1. This site uses cookies. By continuing to use this site, you are agreeing to our use of cookies. Learn More.


Discussion in 'Tomato Firmware' started by sn0wcr4sh, Jul 4, 2013.

  1. sn0wcr4sh

    sn0wcr4sh Reformed Router Member

    tl;dr; Can someone compile a copy of tomato-K26USB-1.28.RT-N5x-MIPSR2-110-AIO-64k for me with the CONFIG_NETFILTER_XT_SET kernel module built?

    I recently switched over the the v109 AIO 64k build and I am so very close to completing my solution for VPN of youtube, netflix, etc.
    With the new dnsmasq (2.67testC3), there is an "-ipset" flag that puts all resolved IPs from defined domains to go into an ipset (think youtube, netflix).
    Then using iptables and mangle, you can route specific traffic, matching that ipset over your VPN.
    This will totally eliminate the need to keep large, unwieldy list of IPs in our WAN UP scripts.
    Instead the line will look like this:

    iptables -t mangle -A PREROUTING -i br0 -m set --set VPN_ips -j MARK --set-mark 0

    However, "set" functionality for match and target needs to be built in during compile.

    I have tried to compile this on my own, but I am getting unusual errors in the during the compile, and I hoped someone would already have a working build space up and running.

    After a little more searching, I am having the same compiler issue as OP in this thread:

    Guess I will try a 32-bit VM for compiling, but if someone has a tested environment up an running, I would appreciate it.
  2. sn0wcr4sh

    sn0wcr4sh Reformed Router Member

    Solution (kind of);

    First Compile Errors-- Compiling from a x64 Linux machine is not supported. Others have shown it to work, but YMMV. If you are having troubles, and your compile dies while making openssl/apps, it is probably an x64 problem; compile from i386.

    Despite compiling with the CONFIG_NETFILTER_XT_SET=m, I still didn't have the xt_set kernel module available. Looking closer at http://cateee.net/lkddb/web-lkddb/NETFILTER_XT_SET.html shows that this module is for 2.6.39 and above, as well as 3.0+. Doh.

    Next stop, compiling out-of-tree. I see in the changenotes that shibby built the v109 w/ CONFIG_NETFILTER_XT_MATCH_RECENT...maybe he could at CONFIG_NETFILTER_XT_SET too?

Share This Page