There's a Solution for all – no matter OS
Menu...
Home / Netgear WNDR 3800 N600

Netgear WNDR 3800 N600

Well – after many years of satisfaction using this Soekris Net4801/5501, I’ve checked around,asked indifferent forums, and found out that this little netgear router was able to be flashed used OpenWRT – and then use the Router with Linux, building your own router up, based on several subnets, controlling the Wireless zone’s – all in a webgui, but also through subnets etc. This site describes how I did it.

But first of all – a little drawing describes how I want my network to be in the end – with all zones, subnets and Wireless configuraction:

As you can see, I’ve build this router so I can hadle the networks like this:

  1. LAN – Handling all normal PC’s connected in the house for internet using either cable or wireless
  2. DMZ – handles the servers for public access.
  3. MYTH – handles all network regarding my MythTV installation using Cable or wireless using 5.0ghz for IPAD, Tablets, phones etc.
  4. TEST – A test netwotk – closed out like a DMZ .

With this setup, I can handle my internal Web/mail-server with public access, and my internal LAN, MYTH and TEST acts like a seperate network, without any access across router. For several years I’ve used the Soekris Net4801 with Debian/IPtables, I’ve only got 100mbs for maximum usage, and since my MythTV installation got more and more complicated with IPADs streaming/controlling the MBE, Phones on the network allso – that’s the main reason for changing the network router.

I’ve found the Netgear WNDR3800 by looking at EDBpriser.dk – and placed the order for one.

N600 WIRELESS DUAL BAND GIGABIT ROUTER
Premium Edition WNDR3800
Dynamically selects clear Wi-Fi channels
Access and share USB hard drive remotely‡
Time Machine® compatible
Popular open-source Linux® firmware

Downloaded the latest image that fits the hardware – http://wiki.openwrt.org/ from the site,and startet the router out. The main accessable ways to connect are:

  1. connect using a telnetconsole – use login root at the IP of the rouer: 192.168.1.1
  2. set the password of root using thecommand passwd
  3. Now you have unlocked SSH and HTTP trafic to the router.
  4. In my case installing nano instead of vi. opkg install nano

The main configuration files are placed in /etc/config – where you can manage the setup using either SSHconsole or webinterface. Either way the configuration files looks the same in the end. The hardware switch were actually the hardest to get up and running, but ended up with the following configuratin files:

config interface ‘loopback’
option ifname ‘lo’
option proto ‘static’
option ipaddr ‘127.0.0.1’
option netmask ‘255.0.0.0’config interface ‘lan’
option type ‘bridge’
option proto ‘static’
option ipaddr ‘192.168.0.1’
option netmask ‘255.255.255.0’

option ifname ‘eth0.1’
config interface ‘wan’
option ifname ‘eth1’
option proto ‘dhcp’

config interface ‘dmz’
option type ‘bridge’
option ifname ‘eth0.2’
option proto ‘static’
option ipaddr ‘192.168.10.1’
option netmask ‘255.255.255.0’

config interface ‘myth’
option type ‘bridge’
option ifname ‘eth0.3’
option proto ‘static’
option ipaddr ‘192.168.20.1’
option netmask ‘255.255.255.0’

config interface ‘test’
option type ‘bridge’
option ifname ‘eth0.4’
option proto ‘static’
option ipaddr ‘192.168.30.1’
option netmask ‘255.255.255.0’

config switch
option name ‘rtl8366s’
option reset ‘1’
option enable_vlan ‘1’
option blinkrate ‘2’
option max_length ‘3’
option enable_vlan4k ‘1’

config switch_vlan
option device ‘rtl8366s’
option vlan ‘1’
option ports ‘3t 5t’

config switch_vlan
option device ‘rtl8366s’
option vlan ‘2’
option ports ‘2t 5t’

config switch_vlan
option device ‘rtl8366s’
option vlan ‘3’
option ports ‘1t 5t’

config switch_vlan
option device ‘rtl8366s’
option vlan ‘4’
option ports ‘0t 5t’

config switch_port
option device ‘rtl8366s’
option port ‘1’
option led ‘6’

config switch_port
option device ‘rtl8366s’
option port ‘2’
option led ‘9’

config switch_port
option device ‘rtl8366s’
option port ‘5’ option led ‘2’

This is the main configuration for the hardware switch. Actually it’ll create interfaces lan, dmz,myth and test as bridges between the RJ45 connection and the CPU – before leading the connection through eth1 to WAN. It’s allso possible to configure this through the webinterface, but i played around like this before getting it to work using the commandline.

The next part is define zour different zones in the firewall. Now I’ve created these zones:

  1. LANZONE — access to WAN and allowed to DMZ.
  2. DMZZONE – only incomming
  3. MYTHZONE – access to WAN
  4. TESTZONE – access to WAN

If you access like SSH or HTTP to a server inside the server you need to define access to that zone. Mostly you can edit this manually, by editing the file /etc/config/firewall.The main configuration off a upon port should look like this in the file:

########## Creating the Zones ##############
config zone
option input ‘ACCEPT’
option output ‘REJECT’
option name ‘dmzzone’
option forward ‘ACCEPT’
option network ‘dmz’### Allowing access through zones ###########
config forwarding
option dest ‘dmzzone’
option src ‘lanzone’

########## Opening a port #############
config rule
option target ‘ACCEPT’
option name ‘Web/mailserver’
option src ‘wanzone’
option dest ‘dmzzone’
option dest_ip ‘192.168.10.10’

config redirect
option target ‘DNAT’
option proto ‘tcp’
option src_dport ’80’
option dest_ip ‘192.168.10.10’
option dest_port ’80’
option name ‘Webserver’
option src ‘wanzone’
option dest ‘dmzzone’

Remember to add your webservers static hostname i Hostname, otherwise you’re not able to gain access to your webserver using the DNS names.
Now I won’t give you mine setup since, I’ve got some special ports etc, but these are the main setting for setting up the firewall in the router. You can from here create your needed configuration so it’ll fit your setup.

The best part is configuring the wireless network, since you can either create several Virtual WLAN and attach them to the wanted Interface – This actually means you can attach a wireless network to your own Testzone for setting up systems like my MythTV – Thats AWESOME…….
The wireless setup you can allso control both 2,4 and 5,0ghz area, and attach them to their seperate network. I have created one for my LANZONE 2,4ghz and one for MYTHZONE 5,0ghz for getting the network closed for it usage 🙂 Here’s a litlle taste of what it looks like using the LuCi Webinterface.

In the end I believe there’s plenty of different actions to run using your Netgear Router – but I haven’t tried all of them yet.