Half-bridge mode and Tomato

Discussion in 'Tomato Firmware' started by trezno, Jun 13, 2012.

  1. trezno

    trezno LI Guru Member

    Hi all

    A long time ago (back in 2008!) mstombs helped me setup my network. I used to have a Zyxel P660R-D1, running PPPoA in half-bridge mode, connected to a WRT54GL running tomato firmware. I had to the following script in the firewall tab, due to the ARP table being filled up (because each new connection apparently is getting a mac-address):
    route add -host $GW dev $IF
    route add default gw $GW

    The good old WRT54GL then crashed and I bought a Asus RT-N16 and I have installed Tomato on this, and want to set it up as the WRT54GL.
    However, when I do as I used to to for the WRT54GL I do not have access to the internet (in the script I changed vlan1 to vlan2 for the RT-N16).

    The routing table in the RT-N16 matches to routing table in WRT54GL (with the exception that wan is on vlan2 instead of vlan1), so I would assume it should be working.

    Does anyone else have this setup, or can help me in the right direction?

    Tomato version: tomato-K26USB-1.28.7498.1MIPSR2-Toastman-RT-VPN
  2. trezno

    trezno LI Guru Member

    Currently my routing table looks like this if it helps:

    Destination    Gateway / Next Hop    Subnet Mask    Metric    Interface    *    0    vlan2 (WAN)
    85.81.aa.bb    *    0    vlan2 (WAN)
    85.81.aa.0    *    0    vlan2 (WAN)    *    0    br0 (LAN)    *    0    lo
    default    85.81.aa.bb    0    vlan2 (WAN)
  3. mstombs

    mstombs Network Guru Member

    Haha fix the old wrt! Maybe just the PSU brick!

    You shouldn't need the firewall script anymore- the tusb code already does something similar - so half bridge modems should just work...

    There is another issue with the RT N16 wan port a soft reboot doesn't reset the switch - do just try turning both modem and router off and on again.
  4. trezno

    trezno LI Guru Member

    Hi mstombs - great to see you're still here helping us noobs ;)

    Indeed setting the zyxel in half-bridge mode and installing tomato on rt-n16 does work without further settings! However, all external requests still get a MAC-address, cluttering the device list. I suspect when running a bittorrent client this table will eventually run out of space? Or are there no drawbacks of this, i.e. on wan-speed or other things?

    Here's part of the client list, showing both lan-clients (true clients on the network) and external "clients". I am guessing that it is not supposed to look like this?
    Interface     MAC Address          IP Address          Name    RSSI        Quality    TX/RX Rate    Lease 
    vlan2         00:02:CF:4A:AD:5E                 
    vlan2         00:02:CF:4A:AD:5D                 
    vlan2         00:02:CF:4A:AD:41    169.237.aaa.bbb                 
    vlan2         00:02:CF:4A:AD:40    172.18.aaa.bbb             
    vlan2         00:02:CF:4A:AD:56    172.20.aaa.bbb                 
    vlan2         00:02:CF:4A:AD:57    172.20.aaa.bbb                 
    vlan2         00:02:CF:4A:AD:2E    173.194.aaa.bbb                 
    vlan2         00:02:CF:4A:AD:4B    173.194.aaa.bbb                 
    vlan2         00:02:CF:4A:AD:34    176.9.aaa.bbb                 
    vlan2         00:02:CF:4A:AD:4C    176.9.aaa.bbb
    vlan2         00:02:CF:4A:AD:55                 
    br0           98:D6:BB:7C:36:F7       abc                                        0 days, 23:58:15
    eth1          58:55:CA:44:5D:64              -50 dBm    49           65 / 65
    br0           00:24:81:F7:18:D2       abd                                        0 days, 23:00:43
    eth1          C4:2C:03:D1:64:F6       abe    -51 dBm    48            - / 65     0 days, 22:47:06
    br0           00:F4:B9:72:27:6D                                                  0 days, 23:10:18
    br0           28:CF:DA:08:01:39                 
    vlan2         00:02:CF:4A:AD:38    193.169.aaa.bbb                 
    vlan2         00:02:CF:4A:AD:54    195.137.aaa.bbb                 
    vlan2         00:02:CF:4A:AD:33    208.122.aaa.bbb                 
    vlan2         00:02:CF:4A:AD:2C    212.161.aaa.bbb                 
    vlan2         00:02:CF:4A:AD:2B    213.199.aaa.bbb    
  5. mstombs

    mstombs Network Guru Member

    oops - the fix I have pushed into tomatousb (and dd-wrt) fixes the problem where the ISP gateway is not in the network defined by the WAN IP and WAN netmask (the default gateway assignment used to fail), but doesn't address your problem but breaks the script work-around.

    The variant of half-bridge that Zyxel are using is similar to D-Link "zipb", and this is both inefficient and will result in problems when the router arp table fills up "neighborhood table full". Don't know what the size currently is but could be as low as 256 entries. I remember corresponding with Greg about this many years ago...


    Looks like you should still use a firewall script, but it first needs to delete the default gateway (which is now the same as WAN IP), and replace it with the local modem IP as before

    can you try this, which should also look up the interface name, so more generic than hardcoding vlan1 or vlan2
    IF="$(nvram get wan_iface)"
    route add -host $GW dev $IF
    route del default gw $(nvram get wan_gateway)
    route add default gw $GW
  6. trezno

    trezno LI Guru Member

    I have tried this, and it results in no access to the internet.

    Routing table looks like this:
    Kernel IP routing table
    Destination    Gateway        Genmask         Flags Metric Ref    Use Iface UH    0      0        0 vlan2 UH    0      0        0 vlan2
    85.81.aaa.bbb UH    0      0        0 vlan2
    85.81.aaa.0   U     0      0        0 vlan2   U     0      0        0 br0       U    0       0        0 lo         UG    0      0        0 vlan2 
    I have also tried to remove the doublet route (, but that doesn't help...
  7. mstombs

    mstombs Network Guru Member

    Are you also using the "route modem ip" option in the Tomato gui which might also set that duplicate route, but it also nats those connections?
  8. trezno

    trezno LI Guru Member

    Yes I was. I removed the "route modem ip" and added your firewall script, and now it seems to be working.
  9. trezno

    trezno LI Guru Member

    Btw. I just tried the WRT54GL with another power adaptor and it is still working, so you guessed right!

    Hmm, what to do with spare router? Well... :)
  10. mstombs

    mstombs Network Guru Member

    If you were to dissect the failed PSU I also predict the failure is due to electrolytic capacitors failing... usually bulge and leak but can just dry out!
  1. This site uses cookies to help personalise content, tailor your experience and to keep you logged in if you register.
    By continuing to use this site, you are consenting to our use of cookies.
    Dismiss Notice