DD-WRT Step 4 Miscellaneous Settings

DD-WRT Step 4 – Miscellaneous Settings: SPI Firewall, logging, remote access and critical settings. Bonus, a quick tour of services offered by DD-WRT.

Which router does this guide cover?

This page will cover exclusively the router I have, but same principles apply for any other: Netgear® AC1900 – Nighthawk® Smart WiFi Router aka R7000:

Miscellaneous Settings
Netgear® AC1900 – Nighthawk® Smart WiFi Router R7000

AC1900 Features:

  • AC1900 WiFi—600+1300 Mbps speeds
  • 1GHz Dual Core Processor
  • Dynamic QoS prioritizes network traffic for uninterrupted video streaming for applications like YouTube®, Netflix® & others
  • ReadyCLOUD® USB Access allows you to enjoy personal and secure cloud access to USB storage anytime, anywhere


Step 1 – Basic Configuration

Step 2 – Wireless Configuration

Step 3 – Upgrade Firmware

Useful Services to Enable

Link Layer Topology Discovery (LLTD)

Miscellaneous Settings
Miscellaneous Settings

This will help Windows 7 and other tools to discover the topology of your home network. Unfortunately, this nice map feature was actually removed in Windows 8, as discussed here and here:

Miscellaneous Settings
LLTD mapping is gone since Windows 8. Bummer.

Security: SPI Firewall

It’s only used to block incoming traffic from WAN such as ping and SNMP. Leave everything else disabled as it can only filter traffic over http:

Miscellaneous Settings

Also, limit SSH access upon Bruteforce/DoS detection (although we do not know the caps that trigger it):

Miscellaneous Settings
  • Limit SSH Access: I use it so I recommend
  • Limit Telnet: telnet is NEVER open to the WAN
  • Limit PPTP Server Access: if you host a VPN Server
  • Limit FTP Server Access: if you host an FTP Server

Log Management

Miscellaneous Settings

It’s always a good idea to know what’s going on: I only enable logging of Rejected connections. You can enable the others for debugging purposes.


Miscellaneous Settings

Always enable UPnP, so many devices such as smart TV, iPhone and IoT require it. It will only work if your WAN access is configured correctly tho. UPnP will work only in the following 2 cases:

  • Case 1: DD-WRT behind DOCSIS 3.x cable modem: You setup DD-WRT as Gateway and rock-n-roll!
  • Case 2: You happily got your PPP user/password and will setup DD-WRT to connect via PPPoE directly through the DSL model in bridge mode

Case 3: DD-WRT behind PPPoE DSL modem: both you and the modem will be NATed. Not possible with UPnP since DD-WRT WAN jack will see the private IP of the modem as the WAN address, instead of reporting your actual public IP.

Miscellaneous Settings
Double NAT, Double Headache

When a device connected to router (that is in turn connected to another router) attempts to set up a port forward arrangement via UPnP, it ends up forwarded not to the greater internet but to the other router. This forwarding-dead-end means a wide range of applications and services–communication apps like Skype, smart home apps and hardware like your Nest thermostat, and music hardware like your Sonos music system–either outright fail or require a lot of annoying trouble shooting on your behalf to fix.

Web Access and Remote Access

No need to enable https unless you want to create a public access hotspot or share your network. Since DD-WRT will use a self-signe certificate, this will create another warning message from your browser.

Miscellaneous Settings
  • Web GUI: Make sure to NOT enable Remote GUI Management. I really don’t know what kind of security is configured to protect you from DoS and bruteforce attacks.
  • SSH Management: enable it once you have configured SSH. If you need it.
  • Telnet: NEVER EVER enable remote telnet access.
  • Allow Any Remote IP: I sue that, but your needs may vary. You can limit remote access for all these services with an IP range.

Critical Features

Miscellaneous Settings

Boot Wait is a feature you will hopefully never need. It introduces a short delay while booting (5s). During this delay you can initiate the download of a new firmware if the one in the flash rom is not broken. Obviously this is only necessary if you can no longer reflash using the web interface because the installed firmware will not boot. This needs more configuration once you have unlocked SSH access.

Reset Button

Miscellaneous Settings
This feature controls the resetbuttond process. The reset button initiates actions depending on how long you press it.
  • Short press – Reset the router (reboot)
  • Long press (>5s) – Reboot and restore the factory default configuration.

NEVER disable this. You WILL need it, trust me.


Unless you are stuck in 2001, this is only for Windows XP. Disable it.

Miscellaneous Settings

JFFS2 Storage

Lets you use the free space on the internal flash drive as a mounted drive. Free space available varies widely among routers. Netgear AC1900 R7000 has around 100MB available.

Miscellaneous Settings

I’ve usedit to install OPKG and Linux packages, but this is now highly discouraged. Read/Writes over the internal flash will fatigue the chip and once it fails, you can trash your router. Also, this internal storage gets corrupt over time. I had to reset the router 3 times in 2 years because of that. Big headaches when it happens on a Sunday evening with homeworks to rush before midnight… and it WILL happen, trust me.

In order to mount an internal File System, so you can install OPKG and other nice stuff (DNS AdBlocker project), use a USB stick instead! You will need a good quality USB stick, that has an internal UUID so you can automount it at startup. Good quality -I insist- I bricked 2 USB sticks (2GB each) over the span of 3 years.

Quick Tour of Services Offered

This tour is just about showcasing some of the available features and by no means how to configure and use them. As such, you can skip it and go directly to Step 5 – SSH Access DD-WRT

Access Restriction (Parental Control)

Most ISP and retail routers offer these options, but it’s good to know that DD-WRT also has them: you can block Internet access by schedule, by website (Roblox), protocol (P2P), or even keyword! JK, you cannot block by keyword since everything is served over https.

Miscellaneous Settings
I tested it for you: yes it works!

DD-WRT UI over SSL and Remote Access

You can access your DD-WRT remotely if you enable SSL and change the http port. Make sure you know what you are doing!

Miscellaneous Settings


DDNS allows you to access your network using domain names instead of IP addresses. The service manager changing IP addresses and updates your domain information dynamically. You must sign up for services through,,,, or other similar dynamic DNS service.

Miscellaneous Settings

Indeed most of these DDNS services are free, they require you to confirm via email that you actually are using their services… every months! This is obnoxious and in a future post, I will show you how to create your own DDNS service with AWS and a simple PHP page.

MAC Address Clone

Miscellaneous Settings

Some ISPs (please name them in the comments!) will require you to register your MAC address. If you do not wish to re-register your MAC address (why would they demand this after all), you can have the router clone the MAC address that is registered with your ISP.

Switch Config – VLAN

Miscellaneous Settings
VLAN Setup offers Link Aggregation!

Link Aggregation can be setup on ports 3 & 4 for a happily doubled bandwidth! Possible application: RAID NAS

EoIP Tunnels

Miscellaneous Settings

Ethernet over IP (EoIP) Tunneling enable you to create an Ethernet tunnel between two routers on top of an IP connection. The EoIP interface appears as an Ethernet interface. When the bridging function of the router is enabled, all Ethernet traffic (all Ethernet protocols) will be bridged just as if there where a physical Ethernet interface and cable between the two routers (with bridging enabled).
Network setups with EoIP interfaces :

  • Possibility to bridge LANs over the Internet
  • Possibility to bridge LANs over encrypted tunnels
  • Possibility to bridge LANs over 802.11b ‘ad-hoc’ wireless networks

IP over DNS Tunneling

Bypass Firewalls via DNS Tunneling thanks to an integrated NSTX daemon!

Miscellaneous Settings

NSTX is just like the defunct Iodine, it’s a TCP/IP Tunnel over DNS. A future post will show you how to configure and use it to your advantage.

Tor Node!

Miscellaneous Settings
You can be part of the Tor network natively!

Tor (The Onion Router Project) is installed since releases 42xxx. If you know what it is, a future post will show you how to check which version is isntalled and how to use it as a bridge/node!

Enterprise WiFi Security with Radius

Miscellaneous Settings

Radius is a logon server for remote access, much more secure than just PSK-TKIP-etc. It can be used for WiFi, VoIP, PAP and other technologies.

Miscellaneous Settings

FreeRADIUS is responsible for authenticating a third of all users on the Internet.

VPN Server/Relay/Client

DD-WRT embedds an OpenVPN Server/Daemon!

Miscellaneous Settings

FTP/Samba/DLNA Server

Miscellaneous Settings
So many options and services!

Hotspot Server

You can turn your router into a professional hotspot for your small business as well! Although you will also need a back-end server, which can also be installed on DD-WRT once you can access it via SSH.

Miscellaneous Settings
You can have your hotspot portal managed by They provide free and pay-per-use hotspot solutions with billing. For more information please visit

AdBlocking with Privoxy?

Miscellaneous Settings
Privoxy cannot block Ads since they are served over https

I really don’t know why they keep Privoxy installed by default. This is uterly useless since Ads are served over https. For a real DNS Ad-blocker solution, see this project.

Wrapping up

Always backup your settings once you have a working configuration you are happy with!

You have now seen pretty much all the options and services that are available. You configured basic networking, setup the WiFi and the Firewall, and you are armed and ready to reset the router in case something goes off. Time for Step 5 – SSH Access DD-WRT!

Leave a Reply

Your email address will not be published. Required fields are marked *

Success is just one script away

Exit mobile version