I've been running OpenWRT on a Linksys WRTSL54GS for a few months now, and I've been incredibly happy with the results. One of the main attractions was the ability to run OpenVPN on one of these little embedded devices, which pretty much eliminated the need for a full-fledged Linux or Solaris box as a router.
Now, the only real disappointment I had with the setup was a lack of fine-grained monitoring that I'd been used to with NTOP. After poking around a bit, I learned that ntop could support NetFlows sent from other device via a plugin, and that the OpenWRT device could send NetFlows with fprobe. This means I can use my MythTV box (for example) to run ntop on, and still receive all the data from the linksys.
On the OpenWRT side of things, setup is really easy:
root@openwrt:~# ipkg install fprobe
root@openwrt:~# fprobe -ibr0 192.168.1.6:2055
Where '192.168.1.6' is replaced with the IP of your ntop box. If you want to automatically start sending Flows every time the router boots up, you can add this to an init script.
Assuming you already have ntop up and running, adding a NetFlow is pretty simple there too. Navigate to the configuration options for the NetFlow plugin and fill in the relevant information. Activate the NetFlow plugin, and then you can view the statistics by selecting "Switch NIC" from the "Admin" menu in ntop. Once you do so, you'll start seeing what the router sees, which depending on your network may be, well, everything that's going on. At the very least you'll be able to track all connections from your internal hosts to hosts outside of your network, as well as all wireless traffic using the device.
Comments
Simon @ Thu Dec 04 18:52:52 -0500 2008
Thanks for the tip! I also set up fprobe on my OpenWRT-running router and feed my HTOP-running laptop, and it works great. HTOP isn't as real-time as I'd like (since it has a web-based interface that has to reload when it updates), but for larger networks it could prove very useful for diagnosing problems.
As a side note, my interface was called 'br-lan', but this probably depends on the version of the OpenWRT firmware and the router in question, since most documentation also calls it br0.
hardly @ Sat Sep 10 06:06:39 -0400 2011
Thanks for this info.
One thing though. How do I init scripts? (See what I did there?)
Also haha HTOP. That's ok. I am sometimes incapable of typing i's, favoring heavily instead the o key.