ddwrt how-to and scripts. Learn to configure ddwrt to get the best out of your router. We cover a lot from
- DynDns without any third party software
- SSH connection and overall security
- Cronjob
- USB Support
- DNS Masq
- HTTPS
- Logging
- Wireguard VPN Server
- Guest Network
- Usefull Commands
To follow these steps you will need a SSH connection to your router and USB Support to be able to write the needed files.
You don't want to use an external provider to take care of your dyndns. Indeed all you need is a good old script.
We can make use of the cloudflare API and the DDWRT cron job to check on interval if our WAN IP is still the same as the one in our A DNS record.
- Copy the DNS updater script to your router
$scp -P 666 ddns_updater [email protected]:/opt/ddns/ddns_updater
- Copy the Certificate Authority Bundle to your router
$scp -P 666 cacert.pem [email protected]:/opt/ddns/cacert.pem
-
Adapt the DNS updater script.
-
launch the script with a cronjob in
Administration -> Management
. . On this example the script runs every 10 minutes. Check the cronjob section to troubleshoot.
Let's make your router accessible from the outside world aka the world wide web. Note that it is most handy if you have a domain name that is redirected to our router's IP.
Inside Administration -> Management
a good practice is to
- enable https only to avoid leaking your password on your network
- disable Web GUI management as it is more secure to only allow SSH from the outside world.
- change the default SSH remote port so that it will require more time for an attacker to identify the port.
- in
Services -> Services
Enable SSHd and disable Password Login only allow access via SSH to known publickeys (Authorized Keys)
It should pretty much look like this
Now you should be able to login to your router through SSH from the outside !
It can be interesting to enable SSH TCP Forwarding. For instance if you want to access a LAN-accessible service without port forwarding. You can instead through your SSH connection forward that port to your local using this command.
# assumptions:
# your router wan ip is 12.23.34.45
# SSHd is runing on port 9999
# a lan server on your local network at ip 192.168.1.42 expose a service on port 443
$ ssh -L 8087:192.168.1.42:443 [email protected] -p 9999
192.168.1.42
is running a service on port 443
that is now accessible to your host on port 8087
. Note that there is no need for a port forwarding defined in NAT-QoS -> Port forwarding
for this to work. It will work as long as your ssh connection is up.
go to Administration -> Management
screen
and enable cron.
Here are some things to know about cron
cron don’t like .sh
at the end
cron didn't like 0/10 * * *
write it this way instead 0,10,20,30,40,50 * * *
At the end of the cron job be sure to leave an empty line e.g
0,10,20,30,40,50 * * * * root /opt/ddns/ddns_updater &> /dev/null
Why? Well The default DD-WRT file system is read-only, expect for nvram parameters and the available memory in /tmp. So if you want to add some script or to store logs you gotta need some extra space.
The information in the wiki can be outdated.
Here is what worked for me. Simply connect an USB drive to your router and enable inside Services -> USB
Core USB Support
, USB Storage Support
and Automatic Drive Mount
. You should see on the bottom of the page information about your USB drive look for the UUID
that is what you need to mount the drive to /jffs
or /opt
Note that the UUID are the partition labels that must be on the usb drive and that will be mounted to /jffs
and /opt
You can use these USB drive to act like a NAS. It will be quite fast as it directly accessible to the router.
Here is how I securely share the folder /opt/shared
through a samba server.
Enable syslog Add startup script to log into usb flash https://192.168.1.1/Syslog.asp
https://wiki.dd-wrt.com/wiki/index.php/Logging_with_DD-WRT
killall syslogd syslogd -L -s 8192 -O /opt/var/log/messages
Log center synology
DD-WRT
v3.0 runs BusyBox
. When you login through ssh you will end up on the built-in shell (ash) wich is similar to sh
but not to bash
.
let's see if the httpd process is running
$ ps | grep httpd
What TCP/UDP port are open and which process is using them ?
$ netstat -tulpn
restart cron
$stopservice cron && startservice cron
A router take advantage of a NVRAM (non-volatile RAM) which is a persistent memory fast but not huge. It stores DD-WRT settings that you normally change using Web Interface and settings for user Startup Scripts.
That's why if we want to store things we should rather connect an usb drive.
to list the whole nvram
$ nvram show
to set and get variable (beware not to overwrite some variables ...)
$ nvram get <variable_name>
$ nvram set <variable_name>="<value>"
Save all changed variables to NVRAM
$ nvram commit
restart the gui (httpd)
stopservice httpd
startservice httpd
restart the ssh deamon
stopservice sshd
startservice sshd
deamon httpd crond sshd logs
find more information in the wiki