dd wrt on cisoc e1000 both version 2 and 2.1

as of 15/2/2014 dd wrt db recommends build version 21061, a special version needed for first flash:

http://www.dd-wrt.com/site/support/router-database search: e1000

Will check the vlan setup both before and after as phuzi0n makes the following (possibly important) point about the vlans on this device:

http://www.dd-wrt.com/phpBB2/viewtopic.php?p=607698#607698

vlan trunking/tagging confirmed working on  Linksys (cisco) e1000 routers (both v2 and v2.1) using dd-wrt.v24-21061_NEWD-2_K2.6_mini_e1000v2 (latest recommend from the database).

I've been faffing around with these routers for months now, trying to get them working as Wifi APs that have multiple WLANs and then trunking the subnets using tagging to my vlan capable switch over a single port/cable. I am using pfsense as a DHCP server for all subnets. I am trying to give wifi coverage in a large community building and want to provide both in-house and guest wifi facilities. I went for these routers as I read in the forum they should work and I've only paid between £6 and £15 each for all three, in nearly new condition.

It's probably because I'm a bit of a novice but despite the huge number of how-to's on this forum, it seemed quite a challenge, this post attempts to explain to other novices what foxed me for so long, because I'VE GOT IT WORKING! It's partly to do with the vagaries of this particular hardware.

Most of these things I've learned very slowly are actually clearly stated by phuzi0n in one place or another
1. Don't assume the gui works for the vlans as I did. As of Feb 2014 the gui will not set the vlans using the above version. I think I assumed that as most of the posts I was reading were four years old that this might have been sorted. Bad assumption. Don't fear the command line approach using telnet, it wasn't too hard.

2. Don't get confused about which (internal) vlans are used on this device. Most 100mbps router/switches normally default to 0 and 1 for the lan and wan. Gigabit router/switches normally use 1 and 2. I was seriously confused with the fact that on initiation vlans 0, 1 and 2 show on this device. These int. vlans use 1&2 as per gigabit, BUT they are only gigabit within the Chip, external ports run at 100mbps. Don't know why vlan 0 shows up but it well confused me. Eko and LOM explain the way this chip is deployed in this instance here: http://www.dd-wrt.com/phpBB2/viewtopic.php?p=595874#595874 . Ignore references to vlan0.

3. I was confused about how to set the DHCP serving for the two WLANS, which I wanted to come from my pfsense router. In the end I simply set a static IP for each of the two bridges that I created for the WLANS and found that the DHCP server was used by the clients. The confusing bit was what to do with the DHCP settings on the main gui setup page. I just left it as DHCP server and it didn't cause a problem. From the vlan settings below you'll see I had three subnets, I kept vlan1 as a management subnet bridged to the lan (as default). vlans 12 and 13 were for the two WLANS. I didn't have a problem using the WAN port for the trunking port, as some suggest can happen.

Default settings after flashing:

root@DD-WRT:~# nvram show | grep vlan.*ports | sort
size: 24854 bytes (7914 left)
vlan0ports=1 2 3 4 5*
vlan1ports=1 2 3 4 5*
vlan2ports=0 5


nvram show | grep port.*vlans 
root@DD-WRT:~# nvram show | grep port.*vlans | sort
size: 24854 bytes (7914 left)
port0vlans=1
port1vlans=0
port2vlans=0
port3vlans=0
port4vlans=0
port5vlans=0 1 16


root@DD-WRT:~# nvram show | grep vlan.*hwname
vlan2hwname=et0
vlan1hwname=et0
vlan0hwname=et0

I took examples from the switchports wiki page and amended them:

This one will:
1. make the wan port a trunked port for vlans 1,12,13 (all tagged vlans)
2. make ports 1 and 2 untagged ports for vlan1
3. make ports 3 and 4 untagged ports for vlan12

nvram set vlan1ports="0t 1 2 5*"
nvram set vlan12ports="0t 3 4 5"
nvram set vlan13ports="0t 5"

nvram set port0vlans="1 12 13 16 18 19"
nvram set port1vlans="1 18 19"
nvram set port2vlans="1 18 19"
nvram set port3vlans="12 18 19"
nvram set port4vlans="12 18 19"
nvram set port5vlans="1 12 13 16"

nvram set vlan1hwname=et0

nvram set vlan12hwname=et0
nvram set vlan13hwname=et0

nvram commit
reboot

Looks OK:
root@DD-WRT:~# nvram show | grep vlan.*ports | sort
size: 19228 bytes (13540 left)
vlan0ports=1 2 3 4 5*
vlan12ports=0t 3 4 5
vlan13ports=0t 5
vlan1ports=0t 1 2 5*
vlan2ports=0 5
root@DD-WRT:~# nvram show | grep port.*vlans | sort
size: 19228 bytes (13540 left)
port0vlans=1 12 13 16 18 19
port1vlans=1 18 19
port2vlans=1 18 19
port3vlans=12 18 19
port4vlans=12 18 19
port5vlans=1 12 13 16


This one will:
1. make the wan a trunked port for vlans 1,12,13 (all tagged vlans)
2. make ports 1, 2, 3 and 4 untagged ports for vlan1

nvram set vlan1ports="0t 1 2 3 4 5*"
nvram set vlan12ports="0t 5"
nvram set vlan13ports="0t 5"

nvram set port0vlans="1 12 13 16 18 19"
nvram set port1vlans="1 18 19"
nvram set port2vlans="1 18 19"
nvram set port3vlans="1 18 19"
nvram set port4vlans="1 18 19"
nvram set port5vlans="1 12 13 16"

nvram set vlan1hwname=et0

nvram set vlan12hwname=et0
nvram set vlan13hwname=et0

nvram commit
reboot

To setup further E1000's using duplicate settings as above (obviously changing IP addresses as necessary) I tried using the GUIs backup facility; for whatever reason it failed to insert all the ports in the correct vlans, although it did do some of them?

This one will:
1. make the wan port and port1 trunked ports for vlans 1,12,13 (all tagged vlans)
2. make port 2 an untagged port for vlan1
3. make ports 3 and 4 untagged ports for vlan12

nvram set vlan1ports="0t 1t 2 5*"
nvram set vlan12ports="0t 1t 3 4 5"
nvram set vlan13ports="0t 1t 5"

nvram set port0vlans="1 12 13 16 18 19"
nvram set port1vlans="1 12 13 16 18 19"
nvram set port2vlans="1 18 19"
nvram set port3vlans="12 18 19"
nvram set port4vlans="12 18 19"
nvram set port5vlans="1 12 13 16"

nvram set vlan1hwname=et0

nvram set vlan12hwname=et0
nvram set vlan13hwname=et0

nvram commit
reboot

UPDATE: Feb 2015. I have used four of these as described in the setup above and they have proved faultless in production! I never even have to reboot them. I'm now trying to deploy e2000's (with the gigabit switches - also cheap on ebay) in the same way - have already bricked my first one!

mythtv tweaks dec 2014

1.
mythlounge with ubuntu 14.04 shows xfce4-panel (menu bar) in top:

panel properties:
choose: 'Automatically Show and Hide the panel' and ' Don't reserve space on borders'


2.
Shutdown and reboot commands no longer work in mythtv. Edit sudoer's list

sudo visudo to edit the file:

user_name ALL=(ALL) NOPASSWD: /sbin/poweroff, /sbin/reboot, /sbin/shutdown

See also http://askubuntu.com/questions/168879/shutdown-from-terminal-without-entering-password

Above makes reboot, but not shutdown work?

Adding 'sudo poweroff' to custom halt command in mythtv--->setup--->general sorts this.

Tip:
have a look at frontend logs whilst using:

tail -f /var/log/mythtv/mythfrontend.log

3.
x11vnc not working from startup:


4.
dvd drive not working within mythtv:

in frontend playback settings specify location of dvd drive:
/dev/sr0

5.
Get Airplay working:
probably gonna need to have mythboxes and wifi on same subnet for this.


6. Fine tuning of mythsunroom:

nvidia overscan settings=50
mythfrontend gui doesn't resize: adjust pixels of gui in settings: appearance to 1831x1031

x11vnc from startup:
http://robot.wpi.edu/wiki/index.php/Setting_up_an_XUbuntu_VNC_Server#Automatically_start_the_server

mythserver rebuild dec 2014 - Completed!

Purpose: try to get new mythserver done by Christmas!

Current issues with present server:
live tv has to be 'recorded' not to crash
mythweb not working
mythbackend flaky and not autostarting
grub issue - only boots on hot reboot


Installed mythbunutu 14.04 64bit on 160gb drive; something about the ISOs now means that some m'board BIOS won't boot form the disks. Using pendrive instead. mythserver boots fine from it.

recordings (etc) live at: /var/lib/mythtv/ on their own separate 1tb drive.


Using rsync to copy recordings from old var to new one (temp mounted on old machine):

sudo rsync -a --progress /var/lib/mythtv/recordings/*  /media/a0907e07-74fe-4bdb-b2b3-c6bf2ae58ab1/lib/mythtv/recordings/





backup mythtv using:

markp@mythserver:~$ sudo /usr/share/mythtv/mythconverg_backup.pl --verbose

this creates a sql backup file in /home/mythtv
 copy it to the temp /var (on the new system db_backups is by default the place for the backups)

the following is supposed to change the location of the backup. can't see how it works.

echo "DBBackupDirectory=/home/mythtv" > /var/lib/mythtv/db_backups

copy the backups to what will be the new /var:

sudo rsync -a --progress /home/mythtv/*.gz /media/a0907e07-74fe-4bdb-b2b3-c6bf2ae58ab1/lib/mythtv/db_backups/




New server - tweaks and issues:

After installing the proprietary TBS drivers (not the new Opensource ones) the Hauppage cards are not seen.

The 'make' has probably caused an issue with the existingdrivers. The TBS forum advises: "You've got some old modules mixed in with the new ones".

sudo mv /lib/modules/$(uname -r)/kernel/drivers/media ~/media.bak

cd to where I unpacked the TBS drivers ( /home/markp/Downloads/tbsdrivers/linux-tbs-drivers/ )and remake:


sudo make install
sudo reboot


Trying to restore:
markp@mythserver:/usr/share/mythtv$ sudo ./mythconverg_restore.pl --verbose

--drop_database --create_database --directory /var/lib/mythtv/db_backups --filename mythconverg-1317-20141215131639.sql.gz

don't know why when I used the backup regime the ./ wasn't needed, restore needs it? Yes.

Remote Frontends can't connect:
Edit /etc/mysql/conf.d/mythtv.cnf
remove the hash from the "bind-address 0.0.0.0" line

Now working.

Backend runs out of disk space after a few days. Probably an issue with permissions in /var/lib/mythtv/ as previous mythbackend had to run as root.

chown to mythtv:mythtv and chmod to 666 in both recordings and livetv folders. probably everything in here should be owned by mythtv.

John Deere Model A spluttering

Note about the throttle linkage to the govenor: The linkage needs to be "1/2 a hole short", i.e. when the throttle is wide open, engine stopped, take the linkage out of the arm on the carb. The gov. spring should pull the linkage 1/2 of the hole dia. past the point where it will go in. There are no springs inside the gov. housing, about all that can happen in there is a thrown weight or the sleeve stuck from sitting.

from here:
http://www.smokstak.com/forum/showthread.php?t=22799

charity software - methodist charities

In summer 2013 I realised that the free 'google apps non-profits', after much UK lobbying for many years, is now available for UK Registered Charities. This is a great offer, for the facility it provides, costs serious money for businesses. I have successfully applied for and set this up for our Methodist Circuit. If you have dreams of using ICT effectively in your Circuit or Church and want to know what it can do, message me. In a nutshell it's key features are: secure document/creation and  sharing; shared calendars for colleagues and (potentially) a common address book (this needs work to make happen which I haven't been able to achieve yet); a shared Circuit-wide addressbook for email and directory creation has always been a bit of a holy grail for me! Got this sorted already - for free?? Let me know how!

Just recently I've investigated TT-Exchange, which offers donated software from several noteworthy firms, including microsoft, to UK Charities. Yesterday it was confirmed that our Circuit does qualify for some, if not all of the software, but importantly it includes the MS stuff. I think this means for an 'administration donation' we can get licences for Windows 8 OS for about £5, and Office 2013 Standard for £15. I will confirm in the future if this is true!

public wifi

Public wifi from church premises
When it comes to Safeguarding one area of protection and care that the church should not overlook is if it offers wifi facilities for the public from church premises.

There are good reasons why such provision can be positive and helpful. Increasingly the Church seeks to engage with the community around it by offering the church premises for a wider variety of uses. Using the premises for things such as conferences and training, are more attractive if providing an online facility, especially if your church premises have little or no 3G mobile phone broadband signal. Offering public wifi at a church raises two particular challenges: controlling who has access and controlling the content public users might use.

Controlling who has access - Providing wifi in a public arena, such as church premises, must be understood as fundamentally different from a domestic wifi scenario. One reason for this is that offering wifi safely to occasional/infrequent unknown users requires security approaches that are not needed in the domestic situation. A fixed wifi password which must be revealed to the wifi user, if distributed widely, leaves the wifi facility totally open to misuse and abuse. However systems which can give some level of control to the free wifi access must not be so complex that they become unattractive to either use, or administrate.

Controlling the content - Public wifi access is attractive to rogue internet users who might like to either download, or upload, illegal, illicit and pornogrpahic content. Assuming such a user makes an internet connection with their own wifi device, once they have disconnected and removed themselves from the physical location of the wifi hotspot, their is no way to trace who that person was.

Solutions
For every problem there are solutions and there are software and hardware tools which can, and I suggest should, be deployed by churches to ensure that the abuse and misuse of their wifi facilities is minimised as much as possible, this is not least for their own protection; there are serious legal and criminal ramifications of certain types of internet traffic being passed through a church broadband connection.
Controlling access - To control who can use the wifi a system which uses timed vouchers is a reasonable solution. Firstly such systems require users to present themselves to someone inhouse to obtain the voucher, which can be limited to only work for (eg) 4 hours. Each user voucher uses a code or password which is unique, not generic.
Controlling content - To ensure that inappropriate material is not passed through the Church broadband connection a content filtering system should be deployed. Although such systems require some management, they are essential to try and block and filter inappropriate internet traffic of guest users.
Deploying such a solution?
Such systems typically work by replacing the broadband router provided by the ISP with something more sophisticated. Such approaches need not be prohibitively expensive, especially if there are local people who can help with the setup and administration of the systems.
Some very worthwhile solutions which are free are available using opensource software-based routers. pfSense is an excellent example of an opensource solution  which can provide all of the above; it provides many professional features. Although such software is free to download and use it will need to be run on a dedicated PC. Ideally special PC hardware which has a very low power requirement is used. Such hardware can cost less than £200; if that breaks the budget pfsense can be run on a redundant PC which might cost next to nothing.
Other considerations?
Do you have extensive premises? If so one wifi access point (AP) might not cover all the premises, additional APs will be required. pfSense and solutions like it use a 'firewall' which provides robust security between different parts of the Church network, eg the church office. pfSense also has the ability to setup two (or more) wifi networks, one for trusted 'in house' connections and one for 'public' users. Separating these networks helps maintain network security; it does though add to the complexity of the setup. Carefully chosen AP hardware can broadcast both networks simultaneously, saving on hardware and power costs.

If you'd like to know more about deploying such systems post a comment or you contact me at: mark.pengelly AT methodist.org.uk

mythtv upgrade April 2014

Current issues:

grub problem, require hot reboot to make grub load?
channels not quite right.

Current setup:
mythtv .2
mythbackend doesn't autostart at present
1Tb drive has 200Gb / and 800 Gb /var partitions
(recordings are at /var/lib/mythtv/recordings)

<code>
markp@mythserver:~$ apt-cache policy mythtv
mythtv:
  Installed: 2:0.26.1+fixes.20131223.e41b710-0ubuntu0mythbuntu1
  Candidate: 2:0.26.1+fixes.20140322.1a4cebf-0ubuntu0mythbuntu1
  Version table:
     2:0.26.1+fixes.20140322.1a4cebf-0ubuntu0mythbuntu1 0
        500 http://ppa.launchpad.net/mythbuntu/0.26/ubuntu/ precise/main amd64 Packages
 *** 2:0.26.1+fixes.20131223.e41b710-0ubuntu0mythbuntu1 0
        100 /var/lib/dpkg/status
     2:0.25.3+fixes.20130813.b5adf03-0ubuntu0mythbuntu2 0
        500 http://ppa.launchpad.net/mythbuntu/0.25/ubuntu/ precise/main amd64 Packages
     2:0.25.0+fixes.20120410.1f5962a-0ubuntu1 0
        500 http://gb.archive.ubuntu.com/ubuntu/ precise/multiverse amd64 Packages
</code>



Aim:

replicate current .26 install so that it starts properly and has recording on separate drive.

recordings