[Fork] FreshTomato-MIPS

Discussion in 'Tomato Firmware' started by kille72, Apr 26, 2018.

  1. digixmax

    digixmax LI Guru Member

    +1.
    The introduction of Multi-WAN also brought in some bugs that remain until this day -- e.g., the Default Gateway and Static DNS settings became ineffective for some configurations such as with Wireless Ethernet Bridge mode.

    I too wish that there are non Multi-WAN builds.
     
  2. kernel-panic69

    kernel-panic69 Connected Client Member

    Then that is definitely not proper behavior, which is why I asked. It should give out static and dhcp-served IP addresses. I do know that BusyBox is an older version in FT, so that may be part of the issue. It could also be a dnsmasq / UI issue contributing as well. I am currently working on getting things ready to merge the latest BusyBox git (and hope everything still works), have had to take a break because I can't stare at source code when I am sick as a dog.

    If you are coming from another mod of Tomato, OEM firmware, DD-WRT, etc. it is a generally good practice to wipe the nvram. I have not noticed that much in changes since I have been testing FT to necessitate doing it again... but I had previously reverted my test device to stock from DD-WRT.

    Multi-WAN can be turned on or off (?) -- I am not using it, and last I recall, you *had* to do something for it to go into Multi-WAN mode. If you're not using it, then what is the problem, other than any possible bugs or glitches? I completely understand where you are coming from, though.

    As far as the wireless client situation, why would the client need to set encryption when the AP handles that? If you're worried about KRACK attacks, well, let's just say that the only attempt I have seen at fixing that issue pretty much breaks wireless and causes issues... but I am not entirely sure of any such fix in any version of Tomato at present. That would be up to @pedro311 or @kille72 or any of the other development contributors to answer...
     
    Last edited: Jan 28, 2019
    pharma likes this.
  3. Sean B.

    Sean B. Network Guru Member

    I noticed that about his statement as well. However, I believe it to be caused by the situation. When clicking save in the GUI the NVRAM variables used to store received DNS server IP's are cleared as part of the init process of the related services restarting, but I don't think the WAN DHCP connection is released/renewed at the same time. If he was to release/renew the WAN after enabling the "Use received DNS" option so the variables are repopulated, correct functionality would likely be seen. I may be incorrect, however with no one having reported this as an issue by now, either I'm right or no one really uses the option anyway.
     
    kernel-panic69 likes this.
  4. digixmax

    digixmax LI Guru Member

    I am most concerned about by-product bugs/glitches, but also the consequence of increase in flash and/or nvram size requirements for common build type (e.g., VPN) exceeding the capacity of some older router models. I have a WNR3500L with 8MB flash which I used to be able run a BT-VPN build on it in prior to Multi-WAN introduction, now the only build type I can find to fit on it is MiniIPv6.
     
    Last edited: Jan 28, 2019
    danielhaden and kernel-panic69 like this.
  5. Mikael Bak

    Mikael Bak Network Newbie Member

    Yes, I know. I'm not talking about coming from stock or DD-WRT or whatever. That should be obvious from my original post, I think.

    My main Multi-WAN annoyance is basically that it drains nvram resources. It does not help to turn it off or not using it actively. It'll still use nvram since the nvram variables has to be defined and hold default values. At least this is how I understad how it works. Please correct me if I'm wrong.

    Perhaps for some targets it would be good to have builds without multiwan. If that is even possible.
     
    danielhaden and kernel-panic69 like this.
  6. filipedonato

    filipedonato Connected Client Member

    What is the command to turn off all the LEDs on the router?
    I need to go to the tab: ADMINISTRATION - BUTTONS / LED
    Or in the tab: ADMINISTRATION - SCRIPTS
    (router belkin n600)
     
  7. aehimself

    aehimself New Member Member

    I am aware that network delays can deny valuable information to be written to the log file, but as my (unmodified) WRT54GL does not have USB ports I don't have much choice.
    As for the instructions they are clear as water thank you very much for that! Unfortunately I have no CIFS (only JFFS) client... I guess the mini build does not include it.
     
  8. danielhaden

    danielhaden Network Guru Member

    +1
    I wish there was a non-multiwan option with vastly simplified QOS only 5 rules.
    In other words, De-Bloat
     
  9. lancethepants

    lancethepants Network Guru Member

    @danielhaden
    In what environment and workload have has this "auto" qos been tested? Toastman's rules have been in apartment complexes with dozens of clients, some of which would saturate everything with torrents. Does this hold up to this sort of environment?
     
    Techie007 likes this.
  10. the_tourist

    the_tourist Network Newbie Member

    It is true that your "vastly simplified QOS only 5 rules" is fast...

    I adapted your rules on my RT-N66U which runs under "Merlin LTS fork".
    I only added one "High" (2nd) priority entry for the mac address of my VOIP interface.

    I adjusted the "Up Bandwidth" to 75% of the minimum I observed (after several tests) and the "Down Bandwidth" to 85% of the minimum also observed. It is also these settings that give me (after many tests) the lowest average Bufferbloat results in ms, in the detailed results of "dslreports": http://www.dslreports.com/speedtest/45507411

    I have a constant rating of "A+" since I made these adjustments.

    I find that the reactivity of my Internet browsing has improved significantly.

    Nice work.
     
    danielhaden, pharma and Señor Nimda like this.
  11. danielhaden

    danielhaden Network Guru Member

    Today, mips router, apartments, 7 devices ea, 50 connections ea = 6 dozen devices = just 10 apartments.
    A model based on just 1 pc per apartment, is outdated.

    With modern use, it seems that Mips routers aren't supporting apartment complexes; so, the little 5 rule QOS meets the more modern expectation of more efficiency and much more speed.
    Since it isn't pedantic, it doesn't require continuous update labor from the developers (because it doesn't get out of date).
    Of course, the auto QOS is somewhat smaller; however, the bandwidth overhead cost is near zero--you put in your actual line rates, and you get all of the speed that you paid for.
    And, with the lighter cpu load as well as less packet loss, there's far less lag.

    Given that the little mips cpu now/currently has a higher throughput job with a smaller number of clients (opposite of Toastman's scenario), one way to make the QOS fit the new (and relevant) task is to get the job done on 5 rules. If those are efficient and generic, then they're maintenance-free, won't get out of date, won't burden the cpu or developers.

    For torrents, steam, microsoft bandwidth theft, tor and typical iot retry-runaway, there's a different tool for the job:
    iptables -I INPUT -s 192.168.1.0/24 -m connlimit --connlimit-mask 32 --connlimit-above 260 -j REJECT
    With that protection, a wee little old mips router could support 14 clients torrenting full speed simultaneously.
    *Although slightly less transparent at lower figures, the connlimit can be lowered to 50 for supporting up to 6 dozen clients. If using a short connlimit, you'd also need short timeouts, such as 5 minutes for tcp, 45 seconds for udp.

    Meanwhile, back to QOS...
    A major factor is that all qos rules are slowdown rules, so adding enough rules to please everyone, has the most unfortunate consequences--slow down everything. That not how to use a mips cpu.

    The proposal is to have, off, auto, manual, as radio buttons. So, this doesn't mean losing the old qos. What it means is loading presets from a file rather than storing in nvram. And, for the first time, you have an auto QOS available that works by timing, not bandwidth overhead. But, the simple radio buttons are the real magic. The loading of presets prevents/reduces the error of somebody else demanding another default rule that slows down your different usage scenario.

    Also, for ending QOS rule debates/disasters, it may be necessary to outright replace the out-of-date qos with a modern version, like gargoyle's recently published auto-qos module, which features a hi-low ruleset and made for mips efficiency.

    Well, that modern system uses FQ_Codel. And we don't have that for mips. We do have vegas. After a couple of weeks effort, I was able to estimate how to do 5 rules + connlimit + vegas, And have transmissions in the correct order. For example, scroll a web page jam packed with photos, and there's no gaps while some at the top wait to come in. The same action applies for voip and games. So, that meets expectations on what QOS should do. The current defaults don't have that performance.
     
    Last edited: Feb 2, 2019
  12. danielhaden

    danielhaden Network Guru Member

    Thanks. And, I need your help. Just this: Could you publish the rules that you're using?
     
  13. the_tourist

    the_tourist Network Newbie Member

    TCP/UDP, DST port 1-65535, Transferred 0-1kb, class1, Fastlittle
    any, MAC adress (VOIP interface), class2, Launch
    TCP/UDP, DST port 1-5070, Transferred 0-64kb, class2, Launch
    TCP/UDP, DST port 1-65535, Transferred 0-512kb, class3, Medio
    TCP/UDP, DST port 1-65535, Transferred 0-1024kb, class4, Large
    TCP/UDP, DST port 1-65535, Transferred 1024kb+ class5, Stream

    1, 15%, 100%
    2, 5%, 100%
    3, 5%, 100%
    4, 5%, 100%
    5, 5%, 95% Set as Default

    (same for both outbound and inbound)
     
  14. Sean B.

    Sean B. Network Guru Member

    Shouldn't that be " iptables -I FORWARD -s 192.168.1.0/24 -m connlimit --connlimit-mask 32 --connlimit-above 260 -j REJECT " ?
     
  15. danielhaden

    danielhaden Network Guru Member

    Possibly. I tried to write it compatible with gargoyle, dd-wrt and tomato. I also added the mask because of concerns for it to work 'per client' which, I thought was the default behavior anyway. Iptables -I adds a copy per each wan ip refresh if a firewall script, so that one is actually a startup script. And, it does not prevent adding to the connection count but rather prevents connection abuse by having the excess connections simply not work. This makes the client back off until the timeouts clean up the overdo. It could use separate commands for tcp and udp, since those timeout minimums are much different.
     
  16. Sean B.

    Sean B. Network Guru Member

    The INPUT chain is for packets destined for the router itself, the FORWARD chain is for packets arriving on one interface and going out another. The rule you stated using the INPUT chain would only work if the LAN clients are connecting to the router itself as the destination torrent server/client.
     
    danielhaden likes this.
  17. danielhaden

    danielhaden Network Guru Member

    Thanks!!! That explains the functionality being somewhat different than how I'd expected it to work. Although it did seem to work, it didn't totally prevent rising connection count. Instead of prevention, the connection overdo just didn't last very long. Indeed, if I put a very low connlimit and opened several tabs in the browser, the browser would quit working until tcp timeout period elapsed.

    When I get around to testing again, I'll try it with FORWARD to see if it is more effective at preventing the router connection count from rising.
     
    Last edited: Feb 2, 2019
  18. gyngy1

    gyngy1 Network Newbie Member

    Thankx for summary.
    Is there easier way how to enter this settings then clicking in GUI? Maybe edit some settings file ?
     
  19. the_tourist

    the_tourist Network Newbie Member

    Maybe but I'm really not an expert... I just entered the rules (made by danielhaden, slightly adapted) into the graphical interface, it's not very difficult or very long.
     
    danielhaden likes this.
  20. danielhaden

    danielhaden Network Guru Member

    Thanks!
    For that fastlittle rule, you might want to end the port range with the last known control ports. I think that could be 5070. Beyond that are bulk data ports, which probably shouldn't catch a ride on class 1.
    And, on classes 4 and 5, having higher minimums could also increase bandwidth overhead by the same sum (while you're testing for that A+). That would totally make sense if you're using FQ_Codel (QOS is all about timing, so controlling it via bandwidth percentage is indirect). So, rather than lower the global bandwidth, you have the option of lowering the maximums for classes 4 and 5. Tomato has that nifty option of making the lower classes 'pay for' using QOS rather than reducing the global bandwidth.
    So, there's just a few things to try.
     
  21. the_tourist

    the_tourist Network Newbie Member

    Thank you, I will try these modifications and test the impact on the Bufferbloat.

    As I wrote, I don't use Freshtomato on this router, but rather [Fork] Asuswrt-Merlin 374.43 LTS releases (V37EA) from john9527.
    I'm not sure, but I don't think it implements FQ_Codel in the case of an RT-N66U, but I may be wrong, I'm anything but an expert....
     
  22. txnative

    txnative Addicted to LI Member

    You all should start a new discussion thread as this is off topic for freshtomato-mips.
     
    pharma, kille72 and Techie007 like this.
  23. danielhaden

    danielhaden Network Guru Member

    Dire need of a competitive QOS for freshtomato-mips?
    As in not defaulting to 50 somewhat outdated rules on a wee old mips cpu?
    An efficient update seems necessary.
     
  24. the_tourist

    the_tourist Network Newbie Member

    You're right, but my intention was not to discuss another firmware here at all. I just wanted to confirm to danielhaden that his proposal of "vastly simplified QOS only 5 rules" had worked well with my router (and its firmware which is not so far from Tomato).

    But I agree this discussion is over.
     
  25. ksuuklan

    ksuuklan Serious Server Member

    Did You get stable version? As I have also WHR-HP-G54 running tomato-K26-1.28.RT-MIPSR1-128-MiniIPv6, shall I upgrade it to freshtomato-K26_RT-MIPSR1-2018.5-MiniIPv6 or not?
     
  26. rs232

    rs232 Network Guru Member

    I'd say nowadays FreshTomato is the most updated version. Go for it.
     
  27. ksuuklan

    ksuuklan Serious Server Member

    Ok, did so, I hope that bandwidth limiter is working (it was broke on newer tomato versions). Noticed, that only 2 dns servers are available, wireless client filter behavior is changed and is very strange, mtu and bandwidth limits were also changed after upgrade.
     
  28. sszpila

    sszpila Networkin' Nut Member

    You must clear nvram and configure router from scratch. There are major changes between tomato v128 and multiwan on which freshtomato base.

    Wysłane z mojego Redmi 4X przy użyciu Tapatalka
     
  29. ksuuklan

    ksuuklan Serious Server Member

    I'm too lazy for that, so I just walked true every menu and and changed back some settings and that's it, so far all OK :).
     
  30. digixmax

    digixmax LI Guru Member

    FWIW I have 2019.1 MiniIPv6 running on my WHR-HP-G54 as well as on my WNR3500L-v1, it seems fine.
     
  31. ksuuklan

    ksuuklan Serious Server Member

    Ok, but isn't this beta?
     
  32. aehimself

    aehimself New Member Member

    I just realized that after flashing the non-beta 2018.5 mini on my WRT54GL, port 4 failed over to 10M half duplex. Updating to the latest 2019.1.015-beta did not solve the issue. Tried swapping cables and devices around, only port 4 is affected.
    I'll try to do a full settings reset (and maybe reflashing the original firmware too) to see if it's a hardware malfunction... in the mean time, are there any logs which I can check on Tomato to get closer to the root of the problem?
     
  33. digixmax

    digixmax LI Guru Member

    Yes, it is still beta, I am doing my share of being a guinea pig. -)
     
  34. Bad_Dog

    Bad_Dog Connected Client Member

    I just upgraded my Asus RTN16 from 2018.4 to 2019-01-015 beta.

    Using Firefox in privacy mode, as to not worry about caching problems like I experienced before, and the upgrade was successful.

    One thing is, the time is not updating. I have auto update enabled, and set to US (also tried North America), and set to trigger on save. Multiple reboots and saves is not updating the time.

    The log shows nothing, and I have logging set to no maximum per minute (value is 0).

    This router is for my Guest network. The primary router is an ASUS AC3200 running 2018.4, and this upgrade on my RTN16 was my test upgrade. The AC3200 has no issues with time updating, so it's not a connectivity issue, at least that I can tell.

    Any suggestions?
     
  35. digixmax

    digixmax LI Guru Member

    You might find potentially helpful pointers in this thread: https://www.linksysinfo.org/index.php?threads/wireless-ethernet-bridge-no-current-time.74428/.
     
  36. Bad_Dog

    Bad_Dog Connected Client Member

    Thanks for that. After I upgraded I noticed there was no time, and my first thought was... has that always been an issue or did I just now notice it? ;-)
     
  37. aehimself

    aehimself New Member Member

    It's not a hardware fault!!!
    robocfg port 0 media auto solved the issue, now it's back to full speed again. I'm just wondering what forced one port to 10 / Half.. until some Googling I did not even know that the above command exists.
     
  38. railgrinder

    railgrinder Network Guru Member

    I'm not sure if this is the right place to submit a feature request, but would it be possible to include an export/import function in the Static DHCP/ARP section? It's one of the more time consuming things to input every time a full reset is done and thought this might be a helpful feature to have in the GUI.

    I know it's possible to do this via the nvram export/import command but it's bugged me that there hasn't been a gui implementation since the original tomato project.
     
    WaJoWi, snowman58 and digixmax like this.
  39. digixmax

    digixmax LI Guru Member

    I second this feature request -- it would be great to be able to export/import Static DHCP data to/from data file in csv format.
     
    Last edited: Feb 6, 2019
    Elfew and WaJoWi like this.
  40. Wolfgan

    Wolfgan Networkin' Nut Member

    Last edited: Feb 6, 2019
    Señor Nimda and snowman58 like this.
  41. WaJoWi

    WaJoWi Serious Server Member

    +1
     
  42. RBoy1

    RBoy1 Serious Server Member

    What exactly was the issue in this configuration? I just updated to the Jan BETA build on my WNR3500LV2 (primarily to get support for SMB2) and I'm using this Wireless Ethernet Bridge, what should I expect to see as the issue here?
     
  43. Magister

    Magister LI Guru Member

    From what I saw, the problem was that on the router itself, the DNS wasn't registered, the only problem I know was that the NTP client couldn't reach the servers list and the time on the router was 1/1/1970.
     
    RBoy1 likes this.
  44. digixmax

    digixmax LI Guru Member

    Without Default Gateway and Static DNS settings taking effect, the Wireless Ethernet Bridge (WEB) itself (not the client devices that use the WEB router) cannot reach Internet and cannot resolve Internet host names. The one consequence observed is the WEB current-time setting which depends on resolving NTP host-names and reaching NTP servers does not work. I cannot think of any other feature one might use on a WEB router that would be similarly affected. FWIW the work-around fix is posted at https://www.linksysinfo.org/index.p...net-bridge-no-current-time.74428/#post-302295.
     
    RBoy1 likes this.
  45. RBoy1

    RBoy1 Serious Server Member

    Thank you all, yes I can confirm that's the side effect on the NTP
    > Time Not Available

    Would this impact the Samba Server running on the router or any other services (OpenVPN etc?)

    Is there a patch submitted for this?
     
  46. Magister

    Magister LI Guru Member

    It is fixed in Jan BETA build, I have it on my E3000 and NTP is working
     
  47. digixmax

    digixmax LI Guru Member

    I am 2019.1 beta on my WNR3500L-v1, the "current time not available" problem still there without the workaround I posted.
     
  48. RBoy1

    RBoy1 Serious Server Member

    I have the Jan BETA build and I'm seeing this in the summary page:
    > Time Not Available

    I don't think it's working in Wireless Ethernet Bridging Mode. I've set a static IP address, gateway and using Cloudflare DNS (1.1.1.1), rebooted and still no time. Plus I don't see this fix in the change log.
     
  49. rs232

    rs232 Network Guru Member

    Read this: https://www.linksysinfo.org/index.php?threads/fork-freshtomato-mips.74145/page-6#post-300299
    solution until fixed: put this into Scripts/INIT and reboot
    Code:
    echo nameserver `nvram get wan_dns` > /tmp/etc/resolv.conf
    btw i thought that code was already implemented in the latest best. Perhaps not....
     
  50. Magister

    Magister LI Guru Member

    On the wireless ethernet bridge, try to put 192.168.1.1 so it will take the DNS from your main router
     
  51. RBoy1

    RBoy1 Serious Server Member

    Unfortunately this did not work. When I telneted into the router after boot up, cat /temp/etc/resolv.conf file did not exist (as in the destination link doesn't exist). Is INIT the right place to put this? nvram doesn't seem to work in INIT, where doing a static cat instead does work (from the patch above), but I see what you're trying to do and it's better way.

    Also does one need to add the default Gateway Routing patch reported by @digixmax in the Advanced -> Routing tab:

    Code:
    0.0.0.0 192.168.1.1 0.0.0.0 0 LAN
    I tried this but that didn't work either. Also on the Basic config page, under Static DNS it asks for IP : port, is the port required?

    The only thing that worked so far was the patch reported by @digixmax here: https://www.linksysinfo.org/index.p...net-bridge-no-current-time.74428/#post-302295
     
  52. pedro311

    pedro311 Addicted to LI Member

    Techie007 and kille72 like this.
  53. RBoy1

    RBoy1 Serious Server Member


    I can confirm it's working with that patch + the default gw
     
  54. RBoy1

    RBoy1 Serious Server Member

    Apparently ntpc does exist and works. I telneted into the router and ran the command and this is the output
    Code:
    root@OfficeBridge:/tmp/home/root# service ntpc stop
    ..........
    Done.
    root@OfficeBridge:/tmp/home/root# service ntpc start
    ..........
    Done.
    
    And after it ran the time showed up on the overview page:
    > Time Fri, 08 Feb 2019 12:37:00 -0500
     
  55. RBoy1

    RBoy1 Serious Server Member

    Okay taking from @rs232 and @digixmax, this is the patch that gets the default gateway, DNS and NTP working without hardcoding any numbers so that it takes the settings defined in the web GUI and then get it up and running when the router boots up.

    Placing this code in the Administration -> Scripts -> FIREWALL
    Code:
    echo nameserver `nvram get wan_dns` > /tmp/etc/resolv.conf
    route add default gw `nvram get lan_gateway` br0
    service ntpc stop
    service ntpc start
    
    Reboot the router and it picks up your DNS/Gateway settings and applies them as well as gets NTP going. Again is a workaround when the router in Wireless Bridge mode to get the DNS/Gateway setup correctly.

    @pedro311 @kille72 is there a firmware patch that can be put to make the user DNS and GW settings stick on boot up when the router is in Wireless Bridge mode?

    Thanks
     
  56. pedro311

    pedro311 Addicted to LI Member

    And what about Wireless Client mode?
     
  57. RBoy1

    RBoy1 Serious Server Member

    EDIT: I can't select "Wireless Client" mode, it's greyed out on the WNR3500LV2

    However there is another bug I've found in the Wireless Ethernet Bridge mode that I would like to report.
    When setting up the router after a reset, if one selects the "Wireless Ethernet Bridge Mode" directly, it doesn't disable the WAN port and DHCP on the WAN and the router keeps trying to get the WAN DHCP address which also results in connection/performance isssues. This is what I see on the overview page under the WAN section:

    If I first select Access Point, manually disable the WAN port and all the WAN related settings. Tap Save, then go back and change to the Wireless Ethernet Bridge mode and Save. After a reboot now the WAN section disappears and it stops trying to get a DHCP address for the WAN, the connections is stable and WiFi data rates are 50% higher now.

    I've replicated this issue above multiple times consistently with the same results. Why doesn't the router disable the WAN ports and WAN DHCP when one selects "Wireless Ethernet Bridge" after a fresh reset? I'm guessing it doesn't save the nvram variables correctly when this done via the GUI, do you think that's about right?
     
  58. digixmax

    digixmax LI Guru Member

    The build I am using on my WNR3500L WEB is 2019.1.015 MIPSR2-beta K26 MiniIPv6, unless the build id showed on my WEB router's About page (see the attached screencap) is somehow mislabeled.

    If I remove the two lines
    in my Init script, the WEB would not be able to display the current time.

    Also, if I replace "/etc/resolv.dnsmasq" with "/etc/resolv.conf" in
    the script would also fail to produce the desired result.
     

    Attached Files:

    Last edited: Feb 9, 2019
  59. digixmax

    digixmax LI Guru Member

    The behavior you are looking for works for me in my WEB configuration setups on my WNR3500L-v1 and RT-N16's -- whenever I selects WEB mode the WAN settings section disappears.
     
  60. OnkelM

    OnkelM New Member Member

    Is it possible to add a issues site to the bitbucket account of freshtomato-mips like the arm fork already have?
    I wanted to file a bug/report that firewall/iptables are broken if using a class a netmask 10.0.0.0/8

    (since I cannot post a url right now please lookup bitbucket > kille72 > freshtomato-arm for the posted issue -> rt-n66u-no-iptables-with-class-a-netmask )

    FreshTomato Firmware 2018.5 MIPSR2 K26 USB AIO-64K
    Linux kernel 2.6.22.19 and Broadcom Wireless Driver 5.110.27.20012

    —————————
    Also would like to do a feature request/suggestion as in the current webif configuration port forwarding to the router itself will not work just by entering a port forwarding rule. We have to add another command e.g. in the firewall tab in the administrative webif section like: iptables -I INPUT -j ACCEPT -p tcp --dport 12345
    It would be better if this logic is built in the port forwarding webif section itself.
     
  61. rs232

    rs232 Network Guru Member

    What is it broken exactly? Where do you set this 10.x IP? Can I suggest you work on the English to explain what actually is not working? e.g. real life scenario, what you attempted, error message received, etc

    The other port forwarding issue you're reporting is a news to me and can confirm port forwarding does NOT require any additional command to allow traffic. Have you cleared the NVRAM before upgrading last time?
     
  62. OnkelM

    OnkelM New Member Member

    iptables is broken if you set your router ip to 10.0.0.1/8
    Code:
    cat /etc/iptables
    cat: can't open '/etc/iptables': No such file or directory
    
    immediatly after change of netmask to 255.255.255.0 the error is gone:
    
    cat /etc/iptables
    *mangle
    :PREROUTING ACCEPT [0:0]
    :OUTPUT ACCEPT [0:0]
    -I PREROUTING -i vlan2 -j DSCP --set-dscp 0
    -I FORWARD -p tcp --tcp-flags SYN,RST SYN -j TCPMSS --clamp-mss-to-pmtu
    COMMIT
    *nat
    :PREROUTING ACCEPT [0:0]
    :POSTROUTING ACCEPT [0:0]
    :OUTPUT ACCEPT [0:0]
    :WANPREROUTING - [0:0]
    -A PREROUTING -d 188.193.189.168 -j WANPREROUTING
    -A PREROUTING -i vlan2 -d 10.0.0.1/255.255.255.0 -j DROP
    -A WANPREROUTING -p icmp -j DNAT --to-destination 10.0.0.1
    -A POSTROUTING  -o vlan2 -j MASQUERADE
    -A POSTROUTING -o vlan2 -d 192.168.100.1 -j MASQUERADE
    -A POSTROUTING -o br0 -s 10.0.0.1/255.255.255.0 -d 10.0.0.1/255.255.255.0 -j SNAT --to-source 10.0.0.1
    COMMIT
    *filter
    :INPUT DROP [0:0]
    :OUTPUT ACCEPT [0:0]
    -A INPUT -m state --state INVALID -j DROP
    -A INPUT -m state --state RELATED,ESTABLISHED -j ACCEPT
    -N shlimit
    -A shlimit -m recent --set --name shlimit
    -A shlimit -m recent --update --hitcount 4 --seconds 180 --name shlimit -j DROP
    -A INPUT -p tcp --dport 10 -m state --state NEW -j shlimit
    -A INPUT -p tcp --dport 23 -m state --state NEW -j shlimit
    -A INPUT -i lo -j ACCEPT
    -A INPUT -i br0 -j ACCEPT
    -A INPUT -p tcp  --dport 10 -j ACCEPT
    :FORWARD DROP [0:0]
    -A FORWARD -m account --aaddr 10.0.0.0/255.255.255.0 --aname lan
    -A FORWARD -i br0 -o br0 -j ACCEPT
    -A FORWARD -m state --state INVALID -j DROP
    :wanin - [0:0]
    :wanout - [0:0]
    -A FORWARD -m state --state RELATED,ESTABLISHED -j ACCEPT
    -A FORWARD -i vlan2 -j wanin
    -A FORWARD -o vlan2 -j wanout
    -A FORWARD -i br0 -j ACCEPT
    COMMIT
    
    as for the port forwarding, I did not say it is generally not working. But it does not work as one would expect if you would like to open a port at the router itself (localhost). (for example asterisk or owncloud or other application running directly on the main router)
     
  63. Radojevic

    Radojevic Network Newbie Member

    @pedro311 @kille72

    Feature request...

    Add autonegotiation feature to wireless 'Channel Width'.
    Also, if autonegotiation becomes a 'Channel Width' feature, would it negotiate the channel width per client connection, or globally set it to the lowest common denominator?
     
  64. danielhaden

    danielhaden Network Guru Member

    You've got it.
    dhcp-host=A0:A1:A0:C0:C1:9D, id:*, MY_DESKTOP, 192.168.1.200, infinite
    Entries of that style can go in the dnsmasq options box (drag corner to expand for edits). It is easy to back them up via text editor or spreadsheet.

    Tip: Put High priority devices grouped into a range other than auto-dhcp so that you can use ONE QOS rule (ip range) inserted just before anything less than 100%. By assigning static DHCP addresses outside the auto range, but in your 'bypass' rule range, you've automagically, assigned priority too. One bit of work gets two jobs done.
     
    Last edited: Feb 20, 2019
    ghoffman likes this.
  65. rs232

    rs232 Network Guru Member

    10.x IP: Anything in the log after you set the IP? Can you make more test with longer/shorter netmasks? Any other test/input that might help the troubleshooting?

    Portforwarding: this is not what port forwarding does. So what you are trying to do has no involvement in tomato port forwarding. what you're doing is opening a port on the router (INPUT chain) so the firewall script approach is correct (unless you use a service that opens the port for you like OpenVPN would do for example.)
     
  66. afeng11

    afeng11 Network Newbie Member

    flashed the latest firmware on netgear wndr4500 v1,everything was ok but the leds on WAN and LAN were turned off?how to sovle this problem?thank you!
     
  67. kernel-panic69

    kernel-panic69 Connected Client Member

  68. minos

    minos Networkin' Nut Member

    Exact! It can save hours to config by hand everything in the GUI's fresh firmware... :)

    Or it can a cool to use always the same config variables in the previous .cfg file to import used to restore our config.
     
  69. asadou

    asadou LI Guru Member

    Hi Pedro. I've been using shibby's tomato in my e2500 for a couple of years now and got excited with this fork as shibby's received no more updates. Unfortunately I didn't see the nvram issue before and now I can't configure the VPN because there's not enough nvram for the keys. Would it be possible to get a VPN version for the 2500 that disables the 5GHz radio and so can provide access to the full 60k of nvram? I need the VPN more than the 5GHz radio!

    Thank you very much.
     
    Señor Nimda likes this.
  70. dufoq3

    dufoq3 Addicted to LI Member

    Hello, I used shibby tomato for many years. Today I've flashed "freshtomato-K26USB_RT-N5x-MIPSR2-2018.5-AIO-64K.trx" to my ASUS RT-N66U and set it up manully. Everything seems fine but if I use HTTPS instead of HTTP I'm not able to see DEVICE LIST and also IP TRAFFIC - TRANSFER RATES and also have problems to edit WIFI settings. But only if I use HTTPS. With HTTP without problems.

    EDIT: 21/02: Everything seems to be fine now. Maybe after another reboot...
     

    Attached Files:

    Last edited: Feb 21, 2019
  71. danielhaden

    danielhaden Network Guru Member

    Upload efficiency mystery:
    https://testmy.net/upload test
    FreshTomato-mips, score is 2.6
    Gargoyle 1.11 dir835, score is 2.7
    DD-WRT 33525K3-arm, score is 2.8
    DD-WRT 33525K3-mips, score is 3.0

    What causes the 15% performance difference or shortfall?
     
  72. txnative

    txnative Addicted to LI Member

    A few things come to mind, but I wouldn't necessarily put it on your hardware/ firmware or the open source projects in question, could be the time of day the amount of users testing causing test servers overloaded, how isp routes your connection, hardware issues out somewhere, isp utilization problems comes to mind, if you posted a comparison with other speedtest.net and dslreports then you could compare but there are factors involved that can't be ruled out at the same time that can cause a drop or increase in your network traffic, but as long as your router is more than capable in handling the bandwidth your isp provides you, and the factors involved that can cause your findings as upload efficiency mystery then your overlooking and not counting the other factors. For me those have to do with my ISP not my router or which open source project i have on them.
     
  73. xkpx64

    xkpx64 New Member Member

    I Have Linksys E1200 v1 Router.
    And i just downloaded freshtomato-E1200v1-NVRAM64K_RT-N5x-MIPSR2-2019.1.015-beta-Mini.bin

    I tried to flash my firmware but arround 16% of the flashing i get error (Failed to Upgrade).

    Why this is happening to me :(

    The Firmware that i use is default ->
    Ver. 1.0.04 (build 1)
    Latest Date: 03/26/2014

    I tried from GUI 192.168.1.1 but i can't flash it.
    I tried hardreset from Maintance mode and still dont work :(

    What can i do.
     
    Last edited: Feb 21, 2019
  74. txnative

    txnative Addicted to LI Member

    Have you tried a static ip address? Cleared your browser cache to rule out some cache being full on the browser? tried a different browser? Connect to a lan port, not wireless and don't use the wan port.
     
  75. xkpx64

    xkpx64 New Member Member

    Finaly i did it, my router was having secret page for maintance mode ( clicking reset button few times and the page started) from there i was able to click on the firmware i want and now i have it successfuly updated !!

    I'am so glad to use it.


    Name TomatoUSB
    Model Linksys E1200 v1.0
    Chipset Broadcom BCM5357 chip rev 2 pkg 8
    CPU Frequency 300MHz
    Flash Size 4MB

    Time Not Available
    Uptime 0 days, 00:12:37
    CPU Load (1 / 5 / 15 mins) 0.04 / 0.05 / 0.04
    Total / Free Memory 28.39 MB / 19.61 MB (69.08%)
    Total / Free NVRAM 64.00 KB / 44.91 KB (70.17%)
     
  76. darkfader

    darkfader Networkin' Nut Member

    Running 2019.1.015 MIPSR2-beta K26 USB Nocat-MiniVPN on my E3000 for a while now and I'm getting "Wi-Fi dropouts" every few days or after several minutes (after starting a download?) using this version (previous version worked fine). Signal is there (both 2.4 and 5 GHz) but no response from AP; (trying by pinging fe02::1). Powering off/on helps ;P
    Edit: Oh, just now the router stopped responding to pings etc. but still can ping google via IPv4, but not IPv6 (6in4) anymore.
     
    Last edited: Feb 21, 2019
  77. txnative

    txnative Addicted to LI Member

    If you still have a previous build just revert back to the stable build you were using before you updated, as this information is helpful you have experienced. Did you clear the nvram before you installed the beta build in question? Did you use a any configs from previous setup?
     
  78. danielhaden

    danielhaden Network Guru Member

    The 15% gap happens only on testmy, but it is repeatable at any time. For some reason, FreshTomato does testmy.net upload test much more slowly. During testing, I set the WAN mac of the test routers all the same, so I wouldn't have to reset the cable modem in-between. And, I tested a considerable number of times.
    However, without a friend at a different locale, to give my test server a workout (swap routers, repeat), it is only a theory that testmy.net's upload test has relevance.
    I also have a new ARM router sitting around unplugged, because it tested out lower than line rate. So, the difference is code, not hardware.
     
  79. txnative

    txnative Addicted to LI Member

    I'm sure you've done your tests as you have stated, but I just don't agree as my findings are not the same and that's fine if you like to point it out, but claims of discrepancies in how some open source projects may or may not perform properly on these devices, without using other means of testing or different sites it wouldn't make sense to just say using one site tells all, when there are other sites and means to include as well to make valid point that tomato has a 15% gap between other projects and a continued discussion would need it's own thread on a subject like this so maybe other users can show, explain, tell their everyday findings as well.
     
  80. txnative

    txnative Addicted to LI Member

    I installed the 2019.1-015 k26 RT F7D4302 MINI.bin and noticed that it shows USB-NAS as it's not suppose to have the that feature and in the Advanced-wireless it doesn't have the wlan auto with noise reduction as a selection in the wireless mitigation. I also installed the K26 RT-MIPSR2 2019.1.015 beta MAX for my belkin as well, it shows the same as findings as with the MINI.bin. I don'd know if this is what your intention was to do, just letting you know.
     
  81. danielhaden

    danielhaden Network Guru Member

    Real use does not demonstrate the 15% overhead. Finally, I did manage to check with my home server upload, and that showed FreshTomato at full line rate. And, I also checked with my development web server upload, which showed that there is no lag on small files.

    I haven't managed to test in real life, in the same way as the testmy.net upload test, small to large files, in progressively larger order. Because, there's no real-life use for that. I guess that a web page with a lot of different size photos, exactly ordered from small to large, might do it? And, that test is unrealistic. Probably, that was the problem after all.

    Also, there was a serious flaw in my comparisons. I didn't have modprobe bcm_nat startup script in the Tomato router, but the DD routers had SFE turned on by default. So, comparing that way doesn't make sense.

    P.S. No significant difference in download speeds. Upload speed showed variance in artificial conditions; but, which the item tested is in question, since it could have been the PC, not the router.
     
    Last edited: Feb 24, 2019
  82. Feliciano

    Feliciano Connected Client Member

    What about a http get script of several known-size files on a web server (maybe a public one)? I use that cron method to estimate my current WAN speed, both on dd-wrt and tomato.
     
    danielhaden likes this.
  83. danielhaden

    danielhaden Network Guru Member

    Good idea. This shows Tomato doing 3% faster download (like the difference between 36 vs 37; and, although not astonishing, being on the plus side is pleasant). That advantage can even be maintained while processing up to 6 QOS rules (that link +1 device or ip-range). Excellent results!

    As far as upload testing goes, just do your download test scenario backwards.
     
    Last edited: Feb 25, 2019
  84. xkpx64

    xkpx64 New Member Member

    I got a question about the IPTV.
    My Internet provider use fiber cable to deliver my internet and Television. For some time i used router that they give me but then i switch to mine.

    The problem is that i must use network switch before my router to split one cable for the TVbox to have tv.
    If i put the cable for tv right into the router there is no TV.

    Is it possible somehow to manage that and remove the switch to save some space and cable managment.

    Attached picture bellow some some info ( i dont draw good :( )
     

    Attached Files:

  85. Mikael Bak

    Mikael Bak Network Newbie Member

    In theory: Yes, it's possible.
    You need to know what VLANs your provider is using for internet and TV and possibly other things. When you know that you can (again in theory) configure your router to handle those VLANs instead of the switch.

    If you are not a network guru I doubt you will be able to do this. If you are, then happy hacking! :)
     
  86. xkpx64

    xkpx64 New Member Member

    I have the old router that they give me but, i stop using it becouse they can access it any time, and i dont want that. So i removed it and put switch(for tv, becouse otherwise not working) and router for Wifi/Lan.

    Can you point me in some directions. The old router was having wan1 for Ethernet and Wan2(Bridged) for IPTV
     
  87. danielhaden

    danielhaden Network Guru Member

    Isn't there a... don't filter multicast + igmp snoop on... configuration option?
     
  88. Radojevic

    Radojevic Network Newbie Member

    I'm looking forward to the technical solution to this issue, but want to point out the following:
    1. You should be able to change the ISP router's password, so the ISP can't access it.
    2. Your ISP can see all the network data coming to, and from your network, so what difference does it make if they can access the ISP router?
     
  89. txnative

    txnative Addicted to LI Member

    Not many users have been successful trying to get iptv to work properly unless the router has built in capabilities for iptv usage. You could try this. if this doesn't help then I suggest looking to dslreports.com and do a search on your isp name and how to setup iptv using dslreports forum to see if someone has done a fix or answer.
    Edited: This the link that the image is from, https://blog.ostermiller.org/tomato-iptv-for-tds
     

    Attached Files:

  90. xkpx64

    xkpx64 New Member Member

    @txnative i check dslreports but no vivacom was found i may ask the forums later.
    Here (https://www.linksysinfo.org/index.p...able-bandwidth-due-to-iptv-with-shibby.68756/ ) another person have the same problem as i have, and the solution is simple swich between the modem and router for iptv :( i guess i keep searching until i find the solution.

    The older router that ISP provide me was ZTE ZXHN H188N and i guess isn't that special from E1200 v1 Linksys.
    Just a few tweaks and thats it i hope :(

    There are some pics from my old router bellow. They used some custom firmware and its a mess. I try tomorow and post back with feedback of new config for E1200v1 IPTV.
     

    Attached Files:

    Last edited: Feb 26, 2019
  91. txnative

    txnative Addicted to LI Member

    I image most people just settle for what works and don't mind the isp handling the device. The first post has a diagram is that how you are situated with your network scheme? Name of devices that you are using are the E1200v1 and edited: vivacom box, zte zxhn h188n as you had mentioned?

    Edited: After looking at your network, it looks as though the you could just remove the 5 port switch and place the linksys router in it's place, configure the router into a WAP(wireless access point)have you done this?
     
    Last edited: Feb 27, 2019
  92. Kustaa

    Kustaa New Member Member

    Hi, I have an E900 and I used it with Toastman without any problem, I decided to update to FreshTomato 2019.1 (it is supposed to be stable) and when I start to configure my router manually I notice this bug.
    Captura1.PNG Captura2.PNG Captura3.PNG

    I made a hard reset 30/30/30 and it still does not work, there is some way to fix it
     
    Last edited: Feb 27, 2019
  93. Kustaa

    Kustaa New Member Member

    I flashed Fresh Tomato from Firmware Stock and doing a hard reset 30/30/30 remains the same
     

    Attached Files:

  94. kille72

    kille72 LI Guru Member

    A new version of FreshTomato for ARM and MIPS routers has been released.

    More information in the first post.

    Best regards,
    FreshTomato team, @kille72 & @pedro311

    Thanks to @M_ars and all others who helped us with this project!
     
    Techie007 and Elfew like this.
  95. txnative

    txnative Addicted to LI Member

    just a suggestion, have you tried clearing browser cache and refresh page?
     
  96. Kustaa

    Kustaa New Member Member

    I always do it, clear cache in Chrome or Firefox close and reload to page. I'm a Linux user but I tried again to flash my e900 in Windows and the same bug happens

    Am I the only one who happens to this in FreshTomato?
    In previous versions like 2018.4 or 2019.015 beta I do not have that bug
     
  97. txnative

    txnative Addicted to LI Member

    Are you using the K25RTN or K26? Personally I haven't updated to the newer images yet to establish if I see the same on the mips routers I own as well. You could always revert to one of those builds you mentioned for now as beta testing continues and feedback is important for all models supported. I ran into something similar on a post i had done last week on a build from the K26 folder.
     
  98. Khepera02

    Khepera02 Reformed Router Member

    Hi everyone,

    I have upgraded my RT-AC66U from 2019.1.015-beta to the latest release 2019.1 (MIPS, K26RT-AC). The upgrade process (with clearing the NVRAM) and the uploading of the backuped configuration was smoothly.
    But, as already described above, in the monitoring field of the Bandwidth and the IP-Traffic there is always below following message to read:

    "The cstats/rstats program is not responding or is busy. Try reloading after a few seconds."
    Because of this, the data recording is blocked and thus I'm also not able to upload the previously backuped cstats and rstats data. Resetting and reflashing the firmware are not solving the problem. The bug must be deeper inside. The beta version does not have this bug.
     
    Last edited: Feb 27, 2019
  99. pedro311

    pedro311 Addicted to LI Member

    You have a corrupted database(s).
    Just recreate it by check "Create New File (Reset Data)" in Admin -> XXX Monitoring.
    If it's still no avail, remove db by hand and restart router.
    Then, you can try to upload db from backup.
     
  100. Khepera02

    Khepera02 Reformed Router Member

    Thank's for the quick response! I have flashed back to version 2019.1. There I have recognized now, that the monitoring databases are already corrupted in the initial configuration of the firmware.

    Checking the "Create New File (Reset Data)" check-boxes doesn't solve the database problem. How can I reset the databases manually?
     
  1. This site uses cookies to help personalise content, tailor your experience and to keep you logged in if you register.
    By continuing to use this site, you are consenting to our use of cookies.
    Dismiss Notice