Tomato + fwbuilder = problems

Discussion in 'Tomato Firmware' started by linkmaniac, Oct 26, 2011.

  1. linkmaniac

    linkmaniac Addicted to LI Member

    Hi all,
    the last step to in order to get my DMZ working is to configure the iptables. I am not a linux expert and I want to avoid the hard way. I ve already spent hours trying to figure out how iptables are working without much success. Since I don t want to become a linux guru first in order to build a firewall I gave fwbuilder a try (why are things in the linux world so complicated?). Unfortunately tomato is not supported in fwbuilder. I don` t understand why since tomato is getting more and more popular and it s "alive" in contrast to other firmwares, which are "dead" (Applause for the tomato developers!) But anyway...

    The topic was discussed in this forum in the past and apparently there some of us who managed to get fwbuilder to work with tomato. But I haven`t found some instructions or tips how to accomplish that. Can someone please enlighten us about fwbuilder, iptables and tomato in general?

    My generated code with fwbuilder is compiling without errors but when I try to install it I get "failure". As I can see in the log file, fwbuilder can not find the nvram. I uploaded the file for details. If someone can help please do.

    Thanks in advance.

    Attached Files:

  2. Toastman

    Toastman Super Moderator Staff Member Member

    Before going any further it would be helpful to outline what you are actually trying to achieve, why you need to use iptables rather than the existing DMZ within Tomato, what you would like the iptables rule to accomplish, and so on.
  3. linkmaniac

    linkmaniac Addicted to LI Member

    I ve uploaded a file to demonstrate what I m trying to achieve. I hope is clear enough now. My intention is to have only ports opened that I really need. Since my NAS is going to work as web and FTP server I want it to have it separated from my LAN. Kind of...I still need to access from my LAN to downloaded files.But I do not want to have NAS in my home network for security reasons. Besides that I want to be able to connect to outer world via http, https, skype, email from LAN. Almost all my devices are wired or wireless connected to my WHS and to some streaming devices. The DMZ option in tomato lets all ports opened, as far as I know, and I don t want that.

    I don t know how to use iptables to achieve what I want. I think fwbuilder is much easier to use. But on the other hand it generates a script and I am not comfortable with scripts. Do I really need a whole script to configure iptables? Is it not enough to put the rules in the scripts - firewall box? Can I use VPN in conjuction with VLAN in order to access my home network? (I can replace my WRT54GS with my WL500GP in order to run optware if needed)

    Can someone please enlighten me?

    Thanks in advance!

    Attached Files:

  4. teaman

    teaman LI Guru Member

    From your logs, it does look like fwbuilder is looking for the nvram program/binary in the wrong path:
    Logged in
    Tomato v1.28.0875 079V ND VPN
    sh: /usr/sbin/nvram: not found
    sh: /usr/sbin/nvram: not found
    sh: /usr/sbin/nvram: not found
    Have you checked which would be the correct/proper path on your router?

    Here's what I have on mine
    root@none:/tmp/home/root# which nvram
    root@none:/tmp/home/root# ls -l /bin/nvram
    -r-xr-xr-x    1 root    root        36272 Oct 22 13:34 /bin/nvram
    Also, google is your friend:

    At the first results/page, we have:

    The page above mentions something about 'configlets':

    So... I guess it should be a matter of customizing and fine-tuning those templates according to your particular situation ;-)

    Best of luck!
  1. This site uses cookies to help personalise content, tailor your experience and to keep you logged in if you register.
    By continuing to use this site, you are consenting to our use of cookies.
    Dismiss Notice