Router - Tomato firmware


  1. Bellzemos
    Posts : 183
    Windows 7 Ultimate x64 SP1
       New #1

    Router - Tomato firmware


    Hello!

    I have got and set a Linksys E1200v2 router with the latest Tomato (Shibby) v1.28 firmware and everything seems to work fine. My goal now is to get the maximum possible performance, stability and security from the router. Along with establishing an OpenVPN service on it - but I’ll get to that after I get to know the firmware better.

    The folks at the Tomato forums aren’t particularly helpful so I’m asking you guys since most of the questions would apply to the routers in general. I have found and thoroughly read the Tomato Firmware Menu Reference which explained a lot of things and I’ve googled the remaining ones but I still have some questions (partially) unexplained so I am addressing you all in hope that you can help me.


    WAN / Internet:
    - MTU - When (in what case) should the MTU be changed? Can I benefit (in a usual home environment) by increasing or decreasing the MTU?

    - Route Modem IP - Does that simply mean that the router's WAN IP address will be modem's LAN IP (eg. 192.168.1.1) instead of the IP address that the ISP provided (meaning modem's WAN)? Or is it something else?

    LAN:
    - Bridge, br0, STP - What is being bridged, what does br0 stand for? I don’t think I’m bridging anything on the router. Is STP the function that prevents the network from crumbling down in case of someone connecting an UTP cable in two switch ports and thus creating a loop? I don't think that's likely to happen at home, so should I enable or disable it (to get maximum performance)?

    Ethernet Ports State - Configuration:
    - Enable Ports State - What happens if I disable this, do I lose/disable the 4 port switch of the LAN or just the graphics (state) in the Tomato interface - or something else?

    - Show Speed Info - Where is the speed info shown, at the ports graphic (WAN, LAN 1, 2, 3, 4)?

    - Invert Ports Order - Meaning simply inverting from 1, 2, 3, 4 to 4, 3, 2, 1? I guess that would come in handy in case you don't want to manually change/switch the cables because the router is placed in a difficoult to reach location? Or is it something else?

    Conntrack/Netfilter:
    - Maximum connections - Is this about the maximum connections for P2P (torrents), if yes, what would be optimal for my internet speed (DL: 14 Mbps, UL: 2 Mbps)?

    - Timeouts - TPC, UDP etc. - please explain a bit about the timeout functions.

    - Tracking / NAT Helpers - What are those settings about? How do they help? Are they any security risks or performance inpacts? Do I have to have GRE/PPTP enabled for OpenVPN?

    - TTL Adjust - What is this about?

    DHCP/DNS:
    - Internal DNS etc. - Is this a DNS caching feature that will improve internet surfing speed? Is the default check here enough or do I have to set things up (dnsmasq) - how?

    Regarding DNS also - how do I properly set the DNS for best performance? Write in the DNS server addresses manually (port 53 too?) or let the router get the DNS from the ISP automatically?

    Firewall:
    - ICMP ping response - I have this disabled (no check) but I was able to ping the WAN IP address anyway when I tested it. How come?

    - Enable SYN cookies - What is this?

    - Enable DSCP Fix - What does that do exactly?

    - NAT loopback, NAT target – Can this be a threat in any way if enabled?

    - Multicast, IGMPproxy, Udpxy – In what case should I enable this?

    Routing:
    - Mode, Gateway vs Router - when used as a “home router”, meaning connecting ISP WAN to local LAN, it should always be set as a Gateway, right?

    - RIPv1 & v2 - What is this?

    - Efficient Multicast Forwarding – And what is this?

    - DHCP Routes - And this?

    Tor project? Is that the "TOR - Onion thing" for browsing the deep web and whatnot? I’m not really interested in that. But is there a way to set the ad blocking feature in the router though?

    VLAN:
    - VID Offset (First 802.1Q VLAN tag) - I know the basics of VLAN (to have separated LANs on the same physical switch). What is VID though, what does the VID offset do/mean?

    - Wireless (Bridge eth1 to LAN-br0) - Does that simply mean that the Wireless clients will have IP addresses from the same subnet pool as the wired LAN clients?

    LAN Access (src, dst)? What does this function do, what can be achieved here?

    Virtual Wireless Interfaces? Is that like Wireless VLAN? VWLAN? Providing 2 or more separate WLAN subnets?

    Wireless Settings:

    - Beacon Interval - Can I improve performance with this?

    - Bluetooth Coexistence - Will I lose performance by enabling this?

    - Frame Burst - Will this really improve the speed?

    - Overlapping BSS Coexistence - What’s that?

    - RTS Threshold - Performance gain possibility?

    - Transmission Rate - Does increasing this expand the WiFi signal area covered?

    - WMM - it’s enabled by default, shouldn’t the ACK be enabled too?

    - Wireless Multicast Forwarding - What does that do?

    Port Forwarding:
    - Triggered Port Forwarding - Does that mean that a port can be opened by an application and then closed again after I'm done using it?

    - UPnP, NAT-PMP - I know a bit about UPnP, it's kind of like automatic port forwarding, right? What about the NAT-PMP?

    QoS - I have read that QoS basically only helps in shaping the outgoing traffic and not the incoming. So, would enabling and setting up the QoS improve Skype performance at all? And so only the outbound or inbound too (what I see and hear)?

    VPN Tunneling:
    - OpenVPN Server - I want to learn about this because I will be setting an OpenVPN server on this router, that's why I got it in the first place. I've read about it and it seems complicated with all the certificate stuff but I'm determined to do it. Any help on this is much appreciated!

    - OpenVPN Client - In what case could a router act as a VPN client, could you explain please?

    Web Administration:
    - Remote Access (HxxP vs HxxPS) - Locally (when the internet is on), is it safe to use the HTTP to access the interface? What would I need to be able to use HTTPS (localy and remotely)?

    - SSH Daemon - I turned this off since I won’t be needing it, is that OK (more secure)?

    - Telnet Daemon - I turned this off since I won’t be needing it, is that OK (more secure)?

    - Allowed Remote IP Address - I should enter the allowed client's IP address from which I'll be accesing the Tomato interface through WAN, is that it?

    - Allow web login as "root" - What does that mean exactly?

    - Bandwidth Monitoring, IP Traffic Monitoring - Saving to RAM is safe and doesn’t degrade performance, right? Should I turn this off to increase performance?

    - Debugging - Please explain a bit the features there. I guess that changing anything would not increase stability, performance or/and security?

    - JFFS - Can this be used to somehow improve performance?

    - NFS Server - What is this, what does it do?

    - SNMP - And what is this, what does it do?

    - Syslog - Is this creating the log I can check under the STATUS in the interface? Would disabling the log increase performance?

    - Web Monitor - Would enabling it decrease the performance?

    - Scheduler - I have set the router to reboot once a week, is that a good idea? In what case sould the function “reconnect” be used?

    - Erase all data in NVRAM memory - Do I have to do this every time I update the firmware or not?

    - Shutdown - When should this be used, what for? Is reboot not enough (in what case)?



    PS: I have 3 additional questions:

    1. My router's WAN LED is blinking all the time, even at night, when all the clients are disconnected. What does that mean, is there really so much traffic going on just between the ISP's DSL modem and router's WAN port? Is the router dropping unwanted packets from the internet (firewall), is that why it's blinking?

    2. What does the "Announce IPv6 on LAN (SLAAC)" and the other IPv6 feature do? Can I disable that since I don't use IPv6, will I gain anything at all by disabling it (security and/or performance)?

    3. Is this the most secure way one can set-up an OpenVPN server and client(s)? There’s the open way and then I think the password variant and this one (certificate secured):
    Connect to Your Home Network From Anywhere with OpenVPN and Tomato
    So is this the most secure way and the proper way to set a safe & secure OpenVPN connection?

    THANK YOU IN ADVANCE, ANY BIT OF HELP IS MUCH APPRECIATED!!!
      My Computer
    Quote Quote

  3. Bellzemos
    Posts : 183
    Windows 7 Ultimate x64 SP1
    Thread Starter
       New #2

    Anyone, please? If you'd only answer a couple of my questions or even just one I'd really appreciate it! :)
      My Computer
    Quote Quote

  4. Bellzemos
    Posts : 183
    Windows 7 Ultimate x64 SP1
    Thread Starter
       New #3

    Hello again!

    I helped myself with this tutorial (Connect to Your Home Network From Anywhere with OpenVPN and Tomato) and set up OpenVPN on my Tomato router. I tried it in VMware Player and it seemed like it's working.

    Today I tried it on a friend's remote located PC (on another public IP, different ISP than mine). I have copied these files I pre-made to his computer: client.key, client.crt, ca.crt and client.ovpn.

    OpenVPN says it's connected (green + locked) and the remote PC shows up in my router - but the remote PC still shows the original public IP when we go check it with a browser (and yes, I have disabled WebRTC and checked it too - that's not the problem).

    When OpenVPN connects it says "Assiged IP: 192.168.1.101", I think there should be my router's WAN (public) IP? But instead it's router's internal LAN IP (from DHCP pool).

    Why does OpenVPN say he's connected and his remote machine shows in my router and all but when he goes and checks his IP it's still his original public IP and ISP (and not mine). What are we doing wrong?

    Please help, thank you!
      My Computer
    Quote Quote

  6. Bellzemos
    Posts : 183
    Windows 7 Ultimate x64 SP1
    Thread Starter
       New #4

    SCRATCH EVERYTHING ABOVE THIS POST!







    Hello again!

    So I have installed Tomato firmware on my Linksys E1200v2 router. I have really narrowed down my questions regarding Tomato (Shibby) firmware features. Please help me with my questions.

    0. Here’s one just as a warm-up. My router’s WAN LED is blinking even when all the clients are disconnected - does that mean that there’s simply so much unwanted traffic coming in from the internet and that router’s firewall is dropping all those unwanted packets?

    Below I have written a couple of questions and stated a couple of features that I don’t understand and would love a brief explanation on. Thank you!

    1. Advanced \ Conntrack/Netfilter:
    - Tracking / NAT Helpers - FTP, GRE/PPTP, H.323, SIP, RTSP - ?
    - TTL Adjust - ?
    - Inbound Layer 7 - ?

    2. DHCP/DNS:
    - Announce IPv6 on LAN (SLAAC, DHCP) - ?
    - Mute dhcpv4, dhcpv6, RA logging - ?
    - By the way, why doesn’t Tomato’s DHCP service lease IP addresses in a numerical order but randomly instead?

    3. Firewall:
    - Enable DSCP Fix - ?
    - NAT loopback, NAT target - ?
    - Multicast (IGMPproxy, Udpxy) - ?

    4. Routing:
    - RIPv1 & v2 - ?
    - Efficient Multicast Forwarding - ?
    - DHCP Routes - ?

    5. Wireless Settings:
    - Bluetooth Coexistence - why is this not on by default, does it weaken the WiFi performance?
    - Frame Burst - does that really work?

    6. Port Forwarding:
    - Triggered Port Forwarding - please explain a bit how it works.
    - Enable UPnP, NAT-PMP - I have it all disabled even though I’m using Skype, OpenVPN etc. Is that alright?

    7. QoS - Does QoS basically only help with shaping the outgoing traffic (and not the incoming), so, would enabling and setting up the QoS improve Skype performance at all?

    8. Web Administration:
    - Remote Access (HTTP vs HTTPS) - Locally, when the internet is on, is it safe to use the HTTP to access the interface? What would I need to set to be able to use HTTPS instead (locally and remotely) and not lock myself out?
    - SSH Daemon - Can I use the SSH Daemon to connect to the router through PuTTy? I'd like to try that just so I can learn how to do it.
    - Allowed Remote IP Address - This is for entering the allowed remote IP address that will be allowed to log into the router, right?
    - Allow web login as "root" - ?
    -Bandwidth and IP Traffic Monitoring - Should I turn it off, is it degrading the performance?
    - JFFS - what can I gain with it?
    - SNMP - what can I do with it?

    Any help would be greatly appreciated!
      My Computer
    Quote Quote

  7. Bellzemos
    Posts : 183
    Windows 7 Ultimate x64 SP1
    Thread Starter
       New #5

    Anyone, please? :)
      My Computer
    Quote Quote

 

  Related Discussions
Brand : Motorola Model : Surfboard SBG6580 I've had a problem with my internet dissconnecting a lot when I play online games, and sometimes when surfing the internet. I'm just trying everything to fix this, so I'm trying to upgrade the firmware of my router.
Router Firmware
in Network & Sharing

I was wondering your opinions on router firmware. My router is a Linksys WRT160Nv3. I purchased a Roku player and started streaming my video to my tv. The router was terrible, and would not go into wireless N mode. Well it would, but my roku, laptop, and phone would not connect to it. I looked...
Router Firmware Question
in Network & Sharing

Hi, I have a Dlink DSL-2640R Router which i have had for about 3 years but have not updated the firmware on it in that time. is this necessary and important to do. if it is how do i do it ? Your help and advice will be most appreciated.
i finally hae my comp back up and running.i need to know if there is a way to configure tomato on my router so it gets the best performance. is there a tut somewhere or a pdf? i hear it is really good but i hae no knowledge of using it, could someone p[oint me in the right direction please?
Router Firmware updating
in Network & Sharing

I am having a problem with downloading my linksys router firmware update. (BEFSR41 Router) The file download is downloaded to File Name BEFSR41v3_3_V.05.00 Code.bin It download ok but it displays VLC Player icon and want to open in VLC Player format and will not open can't figure what...
Our Sites
Site Links
About Us
Windows 7 Forums is an independent web site and has not been authorized, sponsored, or otherwise approved by Microsoft Corporation. "Windows 7" and related materials are trademarks of Microsoft Corp.

 © Designer Media Ltd
All times are GMT -5. The time now is 20:30.
Find Us