HyperWRT Wish List

Discussion in 'HyperWRT Firmware' started by Avenger20, Nov 3, 2004.

  1. Avenger20

    Avenger20 Network Guru Member

    You may write your wish list for the HyperWRT firmware here.

    Keep in mind the goal of this project!
    If it's small and usefull I might add it to HyperWRT. But I'm just doing this as a hobby in my free time, so don't be disappointed if your request doesn't get added. That's all :)
  2. MegaByteNL

    MegaByteNL Network Guru Member


    Static DHCP, please

  3. Avenger20

    Avenger20 Network Guru Member

    I knew this would be the first one :lol:

    It's really a lot of work for something I'm never going to use myself. Maybe that it will get added in the future, but likely not any time soon.

    A quicker way is maybe writing to Linksys to request it. :wink:
  4. Morpheus

    Morpheus Network Guru Member

    WDS :!:

  5. mattosaur4

    mattosaur4 Guest

    Any chance of Firmware that works with the WAG54G

    Any chance of Firmware that works with the WAG54G?
    Specifically a release that gives the antenna strength array of options.

  6. Esquire

    Esquire Mesquire Staff Member Member

    If possible, UPnP Forwarding :wink:

    I've seen a couple of posts asking if this is available in addition to the standard WRT54G UPnP. I certainly love to see something similar so I don't have to rely on Windows XP to configure it (and lose my configurations every time I perform a hard reset).
  7. Guiguyz

    Guiguyz Network Guru Member

    Hi Avenger,

    As someone already expressed somewhere else:

    1/ more control and visibility over the NAT

    - # of entries
    - configurable age-out of entries (don't know how BCM does it, HW or SW)
    - current # of used entries / free entries

    2/ More visibility in general
    - Support of SNMP Traps or Syslog capability

    Just my $.02

  8. dankim831

    dankim831 Network Guru Member

    hey avenger

    great job again. i like how you're trying your best to stick with the official firmware. less problems etc..

    but you think you could atleast add static dhcp. thats the only thing missing from the firmware other than the signal boost which you have.

  9. Pistolero

    Pistolero Network Guru Member

    Thank you for your efforts!

    Hi Avenger,

    Thank you very much for your work on this project. YOU ROCK!

    Just a couple of suggestions:

    Since the syslogd included on the Linksys firmware sucks, would it be possible to either replace it or add one that works to the BatBox package? You could add a lot of features via the BatBox, right?

    Also, would it be possible to get UPnP forwardings to be seen and configured from the web interface, just like the regular port forwardings?

  10. Avenger20

    Avenger20 Network Guru Member

    Re: Thank you for your efforts!

    Linksys is working on UPnP forwardings (there is already some code, but not fully working).

    Syslogd (actually klogd) will get fixed before 2.0 stable
  11. dankim831

    dankim831 Network Guru Member

    avenger do you know if linksys is redoing the upnp interface code? or only adding a configuration page?

  12. loost74

    loost74 Network Guru Member

    my suggestion:

    selection to reset to factory defaults automatically after flashing a new image like in Sveasoft pre 5.4
  13. loost74

    loost74 Network Guru Member

    Implementation of tinyPEAP. It is a very small RADIUS server that supports PEAP authentication (the most secure wireless authentication protocol).
  14. grymwulf

    grymwulf Network Guru Member

    How about a nice simple button on the Management screen that reads ....

    "Reboot Router"
  15. loost74

    loost74 Network Guru Member

  16. cyrano

    cyrano Network Guru Member

    Static DHCP !

  17. ChicoByte

    ChicoByte Network Guru Member

    I request a better QOS for this router. I think it is very dificult to do, but you wanna know our requests... Thats it

  18. Uozzap

    Uozzap Network Guru Member

    Is it possible to configure a wrt in client mode such as Satori ??

    I would connect 2 pc via 2 wrt54gs...
    One of this wrt is connected to Internet..
    How can i do with Wrt?
  19. POMP

    POMP Network Guru Member

    I would like more DDNS Service options, such as No-IP.com. And I second loost74's request for tinyPEAP implementation.
  20. Acid-drop

    Acid-drop Network Guru Member

    What about a sample of the interface of the router for the official webpage.

    Example : http://neoslaker.free.fr/wrt54g/

    I was thinking on that because there is no screenshot link, and the manual link does show only new stuff from HyperWRT, not the whole interface. (and the manual page was not updated for b2).

    Thanks for you job, i appreciate a lot.
    And viva Belgium :)
  21. Wookey

    Wookey Network Guru Member

    Allow 255 in Port Forwards for Broadcasting WOL

    Currently the Port forwards are restricted to 0-254.

    Allowing 255 would enable WOL packets to be broadcast and wake up my computer :)


    Thanks - Keep Up the Great Work
  22. Eric

    Eric Network Guru Member

  23. bakajikara

    bakajikara Network Guru Member

    just doing here a little of copy&paste from a thread i posted in yesterday not knowing that this forum here seems to be Avenger20's homebase :)

    the original post from me was here at dslreports using my not registered name 'fresh-54GS-owner'.

    here we go again:

  24. BinaryTB

    BinaryTB Network Guru Member

    Re: Allow 255 in Port Forwards for Broadcasting WOL

  25. Uozzap

    Uozzap Network Guru Member

    a tool to detect if there is any wireless signal around the router..
    show signal strenght and other infos :)
  26. blackphiber

    blackphiber Guest

    better QoS would be nice, if I have some time I will try to hack away at it myself. Instead of just high and low priority, it would be nice to have some middle ground. And also be able to select a whole range of ports instead of just one.
  27. micheld

    micheld Network Guru Member

    Chillispot last version and brigde function or wds function
  28. samueldg

    samueldg Network Guru Member

    NFS support

    On the first hand: ¡¡great and clean yob!!, I think that if you don't change your develop policy (taking only some features added) you will have a good firmware for many purposes.

    On the second: Sorry for my poor English.

    On the third: A versatile configuraton:
    Think in this system:
    1) NFS server with all snapshot of firmware utils compiled on him.
    2) N wrt's in production system that will upgrade their scripts and configs with cron (and restart scripts)

    Viewing the code, you can add NFS support into wrt kernel sources and busybox without space consumption (only some KB).

    1) You only flash firmware 1 time and you can put your wrt's on anywhere.
    2) If you detect software changes, only need to aply patches, recompile and put binaries in the NFS server, the cron script do the rest (rebuild simlinks, etc...).

    Other side:
    1) You have to do more job configuring the wrt's the first time.

    Please, tell me what do you think about this, I have a version with busybox with modified mount/umount (with NFS support) and kernel with NFS support too, modify them wasn't dificult, but I don't have enoght idea on how to do the rest (I'm a bit newbie in linux systems and I don't know how to implement the scripts that allow me to do this).

    Another question, if you need some help (we are very experienced C/C++ developers) contact with me, we can help you in all you need. I think we can do a free stable firmware based on the original Linksys Firmware.

    Best regards, and, again, ¡¡good stable firmware!!, please, don't add many disfunctional features as other companies, add features bit a bit and maintain the firmware allways stable.
  29. guidob

    guidob Guest


    A local dns option would come in handy. 8)
  30. beeblebrox

    beeblebrox Network Guru Member

    wol support would be awesome
    an interface to send a wakeup on the config pages of the router would be super awesome
  31. hotfix

    hotfix Network Guru Member


    Hi Avenger20,

    My compliments, your firmware has some nice features.
    Most of all keep your firmware clean and stable, forget about gimmics.

    I think (hope) a lot of people are waiting for the possibility to enter a subnetmask of in the
    Setup->Basic Setup "Internet Setup" section.
    This makes it possible to turn the (often used) SpeedTouch 510 ADSL modem in SIP-spoof and connect it to the Internet port on the WRT54G(S) with Static IP.
    NOW we can use all the nice features of the WRT fully! (QoS, NAT, port mapping, .......) :D :D :D

    At this moment my SpeedTouch does the gateway/NAT/DHCP thing and is simply connected to one of the LAN ports on the WRT. 8O (Read, WiFi Access Point at this moment. :oops: )

    Thanks for your effort!
  32. nerdtalker

    nerdtalker Network Guru Member


    With the fact that that other guy has gotten a webserver working on his WRT54G, it might be possible to make the wireless router a simple bandwidth monitor.

    It'd be awesome if we could get MRTG working on the router with some simple webserver and see traffic/CPU load graphs for any device on the network.
  33. Acid-drop

    Acid-drop Network Guru Member

    I agree, this would be the most awesome plug-in ever.
    Casti is also extremely nice.

    cacti : http://www.cacti.net/

    Well, I say all this, but i know it's a major feature and we might never see it working ;)
    Static DHCP is the priority i think :)

    Tanks for all your job :)
  34. nerdtalker

    nerdtalker Network Guru Member

    Cacti is nice, its based on the RRD tool from the makers of MRTG (Multi Router Traffic Grapher).

    I have MRTG working on a windows XP based computer here, but I'm pretty sure it is relatively light on resources when running on linux. I'd doubt that setting it up would be hard.
  35. Royster

    Royster Guest

    how about maybe more stats?

    like on the status tab under uptime, you could have:

    - Internet connection time (time the router has been successfully connected to the modem)
    - Internet bytes sent (bytes sent to the modem from the router)
    - Internet bytes recieved (bytes recieved from the modem to the router)
    - LAN bytes sent (bytes sent to all the computers in the network)
    - LAN bytes recieved (bytes recieved from all the computers on the network)
    - Total data transfer
    - Maximum transfer speed reached (Internet)
    - Maximum transfer speed reached (LAN)

    ps. Keep up the great work :)
  36. batnun

    batnun Network Guru Member

    DHCP Forward ?


    Is this possible to forward dhcp requests to another server ?

    Thanks in advance,
  37. bakajikara

    bakajikara Network Guru Member

    hi guys,

    now that we have lots of ideas for the upcoming hyperwrt versions, why won't we start a poll ?
    then it should be way easier for Avenger20 to see what we all wish :)

  38. Acid-drop

    Acid-drop Network Guru Member

    It would be nice to organise the ideas, select only those that are possible to do without coding 15.000 lines of code ;)

    Then a poll is an excelent idea, yes :)
  39. dellsweig

    dellsweig Network Guru Member

    HyperWRT has been a stable Linksys firmware since it's first release. It has not been loaded with one-offs or rarely used features.

    It would be a shame to see it bloated with wish-list stuff....

    Keep it simple
  40. dscline

    dscline Network Guru Member

    Re: DHCP Forward ?

    Just disable DHCP in the Linksys, and enable it on the server you want it enabled on.
  41. Ouaibe

    Ouaibe Network Guru Member

    First of all THANK YOU avenger for your great work, my GS is running your firmware (b2) without a glitch.

    My main request : TTL control. By default it's at 5 days. Would be great if we could change it on GUI (using actually 1h TTL by startup command).
    Second request : possible subnet at (Speedtouch 510V3...).
  42. loost74

    loost74 Network Guru Member

    I would be grateful for a working QoS for Voice over IP (VoIP) with QoS for SIP.
  43. Green

    Green Network Guru Member

    more Blocked Services please!

    please add more Blocked Services ! (
    Having just two fields in not enough.
  44. Acid-drop

    Acid-drop Network Guru Member

    Suggestion : would be nice to have a list with 2 or more login/pass for pppoe.

    I often use a 2nd login because of the quota of belgian isp ... :(
  45. Avenger20

    Avenger20 Network Guru Member

    Re: more Blocked Services please!

    They are in 2.0b3 now, let me know if everything works well :wink:
  46. Green

    Green Network Guru Member

    thanks a lot!
    will try on weekend
  47. afyfe

    afyfe Network Guru Member

    how about a pseudo static dhcp

    Looking at the find_address method in udchpd/leases.c, dhcpd simply starts looking for an available address starting at "start" and ending at "end". What if, instead, it was to generate some simple hash of the mac address (the sum of the octets, for example) and use that, mod the length of the dhcp address range, to get a starting address. So the loop might look like (ignoring the host/net ordering)
    addr = start + hash(chaddr) % (end - start + 1);
    for (int i=0; i<=(end-start); ++i) {
    addr += 1;
    if (addr > end) addr = start;
    This way a machine will typically always get the same assigned ip address, so long as there isn't a hash collision. This effectively gives the benefit of a staticly assigned address, though you won't know what it is until you get it.

    The first test inside the loop references an uninitialized "ret" -- looks like a bug.
  48. Green

    Green Network Guru Member

  49. chris-at

    chris-at Network Guru Member

    Just a minor pptp-change please!

    Hi avenger,

    just one little wish to add in the next release:
    Could you please make pptp compatible with dhcp on the wan? Thats a thing needed with some providers here in austria (and maybe other countries?).

    Someone already has made a patch for the pptp thing, so maybe it's just a simple thing for you to pick out and add this code to hyperWRT? Would be very nice!

    You can find the files here:

    Thanks alot,
  50. Fishnet

    Fishnet Network Guru Member

    On the log page, how about a radio button to click that says Forward logs to: and a blank space to fill in the IP address. I figured out what script to type in where from a couple threads on this forum... but embarassed to say it took a few hours to get things working with WallWatcher. :roll: An intuative setup would be nicer than an"expert only" setup. :wink:

    Love the new firmware!!! Thanks! :D
  51. zorbak

    zorbak Network Guru Member

    New function which would be very usefull and unique.


    I am not sue if the firewall is "iptables" based, but if yes, there could be a nice function very useful for networking. Especially when ISP or someone determines sharing connection only for 1 computer. I am not talking about MAC authorization because MAC cloning can solve this.

    Sometimes (more advanced ISPs) use TTL modification on their gateway and set it to 1. This causes all incoming packets "end their life" at next hop.

    Being able to reset TTL on the router to for example to 128 again, means that there is possibility to share connection further locally without problems because all next hops will have valid TCP packets.

    What do you think about it? :)
  52. rwelter322

    rwelter322 Network Guru Member

    I think this is a great idea! I miss logging to Wall Watcher. The solutions seem to be kind of spread around in a couple of messages.
  53. Acid-drop

    Acid-drop Network Guru Member

    2 wishes :

    - have the uptime for the internet connection.
    - be able to reset it with a button or at a specific hour.

    (in belgium connection reset every 36 hours, and i would like to avoid a reset during the day, so a manual reset during the night would be nice)
  54. dellsweig

    dellsweig Network Guru Member

    Simple to have the box reset at predtermined day/time

    make a cron entry to do an 'init'
  55. atzplzw

    atzplzw Network Guru Member

    I'm not a linux geek so I'd be interested in that cron thing you suggest!
    How can it be done?

    I did search the HyperWRT page about the Addon Package you had there. Now it isn't there anymore. Any reason?
    Actually I tried to find the latest busybox. So maybe you could compile that one. I mean as Addon since it's no problem for me to get it on startup to the router.

  56. tokke

    tokke Network Guru Member

    Wish list:

    Possibility to automatically send a mail or net send when another mac adress does a DHCP request or wants to connect to your network.
  57. dellsweig

    dellsweig Network Guru Member


    If you wanted to force your router to reboot on moday AM at 3:15, you would make a crontab entry like this:

    15 3 * * 1 /etc/init 6

    You could do a startup script entry in hyperwrt as follows:

    echo "15 3 * * 1 /etc/init 0" >> /tmp/crontab

    I have not tested this but it should do the trick.....
  58. Orion

    Orion Network Guru Member

    Kinda new and would really like to see the following features:

    • Wishlist:
    • Static DHCP, it's very handy....especially when you forward a lot of ports and you need your pc's to keep there IP after they've been down for a while
    • QoS, more support in the lines of being able to set a download/upload rate per port or MAC...or something similiar.
    • WOL, it would be great if you could enter some MAC's in a list and wake them up by just logging into your router from internet.

    I don't use HyperWRT atm cause it doesn't have Static DHCP but I would change firmwares right away if it did ;)
  59. Fishnet

    Fishnet Network Guru Member

    The ability to block outbound traffic by IP. 8)
  60. phild_mande

    phild_mande Network Guru Member




    Wishlist :
    link in /www to /tmp/any_name directory
    for adding private web pages
    using wget from PC to download file from WRT (log, iptables, etc...)

    in busybox validation of news commands :
    netstat (local wrt survey)
    dos2unix (text file conversion)

    adding command iptables-save (seems to be in source code)

    Thanks for great job :lol:
  61. Elrond33

    Elrond33 Network Guru Member

    Wish list :

    - Remote logging of incoming and outgoing connections with the RADIUS login :p
    - RADIUS Accounting Requests ( Start / Update / Stop )
    - WDS
    - SNMP

    Thanks for your great job ! :)
  62. swinn

    swinn Network Guru Member

    Active FTP support when connecting to FTP servers on a non-standard port (like 8021)... or even a port triggering setting for connecting to ftp servers in active mode.

    The old Sygate Home Network did this really well, but Linksys only support active mode when connecting on port 21.
  63. zorbak

    zorbak Network Guru Member



    It would be nice to have SSHD instead/with existing telnet.


  64. zeroego

    zeroego Guest

    name fields for MAC addresses in MAC Filtering

    So thanks for the awesome work!

    One simple but VERY handy addition would be name fields for MAC addresses in the allowed (or disallowed) MAC filtering. It's really annoying when I have to decipher the MAC addresses that I allow on my network, when I could easily just give them a name.

  65. Acid-drop

    Acid-drop Network Guru Member

    What about making an official TODO list on the website, and, like suggested before, a poll to select the most wanted features.

    What about the 2.0 final ? The bug list is small and everything run perfectly, there is no reason anymore to keep the betas.

    And again, thanks for the job :)
  66. stekki118t

    stekki118t Guest

    This is my very first post on this forum. I agree on the tinyPEAP thing... That should be very nice!

    Greetz from a fellow belgian :wink:
  67. Roman2K

    Roman2K Guest

    Loopback !

    Hi devs,
    Congratulations for your wonderful work on WRT54GS firmware.
    I registered just to post in this thread to request the Loopback that I absolutely need :D. I saw it's featured in SVEASOFT firmware so I think it musn't be hard to copy.
    Thanks a lot and good continuation !
  68. LaNcom

    LaNcom Network Guru Member

    Another vote for WDS and SSH.

    Thanks, and keep up the great work!
  69. pldoolittle

    pldoolittle Network Guru Member

  70. cool1two

    cool1two Network Guru Member

    Squid Web Proxy Cache

    I would like to see if "Squid Web Proxy Cache" could be converted/used as an add-on

    reading a little into it and it seems small enough, and can be configured for

    just a though, something to help.. speed browsing for us who goto the same portals/websites everyday..
  71. achilipu

    achilipu Network Guru Member

    My request is PPoA !!! (VC-MUX) with CHAP autentification... most of the Spanish ISPs work with this... and PPoE doesn´t work with them :( :(

    So PPoA!!!!
  72. yodommo

    yodommo Network Guru Member

    wishing a http_username

    It will be great if you put into the next version a field to save the http_username. its more safe to login with user and pwd.
  73. ktulu

    ktulu Guest

    I would like SNMP support as well, so that I can monitor the traffic with something like linksysmon on linux. I used that with my BEF router, and it would be nice to have here as well.
  74. neutralman

    neutralman Network Guru Member

    WDS please

    my respect goes to Avenger20 for HyperWRT :)

    here is reason:
    I had mutiple WDS bridge on sveasoft alchemy... I couldn't get transfer over 1400KB/sec (12mbit)

    with HyperWRT 2.0b3 I get 2000kb/sec (16mbit)!!!
    that is so cool!
    my only wish is to manualy add WDS LAN and ability to disable LazyWDS...

    thanks in advance
  75. Gheimposse

    Gheimposse Network Guru Member



    2.) 14 WIFI CHANNELS
    3.) 0-251mW WIFI POWER
  76. stephg27

    stephg27 Guest

    Rules in order to disable WLan at user defined times


    I'm a new user of the WRT54G ! I don't know if the functionality exists into the HyperWRT firmware, but if not, a new functionality that would be interesting is to be able to disable WLan by rules (such as the Internet Access policy rules): for example, disable WLan between 11:00pm and 08:00 am.
    With such rule, we would be able for example to disable the WLan during the night when we don't want the Wlan to be used by another.

    This functionality would be interesting !

    Thanks for reading me !

  77. Gheimposse

    Gheimposse Network Guru Member


    Hi ... so as you suspected the HyperWRT hasn´t any WLAN disabling timetable.
    But ... if Client-Router VPN Sessions are possible you would have the best security you can ever get cause the router only accepts connections via VPN tunneling even if you must use WEP encryption cause of an older pcmcia card.
    But ... as you said ... wlan timetable enabling is also a very "nice to have"-function for the next release.
    Hope the firmware will fit the nvram size of the wrt54G ... with the wrt54GS should it be no problem at all.
  78. jlw

    jlw Network Guru Member

    0-251mW whould be a great add, aswell a SSHD. I dont like telnet :) 14 channels, is it just in japan the 14th is used? AndI wont to se signal strengh like with sveasoft (i have heard)

    Maybe make thje abilitty to change www port to a differnt and add a extra webbserver on it. Whould be cool...

    Thanks for a great firmware
  79. Gheimposse

    Gheimposse Network Guru Member


    Hig guys ... I just come from an excursion to www.tinyPEAP.com ... and I have to tell you all that the "radius" server thing these guys did on a satori 4.0 release is a great deal to secure the WRT routers.

    Just one problem ... they did it on a sveasoft firmware and not on a hyperwrt firmware version! :(

    Nex thing is ... I still hoping and hoping that the next HyperWRT firmware will have one or all of the following things:

    - 0-251mW wifi power (for large housings)
    - VLAN support to drigger different networks over the WRT
    - Client to router vpn secured wifi/wired conncetion
    - internal radius verification (i.e. tinyPEAP)
    - ajustable firewall with "deny all"/"allow all" default and a hugh
    editable list for in AS WELL AS outgoing rules" so that each and
    everyone can realise his own "what´s going in/out"-thing!

    Hope to see some beeing realised in the next release ... otherwise I have to do some practice in programming these on my own. *ugly idea*

  80. Avenger20

    Avenger20 Network Guru Member

    I do not support the use of >84mW output power, as it would generate a lot of noise (giving you low throughput) and is illegal in most countries.

    If you really want to use more, set the txpwr var in telnet manually.
    (nvram set txpwr=251; nvram commit)
  81. Acid-drop

    Acid-drop Network Guru Member

    Would it be possible to know what the upnp is doing ?
    It's only a on/off option, and nobody know what's hidden behind this.

    Is it possible to have a log file or something ?
  82. Gheimposse

    Gheimposse Network Guru Member

    Thanks for the answer and the tip to adjust it manually.
    I´d a AIX system administration course ... but to be honest ... it didn´t went this deep to know all the commands to set of via telnet to do these tricks without a menupoint in the webinteface. :oops:

    But ... what do you think about the other ideas I posted?:

    - VLAN support
    - VPN secured client-router communication
    - radius verification via tinypeap
    - deeper firewall ajustment options (s.o.)
  83. drinkmorebeer

    drinkmorebeer Network Guru Member

    Thanks for the great upgrade to the WRT54GS!!!

    I would like a VPN server (ipsec or PPTP) that works with the MS vpn client.

    after that static ip would be nice.

  84. Gheimposse

    Gheimposse Network Guru Member

    Hi Avenger20 ... you wrote me that you wont support 251mW tx power in the webmenu . But thanks for the answer and the telnet tip. :rolleyes:

    But ... do you see a chance for the following features?:

    - VLAN menu point
    - VPN server on router
    - Radius server (tinypeap) on router
    - free firewall menu (i.e. port forwarding menu)

    thanks for all ...
  85. lucboz

    lucboz Network Guru Member

    Multiple DMZ

    If not asked yet, multiple dmz for 3 pc's would be nice...

    Happy New Year All !!
  86. Avenger20

    Avenger20 Network Guru Member

    Re: Multiple DMZ

    Don't think that's possible. 1 WAN IP = 1 DMZ :wink:
  87. lucboz

    lucboz Network Guru Member

    Re: Multiple DMZ

  88. Avenger20

    Avenger20 Network Guru Member

    If you have more WAN IP's it's possible to bridge them with an unused port using iptables, that way the computer behind the router on that port, will get your ISP second public IP.
  89. Pistolero

    Pistolero Network Guru Member

    Authentication for telnet session?

    Hi Avenger,

    Having telnet access into the router is way cool. Is there a way you could make it so it asks for authentication when trying to log in, instead of giving automatic root access tot he router? At the very least to ask you for the router password. Also, could telnet access be limited to the wired ports, and denied to wireless clients, just as the web interface?

    And while we are talking about authentication, would it be possible to make it so you would need a user name AND password to log into the router config interface instead of just a password?

    Great job, and I am sure everyone, including me, appreciates your efforts big-big :D :D
  90. Avenger20

    Avenger20 Network Guru Member

    Looked for password auth. for telnetd, but I think the new busybox 1.0 is required. But if someone knows any workaround, just place it here :)

    For now you'll have to enable telnet manually (which is only possible after you logged in into the web interface). You should only need to use it to debug problems or change configuration not possible from the web interface. Should be pretty safe then 8)
  91. Gheimposse

    Gheimposse Network Guru Member

    Hi Avenger20 ... will you implement vlan support in your next firmware?
    ... and is a free configurable firewall (i.e. port forwarding menu) with defaults like "deny all"/"allow all" so that everyone can customize the firwall a interesting topic?
  92. Gheimposse

    Gheimposse Network Guru Member

    Oh ... and just another question .. I liked to hack the webinterface to adjust some views.
    By open the I´ve got the webpage into my html editor to reconfigure it (i.e. enable more than 84mW cause max. of 100mW is allowed in germany ... and what´s allowed shell be used!) and upload it in the /www folder.
    Telnet is possible in your firmware version 2.0b3 ... but still saw any ftp.
    Is there a way to get this running???
  93. harry5555

    harry5555 Network Guru Member

    Port Address Translation


    I like your Firmware very much, especially the greater number of Port Forwarding rules and the telnet daemon.

    Is is possible to add the following function to the NAT function?
    If an incoming Packet is received at a specific Port at the public IP can it be forwardet to a different Port number to the internal IP?

    E.G.: Incoming to Port 80 translated to Port 8080.

    Thanks for yout great work!
  94. Gheimposse

    Gheimposse Network Guru Member

    For this purpose you only may use the "port triggering" menu.
    Its in the same submenu side-by-side to the the "port range forward"-
    This allows you to forward specific ports from external interface to internal interface not looking from which ip-address to which ip-address.

    Handling routes directly from a specific internal address&port to a specific external address&port is a firewall rule!
    This was just a basic wish of mine cause I´m used to set up my own firewall rules having used astaro linux firewall until I found the wrt54gs.
    In an astaro environment you can set up your own rules for in as well as outgoing traffic.
    Default is "deny all" so that each and every rule for http (port 80), mail (port 25,110,9995) and all the other needed ports need to be opened manually.
    This is what I miss in all the firewall.
    I never trust a firewall doing rules on its own not knowing how they are setup1
  95. harry5555

    harry5555 Network Guru Member

    Hi Gheimposse

    Are you sure?
    AFAIK the Port Triggering function works for the other direction. (From LAN to WAN)

    What i like to do is to host a Webserver in my LAN at a nonstandard Port (E.G. 8080). However the Public Portnumber should be the standard Portnumber 80.

    Thanks for your reply
  96. Gheimposse

    Gheimposse Network Guru Member

    Ok ... the Port triggering works for masquerading a interal port to an outside one on another port. *for sure*
    The Port forwarding option is to set up an server to the outside world not having the option to offer port redirection.

    This only offers a free configurable firewall menu.
    I used the Astaro Security Linux Firewall (free for home use!!!).
    There you´re able to set up "services" (i.e. http proxy LAN 8080 to WAN 80) and then use this in a separat created firewall rule (i.e. LAN service "http procy" to "any ip-address" or "xxx.xxx.xxx.xxx"/"www.host.de").

    This still does not offer ANY firmware on Linksys Routers ... and its that easy as it could be. Each and everyone can hack this rules (knowing the commands for iptables/ipchains) via command line. HyperWRT is one firmware which offers a "Startup" and "firewall" command window where you can enter these commands be saved even if router reboots.

    But ... as I WHISHED ... give us a standard Firewall ... be disabled if someone is interested setting up his/her own rules based upon one of the two default firewall settings "deny all" or "allow all" as each and every professional firewall offrs it.

    If Linksys programmer wont offer this at all ... take yourself a small computer (i.e. a fujutsu-siemens Scenix Xs @ ebay for 20€ incl. cpu but without ram&hdd) and setup an ASL Firewall system ... this also offers
    - IDS (Intrusion Detection System)
    - Cobion Surf Protection
    - HTTP virus scanner
    - POP3 virus scanner
    - HTTP proxy
    - SOCKS proxy
    - DNS proxy
    - IDENT proxy
    - SMTP proxy
    - DHCP server
    - IPSEC VPN (L2TP over IPsec)
    - Remote administration
    - High Availability (Firewall cluster)
    - PPTP VPN Access
    - a huge package of logging and management functions
    i.e. www logging oncluding hits, up/downloads, ...

    So this firewall is installed in over 60.000 companies worldwide and also was tested in comparison to watchguard, checkpoint and some ohter and did a very good job!!!
    So ... just take your linksys, disable the firewall and put a ASL behind it!

    Anyone who wanna check out a live working Astaro Security Linux appliance ... go to https://demo.astaro.com/
    This is a demo live system for each and everyone ... fully working!
  97. Morpheus

    Morpheus Network Guru Member

    WDS? :wink:
  98. harry5555

    harry5555 Network Guru Member

    Hi Gheimposse

    I solved the issue by adding two iptables commands to Administration-> Management -> Firewall.

    /usr/sbin/iptables -I FORWARD 8 -p tcp -i ppp0 -d --dport 80 -j logaccept
    /usr/sbin/iptables -t nat -I PREROUTING 3 -p tcp -i ppp0 -d <public ip here> --dport 8080 -j DNAT --to

    (<public ip here> is deleted for security reasons.)

    It's not a perfect solution because you have to check with iptables at which linenumber to insert the commands and it only works for static public IP's.

    However thanks for your info's
  99. Gheimposse

    Gheimposse Network Guru Member

    There are always many ways to reach the goal, isn´t it? :lol:
    So ... I would be VERY HAPPY if just one programmer will convert to programm a menu in the firewall section to type in these commands without using a command shell and having the indeep knowlede of how ipchains is working.

    Where´s the trick guys???
    Just expand the firewall section offering a in- and outgoing chain.
    Each chain get the default "allow all" or "deny all".
    For outgoing chain default shell be "allow all" so that nothing will be blocked this way.
    Ingoing chain is default "deny all" and standard services are still entered in the table below (i.e. http). Own wishes has to be enter by telling source-ip(-range), service(s) and target-ip(-range).

    Could be that easy ... if anyone is willing to go this way. :idea:
  100. zaphod

    zaphod Network Guru Member

    hi avenger,

    Morpheus and me will be happy if you implement WDS ;-)


  1. This site uses cookies to help personalise content, tailor your experience and to keep you logged in if you register.
    By continuing to use this site, you are consenting to our use of cookies.
    Dismiss Notice