[HELP] Few Question About Tomato....

Discussion in 'Tomato Firmware' started by davipiero, Feb 21, 2009.

  1. davipiero

    davipiero Addicted to LI Member

    Hi, I'm new in Tomato. I've just installed it. Version 1.23
    Could you guys please help me?? I have something to ask..

    1. With tomato, can I block web traffic by filter the IP/MAC/URL?

    2. I've set the classification page as follow:

    Do you think it will work perfectly? Especially with the "data transferred" option

    3. At Access restriction page, I set this as follow:

    But, it won't work. I try to connect via my WLAN which is included in the rule, but I still can open yahoo, google, etc.
    And, what is "HTTP request" box? What is it for? How can I fill the box?

    I think that's all for now.
    Thanks you for your help :)
  2. humba

    humba Network Guru Member

    1) Yes.. I take it for IP/MAC you mean local IP/MAC.. MAC makes no sense for external resources since you'll never see e.g. the MAC address of google.
    For MAC you can use iptables (in the firewall script) For IP you can use both iptables (in the firewall script or telnetting into the router and making changes dynamically) or access restrictions.
    For URLs, you need access restrictions.

    3) Your rules currently don't block anything. You need to define a resource to block access to.. right now that list is empty. if I'm not mistaken you'd put urls into the HTTP Request text box that you want blocked. And here's what the FAQ has to say about the matter.
  3. davipiero

    davipiero Addicted to LI Member

    1. Yeah. What I mean is for local IP/MAC. How can I set the filter rules based on IP and also based on MAC? Both for the wired and wireless connection? What do you mean by firewall script?

    3. In the "applies to", I've already added all computer and devices. Well I don't really know the meaning if I check the "blocked all internet connection" and if I set like above picture (set only to TCP/UDP, at any port, IPP2 disabled)

    What is the difference between "normal access restriction" and "disable wireless" only?

    And please, What is "HTTP request" box? This box is dissapear when I check "disable all internet connection"

    Thank you :)
  4. Toastman

    Toastman Super Moderator Staff Member Member

    davipiero, what humba means is that you have not entered any computers/devices that you wish to limit into the box below. The one with "port/application" written next to it, and a little box marked "add". Anything in these rules applies to wireless and LAN.

    There's a lot if information on QOS on the forum, you need to wade through it and see how to use tomato. Take it slowly and don't rush to do everything at once. Use the search link above, limit it to the linksysinfo site. See also the tomato wiki.
  5. jza80

    jza80 Network Guru Member

    Your post shows screenshots from 2 different areas. QoS and access restrictions.

    To block traffic by IP/MAC/URL, you use access restrictions.

    Under access restriction --> applies to. There is 3 choices: all computers/devices, the following, and all except.

    When the following or all except is selected, a IP or MAC address can be entered. If you block by IP, assign static IPs to your hosts or use static DHCP (basic --> static DHCP). Using DHCP is not going to do any good.

    Firewall script is a script/list with firewall rules. The script goes in administration --> scripts --> firewall tab.

    Disable wireless does what it says. It disables wireless, but based on what is set for schedule.

    HTTP Request is where you specify by name what you want to block. For example: yahoo, yahoo.com, *yahoo*.

    The HTTP Request box disappears when block all internet access is checked because all internet access is blocked, so there are no rules to specify in the HTTP Request box.
  6. davipiero

    davipiero Addicted to LI Member

    In the screenshot, I've already select "all computer/devices" in the "applies to" box.
    I have sucessfully blocked the internet traffic if I also check the "block all internet access" box. But I don't really know on how to block only the selected traffic by uncheck the "block all internet traffic access" box. Anyone could teach me? :)

    Acccording to above screenshot, do you think my rules can successfully lower the client class when they exceeded the file transfer rules? When will the client go back to higher class?

    What is it for? How can I set it up?

    I see. HTTP request is almost the same as URL filter, isn't it?

    Thanks :):):):)
  7. jza80

    jza80 Network Guru Member

    Couldn't tell you as I've haven't played with QoS. You'd be better off reading about how to setup QoS or wait for someone else to respond.

    Custom firewall script.

    As far as how to set it up, you copy/paste in a firewall script, save it, and reboot the router.

    Theres no need to use it unless you a have a reason to (ie: custom firewall script).

    For the purpose of setting up access restriction, yes.

    However to get more technical, HTTP = hypertext transfer protocol and URL = uniform resource locator.
  8. Toastman

    Toastman Super Moderator Staff Member Member

    Hi Davipiero

    My apologies, I misunderstood.

    I think you want to restrict certain MAC address from using the internet? If so, try this:

    Enable rules

    Rule name - "allow web access to this list"

    All day - Every Day

    Normal access restriction

    Applies to: All except

    Enter your IP/MAC's...

    If that's not what you wanted to do, post again :biggrin:

    BTW - I spot something odd. Rules are matched from the top down. Your rule no. 1 addressing TCP/IP ports 1024-65535, placing everything into bulk traffic. This prevents anything from ports 1024-65535 for admin machines from reaching rule no. 5 at the bottom. Is that what you wanted? If not, move rule no. 1 to the bottom.

    More about QOS here: http://www.linksysinfo.org/forums/showthread.php?t=60304
  9. davipiero

    davipiero Addicted to LI Member

    Actually, I want to know more about restricting access to certain service only. Not all internet resource..
  10. Toastman

    Toastman Super Moderator Staff Member Member

    Then just remove the tick from "block all internet access" - a new menu will appear - and apply your restrictions to whatever services you need. I think you've got the idea now - it's similar to the QOS section, and there are many examples on this forum already.
  1. This site uses cookies to help personalise content, tailor your experience and to keep you logged in if you register.
    By continuing to use this site, you are consenting to our use of cookies.
    Dismiss Notice