ssh – Dan Vasile

Enabling JFFS in DD-WRT from SSH

I like DD-WRT, it offers the basic tools needed for a router but I’d like to install other apps as well. The problem with embedded devices is that the system is installed in the non-volatile memory (usually 2-4MB) and one can only use the RAM to install apps.

But first we need to map the RAM into a JFFS. There is an option in the web interface allowing us to do so but there goes all the fun. Plus there is a major issue with DD-WRT v24sp1 VPN builds having the JFFS feature removed, presumably due to conflicts between JFFS and bandwidth monitoring. And if we don’t care about bandwidth monitoring we can enable JFFS from the command line.

nvram set jffs_mounted=1
nvram set enable_jffs2=1
nvram set sys_enable_jffs2=1
nvram set clean_jffs2=1
nvram set sys_clean_jffs2=1
nvram commit
reboot

I noticed a “longer than usual” reboot after this operations. If we want to unmount the JFFS:

nvram set sys_enable_jffs2=0
nvram set sys_clean_jffs2=0
nvram set jffs_mounted=0
nvram commit
reboot

The variables created in these operations can be deleted with nvram unset <var>.

Enabling DD-WRT web interface from SSH

With this article we’re starting a new category regarding DD-WRT and micro-embedded devices.

I’ve been using DD-WRT (and other variants as Open-WRT, Tomato, etc. depending on the device) for quite a while and every now and then I need to re-enable the web-interface from the command line. For instance I found the web-interface not responding even thou it was enabled so I wanted to reinitialize it. Just log in via SSH (we all know Telnet is bad, right?) and do the following.

Stopping the web interface from SSH (if it is enabled):

nvram set httpd_enable=0
nvram set http_enable=0
killall httpd

Starting the web interface and setting the parameters (the long and safer version):

nvram set remote_management=1
nvram set http_wanport=8080
nvram set httpsd_enable=1
nvram set https_enable=1
nvram set remote_mgt_https=1
nvram commit
reboot

So now just point your browser to https://your_public_ip:8080.

Notice we enabled https for remote management. Feel free to use any port you like and if you’re a fan of security thru obscurity you might want to use an unassigned port from IANA.

SSH tunnels, an alternative to VPN

What do you do when you need a connection to the Internet and the only thing in hand is an unsecured wireless network or hotspot? Do you realize the dangers involved? Would you trust this connection and send confidential data over it?

Of course VPN is the favorite method, but what if you don’t have such an option? Let’s say all you have is a DD-WRT router with no VPN (because you have a mini or generic firmware). Just for the sake of argument. How do you route your traffic through this router from the Internet?