Securing your WiFi network

How To Block Web Sites at the Router Level for Network Wide Filtering - How-To Geek

A comprehensive network filtering system is overkill if all you want to do is block a handful of web sites. Read on as we show you how—with nothing more than your router—you can selectively block and temporarily restrict individual websites.

For many people a massive commercial internet filter is overkill. What if you just want to block Facebook when your kids are supposed to be doing their homework or Reddit when you’re supposed to be getting work done? You don’t need a huge system for that, all you need is the access restrictions module in your router. Today we’re looking at how you can quickly and easily block traffic on your network using router-based access restrictions.

What You’ll Need

<p><img alt='' src='http://www.howtogeek.com/wp-content/uploads/2011/11/whatyouneedtomato.jpg'/></p>

For this tutorial you’ll won’t need much and you won’t have to spend a dime. Before proceed make sure you have the following things:

• A Tomato compatible router
• A copy of Tomato on the router
• Administrative access to the router

We’re going to go through the tutorial as using a Linksys router running Tomato custom firmware. The steps we’re taking are largely equivalent to the DD-WRT system (you can read about selective domain blocking for DD-WRT here). If you don’t have Tomato installed on your router check out our guide to installing Tomato here. If you have it installed and you have administrative access (you know the login password for the control panel) then you’re ready to proceed.

Setting Up URL Filters in Tomato

<p><img alt='' src='http://www.howtogeek.com/wp-content/uploads/2011/11/2011-11-22_131534.jpg'/></p>

For our example we’re going to setup both a total ban and a time-based ban on the social news site Reddit. Reddit fans among us will attest to the fact that the site, as fun as it can be, is an enormous time sink and a great productivity killer. First let’s take a look at the Access Restriction module in Tomato. Navigate to your router control panel, typically an address like http://192.168.1.1 and plug in your credentials. Once you’re in the main panel navigate to Access Restriction in the left hand menu—seen above. Click on it to enter the sub-menu. If you’ve never used the feature before all you’ll see in the Access Restriction Overview section is a disabled example entry like so:

<p><img alt='' src='http://www.howtogeek.com/wp-content/uploads/2011/11/2011-11-22_132959.jpg'/></p>

Just beneath the example entry, to the right, is the Add button. Click that now to create your first entry.

For our first entry we’re going to make a filter, called Reddit Killer, which blocks Reddit all day, every day. Change the description name from New Rule to Reddit Killer, check All Day and Everyday, leave Applies to as All Computers/Devices, and then uncheck Block All Internet Access—if you don’t check this part, you won’t be able to specify what exactly you want to block. It should look like this:

<p><img alt='' src='http://www.howtogeek.com/wp-content/uploads/2011/11/2011-11-22_133429.jpg'/></p>

When you unchecked Block All Internet Access, an entire new portion of the menu unfolded beneath the initial entry. Within this portion of the menu is where we’re going to specify the sites we want to block. 

 

Leave the Port/Applications section alone (these settings allow you to get more granular control over your filters such as filtering only BitTorrent or a specific port). In the HTTP Request section enter reddit.com and then, at the bottom right corner, click Save.

<p><img alt='' src='http://www.howtogeek.com/wp-content/uploads/2011/11/2011-11-22_140651.jpg'/></p>

Back at the main screen you should see the new filter, Reddit Killer, with it’s rather encompassing “Everyday” schedule. Let’s take a look at Reddit and see if our filter is active:

<p><img alt='' src='http://www.howtogeek.com/wp-content/uploads/2011/11/2011-11-22_144143.jpg'/></p>

Reddit is down? Well then. We’d better get back to work. Our filter is great success.

If you’re not quite ready for a full Reddit fast but you’d like to at least keep it shut off while you’re trying to focus on work, you can easily modify the scheduling component to, say, restrict access between 8AM and 5PM on the weekdays. Let’s click on Reddit Killer now so we can edit it.

<p><img alt='' src='http://www.howtogeek.com/wp-content/uploads/2011/11/2011-11-22_142424.jpg'/></p>

Uncheck All Day and Everyday, then in the new options which have appeared, select 08:00-17:00 and Monday through Friday. While we’re at it, let’s update the Description to better reflect the purpose of the filter. Since we’re restricting access to the evenings, we’ll call our new filter Reddit Tonight.

To register the changes, click save down in the lower right corner. If you wish to further massage the settings (such as applying the restrictions to only certain computers) you can pull down the Applies To menu and create white/black lists of computers that are restricted or unrestricted. You can also easily expand your filter by adding new lines into the HTTP request box. Instead of just a Reddit Killer it could be expanded to include all the web sites you routine kill time on (Reddit, Facebook, Fark, and so on). In addition to filtering web sites you can also set up keyword filters. In short, if it’s travelling through your network you can find a way to filter it in the Access Restrictions menu.

Have a clever technique for getting more out of Tomato and/or filtering time wasting web sites and other undesirable content? Let’s hear about it in the comments.

via howtogeek.com

Posted via email from ://allthings-bare

How to Secure Your Torrent Downloads via maketecheasier.com

Internet security and privacy are two topics that are frequently in the news. Those Internet users who use the BitTorrent protocol to share files are perhaps more aware of these security and privacy issues than others. Many government agencies, special interest groups, corporations, and hackers with malicious intentions monitor torrent downloads and look for people to catch, sue, or attack.

Because of this reality, it is important for torrent file sharers to find ways to protect themselves from litigation, prosecution, bandwidth shaping, and malware. The following tips should help you make your torrent experience safer, private, and more secure.

Disclaimer: Downloading copyrighted media without the owner’s permission is illegal is some countries. Under no circumstances is this article intended to encourage illegal activity, and there are no guarantees that this information will protect you from any legal action.

1. Port Forwarding

Every modern router has some form of port forwarding that you can use for your bittorrent client. With it, you can circumvent ISPs that may block common torrent ports or limit their bandwidth usage. Using port forwarding, you could, for example, forward your BitTorrent traffic through the standard web port (80). Some torrent clients also support randomizing of ports so that they will use a different one every time you start them.

2. Limit Downloads and Uploads

Since many ISPs now limit the amount of bandwidth you can consume within a month (or even at certain times of the day), it is important to not let your torrent downloading and uploading go unchecked. Torrent clients like qBittorrent have features that allow you to limit the number, speed, and even time of day that downloads are allowed.

3. Encryption

Encryption is all about privacy. There is no reason for anyone, even your ISP to know exactly what sites you are visiting or what files you are downloading. Most torrent clients support some type of encryption for the data and/or header information. It is important to note that encryption will not mask your IP address, so anyone spying on the torrent (i.e. actively connected to the tracker) will still know you are downloading it, but anyone trying to spy on your Internet traffic in general will not be able to see what you are doing.

4. Filter Lists

There are plenty of organizations that are known for their snooping or malicious intent. With an IP filter list, you can completely block them from connecting to you as peers, thereby eliminating any chance of them monitoring you and catching you in the act of downloading something. This may also help reduce the chance that you will connect to a peer that sends out harmful data or malware.

5. Proxy or VPN

Of all of the security measures on the list, this is by far the most effective. By routing your torrent traffic through a proxy or VPN, you can completely hide yourself from the outside world. Used in combination with the other tools on this list, your torrent downloading will be virtually covert. Proxy providers usually charge a subscription fee, and they will require you to either download a specially configured bittorrent client or reconfigure yours to use their proxy (often utilizing a SOCKS5 protocol).

Your privacy, however, is only as secure as the company offering the service. If they are under investigation or are willing to sell your information, using their services may not help you at all. Therefore, it is a good idea to ask around and do your research before using a proxy or VPN service.

Privacy and Security

The media often associates BitTorrent with illegal file sharing, but there are numerous legitimate organizations, from Linux distribution developers to content delivery networks (CDN), that make use of bittorrent technology. Furthermore, many free media distributors who use open licenses, such as Creative Commons, use bittorrent to help reduce their bandwidth costs.

With a little effort, you can use the above-mentioned tools to help you take back your right to download and share legitimate content and software, while also maintaining your privacy and security.

via maketecheasier.com

Posted via email from ://allthings-bare

How to Boost Your Wi-Fi Network Signal and Increase Range with DD-WRT - How-To Geek

Wireless is really convenient until you drop your connection or get really low speeds. Thanks to DD-WRT, it’s easier than ever to extend your home networks range with a few simple tweaks and a spare router.

DD-WRT is a fully feature-packed alternative firmware for your router. If you don’t know what it is or how to get it on your device, you should start off with Turn Your Home Router into a Super-Powered Router with DD-WRT.

Boosting Your Signal

Fire up your web browser and direct it to your router’s configuration page. Go to Wireless > Advanced Settings.

There are three settings of interest, the first being TX Power. This is the broadcasting power of your transmitting antenna. The default is a safe value of 70, but we can kick it up a bit. Most people report that jumping up to a 100 is safe. Pushing it higher can cause excessive heat which can damage your router. I don’t have to worry about that since my “server area” is cold and I’m also a bit reckless, so I kicked mine up to 150. It’s been that way for a few weeks and I haven’t had a problem yet, but your mileage may vary. Use your common sense and discretion.

Next up is the Afterburner setting. If your wireless router and adapters support Afterburner – also known as SpeedBooster, SuperSpeed, Turbo G, and G Plus (but not Super-G) – you can enable this to get a boost. Things may slow down if they don’t support it, though, so be sure to do your homework. B-only devices won’t see any problems and N-based devices shouldn’t be negatively affected, either.

Finally, we get to Bluetooth Coexistence Mode. If you use bluetooth a lot, then you may have noticed a drop in reliability or speed with both wireless and bluetooth devices. Turning this setting on should keep the two from interfering too badly with one another.

Use a Spare Device as a Repeater

Most of us have upgraded our networks with new routers over the years. If you have your old one lying around, why not throw DD-WRT on it? I had a spare Linksys wireless access point, but after putting alternate firmware on it, I had a full-blown router on my hands. We can put our spare device to work as a repeater, which can act as a range-extender for a new section of your house or yard.

Under Wireless > Basic Settings, change the mode to Repeater.

You’ll see two sections, Wireless Physical Interface (wl0), and Virtual Interfaces (wl0.1). The physical interface is going to be receiving the signal from your main router. Plug in the SSID, configure the network mode, and decide if you wanted it to be bridged (connected with the old network) or unbridged (isolated from it). Next, come up with a new SSID for your repeater. This way, you can choose which access point to use, depending on where you are.

Click on save, then go over to the Wireless Security page.

Enter the wireless security settings for your main router, then enter the details for your new repeater’s signal. Lastly, we need to make sure that your repeater is connected to your main router. To do that, go to Status > Wireless.

At the bottom of the page, you’ll see a button that says Site Survey. Click on it.

Find you main router’s wireless SSID and click Join. That’s it! Place your repeater on the other side of your house, but not so far that it doesn’t get a good signal. Then, you can connect to your new repeater and test it out.

Use Your Repeater as a Wireless Receiver

An added benefit of DD-WRT is that you can configure your repeater to act as a wireless receiver for a computer that doesn’t have one. Return to where you configured the repeating function, under Wireless > Basic Settings.

Change the mode to Repeater Bridge. Now, you can plug in a device into the router’s ethernet ports and it’ll act just like it’s wired into your main router. If you’re not using it then you should turn if off, as it can cut your bandwidth otherwise.

If you’re looking to speed up browsing, Removing Advertisements with Pixelserv and Find a Faster DNS Server with Namebench can both help your cause – with or without extended ranges – thanks to DD-WRT.

via howtogeek.com

Posted via email from ://allthings-bare

Unleash Even More Power from Your Home Router with DD-WRT Mod-Kit

We’ve already shown you how to mod your home router with the DD-WRT alternative firmware for greatly improved performance, and today we’re going to show you how to take it even further with the DD-WRT Mod-Kit.

If you haven’t already, be sure and check out the two previous articles in the series:

• Turn Your Home Router Into a Super-Powered Router with DD-WRT
• How to Boost Your Wi-Fi Network Signal and Increase Range with DD-WRT

Assuming you are familiar with those topics, keep reading. Keep in mind that this guide is a little more technical, and beginners should be careful when modding their router.

Overview

This guide will  give a step by step rundown of how to create your own DD-WRT firmware with modifications and additions using the “firmware modification kit“.

The firmware modification kit enables one to make modifications to the firmware without compiling it from source. Making changes this way, with the aid of the provided scripts, becomes a simple matter of downloading, replacing and deleting some files.

The most predominant reason to use this method is because lately DD-WRT’s support for the Openwrt IPKG packages has shifted towards routers that have hard drives (via USB), which makes the mod-kit the only consistently working way of installing the IPKG packages successfully for cases where an HD is unavailable. In addition, this method has the added advantage of relieving you from the JFFS dependency for packages installation, which for routers with only 4MB of flash is a real problem.

Picture by publicenergy

Goals

While instructions for this procedure, are detailed on DD-WRT’s wiki and on the developer’s site, we aim to make this guide a copy & paste procedure that anyone can use to achieve the following goals:

• Install the knockd package and its dependencies.
• Install the ssmtp package with NVRAM based generated configurations.
  • Optionally with support for TLS smtp (a.k.a. Gmail support).

Once you have followed this procedure it should be relevantly simple to adapt it for other packages installations.

Warning: Tread lightly… keep in mind that incorrect usage of the modification kit, can leave you with a router that needs de-brick-ing (as in turn it into a useless brick). However if you’re a true geek you probably subscribe to the ideology that, he who can destroy a thing, controls a thing, and only true geeks do that

Prerequisites

1. Using this procedure can brick your router, as in make your router unusable, we take no responsibility for any damages that may be caused directly or other wise due to the use of the procedures below.
2. This procedure was performed on Debian based systems (Lenny, Squeeze and Mint) and the instructions below assume you are using one as well.
3. This procedure is only recommended for people who have experience with flashing their router with DD-WRT, with all the prerequisites,caveats and limitations that apply for their hardware setup. a good place to start would be our Turn Your Home Router Into a Super-Powered Router with DD-WRT guide.
4. Your router has to support at least the “mini” version of DD-WRT.
5. This procedure was created and tested on Linksys WRT54GS/L routers, if your using routers from other vendors, your mileage may very.

Setup

Installing required packages

The firmware modification kit has some dependencies for it to compile and work. In order to install/update them all at once Issue this command in a terminal:

sudo aptitude install gcc g++ binutils patch bzip2 flex bison make gettext unzip zlib1g-dev libc6 subversion

Download the mod-kit

Create a sub-folder, and get the kit from the official SVN:

mkdir firmware_mod_kit
cd firmware_mod_kit
svn checkout http://firmware-mod-kit.googlecode.com/svn/trunk/ firmware-mod-kit-read-only
cd firmware-mod-kit-read-only/trunk/

Download a firmware to work on

The first thing to consider is which version you want to use?
A rule of thumb is: when in doubt use “mini”. This is because as long as your router supports at least the “mini” version, using it gives you all of the most commonly used features without any bloatware. thus leaving both space for the procedures and even some JFFS space for other usages in most cases.

Once you’ve decided on a version, it is recommended to use the latest revision of the firmware available, as they tend to have a lot of bug fixes compared to their “stable” counterparts.
At the time of this writing the latest was “03-17-11-r16454″ and this revision is used in the commands that follow.

wget http://www.dd-wrt.com/dd-wrtv2/downloads/others/eko/BrainSlayer-V24-preSP2/2011/03-17-11-r16454/broadcom/dd-wrt.v24_mini_generic.bin

In order to make it easier to keep track of what version we are using, rename the downloaded file to represent its version number:

mv dd-wrt.v24_mini_generic.bin dd-wrt.v24_mini_generic-03-17-11-r16454.bin

This is of course optional, but the commands below assume that you have renamed the file.

Extracting the firmware

In order to be able to change files within the firmware we need to extract its content into a temporary directory.
The syntax of this command is:
./extract_firmware.sh FIRMWARE_IMAGE WORKING_DIRECTORY
In our case, this would translate to:

./extract_firmware.sh dd-wrt.v24_mini_generic-03-17-11-r16454.bin ./working_dir_mini1

Note: The first time you run this command, it builds the mod-kit tools on your system. this happens only once and may take a little while… so be patient…

Installing packages

Now that the firmware is extracted we can install the packages to it.
In general, the procedure is to download the package and its dependencies in the form of an ipk file from the openWRT repository. Once downloaded install them into the extracted firmware using the provided script.

The knockd package

Detailed instructions on how to configure and use Knockd will be detailed in a future article, so you may opt to skip this step for now or do it in preparation for the future as Knockd doesn’t take a lot of space anyhow.

Knockd is a daemon that listens to communication events at the link layer for sequences then acts on them.
What this means, is that you can have the device running the daemon not even “listen” on the ports (a port scan will not see them as open) and still make it do something you need, from a single command all the way up to a full script. Using this technique you could trigger the server to perform any sort of operation you need of it remotely (across the internet) without exposing your home network.

Knockd has only one listed dependency, so download the package and its dependency by issuing:

wget http://downloads.openwrt.org/backports/rc5/knockd_0.5-1_mipsel.ipk
wget http://downloads.openwrt.org/whiterussian/packages/libpcap_0.9.4-1_mipsel.ipk

Install the “knock daemon” (knockd) ipk into the firmware:

./ipkg_install.sh knockd_0.5-1_mipsel.ipk ./working_dir_mini1/

Install the “packet capture” (libpcap) ipk into the firmware:

./ipkg_install.sh libpcap_0.9.4-1_mipsel.ipk ./working_dir_mini1/

As “knockd” can be invoked with an alternate configuration file (how will be explained in a future article), there is no need to perform any other operation and you may skip to the firmware building section, if its all you wanted to install.

The SSMTP package

The SSMTP package enables your router to send Email messages just like we showed in our How To Setup Email Alerts on Linux Using Gmail or SMTP for servers. We promised you back then that we will show how to configure this for DD-WRT and we will now deliver.
This is mainly useful if your going to create scripts on the router that you would like to receive feedback on their operation via email.

This package’s setup is a bit more complex then it is on normal Linux systems because of the limitation imposed by an embedded system, so take a deep breath… ready?…. lets go…

Download the package:

wget http://downloads.openwrt.org/backports/rc5/ssmtp_2.61-1_mipsel.ipk

Install the “ssmtp” ipk into the firmware:

./ipkg_install.sh ssmtp_2.61-1_mipsel.ipk ./working_dir_mini1/

TLS support (Optional)
SSMTP doesn’t list any other packages as its dependencies, however if you want to be able to use an smtp gateway that requires TLS authentication (i.e. Gmail), you have to install the openSSL pakage as well.
Note: There is a HUGE drawback to doing this in the form of considerably reduced space on the router for JFFS later on. That is, the openSSL package takes about 500K of space from your total of 4MB (for a normal non “mega” supporting router), compound to that the JFFS overhead and you will discover that your left with, but a precious few, blocks of free JFFS space (about 60KB on WRT54GL).

As there are still non TLS requiring smtp servers out there (usually your ISP’s), i suggest taking a minute to think if you really need to use the TLS requiring gateway.

If you have decided to enable TLS support despite its disadvantage, download the openSSL package:

wget http://downloads.openwrt.org/whiterussian/packages/libopenssl_0.9.8d-1_mipsel.ipk

Install the “openSSL” (libopenssl) ipk into the firmware:

./ipkg_install.sh libopenssl_0.9.8d-1_mipsel.ipk ./working_dir_mini1/

Configurations
There is a limitation with the SSMTP package, that it is not possible to invoke it with an alternate configuration file.
Because the firmware is read-only when its on the router, that means that out of the box we can only hardcode the configuration into the firmware.
However, what if we don’t want to go through all of the firmware modification steps, just to change the Email settings? (for example a password change).

To that end, both Jeremy (the firmware mod-kit creator) and myself reached the conclusion (independently if i may humbly add) that the only sane way to do this would be to:

1. Make the configuration files location which the ssmtp package points to the read-only location under etc, point to the tmp directory which is writable to at runtime.
2. Create a script that would dynamically generate the configurations based off of NVRAM variables at startup.

To achieve that, some additional steps are required…

Symlink the ssmtp configuration directory
As explained above, we need to make the /etc/ssmtp location on the router, point to the /tmp directory as its the only writable place we have on the router at run time. To do this, delete the ssmtp directory that was created by the ipk installer:

rm -rf ./working_dir_mini1/rootfs/etc/ssmtp/

Create a new symbolic link that points the /etc/ssmtp on the router’s root file-system, to point to /tmp/etc/ssmtp as an absolute path:

ln -s /tmp/etc/ssmtp/ ./working_dir_mini1/rootfs/etc/ssmtp

Note: Even though this looks illogical right now, because we are pointing the package’s configuration directory to a location outside of the firmware modification kit’s working directory, I assure you that this looks totally fine from the routers point of view at run time.

An init script
While it is completely possible to not inject this script into the firmware and run it as a startup script later on, I feel its appropriate to put it here if only as an example for future use.
Originally Jeremy created the script tailored to someone’s request, later on, I adjusted and augmented it to be more compatible with DD-WRT and syslog reporting.

Create the new init (startup) script:

vi ./working_dir_mini1/rootfs/etc/init.d/S80ssmtp

Note: You may use another editor, I use vi because its consistent with what’s available on the router…
Make this its content:

#!/bin/sh
#
# title: ssmtp_nvram.sh
# author: Jeremy Collake and Aviad Raviv
# site: http://www.bitsum.com, http://howtogeek.com
#
# script to build config file from nvram vars.
# will work for any config file that uses
# var=value type pairs.
#
# uses prefixes for nvram variables.
#
# i.e.
# ssmtp_hostname=something
# translates to ssmtp.conf
# hostname=something
#
logger_func()
{
logger -s -p local0.notice -t SSMTP_init $1
}

logger_func "###########Started the SSMTP init run###########"
logger_func "Creating the etc directory in /tmp"
[ ! -d /etc/ssmtp/ ] && mkdir -p /tmp/etc/ssmtp/
CONFIG_FILE=/etc/ssmtp/ssmtp.conf
NVRAM_PREFIX=ssmtp_
PACKAGE_NAME=`echo $NVRAM_PREFIX | sed 's/_/ /'`

logger_func "Generating $CONFIG_FILE for package $PACKAGE_NAME"
#echo $0: generating $CONFIG_FILE for package $PACKAGE_NAME
echo "#!/bin/sh" > $CONFIG_FILE
echo "#" >> $CONFIG_FILE
echo "# auto generated based on nvram by $0" >> $CONFIG_FILE
echo "#" >> $CONFIG_FILE

if [ -z "`nvram show | grep ssmtp`" ]
then
logger_func "It appears that you have not set the NVRAM variables required to generate the conf file"
logger_func "**Consider** using these commands in you startup script:"
logger_func "nvram set ssmtp_root=username@gmail.com"
logger_func "nvram set ssmtp_mailhub=smtp.gmail.com:587"
logger_func "nvram set ssmtp_hostname=username@gmail.com"
logger_func "nvram set ssmtp_UseSTARTTLS=YES"
logger_func "nvram set ssmtp_AuthUser=username"
logger_func "nvram set ssmtp_AuthPass=password"
logger_func "nvram set ssmtp_FromLineOverride=YES"
logger_func "create the NVRAM variables and re-run the init script or reboot for the settings to take affect."
exit 0
fi

###########################################################
#
# main loop
#
SED_COMMAND="s/$NVRAM_PREFIX/ /"
CONFIG_VARS=`nvram show | grep $NVRAM_PREFIX | sed "$SED_COMMAND"`
for i in $CONFIG_VARS; do
echo $i >> $CONFIG_FILE
done

###########################################################
#
# sanity check
#
if [ ! -f "$CONFIG_FILE" ]; then
# echo "$0: ERROR - could not create $CONFIG_FILE. Perhaps there is no symink /etc/XXXX -> /tmp/etc/XXXX ?"
logger_func "ERROR - could not create $CONFIG_FILE. Perhaps there is no symink /etc/XXXX -> /tmp/etc/XXXX ?"
fi
logger_func "###########Finished the SSMTP init run###########"

Make it executable:

chmod +x ./working_dir_mini1/rootfs/etc/init.d/S80ssmtp

Take note of the NVRAM waiting variables in the script, it is our responsibility to give them something to work with after we have installed our modified firmware on the router.

Build the modified Firmware

Now that everything is in place, it is time to re-package the modified firmware into a compressed binary that we can flash to the router.
The “build.sh” script syntax is:
./build_firmware.sh OUTPUT_DIR WORKING_DIRECTORY

To do this we use the supplied script, so issue:

./build_firmware.sh output_mini1 ./working_dir_mini1/

Once the “build” operation is done, there will be several firmware images waiting to be used in the “output” directory.

You may now flash the file called “custom_image_00001-generic.bin” to your router as you normally would a DD-WRT firmware.

Note: Don’t forget to restore to “factory defaults” before, during and right after the firmware flash.

Post flash steps

Because we made the SSMTP package look for NVRAM variables in order to generate the ssmtp configuration file, we now need to supply it with the missing information.
We will accomplish this by using the web-GUI “Run commands” function.

Go to the web-GUI -> “administration” -> “commands” -> paste in the text-box the following:

nvram set ssmtp_root=your-email@gmail.com
nvram set ssmtp_mailhub=smtp.gmail.com:587
nvram set ssmtp_hostname=you-email@gmail.com
nvram set ssmtp_UseSTARTTLS=YES
nvram set ssmtp_AuthUser=your-gmail-user-name(without the @gmail.com)
nvram set ssmtp_AuthPass=you-gmail-password
nvram set ssmtp_FromLineOverride=YES
nvram commit

Replace the text after the equal (=) sign, with your actual information, And then Hit “Run commands”.
Note: if your using a regular, non TLS using, smtp server the port to use is 25 instead of 587.

Now that the SSMTP information is ready for use, you will need to invoke the init script. So you can either reboot the router, Or paste this into the “commands” text-box:

/etc/init.d/S80ssmtp

Then hit “Run commands” again.
The output of this command should look like:

Test that you can send Email
Again paste this into the “commands” text-box the following command with your email address:

echo "testing crucible emailing 123 qwe" | ssmtp -vvv your@email.com

Then hit “Run commands” again.
Because we used the -vvv option for extra verbosity, the output of this command should look like:

If everything went well, you should be getting the test email within seconds.

We hope that you can use this information to push your home router’s limits even further then you thought possible and you now truly control your home router, and DD-WRT…

 

Linux extends life, Linux expands consciousness… Linux is vital for packet travel

via howtogeek.com

Posted via email from ://allthings-bare

How to Boost Your Wi-Fi Network Signal and Increase Range with DD-WRT

Wireless is really convenient until you drop your connection or get really low speeds. Thanks to DD-WRT, it’s easier than ever to extend your home networks range with a few simple tweaks and a spare router.

DD-WRT is a fully feature-packed alternative firmware for your router. If you don’t know what it is or how to get it on your device, you should start off with Turn Your Home Router into a Super-Powered Router with DD-WRT.

Boosting Your Signal

Fire up your web browser and direct it to your router’s configuration page. Go to Wireless > Advanced Settings.

There are three settings of interest, the first being TX Power. This is the broadcasting power of your transmitting antenna. The default is a safe value of 70, but we can kick it up a bit. Most people report that jumping up to a 100 is safe. Pushing it higher can cause excessive heat which can damage your router. I don’t have to worry about that since my “server area” is cold and I’m also a bit reckless, so I kicked mine up to 150. It’s been that way for a few weeks and I haven’t had a problem yet, but your mileage may vary. Use your common sense and discretion.

Next up is the Afterburner setting. If your wireless router and adapters support Afterburner – also known as SpeedBooster, SuperSpeed, Turbo G, and G Plus (but not Super-G) – you can enable this to get a boost. Things may slow down if they don’t support it, though, so be sure to do your homework. B-only devices won’t see any problems and N-based devices shouldn’t be negatively affected, either.

Finally, we get to Bluetooth Coexistence Mode. If you use bluetooth a lot, then you may have noticed a drop in reliability or speed with both wireless and bluetooth devices. Turning this setting on should keep the two from interfering too badly with one another.

Use a Spare Device as a Repeater

Most of us have upgraded our networks with new routers over the years. If you have your old one lying around, why not throw DD-WRT on it? I had a spare Linksys wireless access point, but after putting alternate firmware on it, I had a full-blown router on my hands. We can put our spare device to work as a repeater, which can act as a range-extender for a new section of your house or yard.

Under Wireless > Basic Settings, change the mode to Repeater.

You’ll see two sections, Wireless Physical Interface (wl0), and Virtual Interfaces (wl0.1). The physical interface is going to be receiving the signal from your main router. Plug in the SSID, configure the network mode, and decide if you wanted it to be bridged (connected with the old network) or unbridged (isolated from it). Next, come up with a new SSID for your repeater. This way, you can choose which access point to use, depending on where you are.

Click on save, then go over to the Wireless Security page.

Enter the wireless security settings for your main router, then enter the details for your new repeater’s signal. Lastly, we need to make sure that your repeater is connected to your main router. To do that, go to Status > Wireless.

At the bottom of the page, you’ll see a button that says Site Survey. Click on it.

Find you main router’s wireless SSID and click Join. That’s it! Place your repeater on the other side of your house, but not so far that it doesn’t get a good signal. Then, you can connect to your new repeater and test it out.

Use Your Repeater as a Wireless Receiver

An added benefit of DD-WRT is that you can configure your repeater to act as a wireless receiver for a computer that doesn’t have one. Return to where you configured the repeating function, under Wireless > Basic Settings.

Change the mode to Repeater Bridge. Now, you can plug in a device into the router’s ethernet ports and it’ll act just like it’s wired into your main router. If you’re not using it then you should turn if off, as it can cut your bandwidth otherwise.

If you’re looking to speed up browsing, Removing Advertisements with Pixelserv and Find a Faster DNS Server with Namebench can both help your cause – with or without extended ranges – thanks to DD-WRT.

via howtogeek.com

Posted via email from ://allthings-bare

Turn Your Home Router Into a Super-Powered Router with DD-WRT

Wireless is everywhere and routers are the force that makes it happen, so why not supercharge yours to take proper advantage of it? DD-WRT will let you boost your router’s range, add features, and more.

DD-WRT has a ton of features—more than we can cover in this guide, which is focused on helping you get your router upgraded. Stay tuned, as we’ll go into more depth in a couple more days on all the great things you can do with it, but even if you don’t use the additional features, DD-WRT is worth installing to make your router work better.

What Is DD-WRT?

Here’s our router. Behold: the Netgear WNR2000, revision 2. It’s a mighty fine one, too, but it’s still not the best. Why, exactly? Your router is only as good as its firmware, the software that makes it tick. When you buy a router from Linksys/Cisco, Netgear, D-Link, or others, you’re bound to their software. It’s a nice arrangement; you respect their limitations, and they promise to help with your problems. But what if your warranty’s expired, or you want to shuck their limitations? Maybe you want to take your hardware and push it to its most extreme limits. That’s where DD-WRT steps in.

DD-WRT is an open-source alternative firmware for routers. Its software unlocks features that aren’t present on all routers: static routing, VPN, repeating functions, the list goes on. It also unlocks settings that aren’t accessible normally, like antenna power and overclocking.

Router Support

Turning your home router into an almost professional-level tool is a great project that has one major caveat: support. Not all routers are built or designed the same way. Even two of the same model can have different revision numbers with very different internal components. Because of this, the first step is doing plenty of research. It’s best to have a router that’s fully supported, so if you end up buying one, be sure to check the DD-WRT Supported Routers page first. Also make use of their Router Database, which will help you find particular instructions for your model and revision. Most devices have model and revision numbers on the back panel, and if there’s no revision number, it’s safe to assume that it’s 1.0.

For our purposes, the important spec to consider is NVROM, or ROM. This is where the firmware is kept, so even if your router has 16MB of RAM, it won’t work with a 4MB image of DD-WRT without at least that much ROM. Because of this, there are a few different versions of DD-WRT available at varying file sizes. Some are trimmed down to fit in smaller ROM configurations. Others are built with specific features in mind, like VPN, SD card support, or a Samba client. For more information, check out the File Versions table.

Preparation

The most important thing in any project is research. Do all of your homework for this one, because (here it comes):

DISCLAIMER: Changing your router’s firmware can result in unintentional consequences, such as “bricking.” It’s unlikely, and we’ve never had a device that couldn’t be fixed in some way, but it’s important to understand that it’s a very real possibility. Just to be clear: you assume all responsibility for anything you do; we’re not liable for anything that should go wrong.

As mentioned above, start with the Supported Devices page to see if you’ve got a DD-WRT-friendly router. If you don’t see anything specific, or even if you do, check into the Router Database. Here, you’ll find links to forum pages of those who’ve completed the process for specific models/revisions, as well as the setbacks and workarounds they’ve found. Most importantly, you’ll find links to compatible versions of firmware.

The friendly forum gave us some useful info for our particular model. Our router, the Netgear WNR2000 is revision 2, which means it’s compatible (revision 1 is not). It’s only got 4MB of ROM, so we had to stick to the mini version. We followed the download links and read up on what to do to complete the procedure in full detail.

Almost all sources unanimously recommend three specific things:

1. Do a hard reset on your router before you update. This usually requires a 30/30/30 procedure.
2. Hard wire your router when you update the firmware. NEVER over wireless.
3. Use Internet Explorer (or Safari) unless specifically stated that other browsers are okay.

There’s a ton of reasons which the documentation will reveal to you, but the first two are written in stone, and the last has held true for almost any router, and it won’t hurt either.

Most routers have a pinhole on their back with you need to push and hold to perform a hard reset. The 30/30/30 procedure is primarily directed for devices with DD-WRT already on them, but it’s also required for some other models and won’t hurt to do anyway. It deletes the Non-Volatile RAM. From the DD-WRT website, the procedure is as follows:

• With the unit powered on, press and hold the reset button on back of unit for 30 seconds
• Without releasing the reset button, unplug the unit and hold reset for another 30 seconds
• Plug the unit back in STILL holding the reset button a final 30 seconds (please note that this step can put Asus devices into recovery mode…see note below!) [Note]

This procedure should be done BEFORE and AFTER every firmware upgrade/downgrade.

Do not use configuration restore if you change firmware builds (different svn build numbers).

The Process

Hard reset, as outlined above, or per the instructions for your specific router.

So after our hard reset, we waited for the lights to return to normal, and we hard-wired the router to our laptop. During this phase, we turned off the wireless connection so that just the wired connection to our WRN2000 was active. This prevents any mishaps and makes it simple to connect to the web-interface through the defaults.

Next, fire up Internet Explorer and go to your router’s default page, and log in.

Use the default username and password, usually printed on your device’s back panel or easily found on the internet.

Click on the Router Upgrade link.

Browse to the correct image and click Upload, and wait patiently. Very patiently. You’ll see the loading screen tell you to wait while the router reboots, and you’ll see the lights flash on and off for a while. Wait about five minutes, and err on the longer side. When you’re ready, log in to your router. DD-WRT’s IP address is 192.168.1.1, the username is ‘root’, and the password is ‘admin’.

You’ll be greeted with your brand new interface.

If things didn’t work out, you may have had a “bad” flash. Your router may be bricked, but odds are you can recover from it in some fashion. The first place to check out is How to Recover From a Bad Flash, and the second is the DD-WRT Forum. As long as your do your homework and be precise with the instructions, you’ll be fine.

via howtogeek.com

Posted via email from ://allthings-bare

Get More Out of Your DD-WRT Router with an External Drive

Joshua Tyler — You've supercharged your router with DD-WRT, you're using it to monitor your bandwidth use, and yet you still wish it could do more. Well it can; today we're looking at how to connect to and use your router with an external USB drive.

DD-WRT is pretty powerful by default, but it isn't perfect. Most of the system is read-only, with the editable configuration stored in nvram, which means you have a Linux router that you can't tweak as freely as a normal Linux system. Some routers, however, have a USB port that can be used to connect external storage; using this, we can replace parts of the read-only filesystem with directories on the writable external disk.

Benefits of doing this include a writable /etc/ for easier software configuration, the ability to add new users, and easier use of ipkg for new software installation. It sounds extreme, but it's quite safe! Nearly every change made is to the external storage, which is loaded over the read-only filesystem. The original data is left unharmed, so you can undo the entire thing by disconnecting the storage device and rebooting.

Before We Begin

Most of this guide assumes your router is one of the models that has USB support. For this guide, we'll be using the Buffalo WZR-HP-G300NH, but any DD-WRT router with a USB port should work. If yours isn't one, don't worry! We'll cover some alternatives and their pros and cons, too.

You will also need access to Linux or a Linux live-CD (preferably GParted Live CD), some type of removable storage, such as an external hard disk or a USB flash drive, and most importantly, you need a router with DD-WRT installed. If you're using the G300NH, you don't have to do anything; DD-WRT is installed by default. For the others, you should refer to our guide or the DD-WRT wiki.

Preparing the Drive

Full size

Boot your Live CD and run GParted, then connect the USB device you want to reformat and use. If it's automatically mounted, right click the drive icon and choose "Unmount". In Gparted, select the proper device from the dropdown at the upper right of the window. Make sure you're using the right device by checking the device capacity information in parentheses. When you choose, the rest of the window will update to show the partition information of the selected device.

Under the Device menu, choose Create Partition Table and press Apply to create a new MS-DOS partition table. Right click "Unallocated Space" and select New. The first partition should take most of the space, leaving only a small amount (around 64MiB) at the end. This first partition should be a Primary Partition, and the filesystem should be ext2 (for flash drives) or ext3 (for an external hard disk). You'll need to know what filesystem type you used later, so make a note of it now. The label can be anything you like.

Full size

Right click the remaining unallocated space and create a second new partition. The size should be all remaining space (64MiB), it should be a primary partition, and the filesystem should be linux-swap. Some routers can make use of the swap space for extra memory, but others may not be able to (the G300NH cannot), so don't set this too high in case it cannot.

Click the green check box to apply all changes and wait. When it's done, your drive will be ready for its new life attached to your router.

Router Setup

Full size

Now that you have a drive ready to use, you need to prepare the router for its use. To do that, you will change some settings via the web interface, so fire up a new tab and enter your router's IP address. After you've logged in, click the Services link at the top and scroll down to the "Secure Shell" section. Enable SSHd and Password Login and save your settings.

Next, click the USB tab. There, you'll need to enable the following: Core USB Support, USB 2.0 Support, USB Storage Support, and ext2 / ext3 file system support. Set the Disk Mount Point to /mnt/ and apply your settings.

Your router is ready for USB storage, so go ahead and plug in the drive now.

Mounting the Drive

The rest of this guide will rely heavily on the command line, so if you're CLI shy, you my want to get familiar with it with our command line primer. Connect to your router via SSH (ssh in Linux and OS X; use PuTTY or KiTTY in Windows) and log in with the username root and your router's password.

Full size

Once you're in, type cd /dev/discs/;ls and then cd to the directory listed (probably disc0). Another ls will list the partitions available, which should be part1 (the storage) and part2 (swap space). Make note of filename and the path you used to get here (e.g. /dev/discs/disc0/part1), because it's important.

The drive is connected and we have the location of the device itself, but the filesystem isn't attached (or mounted) to any locations yet, so next we use the path to the device file to mount the partition. Type in mount -t ext2 /dev/discs/disc0/part1 /mnt, replacing ext2 with ext3 if necessary. Type mount again with no arguments and the last line will be similar to /dev/discs/disc0/part1 on /mnt type ext2 (rw,data=ordered) if it was successful.

If it worked, the next step is to make the partition mount at bootup by typing nvram set rc_startup="mount -t ext2 /dev/discs/disc0/part1 /mnt/" (Don't forget to change ext2 and the /dev/ path if needed!)

Preparing the Filesystem

Now the drive is mounted, but most of your filesystem is still read-only. Let's fix that. The first step is to create something that resembles a normal root filesystem inside /mnt/. Change directory to /mnt (cd /mnt) and then mkdir bin etc home jffs lib opt root sbin tmp usr var www; chmod 1777 tmp. Now you have a bunch of directories that can be mounted over existing read-only location. Not every directory created will be used in this guide; the extra ones are for additional tweaking if it is needed later.

One of the goals to this is to replace /etc with /mnt/etc, but that won't work unless the needed files exist. cp -a /etc /mnt/; cd /mnt/etc/ will copy everything from /etc/ into /mnt/etc/, preserving all attributes, and then switch to that directory. Next, mkdir passwd.d group.d; mv passwd passwd.d; mv group group.d

Putting it to Work

Everything is in place, we just need a simple shell script, so it's time to fire up vi. If you don't know vi or don't like it, don't worry, it won't last long. Type vi /mnt/mount.sh to start creating the file, press i to enter insert mode, and put this in the file:

Full size

Now press escape to leave insert mode, then :wq to save and quit. Make the file executable with chmod u+x /mnt/mount.sh and your script is ready. Run it with /mnt/mount.sh and you'll have writable directories in /opt, /jffs, /usr/local, /etc/, and root's home directory without causing any damage to the original filesystem.

Left like this, your router will return to its default mostly read-only state when you reboot the router; if you want the writable system and any changes you've made to the configurations and other parts, you'll have to run the mount.sh script manually again. If you decide you like the change and want to make it automatic, you can add it to the previous automount with the following command: nvram set rc_startup="`nvram get rc_startup` && /mnt/mount.sh"

It's still not permanent and you can always revert to the original read-only state by removing the USB storage and rebooting the router.

Extra Credit

You've gotten this far and now you want to know what you can do with the modified system. Root's home directory is now available on the removable drive instead of in RAM, so you can store files and user settings and not have them reset on reboot. Likewise, /etc is editable, so you can change system configurations. We can put that to use and make installing software easier.

echo PATH=/usr/local/bin:/usr/local/sbin:$PATH > .profile

The next time you log in to the router, /usr/local/bin and /usr/local/sbin will be at the top of your search path, so you can put your own scripts in there (don't forget to make them executable) and run them by name. One use of this is to fix a problem with the ipkg script that is distributed with DD-WRT. The script tries to use the --passive-ftp switch with wget, but the DD-WRT built-in doesn't accept it, which leaves the entire thing broken. cp /bin/ipkg /usr/local/bin and now you can edit the script and remove the --passive-ftp switch.

While you're editing files, you'll want to look at /etc/ipkg.conf. The supplied package list is most likely older and only usable for certain chipsets (mipsel), so you may need to change repositories. For example, if you're using a Buffalo router, it uses an Atheros chipset, so you can't use packages from the default whiterussian release. Comment out those lines with # and add src kamikaze http://downloads.x-wrt.org/xwrt/kamikaze/snapshots/atheros/packages instead for the G300NH.

Full size

After you have ipkg fixed and configured, run ipkg update. You can now list, search for, and install packages with it. If you're not a vi fan, your first install will probably be nano. (Sorry emacs lovers, but it doesn't seem to be available) You may also be able to install swapon and make use of that small swap partition, though it doesn't work on all chipsets and couldn't be tested for this guide.

You can also create new user accounts, though you need access to the htpasswd command and you have to add them by hand-editing the passwd file. On a system that has htpasswd installed, you can run it with the -n switch and then paste the encrypted password into the appropriate place in the /etc/passwd file. Adding new users without a good understanding of what you're doing can be a security risk, so we suggest learning more about the passwd file before trying to add users.

A special note about adding users: when you run the mount script, it reads all the files in /mnt/etc/passwd.d/ and creates a new passwd file from them. If you decide to add new users, create a new file there so that it doesn't cause problems with the users created by the firmware at bootup.

Depending on the router's hardware, there is a wide variety of software that can be added now, including some that expect an editable /etc. There are text-based browsers, IRC clients and servers, image manipulation tools, and more. Your router is now super-powered; happy hacking!

But My Router Doesn't Have USB!

If your router isn't endowed with a USB port, there's still some hope. You can still power up the router by following instructions on setting up JFFS and then adapting everything from "Preparing the Filesystem" onward. This has the disadvantage of putting a lot of wear on the router's flash memory, however, so it's not suggested. Instead, consider purchasing a router with USB support when you replace your current one.

via lifehacker.com

Posted via email from ://allthings-bare

How to Reset or Change the Password for Your Verizon FIOS Router

Have you ever tried to login to your Verizon FIOS router, only to find out that you’ve got no idea what the password is? Here’s how to reset the password to the factory defaults and get access to your router again.

If you’re still looking for a good reason to login to the router, be sure to read our guide to changing your Wi-Fi router channel to optimize your signal, or our explanation on why hiding your wireless SSID is really not a security feature.

Logging Into Your Router

Normally all you need to do in order to login to your router is simply head to http://192.168.1.1 in your browser, and enter in the username and password to get into the settings.

On a side note, that password box is really annoying on these Verizon routers.

Resetting the Password for Your Verizon Router

Each of the Verizon routers will have a Reset button on the back side somewhere, usually with a red circle around it. To reset the router to factory defaults, press this button (using a pen or something similar), and hold it down until all the lights on the router blink and turn off, and then back on—it’ll take somewhere between 10-30 seconds.

If it doesn’t work, then try it again.

And the Default Password Is…

Once you’ve reset the password to the default, it’s going to be set to one of the following—or it might already be set to one of these, so before you reset the router, you should try each of these.

• “Password” – once you reset the password on most of the routers, it should be set to simply password.
• “admin” – sometimes the Verizon tech will change the password to admin, though they are supposed to change it to the serial number.
• Serial Number – each router has a serial number on the sticker on the back, and often the password has been changed to match this number.
• Blank – and we’re not referring to typing Blank into the password field—on one of the routers the password field should just be ignored, by default, at least.

If you’re still not having any luck, then reset it.

Various Verizon Router Models

We’ve put together a quick little table with all the Verizon router models that we know of, and the default password for each.

via howtogeek.com

Posted via email from ://allthings-bare