Web interface

From DD-WRT Wiki

(Difference between revisions)
Jump to: navigation, search
Revision as of 05:08, 19 March 2008 (edit)
Soulstace (Talk | contribs)
(Regaining Access)
← Previous diff		 Current revision (17:16, 12 April 2024) (edit) (undo)
Kernel-panic69 (Talk | contribs)
((add note about lockout feature, cleanup format, add additional info related to MyPage and webUI in general))
 
(29 intermediate revisions not shown.)
Line 1: Line 1:
-The easiest way to configure your WRT with DD-WRT installed is through the web interface. This provides an experience much like configuring a desktop application. Advanced users may want (or need) to configure their WRT using [[Glossary#SSH|SSH]] or [[Glossary#Telnet|Telnet]]. Based off the old Alchemy firmware the default DD-WRT web interface is one of the most elegantly designed and easily accessed for any firmware around. It supports multiple languages and interfaces. It allows you to configure every single aspect of your router, and its simple GUI, with the ability to enter you own commands and complex scripts with ease. +{{languages|Web_interface}}
-==Accessing==+You are here: '''[[Main_Page|DD-WRT wiki mainpage]] / [[Web_Interface|Web-GUI]]'''
-[[Image:Wpa2.JPG|thumb|right|400px|The current standard interface of DD-WRT]]+
-*Open a web browser+__TOC__
-*In the address bar, type: http://192.168.1.1 (Your router's LAN IP address. It may be different than the one list here if you changed it.)+=Introduction=
-*Press Enter or click Go+You can contol the settings of DD-WRT in two ways:
 +# through the Web based Graphical User Interface (Web-GUI), which is explained on this page .
 +# using a Linux style command line interface. See [[Telnet/SSH_and_the_Command_Line]] for more details.
 +'''NOTE: DD-WRT features a security mechanism that will lock out access to the router for 5 minutes after 6 failed login attempts whether by webUI, SSH, or Telnet. Please wait or continued attempts will increase the time of the lockout.'''
-Starting with v23 SP1, the default username is ''root'' and the default password is ''admin''. Some earlier versions of DD-WRT did not require a username.+==Access via a web browser==
 +After installing DD-WRT Firmware you can access the DD-WRT Web-GUI using a web browser pointing to 192.168.1.1 on current releases for most supported devices. There may be some exceptions to this and it should be the same IP address as before you installed DD-WRT. These are some of the most common default IP addresses: 192.168.1.1 (most commonly used on Linksys and Asus), 192.168.2.1 (some Belkins), 192.168.11.1 (some Buffalos), 192.168.10.1 or 192.168.30.1 (some Motorolas), and there may be others.
 +
 +==Username and Password==
 +The latest versions of DD-WRT will require you to set your own username and password when you first access the web interface. '''Because the SSH user is always root, it is critical that a strong password be used. These passwords should be a minimum of 12 characters and use numbers and valid non-alphabetic characters.''' 12 characters dramatically reduces the probability of a successful random attack and has a cost / time infeasible computational requirement.
-Depending which version of DD-WRT you're running and depending how you've configured it, you may be able to see a status page without entering your username and password, a handy little feature that poses a small security issue for open networks. Intruders probably won't be able to access your network from this status page but they will have more information about your router's configuration than you should be giving out.+'''Valid special characters prior to 49599 are:''' <pre>~!@#$%&()-_=+[]{}\;,.<>/?</pre> '''Valid special characters for builds 49599 and newer are:''' <pre>!"#%&'()*+,-./;<=>?@[\]^_`{|}~$</pre> '''See forum threads:''' [https://forum.dd-wrt.com/phpBB2/viewtopic.php?t=328775 WARNING: Invalid Password characters that no longer work] [https://forum.dd-wrt.com/phpBB2/viewtopic.php?t=330490&start=117 UI themes! preview/public builds BUG hunting REPORTING]
-If you're at a remote location and have access to your router through [[Glossary#SSH|SSH]] or [[Glossary#Telnet|telnet]], but you'd like to enable remote web access, you may use the following command to allow access from one remote IP address:+The default username is ''root'' and the default password is ''admin'' (from v23 SP1). Some earlier versions of DD-WRT did not require a username.
-::'''iptables -I INPUT -p tcp -s <remote_location_ip> --dport 80 -j ACCEPT'''+==Elements of the Web-GUI==
 +The Web-GUI has five main elements
-This temporary remote web access will be disabled again when the router reboots (unless you turned <i>Remote Administration</i> on from the settings in the web interface or saved this as firewall script under Administration ->Commands).+:<font color=red>'''1.'''</font> The tabbed menu system
 +:<font color=red>'''2.'''</font> Main area
 +:<font color=red>'''3.'''</font> Action buttons
 +:<font color=red>'''4.'''</font> Help information
 +:<font color=red>'''5.'''</font> Some system essentials
-<b>Note:</b> In the final release of v23 you can't prevent wireless access to the web interface without also preventing wired access to it. I don't know if it's a bug or if it's by design. 
-===Regaining Access===+Clicking these text buttons gives you access to furter information
-=====Locally=====+
-If for some reason you completely lost web access to the router, the web server (HTTP [[Glossary#daemon|daemon]]) may be shut down. To regain access try starting the web server. [[Glossary#SSH|SSH]] or [[Glossary#Telnet|telnet]] into the router and enter the following commands:+
- httpd -h /www+:<font color=green>'''1.'''</font> More... (More Help)
 +:<font color=green>'''2.'''</font> Firmware details
 +
 +[[Image:web-gui-elements.png|670px]]
-To connect through secure HTTP, add the option ''-S'' at the end of the command. See the httpd man pages for more information about that command.+Some notes about the screen elements.
 +* The default information screen is the same as menu selection: ''Status->Sys-Info''
 +* To save changes you may have made to settings you need to press the Save button. Just moving to a new tab in the menu, will discard settings in the current menu tab.
 +* The time will count the time since the router has been powered up, until the router gets WAN access. By default the DD-WRT will automatically try to get the corrent time from a time server.
-You can use this feature to get a more secure router by activating the web interface only when you need to configure it, and then closing the web server once you're done.+==Menu Interface map==
 +Select one of the menu points below for information about settings within that menu page.
-To shut down the web server, run the command ''kill `cat /tmp/var/run/httpd.pid`'' (note the backquotes) or ''kill `cat /tmp/var/run/httpsd.pid`'' if you ran the web server with the option ''-S'' to get secure HTTP. 
- 
-=====Remotely===== 
-If you have remote SSH access to your router and wish to enable remote Web Management, issue the following commands: 
- 
- nvram set httpd_enable=1 
- nvram set http_enable=1 
- nvram set http_lanport=80 
- nvram set httpsd_enable=1 
- nvram set https_enable=1 
- nvram set http_wanport=8080 
- nvram set remote_management=1 
- nvram set remote_mgt_https=1 
- nvram commit 
- reboot 
- 
-Then connect by https://yourWANIP:8080/ 
- 
-==Interface Map== 
*Setup *Setup
**Basic Setup **Basic Setup
 +** IPv6
** DDNS ** DDNS
** MAC Address Clone ** MAC Address Clone
** Advanced Routing ** Advanced Routing
-** VLANs+** Switch Config
 +** Networking
 +** Tunnels
* Wireless * Wireless
** [[WebInterfaceWirelessBasicSettings|Basic Settings]] ** [[WebInterfaceWirelessBasicSettings|Basic Settings]]
-** RADIUS+** Advanced Settings
** Wireless Security ** Wireless Security
 +** Roaming
** MAC Filter ** MAC Filter
-** Advanced Settings 
** WDS ** WDS
 +* Services
 +** Services
 +** FreeRadius
 +** PPPoE Server
 +** VPN
 +** USB
 +** NAS
 +** Hotspot
 +** Ad Blocking
 +** SpeedChecker
* Security * Security
** Firewall ** Firewall
-** VPN+** VPN Passthrough
* Access Restrictions * Access Restrictions
-** Internet Access+** WAN Access
-* Applications and Gaming+* NAT/QoS
-** Port Range Forwarding+
** Port Forwarding ** Port Forwarding
 +** Port Range Forwarding
** Port Triggering ** Port Triggering
** UPnP ** UPnP
** DMZ ** DMZ
-** [http://wrt-wiki.bsr-clan.de/index.php?title=Quality_of_Service QOS]+** [[Quality_of_Service|Quality of Service - QoS]]
* Administration * Administration
** Management ** Management
-** Hotspot 
-** Services 
** Keep Alive ** Keep Alive
-** Log+** Sysctl
-** Diagnostics+** Commands
** WOL ** WOL
** Factory Defaults ** Factory Defaults
Line 86: Line 94:
* Status * Status
** Router ** Router
 +** WAN
** LAN ** LAN
** Wireless ** Wireless
 +** Bandwith
 +** Syslog
** Sys-Info ** Sys-Info
 +** [[MyPage|My Page]] (If installed. See [https://forum.dd-wrt.com/phpBB2/viewtopic.php?t=61746&start=364 My_Page (forum thread)] for updated versions for current releases.)
 +== Setting details about the Web-GUI==
 +Under ''Administration -> Management'' you can set various details about the Web-GUI. Like:
 +* set Username and Password
 +* control Access to the Web-GUI locally/remotely and more
 +* select between different Router GUI styles
 +
 +==Regaining Access==
 +===Locally===
 +If for some reason you completely lost web access to the router, the web server (HTTP [[Glossary#daemon|daemon]]) may be shut down. To regain access try starting the web server. [[Glossary#SSH|SSH]] or [[Glossary#Telnet|telnet]] into the router and enter the following commands:
 +
 + httpd -h /www
 +
 +To connect through secure HTTP, add the option ''-S'' at the end of the command. See the httpd man pages for more information about that command.
 +
 +You can use this feature to get a more secure router by activating the web interface only when you need to configure it, and then closing the web server once you're done.
 +
 +To shut down the web server, run the command ''kill `cat /tmp/var/run/httpd.pid`'' (note the backquotes) or ''kill `cat /tmp/var/run/httpsd.pid`'' if you ran the web server with the option ''-S'' to get secure HTTP.
 +
 +===Remotely===
 +'''Method 1:''' See [http://www.dd-wrt.com/phpBB2/viewtopic.php?t=29181 Enable Web Interface Over SSH?]
 +
 +'''Method 2:''' If you're at a remote location and have access to your router through [[Glossary#SSH|SSH]] or [[Glossary#Telnet|telnet]], but you'd like to enable remote web access, you may use the following command to allow access from one remote IP address:
 +
 +::'''iptables -I INPUT -p tcp -s <remote_location_ip> --dport 80 -j ACCEPT'''
 +
 +This temporary remote web access will be disabled again when the router reboots (unless you turned <i>Remote Administration</i> on from the settings in the web interface or saved this as firewall script under Administration ->Commands).
 +
 +
==Simulation== ==Simulation==
-[[Image:Onstart.jpg|thumb|left| The old Alchemy interface of DD-WRT v22]]+[[Image:Onstart.jpg|thumb|left| The old Alchemy interface of DD-WRT v22]][[Image:Wpa2.JPG|thumb| The v24sp2-early beta [[Web Interface|web interface]] of DD-WRT]]
-A setup simulation of V22-DD-WRT interface is [http://www.informatione.gmxhome.de/DDWRT/Standard/V22R2/index.html here].<br>+ 
-A setup simulation of V23-DD-WRT interface is [http://www.informatione.gmxhome.de/DDWRT/Standard/V23final/index.html here].<br>+A setup simulation of v24-sp2 and early beta DD-WRT interface is [https://router-firmware-test.gamma.nu/DD-WRT/index.html here].<br>
-A setup simulation of V24beta-DD-WRT interface is [http://www.informatione.gmxhome.de/DDWRT/Standard/V24BetaVPN/index.html here].<br>+A setup simulation of current beta DD-WRT interface is [https://forum.dd-wrt.com/demo/ here].<br>
-The old Alchemy firmware interface simulation is [http://www.0711-stuttgart.de/192.168.1.23 here].+
-[[Category:English documentation]]+[[Category:Management| ]]

Current revision

English •  Deutsch •  Español •  Français •  Italiano •  日本語 •  Polski •  Português •  Русский •  Svenska •  ‪中文(中国大陆)‬ •  ‪中文(台灣)‬ • 


You are here: DD-WRT wiki mainpage / Web-GUI

Contents

[edit] Introduction

You can contol the settings of DD-WRT in two ways:

  1. through the Web based Graphical User Interface (Web-GUI), which is explained on this page .
  2. using a Linux style command line interface. See Telnet/SSH_and_the_Command_Line for more details.

NOTE: DD-WRT features a security mechanism that will lock out access to the router for 5 minutes after 6 failed login attempts whether by webUI, SSH, or Telnet. Please wait or continued attempts will increase the time of the lockout.

[edit] Access via a web browser

After installing DD-WRT Firmware you can access the DD-WRT Web-GUI using a web browser pointing to 192.168.1.1 on current releases for most supported devices. There may be some exceptions to this and it should be the same IP address as before you installed DD-WRT. These are some of the most common default IP addresses: 192.168.1.1 (most commonly used on Linksys and Asus), 192.168.2.1 (some Belkins), 192.168.11.1 (some Buffalos), 192.168.10.1 or 192.168.30.1 (some Motorolas), and there may be others.

[edit] Username and Password

The latest versions of DD-WRT will require you to set your own username and password when you first access the web interface. Because the SSH user is always root, it is critical that a strong password be used. These passwords should be a minimum of 12 characters and use numbers and valid non-alphabetic characters. 12 characters dramatically reduces the probability of a successful random attack and has a cost / time infeasible computational requirement.

Valid special characters prior to 49599 are: 
~!@#$%&()-_=+[]{}\;,.<>/?
Valid special characters for builds 49599 and newer are: 
!"#%&'()*+,-./;<=>?@[\]^_`{|}~$
See forum threads: WARNING: Invalid Password characters that no longer work UI themes! preview/public builds BUG hunting REPORTING

The default username is root and the default password is admin (from v23 SP1). Some earlier versions of DD-WRT did not require a username.

[edit] Elements of the Web-GUI

The Web-GUI has five main elements

1. The tabbed menu system
2. Main area
3. Action buttons
4. Help information
5. Some system essentials


Clicking these text buttons gives you access to furter information

1. More... (More Help)
2. Firmware details

Some notes about the screen elements.

  • The default information screen is the same as menu selection: Status->Sys-Info
  • To save changes you may have made to settings you need to press the Save button. Just moving to a new tab in the menu, will discard settings in the current menu tab.
  • The time will count the time since the router has been powered up, until the router gets WAN access. By default the DD-WRT will automatically try to get the corrent time from a time server.

[edit] Menu Interface map

Select one of the menu points below for information about settings within that menu page.

  • Setup
    • Basic Setup
    • IPv6
    • DDNS
    • MAC Address Clone
    • Advanced Routing
    • Switch Config
    • Networking
    • Tunnels
  • Wireless
    • Basic Settings
    • Advanced Settings
    • Wireless Security
    • Roaming
    • MAC Filter
    • WDS
  • Services
    • Services
    • FreeRadius
    • PPPoE Server
    • VPN
    • USB
    • NAS
    • Hotspot
    • Ad Blocking
    • SpeedChecker
  • Security
    • Firewall
    • VPN Passthrough
  • Access Restrictions
    • WAN Access
  • NAT/QoS
  • Administration
    • Management
    • Keep Alive
    • Sysctl
    • Commands
    • WOL
    • Factory Defaults
    • Firmware Upgrade
    • Backup
  • Status

[edit] Setting details about the Web-GUI

Under Administration -> Management you can set various details about the Web-GUI. Like:

  • set Username and Password
  • control Access to the Web-GUI locally/remotely and more
  • select between different Router GUI styles

[edit] Regaining Access

[edit] Locally

If for some reason you completely lost web access to the router, the web server (HTTP daemon) may be shut down. To regain access try starting the web server. SSH or telnet into the router and enter the following commands: 

httpd -h /www

To connect through secure HTTP, add the option -S at the end of the command. See the httpd man pages for more information about that command.

You can use this feature to get a more secure router by activating the web interface only when you need to configure it, and then closing the web server once you're done.

To shut down the web server, run the command kill `cat /tmp/var/run/httpd.pid` (note the backquotes) or kill `cat /tmp/var/run/httpsd.pid` if you ran the web server with the option -S to get secure HTTP.

[edit] Remotely

Method 1: See Enable Web Interface Over SSH?

Method 2: If you're at a remote location and have access to your router through SSH or telnet, but you'd like to enable remote web access, you may use the following command to allow access from one remote IP address:

iptables -I INPUT -p tcp -s <remote_location_ip> --dport 80 -j ACCEPT

This temporary remote web access will be disabled again when the router reboots (unless you turned Remote Administration on from the settings in the web interface or saved this as firewall script under Administration ->Commands).


[edit] Simulation

The old Alchemy interface of DD-WRT v22
The old Alchemy interface of DD-WRT v22
The v24sp2-early beta web interface of DD-WRT
The v24sp2-early beta web interface of DD-WRT

A setup simulation of v24-sp2 and early beta DD-WRT interface is here.
A setup simulation of current beta DD-WRT interface is here.

Retrieved from "http://wiki.dd-wrt.com/wiki/index.php/Web_interface"