-world.com]

i'd like to recommend the Neo firmware hack, which boosts the Linksys WAP54G output. That solved some problems for me :)

Is that linux based system available for the WAP as well? (Dunno if it's got enough RAM & flash memory to run&store it...)

Re:hack for WAP54G - higher power output

[swfranklin]

Please, unless you live waaay out in the sticks.... the 2.4GHz band is getting crowded enough; cranking up your WAP output by 4 times just so you can use a laptop in the basement crapper can be a very un-neighborly thing to do. I'm having a hard time coming up with a channel that isn't being stomped on or stomping on someone else's nearby WLAN.

Not entirely accurate...

In order for this to be true, where is my free Linksys router?

Very important story

[Quixote]

There's a very important lesson hidden in here, which I hope the other hardware vendors will see and take note.

Linksys is a hardware company. They make money by selling hardware. By opening up the software (and making their hardware "hackable"), they will increase their hardware sales.

My hope is that other hardware companies (you name 'em: ATI, nVidia, Intel, Broadcom, Logitech, etc. etc.) will see this, and make their drivers (and associated software) open-source, thereby making their products "hackable" ==> increased sales.

I hope the "media" will take note of this, and put it out in plain words so that the PHBs who make the decisions will learn the lesson.

Re:Very important story

[kiwimate]

From the posted story:

The updates bring a whole new level of functionality Linksys couldn't be bothered to incorporate.

From the parent post:

There's a very important lesson hidden in here, which I hope the other hardware vendors will see and take note.

Why would they, when the story gets picked up by the open source community (represented here by Slashdot) and is immediately regurgitated using phrasing which insults a company that is actually doing something we like? Perhaps other people see it differently, but if I were a Linksys person reading this, I'd be pretty bugged by the "couldn't be bothered" cheap shot. Especially for a product that is apparently under a hundred bucks.

Linksys

[FrostedWheat]

I wonder how many of these routers Linksys have sold simply because it runs Linux and is hackable (in the good sense). They were originally very resistant to the idea of letting people do this. Infact it all started because of a bug in there old firmware!

Now, if only Linksys could release proper Linux drivers for there other wireless goods. At the moment they are all useless to Linux users.

Comcast Users:

[Pirogoeth]

Once Comcast lets you in on what your unlimited bandwidth limits really are, you could use this to meter your access to help keep you under the unlimited limit...

Couldn't be bothered to incorporate?

The updates bring a whole new level of functionality Linksys couldn't be bothered to incorporate.

Thanks for the link to the modifications you couldn't be bothered to make for me, Aaron. I guess I'll have to go buy a Linksys, since you couldn't be bothered with buying one for me.

Nice little anti-corporate jab there. Linksys builds good solid stuff for a reasonable price, and all you can do is complain that it doesn't do everything.

What about 6to4 tunneling?

[Phil+Karn]

It's really great to see people finally enhancing these boxes. These routers have ideal form factors compared to, say, a dedicated router PC running Linux, but their default firmware has always been very poor.

I didn't see one feature mentioned that I'd really, really like to see added to these boxes: an IPv6 6to4 tunnel. This is an ideal way to penetrate a NAT so you can establish direct TCP connections (and speak UDP) to any servers on your LAN from the outside. IPv6 support has been in all of the major operating systems for some time now, including Windows XP, Linux and Mac OS X, and while not every application is IPv6 ready, the important ones (like SSH) already are.

If 6to4 tunneling could be added to these consumer routers alongside IPv4 NAT, IPv6 stands to really take off without any help whatsoever from the ISPs. In fact, I almost prefer that my ISP not implement native IPv6. I like the fact that they now carry my encapsulated IPv6 packets without any ingress filtering, port blocking or other end-to-end-wrecking nonsense, and that they are oblivious to (much less control) the IPv6 address space. If or when the ISPs do implement native IPv6, you can bet that they'll exercise the same degree of arbitrary control that they now do over IPv4.

Re:What about 6to4 tunneling?

[NotoriousQ]

6to4 is your friend. For linux please refer to the Linux IPv6 HOWTO

For windows, go to your network configuration. Find your lan, and enable their IPv6 driver. XP only.(SP1 only?) I believe it self configures to use anycast, so that should be it.

Mac....do not know. I assume something along the lines of what linux does will work.

Good luck.

This will certainly ...

[HawkPilot]

This will certainly move a lot a hardware for linksys. Look at the Rockbox mods for Archos for another example. Those who think that you can't make money off the GPL are wrong, at least in the case of hardware makers GPL'ing their firmware. (Although they didn't have a choice since they used linux as the firmware.)

Their was a story awhile back here on slashdot that discussed that Intel didn't want to release open source drivers for Centrino. They should. Open source drivers and firmware can be a boon to hardware makers.

Not quite

[binaryDigit]

Linksys is a hardware company. They make money by selling hardware. By opening up the software (and making their hardware "hackable"), they will increase their hardware sales.

That's a very simplistic view of the world and one that only works if the hardware manufacturer only sells a single product or has large jumps in capabilities between products within a family. Suppose Linksys intended to supply many of these features in a more expensive (i.e. more profitable) version of the router. They're now hosed as it is now possible for users to upgrade their firmware for free. So sure, they sell more of the cheaper routers, but this is not what they want. This problem will occur anywhere hardware manufacturers try to take advantage of hardware commonality and differentiating similar products through software based features.

Another potential issue is fighting "cloners". If Taiwanese company CloneCo now has easy access to the software feature set, they "merely" have to develop a clone architecture to run the now readily available software.

Thats pretty cool and all, but

[steak]

I like my ClarkConnect box better. All it cost me was a pile of old parts that were headed for the dumpster and a ~300 MB download.

OPENWRT!

OPENWRT!

http://openwrt.sourceforge.net/

Re:A feature I'd like to see added to my router...

[Milican]

You can also do a CNAME from your Custom DNS to your DynDNS domain. For example:

www.customdns.com -> thog.dyndns.org

The CNAME will always track your dyndns name that way :)

JOhn

New Industry?

[WC+as+Kato]

How come there isn't a whole industry around this? I imagine there is a whole slew of firmware that could be 3rd party modified to incorporate new features. For example, there are many old laptops that could incorporate newer hardware if only the firmware recognized it. I understand that the laptop manufacture wants you to buy a new laptop, but sometimes the only reason why a newer processor can't be used is because the firmware won't recognize it so it won't boot. Argh!!!

how about mesh routing?

[itzdandy]

what are the chances of someone modding some wireless router to the linux mesh router project. this would make an inexpensive AP for all your wireless mesh routing needs.

Re:Different routers?

[amias]

I use a Netgear DG834G which appears to run linux 2.4.17 on its MIPS malta processor.

You can download a bundle of the packages it uses from netgear but they are not configured so its
hard to patch or hack with it cos you'd have to
redo their work.

This seems at odds with the GPL , on the grounds
that if you use GPL'ed code you must publish not
just the original source but your modifications as well . or am i wrong ?

The firmware upgrade patch is easily dissasembled and i've managed to hack the file system (cramfs) out of the firmware . So there is a possiblilty
that modifying the filesystem might open up safer
modification by making telnet accessable. but i'm
too much of a chicken to try it and i expect the
checksum would fail.

Re:more hardware restrictions?

[Tassach]

Why would Linksys be upset about a thing like this? It does no damage whatsoever to their business model; in fact, it helps it. Linksys sells inexpensive networking gear for primarily the small business and home markets. They don't make any money selling updates or service contracts (At least, I can't find anything on their website that shows that they even sell service contracts). They make their money selling hardware, period. Any support they have to provide after the sale, including firmware updates, costs them money.

The fact that their hardware can be upgraded with an unauthorized firmware image actually helps their business. First off, the fact that their hardware is customizable helps sell more hardware to geeks (who in turn recommend their hardware to friends, family, and clients). Secondly, using an unauthorized firmware voids the warranty, which saves them money -- if you flash it and break it, you're screwed. If you flash it and a component fails for a totally unreleated reason, they don't have to give you a free replacement; you'll have to buy a new one, so they still come out ahead.

This is a very different situation than things like the Dakota Digital camera hack or the i-opener hack. In those cases, the companies involved were/are selling the hardware at a loss as an incentive to get you to use a paid service. In these cases, hacking the hardware eliminates the need to use the service, thereby disrupting their business plan and letting you use the subsidised hardware for an unintended purpose. Linksys sells their hardware for a profit. Hacking it does nothing to disrupt their business plan, because they already made all the money they planned to make when the wholesaler bought a truckload of their hardware.

Re:Linksys + Broadband + Vonage = cheap phone

[eggoeater]

Unless the only good broadband available is DSL....
through your phone line...
which is provided by...
Verizon.
*SIGH*

New Business Model

[mariox19]

All kidding aside, here's the business model for 2004:

1. Develop a Linux-based product that, while operable, lacks everything but bare bones functionality
2. Wait for the hacker community to rush to outdo one another adding functionality -- and hence, value -- to your product
3. Profit!!!

Open wireless nets

[elgaard]

I would like to see a firmware that would

1. Limit bandwidth from unauthorized users to a fraction of the connection the owner is paying for (eg xDSL)

2. Route all traffic from unauthorized users through the gateway (eg xDSL router)

3. Block unauthorized access to port 25 to avoid spam from people on the street.

That way we could all share our internet connections and read our email when travelling without the hassle of commercial hotspots.
Guest visiting us could use our networks without exchange of keys and passwords.

Mobile computing

[thalakan]

I had a rather power hungry PC based wireless/3G/APRS/AX.25 router in my car for a while which I used to serve Internet at conventions and such. I recently replaced it with the WRT54G and the sveasoft firmware, which has several benefits:

- The WRT54G only uses a few watts, whereas the PC based router spiked at 300W during startup and consumed north of 60W at idle and south of 100W during load. I also lost between 10-30% of the power due to conversion losses from the DC-AC-DC conversion through the auto inverter, since I couldn't find a good ATX power supply that ran on DC that I could couple to the car's batteries...

- The WRT54G has dual antenna jacks that I don't need to buy delicate adapters or pigtails for. I couple them directly to the jacks on twin high gain 2.4GHz dipole magmounts on the roof of the car, which gives me way better reception than I was getting from the orinoco, a pigtail, and a single one of the same antennas.

- Speaking of reception, kismet has been ported to the WRT54G! I don't need to screw around with the orinoco patches or hack my prism2 cards to add an antenna jack; it just works. I currently feed wifi data from the WRT54G to another computer which actually merges the GPS data with the wifi data from the WRT54G, because the WRT54G only has 4MB flash and 32K NVRAM for persistent storage, and you have to solder a USB serial chipset to the WRT54G PCB to add a serial port to it (for reading GPS's NMEA output); it doesn't come with one.

- Now that sveasoft added dropbear to their latest firmware, you can ssh into the device and run wakeonlan to power up other devices on your network remotely. This is seriously cool shit; I park my car, it associates with my home AP in client mode and shows up on my home network. I can then ssh into the WRT54G to power up the other computers in the car using wakeonlan to transfer files to them (transfer rate is somewhere around 1 megabyte per second in my environment), start the car, use the TNC in the car's ham radio, etc. I had to turn off the PC based router I was using before because it would drain the deep cycle marine batteries I'm using to power the car computers in an hour or two at load, but now I can leave the WRT54G on for a few days before the batteries even get low.

- If I forget where I parked my car, the antennas I'm using for the WRT54G are +6dBi, so I can pull out something with 802.11{b,g} and warwalk the parking lot looking for a strong signal from the WRT54G :)

- It's only $80 brand new around here in the bay area, which is damn cheap for a low power 200MHz Linux box with 16MB of memory, FIVE ethernet jacks, your choice of DC or AC power, pretty lights, official vendor provided source code for the firmware, an active community hacking on it, and a 802.11g capable wifi chipset with diversity antennas in form factor half the size of the smallest mini-ITX machine you can possibly get. And they're on the used market for prices approaching numbers that make me want to say it's close to disposable pricing. Heh, disposable routers :)

Hacked firmware concerns

[jjwahl]

I've got a WRT54G that I tried to install for a client to connect with her corporate PPTP VPN. It didn't work with PPTP VPN - apparently it was dropping GRE packets.

...I then tried various versions of the Linksys firmware to no avail. Eventually I stumbled across http://h.vu.wifi-box.net and found a hacked firmware upgrade that fixed the problem but I have serious reservations about using this for my client!

I have no access to the source code so how do I know whether or not this hacked upgrade monitors outgoing connections and passes interesting bits of information on to the author?

Certainly I could sniff the wire and find out for sure but I don't have time for this!!! There's tremendous potential for a malicious third party to monitor traffic using this. It just makes me leery when there's no source code to preview. Even if there was, I don't have the time to review it!

Any similar thoughts/concerns?

slash 22

[MisanthropeLifeform]

If it wasn't on slashdot, I wouldn't know about it. Because it is on slashdot, downloading it will be hell.