LDP
/
old-www
1
1
Fork 0
Code Issues Pull Requests Releases Wiki Activity
old-www/HOWTO/html_single/Linksys-Blue-Box-Router-HOWTO/index.html

1199 lines
28 KiB
HTML
Raw Permalink Blame History

<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.0 Transitional//EN">
<HTML
><HEAD
><TITLE
>Linksys Blue Box Router HOWTO</TITLE
><META
NAME="GENERATOR"
CONTENT="Modular DocBook HTML Stylesheet Version 1.7"></HEAD
><BODY
CLASS="article"
BGCOLOR="#FFFFFF"
TEXT="#000000"
LINK="#0000FF"
VLINK="#840084"
ALINK="#0000FF"
><DIV
CLASS="ARTICLE"
><DIV
CLASS="TITLEPAGE"
><H1
CLASS="title"
><A
NAME="AEN2"
></A
>Linksys Blue Box Router HOWTO</H1
><H3
CLASS="author"
><A
NAME="AEN4"
>Eric Steven Raymond</A
></H3
><DIV
CLASS="affiliation"
><SPAN
CLASS="orgname"
><A
HREF="http://www.catb.org/~esr/"
TARGET="_top"
>Thyrsus Enterprises</A
><BR></SPAN
></DIV
><DIV
CLASS="revhistory"
><TABLE
WIDTH="100%"
BORDER="0"
><TR
><TH
ALIGN="LEFT"
VALIGN="TOP"
COLSPAN="3"
><B
>Revision History</B
></TH
></TR
><TR
><TD
ALIGN="LEFT"
>Revision 2.3</TD
><TD
ALIGN="LEFT"
>2006-08-12</TD
><TD
ALIGN="LEFT"
>Revised by: esr</TD
></TR
><TR
><TD
ALIGN="LEFT"
COLSPAN="3"
>Minor update. Announce End of HOWTO maintainance.</TD
></TR
><TR
><TD
ALIGN="LEFT"
>Revision 2.3</TD
><TD
ALIGN="LEFT"
>2006-05-19</TD
><TD
ALIGN="LEFT"
>Revised by: esr</TD
></TR
><TR
><TD
ALIGN="LEFT"
COLSPAN="3"
>Revised the list of open firmware distributions, and other minor
corrections.</TD
></TR
><TR
><TD
ALIGN="LEFT"
>Revision 2.2</TD
><TD
ALIGN="LEFT"
>2005-12-01</TD
><TD
ALIGN="LEFT"
>Revised by: esr</TD
></TR
><TR
><TD
ALIGN="LEFT"
COLSPAN="3"
>Removed the suggestion that Cisco be boycotted over the Lynn
firing, as the lawsuit seems to have been settled on satisfactory
terms. Added advice to get the WRTG54l.</TD
></TR
><TR
><TD
ALIGN="LEFT"
>Revision 2.1</TD
><TD
ALIGN="LEFT"
>2005-07-28</TD
><TD
ALIGN="LEFT"
>Revised by: esr</TD
></TR
><TR
><TD
ALIGN="LEFT"
COLSPAN="3"
>Added the suggestion that Cisco be boycotted over the Lynn firing.</TD
></TR
><TR
><TD
ALIGN="LEFT"
>Revision 2.0</TD
><TD
ALIGN="LEFT"
>2005-01-18</TD
><TD
ALIGN="LEFT"
>Revised by: esr</TD
></TR
><TR
><TD
ALIGN="LEFT"
COLSPAN="3"
>Major update to reflect changes in 2.x and 3.x firmware.
More firmware replacements described. Dropped Hansen Online
as it hasn't been updated in a while.</TD
></TR
><TR
><TD
ALIGN="LEFT"
>Revision 1.6</TD
><TD
ALIGN="LEFT"
>2004-02-26</TD
><TD
ALIGN="LEFT"
>Revised by: esr</TD
></TR
><TR
><TD
ALIGN="LEFT"
COLSPAN="3"
>Added Link-n-Log</TD
></TR
><TR
><TD
ALIGN="LEFT"
>Revision 1.5</TD
><TD
ALIGN="LEFT"
>2003-07-31</TD
><TD
ALIGN="LEFT"
>Revised by: esr</TD
></TR
><TR
><TD
ALIGN="LEFT"
COLSPAN="3"
>Added the Seattle wireless.net link.</TD
></TR
><TR
><TD
ALIGN="LEFT"
>Revision 1.4</TD
><TD
ALIGN="LEFT"
>2003-07-03</TD
><TD
ALIGN="LEFT"
>Revised by: esr</TD
></TR
><TR
><TD
ALIGN="LEFT"
COLSPAN="3"
>Linksys has released source code.</TD
></TR
><TR
><TD
ALIGN="LEFT"
>Revision 1.3</TD
><TD
ALIGN="LEFT"
>2003-06-08</TD
><TD
ALIGN="LEFT"
>Revised by: esr</TD
></TR
><TR
><TD
ALIGN="LEFT"
COLSPAN="3"
>Added notes about SNMP security problems, casemodding, Linksys
tech support. The Linksys turns out to have Linux inside.</TD
></TR
><TR
><TD
ALIGN="LEFT"
>Revision 1.2</TD
><TD
ALIGN="LEFT"
>2003-04-29</TD
><TD
ALIGN="LEFT"
>Revised by: esr</TD
></TR
><TR
><TD
ALIGN="LEFT"
COLSPAN="3"
>Typo corrections.</TD
></TR
><TR
><TD
ALIGN="LEFT"
>Revision 1.1</TD
><TD
ALIGN="LEFT"
>2003-04-25</TD
><TD
ALIGN="LEFT"
>Revised by: esr</TD
></TR
><TR
><TD
ALIGN="LEFT"
COLSPAN="3"
>Added link to the linksysmon project. More configuration tips.</TD
></TR
><TR
><TD
ALIGN="LEFT"
>Revision 1.0</TD
><TD
ALIGN="LEFT"
>2003-04-09</TD
><TD
ALIGN="LEFT"
>Revised by: esr</TD
></TR
><TR
><TD
ALIGN="LEFT"
COLSPAN="3"
>Initial release, reviewed by LDP.</TD
></TR
></TABLE
></DIV
><DIV
><DIV
CLASS="abstract"
><A
NAME="AEN72"
></A
><P
></P
><P
>Linksys makes a line of cheap, ubiquitous router/firewall boxes
(models BEFSR41 and up, including the WRT54G) well-suited for use on a home
DSL connection and popular among Linux hackers. This HOWTO gives hints and
tips for managing Linksys routers from a Linux system, including the
firmware upgrade procedure.</P
><P
><EM
>This HOWTO is no longer actively maintained,
because as of 12 Oct 2006 the author is no longer a Linksys
user.</EM
> Time and technology nmarch on, and I now have a much
fancier router in my basement that came with my optical-fiber service. If
you are qualified and interested in taking it over, contact me.</P
><P
></P
></DIV
></DIV
><HR></DIV
><DIV
CLASS="TOC"
><DL
><DT
><B
>Table of Contents</B
></DT
><DT
>1. <A
HREF="#introduction"
>Introduction</A
></DT
><DD
><DL
><DT
>1.1. <A
HREF="#purpose"
>Why this document?</A
></DT
><DT
>1.2. <A
HREF="#newversions"
>New versions of this document</A
></DT
><DT
>1.3. <A
HREF="#license"
>License and Copyright</A
></DT
></DL
></DD
><DT
>2. <A
HREF="#howandwhen"
>How and where to deploy</A
></DT
><DT
>3. <A
HREF="#lostmanual"
>Lost the manual?</A
></DT
><DT
>4. <A
HREF="#confighints"
>Configuration hints</A
></DT
><DT
>5. <A
HREF="#upgradingfirmware"
>Upgrading the firmware</A
></DT
><DT
>6. <A
HREF="#AEN203"
>Hacking the hardware</A
></DT
><DT
>7. <A
HREF="#AEN207"
>Hacking the software</A
></DT
><DT
>8. <A
HREF="#Utilities"
>Utilities</A
></DT
><DT
>9. <A
HREF="#ts-tips"
>Troubleshooting tips</A
></DT
><DD
><DL
><DT
>9.1. <A
HREF="#catatonia"
>Occasional catatonia and epilepsy</A
></DT
><DT
>9.2. <A
HREF="#mozillaquirks"
>Mozilla interface quirks under 1.38 and earlier firmware</A
></DT
></DL
></DD
><DT
>10. <A
HREF="#resources"
>Related Resources</A
></DT
></DL
></DIV
><DIV
CLASS="sect1"
><H1
CLASS="sect1"
><A
NAME="introduction"
></A
>1. Introduction</H1
><DIV
CLASS="sect2"
><H2
CLASS="sect2"
><A
NAME="purpose"
></A
>1.1. Why this document?</H2
><P
>Linksys makes a line of cheap, ubiquitous router/firewall boxes
well-suited for use on a home DSL or cable connection and popular among Linux
hackers. This HOWTO gives hints and tips for managing Linksys routers
from a Linux system.</P
><P
>The specific recipes described here are derived from long experience
with a BEFSR41, the 4-port router/firewall box. I have also configured a
BEFW11S4v2, the 4-port router with 80211b wireless, and the WRT54G, which
is the same box with 80211g; I'm currently using a WRT54G. The web
interfaces on all these blue boxes are very similar, and most of the advice
should generalize.</P
><P
>In late 2004 the Linksys firmware underwent a major upgrade to 2.x
(one easy way to spot this is the Cisco logo at the lower right). I
haven't seen anything but a WRT54G running the new interface, but I'd be
surprised if it weren't running on the BEFSR41 and kin as well. The
changes are largely cosmetic. Some problematic features in earlier
versions have been removed.</P
><P
>This HOWTO describes Linksys firmware version v2.02.7. At time of
writing (January 2005) the current Linksys firmware version is v.3.01.3.
<EM
>I do not recommend upgrading!</EM
> I've had a report that
enabling WEP on this version makes the box unable to talk to a Linux
machine over a cable.</P
><P
>Also note that if you go looking for one of these now, be sure to get
the WRT54GL &#8212; note the L suffix. At Version 5 and up, the vanilla
WRT54G is different hardware with less RAM that runs a proprietary
VxWorks OS.</P
></DIV
><DIV
CLASS="sect2"
><HR><H2
CLASS="sect2"
><A
NAME="newversions"
></A
>1.2. New versions of this document</H2
><P
>You can also view the latest version of this HOWTO on the World Wide Web
via the URL <A
HREF="http://www.tldp.org/HOWTO/Linksys-Blue-Box-Router-HOWTO.html"
TARGET="_top"
>&#13;http://www.tldp.org/HOWTO/Linksys-Blue-Box-Router-HOWTO.html</A
>.</P
></DIV
><DIV
CLASS="sect2"
><HR><H2
CLASS="sect2"
><A
NAME="license"
></A
>1.3. License and Copyright</H2
><P
>Copyright (c) 2003, Eric S. Raymond.</P
><P
>Permission is granted to copy, distribute and/or modify this document
under the terms of the GNU Free Documentation License, Version 1.2
or any later version published by the Free Software Foundation;
with no Invariant Sections, no Front-Cover Texts, and no Back-Cover Texts.
A copy of the license is located at <A
HREF="http://www.gnu.org/copyleft/fdl.html"
TARGET="_top"
>www.gnu.org/copyleft/fdl.html</A
>.</P
><P
>Feel free to mail any questions or comments about this HOWTO to Eric
S. Raymond, <TT
CLASS="email"
>&#60;<A
HREF="mailto:esr@snark.thyrsus.com"
>esr@snark.thyrsus.com</A
>&#62;</TT
>. But please don't ask me
to troubleshoot your general networking problems; if you do, I'll just
ignore you.</P
></DIV
></DIV
><DIV
CLASS="sect1"
><HR><H1
CLASS="sect1"
><A
NAME="howandwhen"
></A
>2. How and where to deploy</H1
><P
>The Linksys BEFSR41, BEFW11, WRT54G and their siblings are designed
to be used as gateway boxes on a home Ethernet. Typically, you'll hook one
up to a DSL or cable modem, which will automatically switch into bridge
mode and simply pass packets between your ISP's router and the Linksys box.
</P
><P
>If you want to use a general-purpose PC running Linux as a firewall,
have fun &#8212; but these little boxes are more efficient. The nicest
thing about them is that they run out of firmware and, assuming you take
the elementary precautions we describe, are too stupid to be cracked.
Also, they don't generate fan noise or heat. Finally, they run Linux
inside and can be customized and hacked in useful ways.</P
><P
>Linksys boxes used to have a good reputation for reliability.
Something bad happened to their quality control after Cisco acquired the
company in March 2003; I had two go silently dead on me in less than a
year, and I heard grumbling from others about similar problems.
Unfortunately when I tried other low-end brands (Belkin, Buffalo) they
proved to have gross design errors. The Belkin had brain-damage in its
firewall rules that interfered with local SMTP, and the Buffalo
intermittently refused connections for no apparent reason. So I went back
with Linksys, hoping my WRT54G wouldn't turn into a doorstop within a couple
of months. As of mid-2006, I've been OK for about 24 months.</P
><P
>(Building one of these puppies is not rocket science. I can only
conjecture that the competitive pressure is driving the manufacturers to cut
costs to the bone by hiring programmers out of the bottom of the barrel
and having the manufacturing done by some low-end contract house
in Indonesia or somewhere. The results, alas, tend to be unstable
crap. Caveat emptor.)</P
><P
>Note another consequence of the Cisco acquisition: Linksys is now
what marketers call a flank guard, a low-end brand designed to protect the
margins and brand image of Cisco's commercial-grade networking products.
This means that Linksys boxes are no longer acquiring new firmware
features, and some old ones like stateful packet inspection almost
certainly won't be coming back. Provided you can live within these limits,
this is actually good; simpler firmware is more stable firmware. And, in
any case, the open-source replacement firnwares can give you back the
features abd complexity if you want them.</P
><P
>At minimum, a live Linksys box will do the following things for
you:</P
><P
></P
><OL
TYPE="1"
><LI
><P
><EM
>Act as an Ethernet router.</EM
> You can
plug all your lines and hubs and hosts into it to exchange packets even
when your outside link is down.</P
></LI
><LI
><P
><EM
>Act as a smart gateway.</EM
> When you
configure the Linksys with a public static IP address (or tell it to grab a
dynamic IP address from your ISP at startup time), it will gateway between
hosts on your private network and the Internet, performing all the IP
masquerading and address translation required to route your traffic.</P
></LI
><LI
><P
><EM
>Firewall your connection.</EM
> You can
tell it to block out all but the minimum sevice channels you need. You can
specify separately, for each service, to which of your internal machines
the traffic should be routed.</P
></LI
></OL
><P
>I give my Linksys box the standard private-network gateway
address, 192.168.1.1. I then give all my boxes 192.168.1.x addresses
and tell them the Linksys is their gateway. Everything works.</P
></DIV
><DIV
CLASS="sect1"
><HR><H1
CLASS="sect1"
><A
NAME="lostmanual"
></A
>3. Lost the manual?</H1
><P
>If you've lost the manual, or acquired a secondhand unit that doesn't
have one with it, never fear. Under the Help tab in older versions there
are links to the PDF and to the <A
HREF="http://linksys.com"
TARGET="_top"
>Linksys
corporate website</A
>. Newer versions have reference documentation
built into the firmware, a good thing if your net connection is
down.</P
><P
>Unfortunately, you're in trouble if you have to bring in Linksys tech
support. On the one occasion that I called them (in 2003), the first tech
I raised couldn't even speak English, and the second was barely competent
at it. Both were complete and utter idiots whose response to any
nontrivial question was to put me on infinite hold while they went
off to query someone else &#8212; and then garbled the answer. Judging
by their accents, my guess is that Linksys tech support has been outsourced
to some particularly benighted corner of the Third World.</P
><P
>I've heard somewhat better of their email support, but have not
tested it myself.</P
></DIV
><DIV
CLASS="sect1"
><HR><H1
CLASS="sect1"
><A
NAME="confighints"
></A
>4. Configuration hints</H1
><P
>For security, do these things through the Linksys web interface
(probably at <A
HREF="http://192.168.1.1"
TARGET="_top"
>http://192.168.1.1</A
> on
your network):</P
><DIV
CLASS="procedure"
><OL
TYPE="1"
><LI
><P
><EM
>Change your administrative
password.</EM
> On 15 June 2004 it was <A
HREF="http://slashdot.org/article.pl?sid=04/06/03/0337205&mode=thread&tid=137&tid=193&tid=215"
TARGET="_top"
>widely
reported</A
> that turning off the remote admin feature doesn't work
&#8212; you can still get at the administration page from the wireless
side. This bug is still present in the 2.02 firmware, October 2004. It
means that if you leave your password at default, any script kiddie can
break in, steal your WEP, and scramble your configuration. The Linksys
people get the moron medal with oak-leaf cluster for this screwup.</P
><P
>(I don't know if this bug is still present in the 3.x firmware. It
would be a good idea to check.)</P
></LI
><LI
><P
><EM
>Make sure the DMZ host feature is
disabled</EM
>, under
<SPAN
CLASS="guimenu"
>Applications</SPAN
>+<SPAN
CLASS="guimenu"
>Gaming</SPAN
>-&gt;<SPAN
CLASS="guimenuitem"
>DMZ
Host</SPAN
>, or in newer
versions)<SPAN
CLASS="guimenu"
>Applications &#38;
Gaming</SPAN
>-&gt;<SPAN
CLASS="guimenuitem"
>DMZ Host</SPAN
>. It
defaults off.</P
></LI
><LI
><P
><EM
>Port-forward specific services instead of
setting up a DMZ</EM
>, and as few of those as you can get away with.
A good minimum set is 22 (ssh), and 80 (http). If you want to receive mail
add 25 (smtp). If you need to serve DNS queries, add 53. To serve identd
so remote MTAs can verify your identity, enable 113.</P
></LI
><LI
><P
><EM
>Disable Universal Plug and
Play.</EM
> Look under
<SPAN
CLASS="guimenu"
>Password</SPAN
>. There is a radio
button for this under the <SPAN
CLASS="QUOTE"
>"Password"</SPAN
> tab; newer firmware
versions put it under
<SPAN
CLASS="guimenu"
>Administration</SPAN
>+<SPAN
CLASS="guimenu"
>Management</SPAN
>.
<SPAN
CLASS="acronym"
>UPnP</SPAN
> is a notorious security hole in Windows, and up to
at least firmware version 1.44 there was a lot of Web scuttlebutt that the
Linksys implementation is flaky. While this won't affect operating systems
written by <EM
>competent</EM
> people, there is no point in
having traffic from a bunch of script-kiddie probes even reach your
network.</P
></LI
></OL
></DIV
><P
>There are two more steps for older firmware versions only. You can
ignore these if you have 2.x or later firmware.</P
><DIV
CLASS="procedure"
><OL
TYPE="1"
><LI
><P
><EM
>Disable AOL Parental Controls.</EM
>
Make sure <SPAN
CLASS="guibutton"
>AOL Parental Controls</SPAN
> (under
<SPAN
CLASS="guimenu"
>Security</SPAN
>) is turned off (off is
the default); otherwise the Linksys won't pass packets for your Unix box at
all. Newer versions of the firmware don't have this misfeature.</P
></LI
><LI
><P
><EM
>Disable Stateful Packet
Inspection.</EM
> If you want to run a server and are running
1.42 or earlier firmware, you also need to make sure stateful packet
inspection is off &#8212; this feature restricts incoming packets to those
associated with an outbound connection and is intended for heightened
security on client-only systems. On the
<SPAN
CLASS="guimenu"
>Filters</SPAN
> page, make sure
<SPAN
CLASS="guilabel"
>SPI</SPAN
> is off. If you don't see a radiobutton for SPI,
relax &#8212; the feature isn't present in all versions of the firmware,
and in fact was removed in 1.43 for stability reasons.</P
></LI
></OL
></DIV
></DIV
><DIV
CLASS="sect1"
><HR><H1
CLASS="sect1"
><A
NAME="upgradingfirmware"
></A
>5. Upgrading the firmware</H1
><P
>Before you upgrade, here is a tip the documentation does not mention:
disconnect all the patch cables except the one from the machine you are
using to upgrade the box. Handling a lot of other network traffic while
the firmware load is going on can corrupt the firmware.</P
><P
>There are three ways you can upgrade your Linksys firmware.</P
><P
>One is to click the <SPAN
CLASS="QUOTE"
>"Upgrade firmware"</SPAN
> link on the admin
page. Download the firmware image to the machine your browser runs on,
fill in the field that says <SPAN
CLASS="QUOTE"
>"Please select a file to
upgrade:"</SPAN
>, click the Upgrade button, and have the right thing
happen. This is the least error-prone procedure and is recomended.</P
><P
>Another way is to use one of Linkys's firmware-upgrade floppy images
from their website. This requires that you boot Windows or use
WINE. Not recommended.</P
><P
>The third way is to use <SPAN
CLASS="application"
>tftp</SPAN
>. This is how
I did it the first time, before Linksys added the <SPAN
CLASS="QUOTE"
>"Upgrade
firmware"</SPAN
> to the firmware, and I document it here for completeness
even though I now recommend their upgrade method. There is a tftp client
included with Red Hat Linux. To upgrade your firmware this way, do the
following steps:</P
><DIV
CLASS="procedure"
><OL
TYPE="1"
><LI
><P
><EM
>Write down your settings.</EM
> The
firmware upgrade may wipe some of them. Older versions nuked
everything back to factory defaults; newer versions preserve
your basic settings but clear some advanced ones.</P
></LI
><LI
><P
><EM
>Download a copy of the new firmware.</EM
>
Follow the Downloads link from the Linkys main page. Note that
what you get may well be marked <SPAN
CLASS="QUOTE"
>"For Windows Users"</SPAN
> and be a
zip archive. Open it in a scratch directory, because it will rudely create
several Windows files wherever you unpack it. The file you need will be
called <TT
CLASS="filename"
>CODE.BIN</TT
>.</P
></LI
><LI
><P
><EM
>Disable the router password.</EM
> Note
that every attempt I made to do this with Mozilla failed (both under 1.38
and 1.44). Konqueror worked fine, and Firefox works fine with the 2.x
firmware. Go to the Password tab, backspace over both sets of asterisks
until both the Password and Confirm fields are blank, and click
Apply.</P
></LI
><LI
><P
><EM
>Cross your fingers and load the
firmware.</EM
> The command session you want will to see will look
something like this, with your router's IP address substituted for
192.168.1.1:</P
><TABLE
BORDER="0"
BGCOLOR="#E0E0E0"
WIDTH="100%"
><TR
><TD
><FONT
COLOR="#000000"
><PRE
CLASS="screen"
>&#13;tftp 192.168.1.1
tftp&#62; binary
tftp&#62; put code.bin
Sent 386048 bytes in 10.3 seconds
tftp&#62;
</PRE
></FONT
></TD
></TR
></TABLE
><P
>Don't panic if the client hangs for a bit before returning and
<EM
>do not abort the transfer</EM
>. The command is
writing to firmware, and the Linksys hasn't got much of a brain.
Wait for it to finish.</P
></LI
><LI
><P
><EM
>Re-enable your router password and other
settings.</EM
> You'll be able to tell the upgrade worked because
the firmware version number will have changed.</P
></LI
></OL
></DIV
><P
>You're done.</P
></DIV
><DIV
CLASS="sect1"
><HR><H1
CLASS="sect1"
><A
NAME="AEN203"
></A
>6. Hacking the hardware</H1
><P
>Linksys boxes have firmware support for a serial console. The circuit
board has traces for two serial ports, but you have to do some fairly
serious modding to get them working. <A
HREF="http://www.rwhitby.net/wrt54gs/serial.html"
TARGET="_top"
>This page</A
> will
show you how.</P
></DIV
><DIV
CLASS="sect1"
><HR><H1
CLASS="sect1"
><A
NAME="AEN207"
></A
>7. Hacking the software</H1
><P
>Linksys routers run Linux from firmware. Linksys supplies source
code on its site; look for "GPL Code Center" under technical
support.</P
><P
>There are several replacements for the WRT54G firmware. All
add certain common features such as (a) the capability to ssh into the
Linux running on the box, (b) European WiFi channels, and (c) VPN
service.</P
><P
></P
><DIV
CLASS="variablelist"
><DL
><DT
><A
HREF="https://sourceforge.net/projects/wifi-box/"
TARGET="_top"
>Wifi-Box</A
></DT
><DD
><P
>&#13;Supports SNMP/mrtg. Said to have a good interface, convenient for home use.
</P
></DD
><DT
><A
HREF="http://www.sveasoft.com/modules/phpBB2/"
TARGET="_top"
>SveaSoft</A
></DT
><DD
><P
>&#13;Intended for Wireless ISPs, lots of stuff for routing and repeater operation.
Open source, but you can buy support and private-release subscriptions.
This outfit has been slammed for GPL noncompliance and apparently lost
a lot of the good reputation it used to have.
</P
></DD
><DT
><A
HREF="http://dd-wrt.com"
TARGET="_top"
>DD-WRT</A
></DT
><DD
><P
>&#13;A fork of the SveaSoft codebase from a few years back.
</P
></DD
><DT
><A
HREF="http://openwrt.org/"
TARGET="_top"
>OpenWRT</A
></DT
><DD
><P
>&#13;Workbench for people who want to experiment with their own customizations.
Provides a framework and a set of modular packages supporting particular
features.
</P
></DD
><DT
><A
HREF="http://www.hyperdrive.be/hyperwrt/index.php?page=home-page"
TARGET="_top"
>HyperWRT</A
></DT
><DD
><P
>&#13;Starts from the Linksys 3.01.3 firmware and adds a handful of features.
Might be useful for those comfortable with the Linksys interface.
</P
></DD
><DT
><A
HREF="http://www.batbox.org/wrt54g-linux.html"
TARGET="_top"
>http://www.batbox.org/wrt54g-linux.html</A
></DT
><DD
><P
>&#13;Another hacker's workbench, this one runs from RAMdisk so you don't have to
reflash the box. Thus there's no chance of trashing your router. The
disadvantage is that it has to be reloaded each time after you power-cycle.
</P
></DD
></DL
></DIV
><P
>Any of these can be installed using the <A
HREF="#upgradingfirmware"
>firmware upgrade procedures</A
>.</P
><P
>Firmware for other Linksys hardware (notably the WAP54G) can be found
<A
HREF="http://www.dslreports.com/faq/10537"
TARGET="_top"
>here</A
> and <A
HREF="http://www.linksysinfo.org/modules.php?name=Downloads&d_op=viewdownload&cid=15"
TARGET="_top"
>here</A
>.</P
><P
>For a look at the techniques used to develop these firmware
alternatives, there's an interesting site on <A
HREF="http://seattlewireless.net/index.cgi/LinksysWrt54g"
TARGET="_top"
>hacking the
Wrt54g</A
> by Seattle wireless.net.</P
></DIV
><DIV
CLASS="sect1"
><HR><H1
CLASS="sect1"
><A
NAME="Utilities"
></A
>8. Utilities</H1
><P
>There is a Unix utility called <SPAN
CLASS="application"
>linksysmon</SPAN
>
that talks with these boxes via SNMP. Look at the <A
HREF="http://woogie.net/projects/linksysmon/"
TARGET="_top"
>Linksysmon project
site</A
>.</P
><P
>Linksysmon is a tool for monitoring Linksys BEFSR41 and BEFSR11
firewalls under Linux and other Unix-like operating systems. It accepts
log messages from the Linksys, and logs the messages to
<TT
CLASS="filename"
>/var/log/linksys.log</TT
>. It handles the standard activity
logs, as well as the <SPAN
CLASS="QUOTE"
>"secret"</SPAN
> extended logging, and can handle
logs from multiple firewalls. When using extended logging, it can detect
external IP address changes (if you are using either DHCP or PPPOE) and can
call an external program to process the change.</P
><P
>Link-n-Log is a similar tool that includes a GUI and logs to an SQL
database. Details at the <A
HREF="http://link-n-log.sourceforge.net/"
TARGET="_top"
>Link-n-Log project
page</A
>.</P
></DIV
><DIV
CLASS="sect1"
><HR><H1
CLASS="sect1"
><A
NAME="ts-tips"
></A
>9. Troubleshooting tips</H1
><DIV
CLASS="sect2"
><H2
CLASS="sect2"
><A
NAME="catatonia"
></A
>9.1. Occasional catatonia and epilepsy</H2
><P
>Linksys boxes freeze up occasionally (once every few months) and
have to be power-cycled. Suspect this is happening if your outside
Web access suddenly stops working; ping the Linksys box to check.</P
><P
>These catatonic episodes may be related to dirty power; at least,
they seems to happen more frequently in association with electrical storms
and brownouts. If you think this has happened, just pull the power
connector out of the back and plug it back in. The Linksys should reboot
itself within 30 seconds or so.</P
><P
>There is a more severe failure mode that I've only seen once; it's
more like an epileptic seizure than catatonia, and involves strange blink
patterns on the Link, Collision, and 100Mbit diagnostic lights (the 100Mbit
light should not normally ever blink).</P
><P
>If this happens, power-cycling the Linksys won't suffice; you'll have
to hard-reset the thing. Some versions (like the BEFSR41) have a reset pin
that you poke with a paperclip end through a small hole in the front panel
labeled Reset. Some versions (like the BEFW11S4 and WRT54G) have a reset
button on the back. You have to hold these down for about thirty seconds
to hard-reset the nonvolatile RAM. This will lose your configuration
settings.</P
></DIV
><DIV
CLASS="sect2"
><HR><H2
CLASS="sect2"
><A
NAME="mozillaquirks"
></A
>9.2. Mozilla interface quirks under 1.38 and earlier firmware</H2
><P
>Linksys blue boxes have a webserver embedded in their firmware.
The normal way to administer one is to point a browser at its IP
address on your network. You program the box by filling out HTML
forms.</P
><P
>This is a nice bit of design that neatly avoids having OS-specific
client software. But some older versions of the webserver firmware have a
quirk that interacts with a bug in Mozilla (at least at release 1.0.1) to
make the interface almost unusable. Fortunately, the recovery procedure is
trivial. This bug was known to be present as late as 1.40, and also
interfered with Netscape; it is absent in 1.44 and a good reason to
upgrade. We have a report that Mozilla 1.3 fails with 1.43, so whatever
change fixed the problem likely came in with 1.44.</P
><P
>The symptom you're likely to see is a broken-image icon at the
upper left hand corner of each page. The broken image is a series of
file-folder tabs for an image map. That image map is how you get to
the other web pages.</P
><P
>You can recover by right-clicking on the broken-image icon.
Select <SPAN
CLASS="QUOTE"
>"View Image"</SPAN
>, then back out. This will build the
image map correctly.</P
><P
>You will almost always have to do this on the first page,
but it often won't trigger on later page loads.</P
><P
>Here's what's going on. Mozilla tries to stream multiple
concurrent requests at the webservers it talks to in order to speed up
page loading. The dimwitted little firmware webserver in the Linksys is
only single-threaded and doesn't handle concurrent requests. So there's
a race condition. When you hit the window just right, you get an
aborted request and a broken graphic.</P
><P
>Most other browsers are immune to this problem. Konqueror
doesn't trigger it. Neither does Internet Explorer.</P
></DIV
></DIV
><DIV
CLASS="sect1"
><HR><H1
CLASS="sect1"
><A
NAME="resources"
></A
>10. Related Resources</H1
><P
>There's a large user-community website at <A
HREF="http://www.linksysinfo.org/"
TARGET="_top"
>LinksysInfo.org</A
>. It includes
news, support forums, and custom firmware downloads.</P
><P
>There is a Linksys tips and tricks <A
HREF="http://www.dslreports.com/faq/linksys"
TARGET="_top"
>FAQ</A
>; it's mostly
Windows stuff, but a few of the war stories may be useful.</P
></DIV
></DIV
></BODY
></HTML
>
Reference in New Issue View Git Blame Copy Permalink