Contribute  :  Web Resources  :  Site Statistics  :  About  :  RSS  
    Bart's Soapbox talk about technology and politics    

Alternative uses for the Linksys WRT54G


LinuxAs you can read in a previous article I have a Linksys WRT54G running the OpenWRT Linux distribution. In this article I will first describe the default configuration and then show some of the things one can do by changing this setup.
The WRT54G as sold by Linksys is supposedly a router + wireless access point, providing a WAN connector and on the LAN side a 4 port switch, bridged to the wireless accesspoint. This basicly means that you end up with 2 network segments, LAN + wireless on one side, and WAN on the other side. That is what you get to see as consumer, but that is not how the device is put together.
This article is based on the WRT54G v2.2, older versions are very similar but not identical. Specifically, the names of network interfaces will be different for older versions

Internally, we get a somewhat different picture. At first glance, we seem to have a R3000 based 'system on a chip' micro computer with 2 ethernet interfaces, eth0 and eth1.

eth1 turns out to be the wireless interface, wich means that eth0 connects to both the WAN and the LAN ports, and it does indeed.

In fact, the WRT54G doesn't really have seperate WAN and LAN ports, rather, it has a 6 port programmable switch with VLAN support.

In the default configuration there are 2 vlans:

  1. vlan0 consists of ports 1,2,3,4 and 5
  2. vlan1 consists of ports 0 and 5

Port 5 connects to eth0, port 0 to the WAN connector and ports 1,2,3 and 4 to the LAN connectors.

So, we have 4 interfaces now: eth0, eth1, vlan0 and vlan1. In the default configuration, eth0 does not get an address, it is used for the physical conenction to the switch and for handlign the 2 vlans.

Vlan0 (the LAN connectors) and eth1 (the wireless connection) are normally connected to bridge br0 so that the LAN and wireless networks look like a single network segment.

Vlan1 is not bridged to anything, but there is routing possible between br0 and vlan1, and depending on configuration, there is a firewall with NAT support active for vlan1.

So, this makes us end up with those 2 network segments, one on br0 and one on vlan1.

This setup is fine for a broadband router with wireless AP but it may not entirely be what you want when you have some computers connected to the LAN ports that should be protected from the wireless network for example.

For this kind of use, and in fact for many other setups, it is desirable to disable the bridging between the LAN connectors and the wireless network, at times there may be little use for the WAN port while it might also be that we need multiple seperate LAN segments.

The hardware allows such configurations, but the default firmware from Linksys does not, hence you will have to install alternative firmware.

Sveasoft provides alternative firmware that allows such setups and can be managed with a webbrowser. THis has the advantage of being relatively easy and 'user friendly' to use, but is limited by the web based user interface.

Alternatively, one can use OpenWRT and configure everything from the commandline. This is a lot less 'user friendly' and it is relatively easy to mess things up to the point of having to use 'emergency mode' to make the device accessable again, but it gives maximum flexibility, if the hardware and drivers support a feature you can most likely configure it, either by using nvram settings or by changing the startup scripts. In other words, you have complete control over the operation of the device.

When using a WRT54G v2.2, the first problem one encounters is that the normal distribution of OpenWRT does not yet support this device. There is an alternative distribution specifically for the WRT54G v2.2 and the WRT54GS v1.1 devices. This distribution can be found in the OpenWRT forums. This distribution is running without problems here, but please make sure you follow the instructions for enabling boot_wait so you can recover the system when it gets hosed.

Sveasoft does support those new devices but I have no personal experience with how well this works.

At any rate, a few interesting configurations one can make:

  • Wireless bridge

    Together with another access point, a WRT54G can be used to create a wireless bridge, without needing any special support in the remote access point.
    This is done by bridging eth1 and vlan0, disabling the WRT's access point, and configuring it as a wireless client instead. Nothing special is needed on the remote access point

  • Router with wireless client

    Alternatively, one could disable the bridge and use the device as a router between an ethernet segment and a remote wireless access point. This is mostly interesting because you can use iptables on the WRT54G to filter traffic from/to the wireless network and as a result can protect the machines on the ethernet network.

  • Router between upto 5 ethernet segments and a wireless segment

    This can be achieved by creating a vlan for each of the ethernet connectors and disabling the bridge.

  • Router/access point with vpn support

    The idea here is to have wireless clients use vpn software for connecting to the network. This can provide for much better security then the wireless security protocols that are supported.

In the remainder of this article I will concentrate on configuring the WRT54G as a router with a wireless client connecting to a remote accesspoint

In most cases, configuration information is stored in what is called nvram (this is actually just a small reserved area of the flash memory in which the firmware and optional rom filesystem reside as well)

The contents of nvram can be viewed and changed with the nvram command. Typing this command without arguments will show a list of options.

root@gatekeeper:~# nvram
usage: nvram [get name] [set name=value] [unset name] [show]

After making changes to nvram variables, you have to 'commit' the changes to make them permanent.

Changing the vlan configuration is done by changing nvram variables, 2 for each vlan that you need.

  1. vlanXhwname, this should always be set to et0
  2. vlanXports, this should be set to contain a list of all ports in this specific vlan

X should be replaced by the number of the vlan

A vlan should always include port 5 if you want to be able to do anything with it from within the WRT itself.

So, for creating the default configuration, the following commands would be needed:

  • nvram set vlan0hwname=et0
  • nvram set vlan0ports="1 2 3 4 5"
  • nvram set vlan1hwname=et0
  • nvram set vlan1ports="0 5"
  • nvram commit

Creating a single vlan from all ports:

  • nvram set vlan0hwname=et0
  • nvram set vlan0ports="0 1 2 3 4 5"
  • nvram unset vlan1hwname
  • nvram unset vlan1ports
  • nvram commit

The bridge device can be managed with the brctl command, typing it without arguments will show a list of options.

root@gatekeeper:~# brctl
        addbr                           add bridge
        delbr                           delete bridge
        addif                   add interface to bridge
        delif                   delete interface from bridge
        setageing                 set ageing time
        setbridgeprio             set bridge priority
        setfd                     set bridge forward delay
        sethello                  set hello time
        setmaxage                 set max message age
        setpathcost         set path cost
        setportprio         set port priority
        show                                    show a list of bridges
        showmacs                        show a list of mac addrs
        showstp                         show bridge stp info
        stp                      turn stp on/off

brctl only changes the current configuration, changes are not permanent. This is a good thing because it is very easy to lock yourself out with this command. A quick power-off/on of the WRT will fix this.

Alternatively, one can change the bridge configuration with nvram settings, refer to the OpenWRT documentation, configuration section, for more information on this. I opted for changing the networking scripts instead.

The big disadvantage of using nvram for configuration is that you can easily lock yourself out with no possibility to use emergency mode to recover from it. This is especially true when reconfiguring the ethernet switch. I managed to not have any port conencted to eth0, with the result that going into emergency mode did not do anything whatsoever, there was no ethernet port to talk to. Luckily the wireless part was configured and working, so I could still access the device.

When using nvram, you can ofcourse opt for resetting nvram after messing up, but realize that you also turn off boot_wait when doing that, which means that if the reset does not work, you are left without a possibility to reinstall the original firmware (unless you want to open the device and create a short circuit on the flash memory to clear it)

THats it for this time, might add more in another article

What's Related

Story Options

Alternative uses for the Linksys WRT54G | 4 comments | Create New Account
The following comments are owned by whomever posted them. This site is not responsible for what they say.
Alternative uses for the Linksys WRT54G
Authored by: bart on Monday, February 21 2005 @ 10:00 PM CET

Since many readers seem to be looking for information on this, some additional info on using OpenWRT on 54g v2.2 hardware.

The official release does not run on it (yet) but look at the: OpenWRT forum for discussion regarding this, and look at OpenWRT for 54g v2.2 and 54gs v1.1 for a distribution that at least for me works without trouble. (well, there is one issue at this moment, the diag module is not working properly, which means that you may not be able to get into emergency mode using the reset button)

Before attempting an install, make sure you read the forum very carefully, and that you are aware of what recovery options you have.

Due to emergency mode not working, you will have to be somewhat carefull with what you try to recover from locking yourself out (should not happen, but mistakes are easy to make).

Specifically, realize that you have a choice between restoring the original linksys firmware and resetting the nvram settings, but once you reset the nvram settings, there is no way (other then using jtag if you have the hardware for it) to restore the original firmware if the device is still inaccessable.

The default settings turn off boot_wait and since you locked yourself out, there is no way anymore to initiate a tftp transfer after that. So, in such a situation, you are probably off better restoring the original firmware and resetting the nvram after that. This should leave you with an accessable device and you can try again.

Wireless Bridge HOWTO
Authored by: Anonymous on Thursday, June 15 2006 @ 06:37 PM CEST
I've seen a lot of people asking about building a long-range wireless bridge on various forums, and I successfully put one together a few months ago. Since then, I've taken what I've learned and put together a detailed HOWTO that gives the steps to building such a setup.

The HOWTO is located here: Linksys OpenWRT Wireless Bridge HOWTO

The setup I put together spans only 1/4 mile, but the signal at that point was such that I believe there would be no problem using a similar setup in a to 10-mile link.
Wireless Bridge HOWTO
Authored by: bart on Friday, June 16 2006 @ 05:26 PM CEST
Thanks, good info.
Alternative uses for the Linksys WRT54G
Authored by: Anonymous on Tuesday, June 20 2006 @ 12:41 AM CEST

I've been using these boxes for a while now. Mainly as firewallsor as Wireless bridges.

They are fantastic! There are several alternatives to Sveasoft software however, including the excellent DD-WRT.

 Copyright © 2014 Bart's Soapbox
 All trademarks and copyrights on this page are owned by their respective owners.
Powered By Geeklog 
Created this page in 0.20 seconds 
Powered by Apache Powered by FreeBSD