OpenWrt: A brief overview

What is it?

OpenWrt is a minimal system used for running a variety of consumer routing devices. The Linksys WRT54 and it's variants are the principal target platform, though there are Asus, Buffalo, Belkin, and Motorola products, all based on the Broadcom reference design, with varying degrees of compatibility. see:

How do I get it?

For most Linux users, OpenWrt is too difficult to set up and could yield a useless device (a brick, ironically a great building block for firewalls in the real world) – but for the average to experienced Linux user, the setup is not that bad. The main benefit of OpenWrt is customizeability, so if you're not planning on compiling from source, odds are you're better served with an OpenWrt based distribution. see: for obtaining, installing, and most importantly, enabling boot_wait


OpenWrt itself seems to be getting more attention as more distributions are being created. As a result the number of packages made for OpenWrt are increasing, and the intended goal of having a minimal system with many expandable options instead of just a specialized, limited system, is being realized.

FreiFunk: A fairly polished German distribution – some parts are translated into English, but only enough for basic configuration.

Ewrt: looks really nice – has anyone tried it out?

BC This is a community wireless project worth checking out. They currently integrate OpenWrt as a platform, using wifidog as the portal, and their authentication server for user management. I've been running their cvs firmware (based on OpenWrt) for the past couple of months. They are currently developing a web interface to make the device easy to set up and use. See for a PC based distribution that may also be back ported to the OpenWRT platform.

Other WRT distributions (not OpenWrt)

Sveasoft: By far the most controversial distribution – cited by many as being GPL violators. Putting aside my personal opinions about the particular business practices, it does appear to be in compliance with the strict letter of the GPL. Sveasoft actually does seem to make a very nice product with very active but heavily censored support forums.

dd-wrt: Based on sources released by Sveasoft (talisman).

HyperWrt: description from the page: "HyperWRT is a power boost firmware for the Linksys WRT54G and WRT54GS router. The goal of this project is to add a limited set of features to the last Linksys firmware, extending its possibilities but staying close to the official firmware."


The usual way to configure OpenWrt is with a read-only compressed squashfs partition and a secondary read-write partition. The second partition contains links to the squashfs partition, and serves as the root of the filesystem.

If you want to edit a particular file, you unlink it first, copy it from the read-only system, and then edit it. The benefit is that if you screw up, you can switch back to the original quite easily. Also, the read-only partition is capable of booting in failsafe mode (also used during installation/setup).

The last 64k of the flash chip stores name/value pairs that represent the nvram settings. There is a provided utility to change nvram settings. Most important of these is the boot_wait option, which if set, causes the device to wait a few seconds during bootup to make it possible to flash it with a new image during that window of opportunity. Failing to enable this setting can cause you much grief if you screw up your configuration and need to reflash. Also note that reflashing the firmware using this method does not change your nvram settings nor your second partition so a boot into failsafe mode is necessary (accomplished by holding down reset for a few seconds during bootup until the dmz LED flashes) At this point you might be wishing you had used a Sveasoft firmware afterall.

The alternate setup uses a jffs2 read-write root partition. I haven't tried it.


A plethora of options exist, including support for ebtables, iptables, openswan, openvpn, pptp, and cisco vpn concentrator client.

If you've never used vlans before, this will be a learning curve. The device is presented logically as a 6 port switch. This includes the WAN port, four switch ports and one port that represents the WRT itself, used for bridging. Actual port numbers and device names vary from device to device. The device can be configured to have as many vlans as you're likely to need, though usually one for the WAN and one for the switch ports is enough.


I've been using wifidog with the portal setup and have experienced some minor annoyances. Wifidog likes to have complete control of iptables rules but offers only a subset of iptables capabilities in the configuration file. As a result, I have an init script that creates my own tables after wifidog loads, sending traffic to those first before returning to the wifidog's dynamically managed tables. If I had time, I'd prefer to modify wifidog with more expansive iptables configuration options. see:


This is the build system that has a make menuconfig interface to generate a makefile that, when executed, downloads compiles and builds a filesystem image suitable for flashing to the device. Highlights for configuration options include granulated busybox feature selection, core OpenWrt package selection (such as dnsmasq, iptables, bridging support, tcpdump, ppp daemon, dropbear(ssh), dhcp forwarding, arp firewalling, openvpn, openswan, pptp, quagga, cups, SIP express router, Asterix, snort, fuse, pcre) and a few key kernel options for cryptography, filesystems, and network (ipv6, GRE tunnels etc) support.

The compiled system can be further customized with, for example, web content, ssh keys, custom settings like remote logging by default, allowing for a ready default configuration for easy deployment of zero configuration images

More related links: