Noob question about WEB

Discussion in 'Tomato Firmware' started by kyrios, Jul 3, 2013.

  1. kyrios

    kyrios Networkin' Nut Member

    I use WEB for my house and shoot to my office since I do not want to subscribe again for internet connection (for home).
    So... for WEB, what is the best setting for NAT Loopback and NAT target?
    Currently I set NAT loopback as Disabled
    and NAT target as masquarade.

    At office, I set NAT loopback as All
    and NAT target as masquarade
  2. koitsu

    koitsu Network Guru Member

    What is "WEB"? Is it "Wireless Ethernet Bridging"?

    NAT loopback is what allows things like a client ( to be able to access when happens to be the IP address bound to, for example, the vlan2 interface on the router itself. I should note this is also a generally bad feature to have (meaning my opinion is that NAT loopback should really be set to Disabled by default, but that's just my opinion) because it results in extremely high CPU usage on the router (I can dig up old posts proving/showing this) and develops very bad habits on the part of the user. For accessing LAN IPs with an Internet-centric FQDN (e.g. wants to talk to where resolves to, there are very easy/very simple ways in dnsmasq to accomplish that.

    NAT target represents the name of the target chain to refer to (ex. MASQUERADE, SNAT, DNAT, etc.). There is no terse way to explain what this represents, you need to have understandings of how Linux does NAT before it will make sense.

    If by "WEB" you mean "Wireless Ethernet Bridging", then that has absolutely no relevancy to NAT at all -- it just allows your router, via 802.11, to bridge itself to another router, acting as a transparent bridge across wireless. The NAT layer is completely and entirely unrelated to that.
  3. Monk E. Boy

    Monk E. Boy Network Guru Member

    Yes, some more details about what you think we're supposed to know about your system configuration and your intended purposes would be helpful.

    What router do you have at home and at work? How are the two connecting to each other? What firmware are you running on the two routers? What services do you want to access and how between the two sites?

    I have to admit I am very interested to know how you're going to remotely access your workplace without an internet connection at home, which is what you appear to be suggesting. Unless WEB is some subscription-based service that's licensed per location? So you don't want to buy a second subscription for home? Seriously, I'm just guessing here because I have absolutely no idea what an acronym called WEB means. Google just laughs at me and returns "web" queries.

    Details man, we need details! ;)
  4. kyrios

    kyrios Networkin' Nut Member

    WEB = Wireless Ethernet Bridge.

    Distance between home to office about 400m (both are only 1 floor), and there are obstacles between them, mostly trees and buildings.
    Both routers are RT-N16. Both are using TP-Link 24dBi grid (TL-ANT2424B) and both use LMR-400 cables by TP-LINK.

    My neighborhood are crowded wifi. There are NO Free channel for 2.4 GHz. It means any channel will interfere with other(s). What I have learned is when I set power to max 400mW for both (RT-N16), the signal in Tomato will show severe in WEB client. Noise will be detected as bad as ~ -60 dBm (from 1-13 ch).

    The good news is after I use Sunhans SHO-3000 (Sunhans Outdoor Wifi Booster 3000mW) at the AP, the noise will go down to about -87dBm. RSSI also slightly raise from -60dBm to -56dBm. Then I can cool down my RT-N16 to 20mW (THX to Sunhans SH-O3000). Mind you, this booster is mostly illegal in any country.

    For WEB client (home), I do not attach booster. I set power of RT-N16 to 158mW (22dBm). I tried to raise to 200mW (23dBm) and also 251mW (24dBm) only gain higher noise, not gaining more RSSI.

    I supply my house with internet coz my son asked me. That's all
  5. koitsu

    koitsu Network Guru Member

    Okay, now the conversation has shifted from discussions about NAT to...... 802.11 signal levels and noise. *blink* OCD detected, considering bowing out of convo...

    400mW is an insane amount of power to be pushing on these routers, if you ask me. I wonder if that begins to anger the rest of the spectrum and could piss the FCC off. That's really high (to me -- I don't do wireless so maybe I'm overdramatising the value, I don't know). The later values you listed off, combined with using other booster products, are more tolerable. 150mW is the highest I've set mine to (at one time in the past), and tend to go for 70mW at most these days.

    What concerns me is that by the increased power you may in fact be stomping all over everyone else's use of the spectrum, creating a never-ending circular problem: wireless traffic is heavy/densely populated spectrum, so you decide to "stomp all over everyone else", then other people notice problems and go out and do the same thing, then you increase your power, rinse lather repeat until the FCC shows up and fines you all.

    You state home-to-office is on a single floor, and is about 400 metres. This is too long for a CAT5/CAT6 run (you'll start to degrade at about 300 metres (packet loss, wonky behaviour)), so you'd need to have an AC powered switch (a cheap 5-port desktop switch like the D-Link GO-SW-5GE would be fine!) somewhere along the run (e.g. router LAN port<-->CAT6 for 100 feet<-->switch<-->CAT6 for 200 feet<-->router LAN port). There are also some smaller products that are just Ethernet signal amplifiers (AC powered -- they all have to be, that's the entire nature of the issue).

    The former is what we used at my past job for a very long CAT5e cable run between two ends of the building, where the budget did not allow us to invest in fibre equipment. Everything was put up in the ceiling, properly labelled, and things tacked down where we could. The landlord approved it without a hitch.

    Otherwise as mentioned, for long runs like this, single or multi-mode fibre is what's commonly used, but that's $$$ (not just for the cables, but the equipment).

    Even PowerLine adapters wouldn't work for you -- they have a general limit between 200 and 300 metres, so you're even more limited in distance by those vs. Ethernet.

    My recommendation, honestly, would be for you to run Ethernet and use that. It's going to be more reliable, WAY faster, more secure, and is a hell of a lot easier to troubleshoot. Sure, keep both routers in place, but run Ethernet between them.

    Otherwise, if you MUST use wireless -- do you have good line-of-sight between the two locations? If so, go with a directional antenna rather than omni or V-shaped. What you're using now (Sunhans SHO-3000) looks to be omni, but I can't tell (the eBay auction I see listing one off doesn't disclose this -- too many wireless products don't disclose their antenna "type", very disappointing these days). A directional antenna, if you have line-of-sight, would do you quite well. But in general I'd recommend using Ethernet + a switch or amplifier if at all possible.
  6. Toastman

    Toastman Super Moderator Staff Member Member

    Please don't set 400, the router's PA cannot run at those power levels. In fact, maximum power on the RT-N16 is reached at a setting of about 60. (This is different to the earlier routers like the wrt54gl). Setting more than that will (perhaps) push the output stage into nonlinearity and start generating interference. Since we don't have a real spectrum analyzer to look at this, we are just guessing really.


    I know that you may be forced by circumstances to do what you need to do to set up this link, but from what you describe, it sounds like it will be very unreliable.
  7. kyrios

    kyrios Networkin' Nut Member

    No, since I use outdoor booster, I set the AP at 20mW (13dBm). Since booster require input dBm is between 5-15dBm.

    OK, at WEB client, I'll lower it into 125mW (21dBm). Since at 125mW (21dBm) and 158mW (22dBm) has no changes both in Noise and RSSI.
    Higher than 158mW only gain more noise but no RSSI improvement.
    Lowering than 125mW (like 100mW=20dBm) reduce (slightly) RSSI but same noise.

    So 125mW - 158mW is an ideal to me.
    Cable length (6m; even stated as LMR400) and connectors (N and also RP-SMA) both add signal loss to some degree
  8. koitsu

    koitsu Network Guru Member

    Thanks for that tip, Toastman. The two routers I maintain (mine and my neighbours) I'll adjust down to 40mW or so (they do need a little bit more umph than the stock value (which I think is 17mW?) given the apartment layouts, else they don't get good coverage at the far end of their flat).
  9. mvsgeek

    mvsgeek LI Guru Member

    My little rural network consists of a main router (RT-N16) and 8 secondaries (one RT-N16, 7 x WRT54GL's) distributed roughly in a bit less than a semicircle, anywhere from 300 to 600 yards from the main. Several secondaries have line of sight blocked by trees. All routers are running Toastman firmware, main is 7483.2, secondaries 7625 or 7633. Main router is connected to L-Com 120 sector antenna, secondaries have a variety of antennas, best results are those which use L-com 14 dBi flat panel. I've had no success at all with yagi antennas.

    I can verify that Toastman's 60mW recommendation works best for me, all routers are set to that value. Anything higher seems to generate "severe" interference at main with associated reduction in data rate and connection drops. Settings have been determined over several years of careful observation, dodging user complaints, and following this forum. Depending on weather etc., secondary router RSSI values are all in the -48 to -72 range.

    I've tried various combinations of WET (WEB?), WDS, with WPA, WPA-2. Once over the hurdle of setup, WDS with WPA/AES has been quite reliable. Using WPA-2, no more than 2 secondaries would connect, hence the use of WPA. I can't use WET everywhere because some secondaries also have to act as Wireless AP's.

    Of course I wish ethernet cable were an option, but since it isn't I have to make the best of what's available.

    And just to keep on topic, all NAT settings are left at default values (loopback=ALL, target = ???).
  10. koitsu

    koitsu Network Guru Member

    Default NAT target should be MASQUERADE. :)

    Always enjoy hearing about people's 802.11 setup, particularly over longer distances!
  1. This site uses cookies to help personalise content, tailor your experience and to keep you logged in if you register.
    By continuing to use this site, you are consenting to our use of cookies.
    Dismiss Notice