How do you disable the firewall in Tomato??

Discussion in 'Tomato Firmware' started by though, Sep 15, 2010.

  1. though

    though Network Guru Member

    I looked everywhere and can't see where to disable the firewall. I'm trying to access another AP on the network which is on another subnet and I believe the firewall is blocking me from doing so :(
  2. RonWessels

    RonWessels Network Guru Member

    Under Advanced->Routing, change the Mode from Gateway to Router.

    That changes the router from a NAT gateway to a packet forwarder. Of course, in order to reach the LAN network of the router, the outside network will need to have the routing tables set correctly to send packets via the router. Fortunately, there's RIP support to perform that automatically.
  3. Azuse

    Azuse LI Guru Member

    Someone wrote a tutorial for this a couple months back, I can't fin it but that's what you need. Adding exceptions is alway better than disabling the fw imo.
  4. RonWessels

    RonWessels Network Guru Member

    Absolutely. I was assuming the OP knew what they wanted but just couldn't find the switch to do it. On the other hand, if you don't know what RIP is, or worse yet why it or the static settings equivalent are needed, this is not what you want to do.
  5. though

    though Network Guru Member

    i found the command to disable it which should take care of disabling the firewall....

    iptables -F
    iptables -F -t nat
    iptables -F -t mangle
    iptables -X
    iptables -X -t nat
    iptables -X -t mangle
    iptables -Z
    iptables -P INPUT ACCEPT
    iptables -P OUTPUT ACCEPT
    iptables -P FORWARD ACCEPT
  6. rhester72

    rhester72 Network Guru Member

    a) That will only work until the firewall service is restarted (local LAN change, WAN IP change, reboot)

    b) It is a very, *V*E*R*Y* bad idea. The firewall, by default, will NOT block access to ANY service _inside_ your network. Naturally, if you are trying to reach a device on another subnet, you'll need to have a static route defined for it unless the port is bridged into br0. Long story short, instead of figuring you need to disable the firewall (NEVER, EVER DO THIS!!!), why not tell us _exactly_ what you're trying to achieve (including, at minimum, physical topology - i.e. what is plugged in where? - and IP addresses/gateways) and see if we can help you fix it properly before you get p0wned by a script kiddie over the 'net?

  7. though

    though Network Guru Member

    pretty simple. my main AP in WDS mode has a subnet of 192.168.1.x

    i have 2 other routers connected as a wireless client set to 192.168.2.x and 192.168.3.x

    attached is a pic of the routing table i plugged in. i still can't access the tomato interface on the other subnets.

    i want to be able to access any of the 4 routers (all tomato) from any computer on the network.

    Attached Files:

  8. RonWessels

    RonWessels Network Guru Member

    Why do you have the other routers configured as wireless clients and not WET or WDS mode to keep everything on the same subnet?

    If all you want to access is the routers themselves, simply enable the remote access under Administration for the various access methods you want. You'll have to access them differently depending on whether you are on "their" subnet (in which case you use their LAN address) or whether you are on another subnet (in which case you use their WAN address). You'll probably want to use a fixed IP address for the WAN side rather than allocating it by DHCP. Of course, all of this speak only to your internal routers and not your Internet gateway router.
  9. though

    though Network Guru Member

    the reason i don't use 'bridge' mode is because speeds are significantly faster with 'client' mode. i actually tried enabling remote access but it wouldn't work. i'll try it again though and report back...
  10. d2globalinc

    d2globalinc Addicted to LI Member

    Doesn't matter in this case where the router is being used as a gateway between local subnets on his own personal lan.. it doesn't touch the internet directly - since he uses another router/firewall before it..

    Kinda like having windows firewall turned on behind tomato on your PC.. :S

    - D2G
  1. This site uses cookies to help personalise content, tailor your experience and to keep you logged in if you register.
    By continuing to use this site, you are consenting to our use of cookies.
    Dismiss Notice