6 Phase 1 Netgear Router Setup
Jon Foster edited this page 1 year ago

Phase 1 - Netgear Router Setup Recipe

Ingredients:

  • 1x Netgear WiFi + router appliance
  • 1x Shibby Tomato firmware for the Netgear.
  • 1x USB HDD/SSD for the Netgear (optional, for backup)
  • Another Linux host (workstation, server, SBC, ...) running a SyslogD with remote access enabled.

Directions:

I’ve become a fan of the Netgear router line. If you buy the “open source” approved versions, Netgear actually encourages customizing the firmware or loading a completely different OS. They have a website for tinkerers to exchange tips and firmware loads @ MyOpenRouter.com. I fell in love With Shibby’s Tomato firmware because its packed with some seriously useful networking features, clean, compact, well thought out with some very simple but powerful add-ons for the Linux aware user. I can almost do everything with it I could do with a PC running Linux.

To get access to the necessary data from my Netgear I’m going to ask dnsmasq to log the DNS queries. I’m then going to add iptables rules to log brief information about connections being made. This is the same things I’d setup with a standard Linux computer. Lastly I will setup remote logging via syslogd from the Netgear to another Linux box with more resources. But I also setup logging to an attached hard drive as a backup. It could have also been a primary source of data by either sharing the disk or accessing it over SSH.

OK. The dnsmasq setup is accomplished in the “advanced | DHCP/DNS” settings of the Tomato control panel. The part that matters looks like this:
DNSmasq settings

I circled the section that I changed. The logging option is not directly supported by the GUI but since Tomato allows me to pass any valid dnsmasq config file settings I’m able to make the necessary settings. log-queries is what I need. But the highlighted, rem’d out section has some other settings that could be helpful. The big one is log-facility which would allow us to specify the locally attached HDD as a destination. But since I want the iptables data too and it gets logged to syslogd and I want to hand it off to another machine for processing I want all logs to go through syslogd. In this scenario the log-facility could still be used to change the “service name” and “level” see man 3 syslog on any Linux machine or on-line references for explanations of those.

NOTE: I noticed when I ssh’d to the router last, that the log-async option is enabled internally and not needed to be set here. This option is what it sounds like.

Tomato made the iptables part of the setup stupid-simple. Go to the “administration | logging” settings and everything I needed to change was right there:
Tomato SyslogD settings

Obviously you need to turn on logging to begin with, which is the log internally setting. Since I’ve chosen to put the local log on a USB attached HDD, instead of writing to the internal RAM disk, I increased the max size.... I set the custom log file... and log to remote... settings accordingly. The IP address and port need to point to a machine open to receive logs. After that I then set the connection logging settings to both. That’s probably self explanatory.

As far as the server receiving the syslog data: this can get complicated due to the number of different log daemons out there and the varying ways to configure them. Throw in the many different distributions and there is an impossible number of variables to address. You’ll have to check for guidance from your distribution. I use Devuan (a Debian derivative) with the inetutils-syslogd package. I may change the logger now that I’m doing something more extravagant with logging. I set the -r switch in the /etc/default/inetutils-syslogd config file and made sure the appropriate firewall hole is there to receive log lines from the Netgear router.