Follow Slashdot stories on Twitter


Forgot your password?
Wireless Networking Software Hardware Linux

Linux Distro For Linksys WRT54G 227

scubacuda writes "Here is a tiny Linux distro for the Linksys wrt54g (d/l the distro here). In just a few seconds, you can give your access point's ramdisk syslog, telnetd, httpd (with cgi-bin support), vi, snort, mount, insmod, rmmod, top, grep, etc." Interesting -- "The script installs strictly to the ram disk of the box. No permanent changes are made. If you mess something up, power-cycle it."
This discussion has been archived. No new comments can be posted.

Linux Distro For Linksys WRT54G

Comments Filter:
  • by Anonymous Coward on Sunday September 07, 2003 @04:01PM (#6894792)
    does it still function as an AP properly?
  • Slow as hell and not terribly practical. But, still very cool.
    • Re:That's cool. (Score:4, Insightful)

      by garcia ( 6573 ) * on Sunday September 07, 2003 @04:07PM (#6894826)
      not terribly practical? Running snort on a wireless router isn't practical?

      Slow? 125mhz MIPS is slow?

      Might want to better explain what you mean.
      • by GGardner ( 97375 ) on Sunday September 07, 2003 @04:15PM (#6894864)
        125 Mhz MIPS CPU is fast enough to do some interesting things, but the box only has 16 Mb of RAM, and no local disk for paging. That's going to be the limiting factor for most of the fun things you'd like to do with this box.
        • by Anonymous Coward on Sunday September 07, 2003 @04:31PM (#6894939)
          In my day, laddie, we had 64kB of ram and 1 MHz. And we liked it! Three miles in the snow we walked, every day, to the terminal... barefoot!

          More seriously, you can do a hell of a lot with 16MByte of RAM and 125MHz. My old Amiga was happily connected to the internet for years with less than that.

          Stick FORTH on any box and (assuming you know FORTH, of course), you can make most any computer jump through hoops, devoid of the efficiency problems that bloated tarbaby languages like C++ introduce.

          • by jd142 ( 129673 ) on Sunday September 07, 2003 @04:39PM (#6894975) Homepage
            In my day, laddie, we had 64kB of ram and 1 MHz. And we liked it! Three miles in the snow we walked, every day, to the terminal... barefoot!

            Up hill both ways, too!
          • by Anonymous Coward
            It warms my heart to see that people outside of the embedded business still care about and know how to handle low (by today's standards) performance/memory devices.

            "Yes grandson, there was once a time where chips weren't able to and didn't need to run Linux and Java."
        • Too true; I attempted to run debian's mipsel port but lacked the memory to even run 'apt-get' without triggering the OOM killer.
          • howabaout Network Block Device? I though NBD was created just for situations like that.
            • by MbM ( 7065 ) on Sunday September 07, 2003 @05:31PM (#6895257) Homepage
              I tried an nfs mounted swapfile with only minimal success. It'd get further but it would go into some heavy swapping flooding the network, durring which time the access point was very unresponsive; just not practical for actual use.
              • I tried an nfs mounted swapfile with only minimal success. It'd get further but it would go into some heavy swapping flooding the network, durring which time the access point was very unresponsive; just not practical for actual use.

                Was the NFS mount over the wireless or the ethernet port? Is the ethernet port 10Base-T or 100Base-T? It seems like this should work... What were your nfs params? Maybe the linux network file system would work better? I'm actually interested in doing this for the playstation 2,
          • but lacked the memory to even run 'apt-get' without triggering the OOM killer.
            Shows how well written apt-get is.
        • Can't you use a file on an NFS mount with the loopback driver to get a swap device?

          I'm not sure what the point would be... if you have another box, why not just run your services on it... but they nifty value is significant.
          • No. There are patches out there that allow it to be done over the network block driver (nbd) - for example, this one [].
          • Not yet, no NFS. This guy is specifically trying to avoid reflashing the box. You could of course compile a version of the kernel with NFS support and include the requisite utilities, if you're brave. One problem so far is that there's just the flash ROM, there's no oops-I-screwed-up-the-flash standalone ROM. So, if you render it unbootable, you've also lost your software flash programming interface, and it's time to break out the soldering iron.
            • I'm more of an OpenBSD guy than a Linux guy, but can't you get NFS support with a module?

              "Upon completion of the installation, you will have a system with basic tools such as syslog, telnetd, httpd (with cgi-bin support), vi, snort, mount, insmod, rmmod, top, grep, etc."

              I imagine insmod is there so you can extend the kernel without flashing anything. I really have no idea what can be a module, but there's at least some freedom there.
              • If you wrote a KLM version of NFS, you could. I'm under the impression that NFS is a kernel-compile option. I could easily be wrong, though... haven't compiled my own kernel since 2.2.
      • Re:That's cool. (Score:5, Interesting)

        by FreeLinux ( 555387 ) on Sunday September 07, 2003 @04:17PM (#6894877)
        Snort logs will be written to /var/log/snort

        Ramdisk based snort logs aren't too enticing to me.

        Another HTTP server on 8000 doesn't do anything for me either, especially when the one on port 80 is already like molases running up hill in winter.

        The fact is that this might be useful in troubleshootingsomething on the router but, for production use it isn't terribly practical. But, then again who's going to rely on this router for any real production use. This is after all, a home or small office device.
        • Re:That's cool. (Score:2, Interesting)

          by Anonymous Coward
          While logging may not be too cool, controling what goes on may be. The gui does alot sure but you can do SO much more with rule based stuff. Like this machine can talk this way while that one can not...

          How about a bind [] caching server ? How about a blackhole ad removal [] server? How about a time server? How about pushing the logs to another machine? While it may be slow these things do not have to be lightning fast, just fast enough. It is afterall just a simple router. Its not meant for 300 machines
        • More than SOHO (Score:2, Interesting)

          by quanta ( 16565 )
          "This is after all, a home or small office device."

          It's more than that - I've used it to bridge several remote locations (1800 ft+) with external antennae.

          Very reliable.
  • by Anonymous Coward on Sunday September 07, 2003 @04:05PM (#6894813)
    This comes with vi and NOT emacs, as 95% of all distributions don't come with emacs!
  • by Anonymous Coward on Sunday September 07, 2003 @04:05PM (#6894814)
    yeah i was looking and i hit refresh and his counter jumped about 200 hits in a couple seconds so heres the article in case slashdot kills another site:

    Jim Buzbee
    September 05 2003

    Mini wrt54g distribution Version 0.1

    This is a mini Linux distribution for the Linksys wrt54g. In about 20 seconds, you can install a small set of Linux tools to your access point's ramdisk.

    Upon completion of the installation, you will have a system with basic tools such as syslog, telnetd, httpd (with cgi-bin support), vi, snort, mount, insmod, rmmod, top, grep, etc.

    To install, modify the script for your ip address and password. By default the script uses Java to move files to the wrt54g. If you would prefer wget, uncomment the wget lines in the script. I had a problem with older version of wget translating escaped characters before passing the URL on to the server. Your mileage may vary.

    The distribution has been tested on firmware version v1.30.7, Jul. 8, 2003. The installation has been tested on Linux and OSX

    The script installs strictly to the ram disk of the box. No permanent changes are made. If you mess something up, power-cycle it.

    Upon successful execution of the script, you will be able to telnet to your box and start exploring its capabilities. Note that there is no login prompt, you telnet directly in as root. Be careful.

    An alternate web server is installed on port 8000 of the box.

    The nfs drivers are not loaded by default If you would like to mount a nfs disk, insmod the drivers from /var/modules/ in the following order : sunrpc.o, lockd.o, nfs.o then mount your disk.

    To run snort, execute the following command on the box : /var/bin/snort -c /var/etc/snort.conf &

    The snort configuration file should be changed for your network configuration and needs. Snort logs will be written to /var/log/snort

    If you wish to change the files sent to the box, untar distro.tar and add or subtract files. Normally you should not run the install script more than once for a power-cycle of the box. i.e. if you want to run the install again, reset the wrt54g first.

    I have attempted to limit all changes to the ram disk, but there are no guarantees that you will not damage your unit by using these tools.

    Download the distribution
    Visit my wrt54g snort page
    Thanks to Ross Jordan, C. J. Collier, Ben Grech and others who did the heavy lifting in figuring out how to get new code on the box

    Jim Buzbee

    consolevision roxors!
    • Heh, I refreshed it a couple times (it loads instantaneously), and it climbs ~10+ hits every second. 948 was my first number, now it's 1102. I don't recall Slashdot linking to a site with a live hit counter any time recently, much less one this low.

      I've got a copy of the file itself if they go down, too.
  • Well this means... (Score:5, Insightful)

    by Nik Picker ( 40521 ) on Sunday September 07, 2003 @04:05PM (#6894815) Homepage
    For us that buying a linksys router is even more preferable. For a personal user to any business criteria the advantage over having full source to this hardware is incredible. Certainly its going to ensure that they stay high on our prefered supplier list provising we can access the boxes and code. incidentally we install WiFi in Public spots for the UK which is being kinda slow to take this up.
    • by interiot ( 50685 )
      Note that code is not available for everything. In particular, the seattle group [] wasn't able to find publicly-avilable drivers for the 802.11g radio.
    • is sitting in the corner, dead for no reason

      linksys cable router
      linksys 10/100 hub
      are the first two that come to mind, there could be others...

      plug them in and no power, they just turned off one day and didn't turn back on, and to top that off when the cable router was working it blocked many Well Known Ports and when linksys support was repeatedly contacted asking for a reason or a firmware update I was ignored every time...

      maybe they've improved in the last year or so since i bought any of their shit b
      • by Pharmboy ( 216950 ) on Sunday September 07, 2003 @09:20PM (#6896477) Journal
        I have owned many, many pieces of Linksys gear, and while they may not be the "performance leaders", I have never seen one just die. I can't help but to wonder about the power situation in your home.

        I would suggest getting some better UPS protection for your routers and switches. You would be surprised at how bad typical electrical service is, and routers and switches tend to stay on 24/7, thus pretty vulnerable. I run everything on UPS. Monitor, routers, hubs, everything. I live in the country (terrible for spikes and brownouts) and have all kinds of gear that is old beyond usefullness, but still works. Even an old UPS that doesn't hold a charge is better than none, since most spikes/brownouts only need about 5 to 10 seconds of power before returning to normal.

        This doesn't change the fact that they may be more delicate that you care for, but my guess is you have a power problem.
  • telnetd? (Score:5, Interesting)

    by Herrieman ( 167396 ) on Sunday September 07, 2003 @04:06PM (#6894819) Homepage
    Why not SSHD? Nobody in his right mind uses telnet nowadays.
    • Re:telnetd? (Score:5, Informative)

      by suwain_2 ( 260792 ) on Sunday September 07, 2003 @04:15PM (#6894868) Journal
      If you read carefully, it logs you in directly as root -- you're never even prompted for a username / password. It's not meant as a publically-accessible box by any means. (Granted, wireless + root access to anyone seems a little scary...)

      ssh/telnet isn't an issue, in this case. It's silly to encrypt something when anyone can get root on it.
      • With SSH2 and RSA authentcation only, but no telnet, not just anyone could get root.
      • It's possibly a good idea to get logged in directly as root, at least for the first-time connect... somehow you'll have to get in the first time. I guess it should be feasible enough to change to ssh with user/password after that (only need a way to store the changed setup before power-cycling).
    • Re:telnetd? (Score:3, Insightful)

      by DarkOx ( 621550 )
      Ok, there is nothing but a ram drive this thing writes to. That means you would have to generate keys everytime the system boots. This things are VERY slow in terms of cpu power so you really don't want to be using strong encryption. Telnet is not EVIL it is what it is. It is a clear text protocol. There is nothing insecure about that. Telnet is as secure as its users. On a local *swiched* lan for instance its pretty safe, but it would be bad over shared media, or GOD for bid anytime you don't contro
  • by cryptochrome ( 303529 ) on Sunday September 07, 2003 @04:06PM (#6894820) Journal
    None of them support Rendezous (AKA zeroconf), at least not on the level of Apple's airport base stations. That's a hack I'd really like to see.
  • by JPelzer ( 202626 ) * on Sunday September 07, 2003 @04:07PM (#6894827)
    OK, this Linksys has only been out for like a few weeks or something, and they've got a linux distro for it... Yet my Toastmaster 5000xdr Quad-port (with FG-200R bagel attachment) STILL isn't supported!

    I mean, the linksys probably works fine out-of-box... But my Toastmaster STILL can't check with my Mr.Refrigeration Model XII to see if I'm out of butter and order more online. Sheesh, technology SUCKS!
    • by JPelzer ( 202626 ) * on Sunday September 07, 2003 @04:32PM (#6894943)
      > OK, this Linksys has only been out for like a few
      > weeks or something, and they've got a linux distro
      > for it... Yet my Toastmaster 5000xdr Quad-port
      > (with FG-200R bagel attachment) STILL isn't
      > supported!

      OK, to reply to those that say I should roll my own distro for my Toastmaster, I have been working on a little something. Currently, there is no support for the bagel attachment, and it has some trouble with the more exotic breads (ie, non-white bread). And it occasionally pops them out at dangerous velocities. And you have to first separate the bread and crust using my '' script, and reassemble them after toasting using ''.

      But otherwise, it's coming along nicely. I did have ONE little bug where instead of ordering more bread, it ordered an industrial bread-machine and hired a staff of 12 to run it. They all seemed so disappointed when I told them they were only hired because of a bug. But I'm sure they get that a lot.

      So check it out, I think it's the future of toasting, possibly even the future of grilling too.
    • NetBSD was ported to that thing a looonnngggg time ago. Why don't you surf over there [] and give it a look-see!
  • What is this for? (Score:2, Interesting)

    by Hettch ( 692387 )
    I'm really not trying to be a troll, this is a serious question. What does making an access point into linux box atually do? Will it still retain all of its normal functions? Will this increase its functionality in any way? Being able to telnet into something as root automatically doesn't seem the safest thing to do for whatever this is, either.
    • by Wumpus ( 9548 ) <IAmWumpus&gmail,com> on Sunday September 07, 2003 @04:14PM (#6894863)
      It's quite useful. You can turn it into a VPN server, have it serve DHCP, put your network's access control mechanism on it, and have a one box solution to a whole range of wireless networking problems.
      • Isnt that what it already does though anyway?
      • As well as being able to add programs with ease(?). Could be a smart security system that would contact approperate people in the event an alarm is triggered, or a spiffy ethernet sniffer, or if 16 megs is enough, a nice way to smuggle on a quake server to your workplace.
      • Re:What is this for? (Score:3, Interesting)

        by Malc ( 1751 )
        Heh: I like the idea of making it a VPN end-point (client, not server) for my PPPoE connection. That offloads the duties from another box. I've had problems with my Windows desktop being multi-homed on multiple VPN connections (it screws up Microsoft Networking, of course) and have to route through another box. Putting PPTP (yeah, yeah) on this and bringing it up after PPPoE connections would save me from have to keep a noisy 100W PC from doing the job. Interesting.
    • I, like many here I would guess, have the BEFW11S4 (i think) wireless AP/router/4-port switch model. One thing that I would change right away is to make a "real" DMZ. I'm sure most people here know enough to not put a box in the "DMZ" which really just means "no firewall for this one box", but instead forward ports in to a specific box.

      I would want to be able to firewall off an Internet-accessible box from the rest of my network while forwarding one or more inbound ports to that box. That would be better t
  • Crap... (Score:5, Funny)

    by Kedisar ( 705040 ) on Sunday September 07, 2003 @04:09PM (#6894838) Journal
    I was going to post "But Does it RUN LINUX!?" but then I RTFA. Grr....
  • ssh tunneling? (Score:5, Interesting)

    by JanneM ( 7445 ) on Sunday September 07, 2003 @04:16PM (#6894870) Homepage
    Could this be used to establish ssh tunneling from clients to the AP? That would, in my eyes, be far preferable to the somewhat lacking link security that 802.11 offers today.
    • ssh tunnels are very bad performance. what you want is a VPN.

      unfortunately you can't replace the kernel on the box with one that supports cool things because of the proprietary broadcom driver.

      (here's to whoever takes the time to write a thunking layer for the linksys 2.4.5 broadcom driver to let it work with modern 2.4.22+ kernels!)
      • by interiot ( 50685 ) on Sunday September 07, 2003 @04:51PM (#6895045) Homepage
        The "ssh tunnels are very bad performance" statement may be elaborated a bit more on this page titled "Why TCP Over TCP Is A Bad Idea" [].
        • by Effugas ( 2378 ) on Sunday September 07, 2003 @06:30PM (#6895585) Homepage
          (Full Disclosure: I designed part of OpenSSH's tunnelling subsystem.)

          TCP over TCP has issues when both stacks attempt to respond to the same error conditions. This happens very commonly with PPP over SSH. However, TCP port forwards in OpenSSH actually terminate at the daemon, which extracts the payloads, repacks them into completely independent streams, and sends them on their way.

          In other words, an error condition on the routerexternal_site link doesn't show up on the clientrouter link.

          OpenSSH tunnels have surprisingly high performance (it certainly beats most proxy implementation hands down). Easy to set up, too: Simply SSH into your host of choice with the -D option(say, ssh -D1080 user@host), set the SOCKS4 proxy in your application to, and you're done. It's really quite simple.

          • ...with running a connection through a tool like stunnel? Both are doing encryption, SSH likes keys, stunnel/SSL likes certificates, but after that I'm somewhat ignorant.

            I've been tunnelling all kinds of stuff through OpenSSH for years, and while I've heard of stunnel, I only just recently started using it (encrypting an IMAP connection because IMAPS isn't supported).

            I'm not asking for an hour-long briefing on /. or anything, but if you know of any web pages, pointers would be appreciated.

            • What's this, a low-slashdot-ID-number party? Guess I just crashed it...
            • Same difference -- stunnel also terminates the TCP session (necessary, since it's operating at userspace), extracts the payloads, and sends them over an encrypted pipe. The differences are:

              1) SSL has theoretically better key management, which is actually not theoretical for browsers (it's the only successful deployment of certificates in history), but stunnel by default barely checks SSL certificates. So, unfortunately, you're very vulnerable to a MITM attack (but you probably were anyway, since even if
        • Yes, so if we could teach the upper layer PPP to detect duplicate packets (like a hash table of payload hashes for the last thousand), and drop them because the underlying layer is reliable, although sometimes slow, then we would enjoy tunneling through braindead NAT's of every hotspot.
      • The broadcom driver is a KLM, why would that stop you from upgrading the kernel?

        (It's not the driver that's a problem; it's the fact that if you don't have a development version of the board that is easy to re-flash, and you flash it with something that doesn't boot perfectly, then you can't flash it via software any longer.)
    • well, it might be too much processing overhead for the little bloke to do. Many of linksys' products (including this one?) run linux out of the box, so it's not a question of Linksys being unable to do it. However, perhaps they stick to the 802.11 encryption standards because that's all MS products support at this time...

      Good observation though, but also if you're transferring sensitive data, you'll want encrypted communication end-to-end because you can just as easily be snooped on anywhere on the net
  • Sigh (Score:4, Informative)

    by curmudgeon ( 75566 ) on Sunday September 07, 2003 @04:23PM (#6894906)
    But still no linux driver for the corresponding WPC54G PCMCIA card?
    • Re:Sigh (Score:3, Insightful)

      by hacker ( 14635 )
      Talk to your vendor. This is not our problem.

      When there is a "lack" of code, drivers, support, etc. in the Linux community, 99.999% of the time, it is due to lack of vendor support. Talk to them first. Ask them for the documentation. Ask them for the code. For the drivers. If they say buzz off, then you have your answer.

      Companies that make it hard or impossible to get their hardware working with Linux, make it hard to want to get it working with Linux. There are other vendors who do support and embrace Li

  • Please please please please please!

    That embarrassing begging display aside, I would really love if somebody would figure out how to add extra functionality to the SMC Barricade wireless routers. At the very least, something to push the logs to a machine elsewhere in the network, as its current archival options are very limited. This is something my old Linksys router was able to do.
  • Has anyone tried this on a Linksys router other than the WRT54G? My BEFSR41 4 port cable/dsl router is still running strong, and I would love to have telnetd and the such on running on it!


    - Cary
  • by Anonymous Coward on Sunday September 07, 2003 @04:37PM (#6894963)
    wrt54g.tar.gz (1.07MB) mirrors

    Posted anon, I'm no whore. :) [] [] []
  • Link to file (Score:3, Informative)

    by BenFranske ( 646563 ) on Sunday September 07, 2003 @04:43PM (#6894992) Homepage
    The article has already been posted, if the file becomes unavailible due to the /. effect a temporary mirror of the file is availible at: []
  • worried (Score:3, Interesting)

    by trans_err ( 606306 ) <`ebenoist' `at' `'> on Sunday September 07, 2003 @05:22PM (#6895203) Homepage
    Wouldn't this be seen as a horrible exploit for this router? Think about it anyone, who knows the router's IP (shesh thats difficult), can install a distro, with telnet access onto the router, thus being able to run things like sniff all day long....

    We should be fighting this not supporting it.

  • Uses: (Score:2, Informative)

    by elgaard ( 81259 )
    1. AirSnort, already working.

    2. Something like the MIT rootnet. 8 /29/232022 8
    By having the routing in the AP, it would participate in the roofnet without a server. Servers use more electricity and are noisy.

    3. Security for open accesspoints.
    You might leave our accesspoints open to share it with others. But you might want some extra security:
    a) Block port 25 for others so they don't send spam and get you blacklistet.
    b) Some VPN/SSH tunnels for privacy.
    c)Traffic shapin
  • wrong wrong wrong (Score:3, Insightful)

    by DrSkwid ( 118965 ) on Sunday September 07, 2003 @06:24PM (#6895534) Homepage Journal
    Putting this sort of stuff in that device is a cool hack but totally the wrong thing.

    It should run a little file server, serving something like 9p [] whihc would allow you to read/write settings and stream off the full data packets read for snorting.


  • by pridkett ( 2666 ) on Sunday September 07, 2003 @06:55PM (#6895745) Homepage Journal
    I own one of these little guys and I must say it's a neat little box. However, please be aware of the following issues that you might run into with it:

    1) it runs quite hot. make sure it gets plenty of air. we had ours sitting on the carpet with the DSL modem on top and it would frequently over heat. Moving the modem off and setting the wrt54g on a board seemed to fix this.

    2) it requires that you have good wiring. you may be shocked to know this, but if you live in an old house (like many college students) your wiring has a good chance of being miswired. The wrt54g will not work with wiring faults (even though many devices work just fine). the solution is to put a good surge protector or UPS between the device and the outlet. this seems to fix everything.

    3) the dhcp implementation is a little funky and sometimes seems to reply with a DHCP NAK on an address request when it otherwise shouldn't.

    All that aside, it's a great little box. It works well with my 802.11b card in the laptop and manages the wired stuff just fine. I can't comment on 802.11g because there aren't any cards with linux support out there (except maybe the minipci card in the wrt54g, but that's a binary driver).

    I've gotten some interesting stuff to run on it, mainly some simple home automation stuff for a pervasive computing environment that was part of my research, but it's nice having everything together. Although, truthfully you're probably still better off with an EPIA board and a 256 meg stick of ram.
  • wap11 (Score:3, Interesting)

    by digitalsushi ( 137809 ) * <> on Sunday September 07, 2003 @08:52PM (#6896307) Journal
    i wonder what would happen if i ran the installer on my wap11 :D
  • by novarese ( 24280 ) on Sunday September 07, 2003 @09:45PM (#6896595) Journal
    There's not a SINGLE "Imagine a beowulf cluster of these" comment yet? What the hell is going on here???
  • iptables? (Score:2, Informative)

    by CapS ( 83352 )
    Will running Linux on this router allow you to use iptables? If so, then perhaps this could be used as a 'real' firewall with stateful packet inspection, rather than just NAT.

    Of course, I'd prefer that this Linux OS be changed so it accepts a root password, but other than that, this could be a a great alternative to the default Linksys software.
  • Prices (Score:4, Informative)

    by nolife ( 233813 ) on Sunday September 07, 2003 @10:53PM (#6896951) Homepage Journal
    Lowest price search results [] from Lowest I could find on Pricewatch was $103 + shipping.

    Amazon has it for $100 [] after rebate with free shipping.

    There was a new firmware [] put out about 6 weeks ago. Here's the details. []

Truth is free, but information costs.