Hi

As i think adding whishes to the last custom firmware thread is no good, i add a whishlist here at least for what i think could be nice.


Syslog to Harddisk - Adding an Option to write the syslog (or Remoute) somewhere on /tmp/harddisk rather then ramdisk. If i remember right, HD gets mounted after syslog start, but maybe you see a possibility to do this oleg ?
VPN Support by phedny
Newer PWCx Driver vor Philips Cam´s High Resolution Mode
Option to prevent LPR and/or Jetdirekt Printing startup at boottime.


Greets

Well if you put this script in post-mount:


#!/bin/sh
cat /tmp/syslog.log >> /tmp/harddisk/syslog.log
killall syslogd
syslogd -m 0 -O /tmp/harddisk/syslog.log -S -l 7


This is more or less how Oleg would have to do it anyway if you don't want to loose all messages before harddisk is mounted. Only problem is that you get two " syslogd started:"-messages.. But I guess you can propably live with that. (If you want to overwrite syslog on reboot remove one > in second line.)

S.

PS: How does the syslog get rotated, by the way? Any one know?

Moved ;)

Also, you say 'Whishlist', but I only see one wish. Where's the rest ? :p

Moved ;)

Also, you say 'Whishlist', but I only see one wish. Where's the rest ? :p
I hope others will add their wishes here. :)

As for syslog - use unslung syslog_ng package, it's much more powerful, than busybox syslog.

I wish there would be an admin website to config all my Unslung packages.

Oh, wait, I'm allready working on that! :D First release scheduled somewhere in the next 2 weeks.

WLanMan: Are you able to keep your first post upto-date with the wishes of others? That way there's a nice list in one place.

WLanMan: Are you able to keep your first post upto-date with the wishes of others? That way there's a nice list in one place.

Sure i will, but i need some sort of minimal admin then ... what would be a good idea anyway ;)

Greets

Sure i will, but i need some sort of minimal admin then
GreetsWell, you can edit your own post -> that would be admin enough don't you think?

:p

Sure i will, but i need some sort of minimal admin then ... what would be a good idea anyway ;)

Greets

Hehe... Nice one.

Hmm. Anyway, as for my wishes... err... a shoutcast server of sorts on the WL-500g! I'm not sure how useful that would be since it has to be streamed from somewhere to the server anyway, when it's pretty much just as simple to run the server on a computer, but... still...

I'm fairly happy with the WL-500g except for its questionable wireless stability (I've never had the router running longer than a few days so I don't even know for sure how stable it is--just a little while ago my Pocket PC lost connectivity and had trouble regaining it but, eh...).

Oh, there is something that would be interesting. What about that port-knocking stuff mentioned here earlier for those of us super-obsessed with security?

Then there's TTL matching... and there's upgrading the kernel to support connection tracking (useful with iptables for security) and the iptables module to go along with it.. and... Hmm. That would all be more than I could ever ask for of a router, I think.

Oh, well, I don't know very much about this at all so pardon my terminology or lack of understanding, but what about some sort of SSH/SSL tunnel port forwarding... thing.... on the router itself, to allow LAN computers to not even realize or be required to have a server thing running in order to have secure access from the outside to certain ports. If you know what I mean... if that even makes sense. I have not done my research at all and have just heard about it.

Oh yeah, and while I'm adding in unnecessary stuff to my list, I might as well also mention the MIRROR target for iptables. It might be interesting to attempt to MIRROR those "Messenger" service popups back to their source (not that I get them anymore), if that would even have any effect... ;)

That's my Santa letter. :) I'd survive without any of those things, especially without a shoutcast server... and without TTL matching. Really, though, connection tracking would be nice. And there's nothing to be done about the wireless stability, of course, except keeping up with the latest ASUS GPL sources.

I'm very happy with the current status of custom firmware and its tremendous upgradability (way to go, ipkg!). Thanks, Oleg, very much for that! It's very excellent indeed. That's about all I have to blab about.

Oh, well, I don't know very much about this at all so pardon my terminology or lack of understanding, but what about some sort of SSH/SSL tunnel port forwarding... thing.... on the router itself, to allow LAN computers to not even realize or be required to have a server thing running in order to have secure access from the outside to certain ports. If you know what I mean... if that even makes sense. I have not done my research at all and have just heard about it.

This works perfectly already, using dropbear and putty. I currently use this for access to web-admin, Remote Desktop on PC's in LAN and for samba, although samba access is a bit trickier then the others.

It really is quite easy. In putty configuration Connection -> SSH ->Tunnels you can set up tunneling. I.e. for access to web-admin (yes I know you can use 8080) use: Source port: 8888 (can be anything), Destination: localhost:80, or for RD i use: Source port:33389, Destination:192.160.1.102:3389

With samba i mentioned that it is a bit trickier (talking windows here by the way), as they have not allowed you to specify which port to use. So to make it work you must either turn of your local share, since you must forward through port 139, or you can use a trick described here:
Samba over ssh without disabling file share. (http://www.blisstonia.com/eolson/notes/smboverssh.php) It works like a charm. (In short you must make an ekstra loopback address/adapter)

Anyways if you need secure access to resources on you LAN, SSH tunneling is a nice way of doing it. Although I wouldn't recomend transfering huge files using tunnelled samba!

Anyways if you want to find out more, google has the answers.

S.

Oh, well, I don't know very much about this at all so pardon my terminology or lack of understanding, but what about some sort of SSH/SSL tunnel port forwarding... thing.... on the router itself, to allow LAN computers to not even realize or be required to have a server thing running in order to have secure access from the outside to certain ports. If you know what I mean... if that even makes sense. I have not done my research at all and have just heard about it.
You probably are talking about what more expensive routers have: SSH (VPN) endpoints. When your router is a VPN endpoint the LAN PC's don't know all their data is transfered over a secure tunnel. This is allready available for the WL-500g, I believe this is what you are looking for: http://wl500g.info/showthread.php?t=2066

Thanks a lot barsju!!!

I have been using this technique for a while for mounting my samba drive over the internet with my Ibook. But with Windows I never tried because you have to disable filesharing which is mostly impossible (at work, etc...). Thanks a lot for this link!!!

Regards,
Rainer

Update drivers for webcams from, http://alpha.dyndns.org/ . There is support for all webcams that don't work right now.


Add as packages, dc hub, quagga support for routing (bgp)

This works perfectly already, using dropbear and putty. I currently use this for access to web-admin, Remote Desktop on PC's in LAN and for samba, although samba access is a bit trickier then the others.

...

Thanks, barsju. I knew very little about dropbear and putty and just figured all they were used for was telnet-related stuff. I'll look into that using almighty Google (since we're talking search engines, does anyone even find M*N's search engine to be worth a poo? don't answer that).

Styno, I think barsju was a little more on target, but I'm interested in looking into VPN stuff too. Thanks for the reply. Well, err, actually... VPN is more what I was thinking of, I suppose.

Thanks to the both of you.

I know I have asked this before but I would really like to see Captive Portal and Radius Authentication functionality on the 500g. This is primarily for Hotspots. The WiFi Dog project for the WRT54G looks like a good place to start.

What I need the Router to do is incercept web requests, and redirect them to an external page on the RADIUS server (can be internal if absolutely necessary). Here a client can either login with a pre printed paper ticket (With a valid username and Password in the RADIUS Database), or purchase a username and password (Using the billing program we run for the hotspots). Once the username and password are issued, the client can enter these on the portal page and log in to access the internet. An example of the portal page we use is https://212.113.195.2:8002/Test/Portal

If anyone thinks they customise the firmware to do this my company are willing to pay for the customisation.

Please let me know if anyone is interested in this project?

Cheers,

Niall

Hmm. Anyway, as for my wishes... err... a shoutcast server of sorts on the WL-500g! I'm not sure how useful that would be since it has to be streamed from somewhere to the server anyway, when it's pretty much just as simple to run the server on a computer.

Well, i startet Icecast (http://wl500g.info/showthread.php?t=1242) compilation for the WL500 a while ago, but stopped because of not getting some of the libs propper working. These configure scripts are driving me mad ...

But there is a tool that can stream mp3 to the icecast without reencoding, this needs to have your mp3 libary pre-encodet or a client capable of reconfiguring his decoder on the fly as bitrates change, what the better ones should be possile to do.

If you habe some intterst in it, try to make it work, maybe you habe time and can find the problem...

Greets

How about snmpd ?

It was on Oleg's todo list at v1.7.5.9 times...

How about snmpd ?

It was on Oleg's todo list at v1.7.5.9 times...

If you search the forum you'll probably find out why it can't be put into the firmware...



Anyway, I have another wish! :)
IPv4 IGMP support in the kernel! I... don't and probably will never use IGMP, it just bugs me knowing it's not there, especially because my ISP keeps automatically querying me about it (I see the V2 Membership Query packets with tcpdump) and the router doesn't reply. That's no big deal at all, but... why not have something that could probably be had at the expense of a few KB? I'm guessing ASUS took it out or commented something out to get rid of it for security purposes but I wouldn't mind it just being there even if I didn't use it. I mean, there's /proc/net/igmp6 but not /proc/net/igmp ...

So that's that.

How about snmpd ?

It was on Oleg's todo list at v1.7.5.9 times...
In fact it's already ready to be included (I've prepared it some time ago during the early 1.8.1.7 port phase and it's in the sources already), but it's really big (about 700k) and outputs just several octects of data, so it's space wasting stuff. At the time before 1.9.2.7-3c there was no space in the flash, so it was not included. At the moment I've some free space, but I've a choice: either to use it for other usefull apps or just fill it with snmpd. The things, which could be added includes newer samba version instead of current ancient one.

I have yet another wish, but a simpler one: the iprange match for iptables. This would be extremely useful for bridged VPN stuff. You may want the computers on your network, but you may not want to give them as much access as computers physically on the network (for example, you may want to block access to the router's web config, telnet, etc for the range assigned by openVPN alone).

As for snmpd, I was under the impression it was upwards of 20mb or something... guess I need to learn better searching myself :)

I have yet another wish, but a simpler one: the iprange match for iptables. This would be extremely useful for bridged VPN stuff. You may want the computers on your network, but you may not want to give them as much access as computers physically on the network (for example, you may want to block access to the router's web config, telnet, etc for the range assigned by openVPN alone).

Just group them to "subnets", then use "-s 192.168.1.16/29" - this way 8 adresses are matched.

snmpd is already done multiple time, however, it would be nice to have a well balanced version, with a good response time and yet a small memory footprint and still enough value to peek. Maybe this could be made a package? I mean not a generic one, but one made specificaly for Asus routers.

But a good feature would be to add bridge firewall abilities: ebtables is working with openwrt modules, but the most interesting would be to patch the kernel with a ebtables/bridge-nf patch to use rules from iptables to specify rules based on protocols, not MAC adress

Just group them to "subnets", then use "-s 192.168.1.16/29" - this way 8 adresses are matched.

I was considering that but didn't want to deal with the math ;)
Thanks for doing it for me :)

(... useless junk edited out; I'm using a different method now anyway)

Still... iprange might be kind of nice. Especially connlimit. (iplimit/connlimit would be very, very, very useful, and I definitely would like it to be there at some point... I mean it would be nice, eventually).

I should just learn how to compile for the WL-500g. It's not easy enough for a simpleton like me.

snmpd is already done multiple time, however, it would be nice to have a well balanced version, with a good response time and yet a small memory footprint and still enough value to peek. Maybe this could be made a package? I mean not a generic one, but one made specificaly for Asus routers.

I've disabled EVERYTHING not needed, but it's still about 700k. The problem is that even with some features disabled the stuff is still links to the resulting binary, wasting a space.


But a good feature would be to add bridge firewall abilities: ebtables is working with openwrt modules, but the most interesting would be to patch the kernel with a ebtables/bridge-nf patch to use rules from iptables to specify rules based on protocols, not MAC adress
I'm thinking of including ebtables support already. :)

I'm thinking of including ebtables support already. :)

I'm thinking of throwing a party!

Not to add to unnecessary side-conversation or overspeak (though I am), but I would definitely like to see ebtables.

Oleg--I was wondering if you did or did not plan to put connlimit support in the next version. As I've mentioned at least twice in an annoying, nagging way, I'd really like it :). If you have no plans to include it, I'd like to know so I can decide whether or not I should start working on it myself (which is a biggie for me).

tomilius, the problem is that this target is not supported in current iptables, so adding it would require patching kernel, switching to newer iptables and testing, testing, testing... So, at the moment I'm a bit busy to do so...

Thank you. That's OK. :) I've been trying to do it anyway, but I have problems compiling 1.9.2.7-4 (maybe I'll make another thread).

UPDATE: Well, I was able to compile and all (with some new packages and using 'make install' and not 'make image-wl500g')... iplimit is a possibility for now if you could please include that. broadcom/src/router/iptables/patch-o-matic can be "./runme base"'d with broadcom/src/linux/linux for the KERNEL_DIR, and from there things like iplimit can be patched in simply. I'm not actually exactly sure that it works yet... it's still compiling... but it should, and I'll edit this again if it does.

UPDATE again: Err.. uhh.. I may have done it wrong, but none of the stuff requiring patch-o-matic works. Not ttl, not psd, not iplimit... none of it. I got as far as getting them to actually compile and show up and everything, but they all have the same familiar "No chain/target/rule" problem. It may just be a matter of the kernel not getting recompiled or something because patch-o-matic confirms the patches were made.

UPDATE again with realization that this is not the place to put this stuff but carelessly putting it here anyway:
I .. think it was something to do with not having the stuff enabled in the kernel config before compiling (make menuconfig). Grr. This stuff is tricky. We'll see how it turns out.

SUMMARY: OK, yeah. So anyway. The patch-o-matic iplimit patch just needs to be applied, and then a make menuconfig and a Networking options and a Netfilter thingy and ... then include the iplimit junk. I got it. *yawn* ... Not very specific, but I know very little about this stuff and I figure you, Oleg, probably know what I mean anyway.

NOTE: There are some other features I find very useful involving iptables, such as psd... I have a nice setup now which blocks port scanners for 180 seconds, and I was surprised at how not-very-hard-if-you-know-what-you're-doing it was to set this stuff up.

I wish "screen". It's terminal manager with many useful functions.
I don't know how to compile it cos I'am linux newbie.
http://seth.positivism.org/man.cgi/1/screen
http://bent.latency.net/bent/darcs/screen-4.0.2/spec

Hi, do you think it would be possible to include a feature, which would enable bandwidth management only at certain times of a day? I am talking about something similiar, which already works for internet firewall. I think it would be much more , because I (and I suppose so do others) need to protect my network with firewall all the time but I need to restrict download and upload speeds only when I need to browse or get my mail or something alike. What do you think about it?

Hi, do you think it would be possible to include a feature, which would enable bandwidth management only at certain times of a day? I am talking about something similiar, which already works for internet firewall. I think it would be much more , because I (and I suppose so do others) need to protect my network with firewall all the time but I need to restrict download and upload speeds only when I need to browse or get my mail or something alike. What do you think about it?
You could achive that using a scheduler (cron) and the Wondershaper (wshaper) script. Search here on this forum and Google for info on cron and this forum for howto use the Wondershaper script.

My current wish is for AAC support, to extend http://www.wl500g.info/showpost.php?p=17695&postcount=32 to support all common audio formats. Something like LAMIP (http://fondriest.frederic.free.fr/realisations/lamip/) ipkg would be nice :)

It would be great to have support of libstdc++. Not only that a few good packages depend on it (e.g. python) but also to be able to run own C++ programs.

I would love "Advanced routing" support in the kernel. So I can do some kinky source based routing.

I would love "Advanced routing" support in the kernel. So I can do some kinky source based routing.

Doesn't quagga optware fit your needs ?

here is what i wish:

newer kernel;
cut, find, uname, who, finger and morebinaries;
bash shell by default;

thanx

You really wish a 8 MB flash chip!


here is what i wish:

newer kernel;
cut, find, uname, who, finger and morebinaries;
bash shell by default;

thanx

here is what i wish:

newer kernel;
cut, find, uname, who, finger and morebinaries;
bash shell by default;

thanx

cut, find, uname are present in busybox optware
uname is also present in coreutils optware
who is present in coreutils optware
bash is present in bash optware

any reason for not using theses packages ?

JF

tomilius, the problem is that this target is not supported in current iptables, so adding it would require patching kernel, switching to newer iptables and testing, testing, testing... So, at the moment I'm a bit busy to do so...
I have it directly from the developers, that the current userland iptables is backwards compatible down to kernels 2.4.


------- Additional Comment #5 From Pjotrek 2005-08-30 08:01 MET [reply] -------
I'm afraid that on a router with firmware it is not so easy for me to install a
more recent kernel. I could use a more recent iptables, but that would shurely
not like my old kernel (2.4.20 MIPSEL)?
------- Additional Comment #6 From Harald Welte 2005-08-30 09:05 MET [reply] -------
I'm afraid I cannot help with your special hardware and it's requirement to run
rediculously old (and buggekernels), sorry. That's why kernel developers
discourage the use of binary-only kernel modules...
Iptables userspace has support down to 2.4.0, so updating that is not a problem).
The current iptables & iptables-save programs are having big problems.
Just insert an '-m recent' line, and compare the output of iptables -L and iptables-save. iptables-save gets the counters all wrong, rendering the output useless for an iptables-restore. This is fixed in newer userland iptables.

And when i'm at it, it would be nice to have the REJECT target, to be able to give better reject messages. A reject message has been proven to delay an attacker much longer than even the TARPIT.

Thanks in advance,
Pjotrek

unaiur,

openwrt already has uname, find, newer kernel, etc within a less-than-4mb firmware so why not
i stick with oleg's firmware for development purposes and still love the asus's user friendly web interface!

exactly: if you need advanced functionality, switch to openwrt.

Is screen possible in this type of hardware, or are there limitations to use this program?

Thanks in advance.

I found this:

http://ipkg.nslu2-linux.org/feeds/unslung/wl500g/

Will try screen that is available there

After spending some time reading this guide (http://www.wl500g.info/showthread.php?t=923&page=2) and testing different configurations, I managed to get saned working on my wl500g. :)
One problem remains though. My scanner is a HP PSC2110 and without the hpoj driveres compiled for the wl500g, there will be no scanning. :(
Since I don't have any experience in compiling software for the wl500g/Unslug, I would like to add the hpoj drivers to the wish list.

Best Regards Lars Moeller

The list at http://ipkg.nslu2-linux.org/feeds/unslung/wl500g/ is quite impressive, however I'm still missing a DC++ hub software like OpenDCHub (http://opendchub.sourceforge.net/). Is this Overkill for the WL500g or could somebody provide me with binaries?

Can u create a feature so i can change the WLAN macaddress / LAN mac address easly? And maybe a feature to "switch" betwean "added" adresses for the WAN via an drop-down ore something.

To explain why i want this:
1) When you search in the MAC Vendor list, you can have a Cisco Catalyst 5000 instead of a Asustek macadres. Just for the fun.
2) When your ISP is offering DHCP adress by MAC address, and you'r moving your router to public places (lan-party/etc), and don't want anyone to know your "real" macaddress. Therefore a dropdown menu.

00:10:29:CA:FF:EE :D

Hi Oleg,

The built-in schedule on/off Radio feature is very useful to me. I normally use wireless only after office hour (Mon to Fri) so I Enable Radio only from 7pm to 2am daily just to avoid wasting power and reduce unnecessary RF radiation to my childen when it is not used. However, on Sat and Sun, I may use wireless earlier but the "Time of Day" is a global setting (ie. it applies to all days only). I need to enable the Radio by using wire connection before I can use wireless.

I wish if the configure level of "Time of Day" can be applied to day of a week such that I can have different schedule on/off Radio on week day and week end.

Best Regards,

As addon to the fully configurable MAC adresses (for each IF another), I realy need a fully configurable DHCP server, if thats possable.

I want to add custom headers and change the DNS server that's released by the DHCP config. I realy don't want to use the router as DNS!

I want the old pwcx module from the discontinued Philips webcam drivers project to be replaced by the new module provided by: http://www.saillard.org/linux/pwc/ The module is ~80kbytes long, and allocate ~60kbytes of kernel memory for decompressor.

And what about a kernel upgrade too! :D

Oleg:
Would it be possible to use LVM2 on the WL500:s?
-If so, please put it in the todo-list!:D
/Pjotrek

Hello!

I've got 2 wishes:


L7 filters. OpenWRT has a working solution, I need to apply some kernel pathes to use them. But I would prefer Oleg's FW, and I did not found something for them.
Java. Overkill for a wl500g, I know :) Of course, no AWT/swing and such needed, but it would be nice if I could run console java programs.

Hi all,

My wish: That ipp2p was precompiled in the software on the router, or somebody would help me actually compiling it - I don't have linux on my machine.

http://www.ipp2p.org/

BR,
René

how about lftp and maildrop
lftp is a swiss knife for ftp it knows sftp ftp/tls ftp/ssl http it`s like curl but with shell like interface
maildrop more tolerant for maildir/mbox than procmail

http://cpia2.sourceforge.net/
I wish to compile cpia.o module for these webcams:
http://webcam.sourceforge.net/

2 Whishes: Better QoS and layer7

UVC driver is really required. Presented ov51x and pwc Cams are not on the market. Looks like UVC driver just one kernel module. Please build it with next release.

Hi all,
My wish: That ipp2p was precompiled in the software on the router, or somebody would help me actually compiling it - I don't have linux on my machine.
As you wish ;) http://wl500g.info/showpost.php?p=131910&postcount=469

lftp is an excellent idea, it can be used as an fxp client to mirror one ftp server to another. I've tried to install it from nslu2's optware but no success.

I would really appreciate some help on it :)

greets