tomato firmware - wiki books, collection of open-content textbooks

Seite 1Tomato Firmware - Wikibooks, collection of open-content textbooks

15.09.2007 22:19:20http://en.wikibooks.org/wiki/Tomato_Firmware

Tomato FirmwareFrom Wikibooks, the open-content textbooks collection

Introduction

Tomato is a free open source Linux-based firmware for several Broadcom-based Wi-Firouters, including the Linksys WRT54G. The major emphasis of Tomato is on stability, speedand efficiency. It is maintained by Jonathan Zarate, who also developed HyperWRT +tofu;The official website is located here (http://www.polarcloud.com/tomato) .

Tomato is notable for its web-based user interface that includes several types of bandwidthusage charts, advanced QoS access restriction features , raised connection limits which enablesP2P networking, and support for 125 High Speed Mode (marketed by Linksys as "SpeedBooster").

Supported devices

Linksys WRT54G (http://www.linksys.com/servlet/Satellite?c=L_Product_C2&childpagename=US%2FLayout&cid=1149562300349&pagename=Linksys%2FCommon%2FVisitorWrapper) (v1-v4 only),WRT54GS (http://www.linksys.com/servlet/Satellite?c=L_Product_C2&childpagename=US%2FLayout&cid=1148435315453&pagename=Linksys%2FCommon%2FVisitorWrapper) (v1-v4 only),WRT54GL (http://www.linksys.com/servlet/Satellite?c=L_Product_C2&childpagename=US%2FLayout&cid=1133202177241&pagename=Linksys%2FCommon%2FVisitorWrapper) (v1 & v1.1),WRTSL54GS (http://www.linksys.com/servlet/Satellite?c=L_Product_C2&childpagename=US%2FLayout&cid=1137028967848&pagename=Linksys%2FCommon%2FVisitorWrapper) (no USBsupport)Buffalo WHR-G54S (http://www.buffalotech.com/products/product-detail.php?productid=117) , WHR-HP-G54 (http://www.buffalotech.com/products/product-detail.php?productid=115) , WZR-G54, WBR2-G54Wikipedia:ASUS WL-500g Premium (no USB support)Tomato is not compatible with Linksys WRT54G/GS v5-v7 or newer WRT54G/GS routers.

Features

Dynamic interactive GUI using Ajax (a programming technique that improves the way web pages aredisplayed and updated), SVG (scalable vector graphics thatprovide quality graphics within a browser)and CSS-based color schemes (allowing you to change the lookand feel of the router configurationscreens).CLI (using BusyBox) with access via TELNET or SSH (using Dropbear)DHCP server (using Dnsmasq) with dynamic and static DHCP leasesDNS forwarder (using Dnsmasq) with local hostnames, local domain names, and caching of internetaddressesNetfilter/iptables with customizable settings, IPP2P andl7-filterWake-on-LAN



Advanced QoS: 10 unique QoS classes defined, real-time pie graph display of prioritized traffic withdrilldown into class detailsBandwidth graphing/statistics: real-time, last 5 hours, daily, monthlyWireless modes: access point (AP), wireless client station(STA), wireless ethernet (WET) bridge,wireless distribution system (WDS aka wireless bridging),simultaneous AP and WDS (aka wirelessrepeating)Dynamic DNS service with ezUpdate and services extended formore providersSyslog viewable through the GUI (also downloadable)SES button controlJFFS2CIFS clientAdjustment of transmit power of wireless LAN, antenna selection, and 14 wireless channels'Boot wait' protection (increase the time slot for uploading firmware via the boot loader)Advanced port forwarding, redirection, and triggering with UPnP page to view and delete UPnPforwarded port mappingsAdvanced access restrictionsInit, Shutdown, Firewall, and WAN Up scriptsUptime, load average, and free memory statusReboot ability, although almost no configuration changes require a rebootWireless survey page to view other networks in your neighborhoodKnown bugs in Broadcom-based Linksys firmware fixed

Licensing

While the core source code is licensed under GPLv2, the source code for the user interface is under a morerestrictive license which forbids use without the author'spermission.

Installing

Before the Upgrade

The GUI relies heavily on JavaScript to generate the contentand XMLHTTP (AJAX) to update it. Becareful if you need to use this from an older/minimal browsersince it was not designed to downgradegracefully. This has been tested only on Firefox v1/2, Operav9 and IE v6/7.

The GUI username is "admin" or "root" (username is required), ssh and telnet username is always "root",and the default password is "admin".

By default, the SES/AOSS button is programmed to start a password-less telnet deamon at port 233 ifheld for 20+ seconds. If you run into a problem of not being able to login, you can use this to view orresetthe password ("nvram get http_passwd" and "nvram set http_passwd=newpassword"). You can disablethis behavior in Admin/Buttons.

If you're upgrading from DD-WRT v23 SP2+, be aware that you may get locked-out because of a changein DD-WRT's use of the nvram password key. You have a few options:

Push the reset button to reset all the configuration after installing Tomato.Use the SES/AOSS button as described above.Type "nvram get http_passwd" while running DD-WRT and writedown the result - this will beyour password after loading Tomato.



G\code.bin is for WRT54G v1-4 and WRT54GL v1, GS\code.bin isfor WRT54GS v1-3, GSv4\code.binis for WRT54GS v4, and TRX\code.trx is for the WHR-G54S/ WHR-HP-G54S. If you're just upgradingan existing Tomato firmware from the GUI, any of these will work.

Installing on a Linksys WRT54G, WRT54GL or WRT54GS

Open the Linksys GUI in your browser. The default URL is http://192.168.1.1/.

Click the Administration tab, then Firmware Upgrade.

Select and upload the correct firmware for your router.

Wait for about 2 minutes while the firmware is uploaded & flashed.

Log in to the router, and reset factory defaults (underAdministration/Configuration/Restore DefaultConfiguration, select theErase all data in NVRAM (thorough)option and click OK. Router will restartagain, and the factory default login is "admin" with a password of "admin".

Installing on a Buffalo WHR-G54S/WHR-HP-G54S in Windows

Warning:Be aware that Buffalo only has encrypted firmwares on their web site. You will not be able to revertback to Buffalo's firmware without an unencrypted version of their firmware.

The following is for an initial install on a Buffalo router. If you're already using a third-party firmware or justupgrading a Tomato firmware, try uploading any of the .bin files from the GUI.

Plug your computer directly to the router's LAN port. This will not work over a wireless connection.

Set your computer's ethernet card settings to: IP=192.168.11.2, mask=255.255.255.0,gateway=192.168.11.1 (Gateway and DNS settings are optional and not needed to flash Tomato). InWindows, you can set this by going to Control Panel, Network Connections, right-click your ethernetcard, click properties, then TCP/IP.

If you're using Windows, double-click on thewhr_install.bat file and be sure to follow exactly thedirections that the batch file gives as it runs (it will use ping and automatically use tftp at the right time).

After waiting for at least 2 minutes after the initial flash,with the power still on, push the reset button forone full minute to reset the configuration. Release the reset button and allow the unit to boot up beforetrying to access it.

Your router is now at the address of 192.168.1.1 which you canaccess by manually changing thecomputer back to 192.168.1.2, subnet 255.255.255.0, Gateway 192.168.1.1 and DNS 192.168.1.1, orsimply set your computer back to DHCP (Obtain Automaticallyin the TCP/IP properties).

The tftp -i 192.168.11.1 put code.trx process involves the manual hit and miss timing of running a pingloop and hitting enter at just the right time during the powerup sequence. The provided batch fileeliminates this hectic method of flashing and has rendered it obsolete. Use the Tomato batch file that isincluded with the Tomato firmware to flash all compatible Buffalo routers. If you get timeout errors copythe tftp.exe file from Windows/System32/ into the same directory as the .bat and .trx files so the systemcan find tftp.exe faster.

Installing on a Buffalo WHR-G54S/WHR-HP-G54S in Windows (from DD-WRT)



You can use the DD-WRT web interface to flash to the Tomato firmware.First, obtain the password for the router. Telnet to the router. Assuming your router can be found at192.168.1.1, you'd type "telnet 192.168.1.1" at a command prompt to login to the router. Type "nvram gethttp_passwd". Make note of this password for later use.Download the Tomato firmware and extract it. In the "trx" subfolder, rename the file code.trx to code.bin.(DD-WRT does not recognize the .trx file extension as firmware.)Update the firmware via the DD-WRT web interface. The Tomatofirmware is now installed.Access the Tomato web interface and browse to Administration > Configuration > Restore DefaultConfiguration. Then select "Erase all data in NVRAM memory (thorough)" and click OK.Please note that the instructions for flashing the firmwarevia the web interface will only work onceyou've installed DD-WRT (or perhaps another 3rd party firmware).

Installing on a Buffalo WHR-G54S/WHR-HP-G54S in OS X, Linux, and other Unix-basedOS's

Warning: Be aware that Buffalo only has encrypted firmwareson their web site. You will not be able to revertback to Buffalo's firmware without an unencrypted version of their firmware.

The following is for an initial install on a Buffalo router. If you're already using a third-party firmware or justupgrading a Tomato firmware, try uploading any of the .bin files from the GUI.

Plug your computer directly to the router. This will not workover a wireless connection.Push the reset button for at least 30 seconds to reset the configuration.Unplug power to the router and plug it back in after at least 10seconds.Set your computer's ethernet card settings to: IP=192.168.11.2, mask=255.255.255.0,gateway=192.168.11.1.Open two terminal windows.In the first one, type and execute this:

ping 192.168.11.1You should now be continually pinging the router.Unplug power to the router.The pings should stop returning now.In the second window, cd to the directory in which your firmware is located. Then execute the following:

tftpbinaryrexmt 1traceconnect 192.168.11.1Even though the router is still powered down, tftp doesn't actually "connect"when you execute the connect command. Instead, it merely stores the address away until needed.

Now, still in the second terminal window, type the followingbut do not execute yet:put code.trx

Now, plug the router back in. The moment you see pings coming across in the first terminal window,execute the put code.trx command you prepared in the second terminal window. If you see a successfultransfer, leave the router alone for at least 2 minutes, thenunplug the power, wait 10 seconds and plug itback in.Reset your computer's ethernet card settings back to use DHCP. You can also manually enter thefollowing settings: IP=192.168.1.2, mask=255.255.255.0, gateway=192.168.1.1.To login to the router, just go to http://192.168.1.1/ in your web browser. Login name is root, password isadmin.Configure your very fine router as desired.(Instructions adapted from DD-WRT Wiki and Chromite's "Guide to install DD-WRT Firmware on aLinksys WRT54G router.")



Upgrading The Firmware

Open the GUI in your browser. The default URL is http://192.168.1.1/

Click Administration, then Upgrade.

Select any of the files and click the Upgrade button.

Wait for about 2 minutes while the firmware is uploaded & flashed.

According to the author, it is not necessary to reset the configuration if you are upgrading from a previousversion of Tomato Firmware. If you are upgrading from another firmware, however, a reset isrecommended (Tomato's FAQ (http://www.polarcloud.com/tomatofaq#should_i_reset_the_configurati) ).Log in to the router, and reset factory defaults (under Administration/Configuration/Restore DefaultConfiguration, select the Erase all data in NVRAM (thorough) option and click OK. The router willrestart. The factory default login is "admin" with a password of "admin".

Menus in Tomato

The following is a listing of all of the available menu options in the Tomato GUI, and their functions.

Status

Provides information on the current condition of the router.

Overview

TheOverview screen shows information on the current state of the router.It is organized into four sections:

System

Gives current overall system status, like the amount of timethe router has been running, CPU load, and memoryusage.

WAN

Gives information on the Wide Area Network (Internet) connection.

LAN

Gives a summary of the settings related to the Local Area Network, and the MAC Address for the wired portionof the network.

Wireless

Gives information on the wireless portion of the Local Area Network.

Device List

Provides a list of the current devices that have been assigned an IP address by the DHCP server. Devices arelisted by Interface, which indicates where on the router they are connected:



br0 refers to Wired Ethernet (LAN) devices. In other words, devices that are connected to the router onthe four Ethernet ports (either directly or via a hub or switch).eth1refers to Wireless Ethernet (WLAN) devices. In other words,devices that are connected to the routervia the wireless radio.vlan1refers to your WAN (Internet) connection. In other words, the connection to your Internet modem(Cable modem, DSL modem, or upstream router).

Logs

Allows you to view the Internal system logs (assuming Internal Logging is enabled - see "Logging" under"Administration").

Bandwidth

Displays the Bandwidth of the Interfaces. They can be excluded atAdministration/Bandwidth Monitoring

Real-Time

Displays a chart, updated every two seconds, of the last 10 minutes of bandwidth used. Tabs at the top allowyou to select the various interfaces for detail on the bandwidth for that interface.

The charts are made up in Scalable Vector Graphics (SVG) . Forthe graphs to show up you'll need an SVG-enabled web browser. Mozilla Firefox has SVG built-in. For Microsoft Internet Explorer you should install aplugin from Adobe. You can find it in the Adobe SVG Viewer download area (http://www.adobe.com/svg/viewer/install/main.html) .

Last 24 Hours

Displays a chart, updated every two minutes, of the last 4/6/12/18/24 hours of bandwidth usage and the totaldata during the period. Tabs at the top allow you to select thevarious interfaces for detail on the bandwidth forthat interface.

The charts are also made up in SVG .

Daily

Displays the summary of daily bandwidth consumption. It also shows the difference in bandwidth usagecompared to the day before.

Monthly

Displays the summary of monthly bandwidth consumption. It also shows the difference in bandwidth usagecompared to the month before. The start date of the month can be changed at "Administration->BandwidthMonitoring->First Day Of The Month" to match the start date of data counter of any particular Internet plan.

Tools

Ping

Allows you to ping computers on the Internet to verify connectivity. Simply enter the URL or IP address(Internet only) to ping, customize the number of retries or packet size if you wish, and press [PING]. Resultswill be displayed when the ping is complete.



Trace

Allows you to perform a TRACERT (Trace Route) from your router to any Internet server. Enter the URL or IPaddress to trace to, and optionally the maximum hops and/or wait times, and press [TRACE]. Results aredisplayed when the trace is complete.

Wireless Survey

Scans the local area for other Wireless Access Points, and gives received signal strength information and otherdata.

WOL

Allows you to send Wake-on-LAN (WOL) packets to computers onyour network.

Through ssh/telnet interface you can also issue ether-wakecommand. Remote SSH enables wakeup via "sshroot@yourwrt 'ether-wake mac-address'" as it can be difficult to get a WOL packet through the nat.

Basic

Controls the most basic settings for the router.

Network

Allows you to set up the Internet / Wide Area Network (WAN) connection that the router uses, and the basicparameters of the Local Area Network (LAN).

WAN / Internet

Specifies how your router should connect to the Internet. Normally, this is done via an Ethernet cable connectedfrom the WAN/Internet port to a Cable or DSL Modem.

Type: Specifies the type of connection used.

The rest of the parameters are variable, and based on the typeof connection.

The default for most Cable modems is "DHCP", meaning that therouter simply talks to your cable modem andis automatically assigned an IP address and other connection data.

DSL connections generally use PPPoE, which usually requires a username and password (provided by your DSLprovider).

LAN

Controls setup of the Local area Network (LAN), which includes settings for wired and wireless clientsconnected to the router.

Router IP Address: The IP address assigned to the router on the LAN. Default is 192.168.1.1.Subnet Mask: The default of 255.255.255.0 means that anything startingin the first three numbers as therouter (default 192.168.1.x) is assumed to be on the Local Network. Making this too broad means thatsome Internet servers may be inaccessible.



Static DNS: Allows you to list a series of DNS servers manually (as opposed to getting them from yourInternet Service Provider). Useful if your ISP's DNS servers are slow or unreliable, or if you prefer adifferent one.

DHCP Server

Dynamic Host Configuration Protocol (DHCP) is a protocol used by networked computers (clients) to obtain IPaddresses. Use this to control the IP addresses that your router hands out to computers connected to the Wired orWireless Local Network. If checked, the router will hand outaddresses within the range specified. You mayalso customize the amount of time before computers on the LANwill renew their IP addresses (theLease Time)and specify a Windows Internet Name Service (WINS) server ifyou use WINS.

Wireless

Controls the connection over the Wireless Local Area Network.

Enable Wireless: If checked, Wireless access will be allowed.MAC Address: Displays the MAC address assigned to the Wireless radio on the router.Wireless Mode: The normal setting for this isAccess Point, which allows clients to connect to this router.The router can also be used in Wireless Distribution System (WDS) mode, and it can also connect to aWireless ISP inWireless Client. Note: If the router is used as a wireless client, it cannot beused as anaccess point at the same time. There is only one radio in the WRT54G series routers.B/G Mode: This may be Mixed (B+G), B-Only (restricted to 802.11b), orG-Only (restricted to 802.11g).If you set this to B-Only or G-Only, connection attempts fromthe other protocol may be seen asinterference. Recommend leaving this set to "Mixed".SSID: Wireless router identifier. Allows you to uniquely identify your router and differentiate it fromother routers in range.

Broadcast: If checked, the SSID will be broadcast, allowing the routerto be found more easily.Disabling this is a very limited security measure. Casual scans will not be able to find the router,but anyone running sniffing software can easily find it.

Channel: The 2.4Ghz range channel used by the router. Generally, it is best to use theWireless SurveyunderToolsto find any other access points in range, and use the frequency that is the furthest from anyother frequency in use.Security: Allows you to secure your wireless connections.WPAand/orWPA2personal are the most secureprotocols.Disabledmeans all connections are unencrypted and anyone can accessthe router.WEPis anolder encryption protocol. While better than nothing, it iseasily broken.

Identification

Router Name: Allows you to change the name of the router, which appears onlogin and administrationscreens.Hostname: Use if your ISP or connection requires it.Domain Name: Use if your ISP or connection requires it.

Time

Router Time: Displays current router time.Time Zone: Tell the router which time zone you are in so it can adjust to local time. If you set this toCustom, you can enter a string that allows you to customize a time zone.

Auto Daylight Savings Time: If checked, the router will compensate for Daylight Savings Time. Ifnot, it will always use Standard Time.



Auto Update Time: How often the router connects to a Network Time Protocol (NTP) server to update itsinternal clock.

Trigger Dial On Demand: If checked, the router will force a connection as needed to update time. Ifnot checked, the router will only check time if a connection to the Internet is already established.NTP Time Servers: List of NTP servers (http://www.pool.ntp.org/) to use to update the time.

DDNS

w:Dynamic DNS, a special DNS registry/server that can be updated on frequent IP address shuffles. Instead ofhaving to know your IP address each time it changes, a computer on your network can run a special networkprogram that submits your updated IP address, which you can then refer to via a standard URL issued by yourDDNS provider. Most DDNS providers offer a free personal account for you to use.

As an alternative to running an application on one of your PCs, Tomato provides a built-in DDNS client right inthe firmware that supports a number of DDNS providers.

For most DDNS providers, you simply select the provider fromthe pull-down list, and enter your username,password, and hostname. Detailed instructions on operating each DDNS provider's account can be found at theirweb site.

Static DHCP

This is a simple way to ensure that each of the clients that connects to your Tomato router gets the same IPaddress each time. Simply enter the MAC address for your device (which you can find on the "Device List"),and enter your preferred IP address.

Generally, it's best to use an IP address that is within the subnet range for your Tomato router, but outside thenormal DHCP assignment range. In other words, use an addressthat starts with the same three numbers (default192.168.1.x) as your router, but has a fourth number that is not likely to be assigned to any clients by the normalDHCP settings.

If you have the DHCP server set to assign IP addresses in the range of 192.168.1.100 to 192.168.1.150, forexample, good choices for Static DHCP assignments would be either in the 192.168.1.2 - 192.168.1.99 range, or192.168.1.151 - 192.168.1.254.

Wireless Filter

The Wireless Filter allows you to configure which wireless equipped computers may or may not communicatewith the router depending on their MAC addresses.

While a decent basic security measure, understand that all MAC addresses are transmitted in cleartext, and maybe intercepted. This should not be used as a primary means of security.

Advanced

Conntrack / Netfilter

Adjustments for the number of connections and persistence for each connection in the Network AddressTranslation (NAT) table.

This is mostly relevant for people who use P2P or other connection-intensive applications on their Internetconnections. The connection table has a finite number of entries, and if the entries are all used up, the routercannot make new connections. The only way to free up an entry is to gracefully terminate a connection (normal),



or to have one time out. Since P2P applications rarely drop connections gracefully, they need to depend on therouter to time out their connections for them.

The most important settings are:

Maximum ConnectionsIncreasing this may slow down the router slightly. 4,096 is probably a good maximum value.Keeping this too low may eventually result in running out of entries. The default of 2,048 isprobably a good minimum value.Clicking oncount currentnext to the input field will tell you how many entries you are currentlyusing.Before increasing this field, consider using the TCP Timeout (below) to recycle existingconnections faster, rather than increasing the number of connections.

Conntrack TCP Timeout: EstablishedThis is the amount of time that an established connection will be maintained after its last activity.Setting this too low will cause active TELNET / FTP connections to be dropped unless you have akeepalive to keep data flowing over the connection.Setting this too high will cause old connections to be retained, wasting entries in the NAT table.Four Hours (14,400 seconds) is a decent compromise, but you have to choose a value that balancesretaining valid connections versus killing old ones. In a non-P2P environment, you can set this toseveral days without any problems (the Linksys default for this is FIVE DAYS, which is why manyLinksys routers don't do well for P2P).

Most of the remaining settings would generally be used pretty rarely, and are probably present for adjustment byadvanced users who might need to tweak their network settings.

Many sites recommend adjusting these values using a script such as this one:

echo 4096 > /proc/sys/net/ipv4/ip_conntrack_maxecho 2048 > /proc/sys/net/ipv4/neigh/default/gc_thresh2echo 4096 > /proc/sys/net/ipv4/neigh/default/gc_thresh3echo "600 1800 120 60 120 120 10 60 30 120" > /proc/sys/net/ipv4/ip_conntrack_tcp_timeouts

However, the two settings in the GUI listed above will accomplish everything the oft-published scripts claim todo, with less effort. Specifically, theEstablished TCP Timeoutsetting replaces the "1800" in the last line of thescript, and the ip_conntrack_max number is controlled by the Maximum Connectionssetting. The gc_threshsettings are not really useful, it's better to let Tomato useits defaults for thresholds.

UDP TimeoutTracking / NAT HelpersMiscellaneous

DHCP / DNS

If you have static DNS entries, "Use Received DNS With StaticDNS" will add any name servers received fromyour service provider. You can view these changes in the resolve file at "/etc/resolv.dnsmasq".



You may also consider adding "strict-order" (without quotes) in the "Dnsmasq Custom Configuration" box. Thisforces Dnsmasq to send DNS queries to servers strictly in theorder that they appear in the resolve file. This isuseful if you are using services such as OpenDNS but still want to use your IPS's server(s) as a backup. Withoutthis setting your IPS's DNS server(s) will tend to be favored.

Firewall

Settings to configure some basic aspects of the router's firewall.

Respond To Inbound Ping: If checked the router will respond to ping requests from on the WANinterface. If unchecked, the router will not respond to pings from the WAN.Allow Multicast: If checked, the router will allow multicast packets to reach the LAN. If unchecked, therouter will block multicast packets from reaching the LAN.Enable NAT Loopback: If checked, the router allows LAN devices to reach other LANdevices via therouter's WAN IP address and a properly configured port forward. If unchecked, LAN devices can onlycontact other LAN devices via their local IP addresses.

MAC Address

This sets the hardware address that is seen from the ISP. SomeISPs are set up to only accept the originalnetwork card you had when you first started service. Others simply have the modem set to only allow one HWaddress per boot, so try resetting your modem before changing this.

Miscellaneous

Boot wait timespecifies the length of time the router will pause during startup, before attempting to loadthe firmware. This pause represents a period where a new firmware can be flashed to the router via TFTP,if the firmware on the flash chip has been corrupted.WAN Port Speedspecifies the speed and duplex setting for the WAN interfaceport.

Routing

Wireless

Controls advanced settings for the connection over the Wireless Local Area Network.

Afterburner: When enabled, allows 125 Mbps mode.AP Isolation: When enabled, prevents wireless devices from communicating with each other. If disabled,the unit will switch traffic from one wireless client to another.Authentication Type: Controls whether clients must use shared keys to authenticate. This setting isdisabled (i.e. forced) in some security modes.Basic Rate: Sets mandatory rate list transmitted by the AP which must besupported in order to connect.Some old 802.11b clients can only connect if this is set to 1-2Mbps.Beacon Interval: Sets the amount of time between beacon transmissions in milliseconds. A longer intervalcan save power on sleeping clients.CTS Protection Mode: When set to Auto, enables a mode which ensures 802.11b devices can connectwhen many 802.11g devices are present.Distance / ACK Timing*: Sets the approximate maximum distance in meters from whichclients canconnect. May be useful in preventing distant "cantenna leeches" from connecting. It will not preventsnooping, however. Setting to 0 disables this function.DTIM Interval: Sets the amount of time in milliseconds between Delivery Traffic Indication Messages,which tell the client when to expect the next broadcast message.



Fragmentation Threshold: Sets the maximum packet size in bytes before fragmenting it.Frame Burst: Enables frame burst mode which increases throughput but does not work well with morethan about three clients.Maximum Clients*: Sets the maximum number of wireless clients that can connect at once.Multicast Rate: Sets the signalling rate used for multicasting.Preamble: Selects long or short preamble for 802.11b. Short will increase throughput, but some older802.11b devices require the long preamble.RTS Threshold: Sets the minimum packet size in bytes which triggers Request to Send/Clear to Sendsignalling. A number higher than the Fragmentation Threshold serves to disable the function. It isnormally not needed but may be useful in adverse conditions.Receive Antenna: Selects which antenna is used for receiving. These settings are primarily useful forexternal antennas. Single antenna units should be set to Auto.Transmit Antenna: Selects which antenna is used for transmitting.Transmit Power: Sets the transmit power in milliwatts. High settings may overheat and shorten the life ofthe transmitter.Transmission Rate: Allows forcing a lower maximum signalling rate, which can be useful in adverseconditions.WMM: Enables Wireless Multimedia extensions which provide automatic QoS and power saving.Primarily intended for wi-fi phones and the like.No ACK: Controls whether WMM packets require acknowledgment. Enabled sets No Acknowledgmentwhich allows higher throughput and lower latency when some packet loss is acceptable (i.e. for VoIP).

*New settings for v1.07.

Port Forwarding

Once you have set up your router you will have your own Local Area Network (LAN) managed by the router.You inevitably will have many devices connected to your LAN all using the same internet connection. Thiscauses a problem because different devices on your LAN will need specific data that is coming in from (orgoing out to) the internet.

Port Forwarding allows your router to control the flow of data to and from the internet, and make sure the routerknows which device (ie computer, webcam, VoIP telephone etc) connected to your LAN sent/requested/needseach packet of data. Usually packets coming in from the Internet will be in response to some request that one ofyour devices connected to your LAN has made (ie a VoIP phone making a request to connect a telephone call) .In these cases, the router keeps track of which device made the request, and forwards the response back to thatsame device.

Sometimes however, as in the case of "Server" applications (such as you hosting your own website on a PCwithin your LAN, requests come in from random locations on the Internet, and you need to tell the router whichcomputer is running the “server” so that these random requests can be routed to the correct computer. This isgenerally done by telling the router that any "unsolicited packets" (packets that are not a response to a requestfrom a local computer) on a specific port or list of ports should be forwarded to a specific computer on thenetwork.

Finally, there are also "thief jiggling the handle" connections from random corners of the internet. Locking thoseout is another job of the router.

There are a few ways to set this up.

Basic



Allows you to specify simple port forwarding (all packets received on the specifiedExternal Portswill berouted to the specifiedInternal Address. eg you can forward all incoming data on ports 5060 and 5061 (used forSIP protocol to initiate a VoIP telephone call) to your VoIP telephone.

Optionally, you can change the local port by specifyingInt Port. This is also known asPort Redirection. Thistechnique is handy, for example, if you have two web servers.Both could be listening on the default port (80),but the router could be set to forward received packets on Internet Port 80 to Port 80 on the first web server, andpackets on Internet Port 81 to Port 80 on the second web server.

The "External Ports" box can contain a single port (ie 8080) or a range of ports (5060:5061). The "Int Port" canbe left blank. The "Internal Address" is the IP address of thedevice on your LAN (ie 192.168.1.2)

DMZ

DMZ, or Demilitarized Zone, allows you to specify one deviceon your network that will receive all unsolicitedpackets from the Internet. This can be handy for devices thatneed largely unrestricted access to the Internet, orfor a Web/email server. However, this bypasses all firewallfunctions of the router for this device, so be sure thedevice is very well secured.

Triggered

Port Triggering is an on-demand port forward. The router will look for an outbound connection on a specifiedport, and will forward all of the requested ports to whatevercomputer initiated the outbound connection.

Under theTrigger Ports, you would enter a list of the ports that your computer will use to initiate theforwarding. Then you specify the ports you want to forward tothat computer underForwarded Ports. Anycomputer that sends outbound packets on any of the ports listed inTrigger Portswill then have all unsolicitedpackets received from the Internet on theForwarded Portssent to it.

UPnP

Universal Plug and Play (UPnP) allows devices on your network to set their own port forwards. A computerrunning a web server, for example, can tell the router to forward all communications on port 80 and/or 443 to it.This allows your local devices to add, delete, and update port forwards at will.

There are some security disadvantages to UPnP, such as a trojan horse or other "bad" software package beingable to forward ports to a given machine so the malware can useyour computer as an Internet server. However,there are also security advantages to UPnP, since any well-behaved UPnP application will request cancellationof its forwarded ports when it shuts down or no longer needs them. This reduces the number of unneededforwarded ports.

QoS

QoS, or Quality of Service, allows you to prioritize data, slowing down less important data to allow moreimportant data to get through first.

This is primarily useful for outbound data (data going from your computers to the Internet). Inbound data cannotbe prioritized effectively because it has already passed through the bottleneck (your Internet connection) by thetime the router has a chance to evaluate it.

QoS in Tomato has ten levels of priority. HIGHEST will alwaysget the very highest priority (use sparingly) andCLASS-E (labeled as E) is the lowest-priority class. If the upstream bandwidth becomes over-saturated (more



packets want to go out than the connection can send), lower-priority packets will be delayed (and possiblyeventually discarded) to make room for higher-priority packets.

If you like to go more into details of traffic shaping try the WRT54 Script Generator (http://www.hyperwrt.org/forum/viewtopic.php?id=2002) as an extension to the current QoS implementation (see Tools for details).

Basic Settings

Enable QoS: If checked, QoS will be enabled. If not checked, QoS will be disabled.

Prioritize ACK: Prioritizes the sending of ACK (Acknowledgment) packets.Recommended: Checked(on).

Prioritize ICMP: Prioritizes Internet Control Message Protocol packets (PING replies, etc).

Strict Rule Ordering: If disabled (unchecked), IPP2P, L7, and KB-based rules arematched first, thensimple port- and MAC-based matches are matched in a second pass. If enabled, each rule will be strictlyevaluated in the specified order, starting from the top of the list and working downward, until the firstmatch is found.

Reset Classification when making changes: If checked, all connections will be reevaluated when a changeis made to the QoS rules. If not checked, you may need to restart each application on your PC to re-establish each connection before the rule is applied to thatconnection.

Default Class: If a connection does not meet any of the QoS criteria, it willdefault to the specified class.If you have a high-priority service (such as VoIP) and a low-priority one (such as P2P), your best bet is toset this to MEDIUM or LOW, then try to classify all of your highpriority stuff above this classification,and your low priority stuff below it. This is simply the "catch-all" classification when no rules are foundfor a connection.

Max Bandwidth: One of the major limitations of QoS in most Linksys routers is their inability todetermine the upstream speed of the Internet connection. This is true of many router models. The mosteffective way to tune QoS is to do an Internet speed test with QoS turned off. Then enter about 90% of thetested upstream (upload) bandwidth into theMax Bandwidthfield. This will allow the router to properlydetermine how much bandwidth is available and prioritize packets accordingly. A more detailedexplanation of this (targeted for Vonage VoIP users) may be found at http://vonage.nmhoy.net/qos.html

Highest- Class E(the percentages under Outbound Rate/Limit): This specifies the minimum andmaximum percentages of the connection each classificationis allowed to consume. This is allocating,rather than prioritizing, and is useful for cases where you want to specify that certain classes ofconnection should never receive more than a given percentage of your upload bandwidth. Set each classto 1%-100% to allow each class unlimited access to the bandwidth (with higher priority classes receivingonly higher priority, and not "reserved" amounts).

Inbound Limit: This allows you to limit the overall amount of data coming into your router, and allocatemaximum percentages of that bandwidth for each QoS service.Note that packets that exceed your limitare simply thrown away, not delayed as in the case of Upload/Outbound QoS. Under certaincircumstances, this setting is useful, but is a very inefficient way to control inbound data.

Classification



Allows you to specify which connections will get what levelsof priority. This will override the default priorityset in theBasic Settingspage. Classification may be done by MAC address, TCP/IP port, or using moreadvanced filters like IPP2P or Layer 7 (L7) filtering.

All QoS rules are "as seen by your LAN", so SOURCE always meansyour computer, and DESTINATIONalways means the Internet.

QoS can be classified in a number of ways:

Address (first row in "Match Rule" Column): Identify the packet based on the IP or MAC address that ismaking the request, or the IP address that is being contacted. Example: If you have a VoIP device on yournetwork that needs very high priority, you would set "Address" to "Src MAC" (source MAC address) andkey the MAC address of the device, then set the priority to HIGH or HIGHEST.Protocol/Port (second row): Identifies the packet based onthe Protocol (TCP, UDP, etc) and/or PortNumber (or list of numbers) that the connection is being madeon.IPP2P (third row): An attempt to identify P2P applications.Easily fooled by P2P Encryption, this is stilluseful for identifying some P2P applications.L7 (Layer 7, third row): A sophisticated filter that can classify a number of applications. Again, for P2P,easily fooled by Encryption, but still useful.

NOTE: Address and Protocol/Port are the fastest and most efficient ways to match. IPP2P is slow, and L7 iseven slower. If at all possible, use Address and Protocol/Port before resorting to IPP2P or L7. Too many L7 orIPP2P rules can cause your router to crash or restart. If you are experiencing frequent crashes and restarts underheavy load, these may be the cause.

QoS Rule Example: Setting Web Browsing to HIGH

UnderMatch RuleColumn:

First row = "Any Address", field to its right is blankMeaning this rule applies to any connection to theInternet on any serverSecond row = "TCP", "Dst Port", "80,443"Meaning that this rule applies to all TCP connections that aretrying to connect to port 80 (HTTP) or 443 (HTTPS) on an Internet serverThird row = "IPP2P (Disabled)", "Layer7 (Disabled)"Meaning that we do not want to apply any IPP2PorL7 rulesFourth row = "" "" (kb transferred)Meaning we do not want to match by amount transferred

UnderClassColumn:

"High" Meaning anything matching this rule will be assigned a HIGH priority in upstream

UnderDescriptionColumn:

Assign any reasonable description. "WWW" or "Web Browsing"would be good here.This is not usedexcept on this screen, to identify the connection for your future reference.

View Graphs

One of the most powerful features of Tomato, this allows you to view (in near-real-time) the current outboundconnections and how the QoS engine is classifying them. Thisallows you to view how effective your QoSsettings are, and whether they are capturing the connections you want them to. Simply click on any of theclasses to view the list of specific connections for that class.



View Details

Lists each connection that has recently been made through the router, and what QoS class was assigned to thatconnection. Clicking any entry will attempt to do a reverse lookup on the destination TCP/IP address, or you canclick on the "automatically resolve addresses" checkbox atthe bottom of the list to resolve all addresses in thelist (this can take a while).

Access Restriction

Set time, computer, and protocol based bans on Internet access.

Administration

Admin Access

Controls the various means that can be used to access the router for administrative purposes.

All services use the same password, which is changed at the bottom of this page.

Web Admin

Controls access to the router via a web browser. The web username may be "admin" or "root".

Local Access: Determines whether and how the router may be accessed from aweb browser on a localcomputer (a computer attached to the router, or attached to aswitch or hub attached to the router). Accesscan be via HTTP (regular web), HTTPS (SSL-encrypted web), both, or disabled.

Remote Access: Determines whether and how the router may be accessed from aweb browser from theWAN (Internet) side of the router. It is not recommended thatthis be enabled, and if it must be enabled,consider using the HTTPS method, which at least encrypts your session data.

Allow Wireless Access: If checked, wireless clients on your local network can access your router'sadministration screens using the same method as wired clients. This has no effect on Remote Access.

SSH Daemon

Controls the Secure SHell (SSH) server that is installed on the router, which allows secure (encrypted)command-line access to the router. The SSH username is always "root".

Enable at Startup: Specifies whether the SSH Daemon is started when the routerstarts up.

Remote Access: If checked, you will be able to access the router via SSH fromthe Internet and the LocalNetwork. If unchecked, only clients on the Local Network will have access.

Port: Specifies the TCP port used by the SSH daemon (default = Port22).

Allow Password Login: If checked, you can use the router username and password to enable a connectionto the command line. If not checked, key authentication willbe required.

Authorized Keys: Enter authorized keys for key authentication (a more secure alternative to password-based logins).



[Start Now] / [Stop Now]Starts or stops the SSH Daemon.

Telnet Daemon

Controls the Telnet command-line server built into the router. Telnet access is only allowed on the LocalNetwork. The Telnet username is always "root".

Enable at Startup: Specifies whether the Telnet daemon is enabled when the router starts up.

Port: Specifies the Ethernet port used by Telnet (default = Port 23).

[Start Now] / [Stop Now]Starts or stops the Telnet Daemon.

Password

Allows you to specify your password.It is highly recommended you change this immediately after theinstallation. Enter the same password into both fields, and click on Save. After changing your password, youwill need to re-authenticate your session (you may need to shut down and restart your browser to clear thecurrent authentication).

Bandwidth Monitoring

Bandwidth Monitoring

Enable:Save History LocationSave FrequencyCreate New File / Reset Data: Enable if this is a new fileFirst Day Of The Month:Excluded Interfaces: Comma separated list of Interfaces (Example: vlan0,vlan1,eth0)

Backup

Restore

Buttons / LED

Change the action performed by the button. Different actions can be set for different lengths of time the buttonis held down (Count the DMZ blinks). The default actions are (1) tap to toggle wireless and (2) hold 20 secondsto start telnet on port 233.

The LED lights have some minor checkbox settings. For bettereffect, you can use the "led" command insidescripts elsewhere.

SES/AOSS Button

Startup LED

CIFS Client



The CIFS client inTomatoallows you to mount a Windows- or Samba-share, that you can use as a historylocation for the bandwidth monitoring.In the configuration UNC (Universal Naming Convention) points to that share and has to look as follows:

\\192.168.1.99\jffs

where 192.168.1.99 is the IP-address of the computer the share is located on and "jffs" is the shared folder-name.The rest of the settings (username, password) speak more or less for themselves.

It is advised to use "security = user" when using Samba, to avoid errors like these:smb signing is incompatible with share level security !

Configuration

Allows you to back up all your settings to your PC, restore them, or reset the router to factory defaults.

When changing from one firmware to another, it is important to do a complete factory reset on your router. InTomato, you go to this screen, selectErase all data in NVRAM (thorough), and clickOK. When the routerreboots, you will need to rekey all of your configuration settings manually.

Debugging (Miscellaneous)

Avoid performing an NVRAM commit: If checked, changes are not committed to NVRAM if possible.Thismeans that changes are temporary, and will not persist beyond the next reboot of the router.Do not erase some intermediate files:Enable cprintf output to console:Enable cprintf output to /tmp/cprintfCount cache memory as free memory:Avoid displaying LAN to router connections: If checked, LAN to router connections are not displayed onthe QOS pages. If not checked, LAN to router connections are displayed on the QOS pages as"Unclassified" connections.

Download CFE:Download NVRAM Dump:Download Iptables Dump:Download Logs:

Console log level:Clear Cookies:NVRAM Commit: Commits all current settings to NVRAM, such that they survive rebooting.

JFFS2

In a router with 4MB flash, there's still some space leftoverfrom the firmware. JFFS2 is the compressed,writable filesystem for the extra space, the /jffs folder gives 700KB after overhead but BEFORE compression.Turn this option on, and script some add-on executable to runfrom here.



Logging

Logging may be done internally or externally. Internal logssave information to the router's local memory.External logs send the log information to a computer runningsoftware like WallWatcher, where the logs can becaptured and analyzed without taking up memory on the router.

Log Internallysaves the connection logs to the internal memory of the router, where they may be extracted orviewed directly on the "Logs" page under "Status". These logs will consume router memory, but may be vieweddirectly on the router itself.

LogExternallysends the logs to a computer on your LAN. That computer must berunning a log captureprogram, like WallWatcher. The computer can then show you the connection logs and analyze the data.

The remainder of the settings allow you to specify what typesof connections you want logged, and to place alimit on the number of log entries per minute to send.

Scripts

You can enter commands to be run atInit (startup),Shutdown, Firewall startup, orWAN Up(whenever theInternet connection comes up).

Example script 1

Access the web interface of the modem connected to the WAN port of the router. In this example, the modemhas the IP address 10.0.0.138. Both IP addresses used in the script below begins with 10.0.0. The 1st addresscan end with anything other than 138 but the second address must end with 0.

In Init

sleep 5ip addr add 10.0.0.10/24 dev vlan1 brd +

In Firewall

/usr/sbin/iptables -I POSTROUTING -t nat -o vlan1 -d 10.0.0.0/24 -j MASQUERADE

Example Script 2

Establish a limit of 125 TCP connections per user.

In Firewall

iptables -I FORWARD -p tcp --syn -m iprange --src-range 192.168.22.10-192.168.22.250 -m connlimit --connlimit-above 125 -j DROP

Note : 192.168.22.10 - 192.168.22.250 is the LAN address range to be controlled.

Upgrade



Allows you to load a new firmware to the router (either a newerversion of Tomato or an entirely differentfirmware).

Note: When changing from any firmware to any other firmware (stock Linksys -> Tomato, for example), it isimportant to clear the NVRAM and restore the factory defaultsettings. Instructions on doing that will vary fromfirmware to firmware, but there is generally a factory resetoption (in Tomato, this is located underAdministration/Configuration/Restore Default Configuration

About

Shows information about:

the version of tomatothe copyright advicea direct http-link to tomato homepagethe build date of the used firmwarea donation button for the projectan acknowledgment to all concerned people

Reboot...

Restarts the router (without erasing any settings).

Shutdown...

Turns the router off (controlled shutdown)

Logout

Logs you out of the firmware (clears your user session). Thiswill dump you back to the initial login, where youare asked to present your credentials again (which causes occasional confusion, with people reporting that they"need to log in in order to log out"). Once you see the passwordprompt, you are logged out. Just hit cancel andyou will end up at the "Unauthorized" page.

Additional Notes

Known Problems

There is no help file despite a Tomato FAQ (http://www.polarcloud.com/tomatofaq) .

In some cases, you may need to reboot the router manually before the changes go into effect. If thechanges involve switching wireless settings, you may need to reboot both ends. (Hasn't known to happenwith the latest 1.07 firmware)

Not all wireless modes / security combinations work. For example, WET, Client and WDS will not workin WPA2.

CIFS VFS timesout a lot. (or it might the server kicking the client off...)



Graphs/SVG may not work with all browsers. Firefox: Use 1.5 or higher. Internet Explorer: Use AdobeSVG (http://www.adobe.com/svg/viewer/install/) . Opera: Use 9.0 or higher. Safari: Doesn't support SVG(2.0.x). Safari/WebKit nightly: Bandwidth Monitor works,but not QOS graph (r17960).

QoS / Access Restrictions Notes

All QoS classification and access restriction checking areperformed while packets are traveling out to theInternet (outbound). The source is always from your computer and destination isalways towards theInternet.If you like restrict inbounttraffic you have to implement traffic shaping. Try the WRT54Script Generator(http://www.hyperwrt.org/forum/viewtopic.php?id=2002) as an extension to the current QoSimplementation (see Tools for details).

Why L7/IPP2P doesn't work all the time:These work by matching known patterns in packets. Some protocols produce reliable uniquelyidentifiable signatures, but some do not.A change in the protocol's design can sometimes break these.Some L7/IPP2P patterns may depend on which direction the data is going. For example, an HTTPrequest from a browser is different from an HTTP response from a server.

Custom L7 patterns can be stored in /etc/l7-extra/ (you needto create the directory). It's up to you toactually populate it before the firewall starts. This can betricky if you're using external storage, soconsider just using JFFS2 or even simple "echo" statements in the startup script. To learn more about L7patterns, go to l7-filter.sf.net.

When testing changes to the QoS rules, restart the application on your computer to make sure it'sconnection is re-classified under the new rule. You can alsoenable "reset classification when makingchanges" instead.

Although there is an option to limit the download speed, it'snot really recommended in most cases sincewhat the router is really doing is dropping packets, which means they may need to be re-sent again over aslow Internet link.

KB transferred match:This is the to-WAN data transferred in kilobytes. Consider the amount an approximate value sinceit doesn't take into account protocol overhead.Entering an upper limit of 1GB (1,048,576KB) or more is considered unlimited and will matchanything above 1GB.IPP2P may not work properly with this since IPP2P doesn't keep track of its state.

Sticky rules: IPP2P/L7 are sticky in that once they match, noother rules are processed. IP/MAC/port-onlymatches can also be sticky if there are no IPP2P/L7/KB matches above them. When coupled with a KBtransferred match with an upper limit, they are not considered sticky. What this all means is you shouldwatch out for rules like the following: "#1: L7 ABC & 1024KB+,#2: L7 ABC", the #1 rule may notmatch at all since #2 will lock-on if it sees L7 ABC within 0-1024KB. To get around this particular case:"#1: L7 ABC & 0-1024KB, #2: L7 ABC & 1024KB+."

Precedence: The rules are checked in the same order as they appear in the GUI, from top to bottom. Thefirst rule that matches sets the class. If you disable "strict ordering", rules with IPP2P, L7 and KB matchesare grouped in one set and are checked first, the rest in another.



If you're concerned about performance: IPP2P and especially L7 are slower than simple IP, MAC or portmatches.

Miscellaneous Notes

Some NVRAM settings may not be compatible with other firmwares. A config reset is recommendedafter flashing to or from this firmware.

You can enter a custom DDNS URL like the following: http://www.mycustomdns.com/update.cgi?username=scooby&password=spooky&ip=@IP. The "@IP" keyword is automatically replacedwith the current IP address. Check with your DDNS provider for the exact format to use.

The Busybox crond included in Tomato is a little different from the Vixie crond found in HyperWRT,DD-WRT, etc. To make it easier and safer to schedule a job, usethe helper script called "cru" instead ofmanually changing the config file.

Want to try changing things without permanently writing them to nvram? Go to Admin: Miscellaneousand enable "avoid performing an nvram commit." When you're done playing around, reboot to discard thechanges, or use the "nvram commit" button to save the changes.

Some GUI settings, like refresh time, are saved as cookies.

Linksys' password protected TFTP upgrade will not work withTomato. If you need to use TFTP toupgrade the firmware, use the bootloader's TFTP upgrade feature.

If you're saving the bandwidth history, don't forget to backup the data to another location!

Tools

WRT54 Script Generator (http://www.hyperwrt.org/forum/viewtopic.php?id=2002) : A little applicationthat generates scripts for traffic shaping. This script generator main purpose is to limit bandwidth of usersthat are connected to WRT (ex. share connection in fair way).Script shape traffic on LAN and WLAN.QoS is shaping outgoing traffic on WAN (vlan1) so if you try toshape traffic on vlan1 you will destroyactual QoS. This scripts are working without problems with enabled QoS. QoS prioritize outgoing trafficand you can also set speed limits to several (all users). It'sgood for people that are chooking Yourconnection.

Support

Tomato (eng) (http://www.polarcloud.com/tomato)

Tomato FAQ (eng) (http://www.polarcloud.com/tomatofaq) .

Linksys (eng) (http://forums.linksys.com/linksys)

Linksysinfo (eng) (http://www.linksysinfo.org/)

Openlinksys (pol) (http://www.openlinksys.info/)

Weblinks

Tomato Project Page



The project page may be found at

http://www.polarcloud.com/tomato

Bridging a Linksys WRT54G and Belkin 7230-4 Wirelessly

after many hours of searching and reading I found this, and itworks. Connected wired to the belkin now and itis wirelessly linked to my buffalo running tomato which connects to my Cable Modem . Now I can ditch a longugly CAT5 cable and can connect 4 wired devices and have improved signal strength for my wireless devices.

Bridging a Linksys WRT54G and Belkin 7230-4 Wirelessly (http://www.fatwallet.com/forums/messageview.php?start=40&catid=28&threadid=451746)

Tomato Firmware Frappr!

Frappr! Maps are like a triple mash-up of an online guest book, a hit log and a map -- three services that,combined, create a fun and visually appealing environment that will keep Web site visitors coming back formore..

Tomato Firmware World Map (http://www.frappr.com/tomato)

WRT54G JTAG To AVR Cable

a simple/free way to program one of Atmel's AVR microcontrollers for those that already have the WRT54G-style JTAG cable:

WRT54G JTAG To AVR Cable (http://www.polarcloud.com/others)

Tomato (Firmware) - German (deutsches) Wikibook

Tomato (Firmware)

Wikipedia

Hardware routersWireless networkingLinux based devices

Retrieved from "http://en.wikibooks.org/wiki/Tomato_Firmware"

This page was last modified 22:27, 14 September 2007.All text is available under the terms of the GNU Free Documentation License (seeCopyrights fordetails).Wikibooks® is a registered trademark of the Wikimedia Foundation, Inc.

tomato firmware - wiki books, collection of open-content textbooks

Documents