1. This site uses cookies. By continuing to use this site, you are agreeing to our use of cookies. Learn More.

Can't get out to Internet?

Discussion in 'Tomato Firmware' started by garyfritz, Apr 24, 2009.

  1. garyfritz

    garyfritz Addicted to LI Member

    I recently installed Tomato v1.23.1607 on a Linksys WRT54G v2. At first it seemed that everything was working OK (I think, see below). But now I'm having problems with getting out to the Internet -- or more specifically, to the next-higher router, since I have a multi-router setup:

    Router2's subnet is 10.1.2.*, its internal address is, external is DHCP
    Router1's subnet is 10.1.1.*, its internal address is, external is
    Linksys's subnet is 10.1.3.*, its internal address is, external is

    From a system connected to the Linksys e.g., I can ping the Linksys at (and get DHCP assignments), but I can't ping the parent router (Router2 at nor beyond. is the Gateway for the Linksys and Router1. Router1 works fine -- Linksys doesn't.

    I'm 99% sure I had this thing working at one point, but I may have fooled myself by having connections open to two routers at once -- on the other hand, my son hasn't complained about his iPod Touch not working since I switched him to the Linksys, though I can't make it work now.

    Here's the relevant section from the Status page:

    MAC Address xxxxxx
    Connection Type Static IP
    IP Address
    Subnet Mask
    MTU 1500

    Status Connected
    Connection Uptime 0 days, 00:45:48

    Router MAC Address xxxxx
    Router IP Address
    Subnet Mask
    DHCP -

    I've rebooted the Linksys and that didn't help. Can anyone see what might be preventing me from getting out through this router?

  2. SgtPepperKSU

    SgtPepperKSU Network Guru Member

    Have you tried pinging from the Linksys router itself (WebGUI->Tools->ping)?

    Also, have you checked your routing table on the Linksys LAN computer and the Linksys router (WebGUI->Advanced->Routing)?
  3. garyfritz

    garyfritz Addicted to LI Member

    No problem pinging the router ( from either the router or from a connected computer. Pinging the gateway router ( fails from computers in the 10.1.3.* subnet and from the router itself.

    Not sure what to look for in the routing table:
    Destination  Gateway    Subnet Mask       Metric        Interface        *        0          vlan1 (WAN)        *        0          br0 (LAN)       *            0          lo
    default              0          vlan1 (WAN)
    The only thing that jumps out at me is the subnet mask on the "default" line, but the mask on the line (upstream connection to router2) is OK. Oh wait, the line has no Gateway!! But as you can see in the Status display, I DO have the Gateway set properly... ??
  4. SgtPepperKSU

    SgtPepperKSU Network Guru Member

    I meant pinging Router2 from the linksys router.

    That routing table looks fine. The other half of what I asked could still be useful, though. You can get the routing table on windows with
    route print
    and on linux with
    route -n
  5. garyfritz

    garyfritz Addicted to LI Member

    Sorry, I realized you meant pinging Router2 and added it in there, but you were already responding. :) The Linksys can't ping Router2 any better than the 10.1.3.* computers can.

    Whoops, missed the request for the Windows route table. Here is the table for a Vista box connected via Wifi. I believe the 192.168.* IPs are VMware virtual networks.

    $ route print
    Interface List
     11 ...00 1f 3a 33 81 1e ...... Atheros AR5007 802.11b/g WiFi Adapter
     13 ...00 50 56 c0 00 01 ...... VMware Virtual Ethernet Adapter for VMnet1
     15 ...00 50 56 c0 00 08 ...... VMware Virtual Ethernet Adapter for VMnet8
      1 ........................... Software Loopback Interface 1
     23 ...00 00 00 00 00 00 00 e0  Microsoft ISATAP Adapter
     10 ...00 00 00 00 00 00 00 e0  6TO4 Adapter
     25 ...00 00 00 00 00 00 00 e0  Microsoft ISATAP Adapter #2
     12 ...02 00 54 55 4e 01 ...... Teredo Tunneling Pseudo-Interface
     14 ...00 00 00 00 00 00 00 e0  isatap.{5ADF8A1B-D906-4BED-A04B-5789263D40ED}
     16 ...00 00 00 00 00 00 00 e0  isatap.{267B4A67-F99A-420B-87CD-19A1F62785D1}
    IPv4 Route Table
    Active Routes:
    Network Destination        Netmask          Gateway       Interface  Metric
            On-link    281
          On-link    281
          On-link    281
           On-link    306
           On-link    306         On-link    306         On-link    276         On-link    276         On-link    276         On-link    276         On-link    276         On-link    276
           On-link    306
           On-link    276
           On-link    276
           On-link    281         On-link    306         On-link    276         On-link    276         On-link    281
    Persistent Routes:
    IPv6 Route Table
    Active Routes:
     If Metric Network Destination      Gateway
     12     18 ::/0                     On-link
      1    306 ::1/128                  On-link
     12     18 2001::/32                On-link
     12    266 2001:0:4137:9e50:30c3:10f7:f5fe:fe92/128
     13    276 fe80::/64                On-link
     15    276 fe80::/64                On-link
     12    266 fe80::/64                On-link
     13    276 fe80::2807:ac4:9ad8:d5d0/128
     12    266 fe80::30c3:10f7:f5fe:fe92/128
     15    276 fe80::b15d:137d:7cb:9e6f/128
      1    306 ff00::/8                 On-link
     12    266 ff00::/8                 On-link
     13    276 ff00::/8                 On-link
     15    276 ff00::/8                 On-link
    Persistent Routes:
  6. SgtPepperKSU

    SgtPepperKSU Network Guru Member

    The routing on your linksys looks fine, so if it can't ping Router2 (and Router1 can), then my best guess would be a physical connection problem.

    Alternatively, have you tried having the linksys get its IP from Router2 via DHCP?

    EDIT: one more long-shot thought just occurred to me. Are you sure that the LAN netmask configured on Router2 is as you've entered into the linksys? If it were, it would explain what you're seeing. If that's the case, try changing the linksys LAN IP from to (and entering the correct netmask for the WAN on the linksys).
  7. garyfritz

    garyfritz Addicted to LI Member

    Gack!! Your suggestion to try DHCP led me to the answer. The Linksys got an IP in the 10.1.1.* subnet! Whaaa?? I'd moved the Linksys from one room to another, and in the process I screwed up and hooked it into Router1 instead of into Router2!! *DUH*. Sorry to waste your time with a PEBKAC error...

    I have to figure out how I'm going to resolve this network wiring issue. The story is: we run our business out of our home. We have sensitive client data on our systems. We didn't like having our kids running on the same subnet where they could catch a virus and cause all kinds of grief. So Router1 is our "work" subnet, and Linksys is the kids' subnet for their PC, their iPod/DSi, etc. The gateway (Router2) and work (Router1) routers are in one office. My office is in another part of the house, with a LAN line connecting them. But my kids' PC is also in my office. I moved the Linksys down to my office, thinking I would split off the kids' subnet from the work subnet -- wrong!! I'd need VLANs to do what I wanted. Maybe I'll have to switch to DD-WRT. For now I'll swap the line to my office over to the kids' subnet, and just use wifi to the "work" subnet on my computer.......

    Thanks for your help SgtP!
  8. jza80

    jza80 Network Guru Member

    I see that your problem was due to pebkac and/or esto. :p


    I just wanted to add something that you may or may not know about.

    If you don't need NAT and firewall on Linksys and Router 1, you can change them to router mode instead of gateway mode.

    Then set static routes from Router 2 to Router 1 and Router 2 to Linksys like so:

    Router 2 to Router 1:
    Router 2 to Linksys:

    Static routes are specified as: destination network (the network you want to get to), subnet mask of destination network, gateway (next-hop router) to use to get to the destination network.

    Make sure Router 1 and Linksys have a default gateway (LAN IP of Router 2) specified in the WAN section.

    That'll do it, but VLANs complicates things even more. You need to figure out some way to route the VLANs and configure access between the VLANs.

    From what I've read, theres no easy way (GUI) to configure VLANs in Tomato.


    With the way your network is setup, you don't need 3 routers.

    You can use 2 routers. Place the kids network behind the modem and your network behind the kids network.

    Modem --> kids network router
    LAN port on kids network router ---> WAN port of your network router.
  9. garyfritz

    garyfritz Addicted to LI Member

    Yes, we *could* have used 2 routers -- except I took advantage of the separate routers to implement some access restrictions on the kids' router. It has content limitations (currently implemented by using OpenDNS's content filtering, and intercepting port 53 to prevent clever kids from setting their own DNS server), and at 8:30pm it shuts down the Internet access completely. I think that should help us manage our kids' net usage. But I don't want to manage *MY* usage, so I don't want to be behind their router!!! :)

    No, I don't think Tomato does VLANs. But DD-WRT does. I'm going to avoid that if I can.

    We definitely *do* want firewall capability in our business router (router1). We'd have protection from the Internet in the gateway router (router2), but a firewall in the business router protects us from any possible virus infections on the kids' computer. What's the advantage of running in router mode?
  10. jza80

    jza80 Network Guru Member

    Actually it does, but theres no easy way to configure it. You have to use scripts and iptables.

    In your case, it would be a disadvantage since you want seperation and firewalls.

    Using router mode turns off the firewall and nat.

Share This Page