Router - Tomato firmware

Bellzemos

New Member
Messages
37
Hello!

I have got and set a Linksys E1200v2 router with the latest Tomato (Shibby) v1.28 firmware and everything seems to work fine. My goal now is to get the maximum possible performance, stability and security from the router. Along with establishing an OpenVPN service on it - but I’ll get to that after I get to know the firmware better.

The folks at the Tomato forums aren’t particularly helpful so I’m asking you guys since most of the questions would apply to the routers in general. I have found and thoroughly read the Tomato Firmware Menu Reference which explained a lot of things and I’ve googled the remaining ones but I still have some questions (partially) unexplained so I am addressing you all in hope that you can help me.


WAN / Internet:
- MTU - When (in what case) should the MTU be changed? Can I benefit (in a usual home environment) by increasing or decreasing the MTU?

- Route Modem IP - Does that simply mean that the router's WAN IP address will be modem's LAN IP (eg. 192.168.1.1) instead of the IP address that the ISP provided (meaning modem's WAN)? Or is it something else?

LAN:
- Bridge, br0, STP - What is being bridged, what does br0 stand for? I don’t think I’m bridging anything on the router. Is STP the function that prevents the network from crumbling down in case of someone connecting an UTP cable in two switch ports and thus creating a loop? I don't think that's likely to happen at home, so should I enable or disable it (to get maximum performance)?

Ethernet Ports State - Configuration:
- Enable Ports State - What happens if I disable this, do I lose/disable the 4 port switch of the LAN or just the graphics (state) in the Tomato interface - or something else?

- Show Speed Info - Where is the speed info shown, at the ports graphic (WAN, LAN 1, 2, 3, 4)?

- Invert Ports Order - Meaning simply inverting from 1, 2, 3, 4 to 4, 3, 2, 1? I guess that would come in handy in case you don't want to manually change/switch the cables because the router is placed in a difficoult to reach location? Or is it something else?

Conntrack/Netfilter:
- Maximum connections - Is this about the maximum connections for P2P (torrents), if yes, what would be optimal for my internet speed (DL: 14 Mbps, UL: 2 Mbps)?

- Timeouts - TPC, UDP etc. - please explain a bit about the timeout functions.

- Tracking / NAT Helpers - What are those settings about? How do they help? Are they any security risks or performance inpacts? Do I have to have GRE/PPTP enabled for OpenVPN?

- TTL Adjust - What is this about?

DHCP/DNS:
- Internal DNS etc. - Is this a DNS caching feature that will improve internet surfing speed? Is the default check here enough or do I have to set things up (dnsmasq) - how?

Regarding DNS also - how do I properly set the DNS for best performance? Write in the DNS server addresses manually (port 53 too?) or let the router get the DNS from the ISP automatically?

Firewall:
- ICMP ping response - I have this disabled (no check) but I was able to ping the WAN IP address anyway when I tested it. How come?

- Enable SYN cookies - What is this?

- Enable DSCP Fix - What does that do exactly?

- NAT loopback, NAT target – Can this be a threat in any way if enabled?

- Multicast, IGMPproxy, Udpxy – In what case should I enable this?

Routing:
- Mode, Gateway vs Router - when used as a “home router”, meaning connecting ISP WAN to local LAN, it should always be set as a Gateway, right?

- RIPv1 & v2 - What is this?

- Efficient Multicast Forwarding – And what is this?

- DHCP Routes - And this?

Tor project? Is that the "TOR - Onion thing" for browsing the deep web and whatnot? I’m not really interested in that. But is there a way to set the ad blocking feature in the router though?

VLAN:
- VID Offset (First 802.1Q VLAN tag) - I know the basics of VLAN (to have separated LANs on the same physical switch). What is VID though, what does the VID offset do/mean?

- Wireless (Bridge eth1 to LAN-br0) - Does that simply mean that the Wireless clients will have IP addresses from the same subnet pool as the wired LAN clients?

LAN Access (src, dst)? What does this function do, what can be achieved here?

Virtual Wireless Interfaces? Is that like Wireless VLAN? VWLAN? Providing 2 or more separate WLAN subnets?

Wireless Settings:

- Beacon Interval - Can I improve performance with this?

- Bluetooth Coexistence - Will I lose performance by enabling this?

- Frame Burst - Will this really improve the speed?

- Overlapping BSS Coexistence - What’s that?

- RTS Threshold - Performance gain possibility?

- Transmission Rate - Does increasing this expand the WiFi signal area covered?

- WMM - it’s enabled by default, shouldn’t the ACK be enabled too?

- Wireless Multicast Forwarding - What does that do?

Port Forwarding:
- Triggered Port Forwarding - Does that mean that a port can be opened by an application and then closed again after I'm done using it?

- UPnP, NAT-PMP - I know a bit about UPnP, it's kind of like automatic port forwarding, right? What about the NAT-PMP?

QoS - I have read that QoS basically only helps in shaping the outgoing traffic and not the incoming. So, would enabling and setting up the QoS improve Skype performance at all? And so only the outbound or inbound too (what I see and hear)?

VPN Tunneling:
- OpenVPN Server - I want to learn about this because I will be setting an OpenVPN server on this router, that's why I got it in the first place. I've read about it and it seems complicated with all the certificate stuff but I'm determined to do it. Any help on this is much appreciated!

- OpenVPN Client - In what case could a router act as a VPN client, could you explain please?

Web Administration:
- Remote Access (HxxP vs HxxPS) - Locally (when the internet is on), is it safe to use the HTTP to access the interface? What would I need to be able to use HTTPS (localy and remotely)?

- SSH Daemon - I turned this off since I won’t be needing it, is that OK (more secure)?

- Telnet Daemon - I turned this off since I won’t be needing it, is that OK (more secure)?

- Allowed Remote IP Address - I should enter the allowed client's IP address from which I'll be accesing the Tomato interface through WAN, is that it?

- Allow web login as "root" - What does that mean exactly?

- Bandwidth Monitoring, IP Traffic Monitoring - Saving to RAM is safe and doesn’t degrade performance, right? Should I turn this off to increase performance?

- Debugging - Please explain a bit the features there. I guess that changing anything would not increase stability, performance or/and security?

- JFFS - Can this be used to somehow improve performance?

- NFS Server - What is this, what does it do?

- SNMP - And what is this, what does it do?

- Syslog - Is this creating the log I can check under the STATUS in the interface? Would disabling the log increase performance?

- Web Monitor - Would enabling it decrease the performance?

- Scheduler - I have set the router to reboot once a week, is that a good idea? In what case sould the function “reconnect” be used?

- Erase all data in NVRAM memory - Do I have to do this every time I update the firmware or not?

- Shutdown - When should this be used, what for? Is reboot not enough (in what case)?



PS: I have 3 additional questions:

1. My router's WAN LED is blinking all the time, even at night, when all the clients are disconnected. What does that mean, is there really so much traffic going on just between the ISP's DSL modem and router's WAN port? Is the router dropping unwanted packets from the internet (firewall), is that why it's blinking?

2. What does the "Announce IPv6 on LAN (SLAAC)" and the other IPv6 feature do? Can I disable that since I don't use IPv6, will I gain anything at all by disabling it (security and/or performance)?

3. Is this the most secure way one can set-up an OpenVPN server and client(s)? There’s the open way and then I think the password variant and this one (certificate secured):
Connect to Your Home Network From Anywhere with OpenVPN and Tomato
So is this the most secure way and the proper way to set a safe & secure OpenVPN connection?

THANK YOU IN ADVANCE, ANY BIT OF HELP IS MUCH APPRECIATED!!!
 

My Computer

System One

  • OS
    Windows 7
    Computer type
    Laptop
Anyone, please? If you'd only answer a couple of my questions or even just one I'd really appreciate it! :)
 

My Computer

System One

  • OS
    Windows 7
    Computer type
    Laptop
Hello again!

I helped myself with this tutorial (Connect to Your Home Network From Anywhere with OpenVPN and Tomato) and set up OpenVPN on my Tomato router. I tried it in VMware Player and it seemed like it's working.

Today I tried it on a friend's remote located PC (on another public IP, different ISP than mine). I have copied these files I pre-made to his computer: client.key, client.crt, ca.crt and client.ovpn.

OpenVPN says it's connected (green + locked) and the remote PC shows up in my router - but the remote PC still shows the original public IP when we go check it with a browser (and yes, I have disabled WebRTC and checked it too - that's not the problem).

When OpenVPN connects it says "Assiged IP: 192.168.1.101", I think there should be my router's WAN (public) IP? But instead it's router's internal LAN IP (from DHCP pool).

Why does OpenVPN say he's connected and his remote machine shows in my router and all but when he goes and checks his IP it's still his original public IP and ISP (and not mine). What are we doing wrong?

Please help, thank you!
 

My Computer

System One

  • OS
    Windows 7
    Computer type
    Laptop

My Computer

System One

  • OS
    Windows 8.1 Pro 64-bit
    Computer type
    Laptop
    System Manufacturer/Model
    Acer V3 771G-6443
    CPU
    i5-3230m
    Motherboard
    Acer VA70_HC (U3E1)
    Memory
    8GB DDR3 PC3-12800 (800 MHz)
    Graphics Card(s)
    HD4000 + GeForce GT 730M
    Sound Card
    Realtek High Definition Audio
    Monitor(s) Displays
    17" Generic PnP Display on Intel HD Graphics 4000
    Screen Resolution
    1600x900 pixels
    Hard Drives
    Samsung SSD 850 EVO 250 GB
    ADATA SSD SP900 128GB
    PSU
    90 watt brick
    Mouse
    Bluetooth
    Antivirus
    Comodo
    Other Info
    Asus RT-AC56R dual-band WRT router (Merlin firmware). Intel 7260.HMWWB.R dual-band ac wireless adapter.
Thank you for a reply, popeye, a real sunray in the dark. :) The link you provided unfortunatelly doesn't help me. If you can explain, please do.
 

My Computer

System One

  • OS
    Windows 7
    Computer type
    Laptop
SCRATCH EVERYTHING ABOVE THIS POST!







Hello again!

So I have installed Tomato firmware on my Linksys E1200v2 router. I have really narrowed down my questions regarding Tomato (Shibby) firmware features. Please help me with my questions.

0. Here’s one just as a warm-up.
smile.png
My router’s WAN LED is blinking even when all the clients are disconnected - does that mean that there’s simply so much unwanted traffic coming in from the internet and that router’s firewall is dropping all those unwanted packets?

Below I have written a couple of questions and stated a couple of features that I don’t understand and would love a brief explanation on. Thank you!

1. Advanced \ Conntrack/Netfilter:
- Tracking / NAT Helpers - FTP, GRE/PPTP, H.323, SIP, RTSP - ?
- TTL Adjust - ?
- Inbound Layer 7 - ?

2. DHCP/DNS:
- Announce IPv6 on LAN (SLAAC, DHCP) - ?
- Mute dhcpv4, dhcpv6, RA logging - ?
- By the way, why doesn’t Tomato’s DHCP service lease IP addresses in a numerical order but randomly instead?

3. Firewall:
- Enable DSCP Fix - ?
- NAT loopback, NAT target - ?
- Multicast (IGMPproxy, Udpxy) - ?

4. Routing:
- RIPv1 & v2 - ?
- Efficient Multicast Forwarding - ?
- DHCP Routes - ?

5. Wireless Settings:
- Bluetooth Coexistence - why is this not on by default, does it weaken the WiFi performance?
- Frame Burst - does that really work?

6. Port Forwarding:
- Triggered Port Forwarding - please explain a bit how it works.
- Enable UPnP, NAT-PMP - I have it all disabled even though I’m using Skype, OpenVPN etc. Is that alright?

7. QoS - Does QoS basically only help with shaping the outgoing traffic (and not the incoming), so, would enabling and setting up the QoS improve Skype performance at all?

8. Web Administration:
- Remote Access (HTTP vs HTTPS) - Locally, when the internet is on, is it safe to use the HTTP to access the interface? What would I need to set to be able to use HTTPS instead (locally and remotely) and not lock myself out?
- SSH Daemon - Can I use the SSH Daemon to connect to the router through PuTTy? I'd like to try that just so I can learn how to do it.
- Allowed Remote IP Address - This is for entering the allowed remote IP address that will be allowed to log into the router, right?
- Allow web login as "root" - ?
-Bandwidth and IP Traffic Monitoring - Should I turn it off, is it degrading the performance?
- JFFS - what can I gain with it?
- SNMP - what can I do with it?

Any help would be greatly appreciated!
smile.png
 

My Computer

System One

  • OS
    Windows 7
    Computer type
    Laptop
Back
Top