dd-wrt – speeding up internet browsing

Recently I have some time to play with my DD-WRT based router. I wanted to speed up internet browsing, so I decided to put on DD-WRT squid and DNSMasq. And here is what I’ve done.

My router config:

Firmware: 

DD-WRT v24-sp2 (08/07/10) mega

Partition layout:

Filesystem Size Used Avail Use% Mounted on
rootfs 5.7M 5.7M 0 100% /
/dev/root 5.7M 5.7M 0 100% /
/dev/mtdblock/4 25M 900K 24M 4% /jffs
/dev/discs/disc0/part1
504M 314M 165M 66% /opt
/dev/sda3 6.8G 1.1G 5.4G 17% /mnt

As You can see I have added extra space by connecting to my router  8GB USB flash drive ( Patriot Xporter XT ), and installed OTRW.

I will not provide specific information how to install squid and DNSMasq (DNSMasq is installed by default), but my settings of those daemons.

So here are the main changes that I’ve done in squid configuration:

http_port 192.168.1.1:3128 transparent
cache_mem 8 MB
maximum_object_size_in_memory 32 KB
cache_dir ufs /mnt/squid/cache 1024 16 256
minimum_object_size 0 KB
maximum_object_size 4 MB

Then I’ve created file:

/opt/etc/rc.firewall

And put in it:

iptables -t nat -A PREROUTING -p tcp --dport 80 -j REDIRECT --to-port 3128

So all the traffic to http is redirect to squid cache.

Squid proxy is almost done, but You need to configure above firewall to start up automatically when router starts:

nvram set rc_firewall=/opt/etc/rc.firewall
nvram commit
chmod 755 /opt/etc/rc.firewall

From now on You router will automatically redirect all http traffic through You own squid cache server, what will cause speed improvement while browsing sites in internet.

Despite it was faster I wanted to do it much better, and I started to digging up what is taking too long to load the page, and I realized that DNS queries takes too long, so I decided to use DNSMasq to cach dns queries.

To turn on caching just put

cache-size=2000

In Services->Services->Additional DNSMasq Options box, click Save, and Apply Settings.

It will cache 2000 dns queries in routers memory.

 

Ok, but what I’ve achieved by those modifications:

  • faster DNS queries responses (before modifications: +/- 40ms, after modifications: +/- 1ms)
  • faster page loading (before modifications: +/- 8s, after modifications: +/- 3s – it all depends on site, for example – facebook.com from 34s to 12s)

I will try to do some more modifications to speed up internet browsing with dd-wrt, so stay tuned.

Tagged with: , ,

here it is – Linuxcamp ver. 0.8

After almost a year break, we have next Linuxcamp meeting. All the details are available here: linuxcamp.pl

 

All are welcome

random password generator in bash

Here is small but powerfull aliast for .bashrc file. It will generate strong passwords. Just put this in Your .bashrc file:

genpasswd() {
	local l=$1
       	[ "$l" == "" ] && l=20
      	tr -dc A-Za-z0-9_ < /dev/urandom | head -c ${l} | xargs
}

And from now on You can generate password with genpasswd command in the terminal.

To run it:

$ genpasswd 16

And output:

WYNWudEXNFwOWw54

The number in command indicates what should be the lenght of generated password.

 

Tagged with: , , ,

redirect specified traffic to external server with dd-wrt

Recently I have to do some redirection based on iptables on DD-WRT powerd router. I didn’t find any useful information on google, so this is how I had done this.

First of all, redirection will be done for all packets going to port 80 to internet from every host connected to internal network. Here is script that I have used for this redirection:

#!/bin/sh
PROXY_IP=[IP]
PROXY_PORT=[PORT]
LAN_IP=`nvram get lan_ipaddr`
LAN_NET=$LAN_IP/`nvram get lan_netmask`
 
iptables -t nat -A PREROUTING -i br0 -s $LAN_NET -d ! $LAN_IP -p tcp --dport 80 -j DNAT --to $PROXY_IP:$PROXY_PORT
iptables -t nat -A POSTROUTING -o br0 -s $PROXY_IP -p tcp -d $LAN_NET -j SNAT --to $PROXY_IP
iptables -A FORWARD -i vlan1 -o br0 -s $LAN_NET -d $PROXY_IP -p tcp --dport $PROXY_PORT -j ACCEPT

To use this script You must just change [IP] to IP address that traffic will be redirected, and [PORT] to port to which traffic will be redirected. Then go to Administration/Commands and paste this (of course with changed ip and port of proxy), then save firewall. After that everything should work.

This script will redirect all requests done on port 80 to our PROXY_IP and PROXY_PORT.

LAN_IP is the routers internal interface address, and LAN_NET is network configured on that interface, so there is no need to reconfigure this script if You will change configuration of router.

Of course You can change port which should be redirected to PROXY, to do this just change destination port (which is described by –dport 80) to 443 (if You want to redirect all https traffic), so this line should be like this – to redirect all https requests to proxy server:

iptables -t nat -A PREROUTING -i br0 -s $LAN_NET -d ! $LAN_IP -p tcp --dport 443 -j DNAT --to $PROXY_IP:$PROXY_PORT

For more explanation, the first line (the one beginning with “iptables”) is used to redirect all traffic on given port to proxy server, the second one is used to know where packets going from proxy server must go (to internal hosts), and the last one permits that packet on firewall.

 

If You need more info please let me know – leave comment and I will reply asap.

Tagged with: , , , ,

ssh tunneling to bypass network limitation

Recently I had a problem with my vpn – I couldn’t connect to my vpn server because of network limitation. Despite 1194 port was blocked by academy network administrators, they do not block ssh port. So I used very simple ssh tunnel to run my vpn connection. Here is how I got this work.

All You need is ssh account on server where vpn ports are not blocked (or other ports that You want to use), and You can connect to it. In console You have to type:

ssh -f -L 3000:[destination_ip]:1194 root@[server_ip] -N

After issuing this command, You have 3000 port opened on localhost and can connect to it. This port will be tunneled to “destination_ip” and port via “server_ip”. If You need to change ports You will simply replace 3000 (localhost port to connect to), and 1194 as destination port on server that You want to connect to. Option “-f” requests ssh to go to foreground – so You can close terminal and tunnel will still run. Option “-L” specifies what port on local machine (client/localhost) will be redirected to “destination_ip”, and “-N” says that ssh will not execute any remote command.

 

That’s all for now…

Hope to write soon :)

Tagged with: , ,

configure cisco router – summertime in Poland

Last time I have some problem with changing time from summertime to wintertime in poland. My home Cisco Router (model 871) has ntp source time, but has not properly change time to wintertime. Here are the steps to configure it properly in Poland:

router# conf t
Enter configuration commands, one per line.  End with CNTL/Z.
router(config)#clock timezone GMT 1 0
router(config)#clock summer-time GMT recurring last Sun Mar 2:00 last Sun Oct 2:00
router(config)#exit
router#write

After that we have:

router#show clock detail
10:04:56.418 GMT Sat Nov 5 2011
Time source is NTP
Summer time starts 02:00:00 GMT Sun Mar 25 2012
Summer time ends 02:00:00 GMT Sun Oct 28 2012
router#

And that’s all to do…
Hope that helped someone :)

Tagged with: , , ,

hello world!!!

So I think it’s time to start blogging. I will post here things that I am currently working on. I think this blog will be like diary – for me to remember some things that I had done once and was really good stuff but realy hard to remember. Feel free to use all the tips, codes etc. that I will post here.

 

Hope to write soon…

Top