How can I access when vlan1 is down?

Discussion in 'Tomato Firmware' started by luckman212, Feb 9, 2007.

  1. luckman212

    luckman212 LI Guru Member

    with the help of this thread, I had set up these scripts under Administration so that I can access the GUI of my DSL modem which is on and plugged into eth1 even though my br0 (lan) config is 172.31.254.x:

    sleep 5
    ifconfig vlan1 netmask

    /usr/sbin/iptables -I POSTROUTING -t nat -o vlan1 -d -j MASQUERADE

    This works brilliantly as long as the PPPoE connection is UP. However if that connection goes down, then it seems like Tomato tears down the vlan1 interface and I lose access to the DSL modem --- which is sad because thats precisely the time when I really need to get access to it to see whats going on.

    Is there any way to add more to this script so that I can access the modem even when vlan1 is down? I already tried changing "vlan1" to "eth1" in the above script and it didnt work for me. I use a Buffalo WHR-G54S
  2. der_Kief

    der_Kief Super Moderator Staff Member Member

    Hi luckman212,

    i cannot confirm this ! My setup is the following
    Init script:
    sleep 5
    ip addr add dev vlan1 brd +

    Firewall script:
    iptables -I POSTROUTING -t nat -o vlan1 -d -j MASQUERADE

    Everthing works perfect even when WAN connection is down !


    After reading your post a second time i recognized that my constallation is different to yours :biggrin: So thats not really comparable but maybe anyway useful.
  3. luckman212

    luckman212 LI Guru Member

    hmm-- actually now that you mention it, it does seem to work. Weird, yesterday it wasnt working for me. Very strange!! I swear yesterday my DSL went down and I couldnt access the gui of the modem unless I unplugged it from tomato and plugged it straight into the computer. hmmm :rolleyes:
  4. paped

    paped LI Guru Member

    Thank you I have also had this problem and by using the above I can now connect to my modem even when the adsl link is down. However I have had to change one of the lines... The init script entry is as above

    sleep 5
    ip addr add dev vlan1 brd +

    However in the firewall entry I have added "/usr/sbin/" to the start of the line, this is what I had in my previous configuration and without this addition it would not work on my wrt54gl.

    /usr/sbin/iptables -I POSTROUTING -t nat -o vlan1 -d -j MASQUERADE

    I don't know why I have had to add this extra bit (possibly some sort of path issue) but thought that it's worth mentioning in case anybody else gets a similar issue.
  5. luckman212

    luckman212 LI Guru Member

    ok I have some more light to shed on this....

    I figured out why I could sometimes access the web interface of my DSL modem at and sometimes not. This is due to the following command:

    /usr/sbin/iptables -I POSTROUTING -t nat -o vlan1 -d -j MASQUERADE

    this command is normally placed under the "firewall" tab of the "scripts" menu to enable nat translation between the vlan1 and the br0 switch. Problem is, if you power cycle Tomato and your DSL PPPoE never comes up (because you are having problems) then it seems this Firewall script never runs and you lose accesss. I verified this yesterday by telnetting into the router and executing the command manually, and WHAM i was right into my DSL modem again.

    So I thought...hmm, why not move it next to the other command under the "init" tab. Which seemed to work fine, until the connection came BACK UP-- at which point I lost connectivity to the DSL modem again.

    So what shoudl I do? Put the command in BOTH tabs? will that cause problems? any advice from Jon/tofu on this? I am not sure exactly when the scripts in each of these tabs runs, some clarification on that would be helpful I guess. :cool:
