Keep Your Smart Home Secure: Part 2

DD-WRT: Unlock your router’s hidden features!


S

o, here it is. It’s a few weeks behind schedule, but we’re finally ready to discuss another top tip for improving your Smart Home Security. This one comes from a very similar avenue as part 1 of our “Keep Your Smart Home Secure” series.

The last tip we discussed in this series was the process of configuring VLANs on a draytek router (as an example). A very useful feature to implement in your Smart home. But, wouldn’t it be nifty if you could unlock more features hidden in your router? Thankfully a few intelligent individuals came together to build a firmware that’s compatible with a range of routers. This firmware changes quite a few things about your router and can potentially unlock some hidden features. Furthermore, these extra features can help improve your network security! So, let’s delve into what DD-WRT is and how to install and configure it.

Disclaimer: We highly recommend you talk to one of our technicians first before trying to do this yourself, if you are not sure how to do so. We will explain how to do it in this post. However if you’re not comfortable with the instructions, then don’t attempt it. If done incorrectly, you can irreversibly damage your router. Give us a call on 01865 717088 and we’ll be more than happy to help.

Never Miss a Post

Subscribe to our newsletter and we will let you know as soon as the next blog post is out.
Plus, get exclusive discounts and tips straight from the team at Computer Assistance.

The Test Bench

For today’s example, we will be using a test bench. This will give you an idea of how the process works and how useful this firmware is. Also, it will prevent us from causing any disruptions to our business network, by allowing the router to create its own network. So, the router we have in question today is ASUS RT-N66U dual band wireless router. It comes with a lot of great features at the start. This includes VPN server support, print and media server and more!

DD-WRT test bench

However, before you and I get started here, please make sure your router is supported by DD-WRT. If not, you won’t be able to proceed any further!

Pictured on the right is a quick look at what we’ll be using today. Again, as aforementioned, your setup will most likely be different. I would also recommend consulting your router’s manual before attempting the install of the firmware. If you can, try to create a backup of the firmware that you can recover from, should something go wrong.

Alright then. Is your router supported? Got the DD-WRT website up and ready? Sitting comfortably? Then, let’s get started.

Installation of DD-WRT

This is where, depending on your router, the setup will differ. We will be covering the process of installing DD-WRT on our test router. However, I would highly recommend reading your router’s manual first and reading on DD-WRT’s website how to prepare your router for firmware installation .

For the ASUS RT-N66U, we have to do a hard reset to boot he router into recovery mode. This will allow us to install firmware updates (or different firmware, in this case). For a visual aid, this is what we’re looking at (pictured right). DD-WRT ASUS RT-N66U router back side

  1. Power off the ASUS RT-N66U and unplug the power cable
  2. Hold the reset button in (using a small pin) and plug the power back in
  3. Continue to hold the reset button whilst the router powers on and starts up.
  4. Release the reset button once the power LED is slowly flashing.

That’s it. We’re now in recovery mode for the router.

Our next step is to download the appropriate software that can update the firmware of this router.
Please note: If you are using the same router as us in the test and is the only router on your home network, make sure to download this software before-hand. Putting your router in recovery mode will prevent it from connecting your devices to the internet, until you reset the router again.

For this we go to the ASUS RT-N66U downloads page and download the ASUS Utility firmware restoration tool. Make sure to install the utility as well.

Alright, we’re off to a good start. Let’s head over to DD-WRT’s router database and download the compatible firmware for our ASUS router. We’ll save the firmware file to the desktop for ease of access.

Now, let’s select the firmware file from our desktop in the firmware restoration tool and click “Upload”. Make sure the laptop/desktop machine you are using for this is connected to the ASUS router via Ethernet!

DD-WRT firmware restoration

Once this process is complete, we can watch the router and wait for it to reboot. Then, all we need to do is head to the gateway IP address in a browser of choice to access the router’s user interface (UI).

Setup and configuration of DD-WRT

So, now that we have DD-WRT successfully installed, we can test this by accessing the router’s GUI (graphical user interface). To do this:

  1. Open up windows powershell/cmd [ Start -> Run -> Type in “cmd.exe” and hit enter]
    (For windows 10 users,
    you can hit the Windows Key + X to bring up a sub menu on the left and lick on powershell/command prompt from there)
  2. Type in the new window “ipconfig /all” (without the quotation marks) and hit enter
  3. Scroll through the information provided until you find “Default Gateway” and look to the right for the ip address

Now, open up a browser of choice (chrome, firefox, microsoft edge, etc) and enter said IP address. You should now be prompted to setup the root username and password for your router. (You should also notice the DD-WRT logo in the top left).

Bingo! We’re in. You should be greeted with a status page that looks similar to the picture on the right. This gives us an overview of the ASUS router we have, including what features are enabled and disabled, what wireless networks are configured and more! This may be a little overwhelming at first for new users, but it gives you a lot more freedom to modify and configure your networks at home.

So, I think we should try setting up a guest network. Guest networks allow other users to connect to your wireless network and use your internet connectivity. However, you can tighten the rules on the guest network and restrict their access to other devices in your home. That way you can have friends and family around using the internet, without the security vulnerability!

Creating a Guest Network in DD-WRT

Today we’ll use a guest network setup and configuration as one example of how DD-WRT can help you. There are loads of features I’m excited to show off, but we don’t have time to go through them all. So, let’s keep it simple. DD-WRT Wireless Basic Settings

Firstly, head over to the “Wireless” tab at the top of the dd-wrt control panel. It should take you straight to “basic settings” in the wireless tab. This is where you can configure the basic information for your wireless networks on 2.4Ghz and 5Ghz (if your router supports it). If we scroll down slightly, we can add a virtual interface on the 2.4GHz channel for wireless. So, let’s go ahead and do this now. That way, we will have two wireless networks and allow us to use one as a guest network.

 

From there, we move over to the “Setup” tab. Then, within the setup tab, click on “networking”. We can now create a bridge for our newly created wireless network (that we will be using as a guest network).

Click on “Add” and give the bridge a name. Scroll to the bottom of the page and click “Save”, then “Apply Settings”. You should now be able to adjust the subnet that your bridge will be on. In our example, we’ve set it to the 192.168.20.XXX subnet, with the appropriate mask of 255.255.255.0. Once again, we’ll “save” and “apply settings”.

Next up, we need to assign the bridge to an interface. In this case, we want to assign our newly created bridge (br1 in the example) with the wireless interface “wl0.1”. Under “Assign to bridge”, click “add”. From there, we select the bridge we created “br1” and select the interface as “wl0.1” (Our wireless network we created in an earlier step). Now, once again, “save and “apply settings”.

Almost there now. We need to create a DHCP server that can assign IP addresses to connected devices on the guest network. So, we scroll down to the bottom of the same page and under “Multiple DHCP Server” click “add”. We then select “br1” for one of the dhcp servers. Last time for this page, click “save” and “apply settings” (getting a little repetitive, I know).

Excellent. We now have a guest network setup with its own DHCP server and subnet. But we’re not done yet! We need to create some rules to tighten our security on the guest network. We don’t want people to bypass out network security by simply connecting to the guest network.

So, head over to the “Administration” tab. Within there, click on “commands”. Now, there are a few commands that we need to input to strengthen our guest network security. We also need to allow devices on the guest network to gain access to the internet. So, let’s do that

As you can see in the example provided, I have already added all the rules. The first 3 lines are to allow br1 access to the internet. The rest of the commands input restrict access to certain areas on the network. This means that users on the guest network do not have access to the router’s control panel (what we’re looking at currently). They will also not be able to SSH or Telnet either.

The list of commands are as follows:

iptables -t nat -I POSTROUTING -o `get_wanface` -j SNAT --to `nvram get wan_ipaddr`
iptables -I FORWARD -i br1 -m state --state NEW -j ACCEPT
iptables -I FORWARD -i br1 -o br0 -m state --state NEW -j DROP
iptables -I FORWARD -i br0 -o br1 -m state --state NEW -j DROP
iptables -I INPUT -i br1 -p tcp --dport telnet -j REJECT --reject-with tcp-reset
iptables -I INPUT -i br1 -p tcp --dport ssh -j REJECT --reject-with tcp-reset
iptables -I INPUT -i br1 -p tcp --dport www -j REJECT --reject-with tcp-reset
iptables -I INPUT -i br1 -p tcp --dport https -j REJECT --reject-with tcp-reset

Once all this has been added into the box provided. Click on “Save Firewall”.

And there you have it! You should now have a fully functioning guest network on your router. However, that’s just one of the several things you can now manipulate on you router. DD-WRT offers so much more than just this and I hope this gives you insight into the possibilities you have ahead of you.

However, if you don’t like the idea of DD-WRT on your router and would like to revert, simply repeat the initial steps. However, instead of installing the DD-WRT firmware, download the latest firmware from your router’s manufacturer website and upload that into your router. You should be back to normal.

Until next time!

We’ve introduced DD-WRT here, but we are well aware of how daunting it might appear at first glance. Don’t worry! You can have your network fully setup and configured to best suit your needs!

Feel free to give us a call on 01865 717088 and you’ll receive a call from a technician who will be able to sort out all of your problems. We also give expert advice on the next move, whatever the IT problem may be.

While you’re at it, why not join our newsletter? We’ll send you a message when our next blogpost is up and ready for consuming. Furthermore, you’ll also receive some exclusive tips and information, as well as discounts on device repairs you book in with us! So, check the footer of this page, fill in your e-mail address and click Sign up. That’s all there is to it!

Scroll to Top