Media Player (Dvico 3100) + Netgear WGT634U = Cheap Wifi Media Player

admin — Thu, 05 Apr 2007 21:10:58 +0000

This year, for my birthday I have a very nice Media Player M3100. This stuff is really usefull, no need to use a noisy computer to watch recorded Divx. It’s pretty kool to watch films from beds you know..

The only issue: I need to take it back to my computer when I want to upload a new film, that’s it .. When I first received this gift, I went back to the shop to exchange it against a networked one. But 1) they cost a lot more money, 2) not available at the shop. (even if it’s a really big one).

Last week, somebody sent me a mail. He found some cheap wireless access point with a USB port: Netgear WGT634U. (50Euro) Hum, ok let’s give it a try. First test, plug a Media Player to this USB port… ok It’s working fine. But you know, I don’t have a network cable near my bed, so I decided to transform the Access Point in a Wireless client. By this way, I can simply plug the Media Player on the WGT634U and remotely put some Divx via FTP, without any wire.

Step 1 / Install OpenWRT

The default firmware on the WGT634 doesn’t support wireless client mode (It’s a AP). So I switched it to OpenWRT Kamikaze. I build the firmware from source, but the kamikaze snapshot shoud work too. I followed the OpenWRT guide step by step with a external serial plug. You can find the complete howto for the serial connection here

# hit Ctrl-C on the bootloader
CFE> ifconfig eth0 -auto
CFE> flash -noheader tftp_host:openwrt-wgt634u.bin flash0.os
CFE> reboot

The first boot is a bit long, but all is fine…

Step 2 / Install tools

Here the short list of needed tools:

kmod-usb2
kmod-usb-storage
kmod-vfat
kmod-nls-base, kmod-nls-cp437, kmod-nls-iso8859-1
pure-ftpd

with a simple ipkg install via the serial console

Step 3 / Configure OpenWRT in wireless client

This is really simple in kamikaze, only change some files:

The wireless config file need to be tweaked, as I want it to join my MyDummySSID network

/etc/config/wireless

config wifi-iface
option device   wifi0
option network  lan
option mode     sta
option ssid     MyDummySSID
option hidden   0
option encryption none

Let’s go for the network config: MyDummySSID Access Point is 192.168.3.0/24, gateway in 3.1 and local DNS server is 1.254

/etc/config/network

#### LAN configuration
config interface lan
option type     bridge
option ifname   "eth0.0"
option proto    'static'
option ipaddr   '192.168.3.2'
option netmask  '255.255.255.0'
option gateway  '192.168.3.1'
option dns      '192.168.1.254'

First test: ifdown wan (switch off network) / ifdown br-lan / ifup br-lan

Step 4 / Firewall

Ok that’s fine, but I want to restrict the access to my local network only.. so I need to hack the firewall a little to avoid remote access from other wireless clients (my wireless network is open you know..). Simply linked this little script in /etc/rc.d/

/opt/ftp-firewall

#!/bin/sh

# clear all firewall rules
for T in filter nat mangle ; do
iptables -t $T -F
iptables -t $T -X
done

# drop incomming packet
iptables -P FORWARD ACCEPT
iptables -P OUTPUT  ACCEPT
iptables -P INPUT   DROP

# accept traffic on localhost
iptables -A INPUT -p tcp -i lo -j ACCEPT
iptables -A INPUT -p udp -i lo -j ACCEPT

# accept ftp only from my home network
iptables -A INPUT -s 192.168.1.0/24 -p tcp -i br-lan --dport 21 -j ACCEPT

# accept incoming http / ssh
iptables -A INPUT -p tcp --dport 80 -j ACCEPT
iptables -A INPUT -p tcp --dport 22 -j ACCEPT

# finaly accept already open Cnx
iptables -A INPUT -m state --state ESTABLISHED,RELATED -j ACCEPT

Step 5 / Misc

After some tests, I discover that I need a way to know if the WGT634U managed to join the wireless network or no. So I added this little script, that check for the wireless BSSID, and turn the power led in yellow if something goes wrong .. this is really usefull in fact.

/opt/led-daemon

#!/bin/sh

while true
do
{
STATE=$(iwconfig ath0 |grep  00:13:13:53:DA:D1 | wc -l)
[ $STATE -eq 1 ] && echo 0 > /proc/diag/led/power
[ $STATE -eq 0 ] && echo 1 > /proc/diag/led/power
sleep 20
}
done

Foo

Step 6 / Finally

Here the result:

The finished product (grrr) works really fine and managed to achieve something like 850Ko/sec, I mean full speed ;) (11Mbs network) I need to remove the serial port right now, and close the box..

Important update

I read on Engadget that I use this to stream video to my TV, (like the Apple TV do), but this is absolutely wrong. This media player has a 320Go hard-drive. Why would stream film on this ? I just put it on that’s it :)

This is really amazing how people doesn’t read the article to see what I’ve done. It’s not the first time this happen in fact.

Here in France, most advanded users have some network TV from a long time, and this little boxes can play network stream (like the Apple TV) for a long time now. Beside you don’t pay for this service (rent for the boxes are included in DSL bill), the only issue is that you must have another computer to stream.

I guess nobody here (in France) would by a Apple TV, since we already have this kind of products for free for a long time. Look at a Freebox for example.

It’s time to watch a film :)

Packet filtering w/ Python and Linux

admin — Mon, 01 Nov 2004 14:32:34 +0000

While looking for a fun way to filter my WIFI traffic, I decided to look at userland firewall API in Python. I found: ipqueue.

I haven’t really wrote a full featured app with it, but here the first things to make it work.

# load the kernel queue module
modprobe ip_queue
# all outgoing ping will pass throught the queue
iptables -A OUTPUT -p icmp -j QUEUE

Now here a little script that act as the queue

import ipqueue

q = ipqueue.IPQ(ipqueue.IPQ_COPY_PACKET)

while 1:
p = q.read()
pID = p[ipqueue.PACKET_ID]

print pID
# accept the packet
q.set_verdict(pID,ipqueue.NF_ACCEPT)

Next step, simply run this script with the root privilege, and you will see outgoing ping print on the stdout.

Additionnal note: ipqueue only works on python2.2 right now, I hope Neale will fix that soon. Anyway this is really a nice piece of code thanks guy!

Jkx@home » firewall