1. This site uses cookies. By continuing to use this site, you are agreeing to our use of cookies. Learn More.

MAC filtering adding, etc., ease of use

Discussion in 'Tomato Firmware' started by jsmiddleton4, Apr 8, 2007.

  1. jsmiddleton4

    jsmiddleton4 Network Guru Member

    Good morning,

    I've read through the "Wish List" post and wanted to pull these things out.

    First, great job. Tomato is a great 3rd party firmware.

    Second, do not turn it into DDWRT.

    Third, several "wishes" regarding MAC filtering. Yes I know the down fall of MAC filtering. But in my situation it is the best solution. Is there a way to pick up the information for the attached device list and patch that information into the MAC filtering? In a similiar way as the static dhcp option? The adding static dhcp process works GREAT by the way. Thanks for setting it up. I'm guessing the original Linksys firmware does the MAC filtering process in much the same way. It is quite easy to do with the original firmware.

    Fourth, if we use it, we should pay for it. Absolutely.

    Fifth and lastly, more information on the options, faq, etc. Want to learn what they all do.
     
  2. irajta

    irajta LI Guru Member

    Hi,

    I have a WRT54GS. MAC address filtering is "enabled" and set to "permit only" for wireless connections.

    However, I tried with another laptop, and got connected for 20 minutes "for
    free". After 20 minutes I was kicked out, but then I could reconnect.

    It also seemed to cause IP conflicts on the other computer...

    How to set MAC address filtering _really_ permit only those whose address is
    listed in my config?

    Thanks for your help!
     
  3. jsmiddleton4

    jsmiddleton4 Network Guru Member

    All I did was enter my Laptops mac addresses using the Add button, selected "Permit", hit save, then I booted the modem. I haven't had any problems with three laptops getting and staying connected. I read somewhere that sometimes Tomato firmware doesn't fully implement changes until you unplug and plug the router back in. You might try that too.

    "It also seemed to cause IP conflicts..."

    That usually isn't MAC filtering.
     
  4. digitalgeek

    digitalgeek Network Guru Member

    This is completely incorrect... Tomato is one of the easiest firmwares to work with...
     
  5. jsmiddleton4

    jsmiddleton4 Network Guru Member

    I'm sorry but just what is "completely incorrect"?
     
  6. irajta

    irajta LI Guru Member

    Hi,
    Thanks for the replies. Adding the MAC address, and letting me use it without IP conflict is OK.
    The first part of the question is still a problem. How can I block somebody whose MAC address is not permitted? The "permit only" is on, and an unlisted MAC can still connect for 20 minutes... This doesn't seem to be right for me.
    (I don't want to use WAP, WAP encryptions because I also have a couple of Linksys signal amplifiers (repeaters) connected to this router, and I just wanted to config those easily with a press button, instead of software config.)

    Thanks a lot.
     
  7. irajta

    irajta LI Guru Member

    My firmware version is: v1.50.6, Feb. 17, 2006
    I don't know about any vegetables in there... :) What is a Tomato?
    Cheers.
     
  8. jsmiddleton4

    jsmiddleton4 Network Guru Member

    Do you even have Tomato installed? So you want listing for "Permit" and some for "Deny"? Allow these, block those? By permitting you block every other MAC. You don't have to do both.
     
  9. irajta

    irajta LI Guru Member

    I don't have Tomato. It sounds logical that I don't need to do both: I only want to permit a few MAC addresses, and deny everything else. That's why I used "permit only", and listed the allowed MACs.

    Apparently, a MAC that is not listed can access the internet through my router for about 20 minutes (illegally), and cause IP conflict in my MAC registered computers.

    So, it seems that the "permit only" is not completely OK, or I'd need to switch on something else too. But this would not be logical, I think.

    Any clues about this?

    Thanks!
     
  10. sillydoh

    sillydoh LI Guru Member

    errr, but this forum is for those of us using the Tomato firmware on our routers....
     
  11. jsmiddleton4

    jsmiddleton4 Network Guru Member

    This is a Tomato firmware forum. But "apparently, a MAC that is not listed can access the internet through my router for about 20 minutes (illegally), and cause IP conflict in my MAC registered computers. " shouldn't be allowed no matter what. MAC addressing is easy to bypass/break. Maybe that's what is happening?

    Deny means deny.
     
  12. irajta

    irajta LI Guru Member

    Sorry, I didn't realize that this was a Tomato forum. I was looking for topics at linksysinfo that have MAC address issues...
    Thanks, and sorry for "off topic".
    Bye
     
  13. digitalgeek

    digitalgeek Network Guru Member

    This doesn't make sense, I have been using MAC filtering since I was using the original firmware, and always denied access... what encryption are you using?

    I am currently using WPA-AES w/Mac Filtering... because I know mac filtering on it's own is not strong enough... and my WPA key is not a standard word, in fact it not even intelligible to any one else. But Mac filtering should work... have you tried a reboot (although that shouldn't be necessary) otherwise you could try a clear NVRAM and re-config manually.
     
  14. NateHoy

    NateHoy Network Guru Member

    Just FYI - there IS a section on this page for Linksys Official Firmware issues - http://www.linksysinfo.org/forums/forumdisplay.php?f=134

    Re-post your MAC Filter issue there and someone may be able to help.
     
  15. jsmiddleton4

    jsmiddleton4 Network Guru Member

    This doesn't make sense...

    What doesn't make sense digital? Deny means deny. Permit means permit. There isn't a 20 minute time limit on either. So if its set to deny and someone is getting through, even for 20 minutes, either the MAC filtering is being hacked or the setting isn't right.

    Why would you use both MAC filtering AND some other security measure as well? That is like shooting a BB gun, MAC filtering, while you are shooting a .50 caliber machine gun. WPA-ES.

    By the way I use MAC filtering with the "Permit" option. That way my router denies all other MAC's. It works well for my setup.
     
  16. jsmiddleton4

    jsmiddleton4 Network Guru Member

    Back to my original message intention. Saturday morning and playing with my Linksys. Ran a couple of "other" firmwares through it this morning. And I'm still of the opinion that MAC filtering adding addresses section could be easier in Tomato. The original Linksys firmware would be a great process to model.

    I am also still of the opinion that Tomato is the best of the lot. It excels in adding static dhcp addresses. Wow are the others way behind in that regard.

    I'm going to post a seperate message but in general here is what I'm seeing and thinking. The current Tomato firmware, all of them for that matter, capture the information that we end up having to input/work with to do some of the extra stuff. So depending on the firmware it is labeled a bit differently but computer name, mac address, ip address, they are captured in the status area/lan information area/attached device information area, etc., are already captured and "in" the firmware. Why not use that data to be able to click on a particular computer's information and add it? Exactly like Tomato does with static DHCP? If the Linksys stock firmware is a good model for ease of adding MAC addresses to filter in wireless setup, then the Tomato firmware adding static DHCP addresses is also a GREAT model for what I'm talking about in regards to other things.
     
  17. pablito

    pablito Network Guru Member

    because it is more secure. You might hate that I run both plus running encrypted apps over VPNs. That is 4 layers of secure. Plus password protection on the apps. And I can easily max out the internet bandwidth if I need it.

    and established connection means established. reboot is the easy way to solve that one. or script it...

    entering semi permanent data happens too infrequently to be a problem doing manually vs a click click.
     
  18. irajta

    irajta LI Guru Member

  19. jsmiddleton4

    jsmiddleton4 Network Guru Member

    You might hate that...

    Are you kidding me? This is a forum for discussion and asking questions and issues, ideas. You really think that I form an opinion about anything that reacts with "hate" about anything on this forum? Do you look for things in people's posts beyond the actual text?

    If you can't discuss a matter without adding whether or not a person "likes", "hates" or otherwise about the topic I suggest you take a break.
     
  20. jsmiddleton4

    jsmiddleton4 Network Guru Member

    and established connection means established. reboot is the easy way to solve that one. or script it...

    entering semi permanent data happens too infrequently to be a problem doing manually vs a click click.


    So what are you trying to say? That he should have a 20 minute "pause" in MAC filtering?
     
  21. pablito

    pablito Network Guru Member

    ?
    you aren't worth arguing with. Not about technology and not about semantics.
    hate is a word but you are the one showing anger. I do like semantics and irony.

    And you can't debate technology when you know so little about it. Go figure it out for yourself.
     
  22. GeeTek

    GeeTek Guest

    He is trying to be tell you in a very polite way that he really hates yer guts. Maybe you should read between the lines a little more. Actually, I think I agree with him. I am starting to really hate you too, and I really don't give a damn about your Tomato router either, now that I think about it.
     
  23. jsmiddleton4

    jsmiddleton4 Network Guru Member

    Hope you feel better now.
     
  24. GeeTek

    GeeTek Guest

    Yes, I think I do feel better. Can I offer you a beer ? I've got 6 in the freezer, and I'm really tired of fuoking around with computers and routers right now.
     
  25. jsmiddleton4

    jsmiddleton4 Network Guru Member

    you are the one showing anger.

    Please feel free to demonstrate how I have shown anger towards you.


    You fail to answer a clear question and it means I'm showing anger?

    So much for adult converstation in the linksysforum tomato thread hey?

    You guys can have the place. Doesn't seem to be much worth actual spending time here for anyway.

    Enjoy.
     
  26. GeeTek

    GeeTek Guest

    Don't leave now, I just cranked up Donna Summers and KC. Things are starting to look better. Maybe I'll invite everone over for a party since we can't seem to get any joy out of this firmware.
     

Share This Page