Saturday, December 29, 2007

DD-WRT Router Configuration

After going through a number of different routers (Linksys, Buffalo, D-Link, etc), I came across an open source firmware option for many of the routers I have tested. For a complete list of supported routers, click here. My personal favorite is the Buffalo WHR-G54S. It is inexpensive and very reliable.

Why update the firmware in your router? The primary reason is to get more features out of your router than the factory firmware will allow. This list of features is beyond the scope of this article but basically, if you can imagine it, this firmware will allow it.

I've compiled a few tutorials on some of the more popular features with screen shots on how to set them up as well as a brief description of why you may use this feature.

For complete information on the WW-DRT router firmware and features, visit the DD-WRT home page. Please read the installation instructions very clearly prior to flashing your router. It is not difficult to upgrade your router but it is possible to "brick" your router to the point where all you own is a plastic "brick".

- Using a DynDNS Server: This is one of the best features of the firmware. This allows you to use any number of "Dynamic DNS" servers and have the router update the address. When your router is connected to a cable modem, DSL modem or other similar service, you are typically assigned a dynamic IP address that can and will change over time. This makes it very difficult to connect to your home network from another location. DynDNS allows you to assign an easy to remember hostname to your home network and it will update automatically when your IP changes. I use the no-ip service, though there are many other options - I've used no-ip for years and have never had any problems with it.

- Remote Access: If you are like me and need to help perhaps your parents for friends with computer and network problems, you need access to their router. By combining a DynDNS server with Remote Access, you will have full access (with password) to their router to make any changes.

- Putting your computer in the DMZ: When port mapping is not enough or when you need quick access to a machine in your network from outside the network, this is the easiest solution - though it should be turned off as soon as you are done since this leaves your computer totally exposed to the internet.

- UPnP Universal Plug and Play: Allows machines in your network to automatically register port forwards through your routers firewall. To be used with care (since malicious software can open ports without your knowledge) this can be very useful with newer software that takes advantage of these features, like OS X 10.5 and iChat screen sharing or "Back to your Mac" features.

- Port Forwarding: When UPnP is not enough (or does not work with your software), sometimes you need to set up port forwarding to allow holes through your firewall to get access to specific machines in your network.

- Static Leases: One of my favorite features. DHCP servers in routers will give all your computers, printers, etc a dynamic IP address. This makes network configuration on those devices very easy. However, there are times (like when port forwarding is needed) that you need to know the private IP address of your device and don't want to have to look them up each time. Static leases allow you to set up your computer for a DHCP address but have your router give it the same IP address every time either from your dynamic pool or any IP in your private subnet.

- Wireless Repeater / Repeater Bridge: A great solution for "boosting" a wireless signal. Say you have a router in the basement and the signal is too weak to be reached on the 2nd floor. By putting a wireless repeater in the 1st floor, it can repeat that signal but keep your devices connected to a single router. Another example could be you have a neighbor that has a wireless access point that they will give you access to but the signal is too weak to reach your entire place. Place a DD-WRT router in your house, configure it to connect to your neighbors house (can be used with wireless security as well) and you have Internet access. You can also set it up to serve a different subnet to your house to keep your networks separated.

Friday, December 28, 2007

DD-WRT: Port Forwarding

With UPnP, I do not find myself doing too many port forwards but one very useful feature is this scenario. From my office, I am behind a fairly restrictive firewall that only has certain ports open. I want to be able to listen to my music server from my office via iTunes. I use Slim Devices software as a server on a Mac Mini at my house. This runs on port 9000 on the Mac. I can't access port 9000 from my office. So, I set up a port forward from public port 8000 (which is open at my office) to private port 9000 on my Mac via the router.

1) Click on NAT/QoS and then Port Forwarding:




2) Give the application a name (this can be anything so you remember it) and then assign the public port you want to use, the protocol (use Both if you do not know), the private IP address of your machine you want access to and the private port that is running on.

3) Click Enable and then Save and Apply Settings

In many cases, the private (port to) and public (port from) ports will be the same. You will only change these when you want to need to access a private service on am port that you normally can not, like my office scenario.

Port forwarding works great for remote access of computers as well via Apple Remote Desktop, Microsoft Remote Desktop, VNC, etc when you need access to a specific computer behind your firewall.

Combine port forwarding with static leases to really make your network easy to administer!

DD-WRT: Client and Repeater Modes

This is an advanced topic I will do my best to dumb down. There are 2 very useful modes on with the DD-WRT firmware: Client and Repeater modes. Here is a brief description of the basic modes with the DD-WRT firmware:

This is the default mode, also called Infrastructure mode. Your router acts as an central connection point, which wireless clients can connect to.

Client: The radio interface is used to connect the internet-facing side of the router (i.e., the WAN) as a client to a remote accesspoint. NAT or routing are performed between WAN and LAN, like in "normal" gateway or router mode. Use this mode, e.g., if your internet connection is provided by a remote accesspoint, and you want to connect a subnet of your own to it.

Client Bridged: The radio interface is used to connect the LAN side of the router to a remote accesspoint. The LAN and the remote AP will be in the same subnet (This is called a "bridge" between two network segments). The WAN side of the router is unused and can be disabled. Use this mode, e.g., to make the router act as a "WLAN adapter" for a device connected to one of its LAN ethernet ports.

Repeater: The radio interface is used to repeat an existing access point signal. The LAN and the remote AP will be on the same subnet and will have the same SSID's. This is useful if you have a weak signal in your house and want to "boost" it to another part of the house by adding a DD-WRT router and putting it in Repeater mode.

So, when do you use these? If you are using the router as your primary router / wireless access point, put the mode inAP, give it an SSID and call it good. This will make the router act like a "normal" wireless router. If you are wanting to boost a weak signal from your primary access point, add a DD-WRT router and put it in Repeater mode and type in the exact name of the access point you are connecting to. Client and Client Bridged mode is when you want to turn your DD-WRT device into a "client." A client is a computer, printer or any device that connects to another access point. With this setting, you can use your router to connect to a remote access point, like your neighbors house (with their permission) and hook your computers up to their network. This is one of the more useful features. Here is an example (though do not take this example as allowed by usage policy for this provider): Let's say you live in San Francisco. That city has municipal hot spots for free Internet. In your house, the signal is too weak to use but if you sit near the window, you get a good signal on your laptop. You also want a home network with multiple computers and printers... You can get a DD-WRT router, put it in client mode and have it connect to the municipal SSID. Don't use "bridged" mode. Now, connect computers, printers, etc to the LAN ports of the router. Your router will serve your personal machines IP addresses from your router but it will go to the Internet via the municipal access point out on the street.

1) Go to Wireless and Basic Settings

2) Change the wireless mode to Client

>3) For the Wireless Network Name, type in the EXACT name of the wireless system you want to connect to.

4) Leave Bridged radio button on:




5) Save and Apply Settings. You are now connected to another access point. Computers must connect to your router via the LAN ports. You can connect another access point to the LAN ports to create a separate wireless bubble in your house on your network. It is possible to create 2 wireless interfaces with the DD-WRT: 1 for the Internet access and 1 for your local access in your house. This is an advanced topic that has been covered in depth in the forums at DD-WRT and is beyond the scope of this article.

For Repeater Mode:

Repeater mode is similar but will boost the signal of a remote access point but keep the IP settings from the remote access point:



With this mode, your wireless and LA wireless and Ethernet LAN computers will all get IP's from the remote access point and the wireless radio of the DD-WRT will re-broadcast the same SSID as the remote giving you a stronger signal in your house.

Thursday, December 27, 2007

DD-WRT: Dynamic DNS

Some providers allow you to use your own domain name if you have one so you can be "home.yourdomain.com" but typically you have to host your domain with them and there is usually a fee for that service.

Once you enter this information, click the Save and then Apply Settings buttons at the bottom of the page and check the DDNS Status to make sure it is updating properly.

Dynamic DNS Setting

1) Log into your router.

2) Select Setup then DDNS:




3) Select the DDNS service you wish to use. Note that you will need to have an account already set-up with one of those providers. Most providers offer a free account option:



4) Enter the User Name, Password & Host Name into the boxes. The host name will be "something.DynDNS.org" depending on your provider. Some providers allow you to use your own domain name if you have one so you can be "home.yourdomain.com" but typically you have to host your domain with them and there is usually a fee for that service.

Once you enter this information, click the Save and then Apply Settings buttons at the bottom of the page and check the DDNS Status to make sure it is updating properly.

DD-WRT: DMZ

Putting a computer in the DMZ

1) Log in to router and click on NAT/QoS and then DMZ:



2) Enter the local IP address of the machine on your network that you want to put in the DMZ and hit the Saveand Apply Settings buttons: 


DD-WRT: Enabling Remote Access

Turning on Remote Access

One of the first things you do with your newly configured router (after changing the default password) is to enable remote access if you want to get at it from the Internet. To do so:

1) Click on Administration and then Management:




2) Click on radio button to enable Remote Access and then select a port (if you want something other than 8080). The default port is a pretty safe port to choose. You should ONLY change this if you know what you are doing.

3) While on this page, if you have not changed your routers password, do so now as well by entering it twice.

4) Click Save and Apply Settings

DD-WRT: UPnP Activation

Turning on Universal Plug and Play

If you have Apple computers running OS X 10.5 or later and want to be able to access them via iChat screen sharing or "Back to your Mac", or you have PC's or other devices that support UPnP, you will need to enable that feature in the router.

Be warned that enabling this will allow port forwards to be created in the router. It is possible that you can download malicious software that will create these port forwards and then cause bad things on your computer. Use caution when downloading or running software from the Internet to avoid these and other problems. That being said, I am running UPnP on my router and find it very helpful.

1) Click on NAT/QoS and then UPnP:



2) Click the radio button to enable UPnP Service. I also checked the button to Clear Port Forwards at startup so that when my computer reboots and machines get new IP addresses, the old ports are cleared out.

3) Click Save and Apply Settings.

As you can see, I have a number of computers in my network that have registered ports. All of these are ports that Apple requests in OS X 10.5 for screen sharing and .Mac's Back to my Mac.

DD-WRT: Static Leases

Setting Up Static Leases

One of my favorite features of the DD-WRT firmware is static leases. I like to set all my computers for DHCP for ease of administration but some machines need static IP's so I know how to get to them (like printers, servers, etc). I don't want to have to configure them for static IP's so I use the router to do this for me.

What you need to figure out first is the MAC (Machine Access Control) address of the device. There are many ways to do this but this easiest is to again use the router to do your work for you:

1) Click on Status and then LAN:



2) Find the machine you are looking for by looking at the Host Name column. This is a name assigned to the device by either you when you set it up the first time or by the manufacturer. Once you find the machine you are looking for, copy the MAC Address. Note: The machine you are looking for MUST be active on the network for it to show up in this list.

3) Click on Services and then the Services sub-tab.

4) Click Add under the static leases section and paste the MAC Address, assign the machine a hostname (no spaces allowed) and then assign the IP address you want this device to always get served. This can be from your DHCP lease pool or outside of it, as long as it is in the subnet of the router:




5) Click Add to add as many as you want and then click Save and Apply Changes to the router. At this point, you will want to re-boot your device that should be getting the static lease for it to take effect. Now that computer, printer, etc will always get the same IP and you can change it at any time just by editing the static lease page in your router.