Sveasoft Manual
Upcoming SlideShare
Loading in...5
×
 

Sveasoft Manual

on

  • 2,886 views

 

Statistics

Views

Total Views
2,886
Views on SlideShare
2,886
Embed Views
0

Actions

Likes
0
Downloads
6
Comments
0

0 Embeds 0

No embeds

Accessibility

Categories

Upload Details

Uploaded via as Adobe PDF

Usage Rights

© All Rights Reserved

Report content

Flagged as inappropriate Flag as inappropriate
Flag as inappropriate

Select your reason for flagging this presentation as inappropriate.

Cancel
  • Full Name Full Name Comment goes here.
    Are you sure you want to
    Your message goes here
    Processing…
Post Comment
Edit your comment

Sveasoft Manual Sveasoft Manual Document Transcript

  • Sveasoft Manual Alchemy Firmware For the Linksys WRT54G and WRT54GS wireless routers
  • Sveasoft Firmware Guide for WRT54G 4 Hardware 4 Net Diagram of the WRT54G 4 The GUI 10 Basic Configuration 11 WAN (Internet) Supported Connections 11 Router 13 DHCP 14 Time Settings 15 MAC Address Cloning 17 Cloning the MAC Address 17 Finding the MAC Address 17 Advanced Routing 19 Wireless Settings 20 Basic Settings 20 Security 21 MAC Filter 23 Advanced Settings 24 WDS 26 WDS Quick Setup Guide 27 Security and VPN Settings 32 Firewall 32 VPN 33 Application and Gaming 34 Port Range Forwarding 34 DMZ 35 Administration 36 Management 36 Log 37 Diagnostics 38 Factory Defaults 39 2
  • Firmware Upgrade 40 Status 41 Router Information 41 Internet 42 Local Network 43 Wireless 44 Part 2: The Command Line Shell 45 3
  • Sveasoft Firmware Guide for WRT54G Hardware Net Diagram of the WRT54G (Thanks to pribeiro @net.ipl.pt) Here is a comment on the above diagram by the author: http://www.seattlewireless.net/index.cgi/LinksysWrt54g#head- 7eb5292f6d828986548ff4e8f574eae34d47cda6 "Here goes my view of the network architecture of the WRT54G (and other clones) A hardware switch with 5 ports, 4 are the external lan ports (1 to 4), the fifth is connected to the "router" module that has 3 ports (eth0, eth1 and eth2, in Linux terms), eth0 made the connection to the switch module, eth1 is the WAN port that connects to the outside world (ADSL, CABLE, etc.) and finally eth2 connect to the wireless module ... Have you missed something ??? I hope so, if you question is "eth2 and eth0 aren't in the same layer2 lan ?", that's the right point! eth2 and eth0 seem to be software bridged by the Linux kernel an act as a unique L3 interface as "br0". This is a nice thing, in the future we probably can split the wireless (eth2) and the switch (eth0) and do a better control of the traffic (iptables) between them. PS: Sorry for my bad English! -- pribeiro @net.ipl.pt " Note #1: the default configuration for this device is to have a bridge between the wireless (WLAN)(eth2) and the switch (LAN)(eth0). This means the WLAN and LAN will be using the same IP subnet and DHCP server (unless you manually change from the linux command line). Note #2: the WAN(Wide Area Networking)(eth1) port is labelled "Internet" on the v1 and v2 WRT54G's Four versions of the router exist: version 1.0, version 1.1, version 2.0, and WRT54GS v2.0S. The firmware is binary compatible with the first three versions. The WRT54GS's firmware in its default configuration is too big to fit in the EEPROM inside the earlier three versions, although Sveasoft 4
  • has managed to modify it to fit. More info and discussion: http://www.sveasoft.com/modules/phpBB2/viewtopic.php?t=742 5
  • WRT54G V1.0 • BCM4702 MIPS CPU • BCM4306 802.11a/b/g MAC processor • BCM2050 802.11b/g radio transceiver • MAC processor and radio unit on separate mini-PCI card • 125 MHz MIPS processor • 4MB Flash EEPROM • 16MB RAM • integrated 5 port Ethernet switch (4 external ports, 1 connected internally) • 1 external Internet/WAN port • 5 volt 2 amp power supply (10 watts) • internal photos http://seattlewireless.net/mattw/photos/linksyswrt54g/gallery/ WRT54G V1.1 • BCM4702 • BCM4306 • All chips on main board • 125 MHz MIPS processor • 4MB Flash EEPROM • 16MB RAM • integrated 5 port Ethernet switch (4 external ports, 1 connected internally) • 1 external Internet/WAN port • 12 volt 1 amp power supply (12 watts) WRT54G V2.0 • BCM4702, BCM4306, BCM2050 into one chip (BCM4712) • ADM6996L controller datasheet • 200 MHz MIPS processor • 4MB Flash EEPROM • 16MB RAM • integrated 5 port Ethernet switch (4 external ports, 1 connected internally) • 1 external Internet/WAN port • wireless lan interface eth1 - vlan0 • wired lan interface eth0 - vlan1 • onboard pinouts for serial (2 ports) • LED's handled with a bitmask write to /dev/gpio • 12 volt 1 amp power supply (12 watts) WRT54GS V2.0S • BCM4712, Speedbooster chipset • ADM6996L controller (datasheet link) • 200 MHz MIPS processor • 8MB Flash EEPROM • 32MB RAM • integrated 5 port Ethernet switch (4 external ports, 1 connected internally) 6
  • • 1 external Internet/WAN port • Onboard pinouts for serial (2 ports) • 12 volt 1 amp power supply (12 watts) 7
  • Identifying the Router Model Number There are a few ways to find your model number: 1.) via the web interface. Point your browser to http://your.WRT54G's.ip/SysInfo.htm i.e. http://192.168.1.1/SysInfo.htm You should then see something like this with hardware info at the bottom (version 1 and 1.1 may report as 1.x, while 2.0 reports as 2.0): Vendor:LINKSYS ModelName:WRT54G Firmware Version:Satori-pre3-2 v2.02.2.7sv , Mar 21 2004 #:000 Boot Version:v1.5 CodePattern:W54G Country:US RF Status:enabled RF Firmware Version:Satori-pre3-2 v2.02.2.7sv RF Domain:US (channel 1~11) RF Channel:1 RF SSID:() XXX -----Dynamic Information RF Mac Address:00:0C:41:E3:XX:XX LAN Mac Address:00:0C:41:E3:XX:XX WAN Mac Address:00:0C:41:E3:XX:XX Hardware Version:1.x 8
  • 2.) look at the sticker on the bottom of the router. Be aware that the packaging box it came in may indicate a different version. You can identify the router version based on the serial number on the box. " http://www.dslreports.com/forum/remark,9471112mode=flat and http://www.dslreports.com/forum/remark,9463214mode=flat state that the version 2 would also come in a version 1.1 box." The version would be recognizable by the serial number: CDF5XXXX is version 2 CDF4XXXX and lower are v1.1 or version 1" CDF1XXXX is version 1 Reference: http://groups.yahoo.com/group/WRT54G/message/1581 (I (hkazemi) personally bought a WRT54G v2.0 and it came in a box with packaging labelled v1.1. I also have a v1.0 and its serial number began with CDF1XXXX.) 3.) via the command line (shell) interface you can look at the results of the 'ifconfig' command. If you see a vlan0 and vlan1 interface then you have a v2, not a v1.0/v1.1. 4.) via the command line (shell) interface you can look at the results of the 'dmesg' command. You can look at the cpu speed and memory size information to identify whether you have a v1/v1.1, v2, or GS. References: http://www.sveasoft.com/modules/phpBB2/viewtopic.php?t=974 (Thanks to Trix who pointed out this method!) http://www.dslreports.com/forum/remark,9664195mode=flat http://www.dslreports.com/forum/remark,9325788mode=flat?hilite=WRT54G+version http://www.smallnetbuilder.com/ProductOpinions-WRT54G.php Eth interface differences between the versions: v1.0/1.1 and v2.0 'et' distinction http://sveasoft.com/modules/phpBB2/viewtopic.php?t=191 Power supply info references: http://www.sveasoft.com/modules/phpBB2/viewtopic.php?t=967 http://www.sveasoft.com/modules/phpBB2/viewtopic.php?t=482 More detailed information is on the Seattle Wireless WRT54g page. 9
  • The GUI The Sveasoft firmware is based on various versions of Linksys firmware, and as such the GUI/web interface is also a derivative of the standard version. Hence some of what is mentioned in the GUI section may be very similar to what is provided in the built-in router documentation. • Basic configuration information (WAN settings, IP addresses, etc.) ! WAN (Internet) Supported Connections: Basic configuration (WAN/Internet, IP addresses, etc.) ! Router: IP Gateway Setup ! DHCP: IP Allocation ! Time Setting: Router Time Zone ! DDNS: Dynamic DNS (a persistent hostname that automatically points to your dynamic IP) ! Mac Address Cloning: Configure your WRT54G to spoof your current MAC (required by some ISPs) ! Advanced Routing: Advanced Internet routing (OSPF, static routes, etc) • Wireless Settings related to wireless networking (network ID, encryption, WDS, etc.) ! Basic Settings: Basic wireless network settings, required to operate (network ID, channel, etc) ! Security: Settings that control wireless encryption and authentication ! MAC Filter: Additional security settings allowing one to limit access to a few specific wireless cards ! Advanced Settings: Miscellaneous settings that govern the wireless system (antenna diversity, transmission power, etc) ! WDS: Settings that control the Wireless Distribution System, allowing you to connect wirelessly to other access points to extend your network footprint • Security and VPN settings ! Firewall: Enable and configure the built in firewall ! VPN: Enable the VPN pass-through for different protocols • Application & Gaming: Port forwarding and DMZ configuration ! Port Range Forwarding: Forward external ports to computers on your LAN ! DMZ: Make the router forward all the ports to any computer on your LAN • Administration: WRT54G management (system options, firmware upgrades, etc.) ! Management: Enable and configure advanced features ! Log: Enable different logging options on the router ! Diagnostics: Run command shell commands ! Factory Defaults: Reset your router to the factory defaults ! Firmware Upgrade: Upgrade your router's firmware • Status: Current system status (and client listings) ! Router: Router and Internet connection status ! LAN: LAN interface and DHCP status ! Wireless: Wireless related information such as Channel, mode, signal strength, etc. 10
  • Basic Configuration WAN (Internet) Supported Connections Most users purchase the WRT54G to connect a network to the Internet, regardless of whether they operate small (1 AP) or large (2+ AP) networks. This section discusses the steps necessary to connect a single WRT54G to the Internet using the WAN port. ADD NOTE ABOUT LINKS TO SETTING UP WDS OR CLIENT MODE HERE. The Sveasoft firmware can utilize the following configurations on the WAN port (labelled "Internet"): • Automatic Configuration DHCP: this is the setting utilized by most broadband providers. If DHCP is selected, the WRT54G requests its configuration information from your Internet provider. Typically, when using DHCP, your IP address will change periodically. Consider using a Dynamic DNS service if you wish to be able to access your network using the same name, regardless of what your actual IP is. • Static IP: Users who have been assigned IP addresses by their provider can enter that information manually by selecting this option. Users who are unsure should default to DHCP (which is the default factory setting), as static IP settings may cause problems with your connection. • PPPoE (Point-to-Point Protocol over Ethernet)__1: Some providers (usually DSL providers) require users to connect using PPP on top of their Ethernet connection. If your provider requires this combination, you must select this option. • PPTP (Point-to-Point Tunnelling Protocol)__2: PPTP allows users to tunnel their information securely to a remote destination. This configuration is not typically required by an Internet provider, although some providers utilize PPTP connections to provide power users with "public IP" addresses. Unless your provider has specifically mentioned this service or you are a power user (who isn't likely to read this document), it is safe to ignore this option. 11
  • • Heart Beat Signal (Australian ISP, Telstra Bigpond's Login tool)__3 These types can be selected from the drop-down menu next to Internet Connection. The information required and available features will differ depending on what kind of connection type you select. Some descriptions of this information are included here: Internet IP Address and Subnet Mask - This is the Router's IP Address and Subnet Mask as seen by external users on the Internet (including your ISP). If your Internet connection requires a static IP address, then your ISP will provide you with a Static IP Address and Subnet Mask. Default Gateway - Your ISP will provide you with the Gateway IP Address. User Name and Password - Enter the User Name and Password you use when logging onto your ISP through a PPPoE, PPTP or Heartbeat Signal connection. Connect on Demand - You can configure the Router to disconnect your Internet connection after a specified period of inactivity (Max Idle Time). If your Internet connection has been terminated due to inactivity, Connect on Demand enables the Router to automatically re-establish your connection as soon as you attempt to access the Internet again. If you wish to activate Connect on Demand, click the radio button. If you want your Internet connection to remain active at all times, enter 0 in the Max Idle Time field. Otherwise, enter the number of minutes you want to have elapsed before your Internet connection terminates. MTU - MTU specifies the largest packet size permitted for Internet transmission. Keep the default setting, Auto, to have the Router select the best MTU for your Internet connection. To specify a MTU size, select Manual, and enter the value desired (default is 1400). You should leave this value in the 1200 to 1500 range. (Typical MTU Settings are ADSL = 1492, Ethernet = 1500) Keep Alive Option - This option keeps you connected to the Internet indefinitely, even when your connection sits idle. To use this option, click the radio button next to Keep Alive. The default Redial Period is 30 seconds (in other words, the Router will check the Internet connection every 30 seconds). Note 1 For More Information regarding PPP can be found Here Note 2 For more information regarding PPTP Can be found Here Note 3 Heart Beat Server: The Australian ISP, Bigpond requires a heartbeat packet to be accepted from an ISP owned server to maintain the connection. The IP address of this server must be entered here. Please see the Bigpond Setup page to find out which IP address to use. 2 pages link to SV-Setup-Internet: • SV-Guide • SV-QuickSetupGuide 12
  • Router • IP Address - This is the Router IP Address as seen on the internal LAN. The default value is 192.168.1.1. • Subnet Mask - This is the Router Subnet Mask as seen on the internal LAN. The default value is 255.255.255.0. • Gateway - This is the IP address of the LAN gateway. 13
  • DHCP DHCP Server 1 - Select Enable or if you already have a DHCP server on your network or you do not want a DHCP server, then select Disable. Starting IP Address - Enter a numerical value for the DHCP server to start with when issuing IP addresses. Do not start with 192.168.1.1 (the IP address of the Router). Maximum Number of DHCP Users - Enter the maximum number of PCs that you want the DHCP server to assign IP addresses to. The absolute maximum is 253--possible if 192.168.1.2 is your starting IP address. Client Lease Time - The Client Lease Time is the amount of time a network user will be allowed connection to the Router with their current dynamic IP address. Enter the amount of time, in minutes, that the user will be "leased" this dynamic IP address. Static DNS 1-3 - The Domain Name System (DNS)2 is how the Internet translates domain or website names into Internet addresses or URLs. Your ISP will provide you with at least one DNS Server IP Address. If you wish to utilize another, enter that IP Address in one of these fields. You can enter up to three DNS Server IP Addresses here. The Router will utilize these for quicker access to functioning DNS servers. WINS - The Windows Internet Naming Service (WINS) manages each PC's interaction with the Internet. If you use a WINS server, enter that server's IP Address here. Otherwise, leave this blank. Note 1 - The DHCP server can be turned off from Administration->Management->DHCPd Note 2 - The DNS server can be turned off from Administration->Management->DNSMasq 14
  • Time Settings Select the time zone for your location. If your location experiences daylight savings, leave the checkmark in the box next to Automatically adjust clock for daylight saving changes. It should be noted that the WRT54G does not have a real time clock instead current time is determined via NTP.1 Note 1 - The NTP server can be turned off from Administration->Management->NTP 15
  • DDNS DDNS -- Assigns a fixed host and domain name to a dynamic Internet IP address. It is useful when you are hosting your own website, FTP server, or other server behind the Router. Before using this feature, you need to sign up for DDNS service at www.dyndns.org, a DDNS service provider. DDNS Service To disable DDNS Service, keep the default setting, Disable. To enable DDNS Service, follow these instructions: 1. Sign up for DDNS service at www.dyndns.org, and write down your User Name, Password, and Host Name information. 2. On the DDNS screen, select Enable. 3. Complete the User Name, Password, and Host Name fields. 4. Click the Save Settings button to save your changes. Click the Cancel Changes button to cancel unsaved changes. Internet IP Address - The Router current Internet IP Address is displayed here. Status - The status of the DDNS service connection is displayed here. 16
  • MAC Address Cloning Cloning the MAC Address To clone your network adapter's MAC address onto the Router and avoid calling your ISP to change the registered MAC address, follow these instructions: 1. Select Enable. 2. Enter your adapter's MAC address in the MAC Address field. 3. Click the Save Settings button. Note: To disable MAC address cloning, keep the default setting, Disable. Finding the MAC Address MAC address is a 12-digit code assigned to a unique piece of hardware for identification. Some ISPs require that you register the MAC address of your network card/adapter, which was connected to your cable or DSL modem during installation. If your ISP requires MAC address registration, find your adapter's MAC address by following the instructions for your PC's operating system. Windows 98/Millennium: 1. Click the Start button, and select Run. 2. Type winipcfg in the field provided, and press the OK key. 3. Select the Ethernet adapter you are using. 4. Click More Info. 5. Write down your adapter's MAC address. Windows 2000/XP: 1. Click the Start button, and select Run. 2. Type cmd in the field provided, and press the OK key. 3. At the command prompt, run ipconfig /all, and look at your adapter's physical address. 4. Write down your adapter's MAC address. Mac OS X: 1. Load System Preferences 2. Select the Network pane 3. On the top combo box named "Show" select "Built-in Ethernet" 17
  • 4. Select the Ethernet tab and you should see a field called "Ethernet ID" followed by your adapter's physical address. 18
  • Advanced Routing 19
  • Wireless Settings Basic Settings • Wireless Mode - (Client/Access Point1/Adhoc) Router acts as a communication hub for users of a wireless device to connect to a wired LAN. Client mode: This mode is used when we want the WRT54G to be connected to an AP (Access Point) like a client device (i.e. emulate a PCMCIA card or a PCI card). In this mode you cannot connect to the WRT54G that is in client mode using another wireless client device. Also, you may have only one Ethernet device connected on the Ethernet LAN ports (although this single Ethernet device could be a second WRT54G in AP mode. AP mode: This is the default mode. It acts like a half-duplex HUB in the wired networks. Ad-Hoc mode: to be added later... • Network Mode - Select one of the following values according to the type of wireless clients that will be connecting to your network: o Mixed (Default value): If you have Wireless-G and 802.11b devices in your network o G-Only: If you have only Wireless-G devices o B-Only: If you would like to limit your network to only 802.11b devices (The G- clients still can connect) o Disabled: If you want to disable wireless networking • Wireless Network Name SSID - The SSID is the network name shared among all devices in a wireless network. The SSID must be identical for all devices in the wireless network. It is case-sensitive and must not exceed 32 alphanumeric characters, which may be any keyboard character. Make sure this setting is the same for all devices in your wireless network. For added security, Linksys recommends that you change the default SSID (linksys) to a unique name of your choice. • Wireless Channel - Select the appropriate channel from the list provided to correspond with your network settings, between 1 and 14). All devices in your wireless network must use the same channel in order to function correctly. • Wireless SSID Broadcast - When wireless clients survey the local area for wireless networks to associate with, they will detect the SSID broadcast by the Router. To broadcast the Router SSID, keep the default setting, Enable. If you do not want to broadcast the Router SSID, then select Disable. It is recommended to disable it due to security, but if it disabled some "stupid" devices cannot connect. Note 1AP 20
  • Security The router supports four different types of security settings for your network. Wi-Fi Protected Access (WPA) Pre-Shared key, WPA Remote Access Dial In User Service (RADIUS), RADIUS, and Wire Equivalence Protection (WEP). Wireless Security in a Nutshell The Sveasoft WRT54G firmware includes support for several different wireless encryption schemes. Your choice will depend on the modernity of your client hardware and software, and your concern about security and/or the easy ability to allow roaming access. WEP is the oldest and best supported "wireline" encryption available for 802.11b/g. Unfortunately, WEP is hideously insecure. Unless you change keys very frequently, it can be cracked quickly. However, many older 802.11 cards don't support anything but WEP. If this applies to you, you can buy a new card to use WEP. For a discussion about some WPA-upgradeable cards, see http://wifinetnews.com/archives/002875.html. ADD NOTE ABOUT WEP RADIUS SUPPORT HERE? WPA (pre-shared key and RADIUS) are newer attempts to secure wireless communication. Many new cards support this encryption, and it is generally considered to be a step up from WEP, although it is still susceptible to some forms of attack. WPA also adds support for more sophisticated, RADIUS-based, authentication, although it is unlikely that many home users will spend the time to configure the software necessary to support it. See http://www.hackfaq.org/wireless-networks/wpa-wi-fi-protected-access.shtml for more discussion. Because your Internet traffic is transmitted to anyone within range who cares to listen, it is always a better idea to use application-level encryption when communicating sensitive data (SSL, SSH, etc). Also remember, the more security you add, the harder time your authorized visiting users will have configuring it. 21
  • Available wireless encryption schemes • WPA Pre-Shared Key - There are two encryption options for WPA Pre-Shared Key, TKIP and AES. TKIP stands for Temporal Key Integrity Protocol. TKIP utilizes a stronger encryption method and incorporates Message Integrity Code (MIC) to provide protection against hackers. AES stands for Advanced Encryption System, which utilizes a symmetric 128-Bit block data encryption. To use WPA Pre-Shared Key, enter a password in the WPA Shared Key field between 8 and 63 characters long. You may also enter a Group Key Renewal Interval time between 0 and 99,999 seconds. • WPA RADIUS - WPA RADIUS uses an external RADIUS server to perform user authentication. To use WPA RADIUS, enter the IP address of the RADIUS server, the RADIUS Port (default is 1812) and the shared secret from the RADIUS server. • RADIUS: RADIUS utilizes either a RADIUS server for authentication or WEP for data encryption. To utilize RADIUS, enter the IP address of the RADIUS server and its shared secret. Select the desired encryption bit (64 or 128) for WEP and enter either a passphrase or a manual WEP key. • WEP: There are two levels of WEP encryption, 64-bit and 128-bit. The higher the encryption bit, the more secure your network, however, speed is sacrificed at higher bit levels. To utilize WEP, select the desired encryption bit, and enter a passphrase or a WEP key in hexadecimal format. 22
  • MAC Filter The Wireless MAC Filters feature allows you to control which wireless-equipped PCs may or may not communicate with the Router's depending on their MAC addresses. To disable the Wireless MAC Filters feature, keep the default setting, Disable. To set up a filter, click Enable, and follow these instructions: 1. If you want to block specific wireless-equipped PCs from communicating with the Router, then keep the default setting, Prevent PCs listed from accessing the wireless network. If you want to allow specific wireless-equipped PCs to communicate with the Router, then click the radio button next to Permit only PCs listed to access the wireless network. 2. Click the Edit MAC Filter List button. Enter the appropriate MAC addresses into the MAC fields. 3. Click the Save Settings button to save your changes. Click the Cancel Changes button to cancel your unsaved changes. Click the Close button to return to the Advanced Wireless screen without saving changes. Note: For each MAC field, the MAC address should be entered in this format: xxxxxxxxxxxx (the x's represent the actual characters of the MAC address). Note: For information on how to find your interface's MAC address, see the Mac Address Cloning page. 23
  • Advanced Settings • Authentication Type - The default is set to Auto, which allows either Open System or Shared Key authentication to be used. For Open System authentication, the sender and the recipient do NOT use a WEP key for authentication. For Shared Key authentication, the sender and recipient use a WEP key for authentication. If you want to use only Shared Key authentication, then select Shared Key. • Basic Rate - The default value is set to Default. Depending on the wireless mode you have selected, a default set of supported data rates will be selected. The default setting will ensure maximum compatibility with all devices. You may also choose to enable all data rates by selecting ALL. For compatibility with older Wireless-B devices, select 1-2Mbps. • Transmission Rate - The default setting is Auto. The range is from 1 to 54Mbps. The rate of data transmission should be set depending on the speed of your wireless network. You can select from a range of transmission speeds, or keep the default setting, Auto, to have the Router automatically use the fastest possible data rate and enable the Auto-Fallback feature. Auto-Fallback will negotiate the best possible connection speed between the Router and a wireless client. • CTS Protection Mode - The default value is set to Disabled. When set to Auto, a protection mechanism will ensure that your Wireless-B devices will connect to the Wireless-G Router when many Wireless-G devices are present. However, performance of your Wireless-G devices may be decreased. • Beacon Interval - The default value is 100. Enter a value between 1 and 65,535 milliseconds. The Beacon Interval value indicates the frequency interval of the beacon. A beacon is a packet broadcast by the Router to synchronize the wireless network. • DTIM Interval - The default value is 1. This value, between 1 and 255 milliseconds, indicates the interval of the Delivery Traffic Indication Message (DTIM). A DTIM field is a countdown field informing clients of the next window for listening to broadcast and multicast messages. When the Router has buffered broadcast or multicast messages for 24
  • associated clients, it sends the next DTIM with a DTIM Interval value. Its clients hear the beacons and awaken to receive the broadcast and multicast messages. • Fragmentation Threshold - This value should remain at its default setting of 2346. The range is 256-2346 bytes. It specifies the maximum size for a packet before data is fragmented into multiple packets. If you experience a high packet error rate, you may slightly increase the Fragmentation Threshold. Setting the Fragmentation Threshold too low may result in poor network performance. Only minor modifications of this value are recommended. • RTS Threshold - This value should remain at its default setting of 2347. The range is 0- 2347 bytes. Should you encounter inconsistent data flow, only minor modifications are recommended. If a network packet is smaller than the preset RTS threshold size, the RTS/CTS mechanism will not be enabled. The Router sends Request to Send (RTS) frames to a particular receiving station and negotiates the sending of a data frame. After receiving an RTS, the wireless station responds with a Clear to Send (CTS) frame to acknowledge the right to begin transmission. • TX Antenna - Transmit via which Antenna (Auto / Left / Right) • RX Antenna - Receive via which Antenna (Auto / Left / Right) • Xmit Power - Expressed as Milliwatts, Default being 28, maximum being 84. Some have reported that running Transmission power @ 84mw will put undue strain on the router, and/or degrade everyday traffic. Others report no problems at 84 mw. Consensus recommendation is somewhere ~48-64mw, your mileage will vary. 25
  • WDS • WDS_Link #x - This is only to identify your WDS link. The wds0.2 virtual interface is WDS Link #1, the wds0.3 virtual interface is WDS Link #2 and so on... • Mac_Address - This is where you enter the MAC address of the router's wireless interface that you are connecting to. This can be found either through the WEB interface (admin --> STATUS --> Wireless) or by incrementing the last digit of the MAC which is located bottom of the router by 2 (in HEX). • IP_Address - This setting is to configure the ip address for the WDS interface itself. It is recommended to use a different subnet than your local network. • Subnet_Mask - This is the WDS interface netmask for the above ip configuration. The value should be 255.255.255.252, other values have caused issues with WDS setup. In particular, do not use the same subnet mask as your local network if you are putting your WDS IP addresses in a subset of the subnet of your local network (i.e. If your LAN is network 10.0.0.x/mask 255.255.255.0 don't use 10.0.0.15, 10.0.0.16, and mask 255.255.255.0 for WDS. 10.0.0.15, 10.0.0.16 with mask 255.255.255.252 appeared to work in preliminary testing. If you follow the recommendation not to put your WDS and local network within the same subnet, then this note shouldn't even apply to you.) • Default_Gateway - The Default gateway is the machine that you want as the gateway between the local network (LAN) and the other networks (WAN). This is the default route when packets that are not destined for the local network will be sent down for further processing and delivery. It may be left as 0.0.0.0 ('blank) for basic WDS setups. 26
  • WDS Quick Setup Guide This guide is intended for those who are looking for simple step by step instructions on how to set up WDS using SVEASOFT firmware. This guide should work on Satori-4 firmware and Alchemy Pre3-5 (to include Wolf’s Beta Builds w25 and above) on WRT54G (all versions) and WRT54GS (all versions) Linksys routers. This guide is for a simple WDS network. Its intent is to get you up and running with at least 2 WRT’s with standard equipment. This guide does not include steps for client mode or any advanced routing protocols. This guide does not include instructions on how to flash firmware versions to your WRT(s). This guide assumes that your internet connection is not IP addressed in the 192.168.1.X/24 range. If it is, notes are included on what to do. The following scenario should match most users’ simple network. This scenario creates a WDS link between two WRTs. Sorry, no screen shots. Note: the following terms are synonymous – AP, router and WRT INTRUCTIONS: WRT1 is connected to the internet and WRT2 is your WDS connected AP. Set each router back to factory defaults and flash to Satori-4, Alchemy Pre3_5 or Wolf’s Beta Builds then set to factory defaults again. Next: 1. On WRT1 configure your WAN port to work with your internet modem. This is under (Basic -> Internet Setup). 2. On WRT1 set your LAN (Basic -> Network Setup) settings to 192.168.1.1 with subnet mask as 255.255.255.0. You don't need to worry about a default gateway. Note: If your internet modem gives out address in the 192.168.1.X range then use 192.168.2.1 for your LAN settings and DHCP settings. 3. On WRT1 setup DHCP 4. On WRT1 go to Status -> Wireless and write down that MAC address. 5. On WRT2 go to Basic -> Internet Setup and disable it. Note: If you are using Satori-4 leave the Basic -> Internet Setup to its default (Automatic Configuration-DHCP) as the disable feature was added in Alchemy. Since you are not using the WAN port it really doesn’t matter anyway. 27
  • 6. On WRT2 go to Basic -> Network Setup and address it 192.168.1.2 with the subnet mask as 255.255.255.0 and the default gateway as 192.168.1.1 and disable DHCP Note: If the note for step 2 applies then address 192.168.2.2 with the gateway as 192.168.2.1 and still disable DHCP. 7. On WRT2 go to Status -> Wireless and write down that MAC address. 8. At this point you have the wired WAN and LAN setup on WRT1 and the LAN setup on WRT2. Now let’s work on the Wireless... 9. On WRT1 go to Wireless and set the wireless channel and SSID to what ever you want (for this scenario I will use channel 1 with an SSID of WRT1) 10. On WRT1 go to Wireless -> WDS and disable Lazy WDS (should already be disabled) and choose LAN on the first WDS line and put in the MAC address of WRT2 that you obtained from step 7. 11. On WRT2 go to Wireless and set the wireless channel to the same channel as WRT1 (in this scenario it is channel 1) and the SSID to what ever you want (for this scenario I will set the SSID as WRT2) 12. On WRT2 go to Wireless -> WDS and disable Lazy WDS (should already be disabled) and choose LAN on the first WDS line and put in the MAC address of WRT1 that you obtained from step 4. At this point WDS should be working. You can associate a wireless client to SSID WRT2 and test connectivity to the internet. Additional Notes: I normally setup WDS with the WRTs a few feet apart as to keep my running back and forth to a minimum. That is why I like to use a different SSID on the WDS connected AP. This way I know I am associated with the correct WRT. If it is not working you can keep the client associated with SSID WRT2 but wire (CAT5) a LAN port (not the WAN) from the WRT2 to a LAN port on WRT1. If all your settings (not WDS just regular TCP/IP settings on Basic -> Internet and Basic -> Network) are correct your associated client should connect through to the internet. If the wired connection (CAT5) does not work then troubleshoot your IP settings not WDS. If it does work then you can work on adding other features such as MAC filtering, WEP, power boost, etc. You can even use the same SSID. There are a few threads in the SVEASOFT forums on how to increase the speed of your WDS link. At a minimum I would use Frameburst on both APs. You can use the free “Windows Client/Server Bandwidth Tester” tool to test your speeds across the link. It is available at: www.mikrotik.com/download.html (It’s towards the bottom of the page.) 28
  • This guide should get you familiar with the basics and help you understand WDS. Once you get the basics down there are many advanced features to learn and try. GOOD LUCK! Final Note: If there are any changes or errors in this document, please let me know and so I can keep it as up to date as possible. 29
  • Router #1 (Internet Connection) LAN IP: 192.168.1.1 LAN MASK: 255.255.255.0 LAN Gateway: 192.168.1.1 LAN DHCP enabled starting with 192.168.1.11 and issuing 90 ip's WDS IP: 10.0.0.1 WDS MASK: 255.255.255.252 WDS MAC: Enter the WIRELESS MAC address of router #2 (Status/Wireless Subtab) Router #2 (No WAN Connection - LAN and Wireless Only) LAN IP: 192.168.1.101 LAN MASK: 255.255.255.0 LAN Gateway: 192.168.1.1 LAN DHCP enabled starting with 192.168.1.111 and issuing 90 ip's WDS IP: 10.0.0.2 WDS MASK: 255.255.255.252 WDS MAC: Enter the WIRELESS MAC address of router #1 (Status/Wireless Subtab) 30
  • Q. Does WDS have a lot of overhead and reduce bandwidth? A. Sveasoft wrote: WDS will halve the throughput as it needs to double transmit the data. 802.11b/g are half duplex which means only one side is transmitting at a time. WDS means double transmissions must take place and effectively halves the bandwidth. hkazemi wrote: This should be true for wireless client PCs connected wirelessly to the second WRT54G. Client PCs connected directly via wired ethernet to the second WRT54G shouldn't see the bandwidth cut in half. Reference: http://sveasoft.cyberemail.org/forum/viewtopic.php?t=83 Q. Can I run my WDS links on different subnets in Satori pre3.3? A. Yes...via the shell in pre3.3, probably via the WDS tab in pre3.4 or so: If you want separate subnets in Satori-pre3.3 for your WDS links please add them in the rc_startup script. Code: wl wds none wl wds [MAC 1] [MAC 2] (etc) ip addr [IP 1]/[netmask] dev wds0.2 ip addr [IP 2]/[netmask] dev wds0.3 ... etc ... You will still be able to see the WDS strength in the web interface. You may also want to add "wl wds none" in your rc_shutdown script. Reference: http://www.sveasoft.com/modules/phpBB2/viewtopic.php?t=1026 References: http://www.sveasoft.com/modules/phpBB2/viewtopic.php?t=789 http://www.sveasoft.com/modules/phpBB2/viewtopic.php?t=756 31
  • Security and VPN Settings Firewall • Firewall - Enable / Disable • Block Anonymous Internet Requests - By enabling the Block WAN Request feature, you can prevent your network from being "pinged," or detected, by other Internet users. The Block WAN Request feature also reinforces your network security by hiding your network ports. Both functions of the Block WAN Request feature make it more difficult for outside users to work their way into your network. This feature is enabled by default. Select Disable to disable this feature. 32
  • VPN • IPSec - Internet Protocol Security (IPSec) is a suite of protocols used to implement secure exchange of packets at the IP layer. To allow IPSec tunnels to pass through the Router, IPSec Pass-Through is enabled by default. To disable IPSec Pass-Through, uncheck the box next to IPSec. • PPTP - Point-to-Point Tunnelling Protocol is the method used to enable VPN sessions to a Windows NT 4.0 or 2000 server. To allow PPTP tunnels to pass through the Router, PPTP Pass-Through is enabled by default. To disable PPTP Pass-Through, uncheck the box next to PPTP. • L2TP - Short for Layer Two (2) Tunnelling Protocol, an extension to the PPP protocol that enables ISPs to operate Virtual Private Networks (VPNs). L2TP merges the best features of two other tunnelling protocols: PPTP from Microsoft and L2F from Cisco Systems. Like PPTP, L2TP requires that the ISP's routers support the protocol 33
  • Application and Gaming Port Range Forwarding The Port Range Forwarding screen sets up public services on your network, such as web servers, ftp servers, e-mail servers, or other specialized Internet applications. (Specialized Internet applications are any applications that use Internet access to perform functions such as videoconferencing or online gaming. Some Internet applications may not require any forwarding.) When users send this type of request to your network via the Internet, the Router will forward those requests to the appropriate PC. Any PC whose port is being forwarded to must have a static IP address, either by having its DHCP client function disabled, or by having a static DHCP entry defined (see DHCPd for help on this). Using a dynamic IP address is not recommended, as its IP may change. • Customized Applications - Enter the name of the public service or other Internet application in the field provided. • External Port- Enter the numbers of the External Ports (the port numbers seen by users on the Internet). • TCP/UDP Protocol • IP Address - Enter the FULL IP Address of the PC running the application. • Enable - Click the Enable checkbox to enable port forwarding for the application. 34
  • DMZ The DMZ hosting feature allows one local user to be exposed to the Internet for use of a special- purpose service such as Internet gaming or videoconferencing. DMZ hosting forwards all the ports at the same time to one PC. The Port Forwarding feature is more secure because it only opens the ports you want to have opened, while DMZ hosting opens all the ports of one computer, exposing the computer so the Internet can see it. Any PC whose port is being forwarded must have its DHCP client function disabled and should have a new static IP address assigned to it because its IP address may change when using the DHCP function. 35
  • Administration Management • Router Password - Change the password used to administer the router • Bandwidth Management - Enable and configure Bandwidth Management • Boot Wait - Enable or disable the boot wait feature • Cron - Enable and configure the cron daemon • DHCPd - Enable or disable the DHCP daemon and set static DHCP entries • DNS Masq - Enable or disable the DNS server • Firewall - Enable or disable the system's firewall • NAS • NTP Client - Enable or disable the NTP daemon • PPP • PPTP - Enable and configure the built in PPTP server • Reset Button - Enable or disable the Reset Button daemon • Routing - Configure advanced routing options • SSHD - Enable and configure SSH access to the router • Syslogd - Enable the syslog daemon • Telnet - Enable or disable telnet access to the router • Tftpd - Enable or disable the tftp daemon used to upload new firmware images • UPnP - Enable or disable the UPnP features on the router "The Enable/Disable flags under Administration->Management are designed to be the "master switches" in the system. If you disable anything here it is disabled everywhere." The following was made in regards to the Satori pre3.3 and earlier builds. It may have been implemented in later builds. "I will be moving the few odd parameter settings out of the Enable/Disable area so they will be pure, system-wide off/on settings for the major services." Quoted from Sveasoft on March 28, 2004. Reference: http://www.sveasoft.com/modules/phpBB2/viewtopic.php?t=1033 36
  • Log • Log - The Router can keep logs of all incoming or outgoing traffic for your Internet connection. To keep activity logs, select Enable. To see a temporary log of the Router's most recent incoming traffic, click the Incoming Access Log button. To see a temporary log of the Router's most recent outgoing traffic, click the Outgoing Access Log button. 37
  • Diagnostics • Command Shell Parameters - Click Run to Execute a Script or Busy Box Command 38
  • Factory Defaults • Restore Factory Defaults - Click the Yes button to reset all configuration settings to their default values, and then click the Save Settings button. Note: Any settings you have saved will be lost when the default settings are restored. This feature is disabled by default. 39
  • Firmware Upgrade You should not upgrade the firmware via Wireless. You could break your box. Click Browse, select the binary (.bin), click OK, and then upload. Wait, and DO NOT unplug, or turn off the router. 40
  • Status Router Information • Firmware Version - The version number of the firmware currently installed is displayed here. • Current Time - The current date and time are displayed here (See NTP) • Router Name • Host Name - The Host Name is the name of the Router. This entry is necessary for some ISPs. • Domain Name - The Domain Name is the name of the Router's domain. This entry is necessary for some ISPs. 41
  • Internet • Login Type - The current Internet connection type is displayed here. • IP Address - Internet IP Address • Subnet Mask - Internet Subnet Mask • Default Gateway - Default Internet Gateway • DNS 1, 2, 3 - IP Addresses currently used by the Router are shown here. Multiple DNS IP settings are common. In most cases, the first available DNS entry is used. 42
  • Local Network • MAC Address - The MAC Address of the LAN interface is displayed here. • IP Address and Subnet Mask - The current IP Address and Subnet Mask of the Router, as seen by users on your local area network (LAN), are displayed here. • DHCP Server - The status of the Router's DHCP server function is displayed here. 43
  • Wireless • MAC Address - The MAC Address of the wireless interface is displayed here. • Mode - The Mode of the wireless network is displayed here. • SSID - The SSID of the wireless network is displayed here. • DHCP - The status of the Router's DHCP server function is displayed here. • Channel - The Channel of the wireless network is displayed here. • Encryption Function - The status of the WEP encryption is displayed here. • Clients - Mac address and Signal Strength of Wireless Clients • WDS Signal - Mac Address and Signal Strength of WDS Clients 44
  • Part 2: The Command Line Shell The Sveasoft firmware makes it easy to access your router from a command line shell interface over Telnet, SSH, or even through the web-shell command submission form. If you are interested in using more advanced features and capabilities of your router, or want troubleshoot some problems the web GUI can't help you with, or just plain and simple like using the shell, this section will interest you. As this router runs Linux, the shell is a Linux shell and will respond to Linux shell commands...i.e. 'ls' instead of 'dir', 'ifconfig' instead of 'ipconfig /all', etc. • Shell Documentation 45