#294338 - 27/02/2007 13:54
Tomato!
|
carpal tunnel
Registered: 27/06/1999
Posts: 7058
Loc: Pittsburgh, PA
|
I know there are quite a few owners of Linksys/Buffalo routers here who are using 3rd-party firmware, so I thought I'd post a quick review of Tomato firmware. Someone posted a Digg story about it yesterday, and opinions of it seemed pretty high, so I gave it a shot. In the past, I've tried everything from Sveasoft to Talisman to DD-WRT, and most recently, OpenWRT/X-Wrt, but never quite found true happiness. Some have clean web interfaces but no easy access to advanced features, some have the power user stuff but not the stability, but none have (in my opinion) hit the sweet spot between usability and functionality. Tomato pretty much hits that spot, for me at least. The web interface seems a bit pedestrian at first glance, but it's got a lot of powerful configuration hidden beneath the surface. The "glitzy" feature of the web interface is the bandwidth monitor, which shows real-time SVG graphs of network traffic on any interface, or historical data from the last few hours, days, or whatever you want. Bandwidth data can even be logged to a CIFS share so you can keep long term historical data. The QoS interface is magnificent as well. Not only can you fully configure QoS easily, but you can see pretty graphs of how your traffic is classified, which is helpful in setting up new filters. The interface makes extensive use of AJAX to make data entry easier, so you don't always have to submit a web form for every small change. I can't think of a single major feature from the other firmware I've used that isn't present in Tomato, other than an NTP server (it's got an NTP client.) Port triggering, DMZ, RIP routing, DynDNS auto-update, ssh access, etc. are all there. I don't think there's any "package repository" for customizing Tomato like one does with OpenWRT, but I found the need to re-add my packages every time I upgraded OpenWRT to be more of a nuisance than it was worth. Network speed and stability has improved as well. I was having problems with OpenWRT streaming content between the floors of my apartment, but now I can watch high quality streams from my ReplayTV upstairs without hiccups. Tomato has also fixed a problem I had where I'd get duplicate pings when using the WET bridge mode. Anyway, my home network with 4 WRT54G units is running very happily with Tomato, and I don't think I'll be going back to OpenWRT anytime soon. If you're unhappy with your current firmware, I think it's worth a shot.
|
Top
|
|
|
|
#294339 - 27/02/2007 14:47
Re: Tomato!
[Re: tonyc]
|
carpal tunnel
Registered: 24/12/2001
Posts: 5528
|
Ooo... shiny...
I'll have to give it a try on my various Linksys routers.
|
Top
|
|
|
|
#294340 - 27/02/2007 16:10
Re: Tomato!
[Re: tonyc]
|
old hand
Registered: 07/01/2005
Posts: 893
Loc: Sector ZZ9pZa
|
Excellent, thanks.
Looks really good, but can't see enough advantage over DDWRT for me to change at the moment. I have Cacti graphing my WRT54G by SNMP, so the pretty graphs haven't sucked me in.
Neat firmware anyway.
|
Top
|
|
|
|
#294341 - 27/02/2007 19:22
Re: Tomato!
[Re: tonyc]
|
carpal tunnel
Registered: 12/11/2001
Posts: 7738
Loc: Toronto, CANADA
|
I'll be giving this a try for sure. I used to use SVEASOFT but since replacing my router decided not to go back to it. I've actually been running for almost a year with the stock Linksys firmware. It's been usable because I haven't been taxing my net connection, otherwise I'd have severe QoS issues with my VOIP connection.
Does Tomato have an interface to assign static IP's? Can you name those IPs (only need it for visual use in the interface)? Can you name MAC address entries in a WiFi MAC filter? Right now I've got a ton of address in my filter list and have practically no clue which belongs to which machine (and which are not even needed anymore).
|
Top
|
|
|
|
#294342 - 27/02/2007 20:49
Re: Tomato!
[Re: hybrid8]
|
carpal tunnel
Registered: 27/06/1999
Posts: 7058
Loc: Pittsburgh, PA
|
Quote: Does Tomato have an interface to assign static IP's?
Yes.
Quote: Can you name those IPs (only need it for visual use in the interface)?
Yes.
Quote: Can you name MAC address entries in a WiFi MAC filter?
I dunno. There's no field for naming them in the interface, but maybe there's some kind of comment character or something that it will store but ignore. You might be outta luck on this one.
|
Top
|
|
|
|
#294343 - 27/02/2007 20:50
Re: Tomato!
[Re: tonyc]
|
old hand
Registered: 16/02/2002
Posts: 867
Loc: Oxford, UK
|
Within Tomato's port forwarding menus (or thereabouts), do the port forwarding rules allow the specification of the WAN source IP?
In other words, for example, I want to forward VNC connections (TCP 5900) from the WAN to 192.168.0.1 on the LAN but *only* if they originate from my employer's fixed IP of 12.34.56.78
DD-wrt, Thibor etc. don't offer this functionality through the GUI, instead you have to tussle with Firewall Builder and scripts etc. Unfortunately, I don't have any Tomato-supported devices to check for myself.
|
Top
|
|
|
|
#294344 - 27/02/2007 20:55
Re: Tomato!
[Re: AndrewT]
|
carpal tunnel
Registered: 27/06/1999
Posts: 7058
Loc: Pittsburgh, PA
|
No, that type of thing isn't in the port forwarding config. It's also a bad idea for the purpose you're using it for, because anyone can spoof the employer IP address and get to your VNC port. You can, of course, do it with iptables rules (there's a place for custom ones in the Tomato config) but the smarter thing to do is tunnel VNC through your SSH port so you get a legitimate form of authentication/encryption.
|
Top
|
|
|
|
#294345 - 27/02/2007 21:13
Re: Tomato!
[Re: tonyc]
|
carpal tunnel
Registered: 25/12/2000
Posts: 16706
Loc: Raleigh, NC US
|
It's hard for them to get responses, though, and I doubt what he's concerned about is DoS on his VNC server, but someone being able to gain access to his VNC server. Of course, you're the security professional, not me.
That said, there are (I believe) several versions of VNC with adequate encryption and authorization schemes built in. UltraVNC comes to mind, since that's the one I tend to use, but I believe others have similar features.
_________________________
Bitt Faulk
|
Top
|
|
|
|
#294346 - 27/02/2007 21:15
Re: Tomato!
[Re: wfaulk]
|
carpal tunnel
Registered: 27/06/1999
Posts: 7058
Loc: Pittsburgh, PA
|
I use UltraVNC myself, and didn't remember there being any kind of strong authentication/encryption. Maybe I didn't look closely enough, though.
|
Top
|
|
|
|
#294347 - 27/02/2007 21:17
Re: Tomato!
[Re: tonyc]
|
carpal tunnel
Registered: 25/12/2000
Posts: 16706
Loc: Raleigh, NC US
|
_________________________
Bitt Faulk
|
Top
|
|
|
|
#294348 - 27/02/2007 23:12
Re: Tomato!
[Re: tonyc]
|
old hand
Registered: 16/02/2002
Posts: 867
Loc: Oxford, UK
|
Quote: No, that type of thing isn't in the port forwarding config.
This feature is something I've only ever seen in the higher end firewall/routers and that's a pity. I could be way off the mark here but I'm sure it's fairly trivial to expose this in the GUI (if you know what you're doing, of course!
Quote: It's also a bad idea for the purpose you're using it for, because anyone can spoof the employer IP address and get to your VNC port.
The chances of someone knowing my work IP and spoofing it while attacking the VNC port on my dynamic home IP is a risk I'll live with!
|
Top
|
|
|
|
#294349 - 05/03/2007 02:01
Re: Tomato!
[Re: tonyc]
|
carpal tunnel
Registered: 18/06/2001
Posts: 2504
Loc: Roma, Italy
|
Quote:
Quote: Can you name MAC address entries in a WiFi MAC filter?
I dunno. There's no field for naming them in the interface...
I couldn't find anyting useful for this. That's too bad. I would have loved it too.
Edited by taym (05/03/2007 02:02)
_________________________
= Taym = MK2a #040103216 * 100Gb *All/Colors* Radio * 3.0a11 * Hijack = taympeg
|
Top
|
|
|
|
#294350 - 05/03/2007 13:10
Re: Tomato!
[Re: Taym]
|
carpal tunnel
Registered: 12/11/2001
Posts: 7738
Loc: Toronto, CANADA
|
I'm running Tomato now and so far so good.
The biggest thing missing from most of these firmwares is consistency in the UI. They'll apply some property to some feature and then miss it from a feature that is very similar. Like the naming of static assignments but not being able to do much with the WiFi filter.
I also notice that Tomato doesn't list the names already assigned to my Squeezebox as the Linsys default firmware did. I had to name the SB manually in Tomato's own UI.
Bruno
|
Top
|
|
|
|
#294351 - 14/06/2007 14:34
Re: Tomato!
[Re: hybrid8]
|
carpal tunnel
Registered: 18/06/2001
Posts: 2504
Loc: Roma, Italy
|
Ok, I have this router available, and I do not know if I should use it to replace my WRT54G.
Does anybody know if there's any unofficial firmware for the WRT300N ? I can't seem to find anything on a google search.
_________________________
= Taym = MK2a #040103216 * 100Gb *All/Colors* Radio * 3.0a11 * Hijack = taympeg
|
Top
|
|
|
|
#294352 - 14/06/2007 15:11
Re: Tomato!
[Re: Taym]
|
carpal tunnel
Registered: 25/12/2000
Posts: 16706
Loc: Raleigh, NC US
|
DD-WRT v24 beta supports it. Here is today's build of it. I have no idea if it actually works or not. There's a thread about it. Apparently v1 vs v2 is a big deal.
_________________________
Bitt Faulk
|
Top
|
|
|
|
#294353 - 15/06/2007 13:25
Re: Tomato!
[Re: wfaulk]
|
carpal tunnel
Registered: 18/06/2001
Posts: 2504
Loc: Roma, Italy
|
Thank you. I wonder if WRT 300N firmware source code has been released as well. Anyway, I decided to try it. I have a N pcmcia card, and I am curious to see how much faster the connection is going to be.
_________________________
= Taym = MK2a #040103216 * 100Gb *All/Colors* Radio * 3.0a11 * Hijack = taympeg
|
Top
|
|
|
|
#294354 - 15/06/2007 13:31
Re: Tomato!
[Re: Taym]
|
carpal tunnel
Registered: 25/12/2000
Posts: 16706
Loc: Raleigh, NC US
|
From my research yesterday, it appeared that the source code has been released, but there are issues with the driver for the wireless interface, and due to those issues, the wireless has been slow. If I were you, I'd probably stick with the Linksys firmware for now.
_________________________
Bitt Faulk
|
Top
|
|
|
|
#294355 - 15/06/2007 13:37
Re: Tomato!
[Re: wfaulk]
|
carpal tunnel
Registered: 18/06/2001
Posts: 2504
Loc: Roma, Italy
|
Yes, I was reading that too. I agree, that's what I'll do for now. As a matter of fact, I guess all I am interested in is that there is opportunity to improve WRT300N features. Since there seem to be, it's probably worthed to replace the old WRT54G and try this new one. Mostly, am hoping my apartment will be better covered by the three antenna system. As I have some experience with this, I'll share my impressions here.
_________________________
= Taym = MK2a #040103216 * 100Gb *All/Colors* Radio * 3.0a11 * Hijack = taympeg
|
Top
|
|
|
|
#294356 - 15/06/2007 14:29
Re: Tomato!
[Re: Taym]
|
pooh-bah
Registered: 12/02/2002
Posts: 2298
Loc: Berkeley, California
|
Quote: Mostly, am hoping my apartment will be better covered by the three antenna system.
You must have a nice appartment!
Matthew
|
Top
|
|
|
|
#294358 - 15/06/2007 16:27
Re: Tomato!
[Re: matthew_k]
|
carpal tunnel
Registered: 18/06/2001
Posts: 2504
Loc: Roma, Italy
|
Bruno is correct. I wish the problem was the distance from one end of the apartment to the other There are just 3 walls from the antennas to one of the desks where I use my laptop, and signal there is between good and average. I'd love to get "excellent" signal everywhere, possibly. Also because sometimes "good" signal is not so good to me, as it at times means quite poor performances when tranferring large files from one PC to another.
_________________________
= Taym = MK2a #040103216 * 100Gb *All/Colors* Radio * 3.0a11 * Hijack = taympeg
|
Top
|
|
|
|
#294359 - 15/06/2007 18:38
Re: Tomato!
[Re: Taym]
|
carpal tunnel
Registered: 08/06/1999
Posts: 7868
|
I can understand the desire for better signal strength. I just picked up a Buffalo dual band N router with an external 3 antenna setup to try and get reception out to my car to be a bit better. I haven't tried N speeds to see how much that helps, but so far just having the antennas has helped a noticeable amount.
Now to decide if it is worth the cost to get my MacBook Pro upgraded to N using the internal card.
|
Top
|
|
|
|
#294360 - 18/06/2007 21:07
Re: Tomato!
[Re: drakino]
|
carpal tunnel
Registered: 18/06/2001
Posts: 2504
Loc: Roma, Italy
|
Quote: I can understand the desire for better signal strength.
My router is usually placed on a wall in the exact middle of the apartment. For testing purposes, I placed the 300N on one end of the apartment, closed all doors, and went to the other end. I got a signal strength ranging from 13% to 35%, at 54Mbps (802.11G), which is the less performing but most likely scenario. This is a pretty good result compared to current WRT54G, which is usually not powerful enough to reach my laptop in similar conditions. Considering I'll be placing the 300N in the middle of the partment too, I am hoping to get at least good signal everywhere. Possibly excellent. It is interesting that either the three antenna system, or simply the power of them, is improving performances of 802.11G too. I am now curious to test my 802.11N card.
However, I really think I'll switch to this 300N. What I don't know is its reliablity. WRT54G is simply rock-solid. You can stay connected for days without problems. Daily usage will tell me if the 300N is just as good.
_________________________
= Taym = MK2a #040103216 * 100Gb *All/Colors* Radio * 3.0a11 * Hijack = taympeg
|
Top
|
|
|
|
#294361 - 18/06/2007 21:31
Re: Tomato!
[Re: Taym]
|
carpal tunnel
Registered: 08/06/1999
Posts: 7868
|
The one thing that does concern me about the 300N, along with most existing N routers is that very few of them can work in the 5.8ghz range, even though it is part of the N spec. The Buffalo router I got is pricey since it is capable of doing both 2.4 and 5.8 at the same time, but it allows me to keep my "legacy" devices on 2.4, and move newer devices to 5.8. Apple's N router can do either 2.4 or 5.8, but not both at the same time. Linksys showed a dual band router at CES, but hasn't said anything since. DLink also showed a product at CES that does both, but it too hasn't shipped.
|
Top
|
|
|
|
#294362 - 18/06/2007 21:48
Re: Tomato!
[Re: drakino]
|
carpal tunnel
Registered: 18/06/2001
Posts: 2504
Loc: Roma, Italy
|
Yes, Linksys 300N does not go on 5.8Ghz at all, as you said.
Generally speaking, I think that unless you need to buy a WiFi router now, you should wait until the 802.11N is finalized. I am considering this 300N just because I happen to have one on my desk, unused. Otherwise, I'd stick with G and wait few more months.
_________________________
= Taym = MK2a #040103216 * 100Gb *All/Colors* Radio * 3.0a11 * Hijack = taympeg
|
Top
|
|
|
|
#294363 - 18/06/2007 23:00
Re: Tomato!
[Re: Taym]
|
carpal tunnel
Registered: 18/06/2001
Posts: 2504
Loc: Roma, Italy
|
By browsing the linksys ftp site, I found a directory containing all open source firmware availablle, and there is also the one for 300N.
Maybe this was implicit in the fact that third party firmware does exist, but i just wanted to make sure.
_________________________
= Taym = MK2a #040103216 * 100Gb *All/Colors* Radio * 3.0a11 * Hijack = taympeg
|
Top
|
|
|
|
#294364 - 19/06/2007 10:42
Re: Tomato!
[Re: Taym]
|
carpal tunnel
Registered: 24/12/2001
Posts: 5528
|
Scroll up Quote: From my research yesterday, it appeared that the source code has been released, but there are issues with the driver for the wireless interface, and due to those issues, the wireless has been slow. If I were you, I'd probably stick with the Linksys firmware for now.
|
Top
|
|
|
|
#294365 - 19/06/2007 12:04
Re: Tomato!
[Re: tman]
|
carpal tunnel
Registered: 18/06/2001
Posts: 2504
Loc: Roma, Italy
|
Sorry guys. I guess I am also the sleepiest empegger of the day...
_________________________
= Taym = MK2a #040103216 * 100Gb *All/Colors* Radio * 3.0a11 * Hijack = taympeg
|
Top
|
|
|
|
#313261 - 28/08/2008 10:21
Re: Tomato!
[Re: Taym]
|
carpal tunnel
Registered: 08/03/2000
Posts: 12338
Loc: Sterling, VA
|
Sorry to bring up an old thread, but I'm pretty frustrated.
I also think the tomato firmware is fantastic for all the reasons Tony said in the first post. It's just so easy to install, configure, and use. The problem? Today it's almost completely unusable. I don't know if it's because development for it has stopped, but the firmware only supports WRT54G models 1-4, and those models are more or less impossible to find in stores.
Yesterday I was configuring a router of mine to install in a client's home. It was a v5 WRT54G, and I decided to put DD-WRT on it, as I'd put it on a v8 router recently. That process had been anything but simple, but it worked. This process was not simple at all, and in the end I wound up with what appears to be a non-functioning router (it refuses to get an IP from the modem, and wireless devices can't see it even though wireless is turned on).
The folks at DD-WRT seem completely uninterested in making their project make the least bit of sense. Simply finding out what to download is a maddening process, as they have hundreds of folders with no descriptions on them. I followed the guide they linked to for my router's version, but the guide had dead links to the firmware, which is kind of essential in my mind.
So I'm not sure what to do now. I used Sveasoft a long while ago (I think I used to send you updated firmwares, Bruno), but that wasn't much better in the ease of use department.
Does anyone know of a source for pre-v5 WRT54G's? Does anyone know of a firmware like Tomato with low potential for bricking my device and won't make me tear my hair out when installing it?
*edit*
ps- looks like OpenWRT doesn't support anything post-v4 either.
Edited by Dignan (28/08/2008 10:28)
_________________________
Matt
|
Top
|
|
|
|
#313262 - 28/08/2008 11:23
Re: Tomato!
[Re: Dignan]
|
addict
Registered: 11/11/2001
Posts: 552
Loc: Houston, TX
|
See if you can find a WRT54GL, those will allow you to install Tomato also. Netgear KWGR614 should also take Tomato.
_________________________
--Ben 78GB MkIIa, Dead tuner.
|
Top
|
|
|
|
|
|