James Stephens

January 20, 2006

An Affordable Iptables Firewall – The Linksys-Cisco WRT54GL Or WRT54GS Series Router

Filed under: Iptables — James Stephens @ 8:09 pm

If you are interested in an affordable way to get working with iptables please read on …

In 2003, the Linksys WRT54G broadband router was the first consumer-level network device that had its firmware source code released under the GPL. Since then, Linux hobbyists have been hacking the Linksys WRTG54 series routers and several projects now provide the enhanced firmware for the WRT54G.

A blow arrived for hackers last year, when Linksys-Cisco switched the underlying firmware from Linux to VxWorks, enabling them to half the RAM and Flash and cut production costs. Unfortunately, these “series 5″ versions of the router won’t run Linux.

Thankfully, in October 2005 Linksys-Cisco relented and released the WRT54GL Wireless-G Broadband Router specifically for the Linux community. It is identical to the original “series 4″ WRT54G units that support firmware such as Batbox. This “L series” unit is only available from online retailers such as Amazon.com, and I have noticed even they are in short supply so you may need to keep trying.

An alternative Linux compatible unit is the Linksys WRT54GS Wireless-G Broadband Router with Speedbooster. This model has not been switched to Vxworks (perhaps because it wil be phased out at some point) and retains compatible with hacked firmware. This version of the router differs from the original “series 4″ WRT54G in that it includes the Speedbooster enhancement (follow the product link and scroll down for an explanation of speedbooster).

Both the WRT54GL and WRT54GS units are a great way to get started with iptables via alternative firmware. The DD-WRT aftermarket firmware includes iptables; another possibility is Batbox which comes with a shell script including some example iptables rules.

Update 1/20/06 – WRT54GS converted to VxWorks

A new “series 5″ version of the Linksys WRT54GS Wireless-G Broadband Router with Speedbooster has now been converted to VxWorks. These new models now have only 2MB flash memory and are recognisable by their serial number prefix of CGN7. The older “series 4″ Linux-capable units have a serial number of CGN6.

Update 2/13/06 – WRT54GL On Order

I have finally been able to get my hands on a WRT54GL. Check back in a few weeks and I should have a full report + iptables script posted.

Update 3/21/06 – Finally Working On It ….

I now have a WRT54GL v1.0 unit. It took a while for me to free up resources, but finally I am working through the various firmware options. Batbox has turned out to be a no go, because a hole in the ping function that allowed commands to be run has finally been closed by Linksys. Right now I am working with DD-WRT and it is looking quite promising. More to follow ….

Update 3/24/06 – Done! …

Ok, read all about it here.

2 Comments »

  1. Great information on iptables !

    I just did a new/fresh install of FC5 and needed more
    information on iptables, which is how I found your site.
    I have to say that I find the default configuration of
    iptables for FC5 very poor ! I’m fixing mine now. :)

    Matthew

    Comment by Mathew Tebbens — April 20, 2006 @ 2:05 pm

  2. Great script, as I’ve said before!

    How’ve you found the GL version over a standard WRT54G?

    Thanks,

    Joe.

    Comment by Joe Hancock — June 19, 2006 @ 5:27 pm

RSS feed for comments on this post. TrackBack URL

Leave a comment

You must be logged in to post a comment.

Powered by WordPress

of StatCounter Code -->