1. This site uses cookies. By continuing to use this site, you are agreeing to our use of cookies. Learn More.

nvram variables - quick question...

Discussion in 'Tomato Firmware' started by M_ars, Jun 13, 2012.

  1. M_ars

    M_ars LI Guru Member

    Hi,
    just a quick question:
    in the file "firewall.c" ( --> see git ==> router/rc/firewall.c) there is a variable "ne_snat" in Toastmans branch und "net_snat" in shibbys branch. What is right? :) both?

    Code:
        for (i = 0; i < wanfaces.count; ++i) {
                if (*(wanfaces.iface[i].name)) {
                    if ((!wanup) || (nvram_get_int("net_snat") != 1))
                        ipt_write("-A POSTROUTING %s -o %s -j MASQUERADE\n", p, wanfaces.iface[i].name);
                    else
                        ipt_write("-A POSTROUTING %s -o %s -j SNAT --to-source %s\n", p, wanfaces.iface[i].name, wanfaces.iface[i].ip);
                }
            }
    i just stumbled over it... :)
    thx
     
  2. Planiwa

    Planiwa LI Guru Member

    Code:
    nvram get t_model_name
    nvram get os_version
    nvram find snat
    
    Asus RT-N16
    1.28.7494 MIPSR2-Toastman-VLAN-RT K26 USB VPN-NOCAT
    ne_snat=0
     
  3. M_ars

    M_ars LI Guru Member

    thx for your answer
    i dont get anything for snat... i tried that before :)
    using shibby 092V AOI
     
  4. Toastman

    Toastman Super Moderator Staff Member Member

    The nvram variable used by Teaman in his mod is ne_snat .... prior to that it was net_snat...

    So depending on what is incorporated into a particular build, either may be encountered.
     
  5. teaman

    teaman LI Guru Member

  6. M_ars

    M_ars LI Guru Member

    Ahh :)
    may i ask anoher question:
    in the file "wan.c" there is the line "CONNECT \c\n" . Is that right or did you mean "CONNECT \\c\n"?
    Right now there is a warning in the buildprocess...

    Code:
            fprintf(cfp,
                "OK \"AT&FE0V1X1&D2&C1S0=0\"\n"
                "OK \"AT\"\n"
                "OK \"ATS0=0\"\n"
                "OK \"AT\"\n"
                "OK \"AT&FE0V1X1&D2&C1S0=0\"\n"
                "OK \"AT\"\n"
                "OK 'AT+CGDCONT=1,\"IP\",\"%s\"'\n"
                "OK \"ATDT%s\"\n"
                "CONNECT \c\n",
                nvram_safe_get("modem_apn"),
                nvram_safe_get("modem_init")
                );
            fclose(cfp);
     
  7. teaman

    teaman LI Guru Member

    Yup - there's a warning at build time. I'm not sure what that means (that code got merged from Shibby's branch).
     
  8. shibby20

    shibby20 Network Guru Member

    i dont use ne(t)_snat variable well... maybe i will 'bringing back' this option onto the web UI in the future, but now i`m now sure, are we need that.

    SNAT we can use only when we have a static ip. If our WAN IP is changing then we have to use MASQ. But MASQ we can use also with static ip. Well... what kind of benefits we will get using SNAT over MASQ?
     
  9. mstombs

    mstombs Network Guru Member

    MASQ supports WAN IP changing, but tomato does a restart of the wan when this happens so no benefit, apparently using SNAT takes a few fewer CPU cycles to handle every packet since it does have to check the IP hasn't changed. So if you are CPU limited on WAN to LAN throughput there might be a benefit (never seen quantified!). When you have multiple WAN IPs (future!) SNAT can be used to select which IP is used to "SNAT --to"
     
  10. shibby20

    shibby20 Network Guru Member

    well SNAT is better than MASQ - good to know :)
     
  11. teaman

    teaman LI Guru Member

    I wouldn't say 'better' - those two seem to be just... slightly different. Apparently, whenever a new/outgoing connection is about to enter the NAT subsystem, we need to figure out which address should be used when using MASQUERADE as target (that is, every single time, for every new connection). That being said, a couple of extra thoughts:

    - SNAT seems to allow a slightly better performance and (quite possibly) a higher degree of control, but...
    - MASQUERADE seems to allow things to be (i.e. writing rules) a bit simpler in many situations (i.e. when we don't know what is going to be our 'external' address in advance, etc...)

    In any case... firewall rules get rewritten/reloaded every time WAN (re)connects in Tomato - so... not a major deal, anyways ;)

    Cheers!
     

Share This Page