Month: May 2015

Speed-up WAN-LAN speed on the Cisco E3200 using Tomato

silviuLeave a comment

There’s a really long discussion on bcm_nat and fastnat on the various forums like linksysinfo. The short version of this is:

  1. fastnat and bcm_nat are disabled by default because they break QOS and access restrictions. If you use any of those you’re done, you have to choose features or speed or another router.
  2. If you, like me, don’t use those you can do the following:
    ssh into your router and try: [cci_bash]modprobe bcm_nat[/cci_bash] than speedtest your connection a few times you should see some improvement. Than run [cci_bash]echo “1”> /proc/sys/net/ipv4/netfilter/ip_conntrack_fastnat[/cci_bash] you shold see an even better improvement. If any of those give you issues simply reboot your router, nothing is permanent at this time.
  3. Add the commands to Administration->Scripts->Init.

The instructions are deliberately scarce, if you don’t understand them it’s better not to mess with your router. Check the tomato forums and the linux documentation about those commands until you’re sure you know what they are doing.

Subdomains pointing to private IPs are not resolved on Tomato

silviuLeave a comment

Some time ago I used to remember IPs on my home and work network but these days I rely much more on dns and dhcp reservation for this tasks. This has the advantage that I can easy move a service, say git.example.com to a new server.

At home I switched (at least for a while) from a dedicated Debian router/gateway box to a router running Tomato. Suddenly subdomains pointing to private IP addresses were no longer resolved. Turns out the DNS rebinding protection is at fault. Now you could easily just disable it but this is not the secure way to fix a problem. You can actually white list domains to allow private IPs on subdomains.

Go to Advanced => DHCP / DNS Server (LAN)

Don’t uncheck “Prevent DNS-rebind attacks” as this will leave you vulnerable to this attack. Instead add the following to the Dnsmasq
Custom configuration

[cci_bash]rebind-domain-ok=/domain1.com/domain2.com/[/cci_bash]

Where domain1.com, domain2.com, etc. are the domains for which you want to allow subdomains that resolve to private IPs.

Missing 5Ghz WiFi settings on Cisco E3200 with Tomato Shibby

silviu1 Comment

I followed the instructions and installed Tomat on my Cisco E3200 router without issue. I chose Tomato by Shibby specifically because it supports the 5GHz radio in this particular router model. But woe and behold after I installed the settings were not there, I could only see them for the 2.4GHz WiFi.

Well it turns out instructions are made to be followed, I got curious after install and logged right in, but it turns out you really have to do the last 30-30-30 reset.

Sure enough after the final 30-30-30 hard reset the settings for the 5GHz of my Cisco 3200 appeared and were functional.