Useful Scripts
From DD-WRT Wiki
You are here: DD-WRT wiki mainpage / Scripting / Useful Scripts
Certain scripts can enhance the function of your router with DD-WRT, giving it more features or customizing it towards your needs.
To find out how to load scripts onto the router, see Startup Scripts.
[edit] Modifying PATH at Startup
This will add whatever paths you want for PATH and LD_LIBRARY_PATH before the default system path. Change the paths to whatever you like. Have a good reason for doing this, it should be considered a hack until the feature is implemented permanently.
rm -f /tmp/newProfile head -n1 /etc/profile | sed s!=!=/mmc/bin:/whatever/bin:! >> /tmp/newProfile tail -n1 /etc/profile | sed s!=!=/mmc/lib:/whatever/lib:! >> /tmp/newProfile mount --bind /tmp/newProfile /etc/profile
If you're adding /mmc/lib before the system library, in some circumstances you'll also need to do this on startup (after ensuring that the ldconfig on /mmc is up to date and happy):
mount --bind /mmc/etc/ld.so.conf /etc/ld.so.conf mount --bind /mmc/etc/ld.so.cache /etc/ld.so.cache
Note: Only do this if you're receiving segmentation faults or your applications are failing to run, and even then only if you feel that this hack is imperative. Also note that if you're attempting this with Optware, the files are ld-opt.so.conf and ld-opt.so.cache
Make sure you're familiar with what you're doing before attempting this, if you end up seeing a lot of segmentation faults when running things like ls, cat, cp, etc, than you'll want to either adjust the above commands, or else put those things into a script and run them manually when you enter your shell.
[edit] LED Scripts
The example LED scripts below are written using the GPIO info for the Linksys WRT. Remember to change them for whatever router you have.
You can't use the GPIOS on Atheros chips (Fonera, Meraki, etc.) without PROC_GPIO or some other utility. PROC_GPIO is a driver, and thus it must be compiled for your specific kernel. Broadcom routers do not need an external driver to drive GPIOs.
[edit] GPIO Info for Linksys WRT
Pin Direction Name Use GPIO 0 Output WLAN LED (LED - wireless) GPIO 1 Output POWER LED (LED - power) GPIO 2 Output ADM_EECS (LED - white, Cisco button v. 3.0+) GPIO 3 Output ADM_EESK (LED - amber, Cisco button v. 3.0+) GPIO 4 Input ADM_EEDO (Button - Cisco Button v. 3.0+) GPIO 5 Output ADM_EEDI (Unknown) Seems to cycle all LED colors disabled. GPIO 6 Input RESET (Button - reset button) GPIO 7 Output DMZ LED (LED - DMZ)
[edit] GPIO Info for Linksys WRT150N v1.1 (dd-wrt.v24_mini_generic)
Here is a short summary of my experiments with WRT150N v1.1 on dd-wrt.v24_mini_generic firmware. WRT150N has a SECURITY LED (the most right LED)
root@DD-WRT:~# gpio enable 5 #(SECURITY LED - off - green) root@DD-WRT:~# gpio disable 5 #(SECURITY LED - on - green) root@DD-WRT:~# gpio disable 3 #(SECURITY LED - on - amber) root@DD-WRT:~# gpio enable 3 #(SECURITY LED - off - amber)
When you switched to gpio disable 3 (SECURITY LED - on - amber)
root@DD-WRT:~# gpio enable 5 #(SECURITY LED - will give you amber) root@DD-WRT:~# gpio disable 5 #(SECURITY LED - will give you amber bright)
[edit] GPIO Info for Linksys WRTSL54GS
This is for the WRTSL54GS model only.
Pin Direction Name Use GPIO 5 OUTPUT SES LED (Cisco white LED) GPIO 7 OUTPUT SES LED (Cisco amber LED)
[edit] GPIO Info for Buffalo WHR
Pin Direction Use GPIO 0 Input AOSS button GPIO 1 Output Bridge LED GPIO 2 Output WLAN LED GPIO 3 Output Extra LED between bridge and WLAN GPIO 4 Input Reset button GPIO 5 Input Bridge/auto switch GPIO 6 Output AOSS LED GPIO 7 Output DIAG LED GPIO 8 n/a Unkown/none GPIO 9 Output Power LED
[edit] GPIO Info for LaFonera 2100
Pin Use 0 TP3 1 pin 5 of SW1 2 WLAN LED 3 pin 1 of SW1 4 pin 2 of SW1 5 Reset (!) 6 Reset button 7 pin 6 of SW1
[edit] La Fonera 2200
2 WIFI LED contact at bottom of local resistor 5 Reset! (Can be used as a GPIO, but you lose reset functionality) This is the line closest to the RP4 component (next to 3 other lines, GPIOS 6, 2, and 7) Cut the trace and use the end closest to the CPU as a GPIO. 6 Reset button (other end of button is VDD, (3.3 V)) remove nearby capacitor 7 Power LED contact at bottom of local resistor
[edit] GPIO Info D-Link DIR-320
Pin Direction Use GPIO 0 Output (LED - WIRELESS) GPIO 1 Output (LED - STATUS) GPIO 3 Output (LED - RED) GPIO 4 Output (LED - BLUE) GPIO 5 Output (LED - USB) GPIO 6 Input (Button on the right)
For GPIO information, send a private message to DD-WRT user "meltyblood"
[edit] Display Load via LED (load.sh)
- Uses front button LED to display current load on router.
- For WRT54G/GL/GS
#!/bin/sh
gpio="gpio"
amber=3
white=2
delay=3
meltdown=400
overload=100
highload=70
medload=30
while sleep $delay;do
set -- $(cat /proc/loadavg)
load="${1%.*}${1#*.}"
if [ $load -gt $meltdown ];then
$gpio disable $amber
usleep 50000
$gpio disable $white
usleep 50000
reboot
elif [ $load -gt $overload ];then
$gpio disable $amber
usleep 50000
elif [ $load -gt $highload ];then
$gpio disable $amber
usleep 12500
$gpio enable $amber
usleep 12500
$gpio disable $amber
usleep 12500
$gpio enable $amber
usleep 12500
$gpio disable $amber
usleep 12500
$gpio enable $amber
usleep 12500
elif [ $load -gt $medload ];then
$gpio enable $amber
$gpio disable $white
usleep 25000
$gpio enable $white
usleep 25000
$gpio disable $white
usleep 25000
$gpio enable $white
usleep 25000
else
$gpio disable $white
usleep 50000
$gpio enable $white
usleep 50000
fi
done
[edit] Display Load via LED v2 (load2.sh)
- Uses LED flashes on a single LED to show load.
#!/bin/sh
gpio="gpio"
#This is the LED to flash
led=1
#Seconds to wait between running flash cycle
delay=2
#Set these to the loads you want the flash levels to activate on.
#The defaults are good if you don't know.
extreme=110
high=70
med=35
#Script start
while sleep $delay;do
set -- $(cat /proc/loadavg)
load="${1%.*}${1#*.}"
if [ $load -gt $extreme ];then
flash=4
elif [ $load -gt $high ];then
flash=3
elif [ $load -gt $med ];then
flash=2
else
flash=1
fi
cur=1
while [ $cur -le $flash ];do
$gpio disable $led
usleep 25000
$gpio enable $led
usleep 80000
cur=`expr $cur + 1`
done
done
[edit] WLAN Status (wlan.sh)
- Uses front button LED to show WLAN state. Amber LED indicates one or more associated clients, white LED flashes when data is sent over WLAN.
#!/bin/sh
I=`nvram get wl0_ifname`
while sleep 1; do
if [ "`wl assoclist`" != "" ]; then
XFER=`ifconfig $I|grep bytes`
if [ "$XFER" != "$PXFER" ]; then
LED='gpio disable 3 ; gpio disable 2'
PXFER=$XFER
else
LED='gpio disable 3 ; gpio enable 2'
fi
else
LED='gpio enable 3 ; gpio enable 2'
fi
if [ "$LED" != "$PLED" ]; then
eval $LED
PLED=$LED
fi
done
[edit] WLAN Status (wlan.sh) - Buffalo Routers
- AOSS LED to show WLAN is associated with clients.
- Bridge LED flashes when data is transmitted over WLAN.
#!/bin/sh
I=`nvram get wl0_ifname`
while sleep 1; do
if [ "`wl assoclist`" != "" ]; then
XFER=`ifconfig $I|grep bytes`
if [ "$XFER" != "$PXFER" ]; then
LED='gpio disable 1 ; gpio enable 1 ; gpio disable 6'
PXFER=$XFER
else
LED='gpio disable 6'
fi
else
LED='gpio enable 6'
fi
if [ "$LED" != "$PLED" ]; then
eval $LED
PLED=$LED
fi
done
[edit] WLAN Client Mode Status
- White LED if we can ping the gateway
- Orange LED if associated to an AP, but pinging fails.
#!/bin/sh
AMBER='gpio disable 3 ; gpio enable 2'
WHITE='gpio enable 3 ; gpio disable 2'
BLACK='gpio enable 3 ; gpio enable 2'
PACKETS='1'
INTERVAL='10'
trap lightsoff 1 2 3 6 14 15
lightsoff()
{
gpio enable 3 ; gpio enable 2 ; exit 1
}
while true ; do
if [ "`wl assoclist`" != "" ]; then
TARGET=`ip route | awk '/default via/ {print $3}'`
RET=`ping -c $PACKETS $TARGET 2> /dev/null | awk '/packets received/ {print $4}'`
if [ "$RET" -eq "$PACKETS" ]; then
LED=$WHITE
else
LED=$AMBER
fi
else
LED=$BLACK
fi
if [ "$LED" != "$PLED" ]; then
eval $LED
PLED=$LED
fi
sleep $INTERVAL
done
[edit] USB Disk mount status and umount button (DIR-320 running v24-sp2 mini-usb-ftp)
- SES Red led to indicate disk mounted
- SES button to umount disk
- SES Blue led to indicate umounting proccess
Script /jffs/etc/config/mount_status.startup (disk mount status)
#!/bin/sh
mp="/`nvram get usb_mntpoint`"
RED_ON='gpio disable 3'
RED_OFF='gpio enable 3'
while sleep 1; do
if [ "`mount | grep $mp`" ]; then
LED=$RED_OFF
else
LED=$RED_ON
fi
if [ "$LED" != "$PLED" ]; then
eval $LED
PLED=$LED
fi
done
Script /jffs/etc/config/mount.sesbutton
#!/bin/sh
mp="/`nvram get usb_mntpoint`"
proftpd_enable="`nvram get proftpd_enable`"
RED_ON='gpio disable 3'
RED_OFF='gpio enable 3'
BLUE_ON='gpio disable 4'
BLUE_OFF='gpio enable 4'
if [ "`mount | grep $mp`" ]; then
$RED_OFF
$BLUE_ON
if [ "$proftpd_enable" == "1" ]; then
killall proftpd
fi
umount $mp
if [ "$proftpd_enable" == "1" ]; then
proftpd
fi
fi
if [ "`mount | grep $mp`" ]; then
$RED_ON
else
$RED_OFF
fi
$BLUE_OFF
[edit] Miscellaneous Scripts
[edit] Web Server Wake-up
- Wakes up your web server when the router receives a request from the internet. Credits from: [1]
Please note: syslogd needs to be on, logging enabled, with log level set high, and "accepted" on. Following the example script, replace target and MAC values with those of your LAN web server's network information and for "$WOL -i xxx.xxx.xxx.255", replace xxx.xxx.xxx.255 with your LAN network broadcast address.
#!/bin/sh
INTERVAL=5
NUMP=3
OLD=""
WOL=/usr/sbin/wol
TARGET=192.168.1.100
MAC=00:00:00:00:00:00
LOGFILE="/tmp/www/wol.log"
while sleep $INTERVAL;do
NEW=`awk '/ACCEPT/ && /DST='"$TARGET"'/ && /DPT=80/ {print $3}' /var/log/messages | tail -1`
SRC=`awk -F'[=| ]*' '/ACCEPT/ && /DST='"$TARGET"'/ && /DPT=80/ {print $13}' /var/log/messages | tail -1`
LINE=`awk '/ACCEPT/ && /DST='"$TARGET"'/ && /DPT=80/ /var/log/messages`
if [ "$NEW" != "" -a "$NEW" != "$OLD" ]; then
echo "$SRC $LINE" >> $LOGFILE
RET=`ping -c $NUMP $TARGET 2> /dev/null | awk '/packets received/ {print $4}'`
if [ "$RET" -ne "$NUMP" ]; then
echo "$SRC causes WOL at" `date` >> $LOGFILE
$WOL -i 192.168.1.255 -p 7 $MAC >> $LOGFILE
sleep 5
fi
OLD=$NEW
fi
done
[edit] Auto Random MAC Address
- This script will change your eth1 MAC address to a random address, then it will apply it to the system and restart the interfaces.
#!/bin/ash
MAC=`(date; cat /proc/interrupts) | md5sum | sed -r 's/^(.{10}).*$/\1/; s/([0-9a-f]{2})/\1:/g; s/:$//;'`
echo "00:${MAC}"
ifconfig eth1 hw ether 00:${MAC}
nvram set def_hwaddr="00:${MAC}"
nvram set wan_hwaddr="00:${MAC}"
stopservice wan
startservice wan
You may wish to also download curl (see ipkg), and use it to restart your modem, as some MAC changes may not reflect until your modem "sees" a new address, and they typically only do this when starting up.
Note: curl is sometimes problematic to install. You should use ipkg -force-depends
An example, to restart a Motorola Surfboard SB4100 cable model is:
curl -s -d "BUTTON_INPUT=Restart+Cable+Modem" http://192.168.100.1/configdata.html
[edit] SSH User Display (ssh_users.sh)
- Displays when someone is connected using SSH.
#!/bin/sh
led=2
interval=5
on=0
/sbin/gpio enable $led
while sleep $interval; do
# Make sure we get local port 22 and not any port starting with 22:
users=$(/bin/netstat -n | /usr/bin/awk '$4~/:22$/ {++x}; END {print x+0}')
if [ $users -gt 0 ]; then
if [ $on -eq 0 ]; then
/sbin/gpio disable $led
on=1
fi
else
if [ $on -eq 1 ]; then
/sbin/gpio enable $led
on=0
fi
fi
done
[edit] SSH User Display v2 (ssh_users2.sh)
- Displays how many SSH/SCP connections are active via LED flashing.
#!/bin/sh
led=7
interval=4
gpio=/sbin/gpio
while sleep $interval;do
users=$(/bin/netstat -n | /usr/bin/awk '$4~/:22$/ {++x}; END {print x+0}')
if [ $users -gt 0 ]; then
cur=1
while [ $cur -le $users ];do
$gpio disable $led
usleep 60000
$gpio enable $led
usleep 150000
cur=`expr $cur + 1`
done
fi
done
[edit] Wireless Network Scanner (awk -f scanner)
#####################
cat - > scanner
# Show scanresults in consistent order with graphical bars.
# To be run via telnet to WRT54g running modified firmware.
# Do the following. Use your own router address instead of 192.168.1.1 on the following lines
# Login via telnet:
# telnet 192.168.1.1
# a simple test to make sure you can run this script, type:
# wl scan; wl scanresults
# and make sure you can run those commands. If not this program will not work.
# If you succeeded with the scanresults then
# copy and paste this entire text into the terminal window
# (the cat - > scanner line will copy the rest of the file into a file named 'scanner')
# and then hit return and then ctrl-c to close the file.
# then just run script by typing the following line:
# awk -f scanner
#
# I hereby release this into the public domain. Justin Jones, 2005
#
# Jan. '07 corrected bug from '06 improvement.
BEGIN{
IGNORECASE = 1;
command = "wl scan 2> /dev/null ; wl scanresults 2> /dev/null";
red = "\x1b[31m"; green = "\x1b[32m";
greenback="\x1b[42m"; yellow = "\x1b[33m";
cyan = "\x1b[36m"; blue = "\x1b[34m";
blueback = "\x1b[44m"; white = "\x1b[37m";
whiteback = "\x1b[47m"; reset = "\x1b[0m";
underscore = "\x1b[4m"; clear = "\x1b[2J";
home = "\x1b[0;0H"; erase2end = "\x1b[K";
cName = white; cSignal = green;
cNoise = red; cCaps = green;
cStrengthLow = blue blueback; cChannel = green;
cStrengthMed = white whiteback;
cStrengthHi = green greenback;
cStrengthAged = red;
print clear;
for(;;)
{
while (command|getline)
{
if(/^SSID/) { name = $2; rssi = $6;noise= $9; rssi=""; noise="";channel="";bssid="";caps=""}
if(/^Mode/) {rssi = $4;noise= $7; channel = $10 }
if(/^BSSID/) {bssid = $2; caps = $4" "$5" "$6" "$7" "$8" "$9" "$10 }
if(/^Supported/)
{
name[bssid] = name
rssi[bssid] = rssi
noise[bssid]= noise
channel[bssid] = channel
caps[bssid] = caps
}
}
close(command)
printf home;
ln = 0;
print white " Name BSSID Signal Noise Channel Type";
for (x in name)
{
{
#arbitrary strength calc through trial and error... modify as you wish:
sigstrength = ((rssi[x] - noise[x])*1.5) + ((rssi[x] +90)*1.5);
if (sigstrength <1) sigstrength=0;
cStrength = cStrengthLow;
if(sigstrength>4) cStrength = cStrengthMed;
if(sigstrength>7) cStrength = cStrengthHi;
if(age[x]=0) cStrength = cStrengthAged;
fmt = "%s%-15s %s%0"sigstrength"d "reset erase2end "\n %s %s%-4d %s%-4d %s%-4d %s%2s %s%10s " reset erase2end "\n" erase2end "\n";
printf fmt, cName,name[x],cStrength,0,x,cSignal,rssi[x],cNoise,noise[x],cChannel, channel[x],cCaps,caps[x];
rssi[x] = "-1000 xxxx";
ln++;
}
}
if (ln ==0) print red "No Results - Do you have wl scan capability? \nThis program depends on 'wl scan; wl scanresults' to run. Hit ctrl-c to stop."
print erase2end;
}
}
[edit] Wireless Network Scanner (working on DD-WRT v24)
I took the above script and tweaked it to work in DD-WRT v24 firmware, with the "wl" command.
To run just copy and paste in a console (telnet or ssh) or save as a "scanner.sh" and run as ./scanner.
#!/bin/sh
awk -F"[][]" '
BEGIN{
IGNORECASE = 1;
command = "site_survey 2>&1";
red = "\x1b[31m"; green = "\x1b[32m";
greenback="\x1b[42m"; yellow = "\x1b[33m";
cyan = "\x1b[36m"; blue = "\x1b[34m";
blueback = "\x1b[44m"; white = "\x1b[37m";
whiteback = "\x1b[47m"; reset = "\x1b[0m";
underscore = "\x1b[4m"; clear = "\x1b[2J";
home = "\x1b[0;0H"; erase2end = "\x1b[K";
cName = white; cSignal = green;
cNoise = red; cCaps = green;
cStrengthLow = blue blueback; cChannel = green;
cStrengthMed = white whiteback;
cStrengthHi = green greenback;
cStrengthAged = red;
print clear;
for(;;)
{
while (command|getline)
{
if ($22 == "") continue;
bssid=$6;
name[bssid] = $4;
rssi[bssid] = $10;
noise[bssid]= $12;
channel[bssid] = $8;
caps[bssid] = $22;
age[bssid] = 1;
}
close(command);
printf home;
ln = 0;
print white " Name BSSID Signal Noise Channel Type";
for (x in name)
{
#arbitrary strength calc through trial and error... modify as you wish:
sigstrength = ((rssi[x] - noise[x])*1.5) + ((rssi[x] +90)*1.5);
if (sigstrength <1) sigstrength=0;
cStrength = cStrengthLow;
if(sigstrength>4) cStrength = cStrengthMed;
if(sigstrength>7) cStrength = cStrengthHi;
if(age[x]=0) cStrength = cStrengthAged;
fmt = "%s%-15s %s%0"sigstrength"d "reset erase2end "\n %s %s%-4d %s%-4d %s%-4d %s%2s " reset erase2end "\n" erase2end "\n";
printf fmt, cName,name[x],cStrength,0,x,cSignal,rssi[x],cNoise,noise[x],cChannel, channel[x],cCaps,caps[x];
rssi[x] = "-100 xxxx";
ln++;
}
if (ln ==0)
print red "No results - Do you have survey capability? \nThis program depends on site_survey to run. Hit ctrl-c to stop.";
print erase2end;
}
}
'
[edit] Name-based WOL (wake.sh)
- Enables you to power on a LAN computer by name instead of IP address/MAC, based on DHCP lease table (mandatory).
Usage: /path/to/wake.sh <hostname> (default hostname is desktop)
STATION=mm
WOL=/usr/sbin/wol
STATICS=/tmp/udhcpd.statics
DEV=br0
if [ -n "$1" ]; then
STATION=$1
fi
while read LINE
do
IP=`echo $LINE | awk '{print $1}'`
MAC=`echo $LINE | awk '{print $2}'`
FOUND=`ip neigh | grep "$IP.*REACHABLE"`
if [ -z "$FOUND" ]; then
echo Creating ARP entry for $IP $MAC
ip neigh add $IP lladdr $MAC dev $DEV nud reachable 2> /dev/null
ip neigh change $IP lladdr $MAC dev $DEV nud reachable 2> /dev/null
fi
done < $STATICS
LEASE=`grep "\b$STATION\b$" $STATICS`
if [ -n "$LEASE" ]; then
IP=`echo $LEASE | awk '{print $1}'`
MAC=`echo $LEASE | awk '{print $2}'`
$WOL -i $IP $MAC
else
echo Unable to find \"$STATION\" in DHCP static file $STATICS, please use \"$0 \<hostname\>\"
fi
[edit] Automatic Connection Repair (always_on.sh)
- Pings your default gateway every time and force a DHCP renew if no packets are received.
Usage: /path/to/always_on.sh &
#!/bin/sh
INTERVAL=10
PACKETS=1
UDHCPC="udhcpc -i vlan1 -p /var/run/udhcpc.pid -s /tmp/udhcpc"
IFACE=vlan1
ME=`basename $0`
RUNNING=`ps | awk '/'"$ME"'/ {++x}; END {print x+0}'`
if [ "$RUNNING" -gt 3 ]; then
echo "Another instance of \"$ME\" is running"
exit 1
fi
while sleep $INTERVAL
do
TARGET=`ip route | awk '/default via/ {print $3}'`
RET=`ping -c $PACKETS $TARGET 2> /dev/null | awk '/packets received/ {print $4}'`
if [ "$RET" -ne "$PACKETS" ]; then
echo "Ping failed, releasing IP address on $IFACE"
#send a RELEASE signal
kill -USR2 `cat /var/run/udhcpc.pid` 2> /dev/null
#ensure udhcpc is not running
killall udhcpc 2> /dev/null
echo "Renewing IP address: $IFACE"
$UDHCPC
echo "Waiting 10 s..."
sleep 10
else
echo "Network is up via $TARGET"
fi
done
- The following version will work even on resource-starved Linksys WRT54G v8, which lacks most programs needed by the script above. To use it, just add this code to DD-WRT's startup script using the web interface.
INTERVAL=10
while true; do
while [ \! $gw ]; do
sleep 30
route -n >/tmp/routes
while read dest gw foo; do
if [ $dest = "0.0.0.0" ]; then
break
fi
done
</tmp/routes
done
logger "auto-repair: default gateway is $gw"
while ping -qc 2 $gw >/dev/null ; do
sleep $INTERVAL
done
logger "auto-repair: gateway down, restarting WAN"
kill -USR1 `cat /var/run/udhcpc.pid`
unset gw
done &
[edit] Modifying PATH Manually (path.sh)
- Enables adjustment of paths on a per-use basis (i.e. When you're running a terminal and need the new paths, run this script.).
#!/bin/sh export PATH=$PATH:/mmc/bin:/whatever/bin export LD_LIBRARY_PATH=$LD_LIBRARY_PATH:/mmc/lib:/whatever/lib
Alternatively, if you want to give priority to you're personally installed applications (i.e. you've installed a more robust version of grep, and want to use it by default), add the new paths before $PATH and $LD_LIBRARY_PATH, as shown below.
#!/bin/sh export PATH=/mmc/bin:/whatever/bin:$PATH export LD_LIBRARY_PATH=/mmc/lib:/whatever/lib:$LD_LIBRARY_PATH
[edit] View Logfile in Browser without Local Syslogd (log.sh)
- View the last 1000 lines from your router's logfile in your browser without a locally running syslogd (i.e. Kiwi)
[edit] [First Method] Script Generated Live-content
Initial post in German forum: SOLVED: messages (logdatei) formatiert über browser aufrufen)
#!/bin/sh echo '<HTML><HEAD><TITLE>Logfile</TITLE></HEAD>' echo '<BODY>'<br />nvram get router_name echo ' Logfile:<br><pre>' /usr/bin/tail -n 1000 /var/log/messages echo '</BODY></HTML>'
To use this script you first need to enable syslog on your router without stating an IP. Then the log will be saved in /var/log/messages. You can do this under Administration->Services and then scroll down to the "System Log" section. Click "Enable" and leave "Remote Server" empty. After you saved the script under /tmp/www/ as "log.sh" you must mark it as executable with "chmod +x /tmp/www/log.sh". You can do that by saving the following in your startup script:
echo -en "#!/bin/sh\necho '<HTML><HEAD><TITLE>Logfile</TITLE></HEAD>'\necho '<BODY>'\nnvram get router_name\necho ' Logfile:<br><pre>'\n/usr/bin/tail -n 1000 /var/log/messages\necho '</BODY></HTML>'" > /tmp/www/log.sh
To view the log in your browser point it to "http://<routerip>/user/log.sh"
It appears that the above method doesn't work under some versions of v24 as shell scripts need to be created in the cgi-bin folder in order for the webserver to execute them.
If you find the previous startup script doesn't work, try the following:
mkdir /tmp/www/cgi-bin echo -en "#!/bin/sh\necho '<HTML><HEAD><TITLE>Logfile</TITLE></HEAD>'\necho '<BODY>'\nnvram get router_name\necho ' Logfile:<br><pre>'\n/usr/bin/tail -n 1000 /var/log/messages\necho '</BODY></HTML>'" > /tmp/www/cgi-bin/log.sh chmod +x /tmp/www/cgi-bin/log.sh
and use "http://<routerip>/user/cgi-bin/log.sh to access it.
[edit] [Second Method] Static Generated HTML
Note that it is reported that script-generated content will not be delivered by the web server in v24-RC4 and v24-RC5, maybe other versions are affected too (see User-HTML (skript generiert) funzt nicht :( in the German forum). If you just get an empty page if using the first method you may use this workaround:
echo -en "#!/bin/sh\nrm /tmp/www/syslog.html\necho '<HTML><HEAD><TITLE>Logfile (Generated: ' >> /tmp/www/syslog.html\ndate >> /tmp/www/syslog.html\necho ')</TITLE></HEAD><BODY>' >> /tmp/www/syslog.html\nnvram get router_name >> /tmp/www/syslog.html\necho ' Logfile:<br><pre>' >> /tmp/www/syslog.html\n/usr/bin/tail -n 1000 /var/log/messages >> /tmp/www/syslog.html\necho '</BODY></HTML>' >> /tmp/www/syslog.html" > /tmp/www/log_gen.sh
chmod +x /tmp/www/log_gen.sh </pre>
Save the above code to your startup script and create a cron job for it. To generate a HTML log all 15 minutes you could use this job:
*/15 * * * * root /tmp/www/log_gen.sh
Your router's syslog is now available on http://<routerip>/user/syslog.html and will be updated every 15 minutes (or whatever you set in the cron job).
[edit] Speak Your Signal Strength
I use my WRT in client mode to connect to an access point, but I don't have a particularly good signal quality and I often need to re adjust the position of the WRT and its antenna. Unfortunately my computer is not in sight of the WRT and I had to keep going backwards and forwards from my computer to the WRT making adjustments then checking the signal strength on the screen of my computer. This can take ages to to set up properly, so I decided to get my computer to use the "festival" speech synthesis program to tell me what the current signal level is.
#! /bin/bash
# Use "festival" to say out loud how much signal strength we have
# The IP address of the WRT
ip_addr="192.168.1.1"
# The username and password for the WRT
user="root"
pass="admin"
# Tempory file used to hold the data from the WRT
tmp_file=/tmp/wrt.status
echo
echo "The signal level is:-"
echo
echo "The signal level is" | festival --tts
while true ; do
wget --http-user=$user --http-password=$pass http://$ip_addr/Status_Wireless.live.asp -O $tmp_file -o /dev/null
signal=`awk -F "'" '/active_wireless/ { print $8 }' $tmp_file`
echo $signal | awk '{printf"Signal : "$1"\t";for(;j<$1;j++)printf"=";printf"\n"}'
if [[ -n $signal ]] ; then
echo $signal | festival --tts
else
echo "Not associated" | festival --tts
fi
done
This works by using the same process as the 'Status-->Wireless' page i.e. it gets a chunk of data by wget'ing the Status_Wireless.live.asp page from the WRT then running awk to get the relevant chunk of data (the signal strength) and then piping that into the festival speech engine.
Now I just run this script and turn up the volume on my computer when I need to move the antenna.
[edit] Small Security Script (Firewall)
#!/bin/sh # # Warning! As I don't use Emule or similiar programs I can't guaranty their function. # If you find a workable solution just add it to this wiki. # I found testing some of the setting manually that the ipfrag settings will break emule, # maybe some others too... # # Enjoy your enhanced security, # # St. Karitzl # info@user1.walztech.de # http://daywalker81.de.vu echo 1 > /proc/sys/net/ipv4/icmp_echo_ignore_all echo 1 > /proc/sys/net/ipv4/icmp_echo_ignore_broadcasts echo 1 > /proc/sys/net/ipv4/ip_forward # the following two parametes will break at least emule and are way too low to make sense. #echo 1024 > /proc/sys/net/ipv4/ipfrag_high_thresh #echo 512 > /proc/sys/net/ipv4/ipfrag_low_thresh echo 64000 > /proc/sys/net/ipv4/ipfrag_high_thresh echo 48000 > /proc/sys/net/ipv4/ipfrag_low_thresh # echo 10 > /proc/sys/net/ipv4/ipfrag_time echo 5 > /proc/sys/net/ipv4/icmp_ratelimit echo 1 > /proc/sys/net/ipv4/tcp_syncookies echo 0 > /proc/sys/net/ipv4/conf/eth1/accept_source_route echo 0 > /proc/sys/net/ipv4/conf/eth1/accept_redirects echo 1 > /proc/sys/net/ipv4/conf/eth1/log_martians echo 10 > /proc/sys/net/ipv4/neigh/eth1/locktime echo 0 > /proc/sys/net/ipv4/conf/eth1/proxy_arp echo 50 > /proc/sys/net/ipv4/neigh/eth1/gc_stale_time # # The following entries secure the last bit and provide a # moderate protection against man-in-the-middle attacks. # echo 0 > /proc/sys/net/ipv4/conf/eth1/send_redirects echo 0 > /proc/sys/net/ipv4/conf/eth1/secure_redirects echo 1 > /proc/sys/net/ipv4/icmp_ignore_bogus_error_responses echo 5 > /proc/sys/net/ipv4/igmp_max_memberships echo 2 > /proc/sys/net/ipv4/igmp_max_msf echo 1024 > /proc/sys/net/ipv4/tcp_max_orphans echo 2 > /proc/sys/net/ipv4/tcp_syn_retries echo 2 > /proc/sys/net/ipv4/tcp_synack_retries echo 1 > /proc/sys/net/ipv4/tcp_abort_on_overflow echo 10 > /proc/sys/net/ipv4/tcp_fin_timeout echo 0 > /proc/sys/net/ipv4/route/redirect_number echo 1 > /proc/sys/net/ipv4/conf/all/rp_filter echo 1 > /proc/sys/net/ipv4/conf/eth1/rp_filter echo 1 > /proc/sys/net/ipv4/tcp_syncookies echo 0 > /proc/sys/net/ipv4/conf/all/accept_source_route echo 61 > /proc/sys/net/ipv4/ip_default_ttl # DoS protection by tweaking the timeouts echo "1800" > /proc/sys/net/ipv4/tcp_keepalive_time echo "0" > /proc/sys/net/ipv4/tcp_window_scaling echo "0" > /proc/sys/net/ipv4/tcp_sack # We pretend to be a Checkpoint firewall on Windows XP echo 4096 87380 4194304 >/proc/sys/net/ipv4/tcp_rmem echo 4096 87380 4194304 >/proc/sys/net/ipv4/tcp_wmem # Check network overload (explicit congestion notification) echo 1 > /proc/sys/net/ipv4/tcp_ecn # Change port range for outgoing traffic echo "30000 60000" > /proc/sys/net/ipv4/ip_local_port_range # Change default queue size # Modified for DD-WRT because of missing proc entries echo 4096 > /proc/sys/net/ipv4/ip_conntrack_max # LED signal feedback when script ends sleep 1 gpio enable 3 sleep 1 gpio disable 3 sleep 1 gpio enable 3 sleep 1 gpio disable 2 sleep 1 gpio enable 2 sleep 1 gpio disable 2 # If you'd like to disable the web interface uncomment # the following line #killall httpd
Attention, you might have to change eth1 to the actual WAN (external) interface.
Installation is pretty simple:
- Log on to your WRT
- type
cd /jffs - type
vi sec.sh(or any other name) and enter the script - Connect to your WRT via web browser, page Administration:Commands
- Enter the script name (sec.sh) into the command field
- Click on "Save Startup"
- Reboot router
As a simple test try to ping your router. You should get no response otherwise you have to find the error.
[edit] Block URLs with an Automatically Downloaded Host File
This was taken from mraneri from the Linksys forum.
logger WAN up script executing
sleep 5
test -s /tmp/dlhosts
if [ $? == 1 ] ; then
echo -e "#!/bin/sh\nwget -O - http://www.mvps.org/winhelp2002/hosts.txt | grep 127.0.0.1 | sed -e '2,\$s/127.0.0.1/0.0.0.0/g' -e 's/[[:space:]]*#.*$//' > /etc/hosts\nlogger DOWNLOADED http://www.mvps.org/winhelp2002/hosts.txt\nkillall -1 dnsmasq" > /tmp/dlhosts
chmod 777 /tmp/dlhosts
/tmp/dlhosts
fi
echo "45 23 * * 5 root /tmp/dlhosts" >> /tmp/crontab
This script automatically downloads a host file from: "http://www.mvps.org/winhelp2002/hosts.txt" and redirects all the URLs in that file to 127.0.0.1. All those URLs are common malware or advertisement sites so is better to block them. You can also download the file, modify it with new URLs that you want to block or delete the ones you don't want to block and then upload to a web site and change the URL in the code to your custom one. Be aware that the more URLs in the file the more RAM that you will be eating from your router. Check the file size and your free memory to see if it will suit you. If not just erase some URLs... If you want to block all URLs since the router boots then just placed in the startup scripts.
[edit] Directory Listing for DD-WRT Micro
Since the Micro version of DD-WRT doesn't provide a ls command, here is a very simple script to list directory contents
#!/bin/sh
files=`echo *`
for x in $files; do
if [ -d $x ]; then
echo -n "$x/ "
else
echo -n "$x "
fi
done
echo
[edit] Global Management of Blacklists
If you have a lot of DD-WRT routers, then denying of access for abusing users through the web interface of each router can be time consuming.Here is a small firewall script to automatically download MAC-addresses of computers that should be denied access. The format of the file is Unix textfile one MAC address per line. The script assumes that you have a jffs partition. You can run it at startup by saving it as /jffs/etc/config/wifi_bl.wanup
#!/bin/sh
cd /jffs
rm wifi_blacklist.txt
#Please modify the script to download the blacklist file from your web server
wget http://www.myserver.com/wifi_blacklist.txt
module_exists=`lsmod | grep ipt_mac`
if [ -z "$module_exists" ] ; then
insmod ipt_mac
fi
#Deleting the old table
old_mac=`iptables -L | egrep "..:..:..:..:..:.." | sed "s/.*\(..:..:..:..:..:..\).*/\1/"`
for mac in $old_mac ; do
iptables -D FORWARD -p tcp -m mac --mac-source $mac -j REJECT --reject-with tcp-reset
done
#Adding the table again
for mac in `cat /jffs/wifi_blacklist.txt` ; do
iptables -I FORWARD -p tcp -m mac --mac-source $mac -j REJECT --reject-with tcp-reset
done