From DD-WRT Wiki

Jump to: navigation, search


[edit] Random encounters with DD-WRT v24-sp2 mega/big r14929

Here are some notes, about issue, where I consider the solution to be a bit hackish and not ready for consumption by everyone. So be aware that you should know what you're doing. FYI I'm running this on an Asus RT-N16.

[edit] Running bittorrent on the router

I'm running bittorrent directly on the router with screen + rtorrent (and libs) picked from OpenWRTs Kamikaze release. Unfortunately DD-WRTs build-in default firewall setup blocks the incoming traffic (INPUT table) in the port range 6881-6999. I consider it to be save to allow incoming traffic in that port range and would be more concerned about security issue with the torrent client and libs. So I've added two rules very much at the top of the INPUT table to allow UDP and TCP traffic on those ports comming in on the ppp0 device:

 # Allow bittorrent peers
 iptables -I INPUT 2 -i ppp0 -p tcp --dport 6881:6999 -j ACCEPT
 iptables -I INPUT 3 -i ppp0 -p udp --dport 6881:6999 -j ACCEPT

[edit] ISAKMP/UDP 500 blocked - or why your VPN endpoint doesn't respond

The build-in default firewall has a special block for UDP traffic on port 500 in the FORWARD table. This port is used for ISAKMP (key exchange for your VPN connection) and required to build up VPN connections with e.g. vpnc. So if your VPN client, in may case vpnc, bitches about an endpoint not responding you should check and maybe remove the blocking rule.

 # Remove ISAKMP ban
 iptables -D FORWARD -o ppp0 -p udp --dport 500 -j DROP

UPDATE: I now found out that the webinterface has an option to allow VPN traffic, so you don't have to deploy such a gross hack. See 'Security' -> 'VPN Passthrough'.

[edit] Some aliases I find useful

Be aware that I've installed some additional tools from OpenWRTs kamikaze release and adjusted the /tmp/root/.profile via a /jffs/etc/config/profile.startup script, currently looking like this:

 echo "alias pkgl='grep Package /jffs/usr/lib/ipkg/status|sort'" >> /tmp/root/.profile
 echo "alias wget='/jffs/usr/bin/wget'" >> /tmp/root/.profile
 echo "alias ifstat='ifstat -i br0,ppp0,sixxs'" >> /tmp/root/.profile