A Better Router
Did you know that you can do more with your router? It is possible to have very granular control over everything that this all-important machine does. You just have to unlock it.
I installed DD-WRT onto my Linksys WRT1900ACS router.
What is DD-WRT? It's Linux-based firmware for wireless routers and access points. It is the software that enables your router to work, just open-sourced — meaning it can be much more powerful and flexible than what comes prepackaged on your store-bought router. The tradeoff is that it is more convoluted to set up and much easier to break.
Steps to Follow
- Download the required software for my Linksys WRT1900ACS
- Flash the DD-WRT image to my router
- Set up DD-WRT
- Set up Pi-Hole to serve as DNS server
1. Download the Required Software
I went to the DD-WRT website and searched for my router. I own a Linksys WRT1900ACS Version 2, which led me to the DD-WRT router database entry. I also needed to download an older version of the Linksys firmware to install DD-WRT. It took some searching, but eventually I found what I was looking for at userdrivers.com. This was required due to changes in Linksys's more recent firmware — I could not just upload the new software directly. Fortunately, Linksys makes the flashing process easy. After the router rebooted, the firmware update was complete.
2. Flash the DD-WRT Image
The first part is downgrading the current firmware. Using the 1.1.8 version obtained from userdrivers.com, I logged into my router at 192.168.1.1 and navigated to the "Connectivity" tab. From there I selected "Firmware Update", selected the appropriate file, clicked "Start" followed by "Yes", and let the process run.
Then I could load DD-WRT. I followed the exact same steps, but this time selected the DD-WRT firmware instead of the Linksys firmware. After the router rebooted, DD-WRT was running!
3. Set Up DD-WRT
This is the long and tedious part. Many aspects of a router are automatically configured in most commercial models — in DD-WRT, you define everything. Here's a brief rundown of the basic setup.
Setup Tab
| Setting | Value |
|---|---|
| Router Name | Router Name |
| Domain Name | URL pointed at my IP address |
| DHCP Type | DHCP Server |
| DHCP Server | Enable |
| Start IP Address | 192.168.1.XXX |
| Static DNS 1 | 1.1.1.1 |
| Static DNS 2 | 1.0.0.1 |
| NTP Client | Enable |
| Time Zone | US/Central |
Click "Save" then "Apply Changes".
Wireless Tab
Since this is a dual-band router, it broadcasts on both 2.4 GHz and 5 GHz. Each needs to be set up separately — settings are the same for both except where noted.
| Setting | Value |
|---|---|
| Wireless Mode | AP |
| Wireless Network Mode | AC-Only (5 GHz) / Mixed (2.4 GHz) |
| SSID | The Banana Stand 5GHz (5 GHz) / The Banana Stand (2.4 GHz) |
Click "Save" then "Apply Changes", then switch to the "Wireless Security" tab.
| Setting | Value |
|---|---|
| Security Mode | WPA |
| Network Authentication | WPA2 Personal |
| WPA Algorithms | CCMP-128 (AES) |
| WPA Shared Key | WiFi Password |
Click "Save" then "Apply Changes". The router is now ready for normal use!
4. Set Up Pi-Hole as DNS Server
With the old Linksys firmware, all I had to do was enter the Pi-Hole's IP address as a static DNS server. DD-WRT is a bit trickier, but I did get it working.
- Open the "Services" tab
- Select the nested "Services" tab
- Scroll down to the DNSmasq settings and enable as needed
- Under "Additional DNSmasq Options" enter:
dhcp-option=6,192.168.1.101 - Scroll to the bottom and click "Apply Settings" — your Pi-Hole is now the DNS server for the router
To ensure that devices with a hardcoded DNS address (looking at you, Android phones and Chromecasts) also use the Pi-Hole, go to Administration Tab > Commands and enter the following, then click "Run Commands" and "Save Startup".
Commands:
iptables -t nat -I PREROUTING -i br0 -p tcp --dport 53 -j DNAT --to 192.168.1.101:53
iptables -t nat -I PREROUTING -i br0 -p udp --dport 53 -j DNAT --to 192.168.1.101:53
iptables -t nat -I PREROUTING -i br0 -p tcp -s 192.168.1.101:53 --dport 53 -j ACCEPT
iptables -t nat -I PREROUTING -i br0 -p udp -s 192.168.1.101:53 --dport 53 -j ACCEPTFirewall:
# Keep network on Pi-Hole
iptables -t nat -I PREROUTING -i br0 -p tcp --dport 53 -j DNAT --to 192.168.1.101:53
iptables -t nat -I PREROUTING -i br0 -p udp --dport 53 -j DNAT --to 192.168.1.101:53
# Punch DNS hole for Pi-Hole
iptables -t nat -I PREROUTING -i br0 -p tcp -s 192.168.1.101:53 --dport 53 -j ACCEPT
iptables -t nat -I PREROUTING -i br0 -p udp -s 192.168.1.101:53 --dport 53 -j ACCEPTOnce set up, log into your Pi-Hole settings and go to the "Conditional Forwarding" section. Enter the IP address of the router and the domain name assigned to the router. This enables the Pi-Hole to resolve DNS queries by hostname instead of by IP address.
Takeaways and Future Thoughts
- Unexpected problems: Complicated setup with so-so documentation
- Future concerns: Future-proofing and updates will be fun
- Future enhancements: I expect much tinkering to ensue — I'm not even sure of all the capabilities yet
This project was almost completely done following the DD-WRT documentation and forums.