1. This site uses cookies. By continuing to use this site, you are agreeing to our use of cookies. Learn More.

Very curious Access Restriction changes and "please report this problem"

Discussion in 'Tomato Firmware' started by norman$, Aug 1, 2014.

  1. norman$

    norman$ Network Newbie Member

    Greetings kind fellow Tomato users--- pls be kind, I'm not linux-savvy :) Sorry for the wall o' text below, but I just want to give context and my overall experiences over time- the problems are a bit further down the page!

    I've used Tomato on various routers- WRT56Gv2 and v3, WRT 320N, and my new Asus RT-N66U. Started with DD-WRT ~2008 on the WRT56G units and eventually got in to tomato around 2010- I prefer the user interface and feature set.

    Generally I've loved tomato - and have used builds from Toastman and Shibby... maybe even an RAF build.

    Today, my Black Knight router is running Tomato Firmware 1.28.0000 MIPSR2-120 K26 USB AIO-64K (I think this is Shibby's)

    I've scoured this forum for info that might be helpful, but being linux-illiterate, I may have missed the answers to my problems.

    I have always checked that time is set correctly, and when flashing I wipe the NVRAM. I saw something about needing rules for before midnight and after midnight, so I have two sets of rules that differ only by time (10 pm-12am; 12am-8 am).

    Since at least my WRT 320N (bought in 2011) I've had problems with access restrictions-I wish to have MAC and/or IP based access restrictions and keyword restrictions, and this was a major reason for me to get out of stock firmwares to begin with. I've fiddled occasionally with QOS so I can run torrents and watch Netflix, etc., with varying degrees of success. The NT-66U seems powerful enough that I don't need QOS at all, and I also limit torrent speeds in the client... so no more QOS for me. I've usually set port-forwarding up manually, but usually also leave UPnP and NAT-PMP enabled (for no real good reason... I have a feeling my Samsung TV needs it, but never really checked)

    With the new router (which is otherwise pretty nice- good coverage, fast enough, etc.) I have serious issues with access restrictions- some long-standing (i.e., experienced with WRT 320N), some new.

    I have three kids, and I have to restrict their access to the intertubes by time. Routinely, I found that certain devices would end up on the allowed ("all except...") list. I'd delete such entries, save, log out and back in the rule would be fine - yet the next day at least one or two of my kids' machines were on the "kill internet all except" " list again. And newly registered devices (i.e., when friends, etc., come over and I sign them in with the wifi password), other machines end up on the "all except" list, too. This has caused some family issues (I prefer to prevent having to scold them for staying online- I understand its hard to resist sometimes!!!)

    I've scanned the logs, and saw nothing obvious ("do X to rule 1" or anything), and nobody is logging in to the router but me. Finding no solutions, I have recently resorted to the simplest of rules- kill wifi entirely at X time. And not even that is reliable :(

    Since my recent replacement of the WRT 320N with the RT-N66U (with switching of firmware versions to whatever is most recent and OK for the router) I find that rules are now arbitrarily disabled ENTIRELY, so I have to check daily that the radios are shut off at the right time. Still no joy. Bummer for me.

    To try for full reliability with a simple "on/off" rule, I went so far as to drill holes an my house and run cat 6 cable so my TV, Synology DS213air (with its radio killed), and personal/main machine- these are all I really need at night, and they all have strictly wired connectivity.

    I now also get errors when I try to add my "blacklist" of keywords and websites. When I try to set a rule "all day every day..." (without any MAC/IP restrictions, strictly default settings otherwise) I get now this error (new with this router and build named above):

    "The field "The field "" is invalid. Please report this problem. "

    But I really want the fine-grained control I used to (mostly) have- by device, time, keyword/website, etc.; I will eventually properly set up VPN and would like to use the router to run my torrents, too. But this stuff is more important to me.

    Any idea what's up?

    What kind of errors I might look for in the log?

    What info could I provide to help linux-literates here to help me resolve this issue?

    Thanks again to Toastman, Shibby and everyone else (Lancethepants, the DD-WRT folks, the OPEN WRT folks) that gave us end-users real choices and advanced features with consumer-grade routers.

    Best regards,

  2. norman$

    norman$ Network Newbie Member

    Just to update-

    By adding just a few (~5) blacklist entries at a time it seems I don't get the error
    "The field "The field "" is invalid. Please report this problem. "

    (at least not yet... only have about 1/2 the hundred or so entries in there, though)
  3. norman$

    norman$ Network Newbie Member


    two things-

    adding to the blacklist a few items at a time avoids the "The field "The field "" is invalid. Please report this problem. " error

    However, I still have rules altering and/or deactivating themselves. Right now, the rule is "disable wireless", so the alteration is that the rule gets disabled, leaving the radios on when I want them off.

    It is does not happen every day, but it occurred this past weekend when my kid had a sleepover and several new devices got DHCP leases. Perhaps some interaction btw DHCP and rules?

    I don't thing that anyone has logged in to my router beseides myself, but don't see logins in the logs- how do I enable logging of logins to eliminate the possibility that my bright young kids aren't just getting around me? (yes, I've changed passwords recently to something fairly secure- this rule change would have been after my most recent password change)

    No thoughts? No hints? pretty please??
  4. AndreDVJ

    AndreDVJ Addicted to LI Member

    My router is a Netgear WNR3500L V2, and I run Advanced Tomato on it (It's a Shibby mod with a much better web interface).

    It's odd to see your Access Restriction rules simply vanishing off your router.

    I would try Advanced Tomato if I were you. Maybe the stock web interface has issues preventing getting keywords listed then saved.


    I created a rule All day/Everyday with 16 keywords and it's working fine. It does not block HTTPS sites. Access Restriction is a tricky stuff and you might be running into issues with HTTPS sites as well.

    I would suggest reading http://www.linksysinfo.org/index.ph...ccess-restriction-block-https-websites.45988/
  5. Toastman

    Toastman Super Moderator Staff Member Member

    There seems something werong with your particular router and/or/ setup. I've used access restrictions on all my routers for access control with around 150+ MAC addresses for years and have never seen any problems at all, and never heard of anything like that either. Certainly, rules disappearing and people appearing in the list on their own? Weird. The only scenario I can imagine is that you had them there previously, then removed them, but either forgot to click "save" or the router for some other reason did not save it.
  6. Monk E. Boy

    Monk E. Boy Network Guru Member

    When you wipe NVRAM, how do you restore the configuration? Do you restore a configuration backup or do you set values up by hand? Restoring a configuration file negates the usefulness of erasing NVRAM, as it restores the NVRAM to its previous state. In particular if you restored the configuration file from your WRT onto the N66 that could introduce serious problems.

    Another thing that occurs to me is that the browser you're using to configure the router can introduce its own problems, as people have occasionally reported problems specific to Chrome (I imagine other browsers could cause problems during saves too).
  7. norman$

    norman$ Network Newbie Member

    Thanks for the replies folks- including Mr Toastman!
    Truly, thanks. Feels like asking about a certain famous vacuum cleaner and getting a reply from Mr. Dyson, or a reply from Bill Gates regarding windoze... maybe Gates ain't fair- I never got a sense he really gave a damn- you all certainly do!!

    When I wipe NVRAM, I don't restore from old copies. I re-enter by hand (per the combined wisdom of all you skilled users!!) A hassle, but I do trust the combined wisdom of the forum, and try to follow the accepted practices- I understand that various commands may no longer reside in the right place following a firmware change, leading to mysterious errors.

    And plently of times I have forgotten to hit the magic "save" button- but I'm pretty darn careful to do this now.

    I'm not really worried about blocking https- as I note above, I'm looking for MAC or IP-specific rules that don't change all by themselves if, e.g., new users join the network. The whole point is to kick the youngun's offline at X o'clock so they can't stay up all night skyping/playing league of legends/minecraft or visit tremendously inappropriate websites etc., all night. (after all, I would, and have, done such things...if I can't resist temptation, I can't expect them to!! At least I can log where they go so I can have some idea if they're playing/surfing safely)

    Truly, the oddest thing I've experienced is what I first described- changes (ADDITIONS TO) the "block wireless internet access for everyone but X, Y and Z" ... later becoming X, Y, Z, W, K .... generally machines that have joined or re-joined the wireless network.

    Now, it seems possible but unlikely that one of my kids has managed to get into the router. (specifically, my 15 yr old daughter- certainly smart enough to learn what she might need to accomplish this- and its often her or her friends' machines popping up on the allowed list- but not exclusively) - so... is there a convenient way to log all logins by IP or mac address?

    I just haven't the faintest idea how to go looking for informative logs- I see lots of stuff about DHCP assignments/requests, the occasional activation of a rule, and the like but no "change to rule 2" or "admin logged in" at time T, or "Rule 3 conflicts with rule 2". It seems to me like info the router would and could log all this- I just need to know how to activate and find such logs. Then I might be able to get some idea what is happening.

    The error about blacklisted sites/words seems to have resolved by adding a few at a time... but it was interesting that the error message said "report me"!!

    I use firefox with a pile of add ons, mostly of the security/privacy nature, like NoScript, etc. Yeah, plenty of sites get broken, but the tomato interface seems pretty stable even in the face of all that stuff.

    Thanks for your suggestions- maybe I'll change firmwares, etc. But help with diagnosis would be great too.
  8. norman$

    norman$ Network Newbie Member

    Oh- and just to be clear- the rules don't just disappear- they change... turn on/off, add new MACs/IPs to the "whitelisted" machines... generally in my kids' favor ;)

    Hence my thought they're getting in and mucking about :)

Share This Page