Asuswrt-Merlin - custom build of the Asus RT-N66U firmware

[jesseasi]

Steer me in the right direction?

My head is spinning with all the different firmwares out there. The Merlin custom build seems to be one of the more stable choices from what I have read.

Here is my question.

The main feature I need is a firewall white list for FTP access to my network.

I run a FTP server as to store company backups. Unfortunately robots out there seem to always want to hack into my ftp. I would like to find a way to put a firewall on my router that only allows white listed known IP to access my ftp server inside my network.

Would a build like this have a feature like that?

(I had an old D-Link router way back that had this feature - I miss it!)

 

[RMerlin]

My head is spinning with all the different firmwares out there. The Merlin custom build seems to be one of the more stable choices from what I have read.

Here is my question.

The main feature I need is a firewall white list for FTP access to my network.

I run a FTP server as to store company backups. Unfortunately robots out there seem to always want to hack into my ftp. I would like to find a way to put a firewall on my router that only allows white listed known IP to access my ftp server inside my network.

Would a build like this have a feature like that?

(I had an old D-Link router way back that had this feature - I miss it!)

Not available through the webui, but you could do it manually by creating your own iptable rules to filter out access, and applying them in the firewall-start script.

 

[DaveMishSr]

Merlin's latest version RM13 or 3.0.0.3.162.13 has proven the best for me. I've tried Toastman's and Shibby's latest 64k NVRAM-enabled versions of tomato and Asus' stock 3.0.0.3.162 in addition to AsusWRT-merlin. The winner for me is AsusWRT-merlin as it offers the best balance of performance and configuration customization. Those who need the added features of Tomato seem to prefer Toastman's version which gave me better performance than Shibby's but both were inferior to Merlin's work, at least for me.

 

[RMerlin]

New sysinfo page in next release is gonna be a great addition, will it have wireless connected clientes status, rssi, noise, those kind of things?

I ended up putting client count on the Sysinfo page, and enhancing Asus's client list on the Wireless Log page - it will now also report IP and hostname of connected clients.

Any luck so far with the missing MiniDLNA dependencies?

 

[Gingernut]

I'm on vacation and away from home so I haven't had another look, just following your git updates and the great additions your making.
I wouldn't get thar far anyway debugging the build errors as I don't that much. One thing I did try was reverting your minidnla update commit and a recompile but got back the same error at the exact same place, maybe I didn't do a make clean, I don't remember.

I'm not really that bothered it was just to see what the new changes you' ve made were like.

Did you reclone your git and try?

 

[mossman]

Help required about DDNS (or is it a bug?)

I have been experimenting with DDNS - now that I have enabled the DDNS client, it doesn't seem to disable. On WAN DDNS, I can change the "Enable the DDNS Client" option to no, apply settings, even reboot, but although the DDNS page implies that it is now disabled, I can still access the router via xxxxxx.asuscomm.com

I really want to disable this, or even remove the settings even if xxxxxx.asuscomm.com gets de-registered at ASUS, the router simply does not respond or have the service running (as surely this is a potential security risk).

Running 162.13

 

[RMerlin]

I'm on vacation and away from home so I haven't had another look, just following your git updates and the great additions your making.
I wouldn't get thar far anyway debugging the build errors as I don't that much. One thing I did try was reverting your minidnla update commit and a recompile but got back the same error at the exact same place, maybe I didn't do a make clean, I don't remember.

I'm not really that bothered it was just to see what the new changes you' ve made were like.

Did you reclone your git and try?

I did that day you posted about the problem. It compiled fine for me.

 

[RMerlin]

I have been experimenting with DDNS - now that I have enabled the DDNS client, it doesn't seem to disable. On WAN DDNS, I can change the "Enable the DDNS Client" option to no, apply settings, even reboot, but although the DDNS page implies that it is now disabled, I can still access the router via xxxxxx.asuscomm.com

I really want to disable this, or even remove the settings even if xxxxxx.asuscomm.com gets de-registered at ASUS, the router simply does not respond or have the service running (as surely this is a potential security risk).

Running 162.13

The DDNS client is merely an updater that sends your IP to Asus's servers whenever it changes. Disabling it won't make your entry disappear from DNS servers, it simply means DNS servers won't be notified of your new IP when that IP changes. In your case just force an IP change on your WAN interface, and the DDNS entry will no longer point to you.

There is no security issue related to having a DDNS entry. In fact, any IP provided by your ISP also has a reverse DNS entry within your ISP's domain. It's just a name linked to the IP, nothing more.

 

[mossman]

OK, thanks for that.

 

[ja333]

rt-ac66u

Merlin, great job on the firmware for the n66u. Are you planning to do a version for the ac66u as you did for the n16?

 

[RMerlin]

Merlin, great job on the firmware for the n66u. Are you planning to do a version for the ac66u as you did for the n16?

I'd need an AC66U for that. Not going to blindly fiddle without having actual hardware anymore.

 

[ja333]

OK, I understand. Thanks for the quick reply.

 

[uncle.f]

Apologies if this has been already addressed before but I could not find it.

Is there any web interface option or command line possibility to disable access to the web management interface from WiFi network? I would like to be able to only access it over a wired connection.

I suppose, in the end it all boils down to an iptables rule. Could somebody suggest what I need to do and how to make it permanent.

 

[RMerlin]

OP updated with release 3.0.0.3.162.14.

Vacations are (almost) over here, so I'm releasing this before I get swallowed back by work. This version features a few additions: sd-idle daemon which will take care of spinning down your disks after a user-configurable timeout. Handy if you use your plugged HDD only once per day for backups, and don't want the disk to be spinning the 23 other hours of the day it's not being used.

There was also a lot of work done around exposing better system information through the webui. In addition to the Wireless Log page now reporting IPs and hostnames of corrected wireless clients, there is also a whole new Sysinfo page under the Tools menu that will give you a peek at your router's vitals: CPU load, free NVRAM space, radio temperatures, etc...

 

[cowst]

you must be kidding, i flashed the previous one just yesterday
nevermind, already flashed this one as well

question: i see from sysinfo that 5ghz has no devices connected. i would expect my laptop to use it, but there is almost no traffic right now. is 5ghz kicking in only when bandwidth would ask for it?

 

[MySeLf]

Hi, I just registered to say thank you for your efforts.

Besides I want to give some feedback:

I have a 2x30 Mbits Cable Modems from the same ISP that I load balance.

I was using WL-500GP with dualwan and it was working OK, but the DL speed was only arround 4.x MB/s (against ~7 MB/s when routing with the PC) and the CPU was allways at 100% when torrenting.

So I bought the RT-N66U hoping that it would give me better transfer speeds (given the better hardware).

As fas as I Know dualwan still does not support RT-N66U (and probably won't) and after some googling I flashed your firmware hoping that the experimental dualwan would work.

I've been trying to fiddle with it in the last few days without success. I can't see in the GUI if the 2nd WAN (LAN 1 port) has been given an IP and speedtest (torrenting) don't show any speed increase over 1x30Mbits.

Did someone already try that feature with 2 x CB?

I am available for testing / feedback with this specific feature and I hope that this will eventually work as I see great potential in this Model for load balancing.

Thanks in advance,
MySeLf

 

[RMerlin]

question: i see from sysinfo that 5ghz has no devices connected. i would expect my laptop to use it, but there is almost no traffic right now. is 5ghz kicking in only when bandwidth would ask for it?

It will list currently connected clients. It either means the laptop isn't currently connected, or it's actually connecting to the 2.4 GHz radio. Check System Log -> Wireless Log for more details.

 

[RMerlin]

As fas as I Know dualwan still does not support RT-N66U (and probably won't) and after some googling I flashed your firmware hoping that the experimental dualwan would work.

I've been trying to fiddle with it in the last few days without success. I can't see in the GUI if the 2nd WAN (LAN 1 port) has been given an IP and speedtest (torrenting) don't show any speed increase over 1x30Mbits.

Speedtest will probably not show any increase when using Dual WAN. Speed tests open a single connection, so it goes only through one of the two routes. Load balancing doesn't mean that transfer speed increases, it means you can transfer through both simultaneously.

Best way to see a speed increase is by starting multiple downloads, or starting a torrent. Connections should then be spread accross both links.

 

[MySeLf]

Sorry for not being clear. I did speedtest with torrents (as in: used a very healthy private torrent with tons of seeds) and the speed reached was clearly the limit of a single Cable modem (30 mbits/s).

 

[diyguy]

Having a problem with the latest firmware, I am locked out of the web interface, getting a connection refused from all my machines.

EDIT: seems to happen right after accessing the wireless log page, it somehow screws up the httpd on the router. not sure why, but after reboot its back to normal, I am staying away from the wireless log page for now.