Friday, January 20, 2012

DD-WRT Port Forwarding Problems

Recently I bought a Buffalo WZR-HP-G300NH wireless router accompanied with a branded version of the popular third-party linux-based firmware DD-WRT to replace my previous router, also a Buffalo but an older model, the WHR-HP-G54
Buffalo WZR-HP-G300NH2, my soon-to-be-nemesis.

My old router ran rock solid for 5+ years' worth of torrenting and wireless and innumerable bits of data transfer until inexplicably one day a power surge appeared to have killed the wireless. Wireless is too handy not to have, so I bid my venerable router farewell. I figured this also would be the opportunity to do something I hadn't tried in some time, host a web server on my local machine. My ISP doesn't block port 80, so I figured I could pretty easily set up port forwarding and invite some folks to test out a site I've been developing.

I began by setting up Port Forwarding for TCP port 80 to my computer's IP address on my LAN in DD-WRT. I also used DynDNS to redirect a custom public URL to the dynamic IP address assigned by my ISP. Curiously, after rebooting the router, for some reason port 80 traffic returned "The connection has timed out" in Firefox, not only when I tried to hit the URL from a remote session to a computer at my office, but even using that same URL or even the local IP address on my own LAN. 

To rule out the possibility of my ISP blocking port 80 traffic, I tried setting up a spare Linksys WRTG54 v6 router I had lying around, using its factory firmware to set up a port forwarding rule. This worked fine, so clearly my ISP was not to blame. Indeed, a visit to CanYouSeeMe confirmed that port 80 was closed off to the outside world.

Undaunted, I decided to upgrade to the newest firmware from the manufacturer's support site. Buffalo seems to have had a bit of a disconnect with their product labeling. Whereas I thought I'd ordered the WZR-HP-G300NH, the model number on the router itself indicated it was actually a WZR-HP-G300NH2, which turns out to have different internals. The product dropdown list indicated two flavors of this particular router, both indicating WZR-HP-G300NH, and to the far right, one indicated as v1, the other v2.





This in itself was no big deal until I tried updating to the latest available firmware from Buffalo's support site. I assumed WZR-HP-G300NH2 corresponded to the entry for WZR-HP-G300NH v2, and chose the firmware accordingly. I proceeded to update the firmware via DD-WRT installed at the factory, and even got a message that the update went successfully and that the router commenced a reboot. Minutes passed, the DIAG light on the router flashing for a while, at first, but then ominously steady.


I left it for an hour to grab something to eat. When I returned, the steady DIAG stared me in the face. I went ahead and cycled power on the router, and the DIAG again stayed steady. Worse, the router's DHCP appeared dead, leaving Windows to assign the default IP via its APIPA, a fallback in case the router doesn't give out an IP address dynamically. The router didn't even respond when I assigned a static IP in its default subnet.

My shiny new router became officially bricked.




I managed to unbrick the router thanks to this blog post and at least install a compatible build of DD-WRT contributed by Brainslayer, a DD-WRT forum user, located on the DD-WRT FTP site here

Incidentally, the DD-WRT Router Database is currently clueless about the existence of the G300NH2 version of the router; the "official" build of DD-WRT I downloaded on the off chance it might work (wzr-hp-g300nh-dd-wrt-webupgrade-MULTI.bin) upgraded fine, according to the DD-WRT web interface, but the router bricked shortly after rebooting without any message indicating failure. Attempting to use this same build to upgrade via TFTP returned "Unsupport MODEL." which seems to indicate that the GUI overlooked the crucial problem with trying to apply a firmware that the router's most basic boot code recognized as an incompatible version... but I digress!

I then researched port forwarding issues and posted details to the DD-WRT forums as well as ServerFault, and although I was able to fix the issue with port forwarding failing from a computer on the LAN thanks to a workaround posted on the forums, no matter what DD-WRT build I tried, external port forwarding failed.

After literally dozens of attempts to reflash the firmware with various builds of DD-WRT, searching for alternative firmwares like Tomato and HyperWRT only to find that they support the G300NH, not the G300NH2, I finally settled on OpenWRT. They, at least, have a wiki specific to the v2 version of the router, albeit one that doesn't appear toward the top of the search results. I also found a wiki for the v1 model, riddled with warnings about the mysterious hardware discrepancies between the v1 and v2 models, interspersed with various "fix me" tags which didn't bode well.

Fix Me? Warning?? Super.

Unfortunately, a big disappointment for me was OpenWRT's lack of a native web interface. I've used Linux so that's not so much of a problem, it's just more scripting and typing that I'd rather relegate to a web interface designed for the job. DD-WRT is leaps and bounds ahead of OpenWRT as far as its web interface is concerned.

Nevertheless, I found a separate web interface for OpenWRT named LuCI. I used the same TFTP method I'd utilized to unbrick the router to install OpenWRT itself, then proceeded to download and install LuCI. This seemingly simple process caused tremendous grief for several reasons, mainly through inconsistent documentation and aggravatingly terse responses to questions in myriad forum posts.

Case in point, I encountered numerous forum postings where someone reasonable familiar with Linux tries following steps outlined in the wiki to install the firmware and the web interface, but encounters a build error. All too often, the expert response to this conundrum essentially was "just do it this way" or "that's what you get for doing x instead of y".

Questions came to mind. Do what which way? How should I try what you're suggesting? What the hell is the context of this task with which you are intimately familiar, but which I, a mere Linux tourist, am unaware of? Those aren't the kind of replies that facilitate a satisfactory resolution of a problem. At best they're static, at worst they're a brush-off by someone who thinks they're doing you a tremendous service by graciously responding to your plea for advice with a few vague words.

As of now, my once bricked router is successfully running OpenWRT with LuCI. BONUS, port forwarding works!

From LuCI, clicking on Network => Firewall and then the Add button under the Redirections section lets you set up a forwarding rule. OpenWRT with LuCI may not win in the intuitive web interface department, but that's far less important than being able to freakin' port foward!



Problem solved, and thus ends a journey down a road I hope to never take again. If somehow I'm stuck having to go this route (pun intended) once again, I'm taking this router out back and crushing it to dust with a sledgehammer (its potential replacement is already en route from NewEgg just in case).






Wednesday, January 18, 2012

Blackout, or Blackmail?

Today, Wikipedia joins a host of other sites participating in a protest against SOPA and PIPA, legislation which threatens to cripple the internet as we know it.

In solidarity with this movement, a "blackout" page appears when you try to view a given Wikipedia article.



This is a token gesture at best, meant to prevent the majority of netizens from browsing their content. It's trivial to set up a rule in the Element HIding Helper for AdBlock Plus which prevents this banner from appearing in Firefox.

Here's how to view Wikipedia articles despite the blackout:

1. Tap the Alt key to view the menu in Firefox.

2. Click Tools => AdBlock Plus => Filter Preferences.



3. Add the following element hiding rule:
||wikipedia.org/w/index.php?title=Special:BannerController

As a longtime geek and software developer, it only took minutes for me to find a way around the blackout. It's easy to take for granted the ease of access we all have to vast
stores of information on the web. 

My first reaction to the blackout made me think blackmail

Here we have Wikipedia essentially holding their information hostage, allowing a relatively small minority with the skills and wherewithal to work around the block, while the rest scrabble around looking for other sites with information they need, or... gasp... going outside and walking to the public library to interact with a real, living human being to do their research.

For the duration of Wikipedia's blackout, there may be some who will suffer, albeit on the level of many relatively trivial first-world problems. Students scrambling to finish their research paper due later today will have to make do with various other sites that tell you about alternatives or help you work around the block. Someone looking up the etymology of mango for trivia with friends over lunch will have to look past the first or second search engine result.

Yet, it is sobering to think how much people will suffer should SOPA in its initially proposed form pass. Freedom of information is core to the internet and fundamental to the continually evolving paradigm introduced by the information age. Clearly SOPA threatens that liquidity of information and, in fairly typical form, reveals how ignorant politicians succumb to the swansong of SOPA supporters trying the latest shotgun approach in a weak effort to combat theft of intellectual property.

I'm happy to share information which will enable others to freely view Wikipedia despite the blackout, but in retrospect perhaps Wikipedia realized how easy it would be to work around the block, and get others at a similar place in life as myself to think for a moment about what it might be like for the rich Persian rug of information to be swept out from under our feet with the fall of a gavel in Congress.







Monday, January 2, 2012

Update DNS on NameCheap for Blogger

Having recently swapped my domain over from GoDaddy to NameCheap (using the latter's BYEBYEGD coupon for a bit of a discount), I needed to update my domain configuration on NameCheap with the proper A and CNAME records for Blogger to link to my domain name.

Google provides info on how to create a CNAME record for a custom domain for several registrars, GoDaddy among them, but NameCheap's configuration was less than intuitive to find and update.

I found it from My Account > Manage Domains > Modify Domain, and then under Host Management clicked All Host Records. Then I applied the info in the Google help page to my domain configuration: