Discussion started by infinity005, Mar 8, 2008.

    I'm trying to use tomato with a Wireless ISP.

    It seems the WAN and LAN interfaces are hard coded. I would need to switch them around to use the wireless for the WAN, give the wireless interface a DHCP IP, and finally NAT the wireless interface. Is this possible and if so how can I achieve this?

    I use Tomato with a WISP. I connect my WAN port directly to the SM just like you would to a DSL or Cable modem.

    Or are you looking to use Tomato on a SM/CPE connecting to the WISP's AP wirelessly?
    Client-mode (safer for your setup) or Client-bridge. They're pretty straightforward to setup. Is the Wireless ISP a metro (free) hotspot, or is a neighbor's open connection (shame on you)??

    WISPs falll into three categories; Fixed, Mobile, and Hotspot/Metro.

    With Fixed, there is a Subsciber Module also known as Customer Premise Equipment (CPE) that the WISP often retains ownership and control of. This is an important facet as the CPE can degrade the service for all connected subs. Some WISPs run standard 802.11, others a variation on 802.11 like narrower channels or polling MAC, while some run proprietary non-802.11 systems. They all have a variety of access control methods.

    Mobile is like EVDO where there is purpose built subscriber cards that the customer usually buys.

    Hotspot/Metro is more like your standard home WiFi that can be accessed by any WiFi client. Some Fixed wireless operators will run a mix that includes this. They either partition their networks to limit degradation or they don't and it is a giant crapshoot.
    In my area they use Tropos gear that they attach on the exterior of your house and rerouting it to a router can make sharing easier. They are directional panel type antenna/router units. But speed/reliability is lousy. A couple years ago, they were using 900MHz gear for the fixed wireless, they had better range but speed wasn't so great as well. In my local Fry's they were selling EVDO routers for less than $70 that no one was buying. DSL is still the cheapest, not necessarily fastest, way to get on the net. Still waiting to see if WiMax will ever be popular.

    I live in the country where DSL is not currently available. The only option is satellite or WISP. There are two WISPs and the first WISP I used ran wide open 802.11 APs with PPPoE tunnels. Any promiscuious WiFi client could associate to the AP and many did. The WISP even allowed subscribers to directly associate to their AP with laptops or any client and with the PPPoE connectoid, they were in. The service was hit and miss.

    I since switched to another WISP that uses Motorola Canopy which is a closed system. It is much faster and very stable. the Canopy SM is just like DSL modem and my Tomato uses PPPoE to connect.

    In town, I operate a wired and wireless internet portal with a dozen APs. In the beginning I ran the APs open like most hotspots but I found that too many promiscuous clients were associating to my APs and hammering them. I have a captive portal and firewall that they could get past but it didn't stop them from trying. I worried that these uninvited clients may try to steal IPs or MACs to try to get through, do MiTM attacks, or just ARP poision to do DoS. I have since secured all my APs with WPA.
    I use Tomato with my WISP. I have fixed wireless. Though I still can't figure out how to get open ports to work. Since my WISP has me behind a NAT.
    client-bridge+UPnP can oftentimes open proper ports, assuming it hasn't been deactivated by WISP. Can you describe your setup/hardware in more detail?
    I think because i'm behind a NAT is doing something, since it seems I have a shared IP as well.

    My setup is WISP Box, Linksys wrtgl with tomato 1.17, comp 1 hooked into hub on router, 2nd port to ps3, 3rd port to a GB switch, and 2nd and 3rd comp hooked to the gb switch. Trying to forward a port to the 2nd comp on the Gb switch, which I assigned an IP outside of the DHCP range I setup in the router, and still no go.
    If your WISP has you behind NAT, they will have to forward the port for you.
