1. This site uses cookies. By continuing to use this site, you are agreeing to our use of cookies. Learn More.

Tomato ND USB Mod

Discussion in 'Tomato Firmware' started by teddy_bear, Dec 17, 2008.

  1. kosiko

    kosiko Addicted to LI Member

    Hi guys,

    Seem my V24 is not stable when I connected by SSH recently. Sometimes I run cmd on SSH but no return, sometimes I run ls it return with black/white output only, however sometimes are return with color put (dir. etc has different color than regular file). Do you guys know why?

    So I want to reset my NVRAM and re-import all setting I known back. What's the best way to backup the configurations on TOMATO?

    Seems I can export the NVRAM and filter all the values I know MANUALLY and write them back later, I just wondering is there a better way to do this?
     
  2. Kibe

    Kibe LI Guru Member

    Sorry about the noob question here, but i download this version: tomato-1.25-ND-USB-v28-Std.rar and the only file inside was tomato-ND-USB-8628-Std.trx.

    Is it safe to update my WRTSL54GS with this file? Usually Tomato builds that I've used com in a .bin format.

    Thanks a lot for your great work implementing USB support to Tomato!
     
  3. fyellin

    fyellin LI Guru Member

    The original Linksys firmware enforces that the name end with ".bin" and that the header have a specific format. Tomato does not enforce this rule.

    As long as your router can support the ND drivers, you'll have no problem installing the .trx file. And the standard way to tell if your device supports the ND drivers is to ensure that the value of the nvram variable wl0_corerev is greater than or equal to seven.
     
  4. Kibe

    Kibe LI Guru Member

    Thanks a lot for the info fyellin!

    I have currently the stock Tomato 1.23 running flawless on my WRTSL54GS, so I should be able to upgrade it then.

    What does ND really means and whats the easy way to check if the nvram variable wl0_corerev is greater than or equal to 7?
     
  5. fyellin

    fyellin LI Guru Member

    I think it stands for "New Driver".

    Telnet or ssh to your box, and type "nvram get wl0_corerev" (without the quotes) to find out the value of this variable. If you can't telnet or ssh, then use the Web interface and go to Administration > Debugging > Download NVRAM dump and look for this variable.
     
  6. Kibe

    Kibe LI Guru Member

    Thanks again fyellin!

    My version is 9 so I´m good to flash this one.
     
  7. Cyrix

    Cyrix Addicted to LI Member

    Hi all, does anybody knows is it possible to create a new user in tomato? adduser is working but passwd is not. Thanks in advance.
     
  8. ray123

    ray123 LI Guru Member

    Not really. Not easily. The ones there are hardcoded. The new users wouldn't be preserved across a reboot, either.

    You could probably do it in a startup script, by appending the appropriate lines in /etc/passwd & /etc/shadow & /etc/group & /etc/gshadow, and mkdir'ing the user directories. Those files are created early in the system startup.
     
  9. Cyrix

    Cyrix Addicted to LI Member

  10. Cyrix

    Cyrix Addicted to LI Member

    Thanks for the reply. The adduser command put the appropriate lines in /etc/passwd and /etc/group and create the home directory also, the only problem is: how to crypt the password and put to the /etc/shadow file.
     
  11. ray123

    ray123 LI Guru Member

    Hmmmm. Adduser isn't in my router. Maybe it's on one of the other (extended) builds?

    Have you given any thought as to how to preserve that stuff across a reboot? I guess you could put the user directory in /jffs or on a USB drive, or even on /cifs. But the passwd & group files are created from scratch when the router starts up, so you'll have to do the commands to add user(s) every time it boots up.

    To create the crypt password, see this: http://www.linux.org/docs/ldp/howto/Shadow-Password-HOWTO-2.html#ss2.2

    Question: why do you want to add more users? Afer all, this is only a router. Couldn't you just use root login?
     
  12. nvtweak

    nvtweak LI Guru Member

    isn't there options already in teddy_bear's mod to add another user?
     
  13. mrap

    mrap Addicted to LI Member

    I'm running 1.23 of his mod and I don't see it in the GUI (not saying it isn't there, just that I haven't seen it).
     
  14. teddy_bear

    teddy_bear Network Guru Member

    No, there is no such option...
    The only additional user is created behind the scene if you require "Authenticated access" for Samba. The adduser utility Cyrix is using probably comes from some of the Optware packages he installed...
     
  15. nvtweak

    nvtweak LI Guru Member

    OK, sorry. I guess I misunderstood.

    I thought it was about creating additional FTP users.
     
  16. teddy_bear

    teddy_bear Network Guru Member

    Yes, it's about creating additional FTP users. However, they are not the same as Linux users - Linux doesn't know anything about them, only FTP server does...
     
  17. nvtweak

    nvtweak LI Guru Member

    and the purpose of creating an additional Linux user on a router is?
     
  18. andy

    andy Addicted to LI Member

    Owner of files and directories problem

    After installing the tomato-1.23-ND-USB-v25-Ext (also tomato-1.25-ND-USB-v28-Ext), I found the following problem :

    -------------------------------------------
    unknown login: root
    Password:


    Tomato v1.25.8628 ND USB Ext


    BusyBox v1.14.1 (2009-05-28 00:48:42 EDT) built-in shell (ash)
    Enter 'help' for a list of built-in commands.

    root@unknown:/tmp/home/root# cd /
    root@unknown:/# ls -l
    drwxr-xr-x 2 1000 1000 452 May 27 2009 bin
    drwxr-xr-x 2 1000 1000 3 May 27 2009 cifs1
    drwxr-xr-x 2 1000 1000 3 May 27 2009 cifs2
    drwxr-xr-x 1 root root 0 Dec 31 16:00 dev
    lrwxrwxrwx 1 1000 1000 7 May 27 2009 etc -> tmp/etc
    lrwxrwxrwx 1 1000 1000 8 May 27 2009 home -> tmp/home
    drwxr-xr-x 2 1000 1000 3 May 27 2009 jffs
    drwxr-xr-x 3 1000 1000 137 May 27 2009 lib
    drwxr-xr-x 2 1000 1000 3 May 27 2009 mmc
    lrwxrwxrwx 1 1000 1000 7 May 27 2009 mnt -> tmp/mnt
    drwxr-xr-x 2 1000 1000 3 May 27 2009 opt
    dr-xr-xr-x 28 root root 0 Dec 31 1999 proc
    drwxr-xr-x 3 1000 1000 20 May 26 2009 rom
    lrwxrwxrwx 1 1000 1000 13 May 27 2009 root -> tmp/home/root
    drwxr-xr-x 2 1000 1000 598 May 27 2009 sbin
    drwxrwxrwx 1 root root 0 Dec 31 1999 tmp
    drwxr-xr-x 7 1000 1000 79 May 27 2009 usr
    lrwxrwxrwx 1 1000 1000 7 May 27 2009 var -> tmp/var
    drwxr-xr-x 2 1000 1000 1781 May 27 2009 www
    root@unknown:/# insmod ipt_recent
    insmod: can't insert 'ipt_recent': Operation not permitted
    root@unknown:/#
    -------------------------------------------
    The owner of the directories/files are 1000 instead of root. With v25, I can still insmod ipt_recent, but failed with v28.
    I tried the official tomato firmware, these directories/files are all owned by root.

    My routers (both upgraded to 64MB ram):
    WL-500gpV2 and WL-520gU
     
  19. teddy_bear

    teddy_bear Network Guru Member

    Hmm... You're right - the owner is 1000. That might explain some other weird issues with that build. I'm puzzled what could be causing this though...
     
  20. andy

    andy Addicted to LI Member

    Thanks.
    Even v25 is also 1000, I didn't found any problem, and didn't notice the 1000 ownership until v28 insmod ipt_recent fail.

    I have openvpn, amuled, perl-wakeonlan, samba .... running on v25 for almost 1 moth without any issue.
     
  21. teddy_bear

    teddy_bear Network Guru Member

    andy,
    You can use modprobe instead of insmod, and it will work.

    I know why the builds I compile have 1000 as an owner - I'm logged in as the user with userid=1000 when I'm compiling them. That doesn't explain however why insmod returns "Operation not permitted" error... There was no such problems in previous builds even though the owner was the same. Maybe it has something to do with updated busybox?
     
  22. andy

    andy Addicted to LI Member

    teddy,

    Yes, modprobe works for ipt_recent.

    With owner=1000, I am not sure if root will fail to start some services due to the permission ? There are some files with permission 500 in /bin, /sbin.
     
  23. Cyrix

    Cyrix Addicted to LI Member

    I just thought it will be more secure if I don't use root always.
     
  24. Low-WRT

    Low-WRT LI Guru Member

    Routers aren't really like Ubuntu (or other linux distros) where you add users and set up permissions for security. Honestly, the only time you need to log into a router is when you want to change something. In which case, you WILL need full (root) access, so you can save your changes.
    If you're worried about security, use a good password.
     
  25. teddy_bear

    teddy_bear Network Guru Member

    Should not be a problem - that's how I was compiling this mod from the build 1... However, I now changed my build script to compile as root - mostly for cosmetic reasons.

    As for insmod, it's indeed the Busybox issue. The new Busybox no longer searches the /lib/modules directory from the insmod command - it requires the full path to be specified. Easy to fix - I'll patch it for the next build.
     
  26. occamsrazor

    occamsrazor Network Guru Member

    Hi, If you can find time, just wondering if you might be able to update the ND+USB+VPN version of your mod, now that SgtPepper has updated his VPN+GUI to 1.25. Thanks....
     
  27. andy

    andy Addicted to LI Member

    teddy,

    Thanks. I am now using 1.23 (v25 build) in my WL-500gpV2 and 1.25 (v28 build) in my WL-520gu, I have not found other problem so far.
     
  28. ray123

    ray123 LI Guru Member

    A new busybox version? I recall making some changes in Busybox to support the mount-by-label capability. You did remember to pull that change into the new version, right?
     
  29. teddy_bear

    teddy_bear Network Guru Member

    Yep, had some minor troubles with it :wink:. Of course, Busybox authors completely changed the volume_id struct which I didn't notice first. And since your code had its own version of it, it stopped working...

    I even considered to go back to the older hack of using popen() on the mount command to stay [relatively] independent of future BB changes - but it's too slow compare to using BB code directly, so I kept it as is.
     
  30. teddy_bear

    teddy_bear Network Guru Member

    Update - build 31.

    • Based on Tomato 1.25.
    • Updated MiniUPnPd to the latest version 20090605.
    • FTP Server vsftpd updated to ver. 2.1.2.
    • Layer-7 filter patterns updated to the latest 2009-05-28.
    • Busybox "insmod" bug fix.
    • Additional Busybox patches from mainstream, minor bug fixes and cosmetics.
    Links to the firmware binaries and the git repository with sources are in the 1st post. The complete source code of this build can also be downloaded as a git snapshot in tar format.

    USB+VPN merged build is available as well - it's based on the SgtPepperKSU' last released VPN mod version 3.3 and Standard version of USB mod. This build however is completely untested - use it at your own risk.
     
  31. ghostknife

    ghostknife Addicted to LI Member

    Thanks t_b, updated seems all is OK, USB is working again.

    USB/FTP speed seems to have increased, FTP update maybe?
    Previously as I've posted I never gone above ~1600 KB/s now it's up over 2100, so thats a good increase. I have changed nothing except assign WAN to LAN now thats available, no NVRAM reset.

    Thanks heaps
     
  32. george993

    george993 Addicted to LI Member

    teddy_bear,

    I'm having issues with the ftp passwords on the VPN version. It keeps rejecting the correct passwords for all. Only anon works. If I switch to the non-VPN version (Ext), everything works fine and the vsftpd.passwd file remain identical.

    Any suggestions?

    Thanks......
     
  33. teddy_bear

    teddy_bear Network Guru Member

    Try activating extra FTP logging (there's a check-box for that on the FTP Server configuration page in the GUI), and maybe add another line "debug_ssl=yes" to the "Vsftpd Custom Configuration" box. Maybe there will be anything in the log that will indicate what's wrong.
     
  34. george993

    george993 Addicted to LI Member

    I just added the debug_ssl=yes in the config but I did not get any additional info in the log. Here is all it had:

    Jun 6 11:49:46 XXXX ftp.warn vsftpd[503]: [xxxxxxx] FAIL LOGIN: Client "192.168.1.50"

    Anyone else using the VPN version with this problem? I even tried clearing all the nvram.

    Thanks again for you help (and mod....).

    George
     
  35. teddy_bear

    teddy_bear Network Guru Member

    George,
    Try the updated USB+VPN build (tomato-1.25-ND-USB-8631a-vpn3.3.rar) from the same download location. Hopefully I got rid of the only ftp-related difference between my normal builds and the VPN merge.
     
  36. george993

    george993 Addicted to LI Member

    That did the trick. It works. Thank you soooo much....

    George
     
  37. shibby20

    shibby20 Network Guru Member

    teddy_bear can you build tomato-1.25-ND-USB-8631a-vpn3.3.rar on extras version for asus wl500gp? is it possible?
     
  38. kastytis75

    kastytis75 Addicted to LI Member

    Hello again
    I am using 1.25 8631 on wl500gu, but can't get ftp connection from wan...it works only from lan... there is problem after /LIST

    Jun 8 13:45:49 unknown ftp.info vsftpd[1099]: [laikinas] OK LOGIN: Client "XX.XXX.XXX.XXX"
    Jun 8 13:45:49 unknown ftp.info vsftpd[1101]: [laikinas] FTP response: Client "XX.XXX.XXX.XXX", "230 Login successful."
    Jun 8 13:45:49 unknown ftp.info vsftpd[1101]: [laikinas] FTP command: Client "XX.XXX.XXX.XXX", "SYST"
    Jun 8 13:45:49 unknown ftp.info vsftpd[1101]: [laikinas] FTP response: Client "XX.XXX.XXX.XXX", "215 UNIX Type: L8"
    Jun 8 13:45:49 unknown ftp.info vsftpd[1101]: [laikinas] FTP command: Client "XX.XXX.XXX.XXX", "FEAT"
    Jun 8 13:45:49 unknown ftp.info vsftpd[1101]: [laikinas] FTP response: Client "XX.XXX.XXX.XXX", "211-Features:"
    Jun 8 13:45:49 unknown ftp.info vsftpd[1101]: [laikinas] FTP response: Client "XX.XXX.XXX.XXX", " EPRT^M "
    Jun 8 13:45:49 unknown ftp.info vsftpd[1101]: [laikinas] FTP response: Client "XX.XXX.XXX.XXX", " EPSV^M "
    Jun 8 13:45:49 unknown ftp.info vsftpd[1101]: [laikinas] FTP response: Client "XX.XXX.XXX.XXX", " MDTM^M "
    Jun 8 13:45:49 unknown ftp.info vsftpd[1101]: [laikinas] FTP response: Client "XX.XXX.XXX.XXX", " PASV^M "
    Jun 8 13:45:49 unknown ftp.info vsftpd[1101]: [laikinas] FTP response: Client "XX.XXX.XXX.XXX", " REST STREAM^M "
    Jun 8 13:45:49 unknown ftp.info vsftpd[1101]: [laikinas] FTP response: Client "XX.XXX.XXX.XXX", " SIZE^M "
    Jun 8 13:45:49 unknown ftp.info vsftpd[1101]: [laikinas] FTP response: Client "XX.XXX.XXX.XXX", " TVFS^M "
    Jun 8 13:45:49 unknown ftp.info vsftpd[1101]: [laikinas] FTP response: Client "XX.XXX.XXX.XXX", " UTF8^M "
    Jun 8 13:45:49 unknown ftp.info vsftpd[1101]: [laikinas] FTP response: Client "XX.XXX.XXX.XXX", "211 End"
    Jun 8 13:45:49 unknown ftp.info vsftpd[1101]: [laikinas] FTP command: Client "XX.XXX.XXX.XXX", "OPTS UTF8 ON"
    Jun 8 13:45:49 unknown ftp.info vsftpd[1101]: [laikinas] FTP response: Client "XX.XXX.XXX.XXX", "200 Always in UTF8 mode."
    Jun 8 13:45:50 unknown ftp.info vsftpd[1101]: [laikinas] FTP command: Client "XX.XXX.XXX.XXX", "PWD"
    Jun 8 13:45:50 unknown ftp.info vsftpd[1101]: [laikinas] FTP response: Client "XX.XXX.XXX.XXX", "257 "/""
    Jun 8 13:45:50 unknown ftp.info vsftpd[1101]: [laikinas] FTP command: Client "XX.XXX.XXX.XXX", "TYPE I"
    Jun 8 13:45:50 unknown ftp.info vsftpd[1101]: [laikinas] FTP response: Client "XX.XXX.XXX.XXX", "200 Switching to Binary mode."
    Jun 8 13:45:50 unknown ftp.info vsftpd[1101]: [laikinas] FTP command: Client "XX.XXX.XXX.XXX", "PASV"
    Jun 8 13:45:50 unknown ftp.info vsftpd[1101]: [laikinas] FTP response: Client "XX.XXX.XXX.XXX", "227 Entering Passive Mode (192,168,1,1,94,20)."
    Jun 8 13:45:50 unknown ftp.info vsftpd[1101]: [laikinas] FTP command: Client "XX.XXX.XXX.XXX", "LIST"
    Jun 8 13:46:50 unknown ftp.info vsftpd[1101]: [laikinas] FTP response: Client "XX.XXX.XXX.XXX", "425 Failed to establish connection."
     
  39. teddy_bear

    teddy_bear Network Guru Member

    FTP does work from WAN as long as you don't have conflicting port forwarding/dmz settings, and you router is not behind another NAT firewall.
    Here's your problem:
    Instead of "192,168,1,1" you should see your real WAN IP address there when accessing FTP from WAN if everything's configured correctly.

    The above is most probably caused by forwarding FTP port to your router's LAN IP address (which you should not do), or by using "pasv_address" option in "Custom Configuration" box. If the router you're running the FTP server on is indeed behind another NAT firewall, you'll need google for tips of how to configure "vsftpd behind NAT" - it's doable but definitely out of scope of default configuration.
     
  40. radko

    radko Guest

    Hello
    I'm using Tomato ND mod and I have small problem with rebooting.
    After reboot almost always i have errors od disk.
    But command "umount -f /opt" receive the meesage device busy.
    So I have to uncheck "automount" box reboot again and sometimes use check tools to repair file system.
    I have optware installed at harddisk without usb pendrive.

    So question is how to clean umount disk during reboot process?
     
  41. kastytis75

    kastytis75 Addicted to LI Member

    Thank you.... its working.... lookls like there was problem with 1.23 version...and after lots of traying i left 21 port forwarded to router adress in port trigering...I have removed it and now FTP working :thumbup:
     
  42. mrap

    mrap Addicted to LI Member

    I waited for build 31 (tomato-ND-USB-8631-Ext.trx 1.25.8631 ND USB Ext) and just flashed it. Now the USB tab doesn't work . . . just hangs.

    Removing the USB stick lets me see the page. Plugging USB stick back in, page hangs. My logs look pretty much like freddyspam and Raghnall :(
    Code:
    Jun  9 22:40:31 WL-500gp v2 user.info kernel: usb.c: USB disconnect on device 00:03.1-1.2 address 3
    Jun  9 22:40:31 WL-500gp v2 user.warn kernel: USB device disconnected from the SCSI subsystem
    Jun  9 22:41:04 WL-500gp v2 user.info kernel: hub.c: new USB device 00:03.1-1.2, assigned address 4
    Jun  9 22:41:04 WL-500gp v2 user.warn kernel:   Vendor: USB       Model: Flash Disk        Rev: 4.00
    Jun  9 22:41:04 WL-500gp v2 user.warn kernel:   Type:   Direct-Access                      ANSI SCSI revision: 02
    Jun  9 22:41:04 WL-500gp v2 user.warn kernel: Attached scsi removable disk sda at scsi0, channel 0, id 0, lun 0
    Jun  9 22:41:04 WL-500gp v2 user.warn kernel: SCSI device sda: 1023231 512-byte hdwr sectors (524 MB)
    Jun  9 22:41:04 WL-500gp v2 user.warn kernel: sda: Write Protect is off
    Jun  9 22:41:04 WL-500gp v2 user.info kernel:  /dev/scsi/host0/bus0/target0/lun0: p1
    Jun  9 22:41:04 WL-500gp v2 user.warn kernel: USB device connected to the SCSI subsystem
    Jun  9 22:41:04 WL-500gp v2 user.debug kernel: WARNING: USB Mass Storage data integrity not assured
    Jun  9 22:41:04 WL-500gp v2 user.debug kernel: USB Mass Storage device found at 4. Host: 0
    Jun  9 22:41:04 WL-500gp v2 user.debug hotplug[680]: Waiting for device /proc/bus/usb/001/004 [INTERFACE=8/6/80 PRODUCT=2040/2065/100] to settle before scanning 
     
  43. teddy_bear

    teddy_bear Network Guru Member

    Yep, you're the 3rd person to experience the same problem...
    I assume your USB drives don't auto-mount?
    Have you tried thorough nvram erase yet (and do not restore nvram from a backup after that)?
    Does the USB page hang forever when you're trying to acces it, or comes up after ~10 secs?

    If you erased the nvram and it still hangs after that, there's a workaround in this build:
    Code:
    nvram set usb_nolock=1; nvram commit; reboot
    Honestly I don't know what's causing the issue. What strange is that only a few routers seems to be affected - after 300+ downloads of build 31 I assume there would be more complains if it's a common problem. freddyspam and Raghnall - both are using the same router - wl520gu - as I'm running Tomato on, and I have no issues whatsoever with any USB flash or HDD drives I plugged into it, while freddyspam and Raghnall experienced the locking problem no matter what drive they tried...
     
  44. 1st SEA

    1st SEA Guest

    Hi
    Actually I'm experiencing same problem. With WL500W.
    I thought it can be related that I flashed 1.25 on top of 1.23 without clearing nvram.
    I will try later to clear it and enter all settings again and report if it would help.
     
  45. mrap

    mrap Addicted to LI Member

    Yes, no automount. The USB page hangs forever. I'm running a WL-500gp v2. I haven't erased NVRAM yet (I just bought the router recently and erased it after going from the manufacturer's firmware to you 1.23 USB Ext build and finished configuring it a few days ago, so I'm not ready for a do-over so quickly, but I might try it anyway ;)

    I wonder if flashing from 1.23 to 1.25 while the USB stick was plugged in and mounted caused an issue. I'll try to flash without it and see.
     
  46. teddy_bear

    teddy_bear Network Guru Member

    Although erasing the nvram and manual reconfiguration can be painful, nothing prevents you from just trying that...
    You save the backup of your configuration first, then erase the nvram, enter just a few absolutely required settings (i.e. password, enable usb etc), and then test if whatever problem you have experienced is now fixed. If it's fixed - good, it worked, and you have to go through the pain of manually re-entering the rest of your settings. If it did not fix the problem, then the cause is somewhere else, and you can just restore your configuration from the backup and get back to the starting point...

    Also, there are ways to simplify the "manual reconfiguration" step. You can create yourself a script in the form of nvram set nvram_var="value" commands which will only include the values that you always have to set up - wireless filter, static DHCP leases, etc - and that <most probably> stay the same between the firmware versions. There are many different ways to simplify creation of such scripts also - one of them (in Tomato 1.25) is to run a command:
    nvram export --set > /tmp/nvram_restore.sh
    and then edit the resulting file - only keep the lines that you recognize, and know what they mean, delete everything else.
     
  47. mrap

    mrap Addicted to LI Member

    Good point(s). Are there any man pages or docs for all the various commands (not just nvram)? In this particular case, I was trying to find out what the various export switches are:
    Code:
     export <--c|--dump|--dump0|--set|--tab>
    Dump and tab seem obvious, although they may be something altogether different. . . but I'd still like to have man/docs to peruse. Heck, I don't even know what Linux distro Tomato is built on! How's that for being a newbie! ;)

    I may give this and/or the Firefox "scrapbook" extension mentioned in other threads a try. Or maybe I'll keep playing with knockd; the SSH attempt controls were the main feature for me in 1.25 :)
     
  48. teddy_bear

    teddy_bear Network Guru Member

    No manuals... There's FAQ on Tomato' official web site, but it doesn't cover all commands - just some.
    Just try, and you'll see what they do ;)
     
  49. ray123

    ray123 LI Guru Member

    I started an Advanced Operation Manual a while ago. It's on my download page. Alas, nobody else had a desire to help out.
     
  50. tho04

    tho04 Guest

    Hi teddy_bear, thanks so much for this great tomato mod!
    I've been following this forum for a couple months and just decided to make the jump to your mod a few days ago.

    I was wondering if there was a way to block IP's from connecting to vsftpd. I seem to be getting a flood of failed connections for the last couple of hours. Would this be implemented in the vsftpd custom configuration field?

    Thanks

    A sample of ftp flood connections below:

    Jun 10 14:51:29 unknown ftp.warn vsftpd[3875]: [admin] FAIL LOGIN: Client "95.211.xx.xx"
    Jun 10 14:51:30 unknown ftp.warn vsftpd[3875]: [admin] FAIL LOGIN: Client "95.211.xx.xx"
    Jun 10 14:51:32 unknown ftp.warn vsftpd[3875]: [admin] FAIL LOGIN: Client "95.211.x.xx"
     
  51. mrap

    mrap Addicted to LI Member

    What is the URL of the download page?
    Thanks.
     
  52. teddy_bear

    teddy_bear Network Guru Member

    No, there's no vsftpd setting to limit connections by IP (by the way, here you can find all settings that can be used in "Custom Configuration" box).

    If you need an IP filtering in addition to users authentications, the only way for now is to create iptables rules maually in your Firewall script - first delete the default rule, then create new rule which will include the source IP filtering. But this is a good idea for the next release - implement "allowed remote IP" restrictions for ftp, similar to existing "Admin Restrictions" in Tomato for remote http/ssh/telnet access.

    EDIT: Added optional FTP WAN access restrictions - by source IP and/or connection attempts - in build 32.
     
  53. acollado

    acollado Addicted to LI Member

    Is vsftpd compiled so ssl_enable can be enabled and secure FTP sessions can be used?
     
  54. maurer

    maurer LI Guru Member

    Can i use this firmware on Asus wl-500gx (deluxe)
     
  55. teddy_bear

    teddy_bear Network Guru Member

    acollado,
    No, SSL support is not compiled in. It requires additional OpenSSL binary normally not included with Tomato, and together with extra ftp daemon code increases the size of compressed firmware binary by almost 100K.
    Besides, I compiled it with SLL support and tested once but something did not work properly - maybe because of the old OpenSSL version in Tomato. And I was not motivated enough to figure out why - I could not justify such an increase since most home users do not really need it.

    maurer,
    Unfortunately wl-500gx is not supported by Tomato. I made an attempt to include support for this router in the past, but it did not work out, and without the actual hardware on hands I can't do much more...
     
  56. kastytis75

    kastytis75 Addicted to LI Member

    There is more problem with FTP... (wl500gu with 1.25 31mod), when I am trying upload files...sometimes upload speed freezes and as I noticed in log file this is problem with ram... and then hang... until router restart physically
    I have tested uploading 2 files at the same time... but can't show log file because time is not enough when it begin freezing
     
  57. teddy_bear

    teddy_bear Network Guru Member

    kastytis75,
    If it's a RAM-related error (out of memory?), then you very well may be hitting the physical limit of the router - depending on the load, other processes you're running, etc - 16MB is not a lot...

    Also, Tomato uses ramfs for temporary file storage which takes a little less space in the firmware binary than tmpfs, but doesn't stop applications from writing data into it above the available memory size. If that happens, the router may hang. I'm still considering to replace ramfs with tmpfs - but have not convinced myself yet that it's worth of 4 to 8 KB extra space...

    If however it's some other problem, we need the complete log messages. Have you tried to telned/ssh to the router after it freezes?
     
  58. kastytis75

    kastytis75 Addicted to LI Member

    Yep... this was out of memory error.... and when I have tested FTP... other pc on the same network was in big download activity....maybe if I will use tomato-1.25-ND-USB-8631-Lite.rar, I will avoid seeing this message again...because I need only ftp... and other simple router function... I do not need vpn and etc.
     
  59. rasa

    rasa LI Guru Member

    On DD-WRT forum i've found interesting information about boot firmware from usb drive. Information can be found here. There is also instruction how to add usb port to Asus WL-520GC router. This may be helpful for users having routers with small flash memory size.

    teddy_bear
    Are you planning to add gsm usb modems support to this mod like in DD-WRT or asus firmware modification CDMA@wifi?
     
  60. teddy_bear

    teddy_bear Network Guru Member

    No, I don't have such plans now. Although I agree - this seems to be a lot more useful on the router than webcam support...
     
  61. welton

    welton Guest

    custom samba client codepage

    I enabled Samba file sharing on latest version, I need to set the Client Codepage to 936(chinese) to access my file with chinese file name on the USB drive. But it is not on the drawdown menu. Is there a way I can set Client Codepage to 936? thanks for your help.
     
  62. ju421019

    ju421019 Addicted to LI Member

    Hi - I have a quick question, I have a D-link router that i am using as my primary.

    Can I install Tomato on the Asus one and be able to utilize its USB feature to share a drive over the network/wifi? Thanks!
     
  63. teddy_bear

    teddy_bear Network Guru Member

    Update - build 32.

    • Updated dnsmasq to the latest ver. 2.49 (from 2.47).
    • Added optional access restrictions for FTP WAN access - source IP filtering, and limiting connection attempts.
    • Replaced ramfs by tmpfs.
    • Additional Busybox mainstream patches.
    • Cosmetics.
    Links to the firmware binaries and the git repository with sources are in the 1st post. The complete source code of this build can also be downloaded as a git snapshot in tar format.

    USB+VPN merged build is also available - based on the SgtPepperKSU' last released VPN mod ver 3.3 and Standard version of the USB mod. USB+VPN build is untested - use at your own risk.
     
  64. teddy_bear

    teddy_bear Network Guru Member

    ju421019,
    You mean that you run your Asus in client mode? If so, yes - you can use it to share an USB drive on your network.

    welton
    Unfortunately codepages take significant amount of space, especially Chinese codepages... That's why only 4 of them are built in into the firmware.
    However, starting from the latest build 32, you can add extra codepages if you have a storage space available on /jffs partition or on the attached USB drive.

    Download smbd_cp936.rar archive from the same download location as firmware binaries (links are in the 1st post), extract files from it, and read included README.TXT for instructions.
     
  65. ghostknife

    ghostknife Addicted to LI Member

    Question, by default does it allow or block all WAN address?
    If allow then when one is entered then everything else is THEN blocked?

    I'm not anywhere I can test it ATM, thanks.
     
  66. teddy_bear

    teddy_bear Network Guru Member

    It's implemented exactly the same way as admin restrictions in Tomato for SSH/Telnet/HTTP remote access. It allows all addresses by default, and once you specify allowed address(es)/range(s)/subnet(s) everything else is blocked.
     
  67. ju421019

    ju421019 Addicted to LI Member

    thanks for the reply Teddy.

    Yeah I think the D-link 655 I have, it's USB port isn't that great, it can be used for network usb storage, but each pc needs to have some sort of software run to access it one at a time.

    i was thinking of using the Asus as client for USB NAS.

    How are the speeds and performance?

    Thanks!
     
  68. dadaniel

    dadaniel Network Guru Member

    You can expect about 3-4MB/s over wired network.
     
  69. elale

    elale LI Guru Member

    Thank you very much for doing such a great Mod, Teddy_bear.

    I have a ASUS router wl500G (without any other letters after :), I'm wondering whether this Tomato firmware can support that. I tried the offcial one, but everything seems OK except for the Ethernet ports.

    Any idea for WL-500G support?

    Thanks
     
  70. trevorw

    trevorw LI Guru Member

    Hi TB,

    Just wanted to report that I've upgraded to 31 (and ran it for 4 days) and now to 32. Both upgrades were flawless - no hiccups whatsoever.
    Thanks a lot to anyone involved for the great work!

    Cheers,
     
  71. Aquafire

    Aquafire LI Guru Member

    Just a small question (SES button LED)

    Hello All,

    Just a small question.

    Flashed / Upgraded my Linksys WRTSL54GS with the latest version 1.25 (extra) . Now I notice that the button light (SES LED) in the front of the router is not lit (on).

    As far as I remember there was an option in ver 1.23 to set the light status and its colour. But somehow I am at a loss to find the same in Ver 1.25

    Can someone guide me and forgive my absent mindedness :smile:

    Thanks in Advance.
    Aquafire.
     
  72. ghostknife

    ghostknife Addicted to LI Member

    I have the WL-520gu and get ~2mb/s, it works but speed is not that great.
    Streams some video and mp3 ok but is painful copying Gb's of files over at that speed and i gave up on large backups

    So IMO WL-500gP v2 is the better option, twice as fast but costs twice as much.
    If only somebody would make a cheap router with Gb LAN and eSATA that worked with tomato mod how perfect would that be! :)
     
  73. Jeebus

    Jeebus Guest

    XFS Support?

    So is there any chance of getting XFS into the mix? I have been using XFS with Openfiler, primarily for media files.

    BTW, this looks really cool!
     
  74. Kibe

    Kibe LI Guru Member

    I have the same issue here Aquafire.

    I even tried this script in Wan UP:

    Code:
    #!/bin/sh
    I=`nvram get wl0_ifname`
    while sleep 1; do
    if [ "`wl assoclist`" != "" ]; then
    XFER=`ifconfig $I|grep bytes`
    if [ "$XFER" != "$PXFER" ]; then
    LED="amber on white on"
    PXFER=$XFER
    else
    LED="amber on white off"
    fi
    else
    LED="amber off white off"
    fi
    if [ "$LED" != "$PLED" ]; then
    led $LED
    PLED=$LED
    fi
    done
    But my SES light wont come up.

    If anyone has an idea how to fix it, I'd really appreciate!
     
  75. leesiulung

    leesiulung LI Guru Member

    How come these features (USB support) aren't just included in the official Tomato build?
     
  76. pepe_lodz

    pepe_lodz Addicted to LI Member

    I have on mu WL-500GPv2 firmware Tomato 1.25 8632 ND USB. In samba i haven't delete directory. I firts must delete FILES with directory and then i can delete DIRECTOR. This is BUG.

    Sorry for my english :)
     
  77. Aquafire

    Aquafire LI Guru Member

    SES LED Light : Please Help Teddy Bear

    Hello

    Teddy Bear....the creator....please help people like us....

    Waiting for our saviour...

    Regards.
     
  78. joew333

    joew333 LI Guru Member

    From running the various versions on an Asus WL-520GU, the build 23 lite (version 8623) has the best stability and memory performance (2MB free even when running FTP NAS). Anyone else have similar experiences?
     
  79. trevorw

    trevorw LI Guru Member

    What do you mean by stability? You can take a look at the changelog and see what has changed in the meantime. For example in my case, the upgrade to miniupnp seem to have paid off since previously I had a strange problem where upnp ports were not allocated for some reason (the uptime was 69 days or something like that when it happened).
    I'm running WLgP v1.
     
  80. joew333

    joew333 LI Guru Member

    Best Version USB Firmware Asus WL-520GU

    Hi! I have tried many of the different versions of Tomato with USB support and also DD-WRT. Many have memory capacity problems for a router with only 16MB of RAM. The Teddy Bear USB version 8623 lite is very stable and even with USB2 and FTP activated has just under 2 MB of free RAM. This is the best I have seen. Many of the other versions (including 8632) drain all of the memory when FTP is used, and have a counter overflow on the CPU load (counter goes above 100%). I have not seen this with 8623 which seems very stable. DD-WRT has one USB/FTP version which gobbled all available memory when used (dd-wrt.v24-12268_NEWD_mini_usb_ftp) .

    Please advise what you are using and results. Teddy Bear and Victek it would be great to hear from you as you are experts. What is behind the memory consumption and CPU counter issue? What could be done on future versions to reduce memory consumption?

    I tried Samba once, and it worked fine but consumed so much memory, I have stuck with FTP.... what improvements are planned from the Samba community?
     
  81. joew333

    joew333 LI Guru Member

    Hi! I have tried many of the different versions of Tomato with USB support and also DD-WRT. Many have memory capacity problems for a router with only 16MB of RAM. The Teddy Bear USB version 8623 lite is very stable and even with USB2 and FTP activated has just under 2 MB of free RAM. This is the best I have seen. Many of the other versions (including 8632) drain all of the memory when FTP is used, and have a counter overflow on the CPU load (counter goes above 100%). I have not seen this with 8623 which seems very stable. DD-WRT has one USB/FTP version which gobbled all available memory when used (dd-wrt.v24-12268_NEWD_mini_usb_ftp).
     
  82. anik

    anik Addicted to LI Member

    Split router ports?

    First of all, thank you (and everyone else that has worked on Tomato) for this wonderful firmware!

    I've tried both SgtPepperKSU's firmware and yours, but have settled on yours because you include his VPN support and have better support for the USB port on the Asus WL-520GU (but I appreciate the work both of you have done on this!). However there was something I had posted in a different thread that I thought I would mention here, just in case you might have any thoughts on how it could be implemented.

    Basically, it would be a nice addition if, when you are using VPN tunneling, you could "split" router ports - that is to say, force anything plugged into ports 1 or 2 to use the tunnel, or anything plugged into ports 3 or 4 to use the local connection.

    I think the ideal situation would be to have a separate page in the VPN Client configuration that would list each port on the device on one column, and then have three columns representing priorities (1st, 2nd, 3rd). In the intersection of each port and priority, there would be a dropdown box. So you'd have columns labeled:

    Port | 1st priority | 2nd priority | 3rd priority

    And then each row underneath would look like:

    1 | [dropdown] | [dropdown] | [dropdown]
    2 | [dropdown] | [dropdown] | [dropdown]
    3 | [dropdown] | [dropdown] | [dropdown]
    etc.

    And in each dropdown, the choices would be as follows:

    Local Internet Connection
    VPN Client 1
    VPN Client 2
    No Route

    So the idea is, when a device is connected to a particular port and tries to connect to something not on the local LAN, it would first try the route listed under the first priority. If that were not available, it would try the route under the second priority, and if that were not available, the third. So, for each port you could specify which VPN client you want to use first, and which as a backup, or you could specify that the port should use the local Internet connection. Perhaps some examples would clarify:

    1 | VPN Client 1 | Local Internet Connection | No Route

    On port 1, would try to send traffic via the first VPN tunnel, but if the tunnel was down it would send traffic out the local Internet connection. This is actually something like the default behavior although in many situations it's probably not what you'd want.

    3 | VPN Client 2 | No Route | No Route

    Would force Port 3 to use VPN Client 2 only - if that tunnel is not available that port would only permit local net connections

    4 | Local Internet Connection | No Route | No Route

    Would force Port 4 to use the local Internet connection and bypass any VPN tunnels that might be available

    2 | No Route | No Route | No Route

    Would mean anything plugged into Port 2 could ONLY access other devices on the LAN, but could not under any circumstances get to the Internet.

    Note that if having three priorities would be too difficult, even having just one choice (only the 1st priority in the above scenario) would still be useful, so that you could assign different ports to use or not use the VPN tunnel. But maybe in that case you could add an additional choice to the dropdown, something like "VPN then Local", which would emulate the current default behavior of falling back to the local Internet connection if the VPN tunnel isn't available (personally I consider that very undesirable behavior, but some may want it).

    (For anyone else that thinks that devices plugged into ports should not be able to access the local Internet connection if the VPN isn't available, SgtPepperKSU offered a solution:

    That will allow the router and connected devices to only go to the VPN server and nowhere else outside the LAN, except via the tunnel, and if the tunnel isn't established for some reason there will be no connectivity, which is exactly what's needed in some situations where security is essential. But it applies to all ports on the router, and as I say, it would be nice if some ports could be sent through the tunnel and others allowed to connect to the local Internet connection, using a per-port selection method).

    Just a thought of something that would be nice. I think DD-WRT may have something like this but since I could never get a VPN tunnel to work on it (despite about three weeks of effort), I was never able to test that theory.
     
  83. anik

    anik Addicted to LI Member

    One other thing I meant to ask, when I do df from a command prompt I see this:

    Filesystem 1K-blocks Used Available Use% Mounted on
    /dev/root 3200 3200 0 100% /
    tmpfs 7216 232 6984 3% /tmp

    Does that really mean I have almost 7 Meg of memory available? Seem like a lot considering I have no external storage plugged in (this is on a WL-520GU).

    If so then that leads to my next question: I wonder if it would be possible to install Midnight Commander? I know there's an optware version, but it seems even though you have BusyBox you don't have ipkg? When I enter ipkg at the prompt, I get "-sh: ipkg: not found" - strangely, when I tried SgtPepperKSU's, his had ipkg but no configuration file, so it didn't work.

    Just trying to understand this, but it would be nice to have Midnight Commander if it's not too large to fit.

    Edit: Also, is the /tmp directory in your version the same as the /jffs directory in some other versions? I'm wondering because when I went to the JFFS tab and attempted to format/erase the JFFS drive, it failed and I got these error messages in the log:

    Jun 23 22:06:26 Tomato user.info kernel: JFFS version 1.3, (C) 1999, 2000 Axis Communications AB Mods by Ray Van Tassle
    Jun 23 22:06:26 Tomato user.info init[1]: notice[jffs]: doing mount- jffs
    Jun 23 22:06:26 Tomato user.warn kernel: JFFS: Only 1 block in jffs. Jffs too small to be usable without write-in-place.
    Jun 23 22:06:26 Tomato user.warn kernel: JFFS: Must mount with MS_MANDLOCK or o_mand to enable write-in-place.
    Jun 23 22:06:26 Tomato user.warn kernel: jffs_scan_flash: Did not find even a single chunk of free space. This is BAD!
    Jun 23 22:06:26 Tomato user.warn kernel: jffs_scan_falsh: Free size accounting screwed
    Jun 23 22:06:26 Tomato user.warn kernel: jfffs_scan_flash: free_chunk_size1 == 0x10000, free_chunk_size2 == 0x0, fmc->free_size == 0x0
    Jun 23 22:06:26 Tomato user.warn kernel: JFFS: Failed to mount device 1f:03.
    Jun 23 22:06:26 Tomato user.info init[1]: notice[jffs]: mount failed
    Jun 23 22:06:26 Tomato user.info init[1]: notice[jffs]: Error mounting JFFS. Check the logs to see if they contain more details about this error.

    So, what's happening here?
     
  84. uf20wop

    uf20wop Addicted to LI Member

    hey guys i recently got a 520gu and got the tomato mod working.

    however, my printing is EXTREMELY slow, like it takes 5 minutes to print 1 page.

    does anyone know what could be causing this?
     
  85. freddyspam

    freddyspam Addicted to LI Member

    It could be your print quality setting are set too high by default. I had the same issue where it was printing text pages at photo quality settings and taking forever to finish printing. The printer was going at the correct pace for that resolution.

    Try a test print at the lowest resolution.
     
  86. uf20wop

    uf20wop Addicted to LI Member

    well it works fine plugged into the computer's USB port

    however, when trying to send the data through the router, the connection is really slow. a 1 meg file takes about 5 minutes to completely send to the printer.

    btw i have windows 7 rc 1 64 bit and my printer is a lexmark 2600
     
  87. anik

    anik Addicted to LI Member

    Custom theme doesn't survive reboot

    I tried the custom "Tomato USB" theme mentioned in the first post, and when I copy the three files from the archive to /var/wwwext it works, but after a reboot those files go away. Am I putting them in the wrong place, or is there something else I need to do to make them survive a reboot?
     
  88. Andr0med

    Andr0med Addicted to LI Member

    Free memory on 8632

    Hey Joe,

    You should enable cache to see the total free memory (it's actually a lot bigger than 3 or 5% you otherwise get).
    Go to Administration>Debugging>Count cache as free memory (check it)
     
  89. Pay87

    Pay87 Addicted to LI Member

    I also have some troubles with my printer since version 1.25. It often happens that it just stops to print and then I have a half printed paper.. with 1.23 I never had this problem.. anyone?
     
  90. uf20wop

    uf20wop Addicted to LI Member

    i also ran into that problem

    i was looking for an answer too
     
  91. uf20wop

    uf20wop Addicted to LI Member

  92. CsBubo

    CsBubo Addicted to LI Member

    CGI QUERY_STRING is missing

    Hi,

    this is mainly for teddy_bear, I'm playing around with the CGI support You mention in the first post, but it seems Your implementation doesn't support the QUERY_STRING variable. Although it is still very useful for some management tasks without this, would it be too hard to include? I think a few extensions could be put there to handle optware execution/management tasks.
    Also was thinking on something like a link from the WEBUI, just another menu item, pointing to /www/user/cgi-bin/custom.cgi. This can be created boot time with some simple content, or even without it. Or just check if it exists and only show the menu item when there is a script. If there are more then one, list Them under the menu structure: "Own scripts". These way, You would have a one click way to Your own CGI from the UI, whatever it is.
    What do You think?
     
  93. uf20wop

    uf20wop Addicted to LI Member

    quoted for bottom of page :p
     
  94. joew333

    joew333 LI Guru Member

    Andr0med rules

    Thanks Andr0med! Yes including cache I have 6.6 MB of free RAM.
     
  95. freddyspam

    freddyspam Addicted to LI Member

    Who cares how much ram you have free if everything works and the transfer speeds are normal?

    I'm curious as to why everyone is worried about this.
     
  96. anik

    anik Addicted to LI Member

    Problem with that is that when I try to wget the files to cifs1 or cifs2, I get an error that looks like this:

    wget: can't open 'filename': Read-only file system

    Is it possible that the cifs1 and cifs2 folders are only active if you have some type of external storage permanently attached via the USB port?
     
  97. ray123

    ray123 LI Guru Member

  98. ray123

    ray123 LI Guru Member


    1) There was/is an ipkg in the original Tomato. But it didn't work. Even after I fixed the bug about the conf file path, it still didn't work. We removed it quite a few versions ago for this reason. SgtPepper's version most likely still has this fubar ipkg.

    2) No, /tmp is not the same as /jffs.

    3) These lines tell the story:
    Jun 23 22:06:26 Tomato user.warn kernel: JFFS: Only 1 block in jffs. Jffs too small to be usable without write-in-place.
    Jun 23 22:06:26 Tomato user.warn kernel: JFFS: Must mount with MS_MANDLOCK or o_mand to enable write-in-place.

    You don't have enough unused RAM space for a jffs.
    TeddyBear has (reasonably, IMHO) declined to put in the special code in the GUI to enable write-in-place. If you so desire, you can do it yourself. The message tells you how: do the mount yourself (perhaps in a script) with "-o mand".
     
  99. ray123

    ray123 LI Guru Member

    No, cifs's are Windows (or Linux Samba) shared directories. You specify & enable them in the GUI.
     
  100. ray123

    ray123 LI Guru Member

    Wow, go out of town for a couple of weeks, and 3 pages of new messages!

    I am greatly surprised to continually see people asking for/about features to make a Tomato router into a "real" computer. What a great testament to the power of Tomato. nfs, samba, vpn, webcam, etc., etc., etc.

    Somebody even asked about a torrent client. How silly, I thought. Until I went out of town for a few weeks and thought about how nice it would have been to have the router continuing to chug away at downloading some torrents while I was gone and my "real" comnputer was powered off.

    OTOH, I guess I'm goofy too, because I'm currently messing around with getting a good but small version of ntpd working. Like anybody needs a router that maintains a time accuracy of a few microseconds.

    Unfortunately, the routers just don't have the horsepower or memory (ram & rom) to do much more than it already does. The best thing we have going for us is USB storage--which gets around the 4MB flash limitation and helps the 16MB ram size by allowing the use of a swapfile.
     

Share This Page