Comments on: Iptables On A Linksys-Cisco WRT54GL Broadband Router HOWTO

By: RemoteRoot » Blog Archive » Cheap Linux Firewall - IPTables on the WRT54G

Wed, 18 Jul 2007 17:43:15 +0000

[...] for upgrading your router to DD-WRT can be found at James Stephens Blog or on the DD-WRT wiki under [...]

By: Alex

Alex — Mon, 16 Jul 2007 02:06:27 +0000

I need help with a WRT54G v.6, after a bad f/w flash router is bricked (power failure)during flash, was converting to DD-WRT. tried all the safe ways to restore to no avail.
I have done as the following:
Reset router with a flash pin grounding
Assigned static IP address to computer, and set speed to 10/ half MPB
Conected stand alone D-Link 10/100 ethernet switch conected, adsl modem, router, and computer
Held reset button 30 sec. pulled the power cord.
Powered off router 10sec.
Powered on
Ping -t 192.168.1.1 recieve Reply from 192.168.1.1: bytes =32 time=1ms TTL=64
Uploaded recent Linksys F/W with tftp.exe from Linksys
says “upload success”, waited 10-15 mins, but does not reboot itself, power light continues to blink.
pushed reset again, and powered off, and on, light still flashing?
My question is it toast, or did I do something wrong?
Please help if you can.
Thanks
ALex

By: Joe

Joe — Mon, 09 Jul 2007 20:15:41 +0000

Can someone tell me how to configure this for PPPoe?

By: Seo Elite Reviews

Seo Elite Reviews — Tue, 05 Jun 2007 01:19:29 +0000

Having just purchased the 54GL I have to say it was a big let down.

Why?

Because it very quickly became my door brick. Plugged it in, turned it on, bios fried, didn’t even boot past initial saftey check’s.

Can’t even ftp into the thing to flash it.

So back to the factory for this one. I have bookmarked this site though for when I get an actual working one.

Cheers
Marc

By: Dave

Dave — Sun, 20 May 2007 07:01:33 +0000

James,

Thanks, this helped me.

folks, don’t forget to make the script executable:

chmod 755 /jffs/iptables.fw
nvram commit

James,

I am curious why you set the default policies to ACCEPT just after the sleep? (I see they are set to DROP later, but not sure if there is some reason behind temporarily setting them to ACCEPT)

By: Moha

Moha — Mon, 16 Apr 2007 21:36:29 +0000

(doubble -) in front of –-ttl-set

By: Moha

Moha — Mon, 16 Apr 2007 21:35:14 +0000

I would like to change the ttl value. I added the line:
iptables -t mangle -I PREROUTING -i ppp0 -j TTL –-ttl-set 10 (it should be — in front of ttl-set) But the TTl does not change, whe I ping on the client. Can someone tell me what should I do.
Thank’s!

By: ap1000

ap1000 — Wed, 24 Jan 2007 14:33:32 +0000

Great manual! The only problem I had was flushing of the firewall rules - didn’t work for me. The rules were appended, so I came out with both old and new set together each time. I ended up replacing the flushing loop with:
iptables -F
iptables -X
iptables -t nat -F
iptables -t nat -X
iptables -t mangle -F
iptables -t mangle -X

That works - at least for me

By: pacooo

pacooo — Sat, 13 Jan 2007 08:31:39 +0000

How to change firmware of WRT54GS v6 with serial number CGN9…
How to change ttl=1
Because v5 and v6 of this router are different with little less flash ram I have to try everything and only this works great. Here are the few steps:

 Download [vxworks_prep_gs_v03.zip] and extract.
 Download and extract [vxworks_killer_gs_v08.zip]
 Download [DD-WRT micro generic]. You may want to check [DD-WRT] to make sure there isn’t a newer version than v23 SP2. Do not use the one labelled ‘WRT54G’ or ‘WRT54GS’, use the ‘generic’ version.
 If you don’t know how to use (or don’t have) a console mode TFTP tool (i.e. tftp.exe), download the [Linksys TFTP transfer tool].
 You will want to assign your network adaptor a manual IP address, since you may loose your automatically configured one and have trouble TFTP’ing the firmware. It’s done at the properties dialog of your network connection, in the ‘Internet Protocol (TCP/IP)’ properties.
 Go to your router’s web based interface and enter the ‘Administration’ tab. Then select ‘Firmware Upgrade’ and choose the vxworks_prep_gs_v03.bin file. Hit apply. After a minute, your browser window will go blank. At this point, power cycle your router.
 Again point your web browser to http://192.168.1.1. You’ll see a different sort of firmware upgrade screen. This is the Management Mode. Select and apply the vxworks_killer_gs_v08.bin firmware upgrade. WAIT for your browser window to turn to report ‘Success’. Have troubles? Try a different web browser, the http daemon in management mode is very finicky.
 Now unplug the power cord of your router, then plug it back in. The power LED should now be blinking.
 Now you need to do a binary mode TFTP transfer of DD-WRT micro generic to your router. To do this you can use the Windows TFTP console mode utility, the Linksys TFTP Windows GUI utility, or some other TFTP client.
 Do NOT reboot your router after TFTP’ing, this will happen automatically. It takes a couple minutes after the TFTP transfer finishes for the firmware to actually be flashed.

Finalizing
 After your router reboots itself following the TFTP transfer, you should have access to the DD-WRT’s HTTP interface at 192.168.1.1
 Congratulations, you’re now running DD-WRT micro! This was a one tim operation, future firmware updates do not require this process.
 If you have problems, please visit an appropriate user forum to get aid from your fellow users. There are many common problems, and common solutions. I suggest the forums at [dd-wrt.com].
 Remember, the default username and password for a new DD-WRT flash is:
username: root
password: admin

How to TTL=1 to TTL=10:
In the COMMANDS menu add this line in FIREWALL:

iptables -t mangle -I PREROUTING -i ppp0 -j TTL –ttl-set 10

If you have more questions email me: pacooo@abv.bg

By: Nick Berardi

Nick Berardi — Mon, 20 Nov 2006 16:37:29 +0000

~ # nvram set rc_firewall=”
iptables -A PREROUTING -p tcp -m tcp -d 172.16.16.200
–dport 8080 -j DNAT –to-destination 192.168.1.1:80″
~ # nvram commit

That didn’t work because you need

/usr/sbin/iptables instead of just iptables