Wifi 6 Tomato Router
Emelia Lute
The tomato v1.28 instructions on learntomato.com most commonly describe the situation in which you have a wired device (such XBox) that you want to get onto your Wifi network, so you set up your Wifi Tomato router as a "client" to your home Wifi network, and it "bridges" the wired device onto your home Wifi Network (either transparently - as in "Wireless Ethernet Bridge", or with it's own local LAN, as in "Wireless Client" mode).
The solution was almost like Wireless Ethernet Bridge, except that Wireless Ethernet Bridge sets up the LinkSys Wifi as a "client" - ie. other devices can't connect to the Wifi on the LinkSys. (This is not obvious in the GUI, as the client/hosting wifi modes look identical).
I recently moved and therefore had to get a new contract with my ISP. Unfortunately, it as not possible to get the Ethernet modem (yet) and simply hook it to my beloved Netgear WNR3500L v2 powered by TomatoUSB. Instead, the provider shipped a Connect Box, which is very convenient to install for basic use, but does not allow you to define anything more complex than port forwarding. The previous wifi router did have the option to act as a simple bridge, but the new model does not come with this option. Fortunately, the Tomato firmware is very flexible and allows connect as a client into the existing network and provide connectivity to Ethernet ports and also virtual wireless networks.
The good thing with this approach is that the primary router I got from my ISP, does not require any modifications or changes in the settings, the ISP Router remains in its original configuration. In this article, the ISP router is denoted as primary router. All modifications are made at the Tomato USB router, which is denoted as secondary router.
First of all, the secondary router requires to have a different IP than the primary router. Make sure that you are connected via Ethernet cable to the secondary router and login using its original IP address, which is most likely 192.168.0.1. Change the IP 192.168.0.1 to 192.168.0.2` in the Basic Network Settings. Turn off DHCP, because the primay router has an active DHCP server. Of course you can also use the secondary router as DHCP server or use static IPs for all devices. The screenshot below shows the network settings.
Remain on the Basic Networking page at the secondary router and set the Wireless Interface as Wireless Ethernet Bridge. This way, the secondary router creates a bridge to the primary router and allows clients connected to the Ethernet ports with the Internet. Enter the SSID of the primary router and provide the password. If you do not know the SSID by heart, you can use the Wireless Survey in the Tools menu. The screenshot below depicts the settings.
The last step ensures that the routing of the traffic works. Change the mode of the secondary device from Gateway to router and save the settings. The Advanced Routing menu should now look somilar as shown below.
In the last optional step, you can create additional wifi networks from the secondary router which are accessible for other clients. This can be useful if you need to change the SSID on the primary router or are too lazy to change a lot of settings of your smart TV and other devices which still are looking for the old SSID. Open the Virtual Wireless page in the Advanced menu. You will see the connection with the primary router there and you can add additional networks by adding new virtual interfaces. Make sure that the mode of the wireless network is Access Point` . This way you can create additional wifi networks and separate the devices into different zones.
I'm running a few fw scripts on my RT-N16 to prevent clients to talk to each other and access the routers web gui (ebtables + iptables + wifi isolation)
Everything is working fine so far, if i connect via wifi to my guest AP i get an IP within the range of 192.168.55.x with default gateway 192.168.55.1. Internet access works fine as well !
I've blocked access@ guest network to the openwrt gui, SSH and my normal privateLAN via firewall - traffic rules and this is also working so far.
So when a client connects to my main routers guest Wifi he's not able to access anything but the internet.
But one problem occours.... my Modem IP is 192.168.254.254 so i've added an interface called modem to WAN with the IP 192.168.254.1 to access my modem GUI and record line stats of my DSL connection.
Access from my private LAN works fine and clients on the OpenWRT guest Network@WRT3200 are not able to access this IP/GUI.
But when a client is connected over my Guest AP (RT-N16) hes able to access my Modem IP/GUI via browser and i dont want those clients to access anything but the internet.
I really dont know how to fix this.
If i remember right i've had a little bit diffrent setup running in the past with 2 AP's + Lede Router but i cant remember how i got it done.
At the moment im looking for the old config files but so far i have had no success finding them....
I would be be quite thankful if someone could help me with this problem.
The complicated one involves creating a special VLAN for modem access, setting up the switch to handle the VLAN, setting up firewall rules to permit forwarding for that VLAN for only the modem management interface and only my "trusted" computers, and configuring those trusted computers for that VLAN. I've never felt it worth the time myself.
First of all thanks for your input.
Im able to access my modem as i allready configured my WRT3200 the way u described above.
The only problem that i have is when a client connects over my Guest AP (second Router RT-N16) hes able to browse the modem GUI via 192.168.254.254 and that is what im trying to deny.
Deny forwarding in/out of the modem zone is something ill try, but to be honest im not sure if ill get it done.
I have a NetGear R7000 router with AdvancedTomato running on it. I plan to create a 'virtual wireless' so that I have a guest network in addition to my normal network. My question is: will this affect the speed of my wi-fi connection?
I don't know AdvancedTomato, but in general, when a wireless AP advertises two SSID's, it has to announce both of them. Advertising the additional SSID takes up a tiny but measurable amount of the bandwidth available. If nobody connects to that SSID, then that should be the only effect.
EEAA is certainly correct that every RF environment is different, and what happens in one place won't necessarily carry over to the next. On the other hand, Wifi is designed to work well in a wide variety of environments, and advertising an additional SSID is a pretty small change.
What you probably mean to ask is how much it will affect performance, which is completely dependent on usage and the capabilities of your wifi gear. You'll just need to try it out and do some testing.
Currently, I run four routers, all part of the WRT54G/GL/GS series, that allow a house to receive wireless internet. These routers provide sufficient, although not yet ideal, coverage for the house. Since the WRT54G/GL/GS routers are built on a Linux framework, they are easily upgraded to more powerful firmware, such as the Tomato Firmware available from Third-party firmware such as Tomato adds increased functionality to what would otherwise be considered a standard router. One of the more interesting features that Tomato provides is the ability to increase the transmission power of the wireless signal. The picture below shows this setting.
I think the reason why this is is because the clients radios are not increasing their power, and because of that, the effective range is limited by the transmit power of the clients radios. However, I have found increasing this setting to 84 to be useful when setting up WDS to repeat the network over longer distances. Obviously, since you have two devices that are communicating with each other and BOTH are transmitting at a higher output, it would make sense that the range is increased, which it seems to be.
The stock linksys setting is 43mW which, in my opinion, seems rather low. I noticed a significant boost when upgrading from this stock value to 70. I would never recommend jumping above 100 unless you want a dead router in a short amount of time.
I have my router running at 80 mW. As an experiment I did boost it to over 150 mW and some of my wireless devices (a wireless webcam for example) lost connection from time to time. At 80 mW the problem ceased.
I wonder if the interference is caused by the hardware itself and not Tomato. When setting the transceiver power, my guess is it changes voltage to only one area on the motherboard, and the fact that the WRT54G, as good as it is at accepting third-party firmware, is a really cheap router that muddies up the signal. Linksys isn't going to use top-end, noise-reducing components in a low-end router, especially one not rated for the power output Tomato is pumping into it.
It'd be interesting to try it with another firmware (DD-WRT) and see if the same happens, or in a router with different components. Unfortunately, it seems like most routers capable of supporting third-party firmware that are not WRT54* routers are in the $100s range. Plus more expensive doesn't always mean better components, it usually just means better firmware =).