1. This site uses cookies. By continuing to use this site, you are agreeing to our use of cookies. Learn More.

Tomato 1.19.8815 Mod.

Discussion in 'Tomato Firmware' started by Victek, May 19, 2008.

Thread Status:
Not open for further replies.
  1. Victek

    Victek Network Guru Member

    No, is natural intuitive :biggrin: you'll get familiar in few minutes. If lost then ask again, I did a manual but in spanish..look some screenshots, http://www.adslzone.net/postp1004761.html#1004761
     
  2. dvaskelis

    dvaskelis Network Guru Member

    Under current capabilities, which scenario is more appealing:

    1. UPnP enabled, which many consider a security vulnerability, which means all UPnP-aware applications assume they should use UPnP to communicate around NAT firewalls... but only the first 25 entries actually work and after that UPnP applications may throw up errors and some simply won't work.

    2. UPnP disabled, so UPnP-aware applications realize they will be going through a NAT firewall and work as such without error without UPnP (WWW, Messenger, IPTV, live video, most online games). P2P programs (uTorrent, eMule, etc.) and similar applications that work better with forwarded ports because they essentially host an Internet server on your side of the NAT firewall may show some kind of warning that a port is not forwarded to the client... although you could offer to map ports on request.

    Either way some users will see errors or warnings or experience issues.

    I do kinda like the idea of UPnP assignments having a timeout, although anything like that can become problematic in practice for a number of reasons.
     
  3. Toastman

    Toastman Super Moderator Staff Member Member

    I didn't get to bed yet. Just finishing off entering all my MAC addresses. As you say, you need to save after 50 or you lose your entries, but it took 67 entries OK. I am now entering them in restrictions and will then try it out, there are still a lot of people p2p-ing..

    By the way, another item for wishlist - there is no check for duplicates on the restrictions entry page :)

    Toast
     
  4. Victek

    Victek Network Guru Member

    My comment was when I did the first try, in the second try was solved ;), you can enter up to 101 IP/MAC's (just for rounding space allocation).
    If I activate checking for duplicates then I can ensure you that the CPU will be very busy.. sort pressing the upper header and check, you'll see if any duplicate MAC, then, delete, do simple.:biggrin:
     
  5. Toastman

    Toastman Super Moderator Staff Member Member

    to dv

    Yes, it's a bit of a headache. But in practice we've never had a problem with UPNP - I just need more of the same :). The users don't care as long as it works. Mostly, without UPNP, their applications do not work correctly and they of course complain about that, (as I would, if I were completely non-technical).

    By the way, several people seem to be using a rather curious P2P video (International TV) server in China. Looks interesting, but not had time to look what it does. Involves some special P2P video software I think :)

    Toast
     
  6. Toastman

    Toastman Super Moderator Staff Member Member

    Victek,

    I think I have the correct software, there was in fact only one download link that worked, the other said "file not found". When I got to about 54, I remembered I had not saved them, and when I did, everything disappeared, leaving a blank browser screen :)

    What's happened, I wonder?

    Toast
     
  7. Victek

    Victek Network Guru Member

    I'll try now.. I entered 71 and was stored without problem... I go to check.
     
  8. Toastman

    Toastman Super Moderator Staff Member Member

    OK, all loaded, all seems to work fine. I rebooted to check available memory - 4,092K at the moment. Nothing much changed :))

    Toast
     
  9. Victek

    Victek Network Guru Member

    Very low memory amount, when starts I have 8.7-9MB free memory using IP WAN DHCP, what router are you using? or better question, what services are you running when the router starts? It seems to me your are collapsed by thousand connections in conntrack by P2P....
     
  10. Toastman

    Toastman Super Moderator Staff Member Member

    This is a std WRT54GL. This amount of memory is what I usually have with about half this number of users in the tables, adding them hasn't made much difference.

    I just rebooted, so there are 13 connections, mostly from myself. but the amount of memory you get, is what I get from the AP's with no QOS, MAC entries, etc. (currently my AP's mostly have 6,610K free. Is this what you would expect? QOS here is fairly simple port based stuff, no IPP2P, just one L7 for Skype... and at present not being utilised.

    Ah, I think I see, if I add memory counted as cache, it becomes 8,252K

    Toast
     
  11. Victek

    Victek Network Guru Member

    "If I add memory counted as cache, it becomes 8,252K"

    Correct, it's what I expected and scored. The addition of 50 additional IP's x 53bytes per IP/MAC is memory consumption insignificant. Sorry for contradiction with jsmiddleton4 thoughts..
    After you test for some days let me know results and then we can go one step forward :), I like to verify no major problems would appear after this mod.
     
  12. Toastman

    Toastman Super Moderator Staff Member Member

    OK, that's good.

    When I wake up tomorrow, I will see about connecting both buildings together and letting this router handle all of the users on its own. There were 71 altogether. Plus myself, the worst one of the lot.

    So for now, thanks muchly for your efforts, and speak tomorrow.

    Toast
     
  13. jsmiddleton4

    jsmiddleton4 Network Guru Member

    Toast,

    While I don't understand all of how the ARP QOS thing works at least in your environment it will offer some additional albeit low level security to keep non-authorized MAC/IP addresses from using up bandwidth and if I understand correctly it makes it a little easier on your router sorta like static dhcp addresses. Your router isn't working to provide "new" information to each device as the information is reserved and just handed out, no logic is figuring out what to hand out, its already assigned and reserved. That probably isn't totally accurate and I'm ok with it not being so. But it should help your router not work quite so hard.

    If it were me and IF you haven't, I'd still be giving wds a shot even if you use one router as the dhcp server with victek's mod even if its just one more router.
     
  14. jsmiddleton4

    jsmiddleton4 Network Guru Member

    Victek,

    Could this higher number of mac/ip thing be an option? A box that asks, "Do you need more MAC address?" I'm thinking its simplier, and quite acceptable, if its just more pages, or more entries on page, but thought I'd ask. Could kinda be overwhelming when you hit those pages to see 101 entries and you need like 8.
     
  15. jsmiddleton4

    jsmiddleton4 Network Guru Member

  16. Victek

    Victek Network Guru Member

    ?? .. the number of lines increase when you enter the IP/MAC, meanwhile the screen is adapted to the number of IP's you entered, not more, not less. Don't worry for 2,5KB memory space, on the next release all themes will be out of the firmware and you can download the theme you want to use from an Internet site or from your home server, it will save around 400KB space in the firmware :biggrin: and in available memory in the router. Hehe.. you know something more about next release...
     
  17. Toastman

    Toastman Super Moderator Staff Member Member

    JS - ok, thanks. I'll look for some data on that. I also like the look of the ASUS WL-500g which has double the memory/flash, should I need it, and the USB ports may be useful for writing logs to USB memory. I haven't heard much feedback from people using it, though I gather it is a good piece of kit.

    I think that if you don't use the entries, you don't see any boxes and wouldn't be aware that you could enter more then 50. In the same way I initially did not know that it was in fact limited to 50. It probably doesn't take up more memory either, unless you actually use them, depends how Tomato does it. 50 was a rather arbitrary limit I thought, but quite a reasonable one. It seems to be working well, I just duplicated all my user entries on another router and stuck it into the second building. There are many people awake now in that one, and it's pegged out to max, problems.

    Victek, the second router did not have a problem saving at the 50 stage, it must have been coincidence, or something I did.

    Getting the themes out of the way is a great move.

    Toast
     
  18. jsmiddleton4

    jsmiddleton4 Network Guru Member

    toast...

    Did you sleep?

    As near as I can tell you have a clump of routers that are essentially the same, or close to the same, on the inside. Some have more memory, maybe usb port, etc., but for all intentional purposes they are the same.

    The Asus would not really be all that different than the Linksys, Buffalo, etc. And again I understand they are not exactly the same. But clearly cousins.

    When you go to the Dlink, don't have one, don't particular like dlink much anymore, although this particular router is getting good press and end user reviews, inside its a different beast. A horse of a different color. So if you are thinking the Asus will change fundamentally what you are dealing with in terms of application/logistics, I'm thinking probably not. I can of course be wrong and fully prepared to be so. However I am confident enough about it to say that if you are trying to setup a one router system and want to change the issues the hardware/software are forcing on you, going to an Asus is probably not going to change it that much. However going to this D-link just might. And it is surprisingly not very expensive.

    Not selling you on the D-link mind you. I'm more inclined to believe victek is going to get this thing done for you way more than you need to spend more money on routers. While your setting is not common, its not uncommon either. As you noted many in your area doing a similar thing with wrtgl's however not doing it well given what the issues they are running up against. Issues that just maybe fixed with victek's expertise. So its a good thing if victek can pull it off for more than just yourself.

    So my money is on the Spanish dude......

    Jim
     
  19. Victek

    Victek Network Guru Member

    I forgot to mention that all IP's/MAC's are stored in the nvram area, so what you see in terms of memory increase is uncertain cause the space is already booked in the nvram area, the nvram area have enough room to store more information. This is the reason why you can reboot your router and the list is still available. Just to clarify it.

    Here is my repport after 200 IP/MAC adresses entered into Access restriction menu in the nvram.

    657 entries, 10762 bytes used, 22006 bytes free.
    /tmp/home/root # :)
     
  20. jsmiddleton4

    jsmiddleton4 Network Guru Member

    "?? .. the number of lines increase when you enter the IP/MAC"

    Ok. That works for me.
     
  21. jsmiddleton4

    jsmiddleton4 Network Guru Member

    :Tomato RAF 1.19.9000...."

    Meant to ask you victek if you enjoy teasing us like this.....

    :)
     
  22. Victek

    Victek Network Guru Member

    :biggrin: No, but for sure I would not live again the experience I had before (8815) patching bugs in a marathon session to solve my mistakes. You deserve a silk and gold release. BTW... I saw a new release in roadkill's signature but I can't find ..:rolleyes:

    Have a nice day!
     
  23. Toastman

    Toastman Super Moderator Staff Member Member

    G'day guys...

    Both routers still up and running, am about to put all users onto just the one now. I'll be back shortly ... unless I get problems doing it.

    Toast
     
  24. jsmiddleton4

    jsmiddleton4 Network Guru Member

    "to solve my mistakes."

    Victek, you are much too hard on yourself.....
     
  25. Victek

    Victek Network Guru Member

    Hehe, no, I learn of each BUG and I have no problem to recognize, a BUG is one mistake in a techie spelling. You can tag/label it in many confused forms..but it's a mistake. This is the advantage of non native English speaker, I think basic, I write clean :biggrin:

    PD. Toastman is lost between MAC's list or banned by his own restriction list :smile:
     
  26. Toastman

    Toastman Super Moderator Staff Member Member

    Haha - I'm back. Got sidetracked, something I had to attend to. Anyway, everyone is now on the one WRT54GL router.

    Toast
     
  27. jsmiddleton4

    jsmiddleton4 Network Guru Member

  28. Toastman

    Toastman Super Moderator Staff Member Member

    Victek, I was playing with IP/MAC QOS Limit (haven't figured it out yet) and after saving an experimental entry for myself, it all got cleared, my entries not visible on the page now, no sign of anyhting happening. But CPU load showing in OVERVIEW as 2.05/1.76/1.45. It isn't going back down... "top" shows 98% sys instead of the usual 80% idle....

    Toast
     
  29. Victek

    Victek Network Guru Member

    hmmm, nvram out of bounds I think .. by the way, I forgot to ask you yesterday, did you clear nvram before starting the new MAC tables? .. I think the issue comes from this side.
    For sure the list is not lost, but to create all the script in the firewall rules the CPU has to work hard, and this can be the reason why screen goes blank.
    Nice to see the CPU at 2.05 load.. I never reached it :wink:. Look nvram show to check that MAC's are still in the nvram before doing erase nvram, then do backup config .. but I would prefer to start from scratch to avoid any corruption in the configuration again.... and.. avoid playing :rolleyes:
     
  30. Toastman

    Toastman Super Moderator Staff Member Member

    Understood. Macs still there OK.

    Yes, I did clear the NVRAM first b4 entering MACS, by the way.
    But I will re-enter them tomorrow just to be sure.

    Now I am going to bed. Really :)

    Toast
     
  31. biatche

    biatche Network Guru Member

    does it appear that the victek mod has more to offer than speedmod? does victek use newer versions of ip conntrack and such modules just like speedmod? is there a command to find out the modules version?
     
  32. Toastman

    Toastman Super Moderator Staff Member Member

    Victek

    Firmware *appears* to be working normally, but just found these entries in the logs, happens on a reboot or a change/commit in parameters, such as adding a new user:

    <28>jun 19 17:25:49 dnsmasq[18091]: nameserver 203.144.207.49 refused to do a recursive query
    <27>jun 19 17:25:06 dnsmasq[18091]: failed to load names from /etc/hosts.dnsmasq: permission denied
    <28>jun 19 18:01:55 dnsmasq[19559]: no servers found in /etc/resolv.dnsmasq, will retry
    <30>jun 19 18:01:55 dnsmasq[19559]: read /etc/hosts - 0 addresses
    <11>jun 19 18:02:04 hotplug[19537]: unable to find nas

    After reboot, however, don't see them again until another change.

    Is any of this of interest?

    Toast
     
  33. jnappert

    jnappert LI Guru Member

    I noticed the same...
     
  34. Victek

    Victek Network Guru Member

    Hi Toastman, happy to see firmware works.. about this IP... I tracked and goes to Thailand .. jnappert, did you got the same IP? This is my reboot log with the same release as you....

    Jan 1 01:00:45 WRT54GL user.info redial[79]: WAN down. Reconnecting...
    Jan 1 01:00:45 WRT54GL daemon.info dnsmasq[101]: exiting on receipt of SIGTERM
    Jan 1 01:00:45 WRT54GL daemon.info dnsmasq[114]: started, version 2.41 cachesize 150
    Jan 1 01:00:45 WRT54GL daemon.info dnsmasq[114]: compile time options: no-IPv6 GNU-getopt no-RTC no-ISC-leasefile no-DBus no-I18N no-TFTP
    Jan 1 01:00:45 WRT54GL daemon.info dnsmasq[114]: DHCP, IP range 10.10.2.2 -- 10.10.2.150, lease time 1d
    Jan 1 01:00:45 WRT54GL daemon.warn dnsmasq[114]: no servers found in /etc/resolv.dnsmasq, will retry
    Jan 1 01:00:45 WRT54GL daemon.info dnsmasq[114]: read /etc/hosts - 0 addresses
    Jan 1 01:00:45 WRT54GL daemon.info dnsmasq[114]: read /etc/hosts.dnsmasq - 10 addresses
    Jan 1 01:00:51 WRT54GL daemon.info pppoe[117]: Starting
     
  35. Toastman

    Toastman Super Moderator Staff Member Member

    Vic, several people have said they can't get onto the network, however when I go to help I usually find that I can get on with no trouble. Experience says, however, that often they ARE right, and there IS a problem of some sort. Exactly what I do not know yet, but those logs may hold a clue (not for me, though)....

    The ISP's dns server here often "refuses to do a recursive lookup"

    At the moment there are only 17 people online, normally there would be more - again, this doesn't prove anything though.

    Here's a few more (ignore the date!)

    <26>jan 1 07:00:08 dnsmasq[92]: failed to start up
    <30>jan 1 07:00:08 dnsmasq[103]: read /etc/hosts.dnsmasq - 73 addresses
    <30>jan 1 07:00:08 dnsmasq[103]: read /etc/hosts - 0 addresses
    <26>jan 1 07:00:08 dnsmasq[92]: failed to bind dhcp server socket: address already in use
    <30>jan 1 07:00:07 dnsmasq[103]: reading /etc/resolv.dnsmasq

    Toast
     
  36. jnappert

    jnappert LI Guru Member

    I rebooted the router to get the log errors again. But this time i only got the "permission" and the "unable to find nas" errors.
     
  37. jsmiddleton4

    jsmiddleton4 Network Guru Member

    Are you running some kind of other script, ad blocking script, something like that? I found that the log entries for some of the "difficult to understand" dnsmasq entries don't clear until you power down. There are some telenet command line commands to stop, clear, restart the dnsmasq service but dont' know what they are other than they exist. When I brought up some problems I was seeing with a script, problems that were not problems but by design in terms of the dnsmasq log entries, that's when it was pointed out to me that the error logs were simply showing that the dnsmasq services were already running. Which is what some of the entries in your log looks like to me, the same as mine did that the dnsmasq is still running and you are seeing the comments that it is when asked to restart.
     
  38. Toastman

    Toastman Super Moderator Staff Member Member

    I often get errors like this even with Jon's 1.19, but tonight seem to be happening more often. The ones that look pertinent to my situation, which is some of my users saying they can't connect - are these:

    <26>jan 1 07:00:08 dnsmasq[92]: failed to bind dhcp server socket: address already in use
    <26>jan 1 07:00:08 dnsmasq[92]: failed to start up
    <27>jun 19 17:25:06 dnsmasq[18091]: failed to load names from /etc/hosts.dnsmasq: permission denied

    Don't usually see these. 26 users now online out of 73

    Toast
     
  39. Toastman

    Toastman Super Moderator Staff Member Member

    js - yep. Could be that. At the moment I am just thinking aloud, as it were. I'm suspicious, usually would have more users online, the reception desk has had several people ring down, but actually everything appears normal. Oh well.

    Toast
     
  40. Toastman

    Toastman Super Moderator Staff Member Member

    Just noticed Biatche -

    Victek's compile has speedmods plus some other features such as QOS by IP/MAC which allows you to control/shape QOS per user.

    Toast
     
  41. jsmiddleton4

    jsmiddleton4 Network Guru Member

    Toast....

    I'm pretty sure that just means your dnsmasq/dhcp stuff is just running, and you are asking it to start again.

    Could be victek's mods but when I had those errors it was the dns adblocking stuff, and again it was normal-not a bug, in the script I was running. It was an indication that the script was in fact working as designed and was designed well with some forethought, not buggy.
     
  42. jsmiddleton4

    jsmiddleton4 Network Guru Member

    "the reception desk has had several people ring down, but actually everything appears normal. Oh well."

    Did it get working? I wonder if with the changes if those folks just need to repair/refresh their connection? With the victek's ARP/QOS stuff things aren't so loose, but are tightened up a bit. So IF for some reason folks were connected before, you put the mod in place, etc., and they haven't refreshed, they maybe "connected" but data is not passing through to them as the router is saying, "That IP/MAC has not been given a green light..." when it has been but the client's information is wrong. By repairing/refreshing those clients will get the information from the router that allows them to connect and data to pass through. If a repair/refresh worked and IF I have a clue (which is always up for grabs) than repair/refresh working would be an indication that victek's mod is working as designed. As a piece of information knowing the repair/refresh works would be good to know if only for trouble shooting.

    So I'm wondering IF this is fixed for these clients how did they fix it?
     
  43. Toastman

    Toastman Super Moderator Staff Member Member

    Probably you're right. Give u an example now from Wallwatcher. People have already been assigned a lease and an address (static). But there some of those machines still requesting one, so why? They had an ack - but their PC's do not seem to accept the address. One of them been going on like this for 35 minutes now. Another just began. So I have a *feeling* something is not quite right but I don't know what it is. There are now 37 people on the router - but do they *really* have access or not? I don't see much network access from them. But - they may have their machines on, but may not be using them for anything.

    Or there may be a problem.

    That is the difficulty here. How to be sure? Firstly, I do not speak the language well. Secondly, the users are non-technical. Thirdly, Thais do not have any understanding of anything much, they tend to have no patience and just keep hitting buttons. One PC I looked at yesterday had no less that 23 network connectioons defined, via blutooth, several different dialup modems which never were in that PC (a laptop), several other office network setups (they never worked in an office!) - a dozen or so connections for the wireless, etc. IE would not connect and gave a list of devices to choose from most of them dialup. When I deleted all of them, only then was it able to find the wireless interface. The people who owned the PC said they owned it from new, and denied ever doing anything to it. That's why I rely on intuition more :)

    Aha - router just rebooted: A clue at last:

    <11>jun 19 21:50:30 kernel: out of memory: killed process 2598 (dnsmasq).
    <11>jun 19 21:50:39 kernel: out of memory: killed process 1122 (dnsmasq).

    Just a second ago there was 4,000 KB or so left. Where did it go suddenly? It wasn't P2P...

    Toast
     
  44. biatche

    biatche Network Guru Member

    Does this mod use newer kernel modules like speedmod? as in ip_conntrack v2.4.36 i think
     
  45. Victek

    Victek Network Guru Member

    Read first page of the post..
     
  46. Victek

    Victek Network Guru Member

    Toastman, I think we need to go step by step in the amaizing piece of hardw-firmw you have now :)

    _ I don't know the capacity of the DHCP server of Tomato... and for me was strange when I saw the sort limited to 50 IP's .. so let's go smoothly checking some points. Might be we need to use another DHCP server.. or create another vlan .. let's analyze.

    _ Don't use the DHCP/DNS because both services are closer (one acts as udhcp, the other runs as dhcpd ...) please don't asign alternative DNS.

    _ Configure the router to DHCP first, let's see how is growing the clients, the donation of IP's, the renewal of IP's, Kill of IP's. Don't use the IP/QOS limiter yet. Restrict the renewal time for LAN/DHCP to one hour instead of 24 hour as it's by default.

    _ After logical time record the ssytem log to see how the router reacts and also keep track of the CPU load.

    I think we have to go step by step to know an undiscovered scenario for the router, from 5-6 client at home to 70 clients .. it's another dimension and a good test for all of us... and a nice pleasure for me. :biggrin:
     
  47. jsmiddleton4

    jsmiddleton4 Network Guru Member

    "denied ever doing anything to it."

    Don't you just love that.....
     
  48. jsmiddleton4

    jsmiddleton4 Network Guru Member

    "so I guess DHCP gives out that many addresses."

    Yes but when you are doing the arp/qos thing its a little "different". I am not the technical person to explain it as I did my best with saying its a little "tighter" which is why a refresh/repair might be in order for some folks.

    "Confirm what you mean by not using alternative DNS ? I have 2 from the ISP, is that what you mean?"

    No, that's not it. Putting an alternative DNS that is like an OpenDNS, or some else's DNS server in manually instead of what the ISP gives you.

    This is one of those things that may help, may help sometimes, not others, etc. For my Cox Cable ISP sometimes it bogs down and putting in a dns from OpenDNS helps. Also helps when Cox is doing some re-direction, etc., stuff and I don't to see ads, surveys, etc.

    There is a thread on optimizing DNS Cache I would look at instead of duplicating information here. Its quite good and self explanatory.

    Here:
    http://www.linksysinfo.org/forums/showthread.php?t=54916&highlight=dns+cache

    Had to laugh as here is mine on having some of the same errors you were having:
    http://www.linksysinfo.org/forums/showthread.php?t=58167&highlight=dns+cache
     
  49. Toastman

    Toastman Super Moderator Staff Member Member

    I have another network set up with this version of Tomato, with just me and three others on it. I want to play with the new goodies before I try to use them in earnest. I need some guidance with the MAC/IP QOS section, ARP bindings. Not being sure what they are supposed to do, I cannot tell what is happening. Did you say you had a Spanish guide, Vic? I may be able to understand most of it.

    Toast
     
  50. biatche

    biatche Network Guru Member

    I take that as a no, as its only optimized :)
     
  51. Toastman

    Toastman Super Moderator Staff Member Member

    js - Looked at your links :) See you've been there and got the T shirt :)

    I was using a backup free DNS but have removed it as per Vic's request.

    To recap, Vic,

    I now have only the 2 DNS servers assigned by my ISP (True Internet - which used to be called Orange). Router passes them to users by the Internal Caching DNS forward service.

    My main router is running DHCP but giving out only one "free" address, which I then block. Anyone else gets assigned a static IP address in the block of 100, at this stage I also assign them an ID (which happens to be their room number) via the static DHCP page, so I can track them. After that, users are allowed/denied access by using the Access Restriction page where there is a MAC list. Anyone not on the list is denied all web access.
     
  52. Toastman

    Toastman Super Moderator Staff Member Member

    BTW, there has always been an odd quirk with these routers, just for interest's sake. Probably a legacy from Linksys' software. It does slow down assignment of an IP in the event of someone getting cut off from the network and then trying to sign back on. Here's an example:

    <30>jun 19 22:26:25 dnsmasq[787]: dhcpdiscover(br0) 00:1c:10:65:fd:30 no address available
    <28>jun 19 22:26:25 dnsmasq[787]: not using configured address 192.168.1.115 because it is leased to 00:1c:10:65:fd:30

    (He already had this address but is not reallocated it when he tries to get back on).

    Sometimes this leaves a user in limbo for a long time, an hour or more.
     
  53. Victek

    Victek Network Guru Member

    jsmiddleton4, Thanks, is what I tryed to say to Toastman. :biggrin:

    Toastman, reduce the DHCP lease time for the LAN to 60 minutes, it will help us to have more fluent renewal and avoid conflicts in DHCP LAN.

    BTW nice example what you show in the previous post .. I have to start working in the dhcp service using BusyBox...

    Thanks :)
     
  54. jsmiddleton4

    jsmiddleton4 Network Guru Member

    toast,

    What I've learned about Tomato, and even more so now with victek's mod, is there is more than one way to achieved a desired end. Just as an example you can use WDS, WET-WEB, etc., all to accomplish the same end result of shared hardware and Internet access.

    In your situation it looks to me like you can accomplish the end result with any number of possible combinations of using this feature, that feature, etc. The problem is going to come when you start mixing parts of method A with parts method B and parts of method C. All of the different methods will work, all look appealing and quite kewl, but you will over complicate matters due to the mixing, not because the complication is necessary. The "how" you are doing it creates its own set of complications. If that makes any sense.

    Given what you've posted I'm wondering if you aren't getting into a situation of an over complication due to mixing this and that and part of your solution is to back-up, simplify every aspect of it, focus on a single method/feature set. So instead of how do I make this work with that, with this, etc., instead you start from the end result and work backwards. Get the "Here's what I want it to look like" established and clarified, then work backwards with just victek's mod in place and follow the steps to accomplish the end result with just victek's mod.

    Once that's working, then start looking at how you add some of the "other" things.

    Sometimes "issues" arise simply from and because of the setup, not because the "issues" are a necessary evil.
     
  55. Victek

    Victek Network Guru Member

    Yes, it's a visual guide... http://www.adslzone.net/postp1005112.html#1005112
     
  56. CBR900

    CBR900 LI Guru Member

  57. jsmiddleton4

    jsmiddleton4 Network Guru Member

    "BTW, there has always been an odd quirk with these routers"

    I have to get to work BUT this would be a good place to take how the ARP thing works and explain how using the ARP assignment feature will either make this symptom worse or better. I'm not sure which way it will go. Could make it worse. BUT explaining why or how it would reduce this symptom or increase the delay would go a long way in helping me and others understand how the ARP feature works or impacts our networks in a practical way.

    Jim

    Edit: So "The ARP feature will make this kind of delay shorter because of the way it............." or "The ARP feature will make this kind of delay longer because of the way it......" or "The ARP feature won't do anything for this symptom because it doesn't......"
     
  58. Toastman

    Toastman Super Moderator Staff Member Member

    Thanks for the link, Vic.

    I don't think the "individual" IP/MAC limits would help us much, except if we had a particularly problematical user. I might need rather to apply such a limit to *everybody* via a firewall script. - That might be a useful thing to put in the GUI, by the way, as I see many people in the past have asked about it. ( example script: iptables -I FORWARD -p tcp --syn -m iprange --src-range 192.168.1.150-192.168.1.200 -m connlimit --connlimit-above 200 -j DROP )

    The ARP bindings mod I may have a use for, I think. Perhaps you can give me an explanation so I can play with it on my other router? From my poor Spanish and Google's translation server, I see it gives some form of security and access restriction, but not sure how it works.

    Toast
     
  59. Victek

    Victek Network Guru Member

    I'm finishing the manual in both languages, will be available in few hour. ARP Binding function will be explained too.
     
  60. jsmiddleton4

    jsmiddleton4 Network Guru Member

    So how is the battle?

    I scored a WRT-54G V2 from days gone by BUT it is one of those with 32 megs of ram that was locked to 16. I double checked the memory chips several times before doing the hack. Sure enough, 32 megs. Cruising at 216mhz and 32 megs of ram.

    So Toastman, IF you think this whole thing is just memory related and you are running up against a memory issue, I'll be glad to contribute to your project, you get to pay shipping of course, and get this 32 meg 54G to you. I'm using it now and if I send it to you I will have to go back to tin cans and a string in order to communication but hey, I'm a team player.

    Actually as most of us this is an extra router that was too cheap to pass on. 16 U.S. dollars.

    If you do not think its a memory issue, I'll hold on to it.
     
  61. Victek

    Victek Network Guru Member

    jsmiddleton4,

    It's not a memory issue .. I exchange some details by private message with Toast and I think we are in the right way.. step by step .. :), only CPU is now at 233Mhz..
     
  62. jsmiddleton4

    jsmiddleton4 Network Guru Member

    Then I'll put my tin cans and string away. Did not want to go back to analog!

    Jim
     
  63. Toastman

    Toastman Super Moderator Staff Member Member

    G'day...

    I did what Vic suggested, I cleared NVRAM and then re-entered all parameters by hand instead of reloading my backup file. Took a long time to check, had a few people moaning cos of the downtime, and also a few weird people came with PC problems so horrific I won't bore you with the details. I've been busy re-installing their OS's for them. Ah ... I need a drink :)

    Anyway, seems to be stable now. Nothing odd happening so far. Lease is 60 minutes, there are 27 users in the table at present. Uptime 3 hours, CPU load presently 0.07/0.09/0.04, free memory 4004. Conntrack typically 500 to 1000 connections. Nothing too scary, there are no major P2P users this evening. I will start a session myself later.

    "top" shows

    CPU 87% idle, 13% sys.
    Mem 12420Kused 2108K free OK shrd 564K buff 2048K cached

    Toast
     
  64. jsmiddleton4

    jsmiddleton4 Network Guru Member

    By jove, I think you've got it....
     
  65. Toastman

    Toastman Super Moderator Staff Member Member

    js

    I would like to say thanks, for your generous offer. At present seems to be unnecessary, but thanks again for the offer. I was thinking more memory might be useful in the event of zillions of P2P connections, so I've been looking to see how it might be added - there are several articles in these forums. I have the necessary abilities, but I don't have the tools here to work on SMT - not even a decent soldering iron. But interesting reading...

    If you find any more 16 dollar routers, remember me ....
     
  66. Toastman

    Toastman Super Moderator Staff Member Member

    Mmmm more instability issues. After PM with Vic, let's do this properly. Vic, let's try to reproduce a known setup which you are familiar with.

    I have reflashed a router after clearing NVRAM, and then erased NVRAM afterwards to be safe. I have left everything as default except for:

    ADSL ppoe setup, which takes 2 dns servers from the ISP as stated.

    WEP is active.

    DNS is serving 192.168.1.100 to 199 - I have left all access open, there are a few freeloaders on there, but for the purpose of this test, so be it. Lease is 60 minutes as per your request, Vic.

    I have enabled the default QOS rules, but added nothing. This line is nominally 2Mb/S up 500k down. In practice, 2200 / 400k. I enter 1900 and 350 in QOS max.

    CPU Load 0.26. 0.13. 0.14 8312Mb free memory just after startup. There are 19 people online.

    I will PM you Vic, with local IP so you can look at the setup if you wish.

    Thanks!

    Toast
     
  67. jsmiddleton4

    jsmiddleton4 Network Guru Member

    Bummer toast....

    Offer will stand IF you need it. Don't want to just send it off cause its kind of fun to play with here with the 32 megs of ram. Still figuring out what to do with it all. But I don't really need such a thing, 16 megs is fine and after getting a new WRT54GL and seeing how well it performs, etc., I'm not going to bother with used 54g's or 54gs' again. I found 54gl's on sale for less than you can buy the used ones on eBay. They perform better, at least mine did, than the older units. I'm sure radios, etc., have been updated. So from now on its 54gl's for me IF I need new router. Don't. Have 2 Buffalos HP 54g's and 1 linksys 54g (32 meg one) and the 54gl.

    So IF you need to throw a 32 meg 54g at your project, I can easily cough this one up. Not sure what shipping would be but probably not too much and if you just need the router, not the weight of the power block thing, antennas, etc., the weight can probably get pretty low so not all that costly to ship.

    Jim

    By the way I'm still of the opinion that your situation is really an at least 2 router setup and while I have not pursued the details I did see that with WEP 128 security, which I'm still not sure about, you can have wds and 2 seperate SSID's. Which would give you the SSID for "that area", and an SSID for "this area" and maybe be running and stable.
     
  68. Toastman

    Toastman Super Moderator Staff Member Member

    Hi Jim

    Tnx and will keep it in mind :)

    Well, we actually started off here with a single router in one building's north side, that was about 18 months ago, and later put a second one in the south side. Then a new building..... :)

    I just want one simple router. And I wouldn't say that is any more or less stable than two separate routers. I even have AP's rebooting, they are all loaded with basic tomato 1.19. They shouldn't reboot. There has to be a reason.

    But there's really no reason why it **shouldn't** work, as Vic says. He doesn't think it is a memory issue. It would be a shame if we can't find the cause of some of these reboots. A nice clean, quick reboot is not the end of the world either, as long as isn't too often. People probably wouldn't even notice it. However, general slowdown and IP renewal issues that last for twenty minutes to an hour, whatever, aren't acceptable. We have something happening here which isn't typical of these routers, but I don't know what it is. Probably, if Vic were actually here in this room, he'd see what the problem was quite quickly. Me - no...

    (*edit - But if this series of routers, instead of cleanly rebooting when it is low on memory, instead stops essential services like dnsmasq and then tries to struggle on for a couple of hours, then that really isn't acceptable. It **might** be acceptable on a Linux PC, but definitely not on a router.....)

    Because actually, when it runs right, it is working **Really Beautifully** :) And when it is running even with 30-35 users and all of their divers uses, the CPU load figures aren't generally very high at all. I have once has almost 70 users on at the same time, and it coped for several hours. If it can do that, then it should be able to do it for longer.

    As I said the other day, one guy actually came to see what we'd done, as it was so fast and smooth in operation, and he had never seen anything like it in other places. (The reason is that QOS is actually working, of course). He travels a lot and stays in many hotels and exhibition halls all over SE Asia. He said Singapore is the only place where they seem to have got things to work. I imagine this is because in Singapore they probably have more cash to buy enterprise-level routers.

    BTW, regarding WEP 128 or any other security method, the problem is we aren't a hotspot. Everyone here knows everyone else, one guy buys access, then gives the access code to all his friends. So it's really just a way to keep some people off the street away, is all.

    Toast
     
  69. jsmiddleton4

    jsmiddleton4 Network Guru Member

    I'm sure its something between yourself and victek that will be resolved. Valuable even if only due to what is being learned as a by product of trying to make it work. We'll all benefit from you and victek working together. That is one reason why I'd be glad to donate a router. The benefits derived from you folks experimenting will help us all.

    Have a good evening....

    Jim
     
  70. jsmiddleton4

    jsmiddleton4 Network Guru Member

    BTW, regarding WEP 128...

    I'm not sure that would change. Haven't looked at it yet and won't be for awhile, as in later today as have chores to do. It caught my eye that that wds works fine, you can have 2, or more I take it, ssids. The norm with wds of course is ssid's are all the same.
     
  71. Toastman

    Toastman Super Moderator Staff Member Member

    I actually give each AP a different SSID so that users can identify the access point they are using. Before that, it was quite difficult to trace any problems. But if you walk from one end of the building to the other, and pass three access points, the transfer is fast enough so that streaming video continues uninterrupted, regardless, as it is still all the same network.

    BTW, you probably gathered, I enjoy making things work...
     
  72. jsmiddleton4

    jsmiddleton4 Network Guru Member

    toast.....

    Figured I'd better use that 54G, bang on it, make sure it isn't having "issues". Its flakey. Will play a bit with it but I would not put it in any application that was critical. There maybe a reason it was 16 dollars....

    :)
     
  73. Victek

    Victek Network Guru Member

    Doing some deep changes in the firmware... (reboots with some wireless adapters are a known problem in some post with Tomato) ... let's build another scenario for the firmware.
     
  74. Victek

    Victek Network Guru Member

    IP/MAC Bandwidth Limiter manual ready, look at second part of the post. Press Here :biggrin:
     
  75. Toastman

    Toastman Super Moderator Staff Member Member

    Thanks Vic ! I will go read it all, and play with it a bit on my spare network! Router still up. O.15, 0.33, 0.34 average about 500-1200 connections open. 60 min lease, presently 20 people in table.

    Toast
     
  76. jsmiddleton4

    jsmiddleton4 Network Guru Member

    toast...

    WRT 54GL. You can run the script that turns the wan port into a lan and have a 5 port AP running Tomato.
     
  77. jsmiddleton4

    jsmiddleton4 Network Guru Member

    toast,

    That 54G 32 megs is history. LAN ports no longer working, lights don't come on.
     
  78. Toastman

    Toastman Super Moderator Staff Member Member

    Router rebooted 15:30 your time, Vic. At that time, there were a lot of P2P sessions, but the largest no. of connections I saw while passing, was 4200 or so. Top session died leaving telnet screen with:

    Mem 13436K used 1092K free Ok shrd, 142K buff, 4016 cached
    CPU 3% usr 44% sys 0% nice 51% idle 0% io 0% softirq
    Load Average 0.56 0.46 0.35


    Keith
     
  79. Toastman

    Toastman Super Moderator Staff Member Member

    What did you do to it Jim?

    Don't bin it, the memory chip might be useful :)

    toast
     
  80. Victek

    Victek Network Guru Member

    Do you have the log file saved? just to know more information.
     
  81. Toastman

    Toastman Super Moderator Staff Member Member

    No, I didn't have logging enabled, only logging to RAM as per default?? (As I didn't enable it). Vic, I think I might be able to reproduce this now, I will try. I just loaded several hundred P2P files and let emule rip. I got up to 4880 connections, memory 4,700K still left.

    Then I lost connections to router, puzzled. Then looked closely - the AP I am connected to had rebooted :-(
     
  82. jsmiddleton4

    jsmiddleton4 Network Guru Member

    Sorry toast, its toast..... :)

    Is your rebooting heat related?
     
  83. Toastman

    Toastman Super Moderator Staff Member Member

    I thought about that myself, but I don't think so, the chip temperature doesn't seem too bad. Last year I measured one chip at a local board assembly plant where I do business, their guys also said a fan was completely unnecessary as it ran well within limits. We hooked it (the router) up to their LAN and ran files through it for a couple hours.

    And - just to confound it, one AP that never gets much use on one floor, also reboots, actually, more often than all the others. I swapped it out, and the replacement in that position did the same, while the one I removed worked OK elsewhere. At that point, I installed the UPS, as I thought it must be power glitches (near the lift motors up there). But no difference. In the end I wondered whether some guy on that floor had a wireless client that upset the router, as has been proposed in the forums.

    But as for this router, I am looking to see if I have a small heatsink for it, actually. Can't find nuffink... not that I'm convinced it will do anything. (One guy locally has two fans, on each side of the router. It still reboots. It looks very silly, too).

    How about your machines - do you ever get this problem?
     
  84. Toastman

    Toastman Super Moderator Staff Member Member

    Hmm.

    I logged to remote Wallwatcher. Kept "top" telnet session open, ran P2P again. I got up to around 9300 connections when conntrack started to drop packets. Shortly afterwards, the router rebooted. Just before the reboot, there was still 3,300K free memory and load averages 1.34 1.26 0.94 CPU 34% sys 64% idle...... After the conntrack limit was reached, CPU useage jumped between 72 and 94% sys and the router staggered along for about 10 minutes before giving up the struggle.

    At the time, about 5800 of these connections were actually stuck in TCP "Time Wait" (setting - 120 seconds). If "drop Idle" connections box is ticked, everything reverts to normal and the cycle begins again. So, I'm wondering, if the router becomes unstable when the conntrack limit is full, could the "drop idle" function be automatically triggered instead of allowing the router to become unstable?

    It was ***extremely difficult*** to get the connection count this high. I did it by running three sessions of emule, each with several hundred files in the download list. And two more on another machine in the office. (emule edk2000, also running Kademlia). Normally, nobody would be this insane - would they?

    Attached file is log...

    Sorry it's all a bit amateurish, Vic. Anyway, let me know if this info is of any use.

    Toast
     

    Attached Files:

  85. Victek

    Victek Network Guru Member

    Sure, very useful... the router reboots after dropping too many connection in ip-conntrack.

    Once you read the IP/MAC limiter manual.. can you start using this feature in order to limit the hugue amount of connections?... Speedmod is not enough for the amount of connections the router is handling .. even.. I have my doubts than a Cisco 2500 would be able to survice to this load..
     
  86. Toastman

    Toastman Super Moderator Staff Member Member

    Yes, will do.

    Question - I have the normal application rules in Tomato QOS. Let's say one is to put WWW in HIGH category and give it 20% - 95% of upload bandwidth. I then use your IP/MAC limiter, do they work in conjunction with each other?

    Oh, re. the ARP binding. What does this actually do, Vic? Does it also need each MAC to be assigned a static IP?
     
  87. Victek

    Victek Network Guru Member

    Just use the device list and static DHCP for this, ARP binding is mainly to create a restriction list for unlisted machines in the IP/MAC limiter.
     
  88. Toastman

    Toastman Super Moderator Staff Member Member

    Working on it ...

    Tried to use ARP binding to restrict access for residents only. I like the idea of it for ARp security reasons. I'd like to understand a little more how it works, compared with using the Access Restriction page.

    "Access Restrictions" page works by comparing their MAC against the restriction list and then denying them access to the internet if they are not on the list, (by refusing to issue an IP). However, they can get around this by assigning themselves an IP in the subnet. Also , some functions such as the timed access options, don't work if the user already has a lease.

    Does ARP binding (static ARP?) make sure they can only get access by binding their MAC to an IP, in other words, if they assign *themselves* an IP, it would not work? If so, it would be MUCH better. but it also has a 50 entry limit at present, so I can't use it.

    36 users online :see capture

    You can see 1.18 near the top - this is an unauthorised user who issued himself that !P....

    Toast
     

    Attached Files:

  89. conrruption

    conrruption Addicted to LI Member

    ==
    Hi, just a quick question. I flashed with tomato 1.19 and changed the SSID.
    When I try to log into my router shouldn't the SSID be the User Name?
    It is still admin. Just wondering how to change it so I can put my Iphone on the wireless network.
    Thanks,
    Con
     
  90. conrruption

    conrruption Addicted to LI Member

    BTW, it broadcasts the SSID I entered.
     
  91. SgtPepperKSU

    SgtPepperKSU Network Guru Member

    Nope. The user name is completely separate from the SSID and is always admin or root.
    Logging on to the router's web GUI is not necessary for your iPhone (or any other client) to connect to the wireless network. It is only used for administration and is accessed via a web browser. The only thing your iPhone should need to know is the SSID and any encryption password/key you have setup (WEP/WPA(2)...).

    If you want to administer the router from the iPhone, you just need to connect to the wireless network first and open a web browser to the ip address of the router. That is where you would need to enter username admin and a password.

    Does that make sense?
     
  92. Toastman

    Toastman Super Moderator Staff Member Member

    Vic

    All still OK with main router and the spare network router, no reboots yet, uptime 30 hours. FYI one AP rebooted just, it may be useful to know that only 2 people were using it at the time, both using USB adapters with Ralink RT73 chipset. 1 D-Link and the other Edimax. May be nothing to do with the reboots, but it didn't reboot from lack of memory or too much throughput, just a couple of Web pages being accessed.

    Toast
     
  93. Toastman

    Toastman Super Moderator Staff Member Member

    Reference my earlier post:

    "BTW, there has always been an odd quirk with these routers, just for interest's sake. Probably a legacy from Linksys' software. It does slow down assignment of an IP in the event of someone getting cut off from the network and then trying to sign back on. Here's an example:

    <30>jun 19 22:26:25 dnsmasq[787]: dhcpdiscover(br0) 00:1c:10:65:fd:30 no address available
    <28>jun 19 22:26:25 dnsmasq[787]: not using configured address 192.168.1.115 because it is leased to 00:1c:10:65:fd:30

    (He already had this address but is not reallocated it when he tries to get back on).

    Sometimes this leaves a user in limbo for a long time, an hour or more."


    Reading some info on dnsmasq, perhaps this is a good use for an option to be set "dhcp-authoritative".

    Toast
     
  94. biatche

    biatche Network Guru Member

    although im not familiar at all with the development status, will there be a new version coming anytime soon for this mod? I plan to upgrade my speedmod to this, but if there's something coming soon (considering the reported "problems" in logs over the last few pages).. ill wait till its out else ill just upgrade (little lazy to upgrade twice)
     
  95. Toastman

    Toastman Super Moderator Staff Member Member

    Biatche

    Don't let these experiments put you off. Running this router with 73 unpredictable users and >9000 connections is intentionally testing to the limit. There will undoubtedly be new releases soon-ish, Tomato 3.20 surely isn't far off and then everybody else will probably re-issue their own modded versions based on it.
     
  96. GhaladReam

    GhaladReam Network Guru Member

    Tomato 3.20? Wow, I must have missed the last 5 years!

    LoL, I'm just buggin' ya :D
     
  97. Toastman

    Toastman Super Moderator Staff Member Member

  98. Devileyezz

    Devileyezz LI Guru Member

    Amazing mod, Victek.
    Unfortunately, I'm getting script errors when I try to put options in DHCP/DNSmasq settings upon clicking save.

    I've reverted back to vanilla Tomato for now since DNSmasq's options are important for me.
     
  99. Victek

    Victek Network Guru Member

    Use the last mod, these issues was solved in the last mod, read the first post and you can find the right link.

    Updated. Last version 1.19.8850
    Date. June 9,2008
     
  100. Toastman

    Toastman Super Moderator Staff Member Member

    Victek

    Router now up for 90 hours, averaged about 35-40 users. Max number seen connected, 66 users. P2P limited as requested - max connections seen <2000. It is apparently stable so far.

    Toast
     

    Attached Files:

Thread Status:
Not open for further replies.

Share This Page