Tomato Firmware - Wikibooks, collection of open-content textbooks

Seite 1

Tomato Firmware
From Wikibooks, the open-content textbooks collection

Introduction
Tomato is a free open source Linux-based firmware for several Broadcom-based Wi-Fi routers, including the Linksys WRT54G. The major emphasis of Tomato is on stability, speed and efficiency. It is maintained by Jonathan Zarate, who also developed HyperWRT +tofu; The official website is located here (http://www.polarcloud.com/tomato) . Tomato is notable for its web-based user interface that includes several types of bandwidth usage charts, advanced QoS access restriction features , raised connection limits which enables P2P networking, and support for 125 High Speed Mode (marketed by Linksys as "SpeedBooster").

Supported devices
Linksys WRT54G (http://www.linksys.com/servlet/Satellite?c=L_Product_C2&childpagename=US% 2FLayout&cid=1149562300349&pagename=Linksys%2FCommon%2FVisitorWrapper) (v1-v4 only), WRT54GS (http://www.linksys.com/servlet/Satellite?c=L_Product_C2&childpagename=US% 2FLayout&cid=1148435315453&pagename=Linksys%2FCommon%2FVisitorWrapper) (v1-v4 only), WRT54GL (http://www.linksys.com/servlet/Satellite?c=L_Product_C2&childpagename=US% 2FLayout&cid=1133202177241&pagename=Linksys%2FCommon%2FVisitorWrapper) (v1 & v1.1), WRTSL54GS (http://www.linksys.com/servlet/Satellite?c=L_Product_C2&childpagename=US% 2FLayout&cid=1137028967848&pagename=Linksys%2FCommon%2FVisitorWrapper) (no USB support) Buffalo WHR-G54S (http://www.buffalotech.com/products/product-detail.php?productid=117) , WHRHP-G54 (http://www.buffalotech.com/products/product-detail.php?productid=115) , WZR-G54, WBR2G54 Wikipedia:ASUS WL-500g Premium (no USB support) Tomato is not compatible with Linksys WRT54G/GS v5-v7 or newer WRT54G/GS routers.

Features
Dynamic interactive GUI using Ajax (a programming technique that improves the way web pages are displayed and updated), SVG (scalable vector graphics that provide quality graphics within a browser) and CSS-based color schemes (allowing you to change the look and feel of the router configuration screens). CLI (using BusyBox) with access via TELNET or SSH (using Dropbear) DHCP server (using Dnsmasq) with dynamic and static DHCP leases DNS forwarder (using Dnsmasq) with local hostnames, local domain names, and caching of internet addresses Netfilter/iptables with customizable settings, IPP2P and l7-filter Wake-on-LAN

http://en.wikibooks.org/wiki/Tomato_Firmware

15.09.2007 22:19:20

Tomato Firmware - Wikibooks, collection of open-content textbooks

Seite 2

Advanced QoS: 10 unique QoS classes defined, real-time pie graph display of prioritized traffic with drilldown into class details Bandwidth graphing/statistics: real-time, last 5 hours, daily, monthly Wireless modes: access point (AP), wireless client station (STA), wireless ethernet (WET) bridge, wireless distribution system (WDS aka wireless bridging), simultaneous AP and WDS (aka wireless repeating) Dynamic DNS service with ezUpdate and services extended for more providers Syslog viewable through the GUI (also downloadable) SES button control JFFS2 CIFS client Adjustment of transmit power of wireless LAN, antenna selection, and 14 wireless channels 'Boot wait' protection (increase the time slot for uploading firmware via the boot loader) Advanced port forwarding, redirection, and triggering with UPnP page to view and delete UPnP forwarded port mappings Advanced access restrictions Init, Shutdown, Firewall, and WAN Up scripts Uptime, load average, and free memory status Reboot ability, although almost no configuration changes require a reboot Wireless survey page to view other networks in your neighborhood Known bugs in Broadcom-based Linksys firmware fixed

Licensing
While the core source code is licensed under GPLv2, the source code for the user interface is under a more restrictive license which forbids use without the author's permission.

Installing
Before the Upgrade
The GUI relies heavily on JavaScript to generate the content and XMLHTTP (AJAX) to update it. Be careful if you need to use this from an older/minimal browser since it was not designed to downgrade gracefully. This has been tested only on Firefox v1/2, Opera v9 and IE v6/7. The GUI username is "admin" or "root" (username is required), ssh and telnet username is always "root", and the default password is "admin". By default, the SES/AOSS button is programmed to start a password-less telnet deamon at port 233 if held for 20+ seconds. If you run into a problem of not being able to login, you can use this to view or reset the password ("nvram get http_passwd" and "nvram set http_passwd=newpassword"). You can disable this behavior in Admin/Buttons. If you're upgrading from DD-WRT v23 SP2+, be aware that you may get locked-out because of a change in DD-WRT's use of the nvram password key. You have a few options: Push the reset button to reset all the configuration after installing Tomato. Use the SES/AOSS button as described above. Type "nvram get http_passwd" while running DD-WRT and write down the result - this will be your password after loading Tomato.

http://en.wikibooks.org/wiki/Tomato_Firmware

15.09.2007 22:19:20

Tomato Firmware - Wikibooks, collection of open-content textbooks

Seite 3

G\code.bin is for WRT54G v1-4 and WRT54GL v1, GS\code.bin is for WRT54GS v1-3, GSv4\code.bin is for WRT54GS v4, and TRX\code.trx is for the WHR-G54S/ WHR-HP-G54S. If you're just upgrading an existing Tomato firmware from the GUI, any of these will work.

Installing on a Linksys WRT54G, WRT54GL or WRT54GS

Open the Linksys GUI in your browser. The default URL is http://192.168.1.1/. Click the Administration tab, then Firmware Upgrade. Select and upload the correct firmware for your router. Wait for about 2 minutes while the firmware is uploaded & flashed. Log in to the router, and reset factory defaults (under Administration/Configuration/Restore Default Configuration, select the Erase all data in NVRAM (thorough) option and click OK. Router will restart again, and the factory default login is "admin" with a password of "admin".

Installing on a Buffalo WHR-G54S/WHR-HP-G54S in Windows

Warning: Be aware that Buffalo only has encrypted firmwares on their web site. You will not be able to revert back to Buffalo's firmware without an unencrypted version of their firmware. The following is for an initial install on a Buffalo router. If you're already using a third-party firmware or just upgrading a Tomato firmware, try uploading any of the .bin files from the GUI. Plug your computer directly to the router's LAN port. This will not work over a wireless connection. Set your computer's ethernet card settings to: IP=192.168.11.2, mask=255.255.255.0, gateway=192.168.11.1 (Gateway and DNS settings are optional and not needed to flash Tomato). In Windows, you can set this by going to Control Panel, Network Connections, right-click your ethernet card, click properties, then TCP/IP. If you're using Windows, double-click on the whr_install.bat file and be sure to follow exactly the directions that the batch file gives as it runs (it will use ping and automatically use tftp at the right time). After waiting for at least 2 minutes after the initial flash, with the power still on, push the reset button for one full minute to reset the configuration. Release the reset button and allow the unit to boot up before trying to access it. Your router is now at the address of 192.168.1.1 which you can access by manually changing the computer back to 192.168.1.2, subnet 255.255.255.0, Gateway 192.168.1.1 and DNS 192.168.1.1, or simply set your computer back to DHCP (Obtain Automatically in the TCP/IP properties). The tftp -i 192.168.11.1 put code.trx process involves the manual hit and miss timing of running a ping loop and hitting enter at just the right time during the power up sequence. The provided batch file eliminates this hectic method of flashing and has rendered it obsolete. Use the Tomato batch file that is included with the Tomato firmware to flash all compatible Buffalo routers. If you get timeout errors copy the tftp.exe file from Windows/System32/ into the same directory as the .bat and .trx files so the system can find tftp.exe faster.

Installing on a Buffalo WHR-G54S/WHR-HP-G54S in Windows (from DD-WRT)

http://en.wikibooks.org/wiki/Tomato_Firmware

15.09.2007 22:19:20

Tomato Firmware - Wikibooks, collection of open-content textbooks

Seite 4

You can use the DD-WRT web interface to flash to the Tomato firmware. First, obtain the password for the router. Telnet to the router. Assuming your router can be found at 192.168.1.1, you'd type "telnet 192.168.1.1" at a command prompt to login to the router. Type "nvram get http_passwd". Make note of this password for later use. Download the Tomato firmware and extract it. In the "trx" subfolder, rename the file code.trx to code.bin. (DD-WRT does not recognize the .trx file extension as firmware.) Update the firmware via the DD-WRT web interface. The Tomato firmware is now installed. Access the Tomato web interface and browse to Administration > Configuration > Restore Default Configuration. Then select "Erase all data in NVRAM memory (thorough)" and click OK. Please note that the instructions for flashing the firmware via the web interface will only work once you've installed DD-WRT (or perhaps another 3rd party firmware).

Installing on a Buffalo WHR-G54S/WHR-HP-G54S in OS X, Linux, and other Unix-based OS's

Warning: Be aware that Buffalo only has encrypted firmwares on their web site. You will not be able to revert back to Buffalo's firmware without an unencrypted version of their firmware. The following is for an initial install on a Buffalo router. If you're already using a third-party firmware or just upgrading a Tomato firmware, try uploading any of the .bin files from the GUI. Plug your computer directly to the router. This will not work over a wireless connection. Push the reset button for at least 30 seconds to reset the configuration. Unplug power to the router and plug it back in after at least 10 seconds. Set your computer's ethernet card settings to: IP=192.168.11.2, mask=255.255.255.0, gateway=192.168.11.1. Open two terminal windows. In the first one, type and execute this: ping 192.168.11.1 You should now be continually pinging the router. Unplug power to the router. The pings should stop returning now. In the second window, cd to the directory in which your firmware is located. Then execute the following: tftp binary rexmt 1 trace connect 192.168.11.1 Even though the router is still powered down, tftp doesn't actually "connect" when you execute the connect command. Instead, it merely stores the address away until needed. Now, still in the second terminal window, type the following but do not execute yet: put code.trx Now, plug the router back in. The moment you see pings coming across in the first terminal window, execute the put code.trx command you prepared in the second terminal window. If you see a successful transfer, leave the router alone for at least 2 minutes, then unplug the power, wait 10 seconds and plug it back in. Reset your computer's ethernet card settings back to use DHCP. You can also manually enter the following settings: IP=192.168.1.2, mask=255.255.255.0, gateway=192.168.1.1. To login to the router, just go to http://192.168.1.1/ in your web browser. Login name is root, password is admin. Configure your very fine router as desired. (Instructions adapted from DD-WRT Wiki and Chromite's "Guide to install DD-WRT Firmware on a Linksys WRT54G router.")

http://en.wikibooks.org/wiki/Tomato_Firmware

15.09.2007 22:19:20

Tomato Firmware - Wikibooks, collection of open-content textbooks

Seite 5

Upgrading The Firmware

Open the GUI in your browser. The default URL is http://192.168.1.1/ Click Administration, then Upgrade. Select any of the files and click the Upgrade button. Wait for about 2 minutes while the firmware is uploaded & flashed. According to the author, it is not necessary to reset the configuration if you are upgrading from a previous version of Tomato Firmware. If you are upgrading from another firmware, however, a reset is recommended (Tomato's FAQ (http://www.polarcloud.com/tomatofaq#should_i_reset_the_configurati) ). Log in to the router, and reset factory defaults (under Administration/Configuration/Restore Default Configuration, select the Erase all data in NVRAM (thorough) option and click OK. The router will restart. The factory default login is "admin" with a password of "admin".

Menus in Tomato
The following is a listing of all of the available menu options in the Tomato GUI, and their functions.

Status
Provides information on the current condition of the router. Overview The Overview screen shows information on the current state of the router. It is organized into four sections:
System

Gives current overall system status, like the amount of time the router has been running, CPU load, and memory usage.
WAN

Gives information on the Wide Area Network (Internet) connection.

LAN

Gives a summary of the settings related to the Local Area Network, and the MAC Address for the wired portion of the network.
Wireless

Gives information on the wireless portion of the Local Area Network. Device List Provides a list of the current devices that have been assigned an IP address by the DHCP server. Devices are listed by Interface, which indicates where on the router they are connected:

http://en.wikibooks.org/wiki/Tomato_Firmware

15.09.2007 22:19:20

Tomato Firmware - Wikibooks, collection of open-content textbooks

Seite 6

br0 refers to Wired Ethernet (LAN) devices. In other words, devices that are connected to the router on the four Ethernet ports (either directly or via a hub or switch). eth1 refers to Wireless Ethernet (WLAN) devices. In other words, devices that are connected to the router via the wireless radio. vlan1 refers to your WAN (Internet) connection. In other words, the connection to your Internet modem (Cable modem, DSL modem, or upstream router). Logs Allows you to view the Internal system logs (assuming Internal Logging is enabled - see "Logging" under "Administration").

Bandwidth
Displays the Bandwidth of the Interfaces. They can be excluded at Administration/Bandwidth Monitoring Real-Time Displays a chart, updated every two seconds, of the last 10 minutes of bandwidth used. Tabs at the top allow you to select the various interfaces for detail on the bandwidth for that interface. The charts are made up in Scalable Vector Graphics (SVG) . For the graphs to show up you'll need an SVGenabled web browser. Mozilla Firefox has SVG built-in. For Microsoft Internet Explorer you should install a plugin from Adobe. You can find it in the Adobe SVG Viewer download area (http://www.adobe.com/svg/ viewer/install/main.html) . Last 24 Hours Displays a chart, updated every two minutes, of the last 4/6/12/18/24 hours of bandwidth usage and the total data during the period. Tabs at the top allow you to select the various interfaces for detail on the bandwidth for that interface. The charts are also made up in SVG . Daily Displays the summary of daily bandwidth consumption. It also shows the difference in bandwidth usage compared to the day before. Monthly Displays the summary of monthly bandwidth consumption. It also shows the difference in bandwidth usage compared to the month before. The start date of the month can be changed at "Administration->Bandwidth Monitoring->First Day Of The Month" to match the start date of data counter of any particular Internet plan.

Tools
Ping Allows you to ping computers on the Internet to verify connectivity. Simply enter the URL or IP address (Internet only) to ping, customize the number of retries or packet size if you wish, and press [PING]. Results will be displayed when the ping is complete.

http://en.wikibooks.org/wiki/Tomato_Firmware

15.09.2007 22:19:20

Tomato Firmware - Wikibooks, collection of open-content textbooks

Seite 7

Trace Allows you to perform a TRACERT (Trace Route) from your router to any Internet server. Enter the URL or IP address to trace to, and optionally the maximum hops and/or wait times, and press [TRACE]. Results are displayed when the trace is complete. Wireless Survey Scans the local area for other Wireless Access Points, and gives received signal strength information and other data. WOL Allows you to send Wake-on-LAN (WOL) packets to computers on your network. Through ssh/telnet interface you can also issue ether-wake command. Remote SSH enables wakeup via "ssh root@yourwrt 'ether-wake mac-address'" as it can be difficult to get a WOL packet through the nat.

Basic
Controls the most basic settings for the router. Network Allows you to set up the Internet / Wide Area Network (WAN) connection that the router uses, and the basic parameters of the Local Area Network (LAN).
WAN / Internet

Specifies how your router should connect to the Internet. Normally, this is done via an Ethernet cable connected from the WAN/Internet port to a Cable or DSL Modem. Type: Specifies the type of connection used. The rest of the parameters are variable, and based on the type of connection. The default for most Cable modems is "DHCP", meaning that the router simply talks to your cable modem and is automatically assigned an IP address and other connection data. DSL connections generally use PPPoE, which usually requires a username and password (provided by your DSL provider).
LAN

Controls setup of the Local area Network (LAN), which includes settings for wired and wireless clients connected to the router. Router IP Address: The IP address assigned to the router on the LAN. Default is 192.168.1.1. Subnet Mask: The default of 255.255.255.0 means that anything starting in the first three numbers as the router (default 192.168.1.x) is assumed to be on the Local Network. Making this too broad means that some Internet servers may be inaccessible.

http://en.wikibooks.org/wiki/Tomato_Firmware

15.09.2007 22:19:20

Tomato Firmware - Wikibooks, collection of open-content textbooks

Seite 8

Static DNS: Allows you to list a series of DNS servers manually (as opposed to getting them from your Internet Service Provider). Useful if your ISP's DNS servers are slow or unreliable, or if you prefer a different one.
DHCP Server

Dynamic Host Configuration Protocol (DHCP) is a protocol used by networked computers (clients) to obtain IP addresses. Use this to control the IP addresses that your router hands out to computers connected to the Wired or Wireless Local Network. If checked, the router will hand out addresses within the range specified. You may also customize the amount of time before computers on the LAN will renew their IP addresses (the Lease Time) and specify a Windows Internet Name Service (WINS) server if you use WINS.
Wireless

Controls the connection over the Wireless Local Area Network. Enable Wireless: If checked, Wireless access will be allowed. MAC Address: Displays the MAC address assigned to the Wireless radio on the router. Wireless Mode: The normal setting for this is Access Point, which allows clients to connect to this router. The router can also be used in Wireless Distribution System (WDS) mode, and it can also connect to a Wireless ISP in Wireless Client. Note: If the router is used as a wireless client, it cannot be used as an access point at the same time. There is only one radio in the WRT54G series routers. B/G Mode: This may be Mixed (B+G), B-Only (restricted to 802.11b), or G-Only (restricted to 802.11g). If you set this to B-Only or G-Only, connection attempts from the other protocol may be seen as interference. Recommend leaving this set to "Mixed". SSID: Wireless router identifier. Allows you to uniquely identify your router and differentiate it from other routers in range. Broadcast: If checked, the SSID will be broadcast, allowing the router to be found more easily. Disabling this is a very limited security measure. Casual scans will not be able to find the router, but anyone running sniffing software can easily find it. Channel: The 2.4Ghz range channel used by the router. Generally, it is best to use the Wireless Survey under Tools to find any other access points in range, and use the frequency that is the furthest from any other frequency in use. Security: Allows you to secure your wireless connections. WPA and/or WPA2 personal are the most secure protocols. Disabled means all connections are unencrypted and anyone can access the router. WEP is an older encryption protocol. While better than nothing, it is easily broken. Identification Router Name: Allows you to change the name of the router, which appears on login and administration screens. Hostname: Use if your ISP or connection requires it. Domain Name: Use if your ISP or connection requires it. Time Router Time: Displays current router time. Time Zone: Tell the router which time zone you are in so it can adjust to local time. If you set this to Custom, you can enter a string that allows you to customize a time zone. Auto Daylight Savings Time: If checked, the router will compensate for Daylight Savings Time. If not, it will always use Standard Time.

http://en.wikibooks.org/wiki/Tomato_Firmware

15.09.2007 22:19:20

Tomato Firmware - Wikibooks, collection of open-content textbooks

Seite 9

Auto Update Time: How often the router connects to a Network Time Protocol (NTP) server to update its internal clock. Trigger Dial On Demand: If checked, the router will force a connection as needed to update time. If not checked, the router will only check time if a connection to the Internet is already established. NTP Time Servers: List of NTP servers (http://www.pool.ntp.org/) to use to update the time. DDNS w:Dynamic DNS, a special DNS registry/server that can be updated on frequent IP address shuffles. Instead of having to know your IP address each time it changes, a computer on your network can run a special network program that submits your updated IP address, which you can then refer to via a standard URL issued by your DDNS provider. Most DDNS providers offer a free personal account for you to use. As an alternative to running an application on one of your PCs, Tomato provides a built-in DDNS client right in the firmware that supports a number of DDNS providers. For most DDNS providers, you simply select the provider from the pull-down list, and enter your username, password, and hostname. Detailed instructions on operating each DDNS provider's account can be found at their web site. Static DHCP This is a simple way to ensure that each of the clients that connects to your Tomato router gets the same IP address each time. Simply enter the MAC address for your device (which you can find on the "Device List"), and enter your preferred IP address. Generally, it's best to use an IP address that is within the subnet range for your Tomato router, but outside the normal DHCP assignment range. In other words, use an address that starts with the same three numbers (default 192.168.1.x) as your router, but has a fourth number that is not likely to be assigned to any clients by the normal DHCP settings. If you have the DHCP server set to assign IP addresses in the range of 192.168.1.100 to 192.168.1.150, for example, good choices for Static DHCP assignments would be either in the 192.168.1.2 - 192.168.1.99 range, or 192.168.1.151 - 192.168.1.254. Wireless Filter The Wireless Filter allows you to configure which wireless equipped computers may or may not communicate with the router depending on their MAC addresses. While a decent basic security measure, understand that all MAC addresses are transmitted in cleartext, and may be intercepted. This should not be used as a primary means of security.

Advanced
Conntrack / Netfilter Adjustments for the number of connections and persistence for each connection in the Network Address Translation (NAT) table. This is mostly relevant for people who use P2P or other connection-intensive applications on their Internet connections. The connection table has a finite number of entries, and if the entries are all used up, the router cannot make new connections. The only way to free up an entry is to gracefully terminate a connection (normal),

http://en.wikibooks.org/wiki/Tomato_Firmware

15.09.2007 22:19:20

Tomato Firmware - Wikibooks, collection of open-content textbooks

Seite 10

or to have one time out. Since P2P applications rarely drop connections gracefully, they need to depend on the router to time out their connections for them. The most important settings are: Maximum Connections Increasing this may slow down the router slightly. 4,096 is probably a good maximum value. Keeping this too low may eventually result in running out of entries. The default of 2,048 is probably a good minimum value. Clicking on count current next to the input field will tell you how many entries you are currently using. Before increasing this field, consider using the TCP Timeout (below) to recycle existing connections faster, rather than increasing the number of connections. Conntrack TCP Timeout: Established This is the amount of time that an established connection will be maintained after its last activity. Setting this too low will cause active TELNET / FTP connections to be dropped unless you have a keepalive to keep data flowing over the connection. Setting this too high will cause old connections to be retained, wasting entries in the NAT table. Four Hours (14,400 seconds) is a decent compromise, but you have to choose a value that balances retaining valid connections versus killing old ones. In a non-P2P environment, you can set this to several days without any problems (the Linksys default for this is FIVE DAYS, which is why many Linksys routers don't do well for P2P). Most of the remaining settings would generally be used pretty rarely, and are probably present for adjustment by advanced users who might need to tweak their network settings. Many sites recommend adjusting these values using a script such as this one: echo 4096 > /proc/sys/net/ipv4/ ip_conntrack_max echo 2048 > /proc/sys/net/ipv4/neigh/default/gc_thresh2 echo 4096 > /proc/sys/net/ipv4/neigh/default/gc_thresh3 echo "600 1800 120 60 120 120 10 60 30 120" > /proc/sys/net/ipv4/ip_ conntrack_tcp_timeouts However, the two settings in the GUI listed above will accomplish everything the oft-published scripts claim to do, with less effort. Specifically, the Established TCP Timeout setting replaces the "1800" in the last line of the script, and the ip_conntrack_max number is controlled by the Maximum Connections setting. The gc_thresh settings are not really useful, it's better to let Tomato use its defaults for thresholds.

UDP Timeout Tracking / NAT Helpers Miscellaneous DHCP / DNS If you have static DNS entries, "Use Received DNS With Static DNS" will add any name servers received from your service provider. You can view these changes in the resolve file at "/etc/resolv.dnsmasq".

http://en.wikibooks.org/wiki/Tomato_Firmware

15.09.2007 22:19:20

Tomato Firmware - Wikibooks, collection of open-content textbooks

Seite 11

You may also consider adding "strict-order" (without quotes) in the "Dnsmasq Custom Configuration" box. This forces Dnsmasq to send DNS queries to servers strictly in the order that they appear in the resolve file. This is useful if you are using services such as OpenDNS but still want to use your IPS's server(s) as a backup. Without this setting your IPS's DNS server(s) will tend to be favored. Firewall Settings to configure some basic aspects of the router's firewall. Respond To Inbound Ping: If checked the router will respond to ping requests from on the WAN interface. If unchecked, the router will not respond to pings from the WAN. Allow Multicast: If checked, the router will allow multicast packets to reach the LAN. If unchecked, the router will block multicast packets from reaching the LAN. Enable NAT Loopback: If checked, the router allows LAN devices to reach other LAN devices via the router's WAN IP address and a properly configured port forward. If unchecked, LAN devices can only contact other LAN devices via their local IP addresses. MAC Address This sets the hardware address that is seen from the ISP. Some ISPs are set up to only accept the original network card you had when you first started service. Others simply have the modem set to only allow one HW address per boot, so try resetting your modem before changing this. Miscellaneous Boot wait time specifies the length of time the router will pause during startup, before attempting to load the firmware. This pause represents a period where a new firmware can be flashed to the router via TFTP, if the firmware on the flash chip has been corrupted. WAN Port Speed specifies the speed and duplex setting for the WAN interface port. Routing Wireless Controls advanced settings for the connection over the Wireless Local Area Network. Afterburner: When enabled, allows 125 Mbps mode. AP Isolation: When enabled, prevents wireless devices from communicating with each other. If disabled, the unit will switch traffic from one wireless client to another. Authentication Type: Controls whether clients must use shared keys to authenticate. This setting is disabled (i.e. forced) in some security modes. Basic Rate: Sets mandatory rate list transmitted by the AP which must be supported in order to connect. Some old 802.11b clients can only connect if this is set to 1-2Mbps. Beacon Interval: Sets the amount of time between beacon transmissions in milliseconds. A longer interval can save power on sleeping clients. CTS Protection Mode: When set to Auto, enables a mode which ensures 802.11b devices can connect when many 802.11g devices are present. Distance / ACK Timing*: Sets the approximate maximum distance in meters from which clients can connect. May be useful in preventing distant "cantenna leeches" from connecting. It will not prevent snooping, however. Setting to 0 disables this function. DTIM Interval: Sets the amount of time in milliseconds between Delivery Traffic Indication Messages, which tell the client when to expect the next broadcast message.

http://en.wikibooks.org/wiki/Tomato_Firmware

15.09.2007 22:19:20

Tomato Firmware - Wikibooks, collection of open-content textbooks

Seite 12

Fragmentation Threshold: Sets the maximum packet size in bytes before fragmenting it. Frame Burst: Enables frame burst mode which increases throughput but does not work well with more than about three clients. Maximum Clients*: Sets the maximum number of wireless clients that can connect at once. Multicast Rate: Sets the signalling rate used for multicasting. Preamble: Selects long or short preamble for 802.11b. Short will increase throughput, but some older 802.11b devices require the long preamble. RTS Threshold: Sets the minimum packet size in bytes which triggers Request to Send/Clear to Send signalling. A number higher than the Fragmentation Threshold serves to disable the function. It is normally not needed but may be useful in adverse conditions. Receive Antenna: Selects which antenna is used for receiving. These settings are primarily useful for external antennas. Single antenna units should be set to Auto. Transmit Antenna: Selects which antenna is used for transmitting. Transmit Power: Sets the transmit power in milliwatts. High settings may overheat and shorten the life of the transmitter. Transmission Rate: Allows forcing a lower maximum signalling rate, which can be useful in adverse conditions. WMM: Enables Wireless Multimedia extensions which provide automatic QoS and power saving. Primarily intended for wi-fi phones and the like. No ACK: Controls whether WMM packets require acknowledgment. Enabled sets No Acknowledgment which allows higher throughput and lower latency when some packet loss is acceptable (i.e. for VoIP). *New settings for v1.07.

Port Forwarding
Once you have set up your router you will have your own Local Area Network (LAN) managed by the router. You inevitably will have many devices connected to your LAN all using the same internet connection. This causes a problem because different devices on your LAN will need specific data that is coming in from (or going out to) the internet. Port Forwarding allows your router to control the flow of data to and from the internet, and make sure the router knows which device (ie computer, webcam, VoIP telephone etc) connected to your LAN sent/requested/needs each packet of data. Usually packets coming in from the Internet will be in response to some request that one of your devices connected to your LAN has made (ie a VoIP phone making a request to connect a telephone call) . In these cases, the router keeps track of which device made the request, and forwards the response back to that same device. Sometimes however, as in the case of "Server" applications (such as you hosting your own website on a PC within your LAN, requests come in from random locations on the Internet, and you need to tell the router which computer is running the server so that these random requests can be routed to the correct computer. This is generally done by telling the router that any "unsolicited packets" (packets that are not a response to a request from a local computer) on a specific port or list of ports should be forwarded to a specific computer on the network. Finally, there are also "thief jiggling the handle" connections from random corners of the internet. Locking those out is another job of the router. There are a few ways to set this up. Basic

http://en.wikibooks.org/wiki/Tomato_Firmware

15.09.2007 22:19:20

Tomato Firmware - Wikibooks, collection of open-content textbooks

Seite 13

Allows you to specify simple port forwarding (all packets received on the specified External Ports will be routed to the specified Internal Address. eg you can forward all incoming data on ports 5060 and 5061 (used for SIP protocol to initiate a VoIP telephone call) to your VoIP telephone. Optionally, you can change the local port by specifying Int Port. This is also known as Port Redirection. This technique is handy, for example, if you have two web servers. Both could be listening on the default port (80), but the router could be set to forward received packets on Internet Port 80 to Port 80 on the first web server, and packets on Internet Port 81 to Port 80 on the second web server. The "External Ports" box can contain a single port (ie 8080) or a range of ports (5060:5061). The "Int Port" can be left blank. The "Internal Address" is the IP address of the device on your LAN (ie 192.168.1.2) DMZ DMZ, or Demilitarized Zone, allows you to specify one device on your network that will receive all unsolicited packets from the Internet. This can be handy for devices that need largely unrestricted access to the Internet, or for a Web/email server. However, this bypasses all firewall functions of the router for this device, so be sure the device is very well secured. Triggered Port Triggering is an on-demand port forward. The router will look for an outbound connection on a specified port, and will forward all of the requested ports to whatever computer initiated the outbound connection. Under the Trigger Ports, you would enter a list of the ports that your computer will use to initiate the forwarding. Then you specify the ports you want to forward to that computer under Forwarded Ports. Any computer that sends outbound packets on any of the ports listed in Trigger Ports will then have all unsolicited packets received from the Internet on the Forwarded Ports sent to it. UPnP Universal Plug and Play (UPnP) allows devices on your network to set their own port forwards. A computer running a web server, for example, can tell the router to forward all communications on port 80 and/or 443 to it. This allows your local devices to add, delete, and update port forwards at will. There are some security disadvantages to UPnP, such as a trojan horse or other "bad" software package being able to forward ports to a given machine so the malware can use your computer as an Internet server. However, there are also security advantages to UPnP, since any well-behaved UPnP application will request cancellation of its forwarded ports when it shuts down or no longer needs them. This reduces the number of unneeded forwarded ports.

QoS
QoS, or Quality of Service, allows you to prioritize data, slowing down less important data to allow more important data to get through first. This is primarily useful for outbound data (data going from your computers to the Internet). Inbound data cannot be prioritized effectively because it has already passed through the bottleneck (your Internet connection) by the time the router has a chance to evaluate it. QoS in Tomato has ten levels of priority. HIGHEST will always get the very highest priority (use sparingly) and CLASS-E (labeled as E) is the lowest-priority class. If the upstream bandwidth becomes over-saturated (more

http://en.wikibooks.org/wiki/Tomato_Firmware

15.09.2007 22:19:20

Tomato Firmware - Wikibooks, collection of open-content textbooks

Seite 14

packets want to go out than the connection can send), lower-priority packets will be delayed (and possibly eventually discarded) to make room for higher-priority packets. If you like to go more into details of traffic shaping try the WRT54 Script Generator (http://www.hyperwrt.org/ forum/viewtopic.php?id=2002) as an extension to the current QoS implementation (see Tools for details). Basic Settings Enable QoS: If checked, QoS will be enabled. If not checked, QoS will be disabled. Prioritize ACK: Prioritizes the sending of ACK (Acknowledgment) packets. Recommended: Checked (on). Prioritize ICMP: Prioritizes Internet Control Message Protocol packets (PING replies, etc). Strict Rule Ordering: If disabled (unchecked), IPP2P, L7, and KB-based rules are matched first, then simple port- and MAC-based matches are matched in a second pass. If enabled, each rule will be strictly evaluated in the specified order, starting from the top of the list and working downward, until the first match is found. Reset Classification when making changes: If checked, all connections will be reevaluated when a change is made to the QoS rules. If not checked, you may need to restart each application on your PC to reestablish each connection before the rule is applied to that connection. Default Class: If a connection does not meet any of the QoS criteria, it will default to the specified class. If you have a high-priority service (such as VoIP) and a low-priority one (such as P2P), your best bet is to set this to MEDIUM or LOW, then try to classify all of your high priority stuff above this classification, and your low priority stuff below it. This is simply the "catch-all" classification when no rules are found for a connection. Max Bandwidth: One of the major limitations of QoS in most Linksys routers is their inability to determine the upstream speed of the Internet connection. This is true of many router models. The most effective way to tune QoS is to do an Internet speed test with QoS turned off. Then enter about 90% of the tested upstream (upload) bandwidth into the Max Bandwidth field. This will allow the router to properly determine how much bandwidth is available and prioritize packets accordingly. A more detailed explanation of this (targeted for Vonage VoIP users) may be found at http://vonage.nmhoy.net/qos.html Highest - Class E (the percentages under Outbound Rate/Limit): This specifies the minimum and maximum percentages of the connection each classification is allowed to consume. This is allocating, rather than prioritizing, and is useful for cases where you want to specify that certain classes of connection should never receive more than a given percentage of your upload bandwidth. Set each class to 1%-100% to allow each class unlimited access to the bandwidth (with higher priority classes receiving only higher priority, and not "reserved" amounts). Inbound Limit: This allows you to limit the overall amount of data coming in to your router, and allocate maximum percentages of that bandwidth for each QoS service. Note that packets that exceed your limit are simply thrown away, not delayed as in the case of Upload/Outbound QoS. Under certain circumstances, this setting is useful, but is a very inefficient way to control inbound data. Classification

http://en.wikibooks.org/wiki/Tomato_Firmware

15.09.2007 22:19:20

Tomato Firmware - Wikibooks, collection of open-content textbooks

Seite 15

Allows you to specify which connections will get what levels of priority. This will override the default priority set in the Basic Settings page. Classification may be done by MAC address, TCP/IP port, or using more advanced filters like IPP2P or Layer 7 (L7) filtering. All QoS rules are "as seen by your LAN", so SOURCE always means your computer, and DESTINATION always means the Internet. QoS can be classified in a number of ways: Address (first row in "Match Rule" Column): Identify the packet based on the IP or MAC address that is making the request, or the IP address that is being contacted. Example: If you have a VoIP device on your network that needs very high priority, you would set "Address" to "Src MAC" (source MAC address) and key the MAC address of the device, then set the priority to HIGH or HIGHEST. Protocol/Port (second row): Identifies the packet based on the Protocol (TCP, UDP, etc) and/or Port Number (or list of numbers) that the connection is being made on. IPP2P (third row): An attempt to identify P2P applications. Easily fooled by P2P Encryption, this is still useful for identifying some P2P applications. L7 (Layer 7, third row): A sophisticated filter that can classify a number of applications. Again, for P2P, easily fooled by Encryption, but still useful. NOTE: Address and Protocol/Port are the fastest and most efficient ways to match. IPP2P is slow, and L7 is even slower. If at all possible, use Address and Protocol/Port before resorting to IPP2P or L7. Too many L7 or IPP2P rules can cause your router to crash or restart. If you are experiencing frequent crashes and restarts under heavy load, these may be the cause.
QoS Rule Example: Setting Web Browsing to HIGH

Under Match Rule Column: First row = "Any Address", field to its right is blank Meaning this rule applies to any connection to the Internet on any server Second row = "TCP", "Dst Port", "80,443" Meaning that this rule applies to all TCP connections that are trying to connect to port 80 (HTTP) or 443 (HTTPS) on an Internet server Third row = "IPP2P (Disabled)", "Layer7 (Disabled)" Meaning that we do not want to apply any IPP2P or L7 rules Fourth row = "" "" (kb transferred) Meaning we do not want to match by amount transferred Under Class Column: "High" Meaning anything matching this rule will be assigned a HIGH priority in upstream Under Description Column: Assign any reasonable description. "WWW" or "Web Browsing" would be good here. This is not used except on this screen, to identify the connection for your future reference. View Graphs One of the most powerful features of Tomato, this allows you to view (in near-real-time) the current outbound connections and how the QoS engine is classifying them. This allows you to view how effective your QoS settings are, and whether they are capturing the connections you want them to. Simply click on any of the classes to view the list of specific connections for that class.

http://en.wikibooks.org/wiki/Tomato_Firmware

15.09.2007 22:19:20

Tomato Firmware - Wikibooks, collection of open-content textbooks

Seite 16

View Details Lists each connection that has recently been made through the router, and what QoS class was assigned to that connection. Clicking any entry will attempt to do a reverse lookup on the destination TCP/IP address, or you can click on the "automatically resolve addresses" checkbox at the bottom of the list to resolve all addresses in the list (this can take a while).

Access Restriction
Set time, computer, and protocol based bans on Internet access.

Administration
Admin Access Controls the various means that can be used to access the router for administrative purposes. All services use the same password, which is changed at the bottom of this page.
Web Admin

Controls access to the router via a web browser. The web username may be "admin" or "root". Local Access: Determines whether and how the router may be accessed from a web browser on a local computer (a computer attached to the router, or attached to a switch or hub attached to the router). Access can be via HTTP (regular web), HTTPS (SSL-encrypted web), both, or disabled. Remote Access: Determines whether and how the router may be accessed from a web browser from the WAN (Internet) side of the router. It is not recommended that this be enabled, and if it must be enabled, consider using the HTTPS method, which at least encrypts your session data. Allow Wireless Access: If checked, wireless clients on your local network can access your router's administration screens using the same method as wired clients. This has no effect on Remote Access.
SSH Daemon

Controls the Secure SHell (SSH) server that is installed on the router, which allows secure (encrypted) command-line access to the router. The SSH username is always "root". Enable at Startup: Specifies whether the SSH Daemon is started when the router starts up. Remote Access: If checked, you will be able to access the router via SSH from the Internet and the Local Network. If unchecked, only clients on the Local Network will have access. Port: Specifies the TCP port used by the SSH daemon (default = Port 22). Allow Password Login: If checked, you can use the router username and password to enable a connection to the command line. If not checked, key authentication will be required. Authorized Keys: Enter authorized keys for key authentication (a more secure alternative to passwordbased logins).

http://en.wikibooks.org/wiki/Tomato_Firmware

15.09.2007 22:19:20

Tomato Firmware - Wikibooks, collection of open-content textbooks

Seite 17

[Start Now] / [Stop Now] Starts or stops the SSH Daemon.

Telnet Daemon

Controls the Telnet command-line server built into the router. Telnet access is only allowed on the Local Network. The Telnet username is always "root". Enable at Startup: Specifies whether the Telnet daemon is enabled when the router starts up. Port: Specifies the Ethernet port used by Telnet (default = Port 23). [Start Now] / [Stop Now] Starts or stops the Telnet Daemon.
Password

Allows you to specify your password. It is highly recommended you change this immediately after the installation. Enter the same password into both fields, and click on Save. After changing your password, you will need to re-authenticate your session (you may need to shut down and restart your browser to clear the current authentication). Bandwidth Monitoring
Bandwidth Monitoring

Enable: Save History Location Save Frequency Create New File / Reset Data: Enable if this is a new file First Day Of The Month: Excluded Interfaces: Comma separated list of Interfaces (Example: vlan0,vlan1,eth0)
Backup Restore

Buttons / LED Change the action performed by the button. Different actions can be set for different lengths of time the button is held down (Count the DMZ blinks). The default actions are (1) tap to toggle wireless and (2) hold 20 seconds to start telnet on port 233. The LED lights have some minor checkbox settings. For better effect, you can use the "led" command inside scripts elsewhere.
SES/AOSS Button Startup LED

CIFS Client

http://en.wikibooks.org/wiki/Tomato_Firmware

15.09.2007 22:19:20

Tomato Firmware - Wikibooks, collection of open-content textbooks

Seite 18

The CIFS client in Tomato allows you to mount a Windows- or Samba-share, that you can use as a history location for the bandwidth monitoring. In the configuration UNC (Universal Naming Convention) points to that share and has to look as follows: \\192.168.1.99\jffs where 192.168.1.99 is the IP-address of the computer the share is located on and "jffs" is the shared foldername. The rest of the settings (username, password) speak more or less for themselves. It is advised to use "security = user" when using Samba, to avoid errors like these: smb signing is incompatible with share level security ! Configuration Allows you to back up all your settings to your PC, restore them, or reset the router to factory defaults. When changing from one firmware to another, it is important to do a complete factory reset on your router. In Tomato, you go to this screen, select Erase all data in NVRAM (thorough), and click OK. When the router reboots, you will need to rekey all of your configuration settings manually. Debugging (Miscellaneous) Avoid performing an NVRAM commit: If checked, changes are not committed to NVRAM if possible. This means that changes are temporary, and will not persist beyond the next reboot of the router. Do not erase some intermediate files: Enable cprintf output to console: Enable cprintf output to /tmp/cprintf Count cache memory as free memory: Avoid displaying LAN to router connections: If checked, LAN to router connections are not displayed on the QOS pages. If not checked, LAN to router connections are displayed on the QOS pages as "Unclassified" connections.

Download CFE: Download NVRAM Dump: Download Iptables Dump: Download Logs:

Console log level: Clear Cookies: NVRAM Commit: Commits all current settings to NVRAM, such that they survive rebooting. JFFS2 In a router with 4MB flash, there's still some space leftover from the firmware. JFFS2 is the compressed, writable filesystem for the extra space, the /jffs folder gives 700KB after overhead but BEFORE compression. Turn this option on, and script some add-on executable to run from here.

http://en.wikibooks.org/wiki/Tomato_Firmware

15.09.2007 22:19:20

Tomato Firmware - Wikibooks, collection of open-content textbooks

Seite 19

Logging Logging may be done internally or externally. Internal logs save information to the router's local memory. External logs send the log information to a computer running software like WallWatcher, where the logs can be captured and analyzed without taking up memory on the router. Log Internally saves the connection logs to the internal memory of the router, where they may be extracted or viewed directly on the "Logs" page under "Status". These logs will consume router memory, but may be viewed directly on the router itself. Log Externally sends the logs to a computer on your LAN. That computer must be running a log capture program, like WallWatcher. The computer can then show you the connection logs and analyze the data. The remainder of the settings allow you to specify what types of connections you want logged, and to place a limit on the number of log entries per minute to send. Scripts You can enter commands to be run at Init (startup), Shutdown, Firewall startup, or WAN Up (whenever the Internet connection comes up). Example script 1 Access the web interface of the modem connected to the WAN port of the router. In this example, the modem has the IP address 10.0.0.138. Both IP addresses used in the script below begins with 10.0.0. The 1st address can end with anything other than 138 but the second address must end with 0. In Init
sleep 5 ip addr add 10.0.0.10/24 dev vlan1 brd +

In Firewall
/usr/sbin/iptables -I POSTROUTING -t nat -o vlan1 -d 10.0.0.0/24 -j MASQUERADE

Example Script 2 Establish a limit of 125 TCP connections per user. In Firewall
iptables -I FORWARD -p tcp --syn -m iprange --src-range 192.168.22.10-192.168.22.250 -m connlimit -connlimit-above 125 -j DROP

Note : 192.168.22.10 - 192.168.22.250 is the LAN address range to be controlled. Upgrade

http://en.wikibooks.org/wiki/Tomato_Firmware

15.09.2007 22:19:20

Tomato Firmware - Wikibooks, collection of open-content textbooks

Seite 20

Allows you to load a new firmware to the router (either a newer version of Tomato or an entirely different firmware). Note: When changing from any firmware to any other firmware (stock Linksys -> Tomato, for example), it is important to clear the NVRAM and restore the factory default settings. Instructions on doing that will vary from firmware to firmware, but there is generally a factory reset option (in Tomato, this is located under Administration/Configuration/Restore Default Configuration

About
Shows information about: the version of tomato the copyright advice a direct http-link to tomato homepage the build date of the used firmware a donation button for the project an acknowledgment to all concerned people

Reboot...
Restarts the router (without erasing any settings).

Shutdown...
Turns the router off (controlled shutdown)

Logout
Logs you out of the firmware (clears your user session). This will dump you back to the initial login, where you are asked to present your credentials again (which causes occasional confusion, with people reporting that they "need to log in in order to log out"). Once you see the password prompt, you are logged out. Just hit cancel and you will end up at the "Unauthorized" page.

Additional Notes
Known Problems
There is no help file despite a Tomato FAQ (http://www.polarcloud.com/tomatofaq) . In some cases, you may need to reboot the router manually before the changes go into effect. If the changes involve switching wireless settings, you may need to reboot both ends. (Hasn't known to happen with the latest 1.07 firmware) Not all wireless modes / security combinations work. For example, WET, Client and WDS will not work in WPA2. CIFS VFS timesout a lot. (or it might the server kicking the client off...)

http://en.wikibooks.org/wiki/Tomato_Firmware

15.09.2007 22:19:20

Tomato Firmware - Wikibooks, collection of open-content textbooks

Seite 21

Graphs/SVG may not work with all browsers. Firefox: Use 1.5 or higher. Internet Explorer: Use Adobe SVG (http://www.adobe.com/svg/viewer/install/) . Opera: Use 9.0 or higher. Safari: Doesn't support SVG (2.0.x). Safari/WebKit nightly: Bandwidth Monitor works, but not QOS graph (r17960).

QoS / Access Restrictions Notes

All QoS classification and access restriction checking are performed while packets are traveling out to the Internet (outbound). The source is always from your computer and destination is always towards the Internet. If you like restrict inbount traffic you have to implement traffic shaping. Try the WRT54 Script Generator (http://www.hyperwrt.org/forum/viewtopic.php?id=2002) as an extension to the current QoS implementation (see Tools for details). Why L7/IPP2P doesn't work all the time: These work by matching known patterns in packets. Some protocols produce reliable uniquely identifiable signatures, but some do not. A change in the protocol's design can sometimes break these. Some L7/IPP2P patterns may depend on which direction the data is going. For example, an HTTP request from a browser is different from an HTTP response from a server. Custom L7 patterns can be stored in /etc/l7-extra/ (you need to create the directory). It's up to you to actually populate it before the firewall starts. This can be tricky if you're using external storage, so consider just using JFFS2 or even simple "echo" statements in the startup script. To learn more about L7 patterns, go to l7-filter.sf.net. When testing changes to the QoS rules, restart the application on your computer to make sure it's connection is re-classified under the new rule. You can also enable "reset classification when making changes" instead. Although there is an option to limit the download speed, it's not really recommended in most cases since what the router is really doing is dropping packets, which means they may need to be re-sent again over a slow Internet link. KB transferred match: This is the to-WAN data transferred in kilobytes. Consider the amount an approximate value since it doesn't take into account protocol overhead. Entering an upper limit of 1GB (1,048,576KB) or more is considered unlimited and will match anything above 1GB. IPP2P may not work properly with this since IPP2P doesn't keep track of its state. Sticky rules: IPP2P/L7 are sticky in that once they match, no other rules are processed. IP/MAC/port-only matches can also be sticky if there are no IPP2P/L7/KB matches above them. When coupled with a KB transferred match with an upper limit, they are not considered sticky. What this all means is you should watch out for rules like the following: "#1: L7 ABC & 1024KB+, #2: L7 ABC", the #1 rule may not match at all since #2 will lock-on if it sees L7 ABC within 0-1024KB. To get around this particular case: "#1: L7 ABC & 0-1024KB, #2: L7 ABC & 1024KB+." Precedence: The rules are checked in the same order as they appear in the GUI, from top to bottom. The first rule that matches sets the class. If you disable "strict ordering", rules with IPP2P, L7 and KB matches are grouped in one set and are checked first, the rest in another.

http://en.wikibooks.org/wiki/Tomato_Firmware

15.09.2007 22:19:20

Tomato Firmware - Wikibooks, collection of open-content textbooks

Seite 22

If you're concerned about performance: IPP2P and especially L7 are slower than simple IP, MAC or port matches.

Miscellaneous Notes
Some NVRAM settings may not be compatible with other firmwares. A config reset is recommended after flashing to or from this firmware. You can enter a custom DDNS URL like the following: http://www.mycustomdns.com/ update.cgi?username=scooby&password=spooky&ip=@IP. The "@IP" keyword is automatically replaced with the current IP address. Check with your DDNS provider for the exact format to use. The Busybox crond included in Tomato is a little different from the Vixie crond found in HyperWRT, DD-WRT, etc. To make it easier and safer to schedule a job, use the helper script called "cru" instead of manually changing the config file. Want to try changing things without permanently writing them to nvram? Go to Admin: Miscellaneous and enable "avoid performing an nvram commit." When you're done playing around, reboot to discard the changes, or use the "nvram commit" button to save the changes. Some GUI settings, like refresh time, are saved as cookies. Linksys' password protected TFTP upgrade will not work with Tomato. If you need to use TFTP to upgrade the firmware, use the bootloader's TFTP upgrade feature. If you're saving the bandwidth history, don't forget to backup the data to another location!

Tools
WRT54 Script Generator (http://www.hyperwrt.org/forum/viewtopic.php?id=2002) : A little application that generates scripts for traffic shaping. This script generator main purpose is to limit bandwidth of users that are connected to WRT (ex. share connection in fair way). Script shape traffic on LAN and WLAN. QoS is shaping outgoing traffic on WAN (vlan1) so if you try to shape traffic on vlan1 you will destroy actual QoS. This scripts are working without problems with enabled QoS. QoS prioritize outgoing traffic and you can also set speed limits to several (all users). It's good for people that are chooking Your connection.

Support
Tomato (eng) (http://www.polarcloud.com/tomato) Tomato FAQ (eng) (http://www.polarcloud.com/tomatofaq) . Linksys (eng) (http://forums.linksys.com/linksys) Linksysinfo (eng) (http://www.linksysinfo.org/) Openlinksys (pol) (http://www.openlinksys.info/)

Weblinks
Tomato Project Page

http://en.wikibooks.org/wiki/Tomato_Firmware

15.09.2007 22:19:20

Tomato Firmware - Wikibooks, collection of open-content textbooks

Seite 23

The project page may be found at http://www.polarcloud.com/tomato

Bridging a Linksys WRT54G and Belkin 7230-4 Wirelessly after many hours of searching and reading I found this, and it works. Connected wired to the belkin now and it is wirelessly linked to my buffalo running tomato which connects to my Cable Modem . Now I can ditch a long ugly CAT5 cable and can connect 4 wired devices and have improved signal strength for my wireless devices. Bridging a Linksys WRT54G and Belkin 7230-4 Wirelessly (http://www.fatwallet.com/forums/ messageview.php?start=40&catid=28&threadid=451746) Tomato Firmware Frappr! Frappr! Maps are like a triple mash-up of an online guest book, a hit log and a map -- three services that, combined, create a fun and visually appealing environment that will keep Web site visitors coming back for more.. Tomato Firmware World Map (http://www.frappr.com/tomato)

WRT54G JTAG To AVR Cable a simple/free way to program one of Atmel's AVR microcontrollers for those that already have the WRT54Gstyle JTAG cable: WRT54G JTAG To AVR Cable (http://www.polarcloud.com/others) Tomato (Firmware) - German (deutsches) Wikibook Tomato (Firmware)

Wikipedia Hardware routers Wireless networking Linux based devices Retrieved from "http://en.wikibooks.org/wiki/Tomato_Firmware" This page was last modified 22:27, 14 September 2007. All text is available under the terms of the GNU Free Documentation License (see Copyrights for details). Wikibooks is a registered trademark of the Wikimedia Foundation, Inc.

http://en.wikibooks.org/wiki/Tomato_Firmware

15.09.2007 22:19:20