Sorry for the very delayed response…I offer no excuse. Anyway, I don’t think you will be secure with the VLAN. I’m not sure the Linksys offers a true VLAN so you aren’t getting the same level of security you might get via a enterprise grade switch. However, that’s not what you asked about.

I haven’t played with NoCatSplash or VLANs so I’m afraid I’m not going to be of much help. I wish I could be. I think you’re on the right trail of looking for an advanced firewall rule/IP table rule (one that you have to write in the text box versus configure via a checkbox). I currently have Tomato installed on my router so I can’t even look at the dd-wrt settings to see if I can come up with some good ideas for you. I suggest you post the question over at the dd-wrt site or search their wiki for people trying to do similar features. I bet your not the only person who has wanted that solution. The following forum entry might get you going down the right track: http://www.dd-wrt.com/phpBB2/viewtopic.php?t=1160&postdays=0&postorder=asc&start=15

If you find an answer, please come back and post a reply so that I may know and that others who visit my site can benefit from your knowledge.

Any thoughts?
Thanks,
Jason

I’ll admit that I haven’t used dd-wrt.v24_micro_generic.bin but from what I can tell from the dd-wrt wiki, the micro version supports WPA security.

Do any of the other wireless security options (e.g., WEP, WPA, WPA2, etc.) work?

Have you tried rebooting the firmware? After a reboot, it might work. If not, you can always do a hard-reset but doing so will reset your router to the dd-wrt.v24_micro_generic.bin defaults so you might want to jot down all of your custom settings before doing the hard-reboot.

Hope this helps.

However,
I am unable to set a wireless security method.
It is disabled. When I select WPA, I am taken to a blank screen. When I go back, it is still disabled.

I used the dd-wrt.v24_micro_generic.bin

“Thanks!” from another beneficiary of your efforts and generosity. Thanks for sharing your expertise and making this such an easy task.

Best regards!
Ken

1) I wouldn’t worry about the patches too much. I don’t know if they would work in XP 64-bit. I would think you’d need to find similar patches optimized for 64-bit Windows. Regardless, these are nice to have patches but aren’t essential especially if you’re just using a desktop.

2) I completely agree that the DD-WRT menu is quite vast. Based on your network description, I don’t think any you’ve missed any necessary tweaks. Going though this security guide is the most important. Other than that, look around and play with settings. You’re not going to mess anything up and if you do, just reset it back to the default settings.

One of the features I like is called something like static-dynamic IP addresses. Basically, most all routers use Dynamic Host Control Protocol (DHCP) which automatically assigns IP addresses to machines that connect to your network. This is very convenient. DD-WRT is no different. However, one inconvenience with DHCP is that the IPs are somewhat randomly assigned so one day you might be 192.168.1.24 and the next 192.168.1.5 even though you’re on the same PC and the same network. Static-dynamic IPs allow you to specify the IP assigned to your PCs (based on their MAC address) each time they connect to the network. This makes it easy to remember the IPs of each of your 3 machines–this is the static portion. The dynamic portion allows other machines that are new to the network (ones you have not specifically assigned an IP address) to automatically obtain a random IP. It’s the best of both worlds.

Another cool feature that I don’t use is Quality of Service (QoS). QoS allows you to set the priority of network traffic. For example, you could give Skype the highest quality and BitTorrent the lowest quality. That way the amount of bandwidth for services that you interact with like Skype aren’t impacted by downloads that are going on at the same time.

3) The firewall that comes with DD-WRT is perfectly fine. All router firewalls are what you call NAT routers which are better than software routers. Basically, they only let traffic that was initiated by a PC inside your network come back into your network unless you do port forwarding. Port forwarding is okay as long as you do a high numbered, random port. The other caveat is to make sure Universal Plug and Play (UPnP) is turned off. With that said, I would not turn off the XPs built-in software firewall though I wouldn’t worry about buying a commercial software firewall.

Hope this answers your questions.

Thanks,
Matt

Thank you so much for taking the time to write up this tech guide where a novice like me can understand it. I bought my first Linksys router and just flashed it to DD-WRT v24-SP1 standard (7/27/08) and the first thing I did was go through your article to secure my router. I do have some questions, though.

1) The two patches that you recommended we download (The Wi-Fi Protected Access 2 (WPA2)/Wireless Provisioning Services Information Element (WPS IE) and Wireless Client Update for Windows XP with Service Pack 2): will these two patches work on a pc running Windows XP 64 bit? I can’t seem to find any info on whether I need it since my pc runs 64 bit version of XP Pro.

2) The DD-WRT configuration is vast and quite complicated: is there any other essential tweaking I need to do for my simple 3 pc home network? We don’t play games or run a server or anything of that nature. At my home, all my PC’s are wired so we don’t use any wireless connection, but I plan to set up another network at my sister’s house using just wireless. Any tip would be greatly appreciated. Would I be correct to assume that DD-WRT v24-SP1 standard (7/27/08) comes with the security features set as default due to user requests?

3) How good is the firewall on this WRT54GL v1.1 router? Do I need a software firewall to go with this or is this sufficient?

Thank you for any insight you can offer. I will check back for any replies.