DD-WRT does not come with a repository but we can use the OpenWRT packages. Just run the following from the command line:

mkdir -p /tmp/smbshare/tmp/ipkg
cd /tmp/smbshare/tmp/ipkg
wget http://downloads.openwrt.org/whiterussian/packages/libpcap_0.9.4-1_mipsel.ipk
ipkg -d smbfs install libpcap_0.9.4-1_mipsel.ipk
wget http://downloads.openwrt.org/whiterussian/packages/tcpdump_3.9.4-1_mipsel.ipk
ipkg -d smbfs install tcpdump_3.9.4-1_mipsel.ipk
export LD_LIBRARY_PATH="$LD_LIBRARY_PATH:/tmp/smbshare/usr/lib"
PATH="$PATH:/tmp/smbshare/usr/sbin"

We first install libpcap, a library used by tcpdump. You might get some warnings but it’s fairly safe to ignore them. That’s it, run ‘tcpdump’ from the command prompt and let the flow amaze you. We’ll later discuss some options of tcpdump.

You can check the OpenWRT repositories for other great pieces of software ported and prepared for embedded devices: http://downloads.openwrt.org/whiterussian/packages/

But first we need to map the RAM into a JFFS. There is an option in the web interface allowing us to do so but there goes all the fun. Plus there is a major issue with DD-WRT v24sp1 VPN builds having the JFFS feature removed, presumably due to conflicts between JFFS and bandwidth monitoring. And if we don’t care about bandwidth monitoring we can enable JFFS from the command line.

nvram set jffs_mounted=1
nvram set enable_jffs2=1
nvram set sys_enable_jffs2=1
nvram set clean_jffs2=1
nvram set sys_clean_jffs2=1
nvram commit
reboot

I noticed a “longer than usual” reboot after this operations. If we want to unmount the JFFS:

nvram set sys_enable_jffs2=0
nvram set sys_clean_jffs2=0
nvram set jffs_mounted=0
nvram commit
reboot

The variables created in these operations can be deleted with nvram unset <var>.

I’ve been using DD-WRT (and other variants as Open-WRT, Tomato, etc. depending on the device) for quite a while and every now and then I need to re-enable the web-interface from the command line. For instance I found the web-interface not responding even thou it was enabled so I wanted to reinitialize it. Just log in via SSH (we all know Telnet is bad, right?) and do the following.

Stopping the web interface from SSH (if it is enabled):

nvram set httpd_enable=0
nvram set http_enable=0
killall httpd

Starting the web interface and setting the parameters (the long and safer version):

nvram set remote_management=1
nvram set http_wanport=8080
nvram set httpsd_enable=1
nvram set https_enable=1
nvram set remote_mgt_https=1
nvram commit
reboot

So now just point your browser to https://your_public_ip:8080.

Notice we enabled https for remote management. Feel free to use any port you like and if you’re a fan of security thru obscurity you might want to use an unassigned port from IANA.

Of course VPN is the favorite method, but what if you don’t have such an option? Let’s say all you have is a DD-WRT router with no VPN (because you have a mini or generic firmware). Just for the sake of argument. How do you route your traffic through this router from the Internet?

Well, I spotted in my early days a way to secure the communication in such environments while looking for something else. I was actually looking for a way to access private IPs behind a Linux router without the use of a proxy and I figured that Putty can do both of this. For several reasons I use Windows in my daily work so the best tool in hand for SSH connections is by far Putty.

Start Putty and put your server name or IP address, select SSH for Connection Type (and the port if it’s different from 22, I know it’s a common thing to change the SSH daemon port for security through obscurity reasons), type a name for this connection in the Saved Sessions field and click Save.

Now go under Connection -> SSH -> Tunnels, set the Source Port to 8080 or whatever port you wish, click Add, and you should get something like this:

Any SOCKS-able protocols can be used over this tunnel so there are virtual unlimited uses. As you can see from above you now also have secure access to the Intranet.

As a side note, there are a lot of plug-ins for easy and quick proxy switching and management for Mozilla FireFox. Choose your favourite: https://addons.mozilla.org/ro/firefox/search?q=proxy&cat=all