1. This site uses cookies. By continuing to use this site, you are agreeing to our use of cookies. Learn More.

Tomato RAF Releases

Discussion in 'Tomato Firmware' started by Victek, Dec 28, 2012.

  1. Spyros

    Spyros LI Guru Member

    Flashing g version on E2000 without wipe over previous f version was a success. Dnsmasq is still 2.71 and not 2.72 test3 as stated in changelog but i don't really care.

    Thanks @Victek , my E2k still rocks because of you.
     
  2. Victek

    Victek Network Guru Member

    The version name is entered manually for dnsmasq but I can certify it's 2.7.2test3 git version. Thanks
     
    Spyros likes this.
  3. The Master

    The Master LI Guru Member

    Hi Victek,

    Thanks and sorry
    i know you hate people who ask "when it is finished" and so on. But could you give me a little hint about the new FW Version.

    Its because i have trouble with Shibbys Version.

    - Reboots (after a few hours or after a few days)
    - complete freez (hard reboot -powerless)

    so in both cases i have no error log :(.

    So i want to test your FW Version @ my R7000.

    (Works like a charm on my other devices N16 and E900)

    Thanks and sorry that i ask :(.
     
  4. Victek

    Victek Network Guru Member

    I don't hate people (if I hate then I'll not answer in the forum ;)). Under what conditions do you get these problems? .. normal traffic?, what PSU do you use? In my case I use this router and it's running without problems with 1.3g version since:
    upload_2014-7-1_21-42-2.png

    I'll release 1.3g for ARM this weekend
     
  5. rob0809

    rob0809 Network Newbie Member

    Hi
    Victek, sorry if you've answered this already but which ARM routers will 1.3g support?
     
  6. Victek

    Victek Network Guru Member

  7. teh_g

    teh_g Networkin' Nut Member

    Good to see it is stable! I have 8 days with 1.3f
     
  8. The Master

    The Master LI Guru Member

    @Victek
    Reboots on normal High and low Trafik :( thats the Problem.
    Original PSU from R7000 why?!
    And sorry Problem is on "shibby Build" thats why i ask for your new Version.

    Last Reboot and Uptime:
    Uptime0 days, 03:17:12
     
  9. Victek

    Victek Network Guru Member

    I know you mention shibby's version, my question about PSU? simply to verify you use original R7000 PSU. No OC I hope? ..anyway you can test RAF version on Friday this week.
     
  10. The Master

    The Master LI Guru Member

    no oc :(....(SAD) reboot again...

    ModelNetgear R7000
    ChipsetARMv7 Processor rev 0 (v7l)
    CPU Freq1998 MHz
    Flash Size128MB
    TimeWed, 02 Jul 2014 00:22:05 +0200
    Uptime 0 days, 00:02:44
     
  11. Lorenceo

    Lorenceo Networkin' Nut Member

    My R7000 has arrived. Keen to get it flashed. :D

    Edit: Flashed with Shibby's initial build, then put 1.3f onto it.

    Edit 2: Initial impressions are there are a lot of kinks to work out. Can't re enter settings with nvram set, some websites won't load, possibly the Facebook IPv6 issues have returned.. Wireless clients do seem to be getting better speeds compared to the N66U though, so I guess that's good. Will probably go through looking for issues on the weekend, and report them here.
     
    Last edited: Jul 2, 2014
  12. gffmac

    gffmac Serious Server Member

    DLNA Server is working great on my n66u using the latest release. Pitty NTFS upload transfer rate is so slow.
     
  13. RonV

    RonV Network Guru Member

    I found the the IPv6 issue with Facebook isn't just in RAF. I did a test last weekend with having my AT&T Uverse residential gateway run as my router and RAF just ran as an access point. I turned on IPv6 with Uverse and had the same type of issues with IPv6. Facebook wouldn't load, BING loads slow, other sites that are IPv6 sometimes load other times I have to use the refresh button quite a bit in the browser.

    As others have stated IPv6 is a mess right now and I don't know how Victek or other firmware writers are keeping their sanity.
     
  14. EzRyder

    EzRyder Reformed Router Member

  15. jerrm

    jerrm Network Guru Member

    They are all Broadcom MIPs based and close enough that they can use the same image file. The source does some hardware probes and adjusts running parameters as needed. It's no different (actually much simpler) than a particular version of Windows or Linux running on all the varied PC platforms.

    If all the units supported the standard .trx image formats we would have much fewer image files than we currently have.
     
  16. EzRyder

    EzRyder Reformed Router Member

    Thanks for the reply. I figured it would most likely be something like that, just wanted to make sure. Again, Thanks!
     
  17. ofcoursemyhorse

    ofcoursemyhorse Network Newbie Member

    Hey guys, so i finally got my iptv working on my router (Linksys E900) with v1.3g firmware version. Everything was working according to plan, but after 2 hours of watching the tv, image was getting blocky before coming to a complete stop. I thought my iptv stb was to blame, but in the end (after swapping hdmi cables, adapters, stb's...) rebooting the router fixed the problem.

    I can reproduce this problem every time i watch tv for certain amount of time (1 hour, 2hours), image gets blocky/ pixelated and then completely freezes. Rebooting router helps, but it doesn't fix the problem, because it happens again after some time. I can reproduce this problem even faster when watching HD channels. STB is connected with cable on port 4 on the router. Port 4 is member of br1 (LAN1) and is only port with multicast.

    What should i do? What is "Efficient Multicast Forwarding"? Should i enable it?

    Thanks!
     
  18. Victek

    Victek Network Guru Member

    Release 1.3g for ARM is available.
     
    Elfew likes this.
  19. kthaddock

    kthaddock Network Guru Member

    Last edited: Jul 5, 2014
  20. desiromeo

    desiromeo Networkin' Nut Member

    Victek I see you switched to the new wireless driver in the new firmware. Any reason for switching?
     
  21. Victek

    Victek Network Guru Member

    Has been working 15 days in wireless devices (up to 23 different types including Apple phones and tablets) without any glitch.
     
  22. lilstone87

    lilstone87 Serious Server Member

    Vic,

    Any changes for just the ARM build's? Or all the same, as listed in the change log?
     
  23. Victek

    Victek Network Guru Member

    Changes in code and drivers for both versions. Not significant to be included in changelog but it will affect performance.
     
  24. lilstone87

    lilstone87 Serious Server Member

    Got a question for you, as Shibby mention again he might of found something that was causing the ping issue, and plans to include in his 121 build. So I am wondering do you plan to include in your future build if it helps users like me? also see he is gonna include QoS on the upstream side to.
     
  25. Victek

    Victek Network Guru Member

    ? ... let's see his next version ... facts.
     
  26. lilstone87

    lilstone87 Serious Server Member

    I know a little ahead of myself with questions above, and I will probably test your newest build out tomorrow. But I am sure I will encounter the same ping issue, as before. But I can get it settled by turning on CTF, and rebooting the router a time or two. But getting the ping issue I see settled is important, once ARM build's start supporting QoS, in which CTF will be disabled when using. I will for sure test Shibby's build once released, to see if ping issue is resolved without me having to do much to the router.
     
  27. Victek

    Victek Network Guru Member

    Ok, share your findings, I'm not suffering this event you mention.

    Code:
    vicente@vicente-K53SJ:~$ ping 10.10.2.1
    PING 10.10.2.1 (10.10.2.1) 56(84) bytes of data.
    64 bytes from 10.10.2.1: icmp_seq=1 ttl=64 time=0.175 ms
    64 bytes from 10.10.2.1: icmp_seq=2 ttl=64 time=0.192 ms
    64 bytes from 10.10.2.1: icmp_seq=3 ttl=64 time=0.160 ms
    64 bytes from 10.10.2.1: icmp_seq=4 ttl=64 time=0.198 ms
    64 bytes from 10.10.2.1: icmp_seq=5 ttl=64 time=0.233 ms
    64 bytes from 10.10.2.1: icmp_seq=6 ttl=64 time=0.225 ms
    64 bytes from 10.10.2.1: icmp_seq=7 ttl=64 time=0.209 ms
    64 bytes from 10.10.2.1: icmp_seq=8 ttl=64 time=0.200 ms
    64 bytes from 10.10.2.1: icmp_seq=9 ttl=64 time=0.166 ms
    ^C
    --- 10.10.2.1 ping statistics ---
    9 packets transmitted, 9 received, 0% packet loss, time 7997ms
    rtt min/avg/max/mdev = 0.160/0.195/0.233/0.026 ms
    vicente@vicente-K53SJ:~$
    
     
  28. Lorenceo

    Lorenceo Networkin' Nut Member

    I've been doing some testing with 1.3g on my R7000. Have found quite a few things not working too well.
    The only things I have set up are PPP login, v6 settings, logging to USB storage and saving WAN stats to USB storage. I tried setting up QoS but gave up as I don't want to enter all the rules by hand at the moment.

    Firstly some websites refuse to load for me when using the 1.3g ARM build, most notably speedtest.net. This happens with and without IPv6 enabled.
    Facebook loads with only v4 running, but does not load with v6 enabled.
    test-ipv6.com loads and shows both v4 and v6 working. Pings and traceroutes work over v6.
    I cannot connect to mumble over v6 with this build.
    WAN usage stats refuse to save/load from USB drives.
    The GUI displays errors on some pages, often iptables errors.
    The nvram console command seems to have had its syntax changed. It doesn't seem to allow nvram values to be set via console anymore.

    Here are some screenshots of some of the errors: http://imgur.com/a/5GkXW

    And here are some snippets from the logs with errors:
    Code:
    Jul  6 04:19:02 unknown user.crit preinit[1]: Error while loading rules. See /etc/ip6tables.error file.
    
    Jul  6 04:19:42 unknown user.warn rstats[3039]: Problem loading /tmp/mnt/GAMES/tomato_rstats_xxxx.gz. Still trying...
    
    Jul  6 04:23:31 unknown user.crit preinit[1]: Error while loading rules. See /etc/iptables.error file.
    Jul  6 04:23:31 unknown user.crit preinit[1]: Error while loading rules. See /etc/ip6tables.error file.
    Jul  6 04:23:32 unknown user.crit preinit[1]: Error while loading rules. See /etc/iptables.error file.
    Jul  6 04:23:32 unknown user.crit preinit[1]: Error while loading rules. See /etc/ip6tables.error file.
    
    Jul  6 04:26:01 unknown daemon.err miniupnpd[1495]: add_filter_rule() : chain upnp not found
    Jul  6 04:26:01 unknown daemon.err miniupnpd[1495]: Failed to add NAT-PMP 65534 udp->192.168.2.11:65534 'NAT-PMP 65534 udp'
    Jul  6 04:26:01 unknown daemon.err miniupnpd[1495]: add_filter_rule() : chain upnp not found
    Jul  6 04:26:01 unknown daemon.err miniupnpd[1495]: Failed to add NAT-PMP 65534 tcp->192.168.2.11:65534 'NAT-PMP 65534 tcp'
    Jul  6 04:26:02 unknown daemon.err miniupnpd[1495]: delete_filter_rule() : iptc_delete_num_entry(): No chain/target/match by that name
    Jul  6 04:26:03 unknown daemon.err miniupnpd[1495]: delete_filter_rule() : iptc_delete_num_entry(): No chain/target/match by that name
    All of the above things work fine on my N66U, which is still running 1.3f. The joys of being on the cutting edge, eh? :D
    If you need any more in depth testing I'm happy to do so.
     
  29. Victek

    Victek Network Guru Member

    Thanks @Lorenceo, if posible test 1.3g in your RT-N66U to compare, probably we'll need to rollback dnsmasq last updates .
     
    Last edited: Jul 6, 2014
  30. Lorenceo

    Lorenceo Networkin' Nut Member

    Just flashed 1.3g to the N66u. None of the issues above with the ARM version are present.
    FWIW these same issues were happening with 1.3f when I flashed it onto the R7000.
     
  31. Victek

    Victek Network Guru Member

    Thanks.. well, MIPS version performs nice but ARM .. same code but different behavior... the only difference is xtables and kernel patches .. go to this direction.
     
  32. lilstone87

    lilstone87 Serious Server Member

    R7000 Tomato Pings.png Well I am still seeing the ping issue's with your latest release. After first installing your firmware I did a nvram erase, and a reboot. After the reboot pings settled down. Then I went ahead and enabled CTF, and after pings were not stable, I even did another reboot with no luck. I also notice as mention by someone else, The CPU Clock only at 1595MHz. Meaning that it is only being clocked at 800MHz instead of its normal 1000MHz. I attached a screenshot of me ping the router for a few seconds showing the unstable pings.
     
    Last edited: Jul 6, 2014
  33. Victek

    Victek Network Guru Member

    I can't reproduce your issues mentioned in all your posts for ARM versions, all RAF versions (MIPS and ARM) are below <1ms in all tests. Check cables or computer.

    Code:
    vicente@vicente-K53SJ:~$ ping 10.10.2.1
    PING 10.10.2.1 (10.10.2.1) 56(84) bytes of data.
    64 bytes from 10.10.2.1: icmp_seq=1 ttl=64 time=0.157 ms
    64 bytes from 10.10.2.1: icmp_seq=2 ttl=64 time=0.183 ms
    64 bytes from 10.10.2.1: icmp_seq=3 ttl=64 time=0.246 ms
    64 bytes from 10.10.2.1: icmp_seq=4 ttl=64 time=0.223 ms
    64 bytes from 10.10.2.1: icmp_seq=5 ttl=64 time=0.225 ms
    64 bytes from 10.10.2.1: icmp_seq=6 ttl=64 time=0.228 ms
    64 bytes from 10.10.2.1: icmp_seq=7 ttl=64 time=0.235 ms
    64 bytes from 10.10.2.1: icmp_seq=8 ttl=64 time=0.242 ms
    64 bytes from 10.10.2.1: icmp_seq=9 ttl=64 time=0.167 ms
    64 bytes from 10.10.2.1: icmp_seq=10 ttl=64 time=0.205 ms
    64 bytes from 10.10.2.1: icmp_seq=11 ttl=64 time=0.206 ms
    64 bytes from 10.10.2.1: icmp_seq=12 ttl=64 time=0.234 ms
    64 bytes from 10.10.2.1: icmp_seq=13 ttl=64 time=0.224 ms
    ^C
    --- 10.10.2.1 ping statistics ---
    13 packets transmitted, 13 received, 0% packet loss, time 11998ms
    rtt min/avg/max/mdev = 0.157/0.213/0.246/0.030 ms
    vicente@vicente-K53SJ:~$
    
     
  34. lilstone87

    lilstone87 Serious Server Member

    I would consider it on my end, but I am not the only one who has seen this issue, and like I said before sometimes rebooting the router settles the ping issue down. But with your latest build after enabling CTF the ping issue started, and I also noticed the CPU Clock speed at 1595MHz. I made no change to it either, I will go back to DD WRT for now. As for ethernet cable, that has been changed for testing. None of this is a problem on Netgear or Kong's DD WRT using either cable.
     
  35. lilstone87

    lilstone87 Serious Server Member

    I just nvram erased and started over, once I enabled CTF, and saved. The router took 3 minutes to reboot fully. After that pings were again all over the place, and now the CPU Clock is showing 1595MHz. So something isn't right when enabling CTF atm, and is causing the clock speed to change as well.
     
  36. Victek

    Victek Network Guru Member

    I never activated CTF in my router and it could be one difference, CTF for Netgear might cause some problems since we're using asus ctf, so, don't use meanwhile. About clock speed, I'll erase nvram and check it, probably the ID method to identify model is wrong.
     
  37. lilstone87

    lilstone87 Serious Server Member

    Okay well I think we can say CTF is an issue right now for the R7000 at least. Because like I said when I first flashed your latest build, pings were unsteady. But I did the reboot required to get the wireless working, and the pings were steady after that reboot. But with CTF enabled, there are problems with the R7000. So I suggest anyone using your build with the R7000, stay away from enabling CTF atm.
     
  38. Victek

    Victek Network Guru Member

    same as shibby's builds ... we're using same ctf, but I'll check in my connection, with 100Mbps download speed it's not needed.
     
  39. lilstone87

    lilstone87 Serious Server Member

    well over the last year my internet speeds have went from 50mbps to 150mbps down. but even i should be good without ctf, but if its there i am one to enable it :).
     
  40. mrQQ

    mrQQ Addicted to LI Member

    has the url for the rep changed?
     
  41. tomahawk947

    tomahawk947 Network Newbie Member

  42. Victek

    Victek Network Guru Member

  43. teh_g

    teh_g Networkin' Nut Member

    In order to avoid my wife murdering me for bringing the internet down for a bit, can I get away with not doing an nvram wipe when going from 1.3f to 1.3g?
     
  44. desiromeo

    desiromeo Networkin' Nut Member

    thats what I did and everything is working just fine.
     
  45. tomahawk947

    tomahawk947 Network Newbie Member

  46. gffmac

    gffmac Serious Server Member

    Anybody know if the transfer rate when using samba file sharing is better with an hfs+ formatted drive over NTFS?
     
  47. tomahawk947

    tomahawk947 Network Newbie Member

    Well I guess it is not supported...the "read before you something" is just misleading.
     
  48. Moogle Stiltzkin

    Moogle Stiltzkin Networkin' Nut Member

    what version you using ?

    I'm still using Tomato RAF Firmware v1.28.9013 MIPSR2-RAF-V1.2v K26 USB

    The only issue i got is whenever i reboot router, i have to putty ssh to do the command

    Code:
    echo 1420 > /proc/sys/net/ipv6/conf/br0/mtu
    And this to double check whether the mtu changed or not
    Code:
    cat /proc/sys/net/ipv6/conf/br0/mtu

    Other than that little quirk, my ipv6 seems to work fine. Firmware seems to be stable as far as i can tell as i've left this on for months on end, and no issue.


    So was surprised you had issues with ipv6 :/
     
  49. Ignas

    Ignas Addicted to LI Member

    I've moved my question to separate thread as suggested by Edrikk. Sorry
     

    Attached Files:

    Last edited: Jul 9, 2014
    Algimantas likes this.
  50. Edrikk

    Edrikk Network Guru Member

    You should really post that in its own thread (IMHO).
     
  51. macbrian

    macbrian Networkin' Nut Member

    I think it's faster. I used to have my drive formatted as NTFS but now i use HFS+. Just remember that you cannot have journaling enabled if you want to write to the drive.
     
    gffmac likes this.
  52. desiromeo

    desiromeo Networkin' Nut Member

    2.4ghz band keeps going down and doesnt allow any device to connect until a reboot with the new wireless drivers for me. I did not clear nvram when updating from 'f' to 'g', so that may be an issue. I flashed back to f release as I feel its mostly caused by the new drivers.

    running asus rtac68u.
     
  53. M0g13r

    M0g13r LI Guru Member

    it has nothing to do with the theme ..... it's a buggy implementation ... nothing else

    capture09 - 10.07.2014.jpg capture16 - 10.07.2014.jpg
     
  54. dc361

    dc361 LI Guru Member

    Well.... agreed .. part of the issue is a problem with the page that is created 'inline' by the router which includes a maximum page height of 950. If the 'height' command is removed, everything displays correctly ... except for: the /* whatever */ appear to be tags in the code that RoadKill/Victek use to insert the General/RIP/OSPF html info -- there are many more of them in the source so there appear to be a few unused or forgotten markers that we see at the top of the page.
     
  55. teh_g

    teh_g Networkin' Nut Member

    Have you been able to come up with a more permanent fix for the IPv6 issue? (The one where we have to add, "echo 0 > /proc/sys/net/ipv6/conf/`nvram get wan_iface`/forwarding" to the Firewall Up script)
     
  56. Victek

    Victek Network Guru Member

    Not needed for MIPS version..it's in the kernel.
     
  57. teh_g

    teh_g Networkin' Nut Member

    I am using it in my RT-AC68U, definitely still needed. I found out when my Debian install WA failing because it was trying to reach out over IPv6

    From reports here, it only impacts Comcast...
     
  58. RonV

    RonV Network Guru Member

    I found something really interesting. I replugged directly into my AT&T RG and there is a different MTU for IPv4 and IPv6:

    Code:
    C:\WINDOWS\system32>netsh interface ipv6 show subinterfaces
    
       MTU  MediaSenseState   Bytes In  Bytes Out  Interface
    ------  ---------------  ---------  ---------  -------------
        1472                1    2260031     617820  Ethernet 10
    
    
    C:\WINDOWS\system32>netsh interface ipv4 show subinterfaces
    
       MTU  MediaSenseState   Bytes In  Bytes Out  Interface
    ------  ---------------  ---------  ---------  -------------
      1500                1    3461465     749200  Ethernet 10
    This could explain the spotty IPv6 I am receiving with RAF. I am going to try to adjust down the MTU on the router to see if this becomes resolved.


    Update. Changing the MTU for IPv6 on both VLAN2 and BR0 seems to have corrected. I used the following commands in the WAN Up script:

    Code:
    echo 1472 > /proc/sys/net/ipv6/conf/br0/mtu
    echo 1472 > /proc/sys/net/ipv6/conf/vlan2/mtu
     
    Last edited: Jul 12, 2014
  59. Victek

    Victek Network Guru Member

    Thanks, kernel patch needed then.. next release.
     
  60. Edrikk

    Edrikk Network Guru Member

    Some good ARM specific stuff from shibby... Hope can incorporate into next RAF release for ARM. Seems to have corrected (based on thread feedback) the high ping issue a few have reported on R7000:

     
  61. gijs73

    gijs73 LI Guru Member

    With the latest 1.3g on my AC66U Access Restriction is not working anymore.

    I get following error:
    iptables-restore: line 51 failed

    Reboot didn't help.
    I reinstalled 1.3g on my router and did a clear the NVRAM (through), I still get the same error.
    I can still open these sites I want to block, so it's really not working.

    This is how my rule looks:

    [​IMG]


    Edit: Block All Internet Access is working, everything else is resultung with the same error as above.

    Edit 2: Shibby fixed a bug in his latest v121 which seems to solve exactly this issue, is it already known to Victek?
     
    Last edited: Jul 13, 2014
  62. Victek

    Victek Network Guru Member

    We're not using same code ... shibby returned to webmon control in his last version, RAF never changed the restriction module- I'll check.
     
  63. Victek

    Victek Network Guru Member

    We'll see, there is not enough feedback and the ping issue has never occurred in RAF version when CTF is not active. Have to see if CTF in last version is working correct.
     
  64. lilstone87

    lilstone87 Serious Server Member

    Well Vic i forgot to mention, after i turned CTF off on your latest release. I could never get the ping to settle down after a hour of trying everything.
     
  65. pharma

    pharma Network Guru Member

    Did you reboot after turning CTF off?
     
  66. lilstone87

    lilstone87 Serious Server Member

    I did a bunch of things, including that, nvram erase, and couple other things. For me once I turned on CTF on Vic's latest build, There was nothing I could do to get pings back stable besides change back to DD WRT firmware.
     
  67. gijs73

    gijs73 LI Guru Member

    Any news on this? What's wrong with access restriction?
    I really need this feature for my child. ;)
     
  68. mrdarek

    mrdarek Reformed Router Member

    Like user Lorenceo I have netgear R7000 and have errors in my log:
    Code:
    Jul 16 17:50:40 unknown user.crit dhcpc-event[1682]: Error while loading rules. See /etc/iptables.error file.
    Jul 16 17:50:42 unknown user.crit preinit[1]: Error while loading rules. See /etc/iptables.error file.
    Jul 16 17:50:43 unknown user.crit preinit[1]: Error while loading rules. See /etc/iptables.error file.
    
    I try navigate to error file using Putty and using cat I read it. I got:
    Code:
    *mangle
    :PREROUTING ACCEPT [0:0]
    :OUTPUT ACCEPT [0:0]
    -A PREROUTING -i vlan2 -d 192.168.1.1/255.255.255.0 -j DROP
    COMMIT
    *nat
    :PREROUTING ACCEPT [0:0]
    :POSTROUTING ACCEPT [0:0]
    :OUTPUT ACCEPT [0:0]
    :WANPREROUTING - [0:0]
    -A PREROUTING -d 10.50.68.98 -j WANPREROUTING
    -A WANPREROUTING -p icmp -j DNAT --to-destination 192.168.1.1
    :upnp - [0:0]
    -A PREROUTING -d 10.50.68.98 -j upnp
    -A POSTROUTING  -o vlan2 -j MASQUERADE
    -A POSTROUTING -o br0 -s 192.168.1.1/255.255.255.0 -d 192.168.1.1/255.255.255.0 -j S               NAT --to-source 192.168.1.1
    COMMIT
    *filter
    :INPUT DROP [0:0]
    :OUTPUT ACCEPT [0:0]
    -A INPUT -m state --state INVALID -j DROP
    -A INPUT -m state --state RELATED,ESTABLISHED -j ACCEPT
    -N shlimit
    -A shlimit -m recent --set --name shlimit
    -A shlimit -m recent --update --hitcount 4 --seconds 60 --name shlimit -j DROP
    -A INPUT -p tcp --dport 22 -m state --state NEW -j shlimit
    -A INPUT -i lo -j ACCEPT
    -A INPUT -i br0 -j ACCEPT
    -A INPUT -p udp --sport 67 --dport 68 -j ACCEPT
    -A INPUT -p udp  -m udp -d 192.168.1.1 --dport 10000:10100 -j ACCEPT
    :FORWARD DROP [0:0]
    -A FORWARD -m account --aaddr 192.168.1.0/255.255.255.0 --aname lan
    -A FORWARD -i br0 -o br0 -j ACCEPT
    -A FORWARD -m state --state INVALID -j DROP
    -A FORWARD -p tcp --tcp-flags SYN,RST SYN -j TCPMSS --clamp-mss-to-pmtu
    :monitor - [0:0]
    -A FORWARD -o vlan2  -j monitor
    -A monitor -p tcp -m webmon --max_domains 300 --max_searches 300 192.168.1.0/255.255               .255.0 lan_ipaddr -j RETURN
    :wanin - [0:0]
    :wanout - [0:0]
    -A FORWARD -m state --state RELATED,ESTABLISHED -j ACCEPT
    -A FORWARD -i vlan2 -j wanin
    -A FORWARD -o vlan2 -j wanout
    -A FORWARD -i br0 -j ACCEPT
    :upnp - [0:0]
    -A FORWARD -i vlan2 -j upnp
    COMMIT
    
    Maybe Victek can help repair error ?
     
  69. RMerlin

    RMerlin Network Guru Member

    What is the output from this?

    Code:
    lsmod | grep account
    
    Just a theory I have...
     
  70. mrdarek

    mrdarek Reformed Router Member

    Hmm. What is "output"? I'm amateur in router so I not know terminology...
    OK - my router now work and probably is best work in compare 3 different firmwares (shibby, dd-wrt, genie). In all other firmwares my router like very often dropping connection but now work (but I using RAF only3 hours currently... - just installed after Shibby stop working without reasons).
    So I want little "fight" to improving very promising RAF firmware.
    I test this lsmod grep command listed in code box - it not output anything in any folder in my Putty after logging to 192.168.1.1
     
  71. RMerlin

    RMerlin Network Guru Member

    Type the commands through Putty. If no output appears beside the command prompt then it means the firewall fails since it tries to setup IPTraffic monitoring but the kernel module fails to load. In that case it could be because Victek didn't fix it to work on ARM.

    Sent from my Nexus 4 using Tapatalk
     
  72. RMerlin

    RMerlin Network Guru Member

    Follow up: this is how it should look like if the ipt_account module is properly loaded:

    Code:
    admin@stargate4:/tmp/home/root# lsmod | grep account
    ipt_account             8737  4 
    admin@stargate4:/tmp/home/root# 
    
    If there's no ipt_account in the result, then it means the module isn't loaded, which explains the error at loading the rules you posted.
     
  73. mrdarek

    mrdarek Reformed Router Member

    OK - I not got anything - like pressing enter - just nothing.
    I read that Tomato using iptables for web monitor, so I disabled this monitor, reboot router and no more this error in logs!
    Because Shibby has worked web monitoring I hope that in future releases Tomato-RAF this will be fixed for R7000 netgear.
    Still RAF Tomato best work for me and I stay here. Thanks for solved reason of this error.
     
  74. Gamby

    Gamby Reformed Router Member

    victek,
    i'm trying to create a virtual wireless (wl0.1) to attach on a certain bridge (br3) on netgear R7000 with 1.3g firmware, and can't get any ip address or connect if i put a static ip, but when a attach the wl0.1 on the same bridge as eth2, i can get ip address and connect.
     
  75. Edrikk

    Edrikk Network Guru Member

    I can confirm that on R7000 the command

    Code:
    lsmod | grep account
    
    returns nothing....

    these are the modules loaded:
    Code:
    tun
    ip6table_mangle
    ip6table_filter
    xt_recent
    ehci_hcd
    xhci_hcd
    ufsd
    jnl
    ext2
    ext3
    jbd
    ext4
    crc16
    jbd2
    mbcache
    usb_storage
    sd_mod
    scsi_wait_scan
    scsi_mod
    usbcore
    nf_nat_pptp
    nf_conntrack_pptp
    nf_nat_proto_gre
    nf_conntrack_proto_gre
    nf_nat_ftp
    nf_conntrack_ftp
    nf_nat_h323
    nf_conntrack_h323
    wl  
    et
    igs
    emf
    
     
  76. Victek

    Victek Network Guru Member

    I tested and I don't get any of the error you mention, could you check again?.. and please don't restore previous settings. Do you use ARM or MIPS router?
     
  77. alexlau

    alexlau LI Guru Member

    Hi Vic,

    Need your serious help here. I was trying to flash the latest .g Tomato to my AC56U running Merlin's build, however, after flashing, the interface asked me to manually reboot the router. After rebooting, only the power LED is constantly on, while the lights for all the ports (on the back panel of the router) will be all on after every 30 seconds -- which indicates rebooting from what I read online.

    There's no way to get an IP address nor locate it with the ASUS discovery tool.

    Does this mean I got a bricked router? Is there anyway to get it back to work?

    Your guidance is sincerely appreciated.

    Thanks.
     
  78. AmyGrrl

    AmyGrrl LI Guru Member

    Did you try pressing the reset button to clear off old settings, if you didn't select the option to clear the nvram when flashing a different firmware.

    I know my Asus RT-N66U has a tool called the Firmware Restoration. That allows it to recover from a bad flash. Not sure if its available or works for your model. You can give it a try. Just give your computer a static ip. Put the router into recovery mode. Then use the tool to upload a new firmware.
     
    Last edited: Jul 21, 2014
  79. alexlau

    alexlau LI Guru Member

    Hi AmyGrrl, thanks for the help. Sadly I didn't reset to default on the Merlin's build before flashing Tomato, would that be the cause? After flashing, no matter how I press reset, it doesn't work at all...

    I tried the firmware restoration tool, it couldn't work. The problem is that it couldn't even detect the router's IP, even if I set the PC a static IP.
     
  80. Victek

    Victek Network Guru Member

    Probably yes, I'll try to reproduce the same scenario and sort it, no problem.
     
  81. Slacker

    Slacker Network Newbie Member

    AC66U here, the JFFS page does not exist for me... Can anyone confirm this?
    +1 on the access restriction bug mentioned earlier.
     
  82. Victek

    Victek Network Guru Member

    Could you show screenshot of this bug? I don't have AC66U, thanks
     
  83. Slacker

    Slacker Network Newbie Member

    I have wiped the nvram and restored default settings. Trying to run the asp page directly yields a blank page.
    Tried setting nvram set jffs2_on="1" to see if it would show up. Reflashed to 1.3g with NVRAM wipe. Reflashed to 1.3d with NVRAM wipe.
    Flashed back to Shibby 121 and JFFS option is there.
    Flashed through tftp to 1.3g. Still no dice.
     

    Attached Files:

  84. dc361

    dc361 LI Guru Member

  85. Slacker

    Slacker Network Newbie Member

    @dc361 Tried it earlier, just yields a blank page...
     
  86. Slacker

    Slacker Network Newbie Member

    @Victek @dc361 Well, dc361 helped solve the mystery. I browsed over to the router and admin-jffs2.asp is 0KB.
     
  87. Victek

    Victek Network Guru Member

    Yes, it's normal, I simply didn't build AC66 with jffs space, it's not a bug. I was asking you the access restriction bug since I can't reproduce the iptables messages mentioned. Thanks.
     
  88. Slacker

    Slacker Network Newbie Member

    On the JFFS thing, I'm assuming I can just mount a USB drive as /opt and install optware, then?

    Line 173, in my case is the "COMMIT" action... Here's the test rule from iptables.error and a screenshot:

    :rres01 - [0:0]
    :rstr01 - [0:0]
    -A rres01 -p tcp -m multiport --dports 53,80,443 -j rstr01
    -A rres01 -p udp --dport 53 -j rstr01
    -I rstr01 1 -p tcp -m string --string "vube" --algo bm --from 1 --to 600 -j REJECT --reject-with tcp-reset
    -I rstr01 1 -p udp -m string --string "vube" --algo bm --from 1 --to 600 -j REJECT
     

    Attached Files:

  89. Slacker

    Slacker Network Newbie Member

    @gijs73 @Victek

    A bit of googling found me a work-around(looks like the module isn't getting loaded by default?), which is adding this to init scripts and rebooting:
    modprobe xt_string
     
  90. Lorenceo

    Lorenceo Networkin' Nut Member

    I've flashed Shibby's 112 AIO build to my R7000 to compare with 1.3g.

    IPv6 gives the old "Destination net unreachable." error. The router gets a v6 address but won't pass any traffic.
    The iptables errors from 1.3g aren't present. No errors are spammed in the logs.
    Haven't tested the saving WAN stats or logs to USB storage as of yet.
     
  91. Gamby

    Gamby Reformed Router Member

    The test i made on the 1.3g with R7000: i had to delete default gateway and add manualy with ip address of the gateway on the internet vlan, because it didn't pass any traffic to the internet vlan.
     
  92. mrQQ

    mrQQ Addicted to LI Member

  93. Hogan773

    Hogan773 Networkin' Nut Member

    Guys - I am looking to update to a new version of Tomato Viktek releases. It has been 3 years (I have been busy I guess). For my E3000 which one do I choose - DLNA or "Net Version"? I don't know what is the difference. Thanks
     
  94. dc361

    dc361 LI Guru Member

    The DLNA version has the dlna (media) server and some extra usb utilities, the NET version has network features like VPN etc.
     
  95. Hogan773

    Hogan773 Networkin' Nut Member

    I don't know which one I need. Maybe either would work. I am a simple user with no media server but I do use Citrix from my laptop to connect to my work computer. I thought that was VPN but that is probably a different VPN than the VPN you're talking about?
     
  96. dc361

    dc361 LI Guru Member

    The VPN part of the firmware is to allow the router to act as an endpoint (either client or server) and I imagine that for your citrix applications you have a vpn connected between your laptop and your worksite. I'm sure either would work for you and if you pick one and needed features from the other, just reflash the router.
     
  97. Goggy

    Goggy Network Guru Member

    Hiho!

    Anyone using NetFlow successfully? Tried to get it working with ntopng and nprobe yesterday without luck. There is simply no data arriving at the netflow-collector. A test with tcpdump shows the same (= nothing :)). TOP on the router shows also no "fprobe-ulog" - process.

    Thx!
     
  98. Victek

    Victek Network Guru Member

    What tomato RAF do you run? and router model please.
     
  99. Goggy

    Goggy Network Guru Member

    Hello Victek, i'm using your latest Firmware (v1.28.9014 MIPSR2-RAF-v1.3g K26 USB) on an Asus RT-N16.
     
  100. Goggy

    Goggy Network Guru Member

    Hmm - the "Netflow Collector" - Parameters are clear for me. Possible that i made something wrong with the Parameter "Netflow Source Address"? What should be entered there? The IP of the Router?
    Thx!
     

Share This Page