Safely sharing your Internet connection with the neighbors: Using DD-WRT to setup a Linksys WRT54G in repeater mode

How do you bring down the high cost of cable Internet access? Share it with your neighbors (for a price, obviously)! You can do this naively by telling your neighbors your wi-fi network name and password, but this introduces a few problems:

  1. Liability: Do your neighbors use file-sharing services like BitTorrent? Comcast monitors that sort of traffic and sends cease-and-desist e-mail to customers sharing [unencrypted] torrents.
  2. Coverage: Unless you live particularly close together, a single wi-fi access point will probably not be sufficient for everyone to have a strong wi-fi signal everywhere they use their computers, tablets, and smart phones.
  3. Performance: No one wants their Internet connection to slow to a crawl because their neighbor is using all of the available bandwidth to download the latest Game of Thrones episode.

For this guide, I’m assuming you already have a home wi-fi router and want to learn how setup a shared network with enhanced coverage and performance, while reducing liabilities. All without running extra cables around your house or apartment!

Equipment needed

  • A broadband Internet connection
  • A wi-fi router for your home or apartment (I’m using an Apple Airport, but any decent, modern router should work)
  • A Linksys WRT54GL wifi-router for your neighbors (you can find these online for less than $50)
  • DD-WRT firmware to unlock the full power of your Linksys router

 Network overview

Our basic idea is to create a private wi-fi network for yourself, and a public wi-fi network for your neighbors. This is why you’ll need two wi-fi routers. Plus, the public router allows you to position it where your neighbors will get the best signal strength, while you can still position your private router wherever it works best for you. The network you create will look something like this (solid lines represent Ethernet cables, dashed lines represent wi-fi connections):

Network topography: By introducing a second, public wifi router, you can keep your computers separated from your neighbors’ computers.

As this diagram shows, we’ll have an Ethernet cable running from your cable/DSL model to your private router, but that’s it! No other cables necessary!

Setting up your private network

I’ll assume you’ve already setup your private wi-fi router (just about all of them come well-configured out-of-the-box these days), but here are some recommendations for a fast, secure network:

  • Enable WPA2 encryption: this is much more secure than WEP encryption, and lets you use easy-to-remember passwords instead of arcane sequences of hex characters. DD-WRT (which we’ll be using to setup your public router) only works well with WPA2 encryption, so this isn’t just a good idea; it’s required if you want your private router and public router to communicate wirelessly.
  • Pick an unused wi-fi channel: the most common channels are 1, 6, and 11. You can use a tool like iStumbler (Mac) or Kismet (PC) to identify which channels are already being used by nearby wi-fi routers. If channel 1, 6, or 11 is available, use it. If there are already a lot of other people using those channels, choose 3 or 9 to reduce wi-fi interference as much as possible.

Setting up the public network

Once you have your private wi-fi working properly, it’s time to setup your new Linksys WRT54GL to share your connection with the neighbors. We’ll also install DD-WRT firmware on it, which allows this old router to learn new tricks and perform significantly faster than it does out-of-the-box.

What’s firmware? Firmware is the software that controls your router. By upgrading from the Linksys firmware to DD-WRT, you are essentially installing software that can do more things (and do them faster!) than the Linksys software.

  1. Download the following files, and save a copy of this guide to your computer. You’ll be disconnected from the Internet while you initially configure your router:

    It may also be worthwhile to check this forum thread for newer recommended builds, but I know the r14929 has worked extremely reliably for me. Additional information about installing DD-WRT on the WRT54GL can be found here.

  2. Do a hard reset of your Linksys WRT54GL router. A hard reset involves four steps:
    1. With the router powered on, press and hold the power button for 30 seconds (I usually use a pen to press this button)
    2. Unplug the router from the power outlet while continuing to press the power button for an additional 30 seconds.
    3. Plug the router back into the power outlet while continuing to press the power button for an additional 30 seconds.
    4. Release the power button to let the router turn itself back on.

    So, you’ll be pressing and holding the power button for a total of 90 seconds. I can’t stress how important this step is—I skipped it the first time I setup my WRT54GL, and while everything looked fine, nothing actually worked properly.

  3. Connect your computer to the WRT54GL using an Ethernet cable plugged into the jack labeled 1 on the back of the router and turn off wi-fi on your computer.
  4. Open up a web browser and type 192.168.1.1 into the address bar, then hit the return key. You should be asked for a username and password. Leave the username blank, and type in admin as the password (this is the default way to login to Linksys WRT54 routers).
  5. Upgrade your WRT54GL with the micro DD-WRT firmware you downloaded earlier. We need to start with the micro firmware because of a bug in the Linksys firmware—some routers will stop working entirely if you try to install the standard DD-WRT firmware first. Linksys provides step-by-step instructions for installing new firmware.
  6. Wait about 5 minutes for the upgrade process to complete and the router to restart. Do not unplug the router during this time.
  7. Once the router has restarted, visit 192.168.1.1 again to confirm that everything is online. Then perform another hard reset (step 2 above).
  8. Once the router has restarted again, visit 192.168.1.1 in your web browser. Click on the Administration tab at the top of the page. You should be asked to log in; the default username is root, and the default password is admin.
  9. Click the Firmware Upgrade tab (beneath the Administration tab). Click on the Browse… button and select the standard firmware file you downloaded earlier, then click Upgrade.
  10. As with step 6, wait about 5 minutes for the upgrade process to complete.Do not unplug the router during this time.
  11. Once the router has restarted, visit 192.168.1.1 to confirm that everything is online, and then perform another hard reset (step 2 above). Yes, that’s three hard resets, and yes, they’re all necessary. I tried to skip these steps and found that none of my settings were saved by the router; each time it restarted it would revert to the default settings. Learn from my mistake!
  12. Now for the fun stuff! Visit 192.168.1.1 in your web browser and click on the Setup tab. If prompted to login, the username is root and the password is admin. (Feel free to change these at any time from the Administrationtab.) Most of the settings can be safely left at their default values, while others will depend on your personal network configuration. The sections below  describe the necessary changes to get your public wi-fi network running, plus some recommended (but optional) settings that I find work well. Each step refers to settings on a specific tab and sub-tab of the router’s configuration webpage (192.168.1.1).

    Always click the ‘Save’ button before moving on to the next tab!

    1. Setup→Basic Setup
      • Local IP Address (optional): My private router uses the IP address 10.0.1.1, so I set this field to 10.0.2.1 to easily tell them apart. If you make this change, you’ll need to connect to 10.0.2.1 instead of 192.168.1.1 for the rest of this guide.
      • Static DNS 1 (optional): Set this to Google’s public DNS server, 8.8.8.8.
      • Static DNS 2 (optional): Set this to Google’s backup DNS server, 8.8.4.4.
      • NTP Client (optional): Enable this and set the time zone appropriately.
      • Server IP/Name (optional): If you enable NTP, then set this to 0.us.pool.ntp.org.
    2. Wireless→Basic Settings
      • Wireless Mode: Repeater.
      • Wireless Network Name: Set this to your private network name. For example, before I added the public wi-fi router, I had one wi-fi network named Prydain, which is what I entered here.
      • Wireless Channel: Set this to your private network channel. You may need to log in to your private wi-fi router to determine (or set) the channel it uses. I would set it to 1, 6, or 11, and not the auto mode most routers default to.
      • Network Configuration: Bridged.
      • Now click the Add button. A set of fields will appear for your new virtual interface (this will be the public wi-fi network). Configure them as follows:
      • Wireless Network Name: Set this to your public network name. For example, I named my public network A Series of Tubes, which is what I entered here. Almost anything will do.
      • Wireless SSID Broadcast: Enable so your neighbors can easily find your wi-fi.
      • Wireless Channel: Set this to your private network channel, same as above.
      • AP Isolation: Disable so if your neighbors have multiple computers, they’ll be able to share files with one another via wi-fi.
      • Network Configuration: Bridged.
    3. Wireless→Wireless Security
      • Security Mode: WPA2 Personal (If you haven’t already done so, your private router also needs to be configured for WPA2 Personal security with AES encryption. Most modern routers (as of 2012) default to this security type, but it’s a good idea to verify it.)
      • WPA Algorithms: AES.
      • WPA Shared Key: Enter your private wi-fi password (i.e., the password you normally use to connect your computer to your wi-fi network).
      • Under the Virtual Interfaces section, use the exact same settings as above, except for the WPA Shared Key. Make this different, so that your neighbors will use a separate password than you use. The virtual interface’s Wireless Network Name is the wi-fi name you’ll tell them to connect to, and its WPA Shared Key is the password they’ll need to successfully connect.
    4. Wireless→Advanced Settings
      • Frame Burst (optional): Disable
      • TX Power (optional): I experimented with higher values, and found 110 to result in a strong signal for my neighbors without causing interference. I wouldn’t set this any higher than 150; return it to the default of 71 if you experience problems.
      • WMM Support (optional): Disable to conserve memory.
    5. Services→Services
      • DNSMasq (optional): Enable (These settings enable local DNS caching with a memory limit)
      • Local DNS (optional): Enable
      • Additional DNSMasq Options (optional): cache-size=100
    6. Security→Firewall
      • SPI Firewall (optional): Disabled (The firewall isn’t needed inside of the network, and interferes with bridging mode)
    7. Access Restrictions→WAN Access
      • Catch all P2P Protocols (optional): Enable this setting to block all unencrypted peer-to-peer traffic for your neighbors.
    8. NAT / QoS→QoS
      There are a lot of options on this page for controlling Quality of Service (QoS), which essentially means setting speed limits on certain Internet activities. If you set Start QoS to Enabled, you’ll have the option of setting a bandwidth limit on your neighbors’ Internet speed, or use the Services Priority section to only limit certain types of activities (like BitTorrent downloads) by setting their priority to bulk.
  13. Restart the router by unplugging the power cable for a few seconds, and then plug it back in. Enjoy your new, secure shared network!

iCloud and Outlook: Installation Order Matters!

Nice work, nVidia. Today marks the third time in three years I’ve had to send my Mac back to Apple to replace one of your faulty GPUs. What the hell happened?

I spent the morning setting up an old Windows box so I can at least keep up on e-mail while my Mac gets a less-broken logic board. Figured this would be a good chance to checkout iCloud on Windows, so I downloaded it, installed it, and then installed Outlook 2010. Went into the iCloud control panel, told it to synchronize my Outlook Contacts, and… no. Got this useful error instead:

Error: 0x8004010F: ZebraMapiCopySession::CreateMobileMeMessageStore: CreateMessageService failed

What the hell does that mean? Turns out, it means that you shouldn’t install Outlook after iCloud; you need to install Microsoft Office first. Uninstalling and then re-installing iCloud fixed the problem. Now I’ve got my calendar, contacts, and e-mail all showing up nicely in Outlook. Which would be awesome, except—it’s still Outlook.

And Apple? Your error messages could use some work…

Apple TV and iTunes Match

My 3rd generation Apple TV (with iOS 5) has some problems streaming media. First noticed it with NetFlix; the stream would pause for about 30 seconds every couple of minutes. iTunes Match had a different problem; after playing about 10 minutes of music, the screen would go blank (my TV started searching for different inputs, so I think the Apple TV’s output signal completely died), then return to the Apple TV home screen. I haven’t had any problems using NetFlix or iTunes Match on my computer, so I assumed the wifi (an Airport Extreme) and Internet connection weren’t to blame.

Finally seem to have tracked down the problem (or at least, one of them): it’s something in the Dolby Digital output. Go into Settings/Audio & Video/Dolby Digital and change the value to Off. I have my Apple TV hooked up to a receiver via an optical cable, so I’d turned this setting on to get surround sound. Since disabling, I’ve been able to listen to entire albums on iTunes Match for the first time—they had never made it past the 10 minute mark before. Here’s hoping a software update will fix this issue and restore the surround sound feature…

Update: Spoke too soon—just dropped the audio stream again, though it’s definitely not happening as consistently as before. *sigh*.

iOS 5.1 disabled iMessage

Not sure if anyone else has had this problem, but it looks like yesterday’s iOS 5.1 update turned off iMessage support, at least on my AT&T iPhone 4. A quick trip to Settings→Messages→iMessage was all that it took to get iMessages working again (they had somehow been turned off during the update).

Anyway, just posting in case someone else is trying to figure out why their iPhone suddenly stopped receiving iMessages.

Yet Another WordPress Flash Uploader Problem (with solution!)

This was a new one for me. Every time I tried to upload a photo to a WordPress site, I received a very informative “HTTP Error” message while the upload progress bar read “Crunching…”. Thanks in part to the stunningly generic error message, it took a while to figure out exactly what was going on.  The problem, it turns out, was HTTP authentication; I had enabled Apache’s basic HTTP login for the site, but being a plugin, Adobe Flash was not similarly authenticated.  So, trying to use the Flash-based image uploader kept silently failing because it couldn’t authenticate with the server.  The fix is simple: just tell Apache not to use authentication for the script that handles Flash-based uploads.  You can do this by modifying the .htaccess file in the root of your WordPress directory like so:

<FilesMatch "(async-upload.php)$">
    Satisfy Any
    Order allow,deny
    Allow from all
    Deny from none
</FilesMatch>

Making the Apple Keyboard Play Nice with Windows

After a long, long love affair with Logitech, I’ve finally finished a slow migration toward Apple’s input devices.  Their aluminum keyboard took some getting used, but once I’d grown accustomed to it on my Macbook, I decided to get one for my Windows 7 desktop.  It seemed like everything was working perfectly until I pressed the mute button; nothing happened.  Volume down?  No go.  In fact, all of the media keys (volume up/down, mute, play/pause, etc.) refused to do anything. For whatever reason, SharpKeys and other keyboard mapping utilities don’t recognize Apple’s media keys.  The solution, it turns out, is to install a pair of Bootcamp files from your Mac OS X installation DVD.

Here are the steps that worked for me.  I’m running Windows 7 x64 with a 2010 Apple aluminum keyboard, and have a Mac OS X 10.6 Snow Leopard installation disc.  As always, your mileage may vary:

  1. Insert your Mac OS X installation disc.  If it tries to auto-run anything, cancel it.
  2. Open Windows Explorer, right-click on your DVD drive, and select Open from the menu.
  3. Navigate to the Boot CampDriversApple folder.
  4. Copy BootCamp.msi (or BootCamp64.msi for x64 systems) to your desktop.
  5. Copy AppleKeyboardInstaller.exe (or x64/AppleKeyboardInstaller64.exe for x64 systems) to your desktop.
  6. Use a tool such as 7-zip to extract the AppleKeyboardInstaller.exe file.
    1. With 7-zip, can you do this by right-clicking on the file and selecting 7-Zip->Extract to “AppleKeyboardInstaller”.
  7. Navigate to the folder you extracted AppleKeyboardInstaller.exe to and run the DPInst.exe file to install the Apple keyboard driver for Windows.
  8. Click Start->All Programs->Accessories, right-click on Command Prompt, and select Run as administrator.
  9. In the command prompt, type “cd Desktop“.
  10. Install BootCamp by typing “BootCamp.msi” (or “BootCamp64.msi” for x64 systems) in the command prompt.
  11. Once the installation completes, you can delete the files on your desktop and remove the Mac OS X installation disc.  Reboot your computer and enjoy your new media keys!

April 2013 Update: I just tried this method using Windows 8 and the BootCamp drivers from Mac OS X 10.8 Mountain Lion. Apple seems to be preventing the new BootCamp.msi  (version 5) from installing on non-Apple hardware, so the above method will fail on Step 10. Luckily I had an old copy of Mac OS X 10.7 Lion BootCamp drivers (version 4) which worked perfectly on Windows 8.

PHP ZIP Extension for MAMP

Do you use MAMP as a web development testing environment on your Mac?

Do you need the PHP ZIP extension for dealing with archive files?

Are you running Mac OS X 10.6 Snow Leopard?

I do, and found making these tools play nice together to be far harder than it should have.  If you need to fix a similar setup, here are the steps that finally worked for me (on Mac OS X 10.6.4 with MAMP 1.9):

  1. Install XCode if you don’t already have it (we’re going to be doing a bit of compiling).
  2. Download the MAMP source code components (available towards the bottom of the page).
  3. When the MAMP source code package opens, go into the MAMP_src folder and double-click the php-5.3.2.tar.gz file (if you are using a different version of PHP, replace 5.3.2 with your actual version number).
  4. You should now have a php-5.3.2 folder in your Downloads folder.  Open up Terminal and cd to ~/Downloads/php-5.3.2.:
    cd ~/Downloads/php-5.3.2/
  5. Install the pcre.h header file (we need it to compile the extension):
    sudo cp ext/pcre/pcrelib/pcre.h /usr/include/php/ext/pcre/
  6. Configure PHP for i386 architecture:
    CFLAGS="-arch i386" ./configure
  7. Configure the ZIP extension for i386 architecture:
    cd ext/zip; CFLAGS="-arch i386" ./configure
  8. Build the extension:
    make
  9. Install the extension:
    cp modules/zip.so /Applications/MAMP/bin/php5.3/lib/php/extensions/no-debug-non-zts-20090626/
  10. Enable the extension by opening /Applications/MAMP/conf/php5.3/php.ini and appending the following line:
    extension=zip.so
  11. Remove the pcre.h header file we installed earlier, we don’t need it anymore.
  12. Restart MAMP.  If everything worked properly, you’ll be able to goto http://localhost/MAMP, click on phpInfo, and see zip in the list of enabled extensions.

StrayLight Photography

I’ve been meaning to revamp the photography section of this site for a while now; this weekend, I finally found the time to do it. I registered a new domain, straylightphotography.com, and put together a portfolio consisting of my 20 favorite shots (<shamelessPlug>many of which are currently on display at Interzone through February 28th!</shamelessPlug>). I’m hoping to quickly expand the site with themed portfolios (portraits, urban decay, etc.), but… first things first.

Also, the new portfolio has been an excuse to play with CSS3 and jQuery 1.4.  Visitors using Firefox, Safari, Chrome, or Opera should see a site that behaves like it was created with Adobe Flash, but is fully accessible and doesn’t require the proprietary Flash plug-in.  Visitors using Internet Explorer… well… it at least degrades cleanly.  Mostly.

Mapping Caps Lock to Control without Admin Access

Somewhere along the line, I picked up the habit of mapping the otherwise utterly useless caps lock key to act as another control key.  If you’re an Emacs user, this is sort of critical to avoid the wrist strain of constant pinky-stretches to the lower-left corner of the keyboard.  Its become second nature now, so when I recently found myself working on a Windows-based lab computer where caps lock actually performed as-advertised, the result was a lot of code THAT lOOKED LIKE thIS.  Unpleasant, to be sure.

Linux and Mac OS X make remapping this key extremely easy.  System Preferences on the Mac and the GNOME keyboard control panel on Linux include a simple option to enable.  Tada!  No more wasted space west of ‘A’.  Windows, of course, is a different beast.

The good news: there’s a very simple registry hack to remap caps to control.  Seriously, it’s floating all over the internet.  Except, there’s a wrinkle–you need administrative access to edit the HKEY_LOCAL_MACHINE registry tree, which is what all of these hacks do.  For whatever reason, our school has decided computer science graduate students aren’t to be trusted with administrative access to their own computers [another rant for another time], so what’s a wrist-strained user to do?

Muck around in the Windows registry, of course!  It turned out to be pretty straight forward.  There’s a duplicate of the keyboard mapping registry key under HKEY_CURRENT_USER, which non-administrators can modify, and it appears to behave exactly like the key under HKEY_LOCAL_MACHINE.  So, for anyone in a similar position, here’s the registry key to modify:

HKEY_CURRENT_USER→Keyboard Layout→Scancode Map =
hex:00,00,00,00,00,00,00,00,02,00,00,00,1d,00,3a,00,00,00,00,00


You can download a registry update file here.  Save it to your computer, double-click it to update your registry, then reboot and enjoy your vastly-improved keyboard.

Automating Spellcheck (SpellCorrect?)

Let’s start this off by admitting a dark secret: my spelling is atrocious. As an example, I initially typed that sentence as, “Let’s start this off by admiting a dark secret: my spelling is attrocious.“  Built-in spell checking serves as a constant face-saver, but repeatedly finishing a sentence, switching from keyboard to mouse, right-clicking on the freshly-underlined words, and choosing what is nearly always the top choice from the built-in dictionary gets old.  The fact that the computer’s first suggestion is almost always exactly what I tried to type makes me wonder: why can’t the machine automatically correct misspellings?  Spell-checkers already rank the possible solutions, so it seems logical that if the delta of the ranking values between the top two choices is sufficiently large, it would be pretty safe to automatically make the replacement.  If the action was accompanied by some sort of animation or color change (like the highlighting Mac OS X’s Preview performs when searching text in PDF files), the user would be aware the change had been made and could quickly evaluate whether it was correct.  If it is, no need to switch over to the mouse and lose your train of thought; you can keep merrily typing away.  If the correction was wrong, the highlight should remain for a while so that the user can finish typing, then come back to fix any mistaken spelling corrections.

Combining this technique with a machine learning system to detect patterns in a particular user’s misspellings (including the actual word they wanted) you could quickly end up with a highly-accurate spellcorrecter tailored to the end user.  This brings the idea into my area of research, since the result would be a machine-learned program that could hold significant time-saving value to users.  I’ll have to take a closer look at this at some point soon.  In the meantime, I’m just frustrated that such a system doesn’t already exist.