DD-WRT: Password Protect Your Status Page To Increase Network Security

DD-WRT is an excellent firmware alternative for your network router, whether your router is used at home for at your business.  One of my favorite features of DD-WRT is the router status page, shown below.  The DD-WRT status page is very useful for looking at real-time information.

This status page is shown by default when you enter your router’s IP address into your web browser.  Information included on this page is the WAN IP address of your router, the MAC addresses of your LAN, WAN, and Wireless connections, router memory usage, and partial MAC addresses of client users (which have been hidden by default.)

If you are looking to add some extra security to your DD-WRT enabled network, consider password protecting the status page.

How to Password Protect The DD-WRT Status Page

Step 1: Log-in to your DD-WRT enabled router by entering it’s IP address in your web browser (usually http://192.168.1.1).

Step 2: Click on the Administration tab.

Step 3:  Scroll down to the Web Access section.

Step 4: Check the Info Site Password Protect box, as shown below.

Step 5: Scroll to the bottom of the page and select Apply Settings.

Once the settings have been saved, close your web browser, re-open it, and return to your router’s IP address.  You are now presented with a box to enter your router’s username and password.  Entering this information will allow you to login and see your router’s status page.

Do you use the DD-WRT firmware on your router and have any tips for securing your network?  If so, share them in the comments below!

How To Use A Router as a Wireless Adapter Without NAT

In a previous article I showed you how it is possible to use a wireless router and 3rd party firmware as a wireless adapter.  While the information in that guide is still relevant to most users, the steps provided create a limitation for more advanced users.

In the previous guide, any devices connected as clients to the wireless router adapter would use Network Address Translation (NAT). (If you’re not up-to-speed on networking terminology, HowStuffWorks has a great explanation of NAT.) While the NAT adds an extra layer of security, it also adds an extra layer of complexity if you need to do any port forwarding to the clients of the wireless router adapter.

In this guide I’ll show you how to use an old wireless router and the same DD-WRT firmware as before to create a wireless bridge between two wireless routers and remove the NAT layer created by the DD-WRT Client Mode.

Configure the Router and Wireless Bridge

Step 1: Start by checking if you router supports a 3rd party firmware. (For this guide, I am using the free DD-WRT firmware).

Step 2: Download and install the firmware according to the instructions for your router model.

Step 3: Once you have the DD-WRT firmware installed on your router, connect an ethernet cable from your computer to a LAN port on the router.

Step 4: Enter the local address of your router, typically http://192.168.1.1, into your browser and log in using the default credentials. The default credentials are usually root for the username and admin for the password.

Step 5: When you are logged into the router, navigate to the Wireless tab and select Wireless Security. Select your current wireless security settings and enter your wireless encryption key that you use to access your wireless network.  Click Apply Settings.

Step 6: Navigate to the Wireless tab and select Basic Settings.  Select Client Bridge from the Wireless Mode drop down.

Step 7: Enter the name of your wireless network into the Wireless Network Name (SSID) box.  Note: This is case-sensitive! Click Apply Settings.

Step 8: Select the Setup tab, select Advanced Routing.  Change the Operating Mode to Router and click Apply Settings.

Step 9: Navigate to the Security tab and select Firewall.  Disable the SPI Firewall by checking the Disable button and clicking Apply Settings at the bottom of the page.

Step 10: Navigate to the Setup tab and select Basic Settings.   Here is where you give your wireless bridge router its new local IP address other than the default.  My main router has an IP address of 192.168.1.1, so I set my wireless bridge router to have an IP address of 192.168.1.2.  Basically make this anything other than your main router IP address or anything that falls within your DHCP pool.

Enter the Gateway and Subnet Mask of your wireless network next. You can find this information under Default Gateway and Subnet Mask by entering ipconfig in the command prompt on a computer already connected to your wireless network.  Click Apply Settings when the settings have been entered.

Step 11: At this point you will lose the connection to the web interface of the wireless bridge router since the IP address has now changed.  If you need to reconnect to the wireless bridge, simply enter the new IP address from Step 10  into your web browser.

Step 12: (optional) Click the Setup tab and select Basic Setup. Under WAN Port, check the box to Assign WAN Port to Switch. This will add the WAN port to the 4 port switch, giving you 5 ports to share the wireless connection.

Once the above steps have been completed, your router with DD-WRT firmware will connect to your wireless network as a client bridge just as if you connected to the same wireless network with a laptop.  Any devices that are connected to the 4/5 port switch has network connectivity and IP information that is handled by your main router, removing the NAT.

Fix: Apple’s Mini DisplayPort Wireless Internet Connection Problem

Apple’s newest MacBook Pro models feature a Mini DisplayPort for connecting external monitors. While the new connection is in many ways much better than a full-sized DVI or even DisplayPort, there have been recent reports of problems with wireless internet connections. When connecting an external monitor through the Mini DisplayPort, the Airport wireless signal drops to nothing (or almost nothing).

This is a pretty niche problem, but it’s been eating away at me gradually for the past few weeks, so I did some tinkering and found that by simply switching my router’s wireless channel from “Automatic” to “Manual” and selecting Channel 6, I was able to get full wireless back on my MacBook Pro.

Doing this on an Airport Extreme (or Time Capsule, or Airport Express) is as simple as opening the Airport Utility, going to Manual Setup, and adjusting the Channel setting. Your router will have to restart to apply the settings, but once it’s back up, you should be good to go.

Apple Airport Utility Wireless Settings

For information on accessing Linksys routers, see our previous article about Wireless Security.

Don’t ask me why this works, or why this is even a problem in the first place. Apple hasn’t said anything officially regarding this issue, but it seems to be affecting a number of users.

Control Your Linux System With A Web Interface

webmin-logoAdministrating a Linux system is sometimes thought to be a task reserved for the command-line-savvy individuals.  While Linux does provide other means of administration such as various desktop environments and VNC (Virtual Network Computing), these means can sometimes be difficult for users to setup.

Webmin is a web interface for Linux that can provide a simple and easy-to-use solution to your Linux administration needs.

Using Webmin

Start by downloading the correct Webmin package for your system from http://www.webmin.com/download.html.  Install the download package for your system.

When the package has been installed, you can access the Webmin interface locally by opening your browser and entering the address show below.

http://localhost:10000 or http://YourSystemNameHere:10000

Login with root and the root password for your system.  To access the Webmin web interface from anywhere other than the local system, you will need to open the port in your firewall and/or configure your router for port forwarding.  You can visit http://portforward.com for help with port forwarding on your router.

When you first login, you will be greeted with some basic system information shown in the picture below:

webmin-main

Webmin offers control over almost every aspect of administration of your Linux system.  A complete list of Webmin modules can be found at the Webmin wiki.  Some of the different areas that Webmin can control are shown below:

webmin-menu

Webmin is a great way to administrate your Linux system.  What has been your experience with Webmin?  Would you recommend it to others?  Let us know by commenting below.

Wireless Security Tip: Secure Your Wireless Internet

wireless-security-thumbIf you have your own wireless internet connection, it might be unsecured (meaning that you don’t have to type in a password to access it) or it may be using WEP encryption.  There are several important reasons why you should encrypt your internet (or switch from WEP encryption to a stronger method such as WPA or WPA2):

  • Leaving your wireless internet unsecured lets anybody access your network which can cause slow connection speeds.
  • If an intruder illegally downloads something using your wireless internet, you could be legally liable for their actions.
  • An intruder could potentially monitor your network traffic and obtain passwords or other confidential information.
  • WEP encryption can be easily cracked in a matter of minutes, which makes it only slightly better than an unsecured connection.

This guide will show you how to identify the current security used on your wireless network, and how to better secure it with WPA / WPA2 encryption.

Note: Some older network cards don’t support WPA2 encryption.  If you can no longer connect to your access point after setting it to WPA2, use WPA instead.

Identifying Your Current Security Mode

Most of the time, you can see what type of security an access point uses before connecting to it.  View your available wireless networks and check out your own network to see what your current security settings are.

Wireless Security in Windows XP (WPA and WPA2 highlighted)
Wireless Security in Windows XP (WPA and WPA2 highlighted)

Wireless Security in Windows 7 (WEP and WPA highlighted)
Wireless Security in Windows 7 (WEP and WPA highlighted)

If you see WPA or WPA2 next to your connection – that’s great, you’re done.  WPA and WPA2 provide strong protection as long as you use a good password.  When creating a password, avoid using dictionary words and try to include complex characters like !@#$%^&*.

If you see WEP or no security, it’s time to add WPA or WPA2 to your access point.

Enabling WPA/WPA2

Wireless security options are different for every access point and router, so refer to your user’s manual or check out the device manufacturer’s support information online.  Your device may even come with an installation disc that can walk you through security setup.

In general, you need to locate a Wireless/Wireless Security section in your access point’s configuration and enable WPA or WPA2 security.  With many access points and routers, you can type in the Gateway address of your internet connection in a web browser to access the device’s configuration page.

Note: The Gateway address can be found by viewing your current connection’s details (varies by your operating system) or by pressing Windows Key + R, type cmd and press enter, then type ipconfig and press enter.

Gateway Address in Connection Details
Gateway Address in Connection Details

Gateway Address using ipconfig in Command Line
Gateway Address using ipconfig in Command Line

In my case, my router’s address is 192.168.1.1, so I typed that address in my browser and pressed enter.  This will open the device’s configuration page (you may need to enter login credentials to access this page).  Locate a Wireless Security section (this may be under Wireless, look around until you find it) and enable WPA or WPA2 security, selecting ‘Personal’ if it gives you the option.  Create a strong password and click save.  You will have to re-join your network once this has been done.

Wireless Security in Tomato Firmware
Wireless Security in Tomato Firmware

Wireless Security in Linksys Firmware
Wireless Security in Linksys Firmware

Now that you’ve enabled security on your wireless connection, it will be much more difficult for an intruder to steal your internet access or perhaps obtain confidential information.

Have any tips for better securing your internet connection?  Share them with us in the comments.

How to Rebroadcast a Weak Wifi Signal

routerThere may be a time when you have access to a wireless network in one part of your house, but just can’t get it anywhere else.  This isn’t a big deal if you own the network (you can buy another access point or wireless repeater), but if you don’t own the network, this guide will show you how to extend your free coverage.

What’s the purpose of this, you might ask?  In my case, I can connect to several wireless networks in my bedroom where my PC is located.  Unfortunately, I can’t access those networks in my living room where my Xbox 360 is located.  The technique presented in this guide allowed me to use my PC to pick up a wireless signal, share it with my PC’s Ethernet connection, and then rebroadcast it with a router.

What You’ll Need:

  • A working wireless connection
  • A computer running Windows XP, Vista, or 7 with an unused Ethernet port
  • A configured wireless router set to DHCP mode (I’ll be using a WRT54GL with Tomato firmware, but anything will work).  Every router is different, so make sure you configure your router’s settings (SSID, security, etc) before you begin this guide.
  • An Ethernet cable

Windows XP

  1. Connect your wireless router to your PC’s unused Ethernet port with an Ethernet cable.  Make sure to connect the cable to the source or internet port on your router, not one of the numbered outputs.
    router_back
  2. Power the wireless router.
  3. In Windows, right click the Network icon in the system tray and select Open Network Connections.
    rebroadcast_wifi_networkconnXP
  4. Right click your wireless connection and select Properties.
  5. Click the Advanced tab and select “Allow other network users to connect through this computer’s Internet connection”.  This will allow your computer’s Ethernet port to access your wireless internet connection.  Click OK.
    rebroadcast_wifi_enablesharingXP

    1. If you don’t see an option for sharing your connection, verify that you have a second connection enabled on your computer.
  6. You now need to give your Ethernet connection a static IP address.  In the Network Connections window again, right click your Local Area Connection and select Properties.
  7. Select Internet Protocol (TCP/IP) and click the Properties button.
    rebroadcast_wifi_tcpipXP
  8. Select Use the following IP address: and provide an address.  I arbitrarily used 192.168.137.1.  Set ‘Subnet Mask:’ to 255.255.255.0.  Leave the DNS settings blank and click OK.
    rebroadcast_wifi_ipsettings
  9. Your rebroadcasted wireless network will now be up and running!

Windows Vista

  1. Connect your wireless router to your PC’s unused Ethernet port with an Ethernet cable.  Make sure to connect the cable to the source or internet port on your router, not one of the numbered outputs.
    router_back
  2. Power the wireless router.
  3. In Windows, right click the Network icon in the system tray and select Network and Sharing Center.
    network_rebroadcast_sharingcenterVista
  4. Click Manage network connections on the left side of the window.
    network_rebroadcast_managenetworksVista
  5. Right click your wireless connection and select Properties.
  6. Click the Sharing tab and select “Allow other network users to connect through this computer’s Internet connection”.  This will allow your computer’s Ethernet port to access your wireless internet connection.  Click OK.
    network_rebroadcast_allowsharingVista

    1. If you don’t see an option for sharing your connection, verify that you have a second connection enabled on your computer.
  7. You now need to give your Ethernet connection a static IP address.  In the Network Connections window again, right click your Local Area Connection and select Properties.
  8. Select Internet Protocol Version 4 (TCP/IPv4) and click the Properties button.
    network_rebroadcast_wifi_staticipwin7
  9. Select Use the following IP address: and provide an address.  I arbitrarily used 192.168.137.1.  Set ‘Subnet Mask:’ to 255.255.255.0.  Leave the DNS settings blank and click OK.
    network_rebroadcast_wifi_ipsettingswin7
  10. Your rebroadcasted wireless network will now be up and running!

Windows 7

  1. Connect your wireless router to your PC’s unused Ethernet port with an Ethernet cable.  Make sure to connect the cable to the source or internet port on your router, not one of the numbered outputs.
    router_back
  2. Power the wireless router.
  3. In Windows, click the Network icon in the system tray and select Open Network and Sharing Center.
    network_rebroadcast_wifi_opennetworkswin7
  4. Click Change adapter settings on the left side of the screen.
    network_rebroadcast_wifi_changesettingswin7
  5. Right click your wireless connection and select Properties.
  6. Click the Sharing tab and select “Allow other network users to connect through this computer’s Internet connection”.  This will allow your computer’s Ethernet port to access your wireless internet connection.  Click OK.
    network_rebroadcast_wifi_enablesharingwin7

    1. If you don’t see an option for sharing your connection, verify that you have a second connection enabled on your computer.
  7. You now need to give your Ethernet connection a static IP address.  In the Network Connections window again, right click your Local Area Connection and select Properties.
  8. Select Internet Protocol Version 4 (TCP/IPv4) and click the Properties button.
    network_rebroadcast_wifi_staticipwin7
  9. Select Use the following IP address: and provide an address.  I arbitrarily used 192.168.137.1.  Set ‘Subnet Mask:’ to 255.255.255.0.  Leave the DNS settings blank and click OK.
    network_rebroadcast_wifi_ipsettingswin7
  10. Your rebroadcasted wireless network will now be up and running!

While rebroadcasting a weak signal does give you better access to a wireless network, it does have some inherent disadvantages.  Port forwarding will now be twice as complex, and there will most likely be a high amount of network latency induced.  That being said, I didn’t personally notice much of a difference browsing the internet on my laptop or using Xbox Live.

Have any other ideas for accessing wifi on the cheap?  Let us know in the comments.

Tomato Firmware: Increased Transmit Power Does More Harm Than Good?

Currently, I run four routers, all part of the WRT54G/GL/GS series, that allow a house to receive wireless internet.  These routers provide sufficient, although not yet ideal, coverage for the house.   Since the WRT54G/GL/GS routers are built on a Linux framework, they are easily upgraded to more powerful firmware, such as the Tomato Firmware available from http://www.polarcloud.com/tomato.  Third-party firmware such as Tomato adds increased functionality to what would otherwise be considered a standard router.  One of the more interesting features that Tomato provides is the ability to increase the transmission power of the wireless signal.  Continue reading “Tomato Firmware: Increased Transmit Power Does More Harm Than Good?”