This page covers common configuration steps for DD-WRT deployments.
Use the same configuration file referenced in the setup guide for your installation.
DD-WRT is primarily configured through the web UI and persisted in NVRAM.
Typical access:
https://<router-lan-ip>/
CLI access (when enabled):
ssh root@<router-lan-ip>
- Interfaces, VLANs, and routing
- Firewall rules and NAT policies
- VPN and remote access settings
- Logging and monitoring options
Start with this minimal hardening baseline:
- Set LAN IP/subnet and DHCP range explicitly.
- Keep WAN as DHCP/static according to upstream design.
- Disable remote web management from WAN.
- Enable SPI firewall and default deny inbound WAN traffic.
- Enable DNSMasq for local DNS/DHCP consistency.
- Set NTP server and timezone correctly.
If managed via CLI/NVRAM:
nvram set router_name="ddwrt-gateway"
nvram set wan_proto="dhcp"
nvram set lan_ipaddr="192.168.10.1"
nvram set lan_netmask="255.255.255.0"
nvram set dnsmasq_enable="1"
nvram set remote_management="0"
nvram commit
reboot
- Limit admin UI/SSH access to trusted management VLANs only.
- Change default admin credentials immediately and use strong passphrases.
- Keep firewall defaults restrictive; add explicit allow rules per service.
- Validate NAT/port-forwarding rules against least-privilege policy.
- Back up configuration before firmware upgrades.
Apply or reload the configuration via the UI or CLI.
In UI-driven workflows, use Save then Apply Settings.
Test connectivity and firewall rules to confirm configuration is valid.
Validation checklist:
- LAN clients receive expected DHCP leases.
- WAN connectivity and DNS resolution are functional.
- Inbound WAN ports are closed unless explicitly forwarded.
- VPN (if configured) connects and routes as expected.
- Track firmware channel and upgrade windows carefully.
- Re-validate firewall and VPN after each upgrade.
- Export config backups regularly and store securely.
- Monitor system logs for auth failures and interface flaps.