Talk:Tomato Firmware

Backdoor / Trojan?
Why when I turn on the DMZ to any particular address (in this example, 222) do the following ports become open from that address, which does not have a computer on it? (The port is turned on but the computer is non-existant)? UDP 192.168.2.222 22379 cpe-76-87-90-7.socal.res.rr.com (76.87.90.7) 40769 Low

UDP 192.168.2.222 22379 207-255-157-142-dhcp.clf.pa.atlanticbb.net (207.255.157.142) 30524 Low

UDP 192.168.2.222 22379 adsl-160-102-220.asm.bellsouth.net (74.160.102.220) 52276 Low

UDP 192.168.2.222 22379 71.239.42.130 (71.239.42.130) 61774 Low Is this a backdoor, a hack, or trojan?

Other Questions
Why is there no section on "wireless"? There are a lot of confusing settings in Tomato, such as Afterburn, Ap Isolater, etc. What do these mean?

Same thing with "routing". Not all of us are network engineers, so at least a pointer to some helpful information elsewhere would be handy.

Once more, a missing bit of information. Under "Static DHCP", in the router it has a field for a "hostname". What exactly does this do?

For the WRT54G there is an entry for version "TM". What does this mean? Is there literally a "Version TM" or does it mean something else?

edit: I agree, the old wikibooks entry was MUCH more helpful than the current one. Adding current version is great and all but the old one that explained the features of Tomato in depth was way more helpful. I'm a wiki newbie and so can't dig up the old version but if anyone could consider bringing back the old and add the current version in a new section that'd be great. 75.82.42.70 (talk) 02:49, 29 November 2009 (UTC)

Logging externally
What does Tomato do if it cannot log externally (say, the computer is down?).

Is there a way to block keywords?

AP Isolation
I just googled this term -- AP Isolation -- and learned a bit about it. Perhaps someone can squeeze actual information out of what I read and add it to the page somewhere relevant (perhaps under Advanced -> Wireless). Basically, it sounds like a way of preventing one wireless client from talking to another through the router. Helpful if your router is hosting a public hotspot and you don't want people hacking each other's wireless laptops. These references are in forums, but perhaps someone can find better ones:

http://www.wirelessforums.org/alt-internet-wireless/client-isolation-ap-isolation-how-does-work-774.html

http://forums.linksys.com/linksys/board/message?board.id=Wireless_Routers&message.id=12693


 * Does this have anything to do with virtual access points? I want to set up an encrypted access point for myself that connects to other machines on the LAN, but an unencrypted connection for other people that just connects to the web.

Advanced Wireless settings
I just did some research and completed this section, which should be a big help. Anyone who knows any better, feel free to make corrections. --MikeSayers 18:36, 7 July 2007 (UTC)


 * I don't think the description of the Distance / ACK Timing is accurate. I don't think it can be used to actually prevent people at long distances connecting - it's just used for helping throughput for long distance links. I'm not really sure enough of my own knowledge to update the article though. Here's some information I found: http://nuke.freenet-antennas.com/modules.php?name=News&file=article&sid=22 --195.212.29.67 10:33, 25 July 2007 (UTC)

WHR-G125
http://my.opera.com/georgewu/blog/tomato-125

There's now a build that runs on the WHR-G125.

Routing
"Miscellaneous - Mode: Gateway vs. Router. I haven't a clue what this does. IMO Gateway = Router."

In Router mode the LAN addresses are passed onto, and advertised on the WAN side via RIP, but in Gateway mode, the local addresses are NAT'd, and not advertised via RIP.

Thus, in Router mode, if the LAN is 192.168.1.1/24, and the WAN side is, say, 192.168.2.0/24, any attempt to connect to 192.168.1.3 from 192.168.2.60 will be passed through in router mode, but will be rejected as unroutable in the gateway mode, and all packets from 192.168.1.3 will be NAT'd to appear to be from the router's WAN port address.

QoS
What do the two percentages mean, for each of the Quality of Service classes?


 * See the new Installation and Configuration subchapter on QoS Basic Settings

Are the theories from rcordorica and bengali on the linksys forums correct?


 * No. Several are based on blind speculation.

Is the first number the "guaranteed minimum" (so long as these guarantees don't add up to > 100%) for each class? Is the second the maximum permitted bandwidth for that class?


 * Yes, exactly. The second number is an absolute limit that is under no circumstances exceeded.

- Notmyopinion (talk) 13:22, 6 June 2008 (UTC)


 * Hgmichna (talk) 20:41, 8 March 2010 (UTC)

Added Extra Info to "Administration --> Bandwidth Monitoring" section
'lo. Someone who watches this might want to clean it up a bit, but I added the following based on some questions I asked Jon.

Save History Location: ... Keep in mind that if the share that your CIFS1/2 points to is offline, that it will save the Bandwidth History the next time the share is online. ...

Save Frequency: ... The exact time that the save interval happens at is based on what time you save your settings. So if you set it to "Every 2 Days" at 10:35AM, it will save 48 hours from then, and every 48 hours thereafter.

Awaiting a second e-mail for a bit of clarification, but otherwise, I thought it might be useful for this information to go somewhere, os I just added it to the appropriate sections.

--BeAuMaN (talk) 03:47, 14 July 2008 (UTC)

Inbound QoS
The article states:
 * Inbound data cannot be prioritized effectively because it has already passed through the bottleneck (your Internet connection) by the time the router has a chance to evaluate it.

If it works like I think it does, then inbound QoS is possible for TCP. If too much bandwidth is used, the router should drop some packets (or use ICMP?) to make the sender send slower (TCP congestion control). This could be used to avoid stuttering playback of a music stream while downloading other things. – 91.4.19.244 (talk) 17:40, 19 August 2008 (UTC)

Some newer versions now have "TCP Vegas (network congestion control)". Hgmichna (talk) 20:43, 8 March 2010 (UTC)

Advanced/Firewall/NAT Loopback: more options
The "NAT Loopback" is no longer just a checkbox; it's now a popup menu with "All", "Forwarded Only", and "Disabled" options. Someone who is "in the know" should update the relevant section. -- Dtgriscom (talk) 15:46, 6 January 2009 (UTC)

When set to 'Forwarded Only', apache2 reports the router WAN ip address in its logs when a client on the LAN tries to access one of the NATed web-servers (using a public fully qualified domain name [FQDN]) that reside also on the LAN. When set to 'All' the router LAN address is logged. When set to 'Disabled' you can not access, from within the LAN, NATed web-servers that also reside on the LAN using their public FQDN. (Kiriakos Georgiou, Sat Oct 17 20:49:35 EDT 2009)

Bandwidth monitoring
Is the following line from the article true? If not, we should remove it. If it is true, then maybe an explanation of how to do that?


 * You can also associate each mac address with a letter (up to 10) and get a bandwidth pie chart so you can see bandwidth for each mac address, you can then throttle in % each address if required

Yes: 5 letters A to E and 5 groups Highest to Lowest. You can set up rules in QoS -> Classification to assign a letter from A to E or one of the groups to a particular src (LAN) MAC address(es).

This group can then be limited like any QoS class.


 * However, note that the priorities are fixed, and A to E have the lower priorities, below the "Lowest" class. (Perhaps the designer had only limited command of the English language and didn't know what "lowest" means. :-) The priorities determine which channel gets any remaining bandwidth, i.e. the rest up to 100%, if any, plus the guaranteed, allocated, but not actually used bandwidth. But nobody says you have to use the A to E classes for this purpose. You can use any class you like. Hgmichna (talk) 20:51, 8 March 2010 (UTC)

Access Restriction rules - AND or OR?
Very simple question: if you add more than one filter where it says "Rules", are they evaluated with AND or with OR? All it says is "Add" which isn't a boolean operator. (I wish they'd publish a real manual. There's only this Wikibook and a meager FAQ. OK, most free software doesn't even have that and I could read through the source I guess...)

Edit: I just found the part about "sticky rules", so I guess that means OR. --87.162.51.38 (talk) 01:21, 19 March 2009 (UTC)

ND version?
What is it? Please explain in article. 169.252.4.21 (talk) 13:15, 6 May 2009 (UTC)

I added a list of Mods and brief description of what ND means — Wrlee (talk) 09:43, 31 July 2009 (UTC)

Screenshots were all FAIR USE - restore, please
99.35.134.5 (talk) 01:43, 23 July 2009 (UTC)
 * Some editor requested deletion of all screenshots, and was quite correctly ignored.
 * Some other @$$44+ deletionist editor went through with it, quite against policy.
 * Screenshots of copyrighted works are valid under FAIR USE with a valid Fair Use Rationale.
 * This means screenshots of Tomato's UI are valid also.
 * This further means anyone possessing the Tomato firmware (it's up to 1.25 at the moment) on their router is invited to repost screenshots where needed for clarity - just remember to include a completely filled-out Fair Use Rationale. Non-free Screenshot template

Former Big Iron Guy (talk) 04:42, 17 September 2010 (UTC)
 * Tomato Firmware is now at 1.28. I'll try to get some live screenshots when I put the release on my network. Real soon now.

Reoganized and split single page "book"
I hope I haven't upset everyone... I've begun to break the "book" up into separate pages. Currently, I've started with Those pages are still quite large and may benefit from further sub-divisions. I've spend a lot more hours than I'd planned and I am not yet done.
 * /Installation and Configuration
 * /Menu Reference

Goals
Here is what I am slowly trying to do with these changes, as I learn about wiki and wikibooks formatting:
 * Easier readability through
 * Better organization
 * Better presentation (look)
 * Consistency of formatting through-out
 * Add more prose, where helpful—especially to a broad spectrum of potential users.
 * Update content with (at least 1.25 Tomato)
 * More easily maintainable book structure, that would allow other contributors a framework to modify and augment this content.
 * Migrate to wikibook-compliant layout and features (as I learn them).
 * Make the book more "book-like".
 * Include more info on Tomato variations, configuration tips and recipes.
 * Move content from Wikipedia on this topic with references, to encourage people to update this book rather than Wikipedia.

If anyone has any better idea of how the changes should be (including my goals as outlined, here), I'd be happy to discuss them. If course if everyone is upset by my changes, they can be reverted and I'll leave the pages alone.

AND if anyone wants to help complete this effort, I'd be happy to have their help. — Wrlee (talk) 22:52, 1 August 2009 (UTC)


 * As long as, nothing gets deleted, this would be okay. This page needs to include a feature comparison table of the various distributions (mods), to add value like the Wikipedia page has for DD-WRT versions.--IncidentFlux (talk) 14:57, 5 August 2009 (UTC)

The intent is to keep all information. I added a comparison table of mods. Feel free to add columns. — Wrlee (talk) 06:40, 9 August 2009 (UTC)

Need to add chapters about — 24.17.5.174 (talk) 09:22, 12 August 2009 (UTC)
 * building the Firmware
 * recipes for installing components dynamically

I think that other inclusions/expansions would be
 * acknowledgment in some manner of the fact that the author, Jonathan Zarate, links to this Wikibooks page and the main wiki
 * some amplification on the wireless survey and traffic features
 * some more amplification of the logging and non-local storage options that the linux engine provides.
 * definitely a feature comparison table with links to other places as appropriate

I can help on some of this at some point. Former Big Iron Guy (talk) 05:22, 17 September 2010 (UTC)

Belkin Routers
I thought I'd add here as a warning that I tried this with my Belkin F5D7231-4 router and bricked it, perhaps that should be noted on this wiki page. --unsigned comment by 82.17.172.162 (talk) 23:26, 20 August 2009
 * Which version? Regular or ND? Was the router on the approved list at the time? We'll never know. --Lexein (talk) 00:29, 7 July 2010 (UTC)

SpeedMod by Rodney H?
Please point me to a description or source of this mod, so I can link to it in the article. Thanks. --Lexein (talk) 12:23, 16 June 2010 (UTC)
 * Is this the correct one, by Rodney Clinton Chua? If so, the rev level should be listed in the Mods table, since he's up to SpeedMod 120. --Lexein (talk) 12:34, 16 June 2010 (UTC)