- Sep 27, 2014
- 118
- 0
- 18,690
Hello!
I have got and set a Linksys E1200v2 router with the latest Tomato (Shibby) v1.28 firmware and everything seems to work fine. My goal now is to get the maximum possible performance, stability and security from the router. Along with establishing an OpenVPN service on it - but I’ll get to that after I get to know the firmware better.
The folks at the Tomato forums aren’t particularly helpful so I’m asking you guys since most of the questions would apply to the routers in general. I have found and thoroughly read the Tomato Firmware Menu Reference which explained a lot of things and I’ve googled the remaining ones but I still have some questions (partially) unexplained so I am addressing you all in hope that you can help me.
WAN / Internet:
- MTU - When (in what case) should the MTU be changed? Can I benefit (in a usual home environment) by increasing or decreasing the MTU?
- Route Modem IP - Does that simply mean that the router's WAN IP address will be modem's LAN IP (eg. 192.168.1.1) instead of the IP address that the ISP provided (meaning modem's WAN)? Or is it something else?
LAN:
- Bridge, br0, STP - What is being bridged, what does br0 stand for? I don’t think I’m bridging anything on the router. Is STP the function that prevents the network from crumbling down in case of someone connecting an UTP cable in two switch ports and thus creating a loop? I don't think that's likely to happen at home, so should I enable or disable it (to get maximum performance)?
Ethernet Ports State - Configuration:
- Enable Ports State - What happens if I disable this, do I lose/disable the 4 port switch of the LAN or just the graphics (state) in the Tomato interface - or something else?
- Show Speed Info - Where is the speed info shown, at the ports graphic (WAN, LAN 1, 2, 3, 4)?
- Invert Ports Order - Meaning simply inverting from 1, 2, 3, 4 to 4, 3, 2, 1? I guess that would come in handy in case you don't want to manually change/switch the cables because the router is placed in a difficoult to reach location? Or is it something else?
Conntrack/Netfilter:
- Maximum connections - Is this about the maximum connections for P2P (torrents), if yes, what would be optimal for my internet speed (DL: 14 Mbps, UL: 2 Mbps)?
- Timeouts - TPC, UDP etc. - please explain a bit about the timeout functions.
- Tracking / NAT Helpers - What are those settings about? How do they help? Are they any security risks or performance inpacts? Do I have to have GRE/PPTP enabled for OpenVPN?
- TTL Adjust - What is this about?
DHCP/DNS:
- Internal DNS etc. - Is this a DNS caching feature that will improve internet surfing speed? Is the default check here enough or do I have to set things up (dnsmasq) - how?
Regarding DNS also - how do I properly set the DNS for best performance? Write in the DNS server addresses manually (port 53 too?) or let the router get the DNS from the ISP automatically?
Firewall:
- ICMP ping response - I have this disabled (no check) but I was able to ping the WAN IP address anyway when I tested it. How come?
- Enable SYN cookies - What is this?
- Enable DSCP Fix - What does that do exactly?
- NAT loopback, NAT target – Can this be a threat in any way if enabled?
- Multicast, IGMPproxy, Udpxy – In what case should I enable this?
Routing:
- Mode, Gateway vs Router - when used as a “home router”, meaning connecting ISP WAN to local LAN, it should always be set as a Gateway, right?
- RIPv1 & v2 - What is this?
- Efficient Multicast Forwarding – And what is this?
- DHCP Routes - And this?
Tor project? Is that the "TOR - Onion thing" for browsing the deep web and whatnot? I’m not really interested in that. But is there a way to set the ad blocking feature in the router though?
VLAN:
- VID Offset (First 802.1Q VLAN tag) - I know the basics of VLAN (to have separated LANs on the same physical switch). What is VID though, what does the VID offset do/mean?
- Wireless (Bridge eth1 to LAN-br0) - Does that simply mean that the Wireless clients will have IP addresses from the same subnet pool as the wired LAN clients?
LAN Access (src, dst)? What does this function do, what can be achieved here?
Virtual Wireless Interfaces? Is that like Wireless VLAN? VWLAN? Providing 2 or more separate WLAN subnets?
Wireless Settings:
- Beacon Interval - Can I improve performance with this?
- Bluetooth Coexistence - Will I lose performance by enabling this?
- Frame Burst - Will this really improve the speed?
- Overlapping BSS Coexistence - What’s that?
- RTS Threshold - Performance gain possibility?
- Transmission Rate - Does increasing this expand the WiFi signal area covered?
- WMM - it’s enabled by default, shouldn’t the ACK be enabled too?
- Wireless Multicast Forwarding - What does that do?
Port Forwarding:
- Triggered Port Forwarding - Does that mean that a port can be opened by an application and then closed again after I'm done using it?
- UPnP, NAT-PMP - I know a bit about UPnP, it's kind of like automatic port forwarding, right? What about the NAT-PMP?
QoS - I have read that QoS basically only helps in shaping the outgoing traffic and not the incoming. So, would enabling and setting up the QoS improve Skype performance at all? And so only the outbound or inbound too (what I see and hear)?
VPN Tunneling:
- OpenVPN Server - I want to learn about this because I will be setting an OpenVPN server on this router, that's why I got it in the first place. I've read about it and it seems complicated with all the certificate stuff but I'm determined to do it. Any help on this is much appreciated!
- OpenVPN Client - In what case could a router act as a VPN client, could you explain please?
Web Administration:
- Remote Access (HxxP vs HxxPS) - Locally (when the internet is on), is it safe to use the HTTP to access the interface? What would I need to be able to use HTTPS (localy and remotely)?
- SSH Daemon - I turned this off since I won’t be needing it, is that OK (more secure)?
- Telnet Daemon - I turned this off since I won’t be needing it, is that OK (more secure)?
- Allowed Remote IP Address - I should enter the allowed client's IP address from which I'll be accesing the Tomato interface through WAN, is that it?
- Allow web login as "root" - What does that mean exactly?
- Bandwidth Monitoring, IP Traffic Monitoring - Saving to RAM is safe and doesn’t degrade performance, right? Should I turn this off to increase performance?
- Debugging - Please explain a bit the features there. I guess that changing anything would not increase stability, performance or/and security?
- JFFS - Can this be used to somehow improve performance?
- NFS Server - What is this, what does it do?
- SNMP - And what is this, what does it do?
- Syslog - Is this creating the log I can check under the STATUS in the interface? Would disabling the log increase performance?
- Web Monitor - Would enabling it decrease the performance?
- Scheduler - I have set the router to reboot once a week, is that a good idea? In what case sould the function “reconnect” be used?
- Erase all data in NVRAM memory - Do I have to do this every time I update the firmware or not?
- Shutdown - When should this be used, what for? Is reboot not enough (in what case)?
PS: I have 3 additional questions:
1. My router's WAN LED is blinking all the time, even at night, when all the clients are disconnected. What does that mean, is there really so much traffic going on just between the ISP's DSL modem and router's WAN port? Is the router dropping unwanted packets from the internet (firewall), is that why it's blinking?
2. What does the "Announce IPv6 on LAN (SLAAC)" and the other IPv6 feature do? Can I disable that since I don't use IPv6, will I gain anything at all by disabling it (security and/or performance)?
3. Is this the most secure way one can set-up an OpenVPN server and client(s)? There’s the open way and then I think the password variant and this one (certificate secured):
http://www.howtogeek.com/60774/connect-to-your-home-network-from-anywhere-with-openvpn-and-tomato/
So is this the most secure way and the proper way to set a safe & secure OpenVPN connection?
THANK YOU IN ADVANCE, ANY BIT OF HELP IS MUCH APPRECIATED!!!
I have got and set a Linksys E1200v2 router with the latest Tomato (Shibby) v1.28 firmware and everything seems to work fine. My goal now is to get the maximum possible performance, stability and security from the router. Along with establishing an OpenVPN service on it - but I’ll get to that after I get to know the firmware better.
The folks at the Tomato forums aren’t particularly helpful so I’m asking you guys since most of the questions would apply to the routers in general. I have found and thoroughly read the Tomato Firmware Menu Reference which explained a lot of things and I’ve googled the remaining ones but I still have some questions (partially) unexplained so I am addressing you all in hope that you can help me.
WAN / Internet:
- MTU - When (in what case) should the MTU be changed? Can I benefit (in a usual home environment) by increasing or decreasing the MTU?
- Route Modem IP - Does that simply mean that the router's WAN IP address will be modem's LAN IP (eg. 192.168.1.1) instead of the IP address that the ISP provided (meaning modem's WAN)? Or is it something else?
LAN:
- Bridge, br0, STP - What is being bridged, what does br0 stand for? I don’t think I’m bridging anything on the router. Is STP the function that prevents the network from crumbling down in case of someone connecting an UTP cable in two switch ports and thus creating a loop? I don't think that's likely to happen at home, so should I enable or disable it (to get maximum performance)?
Ethernet Ports State - Configuration:
- Enable Ports State - What happens if I disable this, do I lose/disable the 4 port switch of the LAN or just the graphics (state) in the Tomato interface - or something else?
- Show Speed Info - Where is the speed info shown, at the ports graphic (WAN, LAN 1, 2, 3, 4)?
- Invert Ports Order - Meaning simply inverting from 1, 2, 3, 4 to 4, 3, 2, 1? I guess that would come in handy in case you don't want to manually change/switch the cables because the router is placed in a difficoult to reach location? Or is it something else?
Conntrack/Netfilter:
- Maximum connections - Is this about the maximum connections for P2P (torrents), if yes, what would be optimal for my internet speed (DL: 14 Mbps, UL: 2 Mbps)?
- Timeouts - TPC, UDP etc. - please explain a bit about the timeout functions.
- Tracking / NAT Helpers - What are those settings about? How do they help? Are they any security risks or performance inpacts? Do I have to have GRE/PPTP enabled for OpenVPN?
- TTL Adjust - What is this about?
DHCP/DNS:
- Internal DNS etc. - Is this a DNS caching feature that will improve internet surfing speed? Is the default check here enough or do I have to set things up (dnsmasq) - how?
Regarding DNS also - how do I properly set the DNS for best performance? Write in the DNS server addresses manually (port 53 too?) or let the router get the DNS from the ISP automatically?
Firewall:
- ICMP ping response - I have this disabled (no check) but I was able to ping the WAN IP address anyway when I tested it. How come?
- Enable SYN cookies - What is this?
- Enable DSCP Fix - What does that do exactly?
- NAT loopback, NAT target – Can this be a threat in any way if enabled?
- Multicast, IGMPproxy, Udpxy – In what case should I enable this?
Routing:
- Mode, Gateway vs Router - when used as a “home router”, meaning connecting ISP WAN to local LAN, it should always be set as a Gateway, right?
- RIPv1 & v2 - What is this?
- Efficient Multicast Forwarding – And what is this?
- DHCP Routes - And this?
Tor project? Is that the "TOR - Onion thing" for browsing the deep web and whatnot? I’m not really interested in that. But is there a way to set the ad blocking feature in the router though?
VLAN:
- VID Offset (First 802.1Q VLAN tag) - I know the basics of VLAN (to have separated LANs on the same physical switch). What is VID though, what does the VID offset do/mean?
- Wireless (Bridge eth1 to LAN-br0) - Does that simply mean that the Wireless clients will have IP addresses from the same subnet pool as the wired LAN clients?
LAN Access (src, dst)? What does this function do, what can be achieved here?
Virtual Wireless Interfaces? Is that like Wireless VLAN? VWLAN? Providing 2 or more separate WLAN subnets?
Wireless Settings:
- Beacon Interval - Can I improve performance with this?
- Bluetooth Coexistence - Will I lose performance by enabling this?
- Frame Burst - Will this really improve the speed?
- Overlapping BSS Coexistence - What’s that?
- RTS Threshold - Performance gain possibility?
- Transmission Rate - Does increasing this expand the WiFi signal area covered?
- WMM - it’s enabled by default, shouldn’t the ACK be enabled too?
- Wireless Multicast Forwarding - What does that do?
Port Forwarding:
- Triggered Port Forwarding - Does that mean that a port can be opened by an application and then closed again after I'm done using it?
- UPnP, NAT-PMP - I know a bit about UPnP, it's kind of like automatic port forwarding, right? What about the NAT-PMP?
QoS - I have read that QoS basically only helps in shaping the outgoing traffic and not the incoming. So, would enabling and setting up the QoS improve Skype performance at all? And so only the outbound or inbound too (what I see and hear)?
VPN Tunneling:
- OpenVPN Server - I want to learn about this because I will be setting an OpenVPN server on this router, that's why I got it in the first place. I've read about it and it seems complicated with all the certificate stuff but I'm determined to do it. Any help on this is much appreciated!
- OpenVPN Client - In what case could a router act as a VPN client, could you explain please?
Web Administration:
- Remote Access (HxxP vs HxxPS) - Locally (when the internet is on), is it safe to use the HTTP to access the interface? What would I need to be able to use HTTPS (localy and remotely)?
- SSH Daemon - I turned this off since I won’t be needing it, is that OK (more secure)?
- Telnet Daemon - I turned this off since I won’t be needing it, is that OK (more secure)?
- Allowed Remote IP Address - I should enter the allowed client's IP address from which I'll be accesing the Tomato interface through WAN, is that it?
- Allow web login as "root" - What does that mean exactly?
- Bandwidth Monitoring, IP Traffic Monitoring - Saving to RAM is safe and doesn’t degrade performance, right? Should I turn this off to increase performance?
- Debugging - Please explain a bit the features there. I guess that changing anything would not increase stability, performance or/and security?
- JFFS - Can this be used to somehow improve performance?
- NFS Server - What is this, what does it do?
- SNMP - And what is this, what does it do?
- Syslog - Is this creating the log I can check under the STATUS in the interface? Would disabling the log increase performance?
- Web Monitor - Would enabling it decrease the performance?
- Scheduler - I have set the router to reboot once a week, is that a good idea? In what case sould the function “reconnect” be used?
- Erase all data in NVRAM memory - Do I have to do this every time I update the firmware or not?
- Shutdown - When should this be used, what for? Is reboot not enough (in what case)?
PS: I have 3 additional questions:
1. My router's WAN LED is blinking all the time, even at night, when all the clients are disconnected. What does that mean, is there really so much traffic going on just between the ISP's DSL modem and router's WAN port? Is the router dropping unwanted packets from the internet (firewall), is that why it's blinking?
2. What does the "Announce IPv6 on LAN (SLAAC)" and the other IPv6 feature do? Can I disable that since I don't use IPv6, will I gain anything at all by disabling it (security and/or performance)?
3. Is this the most secure way one can set-up an OpenVPN server and client(s)? There’s the open way and then I think the password variant and this one (certificate secured):
http://www.howtogeek.com/60774/connect-to-your-home-network-from-anywhere-with-openvpn-and-tomato/
So is this the most secure way and the proper way to set a safe & secure OpenVPN connection?
THANK YOU IN ADVANCE, ANY BIT OF HELP IS MUCH APPRECIATED!!!
Facebook
Twitter
Instagram