Basic Configs in UI

  1. First time connect, as suggested, give a root passwd and enable SSH server.
    (Though enabled, you may need to manually "start" dropbear SSH server in the "startup" menu tab.)

  2. Enable wireless and make it part of LAN.

  3. Enable security and set a passwd.

  4. The default device mode is bridge. To use as a router, we need to disable bridge.

  5. Then the eth0 will be gone, so we need to add this interface again, naming "wan", using protocol "DHCP client".

All above steps are done in "luci" UI. The following configs can be done in the busybox terminal as shown below, or by doing vim /etc/config/network directly.

confirm eth0/wan is using DHCP

The default mode of eth0 is static ip, if no proto is selected when (re-)creating the wan/eht0 interface, we need to use udhcpc -i eth0 to get ip from upper router.
For permanent DHCP config, use: (ref1)

uci set network.wan.proto=dhcp
uci commit network
ifup wan

Change DHCP Pool

If the upper router is also using as ip pool, conflicts will occur, and the traffic from wrt's clients cannot be forwarded to upper router.

To change openwrt DHCP server ip pool, use the following code: (ref1)

uci set network.lan.ipaddr=
uci commit network

Enable Remote SSH

It is useful when having nested routers.

step 1 -- allow traffic / firewall

method 1 using gui:

Network > Firewall > Traffic Rules > New forward rule
Name: SSH
Restrict to address family: IPv4 and IPv6
Protocol: TCP
Match ICMP type: Any
Source zone: wan
Source MAC address: Any
Source address: Any
Source Port: Any
Destination zone: Device (input)
Destination address: Any
Destination Port: 22
Action: Accept

method 2 using commands:

uci add firewall rule
uci set [email protected][-1].src=wan
uci set [email protected][-1].target=ACCEPT
uci set [email protected][-1].proto=tcp
uci set [email protected][-1].dest_port=22
uci commit firewall
/etc/init.d/firewall restart

method 3 appending file /etc/config/firewall:

( have NOT tried this method, may NOT work )

#Allow SSH
config rule
        option src              wan
        option proto            tcp
        option dest_port        ssh
        option target           ACCEPT

step 2 -- enable ssh listening on wan (gui)

System > Administration > SSH Access -- Dropbear Instance

  • Interface: change to "unspecified"
  • Allow: Gateway ports
  • (Already By Default) allow Password authentication & Allow root logins with password ## step 3 -- restart services (gui) Status Firewall > Restart Firewall System Startup > Restart Button on dropbear ## step 4 -- disable remote ssh after usage remember to disable remote ssh after config !!!

Check Status


  • from busybox
  • from client

DNS prob

  • from busybox
  • from client

If you can ping google from 703n, but not from client, it means the route is not enabled. You need routing (possiblely also NAT).

NAT-ed Router

This has been discussed in another router-topic blog

Disable Remote Luci GUI Access

# vim /etc/rc.local
iptables --insert INPUT 1 --in-interface eth0 -p tcp --dport 80 -j REJECT

Change MAC Address

Not possible (actions / commands will not work).

Play With (Post Installation)