My Toothbrush Runs Linux

I’ve spent the last couple of days here in the office reconfiguring our internal network. Although things on our side of the silverorange / Reinvented data centre are pretty simple, I’d been itching to tidy things up, and the aforementioned purchase of a new Linksys WRT54GS wireless access point was the catalyst I needed.

Here’s what I ended up with:

Reinvented Network Diagram

The key change is that all of our network traffic now runs through the new WRT54GS (half of the network used to sit right on the ISN gateway), something made possible by the handy fact that it is possible to replace its firmware (aka “the software guts that makes everything work”) with a stripped down version of the open source Linux operating system.

There are several flavours of Linux available for the Linksys WRT54 line of wireless routers — DD-WRT, HyperWRT, for example — I settled on OpenWRT for my install, mostly because it has the best documentation of the bunch.

Actually installing the firmware wasn’t exactly painless (I’ve put a few tips specific to my setup on my WRT54GS page), but it went pretty easily. After the install I had to do a fair bit of poking around to figure out the configuration required for my setup (two WAN IP addresses exposed to the Internet, with the router using NAT to shovel the right traffic to the right internal server).

Ultimately the configuration turned out to be pretty straightforward: this post helped me figure out how to add a second IP address to the WAN-facing side of things, the iptables man page helped me set up NAT, and this helpful NAT HOWTO helped me solve a vexing problem wherein external users could see our webservers, but I couldn’t see them from inside the LAN.

So if you look at the network diagram above, you’ll see that our outward facing IP addresses are both handled by the WRT54GS, with some traffic NATed to one webserver, some traffic NATed to another webserver, and a little bit of SIP traffic sent along to my Sipura SIP device (which lets me register with external SIP-based VOIP services). Similarly, my iMac has a hardwired connection to the router, which is my connection to the web, and both of our iBooks connect wirelessly (using WPA for wireless security).

One of the cool side-effects of running Linux on the router is that a wide variety of open source software can also run on the device, including the handy iftop application that lets me view bandwidth usage in real time:

Screen Shot of iftop running on my WRT54GS

In this instance, both Johnny and I are listening to Steve host Radio Noon in Montreal, Johnny is sending some traffic to the Yankee webserver, several people are browsing sites on our two webservers, and I’m running iftop on the router itself (hostname of nettie). The three columns on the right show the bandwidth usage at 2, 10 and 40 second intervals, and there are totals at the bottom that show that at the moment this snapshot was taken we were sending out 10.3Kb/s of data and receiving 272Kb/s, for total usage of 282Kb/s (this Wikipedia page can give you some idea of what this means practically).

So far things are flowing well, and the entire operation required only about 10 minutes of downtime to swap in the new router. I’ll report back later on how things progress from here.


Olle Jonsson's picture
Olle Jonsson on December 28, 2005 - 20:42 Permalink

Serendipity: Swedish computer periodical Datormagazin ran an article in its latest issue on just the OpenWRT plus Linksys routers love story. It was a no-frills howto on setting things up.

I’m impressed with the sheer tenacity of the people who take the time to make that script to Linuxify the router. I’m talking about the Ping.asp exploit, that makes the router wait a few seconds for a new operating system to run on.

Today, I began complaining about the Netgear router I’m dealing with. If I were to shop today, it’d be a Linksys with the “L” tacked on at the end. L for love.

Ken Williams's picture
Ken Williams on December 31, 2005 - 07:16 Permalink

Who knew? I have a WRT54GS and will try this. Thanks Peter.