Hi all A long time ago (back in 2008!) mstombs helped me setup my network. I used to have a Zyxel P660R-D1, running PPPoA in half-bridge mode, connected to a WRT54GL running tomato firmware. I had to the following script in the firewall tab, due to the ARP table being filled up (because each new connection apparently is getting a mac-address): GW="your_modem_local_ip_address" IF="vlan1" route add -host $GW dev $IF route add default gw $GW The good old WRT54GL then crashed and I bought a Asus RT-N16 and I have installed Tomato on this, and want to set it up as the WRT54GL. However, when I do as I used to to for the WRT54GL I do not have access to the internet (in the script I changed vlan1 to vlan2 for the RT-N16). The routing table in the RT-N16 matches to routing table in WRT54GL (with the exception that wan is on vlan2 instead of vlan1), so I would assume it should be working. Does anyone else have this setup, or can help me in the right direction? Tomato version: tomato-K26USB-1.28.7498.1MIPSR2-Toastman-RT-VPN Thanks, Ulrik
Currently my routing table looks like this if it helps: Code: Destination Gateway / Next Hop Subnet Mask Metric Interface 192.168.1.1 * 255.255.255.255 0 vlan2 (WAN) 85.81.aa.bb * 255.255.255.255 0 vlan2 (WAN) 85.81.aa.0 * 255.255.255.0 0 vlan2 (WAN) 192.168.2.0 * 255.255.255.0 0 br0 (LAN) 127.0.0.0 * 255.0.0.0 0 lo default 85.81.aa.bb 0.0.0.0 0 vlan2 (WAN)
Haha fix the old wrt! Maybe just the PSU brick! You shouldn't need the firewall script anymore- the tusb code already does something similar - so half bridge modems should just work... There is another issue with the RT N16 wan port a soft reboot doesn't reset the switch - do just try turning both modem and router off and on again.
Hi mstombs - great to see you're still here helping us noobs Indeed setting the zyxel in half-bridge mode and installing tomato on RT-N16 does work without further settings! However, all external requests still get a MAC-address, cluttering the device list. I suspect when running a bittorrent client this table will eventually run out of space? Or are there no drawbacks of this, i.e. on wan-speed or other things? Here's part of the client list, showing both lan-clients (true clients on the network) and external "clients". I am guessing that it is not supposed to look like this? Code: Interface MAC Address IP Address Name RSSI Quality TX/RX Rate Lease vlan2 00:02:CF:4A:AD:5E 8.8.4.4 vlan2 00:02:CF:4A:AD:5D 8.8.8.8 vlan2 00:02:CF:4A:AD:41 169.237.aaa.bbb vlan2 00:02:CF:4A:AD:40 172.18.aaa.bbb vlan2 00:02:CF:4A:AD:56 172.20.aaa.bbb vlan2 00:02:CF:4A:AD:57 172.20.aaa.bbb vlan2 00:02:CF:4A:AD:2E 173.194.aaa.bbb vlan2 00:02:CF:4A:AD:4B 173.194.aaa.bbb vlan2 00:02:CF:4A:AD:34 176.9.aaa.bbb vlan2 00:02:CF:4A:AD:4C 176.9.aaa.bbb vlan2 00:02:CF:4A:AD:55 192.168.1.1 br0 98:D6:BB:7C:36:F7 192.168.2.105 abc 0 days, 23:58:15 eth1 58:55:CA:44:5D:64 192.168.2.108 -50 dBm 49 65 / 65 br0 00:24:81:F7:18:D2 192.168.2.118 abd 0 days, 23:00:43 eth1 C4:2C:03:D1:64:F6 192.168.2.126 abe -51 dBm 48 - / 65 0 days, 22:47:06 br0 00:F4:B9:72:27:6D 192.168.2.129 0 days, 23:10:18 br0 28:CF:DA:08:01:39 192.168.2.131 vlan2 00:02:CF:4A:AD:38 193.169.aaa.bbb vlan2 00:02:CF:4A:AD:54 195.137.aaa.bbb vlan2 00:02:CF:4A:AD:33 208.122.aaa.bbb vlan2 00:02:CF:4A:AD:2C 212.161.aaa.bbb vlan2 00:02:CF:4A:AD:2B 213.199.aaa.bbb
oops - the fix I have pushed into tomatousb (and dd-wrt) fixes the problem where the ISP gateway is not in the network defined by the WAN IP and WAN netmask (the default gateway assignment used to fail), but doesn't address your problem but breaks the script work-around. The variant of half-bridge that Zyxel are using is similar to D-Link "zipb", and this is both inefficient and will result in problems when the router arp table fills up "neighborhood table full". Don't know what the size currently is but could be as low as 256 entries. I remember corresponding with Greg about this many years ago... http://www.csc.liv.ac.uk/~greg/projects/dlink.html Looks like you should still use a firewall script, but it first needs to delete the default gateway (which is now the same as WAN IP), and replace it with the local modem IP as before can you try this, which should also look up the interface name, so more generic than hardcoding vlan1 or vlan2 Code: GW="your_modem_local_ip_address" IF="$(nvram get wan_iface)" route add -host $GW dev $IF route del default gw $(nvram get wan_gateway) route add default gw $GW
I have tried this, and it results in no access to the internet. Routing table looks like this: Code: Kernel IP routing table Destination Gateway Genmask Flags Metric Ref Use Iface 192.168.1.1 0.0.0.0 255.255.255.255 UH 0 0 0 vlan2 192.168.1.1 0.0.0.0 255.255.255.255 UH 0 0 0 vlan2 85.81.aaa.bbb 0.0.0.0 255.255.255.255 UH 0 0 0 vlan2 85.81.aaa.0 0.0.0.0 255.255.255.0 U 0 0 0 vlan2 192.168.2.0 0.0.0.0 255.255.255.0 U 0 0 0 br0 127.0.0.0 0.0.0.0 255.0.0.0 U 0 0 0 lo 0.0.0.0 192.168.1.1 0.0.0.0 UG 0 0 0 vlan2 I have also tried to remove the doublet route (192.168.1.1), but that doesn't help...
Are you also using the "route modem ip" option in the Tomato gui which might also set that duplicate route, but it also nats those connections?
Yes I was. I removed the "route modem ip" and added your firewall script, and now it seems to be working. Thanks!
Btw. I just tried the WRT54GL with another power adaptor and it is still working, so you guessed right! Hmm, what to do with spare router? Well...
If you were to dissect the failed PSU I also predict the failure is due to electrolytic capacitors failing... usually bulge and leak but can just dry out!
