Toastman Tomato routers bridging setup help requested

Discussion in 'Tomato Firmware' started by routernewb, Oct 20, 2011.

  1. routernewb

    routernewb Networkin' Nut Member

    Hi everyone,

    I'm having trouble getting wireless bridging to work.

    Router 1: Linksys E3000 with the lastest Toastman Tomato build installed (tomato-E3000USB-NVRAM60K-1.28.7486.2MIPSR2-Toastman-RT-Ext)

    Router 2: Linksys WRT54GL v1.1 with another toastman Tomato build installed (tomato-ND-1.28.7628.1-Toastman-Std)

    My desired setup:

    Internet/cable modem

    ↓↓↓(wired connection)

    Router 1 → Wired lan + Wireless lan

    ↓↓↓(wireless connection)

    Router 2 → Wired lan

    Can someone please explain what configuration settings I need to change in Router 2 so that my machines on the wireless lan and both wired lans can all see each other (I don't want them to be on different subnets)?

    I don't want to use WDS because that halves my wireless bandwidth and I don't need the second router to act as a repeater. And when I set router2 to Wireless Ethernet Bridge, the wired lan connected to it all seem to share the same ip so not distinquishable by the other stuff on the other side. Also, I can't seem to access the config settings page on the second router once I have it up and running as a transparent WET.

    There was a previous thread with a similar problem ( that is listed in the FAQ, but they were unable to find a solution that avoided halving the bandwidth via WDS (I need all the bandwidth I can get for multi-media streaming inside network). Does WET simply not work the way it's suppose to?

    When I set up WET, I have 2 major problems:
    1) Wireless devices connected to router 1 can't see individual wired devices on router 2 (they all share same ip)
    2) I can't get to router 2's config page. (webbrowser pointed to is the config page of router 1, not sure how to set a separate router ip for router 2's config page so that any machine on network can access it)

    Maybe there's something simple that I'm missing. Any help will be appreciated. Thanks in advance.
  2. Mercjoe

    Mercjoe Network Guru Member

    Well, it is nice to know that my loss of WDS will help you. I had to figure all this out about 2 weeks ago

    Let me show you my setup and see if it helps you.

    Router 1:

    WNR3500L running Tomato Firmware v1.28.4407.1 MIPSR2-Toastman-VLAN-RT K26 USB VPN+NOCAT

    I have it configured as LAN + ACESSS POINT. DHCP is enabled. I have the remote router (router2) defined in the STATIC DHCP section.

    Router 2:

    WRT54G v2.2 running Tomato Firmware v1.28.7628.1 -Toastman ND Std

    Wireless is set to Wireless Ethernet Bridge. DHCP is turned OFF. I have this router configured to a STATIC IP on router 1. You set the IP address on ROUTER 2 set as the same address as defined on router one. i.e. <My router 2 is defined as in the static IP section of router 1>and <router 2 IP address is defined as on the LAN setup page one router 2>

    I have my routers connected using WPA2/AES with no issues.

    Router 1 provides all DHCP services for the network. I have on router 1: 2 computers, a network printer, and wireless providing access to a Wii, a Android Phone, a kindle, and a Archos. Router 2 services the home server and 2 computers for my kids.

    With this configuration, I am able to see all computers on the network and they all have distinct IP address's.

    Before WDS broke, I could not get squat for a connection speed using WEB but decent speeds with WDS. I liked WDS because it allowed me to use router 2 as a WDS +AP thus extending the range of my wireless siganl and providing constant web access from AP to AP.

    Now WEB is a viable network extender. I just wish I could use router 2 as an AP like I could while it was the endpoint of a WDS. Now it is the extender of my network and provides no additional wireless range for the whole network.

    I just hope when they find out what broke WDS they do not break WEB when they fix it.
  3. jsmiddleton4

    jsmiddleton4 Network Guru Member

    WDS working fine for me.

    Using v1.28.7486.2.
  4. Mercjoe

    Mercjoe Network Guru Member

    Yes, WDS works fine on a non-VLAN build.

    You add the VLAN GUI and something breaks.

    I can flash both routers back to a non-Vlan version and WDS works fine. Funny thing is, WEB gets slow and funky.

    I flash EITHER router with a VLAN GUI build and WDS will not connect. For some strange reason WEB works FANTASTICLY with them when they both have a VLAN GUI build on them.

    Don't ask me why the difference. I have not for the life of me been able to figure it out. I guess I am just not that skilled.
  5. teaman

    teaman LI Guru Member

    NOT cool!
    What if/when you flash both routers with a VLAN GUI build? Does WDS work?
    I believe one of the most likely important/relevant differences between those builds might be within the firewall rules - more specifically, in void filter_forward(void). While the firewall code/rules on non-VLAN builds accept/allow (FORWARD) anything from LAN... VLAN GUI builds won't do that by default - i.e. when/if you have/configure more than one LAN bridge, they are isolated from each other by default (unless directed otherwise under Advanced->LAN Access, advanced-access.asp).

    Here's something that just crossed my mind... could you please try/test if WDS would work with this additional iptables rule?
    iptables -A FORWARD -i br0 -j ACCEPT
  6. jsmiddleton4

    jsmiddleton4 Network Guru Member

    Remember after you set WDS mode up you need to reboot each router and let them "find" themselves. Takes a few....
  7. Mercjoe

    Mercjoe Network Guru Member


    If BOTH routers have non- VLAN build then WDS works .

    If EITHER router has a VLAN build on it then WDS does not work.

    If BOTH of them have a VLAN build on it then WDS does not work.

    I do clear NVRAM each time.

    The setup is the same as far as IP address configuration and static setups. I manually enter things to rule out a possible copy error using the quick NVRAM export method. I do use the shortcut after testing and the router bounces back up each time. I doubt it is in the basic setup.

    I will try that code when I have time. Does that have to be inserted on EACH router that uses the VLAN Gui?

    It may be a bit before I can play with the network. The wife is gaming and if I try to do experiments it will be a COLD night.


    Pardon the ignorant question. But I have never added tptable rules manually before. Care to give a brief explaination?
  8. jsmiddleton4

    jsmiddleton4 Network Guru Member

    "iptables -A FORWARD -i br0 -j ACCEPT"

    So if that works what does that tell you? Isn't that bypassing some of the other stuff that is intentionally put in for VLAN management? Or is it a simple matter then of adding "If WDS mode, then iptables -A FORWARD -i br0 -j ACCEPT"?

    And it seems to me by the point you are at WDS and VLAN's, you be into some fairly complicated code behind the scenes.
  9. Toastman

    Toastman Super Moderator Staff Member Member

    Easy way to enter the iptables rule is to use the Tools / System box. Type:

    iptables -A FORWARD -i br0 -j ACCEPT
    nvram commit

    and execute. You can then clear the box. You can enter all sorts of things into the System command box. e.g.

    iptables -L
    iptables -vnL
    iptables -t nat -vnL
    netstat -an

    etc. Interactive commands like "top" don't work because they can't stream data back to the box, for those you do need telnet.
  10. Mercjoe

    Mercjoe Network Guru Member

    Wow.. Did you shine a light on my ignorance.

    Now I have some studying to do. I did not realize the power in the iptables..

    Thank you
  11. teaman

    teaman LI Guru Member

    I'm not sure if I understand your question... If, by any chance, WDS would just 'start working' once/after that particular firewall/iptables rule gets added/enabled... it could mean we just found a possible fix/solution for the issue, right? ;-) Still... even if we're not that lucky... perhaps these tests/checks could be useful as we try to narrow down/identify the actual cause, etc...

    Sorta (yes and no): VLAN-GUI allows defining/configuring up to 4 LAN bridges, each with it's own subnet, DHCP settings, VLAN, ethernet ports, etc... On earlier/initial versions of VLAN-GUI, communication from/to devices on different LAN bridges used to be allowed/forwarded by default with iptables rules looking like this one:
    -A FORWARD -i br0 -j ACCEPT
    (will accept/forward any network traffic/requests from devices on LAN/br0, regardless of the destination of those packets)

    But... that behavior was changed a couple of months ago and LAN bridges are now isolated/unreachable from/to each other by default. Currently, no network traffic is allowed/forwarded between any devices connected to two different LANs, unless specified otherwise under Advanced -> LAN Access. As this approach seems to make more sense than that previous/older behavior, those iptables rules mentioned above were changed into something like:
    -A FORWARD -i br0 -o ppp0 -j ACCEPT
    (will only accept/forward network traffic/requests/packets to WAN/ppp0, from devices on LAN/br0)

    Yes, it's possible... But I think it's just too soon to tell ;-)
  12. Mercjoe

    Mercjoe Network Guru Member

    Yep. That did the trick.

    I added did as Toastman stated and put this in the System > Tools window

    iptables -A FORWARD -i br0 -j ACCEPT
    nvram commit

    and executed.

    In a leap of faith, I set the remote router to WDS and rebooted it from remote.

    Then I just saved the changes in Network on the primary router and the WDS was running in a few seconds.

    Stable as heck too.. and just as fast as WEB. The connection was NEVER this fast on a NON-VLAN GUI version.

    GREAT WORK. and thank you.
  13. teaman

    teaman LI Guru Member

    Nopes: thank you ;-)
    Thanks to your reports/tests, we know what needs attention/fixing on that area ;-)

  14. Mercjoe

    Mercjoe Network Guru Member


    With the addition of the the iptables -A FORWARD -i br0 -j ACCEPT, in a WDS, a VLAN build can connect to a NON-VLAN Build.
  1. This site uses cookies to help personalise content, tailor your experience and to keep you logged in if you register.
    By continuing to use this site, you are consenting to our use of cookies.
    Dismiss Notice