Showing posts with label netgear. Show all posts
Showing posts with label netgear. Show all posts

28 January 2013

328. Liberate your router: dd-wrt on Netgear WGT624 v4

UPDATE 1 Feb 2013: I haven't had any explicit problems with my router since flashing it. Everything is apparently working well and my network connection is reliable and fine (if only subjectively a bit slower than before --  running a speed test shows that it's as fast as ever so not sure what's happening). HOWEVER, I've suddenly started having issues with ECCE and submitting jobs via a frontendMachine -- I kept getting "cannot 'cd' to run directory" errors, but the ECCE log contains no errors messages at all. This wouldn't happen for very small NWChem input files, and it would happen ca 80% of the time. Normally I wouldn't suspect this was a router issue, but changing back to my (unflashed) AR430W resolved the issues immediately. Somehow I suspect this is a router version of this, but then I should see error messages in the ECCE log...

Other than that I'm really happy with dd-wrt (no sarcasm intended -- I've had no other issues and I love the power dd-wrt gives me over my hardware).

Finally, there's the old adage about correlation vs causuality. We'll see if the errors start popping up again while using my AR430W.

Original post:

I've been using Tomato with my WRT54G for a couple of years now, and I'm incredibly happy with it. Since I have a couple of old routers (airlink 1010 ar430w and netgear wgt624 v4) with stock firmware lying around I figured it was time to turn them into something useful. So here's how to flash the netgear router. If it stands up to sustained use I'll be writing an AR430W guide later.


Lengthy preamble
The stock firmware basically does nothing for me -- it's clunky, slow, and there's no terminal access. In particular, I want busybox/ssh, Tomato does all that for me, but it doesn't support a particularly wide range of routers (I reckon that Tomato is the reason why Linksys WRT54GL still costs $90 in Australia, in spite of being old as sin -- those who doubt the value of opening up their hardware may want to consider the RoI on that one)

In addition to Tomato, there's also DD-WRT (supported devices) and OpenWRT (supported devices). DD-WRT support a huge number of routers, but it appears to be a whole lot more complicated to install than Tomato. Maybe this varies according to the router as well.

For instructions you're referred via the database to the dd-wrt forum thread about your router. The problem with this is that you'll be facing 30-odd pages with instructions, problems, dead-ends etc. Some threads end with a step-by-step summary on how to install dd-wrt, but not all do.

Anyway, here's my best attempt at writing a simple and complete step-by-step guide to replacing the stock firmware on Netgear WGT24 v4 with DD-WRT on Debian Testing/Wheezy. I'm basically just following this blog post: , but hopefully I've added enough detail to make it possible for just about anyone to follow this guide.

Please consult to see what files you need. NOTE: the files below only apply to v4 of Netgear WGT624. Installing them on any other router may brick it.

On your linux computer:

Get the files:
sudo apt-get install atftpd tftp putty
cd /tmp
mkdir ftpdboot
cd ftpdboot/
wget -O linux.bin
wget -O wgt624v4-firmware.bin

Edit /etc/default/atftpd:
USE_INETD=false #true OPTIONS="--tftpd-timeout 300 --retry-timeout 5 --mcast-port 1758 --mcast-addr --mcast-ttl 1 --maxthread 100 --verbose=5 /tmp/ftpdboot"

Edit /etc/inetd.conf
32 tftp dgram udp4 wait nobody /usr/sbin/tcpd /usr/sbin/in.tftpd --tftpd-timeout 300 --retry-timeout 5 --mcast-port 1758 --mcast-addr --mcast-ttl 1 --maxthread 100 --verbose=5 /tmp/ftpdboot
and do
sudo /etc/init.d/openbsd-inetd reload

for good luck. If you don't have openbsd-inetd you may have xinetd or inetutils-inetd installed instead (I think openbsd-inetd is default on debian). Edit the command as necessary.

Edit your /etc/network/interfaces file:
auto eth0 iface eth0 inet static address gateway netmask

and run
sudo service networking restart

Make sure that your card came up ok (do e.g. ip addr)
2: eth0: broadcast mtu 1500 qdisc pfifo_fast state UP qlen 1000 link/ether 00:26:9e:27:9b:20 brd ff:ff:ff:ff:ff:ff inet brd scope global eth0

Prepare two terminals, side by side (or start a screen session with two tabs open). In one, type
echo "^C"> end.txt
putty telnet -m end.txt

But don't hit enter after the second command.

In the other terminal, type

but don't hit enter.

Connect the ethernet port on your computer to one of the ethernet LAN ports (not WAN/Internet) on your router.

You are next going to unplug the power from the router, and hit enter after the ping command. Immediately when you get ping replies:
64 bytes from icmp_req=4 ttl=64 time=0.371 ms
you hit enter after the putty command in the other window. If nothing good happens, then redo (i.e. unplug the router, hit enter after the ping command etc. Don't start the ping until you're re-plugged the router).

Ready? GO!
64 bytes from icmp_req=1 ttl=64 time=0.371 ms
putty telnet -m end.txt

And you should get

Before you continue make sure that you've opened up your firewall e.g. if you're not connected to the internet you can go crazy like this:
sudo iptables -P INPUT ACCEPT
sudo iptables -P OUTPUT ACCEPT
sudo iptables -P FORWARD ACCEPT

And don't forget to restore your firewall once you're done.
Time to get dangerous.

RedBoot> fis init
About to initialize [format] FLASH image system - continue (y/n)? Y *** Initialize FLASH Image System ... Erase from 0xbffe0000-0xbfff0000: . ... Program from 0x80ff0000-0x81000000 at 0xbffe0000: . RedBoot> ip_address -h IP:, Gateway: Default server:
RedBoot> load -r -b %{FREEMEMLO} redboot_ap61_16M_4M_admtek.rom
Using default protocol (TFTP) TFTP timed out 1/15 Can't load 'redboot_ap61_16M_4M_admtek.rom': operation timed out
Try again:
RedBoot> load -r -b %{FREEMEMLO} redboot_ap61_16M_4M_admtek.rom
Using default protocol (TFTP) Raw file loaded 0x80040c00-0x8005007f, assumed entry at 0x80040c00
RedBoot> fis create -l 0x30000 -e 0xbfc00000 RedBoot fis create -l 0x30000 -e 0xbfc00000 RedBoot An image named 'RedBoot' exists - continue (y/n)? y ... Erase from 0xbfc00000-0xbfc30000: ... ... Program from 0x80040c00-0x80050080 at 0xbfc00000: . ... Erase from 0xbffe0000-0xbfff0000: . ... Program from 0x80ff0000-0x81000000 at 0xbffe0000: .
RedBoot> reset

You'll see a couple of flashing lights on the router as the only indication that something just happened. Kill your current putty connection and start a new one.
=~=~=~=~=~=~=~=~=~=~=~= PuTTY log 2013.01.28 20:29:38 =~=~=~=~=~=~=~ ^C
RedBoot> fis init
About to initialize [format] FLASH image system - continue (y/n)? y *** Initialize FLASH Image System ... Erase from 0xbffe0000-0xbfff0000: . ... Program from 0x80ff0000-0x81000000 at 0xbffe0000: .
RedBoot> ip_address -h
IP:, Default server:
RedBoot> load -r -b 0x80041000 linux.bin
Using default protocol (TFTP) Raw file loaded 0x80041000-0x803ecfff, assumed entry at 0x80041000
RedBoot> fis create linux

Be patient -- this step takes a long time: 19 minutes in my case (some routers take an hour). Write down the time when it starts and WAIT at least 20 minutes.
... Erase from 0xbfc10000-0xbffbc000: ........................................................... ... Program from 0x80041000-0x803ed000 at 0xbfc10000: ........................................................... ... Erase from 0xbffe0000-0xbfff0000: . ... Program from 0x80ff0000-0x81000000 at 0xbffe0000: .
RedBoot> fconfig
Run script at boot: true Boot script: .. fis load -l kernel .. go Enter script, terminate with empty line
>> fis load -l linux >> exec >> Boot script timeout (1000ms resolution): 12 Use BOOTP for network configuration: false bootp_my_gateway_ip: Local IP address: bootp_my_ip_mask: Default server IP address: Console baud rate: 9600 GDB connection port: 9000 Force console for special debug messages: false net_debug: false Update RedBoot non-volatile configuration - continue (y/n)? y ... Erase from 0xbffe0000-0xbfff0000: . ... Program from 0x80ff0000-0x81000000 at 0xbffe0000: . RedBoot> reset


You can now navigate to in your router, but unplug, replug the router for good luck.

I created a user called admin and set a password i.e. there's no pw or username you need to know a priori.
click on services

check sshd

Don't trust important infrastructure with passwords. Use keys.

And finally
ssh root@

and hopefully you're in.

First impressions:
The busybox ('linux') version is a bit too sparse for my liking -- no netstat command...but it's still obviously a major step up from the stock firmware. dd-wrt is different from tomato -- if you're used to one you're not necessarily going to feel comfortable with the other. Luckily, dd-wrt is widely used and there are plenty of resource online. In addition, there's a demo ( ) so you can try it out before installing it.

How to set up 'static' dhcp (i.e. make sure that some computers always have the same IP address while still running a dhcp server) wasn't completely obvious either, but this post helped: