DD-WRT seemed decidedly "bloated" after I found out about Tomato. Maybe that is unfair or ignorant on my part, but do check out Tomato if you are considering DD-WRT.

http://www.polarcloud.com/tomato

Why are the only routers supported using 802.11G? I got one of the Buffalo 300N routers and was looking forward to trying this instead of DD-WRT.

I assume it's because the developers of Tomato don't have any of the newer routers to attempt supporting them. There are a few other options for the G300NH, including OpenWRT, but I've just decided to stick with DD-WRT because it seems to have the best overall feature set.

Only if you're fortunate enough to have a supported device. :(

Both OpenWRT and Tomato USB (http://tomatousb.org/) feature broader device support (via a 2.6 kernel). I prefer the latter.

Thanks for the link, sadly it appears that the later version of the WRT54G still aren't supported. :(

So by visiting his blog we are essentially letting him use rebind on our connections? ;)

Some background here would be really nice (for us non device hackers). Who exactly would have DD-WRT on their routers? Is it something you have to install manually?

edit: i should have googled before asking :-). Apparently it's a custom firmware for linksys routers. Looks like you have to go through a lot of trouble to get it installed, so I'm sure the overall userbase is pretty small.

The best feature for me is the support for unusual wireless topographies. Our house is rented, so I can't go drilling holes in things to route ethernet cable. Instead I've built a wireless mesh network out of several DD-WRT routers, with the bonus of bridging this to the wired switch on each unit. This way the xbox and the kitchen computer can connect to the internet, which comes in upstairs, with no fuss. You can also do lots of fun point-to-point stuff. With a decent aerial and line of sight you can throw wifi for 2 miles or more using consumer routers.

http://www.dd-wrt.com/wiki/index.php/Linking_Routers

a close second is the SNMP server, allowing me to use this OSX dashboard widget to get a graph of incoming/outgoing bandwidth usage at the router:

http://www.apple.com/downloads/dashboard/networking_security...

If anyone is wondering which device is generally considered the best balance of price/spec for running these firmwares, its widely agreed to be the Buffalo WHR-HP-G54, which can be had for around £40/$60

EDIT: oh yeah and of course its also an openVPN server. Forgot about that. And if you get one with a USB port you can plug in a HDD and run rsync on it...

There was enough demand that Linksys created models just for this purpose (the WRT54GL and friends).

It's an easy upgrade for a technical person. Download custom firmware, upload to router, reboot. The same people who would upgrade their own firmware from Linksys can install dd-wrt, Tomato, hyperwrt, etc. Admittedly, that's a small slice of the population but a large number of people.

For what purpose exactly would you want to put custom firmware on it? Why isn't the stock firmware good enough? I've a WRT54G router -- do I have any good reason to use any custom firmware?

I'm guessing it's just for hobbyists -- "just for the fun of it" kind of thing?

It provides a lot of additional functionality as the other comments have described, but it also fixes a lot of bugs and crappy handling of things. BitTorrent chokes hard with standard firmware (it doesn't handle many connections very gracefully), but I have no problems with Tomato. I also have lots of tuneability, DDNS on the router, graphs, QoS, access control, and many other very useful things.

Most newer stock firmwares have support for things like DDNS on the router, though things like QoS, etc are usually left out of the stock firmware on consumer routers (being reserved for the 'professional grade' systems, so they can up-sell you).

These firmware variants allow it to replace far more expensive devices. It's also quite small and requires little power.

I personally use an WRT54GL hardware to offer public internet access to folks at a coffeeshop. Here is what this $69 USD (when i bought it) device helped with.

Public Wireless - The range covers the entire store and the outdoor seating area. Here we mention terms of service and "beg" them to buy something with captive portal software. I'm not really sure how many clients it can handle, but it certainly meets the need.

Public Terminals - It serves up PXE boot images to 3 netbooted terminals. They run the Linux Terminal Server Project software.

It also makes it easy to set up firewalls, QOS, and anything else you might do with any other Linux box.

I think it's a great deal for $69 USD. This same device has been running for > 4 years!

Older WRT54G's handled BitTorrent traffic terribly. The router will go and kill itself once every 15 minutes or so, necessitating a power cycle. In fact, power cycling the router became a normal part of its use.

DD-WRT (and Tomato) were very, very good solutions to this. Still are - there are still a number of popular routers out there where the stock firmware will choke on BT.

Once the number of connections through the router reaches a certain point (in relation to BitTorrent traffic usually), the total d/l bandwidth (on any protocol) through the router dropped to ~30kB/s, in my experience. This is how I knew that it was time to power-cycle the router. Then all of the sudden all of my connections were flying again.

This is the exact reason I use it. DD-WRT was my last ditch chance before buying a new router. It now handles everything like a champ and I get built in DDNS, QoS, etc for free.

I have a couple of routers using dd-wrt. I have one of them set up on my roof, and another in my server room (a closet). The one on the roof acts as a wireless client to the main access point, and also as a wireless access point itself.

I have also set up a bunch of internal static ips for different machines and printers and such, and I seem to recall there was some ridiculously low number of slots to add them in default firmware on one of the routers I was using. (it has been a few years though).

With QOS, one could leave their wifi open to help neighbors. If someone used p2p at full throttle, the standard firmware would let you either secure the connection or blacklist the (spoofable) MAC. With QOS, one could put the offending MAC into a class with a fraction of the total bandwidth - making the connection usable for everyone else, & not leading to a game of whack-a-mole with MACs.

I'm using it on different hardware (Netgear WNDR3700), because it has more functionality than stock firmware.

What I'm using: printserver (it has USB port, that is great for sticking printer in) and persistent VPN. It is definitely not just for the fun of it.

QoS (prioritize your ssh packets over your netflix stream over your http reqs); ssh server (so that you can have a SOCKS proxy to connect to from public Wifi); VPN endpoint; VOIP SIP proxy (to do fancy routing of SIP calls).

I'm pretty sure you can install a web browser and serve up static content from a consumer NAS too.

Basically, it lets you do a large subset of what you would be able to do with an always-on computer, but without burning all that power.

Some router models have USB ports and can be NAS devices too.

Also, my biggest reason for custom firmware: upping the radio range. Linksys' default output is very conservative.

If you happen to have an original wrt54gl of version 1.0 or 1.1 you can reasonably use those as well since they ran Linux

The ones that came after switched to vxWorks and really slimmed down on the ram.

Then, then introduced the wrt54GL (the L meaning Linux)

I work for a small WISP and we install DD-WRT on all of the routers we hand out. It's much easier to manage and diagnose connection problems with DD-WRT than with the default firmware.

I have it installed on my Belkin router because the stock firmware doesn't support Telnet connections. It's pretty great.

For those not familiar with the whole router firmware hacking thing, here is the backstory

http://www.wi-fiplanet.com/tutorials/article.php/3562391/The...

Also in addition to DD-wrt there is openwrt which I've got running on my router, and probably a number of others.

"Info Page" setting he talks about is:

Administration tab > Management sub-tab > Web Access section > "Enable Info Site"

My SVN build of DD-WRT has a "No DNS Rebind" setting defaulting to true. Not sure if this prevents the attack - couldn't find easy steps to reproduce in order to verify.

Is there a solution to this yet? He says it affects you whether or not you have the info page enabled.

The solution is to password protect the info page. I also checked if there is new firmware. Also, on my Buffalo I just set up SSH and stopped httpd. Didn't know how to do it, so I read here http://www.dd-wrt.com/wiki/index.php/Telnet/SSH_and_the_comm... and here http://www.howtoforge.com/ssh_key_based_logins_putty

I wonder if Tomato is affected.

I randomize the two mac addresses weekly anyway.

> I randomize the two mac addresses weekly anyway.

Why?

Paranoia.

It's also a guaranteed way to get a new external IP assigned, even when renewing your DHCP lease fails to.

Do you have a script to do this or do you do it manually?

Manually.

I wish I could tell it to randomize when I shutdown but that would be pretty difficult to accomplish.

I wonder if I could make Tomato randomize them on startup (I power the router down nightly).