Part 9: Simplifying things with DD-WRT on your router.
DD-WRT is am amazing free firmware upgrade for your router.
If you can load the firmware DD-WRT on your router, it will let you do
two things easily:
1. You can handle dynamic IP addresses easily.
2. If your router can have the STD version, you can also use it as a proxy for web-browsing, etc., which means that you don't need to install Squid on your home Linux server.
Very brief guide to installing DD-WRT
- Go to the DD-WRT router database and type in your router name. Make sure that it is supported. e.g. If you type in "Linksys WRT54G" you will see that all versions are supported except for version 7.0
- Next, click on the router name & version number to open up the next page. This is important because it will tell you the RAM and FLASH, as well as give you the firmware to download. If your router has 8MB RAM then you can only load the MICRO version. If it has 16 MB RAM then you can load the STANDARD version. To see the different versions, read this page. If you want an SSH server, you'll need the STD version.
- Read the WIKI page on installing the firmware and follow it's directions.
Handling a Dynamic IP
All versions of DD-WRT can handle dynamic IP addresses. DD-WRT will connect to sites like no-ip.com. (I find that no-ip.com works much beter than DynDNS.org) The main problem with using these sites is that you don't have as much control over things as you would if you can run CGI scripts on your own website. See part 4 for this.
- First create an account on no-ip.com
- No-IP.com has a page that explains how to setup DD-WRT.
(Just read the first part - not port forwarding, etc)
You just set things up as in the diagram below.
- Now no-ip.com will be updated with your latest IP address. (You have to log on to check it, I don't know if there's a way to check it with some sort of automated script.)
Using DD-WRT as a proxy
You'll need the STD version of DD-WRT for this because it comes with an SSH server built in.
- Set up DD-WRT on your router as follows
- Allow SSH connections, but change the port to something other than 22
- Enable remote management, but make sure Telnet is disabled. You must use the same port as above.
- Now connect to your router remotely ... SSH and WebGUI
- DD-WRT must log in as root (there are no other usernames). If you are at all concerned about security use private-key authentication. It is a bit more work to setup.
- This will connect port 8080 on your local computer to port 80 on your router.
- On your browser, you can now type http://localhost:8080 and it will connect you to the DD-WRT GUI.
- Note, the WebGUI is disabled, you can only access it from the internet if you can SSH to root and have the tunnel setup.
- DD-WRT as a Web Proxy
- We have setup a dynamic socks based port on port 3000. I don't know what SOCKS is not how a dynamic port works, but this setup works just fine.
- Configure your browser to use a SOCKS5 proxy on port 3000. This will send all of your web requests through the your DD-WRT router at home and then out onto the internet. Everything is encrypted except for your DNS requests.
- To encrypt your DNS requests (using Firefox -- I don't know how it
works in other browsers)
a) install FoxyProxy: It has an option to send DNS requests over the encrypted SOCKS channel.
b) or do this: type in about:config then set network.proxy.socks_remote_dns to true
Setup Putty to connect to your home IP address:
putty firstname.lastname@example.org -L 8080:localhost:80 -D 3000
This link, "Secure Web Browsing", has similar information, although I would not enable webGUI as they do. Routing it through an SSH tunnel is much more secure.