DD-WRT router behind a Box
by Antoine - categories : Network
The french internet providers "boxes" all have a router function with some options, but which remains basic and very limited, letting the geeks we are unsatisfied. A good solution to this : stick a router behind the Box.
I usually buy only Linksys/Cisco branded routers, deemed compatible with alternatives firmware like DD-WRT, OpenWRT or Tomato for the most well known ones. They offer a quite wide routers line up, but for the most of people the WRT54GL ('L' for 'Linux') is going to be sufficient and will allow to access the numerous functionalities offered by DD-WRT at lower cost. The ones who need sharper services (N wifi, gigabit ethernet, NAS functionality with USB port, more memory) shall take their eyes to the upper range router models. A schema worthing more than a thousand words, here is a representation of this kind of network configuration.
It's a very basic network configuration, probably one of the most common. Our LAN devices are 'hidden' behind the router, whose the role is roughly to manage the data exchanges between them in one hand, and mainly in a SOHO configuration to manage the exchanges between the LAN devices and the WAN (internet). In our case, the box will only be a simple modem, a bridge between the LAN and the WAN. We'll disable the router function on it, and it's our dedicated router who will take this role.
Disable router function from a french provider Box
Freebox (Free) Sign in to your Free account, at https://subscribe.free.fr/login, menu Internet → Configurer mon routeur Freebox and uncheck Vous souhaitez activer ce service.
Neufbox (SFR) Go to your Neufbox admin interface, which by default is located at http://192.168.1.1. Go to the menu Réseau → WAN. Check the 'bridge' modem then Apply. Read the process at the SFR assistance
Numéricâble Onto the lasts Numéricable routers (Castlenet and Ubee), there is (at last) an option allowing to disable the routeur modem from the modem, at http://192.168.0.1/RgSecurity.asp (replace 192.168.0.1 with your modem IP address if you changed it). nb : the process for Netgear modems is detailed at Numéricâble assistance. nb2 : you may need, depending of your modem firmware version, to connect as MSO to see this option.
Others Some providers doesn't supply complete enough modem to use it as a bridge. The only solution is a hack : active DMZ mode (= opens all ports) through the router IP.
Before the new router takes over your network, some configuration are required, especially if it's intended to be your home/office WiFi access point. Once the linking done, you can access the DD-WRT admin interface through http://192.168.1.1 by default. - In Setup → Basic Setup, we can eventually change the router name, its IP address, the maximum clients number, and the client IP address range start. - The menu Security → Firewall allows as its name suggests, to enable the FireWall to enable / disable some filters. In the most of the cases, disable some of them shall avoid you some trouble. - At last, in Wireless → Basic Settings and Wireless → Wireless Security, we'll be able to set the WiFi access point (AP) and set up its security. On the first menu we can give the AP a name (SSID), on the second one we'll choose the passkey and the encryption method. Prefer WPA2 Personal Mixed which allows to connect in WPA2 (best security), but in WPA too for the legacy devices which do not support it. Overall, forget about WEP which is easy to crack. I only detailed non exhaustively somewhat basic functionalities, a lot more ones exists among which a VPN server, SSH/Telnet access, DynDNS, MAC @ spoofing, WiFi radio transmission power, and a lot more detailed at DD-WRT documentation