I get a lot of questions about the DD-WRT firewall. There’s a lot of talk out there that goes deep into theory and advanced firewall usage, but what if you just want to know how to set up your firewall to protect your network and open up a few ports?
Here’s how to set that up.
Note: If you have multiple DD-WRT boxes running as access points like I do, only the one directly plugged into the Internet needs to be configured this way. Disable the SPI firewall on your internal access points.
If your router has a USB port and is running DD-WRT, you can turn it into a DD-WRT USB print server. It can still do wireless duty while it allows your computers to print to your wired USB printer over your wired or wireless network. It’s not very intuitive or user friendly, but it works. Here’s how to set it up with Windows 7. Other Windows versions will be about the same.
I picked up a couple of refurbished Linksys EA6200 routers this past weekend. For whatever reason, DD-WRT isn’t officially supported on them, though it does seem to be a popular DD-WRT router. A lot of people make the upgrade far more difficult than they need to. With some simple hacks, Linksys EA6200 DD-WRT installation is pretty straightforward.
I came up with an 18-step process that I simplified just as much as I could. Unlike some methods I’ve seen, I don’t have you editing any binary files or creating custom startup scripts.
I’ve been asked a few times now for my recommended DD-WRT settings, or at least my good-enough settings. I think that’s a great idea, so I’ll walk through how I configure a DD-WRT router. Follow these steps and I can almost guarantee you’ll have the most secure network on your block.
For the purposes of this tutorial, I am going to assume you are configuring DD-WRT as your primary router.
Many routers, notably Belkins, have a feature in them to schedule an automatic reboot periodically, usually once a week. Frequently this “feature” is there as a workaround, because something about the router’s software gets unreliable if it’s been running longer than a week. So it’s a kludge, but it keeps the thing working without a lot of effort, so the feature is there.
The respectably rock-solid DD-WRT also has the ability to schedule a reboot built in. I don’t know if it’s there to make life easier for developers, or if it’s there to deal with second-rate hardware, or if there was a time when it was necessary and they just never took the feature back out. Regardless, it’s there, though many DD-WRT stalwarts brag about never needing it because their router’s uptime is more than six years.
It’s fun to get into uptime contests, but it’s poor security. If you have a router, it’s a good idea to be rebooting it every so often, so you might as well turn on that feature, even if it costs you some pride. Read more
There’s an addition on the back of our house, probably added in the 1970s or 80s, where the wi-fi reception is exceptionally poor. Something about the walls makes it tricky, and I also suspect we get some interference from the neighbors behind us. I solved the problem with a cheap router running DD-WRT as an access point. Read more
A very good question came in as a comment to my earlier post, the benefits of practicing IT at home. What do I mean by putting some Windows 7 machines on a domain? It’s one of several good home network projects.
I mean standing up a server with centralized user accounts and shares, running on Windows Server or Samba, whichever you can afford. Make it a print server too, and print from it, just like you would from an office. Then extend it, and extend your sysadmin skills. Here are several ideas for projects of varying length, difficulty, and expense.
You can improve the speed of printing slightly and, depending on the nature of your print jobs, dramatically reduce disk writes if you move the print spool directory to your ramdisk. It’s a little performance tweak you might have never heard of, but it’s helpful.
This trick works best with a ramdisk product that loads a disk image at startup, such as Dataram Ramdisk.