TechInfoDepot:DD-WRT/Miscellaneous Scripts

Backup settings and restore them
Backup settings and restore them

Clear ttraff (WAN bandwidth graph) nvram data
The ttraff daemon can fill up a couple hundred bytes of nvram space every month. This may not seem like much but nvram is only ~32KB total and is full of lots of other data. Disabling ttraff and clearing it's old nvram data is sometimes needed for devices with complex configurations, or to keep the router stable. This script will clear all of ttraff's traffic data from nvram whereas using the ttraff GUI button to delete it still leaves the current month's variable.

Compress the Firewall Script (to reduce nvram usage)
If you have a large firewall script you can use this script to compress it with gzip to use less nvram space. See this thread for full usage info.

Web Server Wake-up

 * Wakes up your web server when the router receives a request from the internet. Credits from here.

Please note: syslogd needs to be on, logging enabled, with log level set high, and "accepted" on. Following the example script, replace target and MAC values with those of your LAN web server's network information and for "$WOL -i xxx.xxx.xxx.255", replace xxx.xxx.xxx.255 with your LAN network broadcast address.

Auto Random MAC Address

 * This script will change your eth1 MAC address to a random address, then it will apply it to the system and restart the interfaces.

You may wish to also download curl (see ipkg), and use it to restart your modem, as some MAC changes may not reflect until your modem "sees" a new address, and they typically only do this when starting up.

Note: curl is sometimes problematic to install. You should use ipkg -force-depends

An example, to restart a Motorola Surfboard SB4100 cable model is:

To restart a Motorola SB5101:

I added the following lines to the end of the above to restart a Motorola SB5120 (no curl required!!) and reboot. Running this script in cron, and my ISP won't automatically recover without the following:

Don't know the reason but Motorola SB5101 only re-started with the two following lines:

Wireless Network Scanner (awk -f scanner)
Wireless Network Scanner (awk -f scanner)

Wireless Network Scanner (working on DD-WRT v24)
I took the above script and tweaked it to work in DD-WRT v24 firmware, with the "wl" command.

To run just copy and paste in a console (telnet or ssh) or save as a "scanner.sh" and run as ./scanner.

Name-based WOL (wake.sh)
Usage:  (default hostname is desktop)
 * Enables you to power on a LAN computer by name instead of IP address/MAC, based on DHCP lease table (mandatory).

Automatic Connection Repair (always_on.sh)

 * Pings your default gateway every time and force a DHCP renew if no packets are received. Usage: /path/to/always_on.sh &


 * The following version will work even on resource-starved Linksys WRT54G v8, which lacks most programs needed by the script above. To use it, just add this code to DD-WRT's startup script using the web interface.

Modifying $PATH at Startup
This will add whatever paths you want for $PATH and $LD_LIBRARY_PATH before the default system path. Change the paths to whatever you like. Have a good reason for doing this, it should be considered a hack until the feature is implemented permanently.

If you're adding /mmc/lib before the system library, in some circumstances you'll also need to do this on startup (after ensuring that the ldconfig on /mmc is up to date and happy):

Note: Only do this if you're receiving segmentation faults or your applications are failing to run, and even then only if you feel that this hack is imperative. Also note that if you're attempting this with Optware, the files are ld-opt.so.conf and ld-opt.so.cache

Another alternative to the above mentioned way of altering things is to simply copy /etc/profile to /jffs/etc, change PATH and LD_LIBRARY_PATH and bind the profile to the original location.

Afterward put the line below inside a startup script

Make sure you're familiar with what you're doing before attempting this, if you end up seeing a lot of segmentation faults when running things like ls, cat, cp, etc, than you'll want to either adjust the above commands, or else put those things into a script and run them manually when you enter your shell.

Modifying $PATH Manually (path.sh)

 * Enables adjustment of paths on a per-use basis (i.e. when you're running a terminal and need the new paths, run this script.).

Alternatively, if you want to give priority to you're personally installed applications (i.e. you've installed a more robust version of grep, and want to use it by default), add the new paths before $PATH and $LD_LIBRARY_PATH, as shown below.

View Logfile in Browser without Local Syslogd (log.sh)
View Logfile in Browser without Local Syslogd

Speak Your Signal Strength
I use my WRT in client mode to connect to an access point, but I don't have a particularly good signal quality and I often need to re adjust the position of the WRT and its antenna. Unfortunately my computer is not in sight of the WRT and I had to keep going backwards and forwards from my computer to the WRT making adjustments then checking the signal strength on the screen of my computer. This can take ages to to set up properly, so I decided to get my computer to use the "festival" speech synthesis program to tell me what the current signal level is.

This works by using the same process as the 'Status-->Wireless' page i.e. it gets a chunk of data by wget'ing the Status_Wireless.live.asp page from the WRT then running awk to get the relevant chunk of data (the signal strength) and then piping that into the festival speech engine.

Now I just run this script and turn up the volume on my computer when I need to move the antenna.

Small Security Script (Firewall)
Attention, you might have to change eth1 to the actual WAN (external) interface.

Installation is pretty simple:


 * 1) Log on to your WRT
 * 2) type
 * 3) type  (or any other name) and enter the script
 * 4) Connect to your WRT via web browser, page Administration:Commands
 * 5) Enter the script name (sec.sh) into the command field
 * 6) Click on "Save Startup"
 * 7) Reboot router

As a simple test try to ping your router. You should get no response otherwise you have to find the error.

Secure remote management for a WAP
Regards to the help of phusi0n dd-wrt guru and of HP from ubuntu-fr

This requires a recent >12533 to prevent milw0rm and to have the Disable "Allow any remote IP" feature. Also requires you have set the necessary port forwards in the gataways(s) on the path. This allows the lowest (first) IP address set in the "Allow any remote IP" feature to connect to the https and ssh servers in the WAP (you just need the password and/or the private key) ;) . In addition, all LAN ip are allowed to do the same. Althought the "Allow any remote IP" feature doesn't work at this time when the router is set as a WAP (LAN-LAN link to the gateway, so no routing and WAN disabled, dhcp off and other stuff), this convenient script will use the first "remote_ip" you set in the GUI (wether the feature is enabled or not, as long as you stored at least one IP) and will follow the changes you could do to its static lan ip/netmask and ssh server port. Now you have full benefit of the GUI from a remote static IP and can leave the forwards enabled on the path.

--Bib 14:03, 17 May 2010 (CEST)

Block URLs with an Automatically Downloaded Host File
This was originally taken from mraneri from the Linksys forum, but was heavily modified. This script automatically downloads a host file from: "http://www.mvps.org/winhelp2002/hosts.txt" and redirects all the URLs in that file to 127.0.0.1. All those URLs are common malware or advertisement sites so is better to block them. You can also download the file, modify it with new URLs that you want to block or delete the ones you don't want to block and then upload to a web site and change the URL in the code to your custom one. Be aware that the more URLs in the file the more RAM that you will be eating from your router. Check the file size and your free memory to see if it will suit you. If not just erase some URLs... If you want to block all URLs since the router boots then just placed in the startup scripts.

Directory Listing for DD-WRT Micro
Since the Micro version of DD-WRT doesn't provide a ls command, here is a very simple script to list directory contents

See the Telnet/SSH and the Command_Line Talk page for other variants.

Global Management of Blacklists
If you have a lot of DD-WRT routers, then denying of access for abusing users through the web interface of each router can be time consuming. Here is a small firewall script to automatically download MAC-addresses of computers that should be denied access. The format of the file is Unix textfile one MAC address per line. The script assumes that you have a jffs partition. You can run it at startup by saving it as /jffs/etc/config/wifi_bl.wanup

White Listing
If you want to create a white list to block access by default but allow certain traffic through, then you can use this script to do it. Remove any junk comment lines beginning with # to save nvram space. Discuss here.

Change WLAN Channel on Command Line
If you have trouble with the web interface you might find this small script useful. It just changes the WLAN channel from the command line. The basic idea is from here.

Single button multifunction script
by discofreakboot

Asus RT-N16 WPS button
http://www.dd-wrt.com/phpBB2/viewtopic.php?p=679436#679436

Storing arbitrary scripts in nvram (nvram_files)
by nathan1

I have a memory limited WNDR3300 that I wanted to use OpenVPN with filesystem configuration (not via the GUI). Due to lacking jffs space (320k) with the openvpn build I decided to write something to basically serialize arbitrary files to nvram and then load them back on boot.

This has been useful for any files/scripts on systems where I don't have a usable jffs but still have a need for some normal files that persist.

You can paste this as-is into Administration->Commands->Save Startup. At next boot, it will deploy itself with a few commands available under /tmp/nvram_scripts/. Any file saved under /tmp/nvram_scripts/ will be tar'd up and stored in nvram variable nvram_files, assuming there is enough space in nvram. The script attempts to ensure there is at least 1000 bytes left in nvram ($minfree) or will refuse to commit.

After creating configuration or scripts in /tmp/nvram_files, the commit script can be used to save it to persist to next boot. load is useful for debugging but unlikely to be of any use to most people. load/commit scripts will be overwritten each boot, you cannot modify these in-place like other files. There is also a boot script that will be executed after everything is restored. Another nice side effect of this method is that everything is nicely backed up with a normal dd-wrt backup unlike jffs.

For my use, I have /tmp/nvram_files/openvpn/ and it contains a configuration file and a secret key. I then have /tmp/nvram_files/boot launch openvpn as a daemon and I am good to go.

The installation/startup script could probably be more compact but I wanted to keep it relatively readable for auditing purposes.

This is intended for small files/scripts, there isn't much nvram space available. Hopefully this is useful to someone else.

Simple example:
 * 1. (Paste script per below, reboot)


 * 2. reboot

PS: While writing this, I found phuzi0n's post for compressing firewall rules. This is very similar to his work but intended for generic files.

Paste this into Administration->Commands->Save Startup and reboot. Login and you can start tweaking /tmp/nvram_files/, make sure you don't forget to commit Smile

Code:

Email Bandwidth Usage Daily

 * Tc23emp