Customizing your Netgear DGN2200v3

The Netgear DGN2200v3 is a nice low cost Wireless (802.11b/g/n) ADSL2+ router that can be quite easily found. It is a nice piece of hardware and features some interesting features, such an USB host port to connect and share a USB storage device, and expecially is easily customizable for users interested in having a powerfull generic device running a Linux embedded operating system.

Note: this is a heavily “Work in Progress”  page so please check it out here and there if you are interested in the topic! (last update 09th June 2014)

First of all you can find the source tree for the router at Netgear site starting from their GPL Open Source Code for Programmers page. The package also contains a suitable toolchain uclibc-crosstools-gcc-4.4.2-1. Everything described in this page refeers to the “official” firmware V1.1.00.10_1.00.10 . It may also apply to future updates and to the beta version that Netgear started to distribute but it may require slight modifications.

 

The next step to access to your router internals is to enable the telnet shell using the debug backdoor present in the firmware. It is easily done by accessing (we suppose 10.0.1.69 is your router IP address) the URL: http://10.0.1.69/setup.cgi?todo=debug This will enable telnet connections from your local network. Just login with your administrator credentials.

Once you entered you can analyze the running system, briefly:

# cat /proc/version
Linux version 2.6.30 (root@BuildServer) (gcc version 4.4.2 (Buildroot
 2010.02-git) ) #1 Fri Nov 4 13:30:23 CST 2011

# cat /proc/cpuinfo
system type             : 963281TAN
processor               : 0
cpu model               : Broadcom4350 V7.5
BogoMIPS                : 319.48
wait instruction        : yes
microsecond timers      : yes
tlb_entries             : 32
extra interrupt vector  : no
hardware watchpoint     : no
ASEs implemented        :
shadow register sets    : 1
core                    : 0
VCED exceptions         : not available
VCEI exceptions         : not available

unaligned exceptions            : 10

# free
total used free shared buffers
Mem: 60004 49576 10428 0 3856
Swap: 0 0 0
Total: 60004 49576 10428

# df
Filesystem 1024-blocks Used Available Use% Mounted on
mtd:rootfs 27648 17096 10552 62% /
mtd:factory 256 52 204 20% /config/factory
mtd:scnvram 1024 80 944 8% /config/nvram
mtd:language 1024 468 556 46% /config/language
mtd:xxx 768 68 700 9% /config/xxx

There are especially a few tools that you may find useful for tweaking the router.

  • One is wl and permits you to tweak wireless card parameters. One purely visual thing, but I found it annoying to be missing, is to make the wireless led blink when there is some wireless activity (by default it’s just always on). This can be achieved by using the command “wl ledbh 3 7“. A command “wl ledbh 3 14” will keep the led always off and blink just when there is traffic. Try to change the second value between 0 and 15 for various effects. Another more interesting usage for this tool is to change the transmission power to achieve slightly better coverage results. To see the current settings you can use “wl -a wl0 txpwr“. To set a value you can use the “wl -a wl0 txpwr 80” for example to set it to 80mW which is practically the maximum value (by specs at least). Use the –help for a (huge) detailed list of options!
  • Another very interesting tool is adslctl. This tool can be used to tweak all the ADSL parameters such as the SNR limits (start –snr) and get additional informations from your link (info –show). Use the –help for a detailed list of options!

Once you are happy with some modifications of course it would be nice to make them stable. If you noticed the mount output the root device is in read-only mode but no fear, just remount it to read-write: mount -n -o remount,rw /

Another important thing to notice is that the  /etc/ is not really on flash but it is just a link to a directory that is in /tmp temporary filesystem and that gets re-populated at every boot from the template in /usr/etc. Therefore if you want to make your modifications permanent to the startup scripts you have to work on /usr/etc. For example, considering also that there is no default editor on the system, if you would like to make the led blinking permanent you could execute something like this:

mount -n -o remount,rw /
cd /usr/etc
echo "/etc/rc.makkapakka &" >> rcS
echo "#!/bin/sh" >> /usr/etc/rc.makkapakka
echo "/bin/sleep 20" >> /usr/etc/rc.makkapakka
echo "/usr/bin/wl ledbh 3 7" >> /usr/etc/rc.makkapakka
chmod a+x /usr/etc/rc.makkapakka

This will append a line to the standard rcS file to execute another custom script (rc.makkapakka) which contains the three lines written with the echo redirected to rc.makkapakka. The last line will make sure the script is executable. You’ll notice that there is a sleep of 20 seconds in the script: this is done since during startup also other processes are running and the wireless module gets reinitialized elsewhere. Of course it’s not the most elegant solution since it’s a hard-coded timing, but it works in practice and should be enough for the example (if you want ADSL parameters to be kept you better make the sleep slightly longer since that part takes more time to be initialized at first).

Of course editing files with just the shell tools (such as echo but also cat,head,tail and grep) is not the most confortable thing in the world. Of course you can pre-edit the files on your PC and then upload them either via FTP or put them via the USB storage available. Otherwise check at the bottom of this page for some pre-crosscompiled packages, there is also the GNU nano editor.

 

About the firewalling rules:

The DGN2200 has a pretty elaborated firewalling rule set. It is quite elaborate also to permit quite “easy” tear down and reload of rules when they are changed by the user on the web interface. There are some nonstandard modules/rulesets used that make the investigation even furtherly complicated. You can have a look for yourself and work out a bit the logic behind the networking system by using:

iptables -L
iptables -L -t nat

Something that most probably any of you playing with the DGN2200v3 firmware would  want to do is to open a port locally so you can install some service running on the device (for example dropbear or OpenVPN listed below with their binary packages). This sadly cannot be performed via the web interface. The interface will actually permit you to set a “port forwarding” to the IP of the router itself but that will not work for how the rules are then expanded to iptables.
If you would like to open a local port to a running service nevertheless the best, and less invasive, way to do it in my opinion is using the following two rules (that are supposing you’d like to open TCP port 3636):

iptables -A INPUT -p tcp -s 0/0 -d 0/0 --dport 3636 -j ACCEPT
iptables -t nat -I PRE_CNAPT 1 -p tcp -s 0/0 -d 0/0 --dport 3636 -j ACCEPT

The first line is quite obvious and will actually permit the input packets to be accepted. The second one is inserted to prevent the CNAP prerouting rule to drop the packets for that specific port.
Now you can put your favorite TCP service on the 3636 port and have it rechable from the WAN side.

 

Precompiled packages:

Here are some pre-crosscompiled packages for those that don’t want to mess with the crosscompilation process. I tried to make them as easy to use as possible (so you’ll usually find statically linked versions for example if they depend on other libraries) and install:

  • GNU tar and GNU gzip for decompressing the other archives offered later in this page. This two tools are offered uncompressed so you can just download them from your router using the build in busybox based wget tool and then proceed to further installation of other packages without needing a decompressor on your PC or so. (thanks to Stuart for this deployment idea!). The tar will search for gzip in the path so make sure you first add the directory where you downloaded gzip to the path (ie. something like export PATH=$PATH:/path/to/gzip/directory). For some packages a warning that the UID/GID of the original package files cannot be restored will appear: don’t worry too much it’s normal since my UID/GID of my developement system are not present on the router. To unpack the packages listed below just use “tar xfz packagename.tar.gz” (again put also tar into the path or use ./ to execute it from the current working directory). Make sure you set both files as executable (chmod a+x tar gzip) aswell. Download tar and gzip here!
  • GNU nano text editor version 2.2.6. This version is statically linked (since it uses the the ncurses 5.9 library). It is important to know that the ncurses library needs the terminal information (terminfo) to start. So in the package you will find also a “vt102” file (the default terminal defined on the DGN2200 at login) that has to be placed in the /opt/toolchains/uclibc-crosstools-gcc-4.4.2-1/share/terminfo/v/ directory. If you need other terminal definitions for some reason you can find them in the ncurses package (or on mostly any Linux desktop installation). The nano executable can be placed where you wish. Download nano-dgn2200-bin.tar.gz here!
  • Strace system trace analyzer version 4.7. What else do you need when something doesn’t work and you have to understand what? Here it is, download strace-dgn2200-bin.tar.gz
  • Dropbear embedded ssh package version 2012.55. The package should include all you potentially need, so client, server and key management tool. Remember eventually to pass using the “-d” and “-r” options the path to the keys where you generated them (the defaults are in /etc/dropbear and are therefore quite volatile). Download dropbear-dgn2200-bin.tar.gz.
    Make sure you first generate the keys and then specify the path to the keys to the executable, otherwise the defaults are in /etc and they are missing there.
    To create the keys do for example both:
    ./dropbearkey -t rsa -f /tmp/dropbear_rsa_host_key
    and
    ./dropbearkey -t dss -f /tmp/dropbear_dss_host_key
    this will generate the two keys in /tmp (eventually of course you can put them in /opt or other fixed storage).
    Then start dropbear pointing to the keys with:
    ./dropbear -d /tmp/dropbear_dss_host_key -r /tmp/dropbear_rsa_host_key
    Be also aware that by default dropbear accepts only users with a shell listed in the /etc/shells file so if you have troubles connecting with a specific user make sure that the used shell is listed in this file.
    Another warning: by default the admin user doesn’t have a home directory assigned and therefore the dropbear connection may just hang after autentication. Change it’s home directory in the /etc/passwd file (in /usr to make it non-volatile) to / as root (insert a “/” before the last colon of the line)
  • OpenVPN 2.2.2 package for creating VPN. To be able to use VPN in some configurations the kernel needs the TUN device support. In the download package you will find the precompiled module tun.ko that you have to load before using the openvpn package (insmod tun.ko). Also remember that you have to create the appropriate /dev/net/tun (char dev, major 10, minopr 200) device. The openvpn has been compiled with the following defines: ENABLE_CLIENT_SERVER ENABLE_DEBUG ENABLE_EUREPHIA ENABLE_FRAGMENT ENABLE_HTTP_PROXY ENABLE_MANAGEMENT ENABLE_MULTIHOME ENABLE_PORT_SHARE ENABLE_SOCKS USE_CRYPTO USE_LIBDL USE_LZO USE_SSL. Please be aware that apart from configuring properly the openvpn configuration files you need to tweak the iptables (system firewall) settings on the router to achieve some useful/interesting results. More about iptables chains on the DGN2200 for OpenVPN later on since it’s not a short story. For now as a hint: make sure you permit the traffic (LOCAL/INBOUND_FILTER_1) for the tap0 device that OpenVPN uses first of all and then forward the private networks behind the tunnel. Download openvpn-dgn2200-bin.tar.gz.
  • curl 7.28.1package for advanced file transfers, query generation, various protocols operation and much much more. The default filesystem contains the busybox version of wget which is quite limited (as it should be given it’s a very compact version!). With this package you can manage much much more. The package is compiled with these features:
    # ./curl -V
    curl 7.28.1 (mips-unknown-linux-gnu) libcurl/7.28.1 OpenSSL/1.0.1c
    Protocols: dict file ftp ftps gopher http https imap imaps pop3
    pop3s rtsp smtp smtps telnet tftp
    Features: Largefile NTLM NTLM_WB SSL TLS-SRP

    Download curl-dgn2200-bin.tar.gz.

  • netcat version 1.10 the TCP/IP Swiss army knife. Very useful tool to debug networking troubles and services. Download netcat-dgn2200-bin.tar.gz
  • coreutils version 8.19. This package contains most of the coreutils that are not present as busybox applets in the router and can be very often of use. Some examples are stty for terminal settings management, seq to create sequences at command line, nohup to start processes without a terminal (for nightly uploads and downloads). Here is a list:
    base64    comm     factor     mkfifo  paste     sort    tac       uniq
    basename  csplit   fmt        mktemp  pr        split   tee       uptime
    chgrp     dirname  fold       nice    printenv  stat    timeout   whoami
    chown     du       getlimits  nl      seq       stdbuf  truncate
    chroot    env      id         nohup   shred     stty    tsort
    cksum     expand   join       od      shuf      sum     unexpand

    And here is the download coreutils-dgn2200-bin.tar.gz.

  • p910nd version 0.93 printer daemon to transform your DGN2200N also in a printer server for your network using an USB printer. I just modified the lockfile to be created at /var/lock instead of /var/lock/subsys to be more compatible with the default router filesystem tree. Download p910nd-dgn2200-bin.tar.gz
  • tcpdump version 4.2.1 based on libpcap 1.2.1, the very powerful packet inspector for all your network debugging (and sniffing :P ) needs. Download tcpdump-dgn2200-bin.tar.gz.
  • rtorrent version 0.9.3 text-based torrent client. Compiled with libtorrent 0.13.3, libsigc++-2.3.1 and curl-7.29.0. Tried and tested to work well, be aware that you may need to play first a bit with iptables for incoming connections (see above in the iptables section how to open a port for local use) to achieve full speed transfers. Be also aware that when you use it over telnet some character sequences may be “eaten up” by the terminal emulator and telnet itself. Check the notes in the Rtorrent User Guide where it explains how to skip the mappings with stty (you can find stty tool crosscompiled for the DGN2200v3 in the coreutils package above). Download rtorrent-0.9.3–dgn2200-bin.tar.gz.
  • GNU screen version 4.0.3. Screen/terminal window manager to give you the possibility to use multiple shells/applications at the same time on a single telnet login and especially leave them working unattended after a logout (useful for example for rtorrent posted above or your favourite IRC session!) and resume them later on when you reconnect. The package contains also two termcap definitions (vt100 and vt102) to make the default terminals work (put them into /opt/toolchains/uclibc-crosstools-gcc-4.4.2-1/share/terminfo/v/ since ncurses was compiled to watch for them there). Download screen-4.0.3-dgn2200-bin.tar.gz.
  • CIFS filesystem kernel module, so you can mount CIFS/Samba network filesystems on your DGN2200v3. First insert the module (insmod cifs.ko) and then mount the share with something like:
    mount -t cifs //10.36.36.42/test /mnt/shares/U/cifstest/ -o username=guest

    or

    mount -t cifs //10.36.36.42/test /mnt/shares/U/cifstest/ -o username=user,password=secret

    Download cifs-kernel-module-dgn2200-bin.tar.gz.

  • rsync 3.0.9 for incremental file/repository transfers. Download it here: rsync-dgn2200-bin.tar.gz
  • lua-5.2.2 interpreter and compiler (and liblua.a) to be able to program on your router with this lightweight and very powerfull language. Download it here: lua-5.2.2-dgn2200-bin.tar.gz
  • cpuminer 2.3.2: get rich mining bitcoins on your router at a stunning 0.06khash/s rate ;) Download it here: cpuminer-2.3.2-dgn2200-bin.tar.gz

 

 

USB Serial package and connecting Arduino boards

One of the interesting things I wanted to do with my router was also to have the possibility to pilot and monitor some external hardware (using digital I/O and high power relays), do some identification using I-Button devices and in another case be able to do some simple room monitoring (temperatures and so on). Being this things done with some easy to find low cost Arduino based prototype boards a very interesting step for my DGN2200v3 modding was to include the support for the USB serial converter used by this boards to be able to have an easy and cheap way of interaction (of course I could also use a ethernet/wireless shield for the Arduino board, but that would make the board prototypes more expensive and complicated).
So here it comes the precompiled package with all the serial drivers needed: download usbserialftdio-dgn2200-bin.tar.gz. The package includes the generic usbserial module, the specific ftdio_sio module and I also included the stty terminal management tool (from the GNU coreutils 8.19 package) to make it easy to work with the serial port even from the command prompt or using shell scripts.
Once the modules are loaded:

insmod usbserial.ko
insmod ftdi_sio.ko

When the device is attached you should see it detected by looking at the kernel messages, something like:

ftdi_sio 2-1:1.0: FTDI USB Serial Device converter detected
usb 2-1: Detected FT232RL
usb 2-1: FTDI USB Serial Device converter now attached to ttyUSB0
usbcore: registered new interface driver ftdi_sio
ftdi_sio: v1.4.3:USB FTDI Serial Converters Driver

Now the device can be used via the device ttyUSB0 (the device may diffeer depending on what else you have attached to the USB hub). Make sure you create a device to be able to access it since by default is not present:

mknod /dev/ttyUSB0 c 188 0

And then you can access it through /dev/ttyUSB0 device. You can use the stty tool in the package to configure the serial communication parameters, for example to set the baudrate to 9600 which is quite classic in Arudino IDE example files you may play with:

stty -F/dev/ttyUSB0 9600

And then you can even use command line tools such as cat to read or echo to write to the serial from a shell script or command prompt. And now you can expand your DGN2200v3 router to make the connected Arduino board interact with additional electronics and so on with a cheap but very reailable setup .

Of course: needless to say that you can use this usbserial+ftdi_sio package also to connect just a standard USB-232 converter to your router if that is usefull to you! :)

 

 

Dynamic DNS with other providers

Since June 2014 DynDNS, which is the only officially supported Dynamic DNS service in the DGN2200, is not anymore free and therefore if you don’t want to leave some Euros for this service the router cannot support this service anymore.
But not everything of course is lost, there are a bunch of other possibilities still free out there that should work with little hassle on the DGN2200. I have tried myself no-ip but also DnsDynamic should work. Try to work with this little script that I use for no-ip myself:

#!/bin/sh

LASTIP="first"
LOOPS=0

USERNAME="myusernamehere"
PASSWORD="mypasswordhere"
HOSTNAME="whatever.noip.com"

sleep 120

while true; do
        NEWIP=`ifconfig | grep P-t-P | cut -d":" -f 2 | cut -d" " -f 1`
        # echo "New ip=$NEWIP, old ip=$LASTIP"
        if [ "$NEWIP" != "$LASTIP" ]; then
                #echo "updating..."
                rm /tmp/noipout
                CURLOUT=`/mnt/shares/U/curl -o /tmp/noipout -u $USERNAME:$PASSWORD 
"http://dynupdate.no-ip.com/nic/update?hostname=$HOSTNAME"`
                grep -e "good" -e "nochg" /tmp/noipout
                if [ $? -eq 0 ]; then
                        # echo "good update"
                        LASTIP=$NEWIP
                fi
        fi
        sleep 120
        LOOPS=$((LOOPS+1))

        if [ $LOOPS -ge 60 ]; then
                LASTIP="force"
                LOOPS=0
        fi
done;

The script will loop forever and every 2 minutes it will check if the IP on the outside interface (the NEWIP value) changed. If changed it will use Curl (be aware that you may need to change the path to curl, that you can download from the top part of the article, depending on where you installed it) to send the appropriate query to the server. It will then parse the output returned to see if the update was successfull. Every 60 loops (so every 2 hours) an update will be anyway forced for safety.
For DnsDynamic the script should be quite simillar since the return codes are the same. Be just aware that you need to change the URL used in the previous script to update to something like:


https://www.dnsdynamic.org/api/?hostname=$HOSTNAME&myip=$NEWIP

You can put this script as explained for other tasks in your /usr/etc/rcS (or a custom one) to be executed at boot time (do not forget the & character to put it in background!)
 

This entry was posted in Linux desktop, Linux embedded and tagged , , , , , , , , , , , . Bookmark the permalink.

137 Responses to Customizing your Netgear DGN2200v3

  1. Davide says:

    Well done! :)
    I’d like to add the p910nd daemon on the router, can you cross-compile it to make some test please?
    And another question: is this sw compatible with dgn2200v1 router (and reverse, too)?

    Thanks a lot

    D.

    • fede says:

      Hello there!
      I prepared the p910nd as requested, I just tested that it starts and is alive, didn’t have the possibility to have a printer attached at the moment, but I may try later on :)

      Please let me know if the package seems to work to you eventuall so I put it in the official list of the post. Here is the link to download.

      The binary is derived from version 0.93 available at p910nd project page. I just modified the lockfile to be created at /var/lock instead of /var/lock/subsys to be more compatible with the default firmware.

      As for the binary compatibility of the dgn2200v1 router: I don’t have one to check sadly but the CPU is the same MIPS family so if the filesystem has simillar library versions they could be “binary compatible”.

      Ciao!

      • Davide says:

        Ok! Now I have all binaries in my router, but can’t use them.. :/
        I’m quite new on embedded systems so don’t exactly know to do how can I use the binaries.
        First of all, I put all binaries in /opt directory, and vt102 in /opt/toolchains/uclibc-crosstools-gcc-4.4.2-1/share/terminfo/v/ directory, but running ./nano I got the message “Error opening terminal: vt102.”
        No luck even with p910nd and dropbear daemons, running them I can’t find them alives on running processes list generated by ps command.

        Can you explain how do you get them up?

        Thanks a lot!! :)

        • fede says:

          Hello!

          For nano please double check the path to the “vt102″ file. That error is specific from the ncurses library that can’t find that file to get the terminal definition, so it would all point to the fact that somehow you didn’t copy correctly the file from the message.

          For dropbear: make sure you first generate the keys and then specify the path to the keys to the executable, otherwise the defaults are in /etc and they are missing there.

          So for the keys do for example both:
          ./dropbearkey -t rsa -f /tmp/dropbear_rsa_host_key
          and
          ./dropbearkey -t dss -f /tmp/dropbear_dss_host_key
          this will generate the two keys in /tmp (eventually of course you can put them in /opt or other fixed storage).

          Then start dropbear pointing to the keys with:
          ./dropbear -d /tmp/dropbear_dss_host_key -r /tmp/dropbear_rsa_host_key
          Now you should see it running and accepting connections!

          For p910nd if you start it with –help do you see it working? But if you just start “./p910nd” you should see a process p9100d running indeed. Check that you have the /var/lock and /var/run directories in case where it creates some runtime files.

          Are you using the v1 or v3 hardware at the end? Which firmware also do you have?

          Ciao!

  2. Davide says:

    Thanks for help! So..

    Router: dgn2200v3
    Firmware: V1.1.00.10_1.00.10

    As you said, a third check was needed for the path, the final “s” of toolchains was missing.. eh ehm.. sorry.. at the end.. nano is correctly working :)

    dropbear is also working, but at the beginning I couldn’t login with admin or root user, so checking /etc/passwd I discovered that root is the only user. So I simply solve the problem giving a “passwd” command from telnet debug console, choosing a new root password. After I copy the /etc/passwd to /usr/etc/passwd to make it permanent.

    As now I can’t print with p910nd daemon :/
    It seems the daemon is correctly running as it creates the pid file in /var/run and of course the port 9100 is discoverable from a client host with nmap.
    I tried lounching it with a “#p910nd -f /dev/printer0″ but I think that I have to tell to the router that he has a printer attached to his USB Host port.. but how should I do it?

    See ya! Ciao ;)

    • fede says:

      Hello!
      Great now nano and dropbear are working :) For dropbear maybe the login problem was also depending on the shell. Dropbear permits a login just from the shells listed in /etc/shells and admin user usually has a shell (/sbin/sh) that is not listed there. So another solution may have been just to add /sbin/sh in the /etc/shells file. I noticed I changed this on my device but forgot to write on the article.

      As for the printer you should attach the printer to the USB and check what the kernel is seeing with “dmesg”.
      I checked and the USB-Printer driver is compiled in (not as a module but integrated in the kernel). I tried to attach a printer and after some time indeed with “dmesg” command I saw:

      usblp0: USB Bidirectional printer dev 2 if 1 alt 0 proto 2 vid 0x04B8 pid 0×080

      meaning the printer was seen and recognized as a printer. Try to see if you see something like this. Actually it really depends a lot on the printer model now and how it gets detected. So plug it and check (after some time) with dmesg.

      Then as you correctly did you should use /dev/printer0 since that is a device with major/minor 180/0 which is what /dev/usblp0 is usually. You can get this info, if the printer is recognized, also in /sys/class/usb/lp0/dev file. But of course the first step is to see if and how your printer is recognized by the kernel.

      Hope it helps!

      Ciao,

  3. Pingback: How to cross-compile under Linux | EVOL S.R.L.

  4. luisapulliam@bigstring.com says:

    Hello! Would you mind if I share your blog with my facebook group?

    There’s a lot of people that I think would really enjoy your content. Please let me know. Cheers

  5. mmuy says:

    hi. if i make changes like the transmission power of the router to 80 is it going to be save until the next reboot or it will be saved until i flash another firmware? tnx

    • Hello!
      If you followed the article guide after “The modifications will be in place till next reboot of your router. If you want to save them permanently you have to ….” then they will be permanent until you change your firmware.

      While if you just typed over telnet the “wl” command then they will get lost at next reboot.

      Hope it clears out things :) Eventually let me know,

      Ciao,
      F.

  6. Thomas Ragos says:

    First off all many thanks for this awesome guide and software included…

    I managed to setup the p910nd daemon and now my DGN2200v3 works as a print server!
    All I had to do was to start the daemon with the following:
    ./p910nd -f /dev/printer0 -i 192.168.1.1
    where 192.168.1.1 is the IP of my router on the internal network.

    Now to my question…

    Is there any way to have the p910nd daemon start automatically when I reboot my router?

    Thanks!

    • Hello Thomas!
      Thanks for the kind words!

      To make it start automatically you have to add it to the end of the rcS script (in /usr/etc). Please check better the article above, after the part “Therefore if you want to make your modifications permanent to the startup scripts you have to work on /usr/etc. For example, considering also that there is no default editor on the system, if you would like to make the led blinking permanent you could execute something like this:”

      Of course if you first upload the nano editor supplied you can make it better ;)

      So:
      1) Mount the filesystem in rw (mount -n -o remount,rw /)
      2) Create the shell script for example /usr/etc/rc.thomas and inside put the commands you would like to execute at boot, so for example (notice that you have to put the entire path to the p910nd executable):
      #!/bin/sh
      /mnt/shares/U/p910nd -f /dev/printer0 -i 192.168.1.1

      3) Make che script executable (chmod a+x /usr/etc/rc.thomas)
      4) At the end of the /usr/etc/rcS script call your script, so at the very bottom just add

      /etc/rc.thomas &

      Hope it helps,

      Ciao,
      F.

      • Thomas Ragos says:

        Splendid!

        I now have my DGN2200v3 as a fully functional print server, without worrying about having to telnet and restart p910nd if I have to reboot :)!

        Many thanks once more…

  7. Michael Bliss says:

    Is there a way to create a second PPPOE DSL connection on the 2200v3? We have a VPN service here that works on these exact routers as long as they have the custom firmware from the VPN provider, unfortunately I made a mistake and bought a stock replacement one and now I cannot create a second PPPOE connection that is required for the setup of the VPN.

    If you can assist me with this I will be eternally grateful.

    • Hello,
      From the telnet command line you should have everything on the router, as there is pppoe command:

      # pppoe -V
      Roaring Penguin PPPoE Version 3.5

      And there is kernel support for it. Try to check the usage page on a normal Linux box or on a search engine.
      Be aware eventually of filters on iptables in case.

      Do you eventually have access to the shell of the VPN provider router? In that case you may try to check over there what is running specifically!

      Ciao,
      F.

  8. Thomas Ragos says:

    Hello again Federico…

    Today I have another challenge for your skills :).
    On my home network I have an IcyBOX NAS that has some SAMBA shares defined.
    I’m trying to mount a share on the DGN2200v3 but I get an error that smbfs is not supported by the kernel :(.

    Is there any chance for a .ko module that we could insmod to have such support?

    • Welcome back Thomas! ;)

      Don’t worry, no problem! Actually smbfs is obsolete from some time, cifs is suggested so I prepared that one for you!
      Here it comes: cifs-kernel-module-dgn2200-bin.tar.gz

      Just load it with insmod (insmod cifs.ko) and then to mount use something like:

      mount -t cifs //10.36.36.42/test /mnt/shares/U/cifstest/ -o username=guest

      Of course replace the IP (10.36.36.42 in example) and share name (test in example) and the mountpoint (/mnt/shares/U/cifstest) where you want to mount the share.
      If you need authentication then you should do something like -o username=user,password=pass

      I tested with a local guest access share from my Linux box and should be ok, let me know if it worked ;)

      Ciao!
      F.

      • Thomas Ragos says:

        Just 3 letters my friend…

        WOW!!!

        Works like a charm!
        I can’t wait to find some time to setup my remote server to backup over SSH directly to my IcyBOX :D…

        I honestly can’t thank you enough for your help.

        Best regards,

        Thomas

  9. Thomas Ragos says:

    Hello again…

    I hope you won’t hate me for keep asking you for things :).
    Any chance for an rsync binary so that I can sync my remote server with my NAS?

    Dropbear doesn’t have SFTP capabilities :(

    Thanks in advance!

    • Ciao Thomas,
      Don’t worry, takes little time for simple packages so no problem at all :)

      Try here: rsync-dgn2200-bin.tar.gz.

      It’s last 3.0.9 version. I just tested it very very briefly since I’m short on time right now, please let me know if it works well so I put it later in the “official” packages list in the article ;)

      Ciao!
      F.

  10. Sherry says:

    I like the helpful info you provide in your articles.
    I’ll bookmark your weblog and check again here regularly. I am quite sure I’ll learn plenty of new stuff
    right here! Good luck for the next!

  11. Thomas Ragos says:

    Hello again…

    I’m trying to find how I can send an email from the router via command line.
    Since from the web interface we can schedule email sending of logs, I suppose there is a mail sending command somewhere.
    I tried “mail” and “sendmail” but I only get the “command not found”…

    Any hits dear DGN2200v3 guru :) ?

    • Hey Thomas,
      The tool already inside the router is “smtpc”. Try to start it without parameters to get an usage pattern:

      # smtpc
      ==========================================================
      Usage: ./smtpc [m:s:f:r:h:p:U:P:cv] < files
      -m mime type
      -s subject
      -f from addr (if NULL use recipient)
      -r recipient
      -h mail server
      -p mail port (default=25)
      -U user name (ESMTP)
      -P password (ESMTP)
      -c Clear syslog
      -v verbose (DEBUG)
      ========================================================

      This is the one used for reports configurable from the web interface. It is not too advanced (no SSL etc) but check if it is enough for you.
      Later on I was planning to crosscompile msmtp when I have a bit of time :)

      Ciao!
      F.

  12. Thomas Ragos says:

    Now it’s time for me to share a tip for our DGN2200v3 :).

    As you may have noticed, from the web GUI we can only use DynDNS service for dynamic DNS. Unfortunately DynDNS is no longer free (without “trying” a Pro subscription that you have to cancel).

    In order to have dynamic DNS, you can created an account to DNSDynamic.
    Then, via Telnet/SSH and nano (or simply echo) create a file (e.g. /etc/ddns) with the following content:
    export IPADDR=`/usr/sbin/ifconfig ppp1 | grep 'inet addr:' | cut -d':' -f2 | cut -d' ' -f1`
    curl --interface ppp1 --insecure "https://:@www.dnsdynamic.org/api/?hostname=&myip=$IPADDR"

    Replace with your email as DNSDynamic, with your password and with your hostname.

    Then, create an entry in /etc/crontab in order to execute the script every let’s say 5 minutes.

    /usr/sbin/echo "*/5 * * * * root /bin/sh /etc/ddns" >> /etc/crontab

    That’s it!

    PS:
    I still can’t find how to automatically add the cron job upon reboot :(.
    Adding it to /etc/usr/crontab didn’t do the trick.
    It seems /etc/crontab is overwritten by something else on boot…

    • Thanks Thomas for the very useful information!

      One other way to have a free dynamic DNS option that is 100% compatible with Dyndns (actually it’s Dyndns server itself just “rebranded”) is to use the service at https://www.dlinkddns.com (at least until it lasts :-) you have to register then it practically creates you one dyndns domain for free… one per account)

      I’ll check out the crontab and hopefully let you know something interesting :)

      Ciao!

    • Hey Thomas,
      Did my homework :)

      Well the crontab file looks like it’s overwritten by the “rc_apps” executable which does most of Netgear “closed source” operations. (there is no source of this file) So “use the source, Luke” didn’t apply!

      This said I studied a bit that executable (sometimes the dark side calls you in such moments! ;) ) and noticed that one of the things it does is also appending at the end of the operations the file /etc/wifi_crontab, if it exists, to the crontab file.
      That wifi_crontab file is created when you do WIFI scheduling from the Web interface.

      So actually one solution, if you don’t use (or don’t change often since it’s overwritten every time you reconfigure it) the WIFI scheduling is to put your line for crontab in /usr/etc/wifi_crontab and it will be automatically added at every boot.

      Hope that is a working solution for you!

      Ciao,
      F.

      • Thomas Ragos says:

        Since I don’t use WiFi scheduling, I’ll go along the wifi_crontab route :).

        Thanks for the tip!

    • stefanot says:

      hi.
      you are a dream!
      I’ve tried to find all over somebody that copied and shared your method, without any result.
      before to trought my 2200vs away…
      could you explain to a newbe better how to do it?
      how I have to create the files and where I have to put my account/password that I have created at dnsdynamic
      thank you very much

  13. superpippo82xxx says:

    Hi can you help me building iptable roules for openvpn
    I’ve vpn working VPN and i can access application running on the router but i can’t access local lan.
    Thanks

  14. Stuart says:

    Thanks for the great info. I notice that the router has wget so I can get your packages straight to it. But it does not have tar and zip. Any chance you could make tar and zip binaries and add them to your list (not tared or zipped themselves obviously ;)

    Has anyone managed to get ext2/3 usb storage working on the dgn2200v3? The manual says it should work but it just does not show up as a share. I know the kernel has ext support and can mount my drive manually by telneting in. dmesg shows the drive is detected but it does not mount it. dmesg also shows this:

    FAT: utf8 is not a recommended IO charset for FAT filesystems, filesystem will be case sensitive!

    So it looks like it tries to mount as FAT even though it is ext (I have tried ext2 and ext3). FAT would be a pain due to the 4gb file limit. I guess I could try NTFS but that just seems wrong on a linux box.

    Many thanks,

    Stuart

    • Hello Stuart!
      I like a lot the a “live” tar idea to make the deployment of additional packages even easier even when lacking a PC with a few tools nearby :)
      I added in the article body a copy of tar executable uncompressed (and also gzip nearby to handle the gzipped archives) in the ready software!
      Thanks for the idea :)

      As for the mount: you’re correct ext3 is supported in the kernel. The real problem is that the application that manages the mounts (rc_apps, it’s closed source) actually forces NTFS/FAT :-(
      See here:


      mounting %s -> /mnt/shares/%c
      /sbin/mkdir -p /mnt/shares/%c
      /bin/ntfsmount -o rw,force /dev/%s /mnt/shares/%c
      /bin/mount -t vfat -o rw,uid=0,gid=0,umask=000,iocharset=utf8 /dev/%s /mnt/shares/%c

      I didn’t check how carefully then it manages to understand if the mount was succesfully, but it may just check the return code probably.

      I guess that eventually putting a custom ntfsmount or mount (a shell script with some logic inside) may be a good and clean trick to do the thing :) So for example rename ntfsmount to something else and do a shell script instead of ntfsmount that first tries to mount it as ext3 and if not succesfull calls the old binary… it should work ;)

      Hope it was of help,

      Ciao!
      F.

      • Stuart says:

        Thanks for the tar and zip. It worked like a dream with telnet open I could just right click in my browser and copy the link and then paste after a wget in the telnet terminal. Really easy.

        I have figured a very cludgy hack to get my ext3 drive shared and survive reboots and hot plugging (not unplugging).

        I first append this to /usr/etc/samba.conf/smb.conf:


        [shares]
        comment = Shares
        writeable = yes
        path = /mnt/shares/

        This means whenever samba starts it will share the /mnt/shares directory and therefore I can get at any sub-directories.

        In order to get the drive to automount I have slightly adapted this script /usr/etc/usb/usb_m.sh


        ....
        /bin/sleep 3

        #first try to mount ext3
        /etc/mountExt.sh $1 $2
        if [ $? -eq 0 ]; then
        #That script worked so we do not need to continue
        exit 0
        fi

        /usr/sbin/rc usb_service mount $1
        ....

        The new bit should be in bold. If the script succeeds then no need to call the closed source mount so we exit with success.

        The script itself /usr/etc/mountExt.sh:


        #!/bin/sh

        rmDir() {
        if [ "$(ls -A $1)" ]; then
        echo "Not empty"
        else
        rm -r $1
        fi
        }

        SHARES=/mnt/shares/

        if [ ! -d $SHARES/$2 ]; then
        mkdir $SHARES/$2
        fi

        mount -t ext3 /dev/"$1"1 $SHARES/$2
        if [ $? -ne 0 ]; then
        echo "mount borked it"
        rmDir $SHARES/$2
        exit 200
        fi

        nmbd
        smbd

        This uses the model name of the drive provided by the mount script. It creates a directory in /mnt/shares. I have no way to check what the file system is so we just try and mount it as ext3. If it succeeds then it was ext3 and we start samba. If it fails then it was not ext3 and we delete the directory (ensuring it is empty). We then return an arbitrary non 0 exit code. The main script will use this to determine whether to continue to try the built in mount script for FAT and NTFS.

        It is very hacky but it works for me and survives reboot. Limitations are that it will only try and mount the first partition of a drive. The web GUI also does not know anything about the mounted ext3. It will not show up on the list of shares in the settings and it can not be safely removed from there. The only way to unmount is to telnet in and do it manually.

        Hope it is useful for others. It should not interfere with the normal working of the usb sharing but if you have problems you can restore the files from you backups or reflash. I see no reason why it would make the router unbootable but it is your own risk.

        • Raj says:

          Stuart/Federico

          I cannot get tar to work based on the instructions you have provided regarding getting tar & gzip to work in my netgear DGN2200v3 adsl router. What am i doing wrong? please advice. Thanks


          # pwd
          /
          # ls -ltr *tar*
          -rwxr-xr-x 1 root root 475980 Nov 13 20:03 tar
          # ls -ltr *gzip*
          -rwxr-xr-x 1 root root 123760 Nov 13 20:03 gzip
          # echo $PATH
          /sbin:/usr/sbin:/bin:/usr/bin
          # echo $PATH:/gzip/sd12
          /sbin:/usr/sbin:/bin:/usr/bin:/gzip/sd12
          # echo $PATH:/tar/sd12
          /sbin:/usr/sbin:/bin:/usr/bin:/tar/sd12
          # cd sd12
          # ls -ltr
          -rw-r--r-- 1 root root 190128 Nov 13 20:38 nano-dgn2200-bin.tar.gz
          # tar xfz nano-dgn2200-bin.tar.gz
          -sh: tar: not found

          • Raj:

            You should just put the *directory* in the path and you have to use “export” to set a variable not “echo”.

            Therefore if you put everything in “/” just use:


            # export PATH=$PATH:/

            Ciao!

  15. Stuart says:

    I have realised that we can easily add to the web frontend as we can write into /www/

    If we remount using

    mount -n -o remount,rw /

    Then we can make our own cgi using shell scripts. If you have the toolchain then could also do it in C but ash is good for most things. As an example if you make a file called samba.cgi an save it in /www/


    #!/bin/sh

    startSamba() {
    /sbin/smbd -D > /dev/null 2>&1
    /sbin/nmbd -D > /dev/null 2>&1
    }

    stopSamba() {
    /sbin/killall smbd
    /sbin/killall nmbd
    while /sbin/ps aux | /sbin/grep -v grep | /sbin/grep -q 'smbd' ; do
    /sbin/sleep 1
    done
    }

    echo "Content-type: text/html"
    echo ""

    case $QUERY_STRING in
    *samba=start*)
    startSamba
    ;;
    *samba=stop*)
    stopSamba
    ;;
    *samba=restart*)
    stopSamba
    startSamba
    ;;
    esac

    echo "Samba is "
    if /sbin/ps aux | /sbin/grep -v grep | /sbin/grep -q 'smbd'
    then
    echo 'running'
    start="disabled"
    restart=""
    stop=""
    else
    echo 'not running'
    start=""
    restart="disabled"
    stop="disabled"
    fi
    echo "

    Choose action:
    Start
    Restart
    Stop

    "

    exit 0

    You can then browse to http://IPofYourRouter/samba.cgi

    You will get a very simple page that tells you if samba is running and lets you start, stop or restart it.

    I intend to make myself a page which lets me start and stop samba but also shows all external drives and partitions and lets me mount/unmount them. This is all possible without other dependencies. The only thing I won’t be able to do is show the filesystem of an unmounted drive. The best way to find this would be the file command but it is not on the router.

    Will share when done but maybe others can think of ways to add interesting web based controls.

    Stuart

    • Stuart says:

      The comments system is eating the HTML code in the script. TTo see the script properly check here:

    • Hey Stuart,
      Thanks for the great feedback!

      I’ll see if I can prepare the file or some simillar tool (like blkid or so) for the DGN so you can also give informations about umounted devices as you say!

      Ciao.
      F.

  16. Pingback: Устранение проблем при работе с NETGEAR N300 DGN2200v3 | asfdfdfd

  17. Kapil Oberoi says:

    Excellent work !! I’ve been trying to compile nmap for my WNR3500LV2 but in vain. Did you ever tried to compile nmap as no matter which tutorial I follow, the toolchain cannot be compiled :(

    TY

    • Hello,
      Well nmap is quite a nice beast! With libpcap and expecially liblua as a dependancy is quite problematic with the uClinux based toolchain.

      If a version without the lua extension is fine for you then you can find now one working one here: nmap-6.25-nolua-dgn2200-bin.tar.gz.

      Decompress it where you like then since it needs also the libpcap library either put it in a library directory or use it with the LD_LIBRARY_PATH variable, ie:

      LD_LIBRARY_PATH=. ./nmap -v

      Also given the limited uClibc you cannot use the epoll engine so append a --nsock-engine poll to your classic command line. (or otherwise select)

      To compile it without LUA there is this bug to be aware eventually.

      Hope it helps! For a fully featured lua version some more time and patience would be needed ;)

      ciao!
      F.

      • kapil Oberoi says:

        Much appreciated !!!!!
        I’ll be using the – nmap-6.25-nolua-dgn2200-bin.tar.gz as advised by you. But to use this do we have to shift from the original netgear firmware to tomato and dd-wrt??

        My apologies for being so demanding but your help would be once again highly appreciated :D

        • The package is for the standard Netgear firmwares (both beta and not). It should anyway work on other simillar/alternative firmwares if the libraries are roughly simillar (and of course the architecture), give it a try eventually :)

          Ciao!
          F.

          • kapil oberoi says:

            With your inputs, I was finally able to cross-compile nmap for wnr3500lv2.

            For copying the nmap generated information, I cross-compiled WPUT successfully. But the problem is that wput is not able to connect to any ftp server and says permission denied. On the ftp server there is no hit/log.

            Is it something with the compilation ??? The same command works from the windows and linux system that are connected to the same router.

            TY

          • Hello,
            I checked the code of wput and tried why doesn’t it work. The problem is that some calls return, as it should be being non-blocking, an EINPROGRESS error code but the source is checking for some *hardcoded* values and not for the EINPROGRESS define. This is of course not portable and compiler dependant!
            Infact if you check the code in socketlib.c you’ll find:
            if(errno > 0 && errno != 115 && errno != 36)
            That is not very polite to use. You should replace it with:
            if(errno > 0 && errno != EINPROGRESS)
            And then it should work!
            Ciao!
            f.

          • kapil oberoi says:

            After recompiling WPUT with – if(errno > 0 && errno != EINPROGRESS), now Im stuck at error – connecting to xxx.xxx.xxx.xxx………. failed. No matter which FTP I specify, the error in displayed instantenously.

          • Hello!
            That is strange mmm… Are you sure there aren’t on that router some limitations to outgoing connection from the router itself?
            You could try for example with another client (for example curl that is on the article to download) to see if that works. Or eventually, more technical solution, try to run WPUT with strace (also on the page above) so you see what call fails (I debugged the EINPROGRESS problem like this indeed). As for DGN2220v3 I tried WPUT on one single FTP upload and it worked. In case here is the dgn2200 version compiled wput-0.6.1-dgn2200-bin.tar.gz.
            Ciao
            F

          • kapil oberoi says:

            Hello,

            I did compiled the curl and it works perfectly fine. It seems that the issue is with wput.

            Thanks again for your help..

          • Kapil Oberoi says:

            Which application can check the amount traffic on WAN / LAN interface of netgear’s WNR3500lv2 like SHIBBY’s TOMATO “Realtime bandwidth monitoring of LAN clients” option ? We use OFW.

          • Hi!
            From the “low level” point of view you can use iptables accounting rules to “count” the traffic using whatever rule you prefeer (by interface, ip, port, whatever).
            From the graphical side I don’t have a suggestion for you but I guess there are eventually many options if you give Google a try :)
            Ciao!

        • JCM says:

          I have been following this topic and it helped me alot with my wnr3550 official firmware.

          I created a script that continuously pings an address and then uploads the results to a FTP location. However, after router reset the scripts is rendered useless as the CRONTAB entry is removed.

          I noticed that the default entry is created (firmware update entry) automatically. Can I somehow ensure that when the router is set to default/reset, my entry is also created automatically like the default one??? Do I have to make this change in a file in the actual firmware source code ??

          Any help shall be appreciated !!

          • Hello!
            In the DGN2200V3 firmware the crontab file is regenerated by the /etc/rc_apps binary which is closed source and therefore cannot be modified. But a very easy solution is that you add a few lines of shell that gets automatically executed at boot to add your lines.

            On the DGN you do this by:
            1) Add in the /usr/etc/rcS file (since /etc/rcS is just a live copy) at the end a call like “/etc/rc_custom &”. This will execute rc_custom
            2) Create a shell script “/usr/etc/rc_custom” in which you execute what you do manually, for example:

            #!/bin/sh
            sleep 30
            echo "10 * * * * root /usr/bin/myoperation" >> /usr/etc/crontab

            The script just waits for 30 seconds (so you’re sure the system booted up totally) and then just appends the line to the crontab.
            3) Make the script executble (chmod a+x /usr/etc/rc_custom)

            Upon next reboot you should have your operation automatically added.

            Otherwise on the DGN another solution (see some comments up) is to add your actions to the file /usr/etc/wifi_crontabs. This file has the classic crontab format and just gets appended after the other ones!

            Ciao!

  18. ingamedeo says:

    Hi :) Yesterday I flashed this router with the new firmware, but now all light are on and recovery mode doesn’t work! :(

    And suggestions about how to recover the router and have it working again?

    Perhaps something like JTAG?

    • Hi,
      Switch off the router, then keep the reset button pressed and power on the router. If the leds start blinking (like when you do web upgrade) it may be recoverable since it goes in flashing mode.

      Then get this program here for Windows XP (some report troubles with 7 and later) and use this firmware here with the program to flash it (copy dgn2200v3.bin inside the utility directory). The program is originally for the DGN834 but works also with the 2200.

      Connect to the ethernet port, when the router is in the blinking state start the program and have a lot of patience for the operation to finish. There is a little guide inside the ZIP file, just be sure you put the right firmware as linked.

      Hope it helps!

      Otherwise you could get out the serial / JTAG but it’s quite a longer road.

      Ciao,
      F.

  19. Pingback: TOR+Privoxy minimal setup for DGN2200v3/MIPS architecture | EVOL S.R.L.

  20. Leo says:

    Reboot DGN2200 Every day at 5:00

    Thanks for all info you provide above:

    I used it to set my router to reboot everyday and the steps I used are below in case someone else needs it.
    Enable debug mode

    URL: http://routerip/setup.cgi?todo=debug

    On this router it does let you set 192.168.1.1 to respond to telnet otherwise would need to do it local

    So setup firewall rules to enable telnet calls from off site

    Mount system file to read and write

    mount -n -o remount,rw /

    change work directory and install tar, gzip and nano

    cd /usr/etc

    PATH=$PATH:/usr/etc

    Will need to download the files on this zip to the router the router has wget installed already.

    Probably upload the files to a ftp server and download from there:

    the file tar and gzip need to be change to exectubles

    chmod a+x tar gzip

    tar xfz nano-dgn2200-bin.tar.gz

    Create a folder

    mkdir opt
    cd opt
    mkdir toolchains
    cd toolchains
    mkdir uclibc-crosstools-gcc-4.4.2-1
    cd uclibc-crosstools-gcc-4.4.2-1
    mkdir share
    cd share
    mkdir terminfo
    cd terminfo
    mkdir v
    cd v

    cp /usr/etc/vt102 /opt/toolchains/uclibc-crosstools-gcc-4.4.2-1/share/terminfo/v/vt102

    cd /usr/etc
    nano crontab

    add the line

    0 5 * * * root /sbin/reboot

  21. kapil oberoi says:

    My God, you are a saviour !!!!!

    Thank you very much for your time and efforts.

  22. ninavillanueva says:

    Very good article! We are linking to this great post on our
    website. Keep up the great writing.

  23. Hemant Kapoor says:

    Very valuable info (could not find this anywhere on the net, thanks for that). Now if you can help me with one more thing. I want to permanently disable AnnexM. I can disable it through DMT Tool but it turns on after reboot. “adslctl profile –save” gives adslctl profile –save
    adslctl –save is only supported from Linux404 on ward
    #
    #
    Would be nice if you could help me with this. Thanks in advance.

    • Hello!
      An easy solution is that you add a few lines of shell that gets automatically executed at boot to add your lines.

      On the DGN you do this by:
      1) Add in the /usr/etc/rcS file (since /etc/rcS is just a live copy) at the end a call like “/etc/rc_custom &”. This will execute rc_custom
      2) Create a shell script “/usr/etc/rc_custom” in which you execute what you do manually, for example:

      #!/bin/sh
      sleep 30
      adslctl ……….

      The script just waits for 30 seconds (so you’re sure the system booted up totally) and then executes your commands
      3) Make the script executble (chmod a+x /usr/etc/rc_custom)

      Upon next reboot you should have your operation automatically added.

      Ciao!

  24. claire_rawlings says:

    Awesome post.

  25. Deon says:

    Hi, we use the DGN2200V3 as a wireless router only. The router is working fine but we experience the following problem: the users/laptops can connect immediately to the router with limited access, ie no network/internet access BUT then it takes up to 5 minutes to get access to the network/internet? Any setting which we can change in order for “immediate” network/internet access? The LED’s are also net blinking but I notice the solution in the blog. We have another 2 Netgear wireless routers on the network and they are working fine…Thanks for your assistance…

    • Hello!
      This sounds quite strange sincerely. Given the timeouts I would investigate if there is some DHCP problems (if you are using DHCP on the routers try using fixed IPs as a test) or maybe some DNS troubles (again try putting some fixed external DNS services such as OpenDNS in some test PC).

      Ciao!
      f.

  26. DonKy says:

    Hi folks!!
    This is the great article for dgn2200 on the net!!!

    I understand many things from here but….how i can add a new service for DDNS?
    I would like to add OVH that is my domain, with the service DDNS.

    Can some one help me?
    Thanks in advance!!!

    • Hello!
      I’m not practical with OVH but as far as I can see for example here you could just use wget (already inside the firmware) or curl (in the download section) to call the URL that is formed as by the link, namely:

      http://[USERNAME]:[PASSWORD]@www.ovh.com/nic/update?system=dyndns&hostname=[DOMAIN]&myip=[IP]

      To update the DDNS info. You can put this in the rcS script executed at startup or for example in the cron list to make it executed every fixed time (check in the previous comments for how to schedule an operation with cron by using for example the wireless schedule file).

      Ciao!

  27. anthonyno says:

    “considering also that there is no default editor on the system”
    Firmware Version 1.1.00.21 (North America) : vi is perfectly working :-)
    To change SNR I used
    #!/bin/sh
    # 30 seconds are not enough for adslctl …
    /bin/sleep 60
    /bin/adslctl start –snr …

    Bye

    anthonyno

  28. Basil Brooks says:

    Wow…

    Thanks so much I used this to fix the SNR or my DGN2200v3. With the default setting I only get around 1Mb download but when I set it with “adslctl configure –snr 50″ I get 2Mb which is the max on this line.

    So I used your code to do this every boot. (I used to use unix years ago so it was somewhat familiar).

    I found I needed to sleep for 60 secs to make it work.

    So this did the trick:


    mount -n -o remount,rw /
    cd /usr/etc
    echo "/etc/rc.snr &" >> rcS
    echo "#!/bin/sh" > /usr/etc/rc.snr
    echo "/bin/sleep 60" >> /usr/etc/rc.snr
    echo "/usr/bin/adslctl configure --snr 50" >> /usr/etc/rc.snr
    chmod a+x /usr/etc/rc.snr

    Fantastic!! Thanks again for sharing this info!!

    Basil

  29. Basil Brooks says:

    ha ha just saw the post above, wasn’t there last time I looked, seems like it fixed for that guy as well…

  30. Alvin Lambert says:

    Hi, nice article. I really like it!

  31. Prakash says:

    Good Post. Learnt a lot about DGN2200v3 thru this. Thanks a lot.

    A little contribution from my side. Modify the line which contains “/bin/echo 0300 > /proc/led” in /usr/etc/rcS to enable internet LED blinking.

    I modified to below code for my taste.

    “/bin/echo 0301 > /proc/led”

  32. Prakash says:

    Hi Federico

    Just a thought can the usbserial module enable support for 3G Dongle/Modems similar to DGN2200M on DGN2200v3?

    Regds

    PP

    • Hello!
      It really depends on the 3G dongle/modem. If the modem is seen as a usb serial device then (adding the specific chipset module near) absolutely yes! Otherwise often you find such dongles using the USB ACM module or with other modules.

      But definitely: I don’t see any reason why by just adding the correct module(s) you could absolutely turn the DGN2200 to the M version with just a few software tricks ;)

      If you have any 3G dongle under your hand for a test (I don’t actually have any) it would be great to know, I can eventually compile some additional modules for you if you need so.

      Ciao!
      F.

      • Prakash says:

        Thanks a Federico. I do have a Huawei EC150 Dongle supplied by Reliance here. I could see it detecting the Storage part of it but not the modem. I think it didnt switch to modem mode ( from what I got from google ). Below is the dmesg output.

        usb 2-1: new full speed USB device using ohci_hcd and address 2
        usb 2-1: configuration #1 chosen from 1 choice
        scsi1 : SCSI emulation for USB Mass Storage devices
        usb-storage: device found at 2
        usb-storage: waiting for device to settle before scanning
        nas1: no IPv6 routers present
        scsi 1:0:0:0: CD-ROM HUAWEI Mass Storage 2.31 PQ: 0 ANSI: 0
        usb-storage: device scan complete
        .
        .
        .
        usbcore: registered new interface driver usbserial
        usbserial: USB Serial Driver core

        BTW is rtorrent working on 1.0.0.23? I am getting “Error opening terminal: vt102″ error.

        • For rtorrent: make sure that the vt102 terminal file definition is on the device. The file must be in /opt/toolchains/uclibc-crosstools-gcc-4.4.2-1/share/terminfo/v/ directory. You can find the file in the “nano” package for example (it is used by termcap)

          I’ll give a look the the 3G dongle ASAP and let you know! (sorry but I’ve been very busy this days)

          F.

          • Prakash says:

            Thanks for the response Federco. I just installed amod 1.0.16 and configured transmission and its working fine now. Will leave vt102 for sometime now though I could see a file present in /usr/share/terminfo/v.

            Will await your reply for the 3G dongle driver.

  33. Prakash says:

    Hi Federico … Can you help in compiling SQUID or equivalent Proxy Caching package for DGN2200?

    • Hello there!
      Well Squid is a great proxy but I wouldn’t suggest it really for the DGN2200 since it’s really too resource hungry if you really don’t need some specific feature of it (of it zillions of features :) ).

      As a lightweight and essential alternative I’d suggest polipo which is often also associated with TOR for example. You can find more informations about it on polipo homepage and here comes also the latest version crosscompiled for the DGN2200: polipo-1.0.4.1-dgn2200-bin.tar.gz (I did a few fast tests right now and it looks fine). You can find example configuration files online by searching polipo.conf.

      Ciao!

      • Prakash says:

        Thanks again. Works like a charm :). I have created config file under /usr/etc/polipo/, which is the default location. Below is a small script which is called at every boot to do a house keeping on the files once every 7 days or later.

        #!/bin/sh

        LASTRUNFILE="/mnt/shares/U/polipo/lastrun"
        today=`date +%Y%m%d`

        if [ -f $LASTRUNFILE ]
        then
        lastrun=`cat $LASTRUNFILE`
        daysrun=`expr $today - $lastrun`
        if [ $daysrun -gt 7 ]
        then
        pid=`ps | grep polipo | grep config | awk '{print $1}'`
        kill -USR1 $pid
        sleep 1
        /sbin/polipo -x
        kill -USR2 $pid
        echo $today > $LASTRUNFILE
        fi
        else
        echo $today > $LASTRUNFILE
        fi

  34. Stuart Marsden says:

    Hi Federico,

    Thanks for all your work on this router. I got my ext external drive working nicely on my router and shared with samba (see my posts from a few months ago).

    I want to be able to back files up to a shared server but my protocol options are limited. Rsync would be great but is not supported by the remote server so I need ftp. I have discovered that lftp http://lftp.yar.ru/ has a mode called mirror which works a bit like rsync over ftp.

    Is it possible that you could compile lftp for our router.

    Many thanks,

    Stuart Marsden

    • Hello Stuart,
      I’m happy you’re using happily your router and still tweaking it :)

      For lftp here it is! I did a few tests but not with mirror mode but hope it works (has also zlib and ssl compiled in): lftp-4.4.9-dgn2200-bin.tar.gz

      In the .tar.gz you’ll find the lftp binary and two libraries that are needed for it to run. Either copy them in /lib so the system will see them automatically otherwise just put them someplace and then use the LD_LIBRARY_PATH variable.

      For example if you just put all the files together in some directory run it then with:

      # LD_LIBRARY_PATH=. ./lftp --version
      LFTP | Version 4.4.9 | Copyright (c) 1996-2013 Alexander V. Lukyanov

      LFTP is free software: you can redistribute it and/or modify
      it under the terms of the GNU General Public License as published by
      the Free Software Foundation, either version 3 of the License, or
      (at your option) any later version.
      ...

      Hope it works fine for your needs, let me know!

      Ciao,
      Federico

      • Stuart Marsden says:

        Federico,

        Thank you so much for doing that so quickly. I will have a go with it in the next few days and let you know how it works.

        Stuart

      • Stuart Marsden says:

        Only done a short test with mirror on lftp but seems to work fine. I will now look at how I set up a cron job to do a backup of my attached hard drive in the middle of the night.

        Copied lftp to /bin and the libs to /lib and it works great. How do I know how much room I have left on / as df does not seem to be available?

        Many thanks,

        Stuart

        • Stuart Marsden says:

          Must have been in lftp shell when I tried df as it is on the router. I seem to have about 6MB still to use.

  35. Bennie says:

    Hello Federico!
    We have a DGN2200 router and want to use it as a print server. However I was disappointed to find out that it doesn’t support that option. I thought of buying a LAN to USB print server, but then I encountered this article and fount out it’s possible to set up a print daemon!
    However I am not very familiar with linux commands and functions. Is there an easy “how to” to install the print daemon to someone who isn’t used to linux commands?

  36. Hamid says:

    Hi Federico,

    I really love this post, it has kept me busy for 2 month playing
    with my router which I really enjoying it.

    Got a question for you, hoping you might be able to help me.
    I was trying to get the openvpn working on my router. I actually have done it
    on another machine (Ubuntu) with port forwarding and it works with no issues.

    With the DGN2200 itself, so far, I could connect to it from a windows machine
    and linux machine, got the Sequence Completed message. But cannot ping anything,
    not the server (private ip and local) not any others behind the firewall.

    I tried every single iptables rules, but still no success.

    Please let me know what I am missing.

    Cheers
    Hamid

    • Hello Hamid!
      Setting up iptables for OpenVPN is a bit “personal” since it depends really on the configuration you’re trying to setup and your network in general.

      This being said the most important thing to say is to remember that you have to work on the tap0 interface since that one is used for the vpn tunnel.

      As a starter that may help you at least in the very first step and first pings I’d suggest:

      iptables -A INBOUND_FILTER_1 -i tap0 -s 0/0 -d 0/0 -j ACCEPT
      iptables -A LOCAL -i tap0 -s 0/0 -d 0/0 -j ACCEPT

      This should help at least to access the VPN on the server itself. Then to access other host behind it you should work on the forwarding rules (and watch out that also the machines themselves need to have proper routing setup to send the packets on the router IP).

      ciao!
      F.

      • Hamid says:

        Thanks Federico,

        This actually worked and now I can see the private ip of the server.
        But I still cannot ping the local ip of the router therefore no other
        machine in the local network.

        Basically, all I want is to connect to my local network after vpn connection.

        Anyway, I will dig more to see if I can make this work.

        Thanks a lot for your help.

        • Hello Hamid,
          In this case the first thing you should look for is to push a route with openvpn. Try to search “openvpn push route” on your favourite search engine. This way you “publish” a network route on the other side of the link and therefore the other side should know where to send the packets to. Then you should poke iptables with some FORWARD rule.

          I gave a fast look around and found this link that may be interesting to you since I think it describes the case you’re trying to reproduce https://community.openvpn.net/openvpn/wiki/BridgingAndRouting

          Let me know! ;)

          Ciao!
          F.

          • Hamid says:

            Hi Federico,

            Thanks again for your kind reply and sorry for the relay in getting back to you.

            Was terribly busy these days, finally got a chance
            to try those routing rules but still no success.

            I also tried tcpdump, and I can see the ICMP packets coming to the router but getting no reply.

  37. Roberto Fasiani says:

    Hi Federico,
    do you think it’s feasible to compile some small sip server and fit it into the dgn2200v3? the idea is to use it to control an ATA like the grandstream ht503 or cisco spa3102 without having to reply on external sip services or having to buy a fritzbox…
    grazie
    Roberto

    • Ciao Roberto!
      I’m sincerely no expert (not even beginner I’d say! :-) ) of SIP. But the idea sounds very interesting to me so if you tell me which sip server could be a good candidate for the job (keep in mind that it has to be quite slim since the resources on the DGN are limited) I can try to give a look on the crosscompilation part when I have some spare time and if the crosscompilation is successfull I’ll let you do the full testing of it!
      Let me know!

      Ciao!
      F.

      • Roberto Fasiani says:

        I am not an expert either. I’ll play with some linux sip proxies (e.g. resiprocate) but of course it needs to fit in the little space left on my DGN2200v3 (less than 9Mb)… will come back here as soon as I have a good candidate, thanks!

        • Ciao Roberto!
          I gave a look to resiprocate and it doesn’t seem like a viable solution since it looks quite heavy (starting by the fact that it’s written in C++). After a little bit of research I saw Kamailio which has been used on other embedded devices it seems (check here). Does it look like a good candidate to you?
          When I have time I’ll in the meantime download the source and try to give it a compilation ;)

          Ciao!

          • Hello Roberto,
            I had a little spare time and here come Kamailio in the SER flavour (should be lighter) compiled if you have time to test it. I saw that it starts and seem to work but I don’t have much experience to make a decent test sincerely. Here it is (in the whole source tree so you have all the references): kamailio-4.0.3-dgn2200bins.tar.gz

            Ciao!

  38. Roberto Fasiani says:

    Hi Federico,
    thanks for compiling kamailio, unfortunately I had to abandon the project, it was getting too expensive (a good ATA was needed).
    Lately I set up the DGN with ssh and rsync following your suggestions but came across another strange behaviour, or maybe not. When I add the iptables rules to reach port 22 from outside, using a dyndns service, they last for a few hours, then suddendly they disappear. I guess that that happens when Telecom Italia forces the router to disconnect and reconnect with a different IP. I guess that the DGN calls “rc_apps” which rebuilds from scratch all iptables chains wasting any change. I am not sure where I could put a script to re-add my ssh rules. Have you got a clue?

  39. Guido Pietrella says:

    Ciao Federico,

    thanks for your post, I’ve followed it to make little improvements to my router… Everything was working fine, until I update the router firmware…

    Now it seems my modification script is not run after reboot, even though the correct line is at the end of the /usr/etc/rcS file.. If I manually run the script (by copying and pasting the same line in the rcS file), it works!

    Would you please take a look at my configuration and check if you see any mistake?

    Here is my modification file:


    # ls -la /usr/etc/GuidoMod.rc
    -rwxr-xr-x 1 root root 123 Jul 25 16:38 /usr/etc/GuidoMod.rc

    # cat /usr/etc/GuidoMod.rc
    #!/bin/sh
    /bin/sleep 20
    /usr/bin/wl ledbh 3 7
    /usr/bin/wl -a wl0 txpwr 160
    /bin/sleep 10
    /usr/bin/adslctl start --snr 25

    And here are the last lines of my rcS file:

    # tail /usr/etc/rcS

    #/bin/sleep 60
    #/sbin/insmod /lib/modules/GPL_NetUSB.ko
    #/sbin/insmod /lib/modules/NetUSB.ko

    /bin/ps
    #/bin/sleep 15
    #/usr/sbin/rc check_fw start
    /etc/GuidoMod.rc &

    It seems to me that everything is correct… Is there anything missing?

    Thanks in advance for your help,
    Guido. :)

  40. Michele says:

    Nice guide
    I’m search to follow guide to do PAT on my Netgear D6200
    doing it with iptables but I’m not very lucky ..

  41. Roberto Fasiani says:

    Following Michele’s comment I can confirm that the rcS method doesn’t work anymore even on my DGN on the latest firmware V1.1.00.23_1.00.23. It looks any appended custom config isn’t executed anymore despite it’s clearly both in /usr/etc/rcS and /etc/rcS as a consequence.
    Any ideas?

  42. Roberto Fasiani says:

    I have possibly found a way to get round the issue with the latest firmware preventing from excuting any script appended to rcS.
    Apparently rcS execution is stopped at some stage by a call to rc_apps, maybe when calling rc_init or “rc start”. I added a call to my script

    /etc/rc.mystartup &

    before the following three lines in rcS

    /usr/sbin/rc_app/rc_init
    /usr/sbin/ft_tool
    #/usr/sbin/scfgmgr

    in my script I called “/bin/sleep 60″ before my custom lines

    Basically the script is launched before rcS kills itself leaving the dirty job to rc_apps, but it sleeps until all the initialization has been done by rc_apps
    When rebooting, after a while, my script is nicely executed.

    • Roberto: many thanks for the solution and the update, great work! I’m using the “old” (actually totally personalized) setup so didn’t come across this trouble, but your solution and post is very precious!

  43. Prakash says:

    Hi Federico

    Can you help in compiling USB_ModeSwitch for DGN2200? My R&D on enabling 3G dongle support is still on and I am looking for an option which can switch the dongle mode from CDROM to Modem.

    Thanks in advance.

  44. Prakash says:

    I found out a dongle which works without any USB switching on the router. I am successful in establishing PPP connection to the ISP as well. Currently stuck with iptables. I am able to ping servers on the internet and local LAN from the router but unable to ping/browse from Local LAN. Tried to replicate the same ppp interface name but not successful. There is a new device “nas1″ dynamically created during the PPPoE session over ADSL. Not sure if that is causing the problem though. Anyone can help me or point me in the right direction?

    • Hello!
      If it’s working from the router and not from the local LAN then most probably the NAT rules are not set up or correct. When you “copied” the iptables rules did you also check out the NAT rules? You have to put a “-t nat” in the command line, so for example:
      iptables -L
      gives you all the rules in the filter table while
      iptables -t nat -L
      gives you the nat table entries. Check out that you “mirror” also that rules.

      Ciao!

  45. anthonyno says:

    Could anybody compile the igmp proxy code for DGN2200v3 ?
    This software is useful for IPTV enabling …
    Source code is in http : / / sourceforge.net / projects / igmpproxy /

    • anthonyno says:

      … or alternatively please compile udpxy …

      • Ciao,
        And here comes udpxy-1.0.23-9

        If you test it please leave a note if all works fine!

        Ciao!
        F.

        • anthonyno says:

          Server starts correctly:

          1970-01-01 00:06:01.736491 GMT S(7733) udpxy 1.0-23.9 (prod) standard [Linux 2.
          6.30 mips]: udpxy -p 4022 -a group1 -m ppp1 -v -l /tmp/udpxy.log
          1970-01-01 00:06:01.737273 GMT S(7733) Server is starting up, max clients = [3]
          1970-01-01 00:06:01.737865 GMT S(7733) Setting up listener for [192.168.0.1:4022]
          1970-01-01 00:06:01.738491 GMT S(7733) Setting low watermark for server socket [6] to [10]
          1970-01-01 00:06:01.738902 GMT S(7733) Created server socket=[6], backlog=[16]
          1970-01-01 00:06:01.739368 GMT S(7733) Entering server loop [pselect(2)]
          1970-01-01 00:06:01.739650 GMT S(7733) Waiting for input from [2] fd's, NO timeout
          1970-01-01 00:08:03.017800 GMT S(7733) No children exited since last check
          1970-01-01 00:08:03.018263 GMT S(7733) Got 1 requests
          1970-01-01 00:08:03.018573 GMT S(7733) Accepting new connection

          I have also allowed udp traffic acceptance: ( no IGMP changes because it seems it’s already enabled )

          # iptables -L INPUT
          Chain INPUT (policy DROP)
          target prot opt source destination
          ACCEPT udp -- anywhere anywhere
          INPUT_VPN all -- anywhere anywhere
          IGMP_INPUT all -- anywhere anywhere
          ACCEPT_RULES all -- anywhere anywhere
          DOS_DETECT all -- anywhere anywhere
          LOCAL all -- anywhere anywhere
          USB_FILTER all -- anywhere anywhere
          REMOTE_FILTER all -- anywhere anywhere
          ACCEPT udp -- anywhere anywhere

          But no way to get udp multicast traffic correctly working ….

          1970-01-01 03:36:07.801750 GMT c(22100) Relaying traffic from socket[2]
          to socket[7], buffer size=[2048], Rmsgs=[1], pauses=[0]
          1970-01-01 03:37:07.802109 GMT c(22100) read_buf: socket time-out on rea
          d1970-01-01 03:37:07.802466 GMT c(22100) read_data - EOF
          1970-01-01 03:37:07.802729 GMT c(22100) Exited relay loop: received=[-1], sent=[0], quit=[0]
          1970-01-01 03:37:07.803661 GMT c(22100) multicast-group [DROP]

          Any suggestion is welcome !!!

          • Ciao!
            Be aware also of the PRE_CNAPT chain in the firewall that may be creating the problems, check the SSH port opening example in the article.

            Ciao!

          • anthonyno says:

            Unfortunately there’s no PRE_CNAPT chain (maybe another name ?)
            My original ‘iptables -L’ command output follows:

            Chain INPUT (policy DROP)
            target prot opt source destination
            INPUT_VPN all -- anywhere anywhere
            IGMP_INPUT all -- anywhere anywhere
            ACCEPT_RULES all -- anywhere anywhere
            DOS_DETECT all -- anywhere anywhere
            LOCAL all -- anywhere anywhere
            USB_FILTER all -- anywhere anywhere
            REMOTE_FILTER all -- anywhere anywhere

            Chain FORWARD (policy DROP)
            target prot opt source destination
            TCPMSS tcp -- anywhere anywhere tcp flags:SYN,RST/S
            YN TCPMSS clamp to PMTU
            HTTP_DETECT all -- anywhere anywhere
            OUTBOUND_FILTER all -- anywhere anywhere
            FWD_SPI all -- anywhere anywhere
            FWD_VPN all -- anywhere anywhere
            FWD_IGMP all -- anywhere anywhere
            NAT_LIMIT all -- anywhere anywhere
            PT_FILTER all -- anywhere anywhere
            ACCEPT_RULES all -- anywhere anywhere
            DOS_DETECT all -- anywhere anywhere
            MINIUPNPD all -- anywhere anywhere
            INBOUND_FILTER all -- anywhere anywhere
            DMZ_FILTER all -- anywhere anywhere
            FIREWALL_DISABLE all -- anywhere anywhere

            Chain OUTPUT (policy ACCEPT)
            target prot opt source destination
            IM_FILTER all -- anywhere UNKNOWN-216-155-193-X.yahoo.com/24

            Chain ACCEPT_RULES (2 references)
            target prot opt source destination
            ACCEPT all -- anywhere anywhere
            ACCEPT all -- anywhere anywhere state RELATED,ESTAB
            LISHED
            ACCEPT all -- anywhere anywhere mark match 0x2511
            ACCEPT all -- anywhere anywhere

            Chain BLOCK_HTTP (0 references)
            target prot opt source destination
            REJECT all -- anywhere anywhere reject-with http-bl
            ock

            Chain DMZ_FILTER (1 references)
            target prot opt source destination

            Chain DOS (1 references)
            target prot opt source destination
            DLOG tcp -- anywhere anywhere limit: avg 3/min burst 1 tcp flags:FIN,SYN,RST,PSH,ACK,URG/FIN,PSH,URG DLOG UNKNOWN level 19 prefix `Xmas Tree Scan'
            DROP tcp -- anywhere anywhere tcp flags:FIN,SYN,RST,PSH,ACK,URG/FIN,PSH,URG
            DLOG tcp -- anywhere anywhere limit: avg 3/min burst 1 tcp flags:FIN,SYN,RST,PSH,ACK,URG/FIN DLOG UNKNOWN level 19 prefix `FIN Scan'
            DROP tcp -- anywhere anywhere tcp flags:FIN,SYN,RST,PSH,ACK,URG/FIN
            DLOG tcp -- anywhere anywhere limit: avg 3/min burst 1 tcp flags:FIN,SYN,RST,PSH,ACK,URG/NONE DLOG UNKNOWN level 19 prefix `NULLScan'
            DROP tcp -- anywhere anywhere tcp flags:FIN,SYN,RST,PSH,ACK,URG/NONE
            DLOG tcp -- anywhere anywhere limit: avg 3/min burst 1 tcp flags:ACK/ACK DLOG UNKNOWN level 19 prefix `ACK Scan'
            DROP tcp -- anywhere anywhere tcp flags:ACK/ACK
            DLOG tcp -- anywhere anywhere limit: avg 3/min burst 1 tcp flags:FIN,SYN,RST,PSH,ACK,URG/RST DLOG UNKNOWN level 19 prefix `RST Scan'
            DROP tcp -- anywhere anywhere tcp flags:FIN,SYN,RST,PSH,ACK,URG/RST
            DLOG tcp -- anywhere anywhere limit: avg 3/min burst 1 tcp flags:FIN,SYN,RST,PSH,ACK,URG/SYN,RST DLOG UNKNOWN level 19 prefix `SYN/RST Scan'
            DROP tcp -- anywhere anywhere tcp flags:FIN,SYN,RST,PSH,ACK,URG/SYN,RST
            DLOG tcp -- anywhere anywhere limit: avg 3/min burst 1 tcp flags:FIN,SYN/FIN,SYN DLOG UNKNOWN level 19 prefix `IMAP Scan'
            DROP tcp -- anywhere anywhere tcp flags:FIN,SYN/FIN,SYN
            DLOG tcp -- anywhere anywhere tcp flags:URG/URG DLOG UNKNOWN level 19 prefix `WinNuke Attack'
            DROP tcp -- anywhere anywhere tcp flags:URG/URG

            Chain DOS_DETECT (2 references)
            target prot opt source destination
            DOS all -- anywhere anywhere

            Chain FIREWALL_DISABLE (1 references)
            target prot opt source destination

            Chain FWD_IGMP (1 references)
            target prot opt source destination
            ACCEPT all -- anywhere base-address.mcast.net/3

            Chain FWD_SPI (1 references)
            target prot opt source destination
            DROP icmp -- anywhere anywhere icmp port-unreachab
            le
            SKIPLOG udp -- anywhere anywhere udp spt:19 dpt:7
            SKIPLOG udp -- anywhere anywhere udp spt:7 dpt:19
            SKIPLOG tcp -- anywhere anywhere tcp spt:19 dpt:7
            SKIPLOG tcp -- anywhere anywhere tcp spt:7 dpt:19

            Chain FWD_VPN (1 references)
            target prot opt source destination

            Chain HTTP (1 references)
            target prot opt source destination
            RETURN all -- anywhere anywhere
            KEY_BLOCK_HTTP all -- anywhere anywhere
            IM_FILTER all -- anywhere anywhere STRING match "gateway.messenger.hotmail.com" ALGO name bm TO 65535 ICASE
            IM_FILTER all -- anywhere anywhere STRING match "YMSG" ALGO name bm TO 65535 ICASE

            Chain HTTP_DETECT (1 references)
            target prot opt source destination
            SKIPLOG tcp -- anywhere anywhere tcp dpt:80
            HTTP tcp -- anywhere anywhere tcp dpt:80

            Chain IGMP_INPUT (1 references)
            target prot opt source destination
            ACCEPT 2 -- anywhere base-address.mcast.net/3

            Chain IM_FILTER (3 references)
            target prot opt source destination

            Chain INBOUND_FILTER (1 references)
            target prot opt source destination

            Chain INPUT_VPN (1 references)
            target prot opt source destination

            Chain KEY_BLOCK_HTTP (1 references)
            target prot opt source destination

            Chain LOCAL (1 references)
            target prot opt source destination
            RESPONSE_PING icmp -- anywhere anywhere
            LOCAL_RIP all -- anywhere anywhere
            LOCAL_TELNET all -- anywhere anywhere
            ACCEPT udp -- anywhere anywhere udp spt:67 dpt:68

            Chain LOCAL_RIP (1 references)
            target prot opt source destination

            Chain LOCAL_TELNET (1 references)
            target prot opt source destination
            ACCEPT tcp -- anywhere www.routerlogin.com tcp dpt:23

            Chain MINIUPNPD (1 references)
            target prot opt source destination
            ACCEPT tcp -- anywhere 192.168.0.101 tcp dpt:6891

            Chain NAT_LIMIT (1 references)
            target prot opt source destination
            NATLIMIT all -- anywhere anywhere lan:192.168.0.1/24

            Chain OUTBOUND_FILTER (1 references)
            target prot opt source destination

            Chain PT_FILTER (1 references)
            target prot opt source destination

            Chain REMOTE_FILTER (1 references)
            target prot opt source destination

            Chain RESPONSE_PING (1 references)
            target prot opt source destination

            Chain SCAN (0 references)
            target prot opt source destination

            Chain USB_FILTER (1 references)
            target prot opt source destination

          • Hello!
            Add a “-t nat” to the command line since that chain is in the “nat” table. So “iptables -L -t nat” to see all and so on.

            Ciao!

          • anthonyno says:

            No udp traffic enabled after

            iptables -A INPUT -p udp -j ACCEPT
            iptables -t nat -F PRE_CNAPT

            :-(

          • Hello,
            I took my time to do a test :) So I put on the DGN2200 netcat in listen mode on UDP port 4444:
            # ./nc -u -l -p 4444

            Then I tried from an outside host to send some stuff to it with (x.y.z.z is my router IP):
            nc -u x.y.z.z 4444

            And of course it wasn’t working. Then I did as suggested on the router command line:

            iptables -A INPUT -p udp -s 0/0 -d 0/0 --dport 4444 -j ACCEPT
            iptables -t nat -I PRE_CNAPT 1 -p udp -s 0/0 -d 0/0 --dport 4444 -j ACCEPT

            So both add in the INPUT chain and also insert in the head (that is important) of the PRE_CNAPT and then the test worked, I could see packets coming in over the UDP port 4444.

            Of course in your case you can change port 4444 to the one(s) you need and it should work. The setup was tested on the standard iptables configuration on the router.

            Hope it helps,

            Ciao,
            Federico

          • anthonyno says:

            Hi Federico,

            I’m pretty sure last iptables commands you gave me correctly allow upd multicast traffic, I tried them without results, so I think igmp traffic is not allowed as I thought.
            I tried also to add the standard command for igmp

            iptables -I INPUT -p igmp -j ACCEPT

            Unfortunately no success…

          • Hello!
            I’m sorry it still doesn’t work. It’s strange now I checked a bit more out the issue and I see that also on the Web interface there is a IGMP proxy setting (actually Disable IGMP Proxying in the Advanced -> WAN Setup) so I suppose the router was already meant to to IGMP proxying. Did you try to play maybe with this option aswell? (for example disable it when you’re trying the other software I compiled for you) Also if you check the process on the router there is a sc_igmp that may interfeer with your tests.

            In case if possible let me know your test case for this IGMP tests (so how do you try to see if it works in practice) so I can try to reproduce eventually on my side.

            ciao!
            F.

          • anthonyno says:

            Real command I gave is
            iptables -I INPUT -p 2 -j ACCEPT
            because igmp is not recognized…

    • Hello anthonyno,
      Here comes igmpproxy, you will find the version 0.1 tarball with the compiled version inside (in src):
      igmproxy-dgn2200.tar.gz

      I just checked that it starts and does something, let me know if it does its job correctly!

      Ciao,
      Federico

  46. hudin says:

    Hi,

    Looks like a great post, i like how you could tweak your routers. I found this post on my search for tweaking my netgear DVG1000 router. Since my internet provider won’t prvide me with the voip credentials, i have to live with this router. Nevertheless i have access to telnet and want to modify the router for my own needs. Since the router has the same broacom cpu model i hoped, i could use your binaries on my router, too (not sure about the uclibc version). But already the the gzip binary outputs an error unresolved symbol ‘__cxa_atexit’. Is it possible to make your binaries working on my router (i am interested in openVPN and tcpdump)? Is there any way i could go around cross compiling it for myself (never worked with cross-compiling, try to avoid it since i am not a pro)?

    Cheers and hope you can help me somehow

    • Hello!
      I gave a look at the DVG1000 and it’s quite simillar to the DGN2200 but probably given the error there is a slightly different toolchain/library used in it. I checked out on Netgear Open Source Code page and indeed find different versions for your router.
      First of all which one is your specific router? I can eventually try to get one of them and prepare a bunch of interesting packets also for all other DVG1000 routers in case when I have a bit of time if you can then test them :)
      Otherwise we could give a try to use statically linked binaries that may probably work aswell: i just compiled a static version of gzip here (gzip.static) try to see if that seem to work on your system. Of course using all static version would prove quite more space consuming if we have many tools to crosscompile.

      Let me know!

      Ciao,
      F.

      • hudin says:

        Hi
        I appreciate your effort in helping me. My router is the DVG1000-1WGSWS, the firmware version on my router is V1.1.00.13. I found this here which one might use as toolchain but i couldn’t set it up working yet.
        Else if you could prepare some packets i would gladly test them. i will also try to check the static gzip packet whem i’m back at home.
        Cheers

        • hudin says:

          Thanks for the static version of gzip. This version works no on the router. I downloaded the openVPN and the tcpdump to check. Interestingly, the openVPN packet seems to work (just checked if it starts, haven’t tried to connect to the router yet), but the tcpdump has the same problem as with the gzip before unresolved symbol ‘__cxa_atexit’

          • Great the static version is working. I’ll prepare also a static version of tcpdump later on then and post it here.
            As for OpenVPN: in the package I also had to include the tun.ko kernel module for it to work properly. If the tun device is not already compiled in the kernel then it may be needed to add it. In case give it a try (check also that you have to create the /dev/tun device as in the instructions in the article)

            Ciao!

          • Hello!
            Here comes tcpdump statically linked: tcpdump-dgn2200-bin-static.tar.gz

            Ciao!

          • hudin says:

            Hi,

            thanks a lot. The static version is working for the DVG1000. (Note that the link in your reply is pointing to the non static version, you might change this later). Hope this will also help other people working with this router.

            Cheers!

          • Thanks for the correction, it was because of copy&paste :) Fixed now!

            Glad it works, keep up the customization of the router ;)

            Ciao!

  47. Gianluca says:

    Hi Federico,
    do you know how can I disconnect a connected device?
    wl have a hudge list of commands and I can’t figure it out :P

  48. Neil says:

    I’ve put together a small page describing how I implemented traffic shaping (TCP/ACK prioritisation etc.), network optimisations and basic SNMP monitoring on a Netgear DGND4000 router with additional custom iptables kernel modules (xt_CLASSIFY.ko, xt_hashlimit.ko and xt_length.ko).

    http://nmacleod.com/public/netgear_bin/notes/index.html

    Hope someone finds it useful.

  49. Alessandro says:

    Hi Federico!

    Is it possible to implement the 2200M functionality (3g dongle support) on V3?
    It should be quite easy since that both firmware are opensource….

    • Hello Alessandro!
      Yes it should be possibile. You’d need to add eventually the drivers for the specific dongle (here depends all on the model you use) and then tweak just a bit the scripts to bring up the connection (just ppp) and firewall. Definitely possibile I’d say, but depends on the dongle (and having it available to test under your hands) and a bit of scripting to tweak.

      Ciao,

  50. Steve says:

    Hi Federico,
    First – thanks for all the work you’ve done on this modem. REALLY useful. Now the second – further back in the article, you mentioned that you may be compiling a mail utility that would work in SSL. Any progress with this? The reason I ask is that I’ve been using the mail forwarding of logs to my PC, but my ISP has just changed their SMTP server – and now require SSL/TLS encryption for the login process – so now I can’t get any emails out from the modem.

    • Hello Steve!
      Sorry for the delay but I’m in a busy period (relocating and so on).

      Here come msmtps 1.4.30 (http://msmtp.sourceforge.net/) I compiled some time ago but forgot to pack. Download the pack here: msmtp-1.4.30-dgn2200.tar.gz. Inside there are also some libraries that are needed, so either put them in /usr/lib or force the library path from command line, for example:

      LD_LIBRARY_PATH=. ./msmtp –help

      Will work if you have everything in the same directory. I tested it with gmail so it should work hopefully for you too:)

      Ciao!
      F.

      • Steve says:

        No problems – thanks for taking the time. I’ll load it up, and let you know how it goes. I’ve been using syslog to capture the log output – but it only works if the computer is on – so it’ll be nice to capture the output from when the computer is off too.
        Cheers,
        Steve

Leave a Reply

Your email address will not be published. Required fields are marked *


*

You may use these HTML tags and attributes: <a href="" title=""> <abbr title=""> <acronym title=""> <b> <blockquote cite=""> <cite> <code> <del datetime=""> <em> <i> <q cite=""> <strike> <strong>