24 | | = The long way (Note: The following is OBSOLETE, and needs a good update, it has changed a lot in more recent versions of openwrt benoitg 2006-01-18) = |
25 | | == Q: What do I need ? == |
26 | | A: You will need to have basic/full proficiency in a Linux environment |
27 | | |
28 | | You need to re-flash your router with a hacker-friendly firmware called [http://openwrt.org/ OpenWRT]. Follow the [http://openwrt.org/OpenWrtDocs user guide] on the OpenWRT site to get this part done. |
29 | | |
30 | | Do not proceed until you've completed the above. We also recommend you spend some time familiarizing yourself with your new router's OS before introducing Wifidog into that environment. This especially includes the nvram settings, network interfaces and existing interface bridges. |
31 | | |
32 | | == Q: Pre-installation == |
33 | | A: The same rules apply as the pre-installation in a non-WRT54G environment above. Do not proceed until you've satisfied them. |
34 | | In summary: '''Make sure EVERYTHING works first'''. |
35 | | |
36 | | == Installation == |
37 | | |
38 | | |
39 | | === Introduction === |
40 | | |
41 | | Installation of the client on the WRT54G is a bit tricky. The space limitations on the device mean there is no compiler in the OpenWRT operating system. That means that you must compile the client on an external machine then transfer the compiled form onto the router. |
42 | | |
43 | | To complicate things more, if you compile your client regularly on a standard x86 desktop the produced binary will not run on the router due to the different type of processor (MIPS) on that router. |
44 | | |
45 | | What is needed is called cross-compilation, In that scenario you use an architecture (such as your x86 desktop) to produce binaries explicitly designed to run on a different architecture (your MIPS router). |
46 | | |
47 | | The above was the bad news since it makes things sound complicated. The good news is that it's not too complicated and we've built scripts to make this a snap for you. As a matter of fact, you've already done this before! |
48 | | |
49 | | Remember when you followed the OpenWRT building instructions ? Without knowing it, you already cross-compiled stuff! You used your desktop to cross-compile an entire operating system for the MIPS architecture which resulted in one compressed firmware image you installed on your router. |
50 | | |
51 | | === Compiling a MIPS-friendly !WiFiDog === |
52 | | |
53 | | 1. Download the latest [http://sourceforge.net/projects/wifidog WiFiDog tarball from sourceforge]. |
54 | | 1. Uncompress the tarball, enter the directory |
55 | | 1. Run the following, replacing ''/usr/local/openwrt/'' with wherever you unpacked the OpenWRT tarball earlier: |
56 | | {{{ |
57 | | ipkg/rules BUILDROOT=/usr/local/openwrt/ |
58 | | }}} |
59 | | |
60 | | You're done. If all is well you should now have a new file named ''wifidog_1.1.0_mipsel.ipk'' (version number may be different depending on the tarball you downloaded). |
61 | | |
62 | | === Getting the new MIPS-friendly !WiFiDog onto the router === |
63 | | |
64 | | The .ipk is a data file for the simple "ipkg/i-Package" package manager already on your router. All that's needed now is to copy that file onto your router. If you have installed the ''dropbear'' SSH daemon package on your router you can use ''scp'' on your desktop to copy the .ipk file to the router. Otherwise copy that file to any web server you have access to, then use ''wget'' on the router to download the file from the web server. |
65 | | |
66 | | Either way, place the file in the ''/tmp/'' directory on the router. |
67 | | |
68 | | === Actual installation === |
69 | | |
70 | | Once you have the .ipk file on the router, use this command to install it: |
71 | | {{{ |
72 | | ipkg install /tmp/wifidog_1.1.0_mipsel.ipk |
73 | | }}} |
74 | | |
75 | | Once that is successful delete the .ipk file from ''/tmp/'' to free the occupied memory. |
76 | | |
77 | | == Configuration, Running and Testing == |
78 | | |
79 | | === Firewall rules === |
80 | | |
81 | | If you set up your OpenWrt-powered router with a bridged network interface (default), the current firewall rules of !OpenWrt do not permit to block all outgoing TCP/UDP ports except port 80 until a user has authenticated via WiFiDog's login page. |
82 | | |
83 | | You are going to have to disable forwarding from the bridge interface to the wan interface in /etc/init.d/S45firewall: |
84 | | {{{ |
85 | | # The following have been commented out for WiFiDog to work |
86 | | # iptables -A FORWARD -i br0 -o br0 -j ACCEPT |
87 | | # iptables -A FORWARD -i $LAN -o $WAN -j ACCEPT |
88 | | }}} |
89 | | |
90 | | '''Important notes on the prior step!!!''' [[BR]] |
91 | | |
92 | | How to edit files, like the step above! [[BR]] |
93 | | See: http://wiki.openwrt.org/OpenWrtDocs/Using#head-fda4ef01dd7bcc201e690c5dc65631f1b8be545d |
94 | | [[BR]] |
95 | | |
96 | | Summary: On the Linksys WRT-54GL (and most other devices, you'll be editing files on a READ-ONLY file system. |
97 | | Since the filesystem is a collection of symlinks to a readonly filesystem, you can't simply edit files -- they're readonly. Instead you have to delete the symlink, and copy the file so you have a writable version of the file to edit: |
98 | | |
99 | | rm /etc/init.d/S45firewall [[BR]] |
100 | | cp /rom/etc/init.d/S45firewall /etc/init.d/ [[BR]] |
101 | | vim /etc/init.d/S45firewall [[BR]] |
102 | | |
103 | | (And no promises that the file will be named S45firewall - in the version if WebIF (OpenWRT) I'm using, it's S35firewall now. Use common sense... |
104 | | |
105 | | That will get you there... |
106 | | |
107 | | |
108 | | |
109 | | === What else? === |
110 | | You'll need libpthread - that can be installed/downloaded from the Web interface of OpenWRT. |
111 | | !WifiDog gateway won't run without it. |
112 | | |
113 | | Well, it's the same as the earlier section in a non-WRT54G environment. |
114 | | |
115 | | == The intricate link between !WiFiDog and OpenWRT == |
116 | | |
117 | | Repeat after me: |
118 | | |
119 | | '''A !WiFiDog RUNNING ON AN OpenWRT INSTALLATION MUST HAVE BEEN COMPILED AGAINST THE SAME OpenWRT BUILDROOT USED TO CREATE THAT INSTALLATION''' |
120 | | |
121 | | What does that mean ? |
122 | | |
123 | | 1. If you downloaded and compiled OpenWRT yourself, download and compile !WiFiDog yourself against the same buildroot - Do not use someone else's pre-compiled !WiFiDog |
124 | | 1. If you downloaded a pre-compiled OpenWRT firmware image: |
125 | | 1. Ask the person who built it to compile !WiFiDog for you against the same buildroot |
126 | | 1. Or ask them for a copy of their OpenWRT buildroot so you may compile !WiFiDog against it |
127 | | |
128 | | |