Can not connect to certain sites using Shibby's Tomato

Discussion in 'Tomato Firmware' started by redguy, Feb 21, 2013.

  1. redguy

    redguy Serious Server Member


    I'm having a strange problem with Shibby's Tomato running on Asus RT-N66U. Simply put, I can not connect to certain sites. Most of the internet works without problems, but a few sites can not be reached using neither http nor ping. For example, (static files for and problably some servers serving parts of

    ping times out, wget times out, same for firefox and safari. If I use one of ip addresses that resolves to, it still times out. The same problem manifests on my OSX MacBook (both over wifi and wire), iPad and Android phone. If I connect notebook directly to the cable modem, it works perfectly. After reconnecting cable modem back to router, it sometimes keeps working for a few minutes, but then the problem reappears (sometimes immediately). Restarting router, notebook and/or cable modem does not help.

    I'm running current version of the Shibby's Tomato (v106, AIO), but I got the same issue with v105. The configuration is mostly default, no VPN, no QoS, no bandwith limiting, no Tor, no Jumbo frames. MTU is 1500 everywhere (notebook and all relevant router's interfaces), the problem persisted even if I set MTU to 1000 on the notebook.

    I do not know much about low level networking, but the following output from traceroute seems weird. When connected directly to the cable modem, it works as expected ( is one of's IP addresses):

    $ traceroute
    traceroute to (, 15 hops max, 52 byte packets
    1 * * *
    2 ( 46.204 ms 22.465 ms 18.159 ms
    3 ( 39.922 ms 19.748 ms 13.985 ms
    4 ( 216.792 ms 11.555 ms 55.035 ms
    5 ( 22.375 ms ( 56.875 ms 81.473 ms
    6 ( 146.676 ms ( 32.737 ms ( 110.634 ms
    7 ( 37.307 ms ( 58.622 ms ( 56.797 ms
    8 ( 121.995 ms 163.613 ms 90.763 ms
    9 ( 94.641 ms 49.204 ms 129.889 ms

    However, when I connect over the tomato router, I get this:

    $ traceroute
    traceroute to (, 15 hops max, 52 byte packets
    1 tomato ( 4.621 ms 4.313 ms 4.224 ms
    2 * * *
    3 ( 52.182 ms 16.215 ms 19.246 ms
    4 ( 59.784 ms 117.214 ms 34.223 ms
    5 * * *
    6 * * *
    7 * * *

    ... and so on, stars only until the limit.

    How is this possible? What's the difference between traceroute packet sent directly to cable modem and via router? Why it stops working after few hops? Could this be the cause?

    Does anyone please have some idea what the problem is? Or at least what diagnostics should I try next?
  2. shibby20

    shibby20 Network Guru Member

    RT-N66u + v106

  3. PetervdM

    PetervdM Network Guru Member

    two shots:
    - are you sure there is no blocklist script running on your router?
    to be sure you could completely reset your router ( administration, configuration, restore default, thorough ) and rebuild it by hand, not by restoring a backup!

    - cable modems are notorious about being picky over the mac address of the connected equipment. this means that the wan ip address of the modem is different from ip address of your mac when it is directly connected.
    pls try this:
    note the ip and mac address of the wan connection of the router ( status, overview, wan ).
    note the macaddress of the macbook when it is connected to the router, go to the router management pages, advanced, mac address, wan, and clone the mac address of your macbook, and save.
    switch off the router, reboot the cable modem and wait until its lights calm down. switch on the router.

    check the new ip and mac wan address ( status, overview, wan ).
    repeat your original tests. if it works you could leave it this way, or restore the original router mac address and switch off your modem and router for at least one night in order to try getting a new wan ip address. switch on the cable modem and wait until its lights calm down. switch on the router.
  4. shibby20

    shibby20 Network Guru Member

    and first of all erase nvram :)
  5. redguy

    redguy Serious Server Member


    thanks for the asnwers 8)

    I tried to find a "erase nvram" option, could not find any, so I just did a firmware upload (v106) with "erase nvram" checked. Configured only the bare minumum (wifi, usb storage, smb sharing so I can watch movies). Also got my cable modem changed (for a unrelated reason), for a brand new Cisco (old one was Motorola). work completely after that, but I'm afraid it is only because now the IP address I get for is for example (others are 54.240.162.*), instead of I got before.
    Traceroute to was fine, however, traceroute to still failed after 4th hop (as shown in the first message). If I connected notebook directly to the mode, traceroute to worked completely.

    Then I changed router's WAN MAC to the MAC of the wired interface on my macbook - and so far, everything works, even traceroute to .

    I'm totally baffled. If the MAC change was really the fix, then I understand nothing. Two different cable modems from different manufacturers just hated my router's MAC? Note that the new one did not even see any other MAC address before, the router was the first device connected to it.

    Or is the cable modem reporting my device's MAC address to the cable operator and something got very weirdly screwed at his side? Black magic 8( All I can do is to hope that the problem will not return.

    anyway, thanks for the advices 8)
  6. PetervdM

    PetervdM Network Guru Member

    The mac address of the device connected to your modem determines which ip address you get from your isp, not the mac address of the modem. for some reason that ip address might be misrouted, or even blocked which is not necessarily your fault.
    glad you sorted it out.
  7. shibby20

    shibby20 Network Guru Member

    Clone your PC mac to WAN router`s port and grow up TTL +1.
  8. Monk E. Boy

    Monk E. Boy Network Guru Member

    It's an option on the Configuration page, which is under Administration. There's a drop down list under "restore default configuration" with two options, you want to choose the second one (thorough).

    Cable modem ISPs typically make the cable modem "marry" itself to a single MAC address. To connect a different device to the modem you must power off the cable modem so it returns to an "unmarried" state. In other words, if you had first connected your Macbook to your cable modem to run a test, then connected up your router, the router will not be able to talk to the modem until the modem is powered off.

    Occasionally - and only occasionally - I've seen ISPs that have gone a step further to annoy customers. With these ISPs you must first perform a DHCP release on that first device (e.g. Macbook), then power off the modem, then connect your second device (e.g. router) to the modem, then power on the modem. Any variation from this results in the modem/ISP throwing a hissy fit and refusing to allow the 2nd device to talk through the modem.
    koitsu likes this.
  1. This site uses cookies to help personalise content, tailor your experience and to keep you logged in if you register.
    By continuing to use this site, you are consenting to our use of cookies.
    Dismiss Notice