Charter Banning Tomato Router

Discussion in 'Tomato Firmware' started by johns996, Dec 5, 2009.

  1. johns996

    johns996 Addicted to LI Member

    Is anyone else having problems using their Tomato-based router on Charter? I'm running the newest release (1.27) on a WRT54GL and every few days I wake up to a banned router. I checked with a Charter tech (through the dslreports forums) and he verified that my router was being banned for being too "chatty" on the network.

    When this happens I usually have to reset a few times and about 50% of the time this will work. Other times I have to remove my Tomato-based router and switch to a DD-WRT one before I can connect again.

    Has anyone seen/heard anything like this before? Any ideas on how I can fix it? I love Tomato and really don't want to go back to DD-WRT.
  2. Kiwi8

    Kiwi8 LI Guru Member

    Have u checked all your PCs to make sure that none of them are causing the unusually high amount of traffic?
  3. TexasFlood

    TexasFlood Network Guru Member

    Can't really comment about Charter specifically. If all their tech told you was that your router was banned for being too "chatty" then maybe you need to talk to another tech that's a bit more technical. Chatty isn't really a very descriptive term, I don't normally use it but sometimes in comes up in discussions, typically to mean potential network hog with respect to a specific application under discussion, like P2P file sharing as an example hog. Basically he isn't telling you anything other than something is generating network traffic Charter doesn't like, not very helpful. The network is just the transport, tells you nothing about the application generating the traffic. It's like a policeman pulling you over because your aftermarket wheels/tires make your vehicle too wide to fit in the marked road lane and gives you a ticket but only telling you it is for a "traffic violation". It's not enough information to tell you what is wrong so before long you're going to get another ticket. OK, that's a silly example, :smile: , just trying to illustrate the issue.

    If the implication is that Tomato itself is generating excessive network traffic, rather than just passing the traffic, and that a reset or switch to a different firmware will remediate the situation, doesn't really make sense based on my experience. Kiwi8 suggesting that your PCs could be generating an unusually high amount of traffic, on the other hand, does make sense. It could be P2P traffic, games, a trojan horse program, lots of possibilities.

    I can't explain why resetting the router or switching to DD-WRT would help. Seems like if you were banned that as long as your router presented the same MAC address that you would still be banned. Unless perhaps the ban is by IP address and you're getting issued a new IP address. I would think, again, that unless your MAC address changed that you would get issued the same IP address but maybe this isn't the case with Charter. Changing the WAN MAC address and restarting the router (and perhaps the cable modem) should get you a new IP address and perhaps temporarily get around the ban, you're likely to get banned again until you figure out where the traffic causing the ban is coming from. Need more info from Charter on the nature of the traffic and/or do some investigation on your side.

    But let me repeat that I have no direct experience with Charter, or really indirect. I'm just trying to help, so I could be off the mark. Take it with a grain of salt, if it helps then great, if I missed the mark then please ignore, :biggrin:
  4. johns996

    johns996 Addicted to LI Member

    Charter vs. Tomato

    TexasFlood, I'm actually using two different routers. The one with Tomato is a WRT54GL and the one with DDWRT is a WRT54G v5.

    I've tried changing MAC addresses, resetting to default settings and even cloning the mac of my DDWRT router but when the Tomato one doesn't want to work, nothing I do will fix it. When the Tomato router gets banned, I can't even log into my cable modem. I can see it for a few seconds once it reboots but then the connection is refused and the only way I can connect to the modem again is by unplugging the coaxial. As soon as I plug it back in, the connection goes away.

    When these bans happen it is almost always in the morning after my PC has been shut down for the night. I boot up, try to connect and nothing. This only happens about once or twice a week but never on a regular schedule.

    I just put the newest DDWRT on my WRT54GL and it is currently working. I guess I'll just wait and see if the router gets banned running this firmware. Maybe something is wrong, physically, with the router. Could that cause this ban?
  5. Planiwa

    Planiwa Network Guru Member

    1. What precisely is the meaning of "wake up to a banned router"?

    2. What is the precise meaning of "too chatty"?

    3. Can any of this be expressed in precise technical terms?

    4. Do the router logs and modem logs contain any relevant information?

    5. Does this happen on PPPoE reconnect attempts?

    6. If so, what causes the (chronic) PPPoE disconnections?

    7. Are DSL disconnections involved?

    8. Is there any evidence that any of this is specific to Tomato?

    9. What precisely is meant by "banned"?

    * * *

    Two suggestions:

    1. Look for repeated "Resending..." in Tomato's Log (with PPPoE logging ON, of course)
    (coming from libpppoe.c -- this may be the source of the problem)

    2. If PPPoE does not reconnect immediately, stop Tomato from attempting to reconnect for at least 15 minutes. (My preferred way: set WAN connection to "Disabled" in Basic > Network. Save. Revert 20 minutes later)
  6. TexasFlood

    TexasFlood Network Guru Member

    johns996, suggest you read Planiwas post and respond to that. I was really just speculating, trying to get a discussion going, but Planiwa seems to have some concrete ideas, questions and suggestions.
  7. johns996

    johns996 Addicted to LI Member

    Round 3

    Planiwa, I'll do my best to answer your questions though I'm kind of new to router/network technology.

    Periodically, when I wake up around 6 a.m. and boot up my computer I will notice that I cannot connect to the internet. When I log into my router I see that Tomato is reporting that it is disconnected. When I try to log into my cable modem, I cannot connect. A charter representative quoted me this on the forums:

    Ok, so I really didn't find anything in the logs you sent but we did check our logs and it was being banned for being too "chatty." To be completely honest I don't know if something changed or if you found a setting to fix but it hasn't come back up on the log since Sunday.

    All I know about what exactly "too chatty" means is what the rep. quoted me.

    I'm doing the best I can with technical terms. Since the Charter people have not clearly stated what my router was being banned for I can't say for sure. I've asked the charter rep to clarify "too chatty", hopefully he does.

    I have the iptables, syslog and nvram logs that I took this morning. Would any of those help? Are their any other logs you would like me to find? Since I don't know what to look for, I can't really say if they have anything relevant.

    Sorry, but I don't know what that is.

    See # 5.

    No, this is not a DSL connection.

    My best guess is that this is relevant to Tomato. I can switch routers and my connection works again. If I switch back sometimes the connection works, sometimes it does not. This has consistently happened since I started using Tomato. The router that had Tomato on it has be flashed with DDWRT and it is currently working. My plan was to just use DDWRT for a few weeks to see if it experienced any of the same problems.

    I used the term banned because this is what the Charter rep quoted me. Here is what he said in his first post.

    I can tell you with 100% certainty that the problem is not that we are blocking a router with Tomato on it. In fact I have spoken with many of our own engineers that run routers with that firmware, and I'm quite sure if they have anything to say about it, it's not getting blocked.

    Now, as to what is blocking it. There are a few things that I can think of off the top of my head that could be to blame. This is happening only when you are connected through that specific router and only if the modem is provisioned? And you said that when you completely reset the modem you are able to connect for a while (but only sometimes). The first thing that comes to mind is that the router, for some reason, is being "chatty." Can you check the DHCP logs on the router? If it is requesting a continual refresh of the IP address (or multiples in a row) it could get banned from the server, effectively shutting it down. I have seen this happen many times, unfortuantely.

    I will try your suggestions. Since this means that I will have to re-flash my router it might take me a day or so to have the time to do the tests you suggest (weekend=wife time). Regardless, I love the tomato firmware and I really want to keep using it so I'll do whatever it takes to figure this out.

    Thanks so much for the help everyone. I really appreciate it.:smile:
  8. Planiwa

    Planiwa Network Guru Member

    Forget PPPoE and DSL, -- now that you have told us it's a cable connection.

    Look for those DHCP messages, as the tech suggested.

    I don't know who supposedly suggested reflashing anything, but it was not I.

    I suggested:

    1. examine the TOMATO (sys)LOG (for DHCP messages)
    2. if/when you see runaway "requests" despite answers or no-answers, stop those self-defeating requests by whatever means necessary, for at least 15 minutes or so.

    Might also search for: cable DHCP lease (dis/re-)connection problems
  9. johns996

    johns996 Addicted to LI Member


    I know you didn't tell me to re-flash my router, this is just something I did to get it working again.

    This is form the Tomato syslog.

    Is that the DHCP stuff I should be looking at? This is just a chunk of the repeating code found in the logs. I counted 6 blocks the the two posted above.
  10. TexasFlood

    TexasFlood Network Guru Member

    I forgot to ask my obligatory PITA question....

    After flashing from DD-WRT to Tomato are you performing a NVRAM reset as recommended in the official Tomato FAQ in the "Should I reset the configuration after installing Tomato?" section? Might not be the issue but I always like to make sure it's out of the way first so there is no question before other troubleshooting steps.
  11. johns996

    johns996 Addicted to LI Member

    Texas, I did a 30/30/30 reset and then a NVRAM clear when I switched to Tomato and when I switched back to DDWRT. When I put Tomato back on, I'll do the same again.
  12. TexasFlood

    TexasFlood Network Guru Member

    OK, assuming you mean that the NVRAM clear was done after flashing Tomato, then you should be good in that regard, I had to ask.
  13. krux01

    krux01 LI Guru Member

    try adding this line to your firewall script, and then reboot:

    iptables -I INPUT -p udp --sport 67 --dport 68 -j ACCEPT

    it looks like you are having a hard time obtaining a dhcp lease. the chunk of logs shows that dnsmasq is restarting over and over. Although usually it will wait 10 minutes before renewing.
  14. TexasFlood

    TexasFlood Network Guru Member

    I remember, well, I do now, reading about that recently, in this post in the Tomato 1.27 thread which referred to this thread from some months back. Unfortunately I didn't remember it on my own earlier. Guess my memory isn't what it used to be, if it ever was, :-D . Seems like I read somewhere that Charter cable modems IP address is instead of the more common, or I think it is,, which might be part of the problem.
  15. johns996

    johns996 Addicted to LI Member

    I put Tomato 1.27 back on the router and watched my connection go away a few minutes after the firmware flash and nvram reset. I tried adding the command suggested by krux01 in the firewall section of the scripts page, did a reboot and still could not get a connection.

    The one from the thread TexasFlood linked to looks different, should I try it?
  16. TexasFlood

    TexasFlood Network Guru Member

    I would have thought that krux01s suggestion should have worked, but I'm not really an iptables guy. If your cable modem IP is really as I believe that I read, then the right rule I think would be:
    iptables -I INPUT -p udp --sport 67 --dport 68 --source -j ACCEPT
    That should allow DHCP UDP broadcasts from port 67 to port 68 from the WAN side, if they're being blocked, specifically from in my example. Is your LAN subnet 192.168.1.x? If so, I wonder if Tomato gets confused routing to the same IP on the LAN and WAN. I really don't know but maybe someone more expert here could address it.

    There is a little less restrictive example of the command given in an iptables tutorial here, but I assume it isn't required since it hasn't come up before. Following the examples from krux01 and mstombs from the earlier thread, I think the command would be:
    iptables -I INPUT -p udp --dport 67:68 --sport 67:68 -j ACCEPT
    But again, presumably this isn't required here. And as I said, I'm not an iptables guy so can't even guarantee this form would work correctly on Tomato without trying it.
  17. johns996

    johns996 Addicted to LI Member

    My modem's IP is My LAN subnet is 192.168.1.xx where xx is 100 - 150.

    I'll try your second to last command and see what happens.

    EDIT: Well, I'm posting this using the Tomato router. I don't know if it was the firewall script or something else but for now it works.
  18. TexasFlood

    TexasFlood Network Guru Member

    Great news, hope it holds! Good luck...
  19. nvtweak

    nvtweak LI Guru Member

    Ideally I would have the router on 192.168.2.x, since the modem is already on 192.168.1.x

    Having both on 192.168.1.x is a bit problematic.
  20. vanhh

    vanhh Network Guru Member

    exactly, they should not be on the same subnet.
  21. FattysGoneWild

    FattysGoneWild LI Guru Member

    Either you have an infection or to much P2P for Charter's likes. I have the 20mb/2mb service running Tomato on a Linksys WRT54GL v1.1 with no issues.
  22. johns996

    johns996 Addicted to LI Member

    I made the switch. Now I just have to go and fix my port forwarding and find that printer. Thanks again for the help. Why do they set the defaults for a router and modem to be on the same subnet anyway?

    Fatty, I'm in northern Michigan, where are you at? Maybe the charter network is different in different places? Speedboost was just rolled out here and it happened to be the same time I got my WRT54GL and put tomato on it. Maybe the two are somehow related? Also, I don't really do too much P2P and even then it is just torrents and just for a few hours in the afternoon never more than a hundred or so megs exchanged. As for an infection, I've run all kinds of scans without finding anything. I'm pretty safe with what I do on the Web. L4D2 and Borderlands chew up all my computer time, so their is not much left to get into trouble with.
  23. TexasFlood

    TexasFlood Network Guru Member

    Can't hurt and very well might help. I'm not 100% sure that this was part of your problem. But might have been and if it were me, I'd make them different just to be sure.

    Most of the cable modems I've seen have an IP address of which typically doesn't conflict with the default LAN subnet on home routers. If your cable modem and router both have an IP address of, and both have a web management interface then going to will take you to one or the other (probably the router). The other likely won't be accessible, so there's a good reason to make them different right there.

    And I think it's good practice from a security perspective to change your LAN subnet to something other than the default. Maybe I'm a bit paranoid but just cause you're paranoid doesn't mean they aren't after you, :biggrin:
  24. FattysGoneWild

    FattysGoneWild LI Guru Member

    I am in southern Oregon. PB launched maybe a month or so ago. They had issues with the launch and it was delayed. Shortly after they launched it. Some issues came up but it was resolved. They have a terrible network for reliability. But it is the fastest service in my area or I would be using FIOS if it was available.

  25. johns996

    johns996 Addicted to LI Member

    Two days and everything is still working. I'll keep this thread updated with anything that goes on. Thanks again everyone.

    EDIT: It's now Dec. 10. Things have worked without an issue since the fix.

    EDIT #2: Dec. 14, still no issues.

    Looking back through stuff, I discovered that my cable modem's IP was and my router's IP was, so they were never on the same subnet. Regardless, I'm still keeping my router at and I also updated the IP tables script to read once I figured all of this out:

  26. Lothsahn

    Lothsahn Addicted to LI Member

    Seeing the same problem

    I'm seeing the same problem... my parents use Comcast and have no issues, but both me and a neighbor (who I maintain) are periodically unable to get IP addresses, and we both have charter. When this happens, our routers will show as the IP address, even after attempting to connect.

    I noticed the issue did not occur in 1.23, but has occurred in all releases since. I've gotten DHCP client logs and all I see is this:
    Dec 31 21:51:16 Lothsahn udhcpc[296]: Sending discover...
    Dec 31 21:51:39 Lothsahn udhcpc[296]: Sending discover...
    Dec 31 21:51:42 Lothsahn udhcpc[296]: Sending discover...
    Dec 31 21:51:45 Lothsahn udhcpc[296]: Sending discover...
    (over and over)

    Please let me know if there's ANYTHING else I can get. I'm really at a loss of doing this, but I'm pretty familiar with Linux, so I'm happy to login and do whatever you guys may need.

    I've been living with this for a couple months now and been at a loss to figure out anything.

    My current build is:
    TomatoVPN 1.27

    My neighbor has TomatoVPN as well and is running a WRT54Gv3
  27. phdeez

    phdeez Addicted to LI Member

    Did you try the generic iptables entry here (the second one)?
  28. Lothsahn

    Lothsahn Addicted to LI Member

    I've found a fix to the compatibility problem between Charter and Tomato. To fix the issue, do the following steps:

    1) Upgrade to Tomato 1.28 (preferably tomato-usb). There is a DHCP fix in Tomato 1.28 that is essential with regards to DHCP broadcast packets.
    2) Login to Tomato
    3) Go to advanced
    4) Go to DHCP / DNS
    5) Under DHCPC Options, put the following:
    --retries=2 --timeout=5 --tryagain=310
    (Note: this causes the router to only try to get an address twice, timeout after 5 seconds, and wait 5 minutes between attempts. On Charter, you could lower the --tryagain to 3 minutes, if you wanted, but I've set it to 5 to be safe)
    6) Click save

    Note: This fix only has been validated in Tomato-usb 1.28. Stock tomato 1.25 does NOT have the "DHCPC Options" field.

    The root cause of the problem is that Charter's DHCP server stops communicating with any DHCP client that attempts 5 communications in a 3 minute window. Once blacklisted, devices are not able to communicate with the DHCP server until there has been 3 minutes of inactivity. However, Tomato's default behavior is to try 5 communications per attempt, and to try more frequently than every 3 minutes to connect.

    When making the connection, some cable modems appear to establish the upstream connection before the downstream is fully established. This allows packets to travel FROM the router but not back TO the router. When the Tomato router attempts to get its IP address, the packets TO the DHCP server are received, but the responses are not. This causes Tomato to retry over and over, getting itself blacklisted. Once blacklisted, Tomato attempts often enough to stay blacklisted.

    When power is applied simultaneously (power comes back) to the cablemodem and router, certain cable modems startup at the same time as the Tomato router. This means that Tomato has a timing condition where (after a power outage), it gets itself blacklisted and will not obtain internet access without manual intervention. However, other cable modem models appear to startup much more quickly (or establish upload/download at the same time), and are not affected by the issue.

    From a Charter Rep:
    The amount of time that it takes to reestablish a connection makes me think we could have a DHCP denial issue. This is where something from the customer's end is requesting an IP address from our DHCP servers more than 5 times in 3 minutes. The culprit of these issues is a router about 95% of the time. When this happens, your service is temporarily blocked. To fix it, the server has to be clear of all requests for 3 minutes. We usually accomplish this by unplugging modem and router for that time.

    The fix is to reconfigure udhcpc to try fewer times and to wait longer between attempts. This prevents the router from being blacklisted. This is achieved by passing "--retries=2 --timeout=5 --tryagain=310" to udhcpc.


    The issue can be worked around by unplugging the Tomato router for 5 minutes, and then plugging it back in. Alternatively, you can power on the cable modem fully before starting the router.

    Reproduced this issue on a WRT54GL with the following cablemodems:
    Motorola SB 5100
    Ambit U10C018.80

    Issue did not exist with a WRT54GL the following cablemodems:
    Cisco DPC3010
  1. This site uses cookies to help personalise content, tailor your experience and to keep you logged in if you register.
    By continuing to use this site, you are consenting to our use of cookies.
    Dismiss Notice