The Netgear DGN2200v3 is a nice low cost Wireless (802.11b/g/n) ADSL2+ router that can be quite easily found. It is a nice piece of hardware and features some interesting features, such an USB host port to connect and share a USB storage device, and expecially is easily customizable for users interested in having a powerfull generic device running a Linux embedded operating system.
Note: this is a heavily “Work in Progress” page so please check it out here and there if you are interested in the topic! (last update 15th November 2013)
First of all you can find the source tree for the router at Netgear site starting from their GPL Open Source Code for Programmers page. The package also contains a suitable toolchain uclibc-crosstools-gcc-4.4.2-1. Everything described in this page refeers to the “official” firmware V1.1.00.10_1.00.10 . It may also apply to future updates and to the beta version that Netgear started to distribute but it may require slight modifications.
The next step to access to your router internals is to enable the telnet shell using the debug backdoor present in the firmware. It is easily done by accessing (we suppose 10.0.1.69 is your router IP address) the URL: http://10.0.1.69/setup.cgi?todo=debug This will enable telnet connections from your local network. Just login with your administrator credentials.
Once you entered you can analyze the running system, briefly:
# cat /proc/version Linux version 2.6.30 (root@BuildServer) (gcc version 4.4.2 (Buildroot 2010.02-git) ) #1 Fri Nov 4 13:30:23 CST 2011 # cat /proc/cpuinfo system type : 963281TAN processor : 0 cpu model : Broadcom4350 V7.5 BogoMIPS : 319.48 wait instruction : yes microsecond timers : yes tlb_entries : 32 extra interrupt vector : no hardware watchpoint : no ASEs implemented : shadow register sets : 1 core : 0 VCED exceptions : not available VCEI exceptions : not available unaligned exceptions : 10 # free total used free shared buffers Mem: 60004 49576 10428 0 3856 Swap: 0 0 0 Total: 60004 49576 10428 # df Filesystem 1024-blocks Used Available Use% Mounted on mtd:rootfs 27648 17096 10552 62% / mtd:factory 256 52 204 20% /config/factory mtd:scnvram 1024 80 944 8% /config/nvram mtd:language 1024 468 556 46% /config/language mtd:xxx 768 68 700 9% /config/xxx
There are especially a few tools that you may find useful for tweaking the router.
- One is wl and permits you to tweak wireless card parameters. One purely visual thing, but I found it annoying to be missing, is to make the wireless led blink when there is some wireless activity (by default it’s just always on). This can be achieved by using the command “wl ledbh 3 7“. A command “wl ledbh 3 14” will keep the led always off and blink just when there is traffic. Try to change the second value between 0 and 15 for various effects. Another more interesting usage for this tool is to change the transmission power to achieve slightly better coverage results. To see the current settings you can use “wl -a wl0 txpwr“. To set a value you can use the “wl -a wl0 txpwr 80” for example to set it to 80mW which is practically the maximum value (by specs at least). Use the –help for a (huge) detailed list of options!
- Another very interesting tool is adslctl. This tool can be used to tweak all the ADSL parameters such as the SNR limits (start –snr) and get additional informations from your link (info –show). Use the –help for a detailed list of options!
Once you are happy with some modifications of course it would be nice to make them stable. If you noticed the mount output the root device is in read-only mode but no fear, just remount it to read-write: mount -n -o remount,rw /
Another important thing to notice is that the /etc/ is not really on flash but it is just a link to a directory that is in /tmp temporary filesystem and that gets re-populated at every boot from the template in /usr/etc. Therefore if you want to make your modifications permanent to the startup scripts you have to work on /usr/etc. For example, considering also that there is no default editor on the system, if you would like to make the led blinking permanent you could execute something like this:
mount -n -o remount,rw / cd /usr/etc echo "/etc/rc.makkapakka &" >> rcS echo "#!/bin/sh" >> /usr/etc/rc.makkapakka echo "/bin/sleep 20" >> /usr/etc/rc.makkapakka echo "/usr/bin/wl ledbh 3 7" >> /usr/etc/rc.makkapakka chmod a+x /usr/etc/rc.makkapakka
This will append a line to the standard rcS file to execute another custom script (rc.makkapakka) which contains the three lines written with the echo redirected to rc.makkapakka. The last line will make sure the script is executable. You’ll notice that there is a sleep of 20 seconds in the script: this is done since during startup also other processes are running and the wireless module gets reinitialized elsewhere. Of course it’s not the most elegant solution since it’s a hard-coded timing, but it works in practice and should be enough for the example (if you want ADSL parameters to be kept you better make the sleep slightly longer since that part takes more time to be initialized at first).
Of course editing files with just the shell tools (such as echo but also cat,head,tail and grep) is not the most confortable thing in the world. Of course you can pre-edit the files on your PC and then upload them either via FTP or put them via the USB storage available. Otherwise check at the bottom of this page for some pre-crosscompiled packages, there is also the GNU nano editor.
About the firewalling rules:
The DGN2200 has a pretty elaborated firewalling rule set. It is quite elaborate also to permit quite “easy” tear down and reload of rules when they are changed by the user on the web interface. There are some nonstandard modules/rulesets used that make the investigation even furtherly complicated. You can have a look for yourself and work out a bit the logic behind the networking system by using:
iptables -L iptables -L -t nat
Something that most probably any of you playing with the DGN2200v3 firmware would want to do is to open a port locally so you can install some service running on the device (for example dropbear or OpenVPN listed below with their binary packages). This sadly cannot be performed via the web interface. The interface will actually permit you to set a “port forwarding” to the IP of the router itself but that will not work for how the rules are then expanded to iptables.
If you would like to open a local port to a running service nevertheless the best, and less invasive, way to do it in my opinion is using the following two rules (that are supposing you’d like to open TCP port 3636):
iptables -A INPUT -p tcp -s 0/0 -d 0/0 --dport 3636 -j ACCEPT iptables -t nat -I PRE_CNAPT 1 -p tcp -s 0/0 -d 0/0 --dport 3636 -j ACCEPT
The first line is quite obvious and will actually permit the input packets to be accepted. The second one is inserted to prevent the CNAP prerouting rule to drop the packets for that specific port.
Now you can put your favorite TCP service on the 3636 port and have it rechable from the WAN side.
Here are some pre-crosscompiled packages for those that don’t want to mess with the crosscompilation process. I tried to make them as easy to use as possible (so you’ll usually find statically linked versions for example if they depend on other libraries) and install:
- GNU tar and GNU gzip for decompressing the other archives offered later in this page. This two tools are offered uncompressed so you can just download them from your router using the build in busybox based wget tool and then proceed to further installation of other packages without needing a decompressor on your PC or so. (thanks to Stuart for this deployment idea!). The tar will search for gzip in the path so make sure you first add the directory where you downloaded gzip to the path (ie. something like export PATH=$PATH:/path/to/gzip/directory). For some packages a warning that the UID/GID of the original package files cannot be restored will appear: don’t worry too much it’s normal since my UID/GID of my developement system are not present on the router. To unpack the packages listed below just use “tar xfz packagename.tar.gz” (again put also tar into the path or use ./ to execute it from the current working directory). Make sure you set both files as executable (chmod a+x tar gzip) aswell. Download tar and gzip here!
- GNU nano text editor version 2.2.6. This version is statically linked (since it uses the the ncurses 5.9 library). It is important to know that the ncurses library needs the terminal information (terminfo) to start. So in the package you will find also a “vt102” file (the default terminal defined on the DGN2200 at login) that has to be placed in the /opt/toolchains/uclibc-crosstools-gcc-4.4.2-1/share/terminfo/v/ directory. If you need other terminal definitions for some reason you can find them in the ncurses package (or on mostly any Linux desktop installation). The nano executable can be placed where you wish. Download nano-dgn2200-bin.tar.gz here!
- Strace system trace analyzer version 4.7. What else do you need when something doesn’t work and you have to understand what? Here it is, download strace-dgn2200-bin.tar.gz
- Dropbear embedded ssh package version 2012.55. The package should include all you potentially need, so client, server and key management tool. Remember eventually to pass using the “-d” and “-r” options the path to the keys where you generated them (the defaults are in /etc/dropbear and are therefore quite volatile). Download dropbear-dgn2200-bin.tar.gz.
Make sure you first generate the keys and then specify the path to the keys to the executable, otherwise the defaults are in /etc and they are missing there.
To create the keys do for example both:
./dropbearkey -t rsa -f /tmp/dropbear_rsa_host_key
./dropbearkey -t dss -f /tmp/dropbear_dss_host_key
this will generate the two keys in /tmp (eventually of course you can put them in /opt or other fixed storage).
Then start dropbear pointing to the keys with:
./dropbear -d /tmp/dropbear_dss_host_key -r /tmp/dropbear_rsa_host_key
Be also aware that by default dropbear accepts only users with a shell listed in the /etc/shells file so if you have troubles connecting with a specific user make sure that the used shell is listed in this file.
Another warning: by default the admin user doesn’t have a home directory assigned and therefore the dropbear connection may just hang after autentication. Change it’s home directory in the /etc/passwd file (in /usr to make it non-volatile) to / as root (insert a “/” before the last colon of the line)
- OpenVPN 2.2.2 package for creating VPN. To be able to use VPN in some configurations the kernel needs the TUN device support. In the download package you will find the precompiled module tun.ko that you have to load before using the openvpn package (insmod tun.ko). Also remember that you have to create the appropriate /dev/net/tun (char dev, major 10, minopr 200) device. The openvpn has been compiled with the following defines:
ENABLE_CLIENT_SERVER ENABLE_DEBUG ENABLE_EUREPHIA ENABLE_FRAGMENT ENABLE_HTTP_PROXY ENABLE_MANAGEMENT ENABLE_MULTIHOME ENABLE_PORT_SHARE ENABLE_SOCKS USE_CRYPTO USE_LIBDL USE_LZO USE_SSL. Please be aware that apart from configuring properly the openvpn configuration files you need to tweak the iptables (system firewall) settings on the router to achieve some useful/interesting results. More about iptables chains on the DGN2200 for OpenVPN later on since it’s not a short story. For now as a hint: make sure you permit the traffic (LOCAL/INBOUND_FILTER_1) for the tap0 device that OpenVPN uses first of all and then forward the private networks behind the tunnel. Download openvpn-dgn2200-bin.tar.gz.
- curl 7.28.1package for advanced file transfers, query generation, various protocols operation and much much more. The default filesystem contains the busybox version of wget which is quite limited (as it should be given it’s a very compact version!). With this package you can manage much much more. The package is compiled with these features:
# ./curl -V curl 7.28.1 (mips-unknown-linux-gnu) libcurl/7.28.1 OpenSSL/1.0.1c Protocols: dict file ftp ftps gopher http https imap imaps pop3 pop3s rtsp smtp smtps telnet tftp Features: Largefile NTLM NTLM_WB SSL TLS-SRP
- netcat version 1.10 the TCP/IP Swiss army knife. Very useful tool to debug networking troubles and services. Download netcat-dgn2200-bin.tar.gz
- coreutils version 8.19. This package contains most of the coreutils that are not present as busybox applets in the router and can be very often of use. Some examples are stty for terminal settings management, seq to create sequences at command line, nohup to start processes without a terminal (for nightly uploads and downloads). Here is a list:
base64 comm factor mkfifo paste sort tac uniq basename csplit fmt mktemp pr split tee uptime chgrp dirname fold nice printenv stat timeout whoami chown du getlimits nl seq stdbuf truncate chroot env id nohup shred stty tsort cksum expand join od shuf sum unexpand
And here is the download coreutils-dgn2200-bin.tar.gz.
- p910nd version 0.93 printer daemon to transform your DGN2200N also in a printer server for your network using an USB printer. I just modified the lockfile to be created at /var/lock instead of /var/lock/subsys to be more compatible with the default router filesystem tree. Download p910nd-dgn2200-bin.tar.gz
- tcpdump version 4.2.1 based on libpcap 1.2.1, the very powerful packet inspector for all your network debugging (and sniffing ) needs. Download tcpdump-dgn2200-bin.tar.gz.
- rtorrent version 0.9.3 text-based torrent client. Compiled with libtorrent 0.13.3, libsigc++-2.3.1 and curl-7.29.0. Tried and tested to work well, be aware that you may need to play first a bit with iptables for incoming connections (see above in the iptables section how to open a port for local use) to achieve full speed transfers. Be also aware that when you use it over telnet some character sequences may be “eaten up” by the terminal emulator and telnet itself. Check the notes in the Rtorrent User Guide where it explains how to skip the mappings with stty (you can find stty tool crosscompiled for the DGN2200v3 in the coreutils package above). Download rtorrent-0.9.3–dgn2200-bin.tar.gz.
- GNU screen version 4.0.3. Screen/terminal window manager to give you the possibility to use multiple shells/applications at the same time on a single telnet login and especially leave them working unattended after a logout (useful for example for rtorrent posted above or your favourite IRC session!) and resume them later on when you reconnect. The package contains also two termcap definitions (vt100 and vt102) to make the default terminals work (put them into /opt/toolchains/uclibc-crosstools-gcc-4.4.2-1/share/terminfo/v/ since ncurses was compiled to watch for them there). Download screen-4.0.3-dgn2200-bin.tar.gz.
- CIFS filesystem kernel module, so you can mount CIFS/Samba network filesystems on your DGN2200v3. First insert the module (insmod cifs.ko) and then mount the share with something like:
mount -t cifs //10.36.36.42/test /mnt/shares/U/cifstest/ -o username=guest
mount -t cifs //10.36.36.42/test /mnt/shares/U/cifstest/ -o username=user,password=secret
- rsync 3.0.9 for incremental file/repository transfers. Download it here: rsync-dgn2200-bin.tar.gz
- lua-5.2.2 interpreter and compiler (and liblua.a) to be able to program on your router with this lightweight and very powerfull language. Download it here: lua-5.2.2-dgn2200-bin.tar.gz
- cpuminer 2.3.2: get rich mining bitcoins on your router at a stunning 0.06khash/s rate Download it here: cpuminer-2.3.2-dgn2200-bin.tar.gz
USB Serial package and connecting Arduino boards
One of the interesting things I wanted to do with my router was also to have the possibility to pilot and monitor some external hardware (using digital I/O and high power relays), do some identification using I-Button devices and in another case be able to do some simple room monitoring (temperatures and so on). Being this things done with some easy to find low cost Arduino based prototype boards a very interesting step for my DGN2200v3 modding was to include the support for the USB serial converter used by this boards to be able to have an easy and cheap way of interaction (of course I could also use a ethernet/wireless shield for the Arduino board, but that would make the board prototypes more expensive and complicated).
So here it comes the precompiled package with all the serial drivers needed: download usbserialftdio-dgn2200-bin.tar.gz. The package includes the generic usbserial module, the specific ftdio_sio module and I also included the stty terminal management tool (from the GNU coreutils 8.19 package) to make it easy to work with the serial port even from the command prompt or using shell scripts.
Once the modules are loaded:
insmod usbserial.ko insmod ftdi_sio.ko
When the device is attached you should see it detected by looking at the kernel messages, something like:
ftdi_sio 2-1:1.0: FTDI USB Serial Device converter detected usb 2-1: Detected FT232RL usb 2-1: FTDI USB Serial Device converter now attached to ttyUSB0 usbcore: registered new interface driver ftdi_sio ftdi_sio: v1.4.3:USB FTDI Serial Converters Driver
Now the device can be used via the device ttyUSB0 (the device may diffeer depending on what else you have attached to the USB hub). Make sure you create a device to be able to access it since by default is not present:
mknod /dev/ttyUSB0 c 188 0
And then you can access it through /dev/ttyUSB0 device. You can use the stty tool in the package to configure the serial communication parameters, for example to set the baudrate to 9600 which is quite classic in Arudino IDE example files you may play with:
stty -F/dev/ttyUSB0 9600
And then you can even use command line tools such as cat to read or echo to write to the serial from a shell script or command prompt. And now you can expand your DGN2200v3 router to make the connected Arduino board interact with additional electronics and so on with a cheap but very reailable setup .
Of course: needless to say that you can use this usbserial+ftdi_sio package also to connect just a standard USB-232 converter to your router if that is usefull to you!