Hotrod Your Linksys WAP with Linux (Part 3)

Tuesday Nov 8th 2005 by Carla Schroder

Those little, blue consumer-grade WAPS make nice experimental Linux boxes. This week we cover setting up DNS and DHCP services.

Now that we have ripped out the stock guts out of our Linksys WRT54G and replaced them with a miniature, but mighty, Linux operating system, it's time to configure it to do some actual work. (Part 1 and part 2 cover installation and setting up secure administration of your chopped, dropped little blue box.)

Sharing a Broadband Connection
Remember, none of these settings are committed to NVRAM (define) until you enter the nvram commit command. As long as you do not write to NVRAM, you can safely test new commands, and reboot to a known good configuration if something goes wrong. When everything works right then you can commit.

Log in to the router via SSH (see Part 2 for how to set up SSH). This shows example settings for sharing a cable or DSL connection on a dynamically-assigned WAN IP:

# nvram set lan_proto=static
# nvram set lan_ipaddr=
# nvram set lan_netmask=
# nvram set wan_proto=dhcp

NAT (define) is enabled in the default WAN firewall, which is configured in /etc/S45firewall. So all you need to do is configure your LAN and WAN ports, plug everything in, and you're done.

If your Internet service provides you with a static IP, that's just as easy to configure as the LAN IP:

# nvram set wan_proto=static
# nvram set wan_ipaddr=
# nvram set wan_netmask=
# nvram set wan_gateway=
# nvram set wan_dns=

At this point you can either do nvram commit and reboot the router, or just restart the networking interfaces:

# ifup lan
# ifup wan

Local DHCP and DNS
As you recall from part 1, the recommended installation created a read-only squashfs partition and a writable jffs2 partition. The default configuration files are written to the squashfs partition and symlinked to jffs2. This means that editing the default configuration files requires that you first delete the symlink, then copy the file to the jffs2 partition:

# rm /etc/dnsmasq.conf
# cp /rom/etc/dnsmasq.conf /etc/dnsmasq.conf

Every host should have its own hostname configured locally. On most Linuxes, this is done in /etc/hostname:


On Red Hat, it's configured in /etc/sysconfig/network. Check your work by running the hostname command, and remember that hostname changes require a reboot.

This sample dnsmasq configuration contains a pool of addresses that are assigned to hosts as they join the LAN. In this example the lease time is set at 168 hours for addresses

# filter what we send upstream

#openwrt needs dnsmasq to run as root


You don't need to explicitly set the default route, DNS server, and gateway, unless these are on other servers, because dnsmasq automatically uses the settings from the server it is installed on.

The domain-needed directive tells dnsmasq to not forward name queries. If it is not found in /etc/hosts or DHCP it returns a "not found" answer.

bogus-priv returns an "NXDOMAIN" answer to any queries that are not answered in /etc/hosts or DHCP.

filterwin2k blocks insane DNS queries from newer versions of Windows that serve no purpose but to cause trouble and woe.

The expand-hosts directive tells dnsmasq to automatically expand the hostnames, by combining the hostnames with the domain name.

dnsmasq by default reads /etc/hosts, so this is where you assign static IPs to any hosts that need them, like servers:            localhost        mail1        http1        http2
You only need to configure /etc/hosts on the dnsmasq server, which is a lovely time-saver.

You may map IP address to hardware addresses in dnsmasq. First add this directive to /etc/dnsmasq.conf:


Then create or edit the file /etc/ethers. This file contains the hardware address of each host mapped to its MAC address:

#carla's thinkpad
# fred's super-duper engineering workstation
# big ole Samba fileserver

Naturally, you must replace the Xes with your actual MAC addresses, which are found with the ifconfig command:

$ /sbin/ifconfig
eth0 Link encap:Ethernet HWaddr 00:0B:6A:EF:7E:8D

And just like on a grownup Linux, whenever you make changes to a service, it must be restarted:

# /etc/init.d/S50dnsmasq restart

NVRAM Commands
nvram show displays your current settings.
nvram set [foo] sets a new variable
nvram unset [foo] deletes a variable
nvram commit writes all newly-entered commands to NVRAM

Despite all the dire warnings in previous installments, you can usually get out of trouble. If you cannot get into the router at all, try resetting it to failsafe mode. This only works if you have the read-only squashfs partition. To get into failsafe, unplug then plug in the router, wait for the DMZ led to light, then press and hold the reset button for two seconds. If it worked, it will flash three times per second. The network settings will revert to the defaults, so you'll access it at

If you want to restore the default filesystem on the jffs2 partition, erasing all changes you have made, run the firstboot command.

If you've been making a lot of changes using the nvram command and gotten hopelessly borked, wipe it all out and start with a clean slate by running these commands:

# mtd erase nvram
# reboot

As long as you followed the instructions for the "difficult but safe" installation in Part 2, and have boot_wait=on set, you can always recover by re-flashing new firmware.


Mobile Site | Full Site
Copyright 2017 © QuinStreet Inc. All Rights Reserved