Windows 8 and 8.1 Forums

Router - Tomato firmware

  1. #1

    Posts : 37
    Windows 7

    Router - Tomato firmware


    I have got and set a Linksys E1200v2 router with the latest Tomato (Shibby) v1.28 firmware and everything seems to work fine. My goal now is to get the maximum possible performance, stability and security from the router. Along with establishing an OpenVPN service on it - but I’ll get to that after I get to know the firmware better.

    The folks at the Tomato forums aren’t particularly helpful so I’m asking you guys since most of the questions would apply to the routers in general. I have found and thoroughly read the Tomato Firmware Menu Reference which explained a lot of things and I’ve googled the remaining ones but I still have some questions (partially) unexplained so I am addressing you all in hope that you can help me.

    WAN / Internet:
    - MTU - When (in what case) should the MTU be changed? Can I benefit (in a usual home environment) by increasing or decreasing the MTU?

    - Route Modem IP - Does that simply mean that the router's WAN IP address will be modem's LAN IP (eg. instead of the IP address that the ISP provided (meaning modem's WAN)? Or is it something else?

    - Bridge, br0, STP - What is being bridged, what does br0 stand for? I don’t think I’m bridging anything on the router. Is STP the function that prevents the network from crumbling down in case of someone connecting an UTP cable in two switch ports and thus creating a loop? I don't think that's likely to happen at home, so should I enable or disable it (to get maximum performance)?

    Ethernet Ports State - Configuration:
    - Enable Ports State - What happens if I disable this, do I lose/disable the 4 port switch of the LAN or just the graphics (state) in the Tomato interface - or something else?

    - Show Speed Info - Where is the speed info shown, at the ports graphic (WAN, LAN 1, 2, 3, 4)?

    - Invert Ports Order - Meaning simply inverting from 1, 2, 3, 4 to 4, 3, 2, 1? I guess that would come in handy in case you don't want to manually change/switch the cables because the router is placed in a difficoult to reach location? Or is it something else?

    - Maximum connections - Is this about the maximum connections for P2P (torrents), if yes, what would be optimal for my internet speed (DL: 14 Mbps, UL: 2 Mbps)?

    - Timeouts - TPC, UDP etc. - please explain a bit about the timeout functions.

    - Tracking / NAT Helpers - What are those settings about? How do they help? Are they any security risks or performance inpacts? Do I have to have GRE/PPTP enabled for OpenVPN?

    - TTL Adjust - What is this about?

    - Internal DNS etc. - Is this a DNS caching feature that will improve internet surfing speed? Is the default check here enough or do I have to set things up (dnsmasq) - how?

    Regarding DNS also - how do I properly set the DNS for best performance? Write in the DNS server addresses manually (port 53 too?) or let the router get the DNS from the ISP automatically?

    - ICMP ping response - I have this disabled (no check) but I was able to ping the WAN IP address anyway when I tested it. How come?

    - Enable SYN cookies - What is this?

    - Enable DSCP Fix - What does that do exactly?

    - NAT loopback, NAT target – Can this be a threat in any way if enabled?

    - Multicast, IGMPproxy, Udpxy – In what case should I enable this?

    - Mode, Gateway vs Router - when used as a “home router”, meaning connecting ISP WAN to local LAN, it should always be set as a Gateway, right?

    - RIPv1 & v2 - What is this?

    - Efficient Multicast Forwarding – And what is this?

    - DHCP Routes - And this?

    Tor project? Is that the "TOR - Onion thing" for browsing the deep web and whatnot? I’m not really interested in that. But is there a way to set the ad blocking feature in the router though?

    - VID Offset (First 802.1Q VLAN tag) - I know the basics of VLAN (to have separated LANs on the same physical switch). What is VID though, what does the VID offset do/mean?

    - Wireless (Bridge eth1 to LAN-br0) - Does that simply mean that the Wireless clients will have IP addresses from the same subnet pool as the wired LAN clients?

    LAN Access (src, dst)? What does this function do, what can be achieved here?

    Virtual Wireless Interfaces? Is that like Wireless VLAN? VWLAN? Providing 2 or more separate WLAN subnets?

    Wireless Settings:

    - Beacon Interval - Can I improve performance with this?

    - Bluetooth Coexistence - Will I lose performance by enabling this?

    - Frame Burst - Will this really improve the speed?

    - Overlapping BSS Coexistence - What’s that?

    - RTS Threshold - Performance gain possibility?

    - Transmission Rate - Does increasing this expand the WiFi signal area covered?

    - WMM - it’s enabled by default, shouldn’t the ACK be enabled too?

    - Wireless Multicast Forwarding - What does that do?

    Port Forwarding:
    - Triggered Port Forwarding - Does that mean that a port can be opened by an application and then closed again after I'm done using it?

    - UPnP, NAT-PMP - I know a bit about UPnP, it's kind of like automatic port forwarding, right? What about the NAT-PMP?

    QoS - I have read that QoS basically only helps in shaping the outgoing traffic and not the incoming. So, would enabling and setting up the QoS improve Skype performance at all? And so only the outbound or inbound too (what I see and hear)?

    VPN Tunneling:
    - OpenVPN Server - I want to learn about this because I will be setting an OpenVPN server on this router, that's why I got it in the first place. I've read about it and it seems complicated with all the certificate stuff but I'm determined to do it. Any help on this is much appreciated!

    - OpenVPN Client - In what case could a router act as a VPN client, could you explain please?

    Web Administration:
    - Remote Access (HxxP vs HxxPS) - Locally (when the internet is on), is it safe to use the HTTP to access the interface? What would I need to be able to use HTTPS (localy and remotely)?

    - SSH Daemon - I turned this off since I won’t be needing it, is that OK (more secure)?

    - Telnet Daemon - I turned this off since I won’t be needing it, is that OK (more secure)?

    - Allowed Remote IP Address - I should enter the allowed client's IP address from which I'll be accesing the Tomato interface through WAN, is that it?

    - Allow web login as "root" - What does that mean exactly?

    - Bandwidth Monitoring, IP Traffic Monitoring - Saving to RAM is safe and doesn’t degrade performance, right? Should I turn this off to increase performance?

    - Debugging - Please explain a bit the features there. I guess that changing anything would not increase stability, performance or/and security?

    - JFFS - Can this be used to somehow improve performance?

    - NFS Server - What is this, what does it do?

    - SNMP - And what is this, what does it do?

    - Syslog - Is this creating the log I can check under the STATUS in the interface? Would disabling the log increase performance?

    - Web Monitor - Would enabling it decrease the performance?

    - Scheduler - I have set the router to reboot once a week, is that a good idea? In what case sould the function “reconnect” be used?

    - Erase all data in NVRAM memory - Do I have to do this every time I update the firmware or not?

    - Shutdown - When should this be used, what for? Is reboot not enough (in what case)?

    PS: I have 3 additional questions:

    1. My router's WAN LED is blinking all the time, even at night, when all the clients are disconnected. What does that mean, is there really so much traffic going on just between the ISP's DSL modem and router's WAN port? Is the router dropping unwanted packets from the internet (firewall), is that why it's blinking?

    2. What does the "Announce IPv6 on LAN (SLAAC)" and the other IPv6 feature do? Can I disable that since I don't use IPv6, will I gain anything at all by disabling it (security and/or performance)?

    3. Is this the most secure way one can set-up an OpenVPN server and client(s)? There’s the open way and then I think the password variant and this one (certificate secured):
    Connect to Your Home Network From Anywhere with OpenVPN and Tomato
    So is this the most secure way and the proper way to set a safe & secure OpenVPN connection?


      My System SpecsSystem Spec

  2. #2

    Posts : 37
    Windows 7

    Anyone, please? If you'd only answer a couple of my questions or even just one I'd really appreciate it!
      My System SpecsSystem Spec

  3. #3

    Posts : 37
    Windows 7

    Hello again!

    I helped myself with this tutorial (Connect to Your Home Network From Anywhere with OpenVPN and Tomato) and set up OpenVPN on my Tomato router. I tried it in VMware Player and it seemed like it's working.

    Today I tried it on a friend's remote located PC (on another public IP, different ISP than mine). I have copied these files I pre-made to his computer: client.key, client.crt, ca.crt and client.ovpn.

    OpenVPN says it's connected (green + locked) and the remote PC shows up in my router - but the remote PC still shows the original public IP when we go check it with a browser (and yes, I have disabled WebRTC and checked it too - that's not the problem).

    When OpenVPN connects it says "Assiged IP:", I think there should be my router's WAN (public) IP? But instead it's router's internal LAN IP (from DHCP pool).

    Why does OpenVPN say he's connected and his remote machine shows in my router and all but when he goes and checks his IP it's still his original public IP and ISP (and not mine). What are we doing wrong?

    Please help, thank you!
      My System SpecsSystem Spec

  4. #4

    United States
    Posts : 3,093
    Windows 8.1 Pro 64-bit

    Sorry nobody answered your original post. I was going to but there are so many settings that are unique to each person's setup. Maybe this will answer your VPN addressing question: Why does my IP address not change when connected to VPN? - VPN - Networking
      My System SpecsSystem Spec

  5. #5

    Posts : 37
    Windows 7

    Thank you for a reply, popeye, a real sunray in the dark. The link you provided unfortunatelly doesn't help me. If you can explain, please do.
      My System SpecsSystem Spec

  6. #6

    Posts : 37
    Windows 7


    Hello again!

    So I have installed Tomato firmware on my Linksys E1200v2 router. I have really narrowed down my questions regarding Tomato (Shibby) firmware features. Please help me with my questions.

    0. Here’s one just as a warm-up. My router’s WAN LED is blinking even when all the clients are disconnected - does that mean that there’s simply so much unwanted traffic coming in from the internet and that router’s firewall is dropping all those unwanted packets?

    Below I have written a couple of questions and stated a couple of features that I don’t understand and would love a brief explanation on. Thank you!

    1. Advanced \ Conntrack/Netfilter:
    - Tracking / NAT Helpers - FTP, GRE/PPTP, H.323, SIP, RTSP - ?
    - TTL Adjust - ?
    - Inbound Layer 7 - ?

    2. DHCP/DNS:
    - Announce IPv6 on LAN (SLAAC, DHCP) - ?
    - Mute dhcpv4, dhcpv6, RA logging - ?
    - By the way, why doesn’t Tomato’s DHCP service lease IP addresses in a numerical order but randomly instead?

    3. Firewall:
    - Enable DSCP Fix - ?
    - NAT loopback, NAT target - ?
    - Multicast (IGMPproxy, Udpxy) - ?

    4. Routing:
    - RIPv1 & v2 - ?
    - Efficient Multicast Forwarding - ?
    - DHCP Routes - ?

    5. Wireless Settings:
    - Bluetooth Coexistence - why is this not on by default, does it weaken the WiFi performance?
    - Frame Burst - does that really work?

    6. Port Forwarding:
    - Triggered Port Forwarding - please explain a bit how it works.
    - Enable UPnP, NAT-PMP - I have it all disabled even though I’m using Skype, OpenVPN etc. Is that alright?

    7. QoS - Does QoS basically only help with shaping the outgoing traffic (and not the incoming), so, would enabling and setting up the QoS improve Skype performance at all?

    8. Web Administration:
    - Remote Access (HTTP vs HTTPS) - Locally, when the internet is on, is it safe to use the HTTP to access the interface? What would I need to set to be able to use HTTPS instead (locally and remotely) and not lock myself out?
    - SSH Daemon - Can I use the SSH Daemon to connect to the router through PuTTy? I'd like to try that just so I can learn how to do it.
    - Allowed Remote IP Address - This is for entering the allowed remote IP address that will be allowed to log into the router, right?
    - Allow web login as "root" - ?
    -Bandwidth and IP Traffic Monitoring - Should I turn it off, is it degrading the performance?
    - JFFS - what can I gain with it?
    - SNMP - what can I do with it?

    Any help would be greatly appreciated!
      My System SpecsSystem Spec

  7. #7

    Posts : 37
    Windows 7

    Anyone, please?
      My System SpecsSystem Spec

Router - Tomato firmware

Similar Threads
Thread Forum
How to get a static ip on a router connected to a router?
I have a linksys WRT54G router connected to a beetel 110TC2 modem. I want to get a static ip address for port forwarding. Can anybody tell me how to get a static ip and how to do port forwarding?
Network & Sharing
Router firmware
I was wondering your opinions on router firmware. My router is a Linksys WRT160Nv3. I purchased a Roku player and started streaming my video to my tv. The router was terrible, and would not go into wireless N mode. Well it would, but my roku, laptop, and phone would not connect to it. I looked...
Network & Sharing
Router's QoS ignored by access point router
Hi, I am sharing my internet connection with my roommates, but lately they have been using P2P to download stuff which uses almost all the internet speed available. I have set up QoS to limit their bandwidth in the main Asus wifi router which directly connects to the modem, it works great for a few...
Network & Sharing
Need help bridging Wireless router to another router.
I have been working on this for hours. Any help is appreciated. So anyways, I am attempting to WIRELESSLYct my old belkin router with my cisco router upstairs. I cannot just connect an ethernet cable from my pc to the belkin upstairs, because its too long and my house is designed in a way its not...
Network & Sharing
Mutant Tomato !
This specimen popped up in my garden. I'll save it for the seeds & see what grows next year. :) 29168 29169 29170 29171
Chillout Room
E173 Firmware Rollback?
Hey guys, I recently updated the firmware of my E173 dongle. Before, I was reaching speeds of up to 11Mbs :D, but now I am not even reaching 6Mbs :mad:. Is it possible that the update may have something to do with this? And if so, can I roll back to the firmware version before? The current firmware...
Network & Sharing
UEFI firmware associated with Windows 8
I bought a Lenovo It has an UEFI firmware associated with Windows 8 OS protecting it by secure Boot feature. When i boot in recovery mode i could see an option saying about UEFI software/hardware. I used GParted and deleted ALL its partitions. I installed 8 again with my partitonign. No UEFI...
Installation & Setup

Eight Forums Android App Eight Forums IOS App Follow us on Facebook