TomatoUSB

Hello!

I couldn't find a manual or a full guide to all the features and settings. I am (more or less) still a newbie and so I went through the v1.28 firmware interface and have lots of questions. I have googled them all and found answers to many but many still remain unclear so I decided to post them here. I hope that you'll help me with the answers, for me and everyone else in the future. So here goes.

WAN / Internet:
- MTU - When should the MTU be changed? Can you benefit in a home environment by increasing (or decreasing) it? I what case should the MTU be modified?
- Route Modem IP - Does that simply mean that the router's WAN IP address will be modem's LAN IP (eg. 192.168.1.1) instead of the IP address that the ISP provided (meaning modem's WAN)? Or am I getting this wrong?

LAN:
- Bridge, br0, STP - What is this bride here? I only have 4 ports on my router's LAN switch, what is being bridged? What about STP, is that a function that prevents the whole network crumbling down in case someone connects an UTP cable in two switch ports and creates a loop? I don't think that's likely to happen at home, so should I disable it?

Ethernet Ports State - Configuration:
- Enable Ports State - What does that mean, if I disable this I loose (disable) the 4 switch ports of LAN? Or is it something else?
- Show Speed Info - What kind of speed, transmission speed (Mbps per each port)? Where is the speed info shown?
- Invert Ports Order - Meaning simply inverting from 1, 2, 3, 4 to 4, 3, 2, 1? Why would that come in handy, in case you don't want to manually cange/switch cables because your router is placed in a difficoult to reach location? Or did I get it all wrong?

Wireless (2.4 GHz / eth1):
- Wireless modes - I understand the AP and Wireless Client (Wireless WAN), but could you explain plain what WDS does and how AP+WDP would work? And how would a Wireless Ethernet Bridge work and what's the difference between them?
- Channel width (20 MHz vs 40 Mhz) - How do I know how to set this? The router is 2,4 GHz and I'm transmitting in the N mode. Some routers have an auto setting, Tomato doesn't so provide some info on the matter please.

Conntrack/Netfilter:
- Maximum connections - What does that mean? Not maximum clients connected I think. What then?
- Timeouts - TPC, UDP etc. timeotus, please explain a bit about the timeout functions.
- Tracking / NAT Helpers - What are those settings about?
- TTL Adjust - And what is this about?

DHCP/DNS:
- Internal DNS, received DNS etc. - I don't understand this, internal DNS would be the one provided manually and not by ISP? What is received DNS then? And all the other feautres?
- Dnsmasq - This is a 3rd party feature, I've read about it but don't exactly understand what it does.

Firewall:
- ICMP ping response - No check there means that the WAN port can not be pinged from outside, right? Or not?
- Enable SYN cookies - What is this?
- Enable DSCP Fix - What does that do?
- NAT loopback, NAT target - Please explain a bit.
- Multicast, IGMPproxy, Udpxy - That too, pretty please.

Misc.:
- Boot Wait Time - Meaning the firmware will wait 5 seconds after the router is turned on - why? Or is it something else?

Routing:
- Mode, Gateway vs Router - when should each function be used, in what case? When should it be set as router only?
- RIPv1 & v2 - What is this?
- Efficient Multicast Forwarding - What is this?
- DHCP Routes - What is this?

Tor project? Is that the "TOR/Onion thing" for browsing the deep web?

VLAN:
- VID Offset (First 802.1Q VLAN tag) - I know the basics of VLAN (to have separated LANs on the same physical swithc). What is VID though, what does the VID offset do?
- Wireless (Bridge eth1 to LAN-br0) - Does that simply mean that the Wireless clients will have IP addresses from the same subnet pool as the wired LAN clients?

LAN Access (src, dst)? What does this function do?

Virtual Wireless Interfaces? Is that like Wireless VLAN? VWLAN? Providing 2 or more separate WLAN subnets?

Wireless Settings (2.4 GHz / eth1) - I'm pretty lost here, except for a few thins, so if you could write a bit about each function/feature that'd be awesome!
- Afterburner
- AP Isolation
- Authentication Type
- Basic Rate
- Beacon Interval
- CTS Protection Mode
- Regulatory Mode
- Regulatory Mode
- Distance / ACK Timing
- DTIM Interval
- Fragmentation Threshold
- Frame Burst
- Multicast Rate
- Preamble
- 802.11n Preamble
- Overlapping BSS Coexistence
- RTS Threshold
- Transmission Rate
- Interference Mitigation
- WMM (ACK, APSD)
- Wireless Multicast Forwarding

Port Forwarding:
- Triggered Port Forwarding - Does that mean that a port can be opened by an application and then closed again after I'm done using it?
- UPnP, NAT-PMP - I know a bit about UPnP, it's kind of like automatic port forwarding. So what does these functions do?

Access Restriction? Is that simply not having access to the router at the certain date and time? Or to a segment/portio of it?

QoS - there is too much stuff to ask so just one simple question: would enabling and setting up the QoS improve Skype performance? Is it difficoult to do (for a beginner)?

Bandwidth Limiter? This is for limiting the bandwidth (DL and UL speed) for each separate client?

Captive Portal? I've read about it but don't really get it. What does that do, basically?

VPN Tunneling:
- OpenVPN Server - I want to learn fast about this because I will be setting OpenVPN server on Tomato, that's why I got the router in the first place. I've read about it and it seems complicated with all the certificate stuff but I'm determined to do it. Any help is much appreciated!
- OpenVPN Client - In what case could a router act as a VPN client?

Web Administration:
- Remote Access (HxxP vs HxxPS) - What shoud be used? I understand that HxxPS is more secure but will it work or block me out of the oruter?
- SSH Daemon - What is this and when to use it?
- Telnet Daemon - What is this and when to use it?
- Allowed Remote IP Address - I should enter the client's IP address from which I'll be accesint the Tomato interface through WAN?
- Allow web login as "root" - What does that mean exactly?
- Bandwidth Monitoring, IP Traffic Monitoring (Backup)? - Those are both enabled by default, what do they do? Could this degrade the performance of the router?
- CIFS Client - What is this, what does it do?
- Debugging - Please explain a bit the features there.
- JFFS - What is this, what does it do?
- NFS Server - What is this, what does it do?
- SNMP - What is this, what does it do?
- Syslog - Where can i see/find/read it?
- Web Monitor - Where can i see/find/read it?
- Scheduler - I have set the router to reboot once a week, is that a good idea? In what case sould the reconnect be used?
- Erase all data in NVRAM memory - This meanse loosing all the settings? When should it be done? I have about 66% free left.
- Shutdown - When should this be used, what for?

In general, should everything that I don't understand or need be left as set to default? I'd like to learn and set the router so that it will be performing as good as it possibly can and also be secure. And of course set the OpenVNP.

I thank you all who'll help in advance, it's much appreciated! :)

I hope eveyone of you knowledgeable guys and gals will proviede a couple of answers, you don't have to reply to everything but if you'd tell me a bit of the things you know I'd be really grateful! :)

I have found this great site:
en.wikibooks/wiki/Tomato_Firmware/Menu_Reference (it won't let me post the full link)

Many of my questions are (at least partially) answered there, some are still missing though.

I have now set my Linksys E1200v2 router with the latest Tomato (Shibby) v1.28 firmware and everything seems to work fine. My goal now is to get the maximum possible performance, stability and security from the router. Along with establishing an OpenVPN service on it - but I’ll get to that after I get to know the firmware better.

I have found and thoroughly read the Tomato Firmware Menu Reference (linked in my last post) which explained a lot of things and I’ve googled the remaining ones but I still have some questions (partially) unexplained so I am addressing you again in hope that you will help me.

WAN / Internet:
- MTU - When (in what case) should the MTU be changed? Can I benefit (in a usual home environment) by increasing or decreasing the MTU?

- Route Modem IP - Does that simply mean that the router's WAN IP address will be modem's LAN IP (eg. 192.168.1.1) instead of the IP address that the ISP provided (meaning modem's WAN)? Or is it something else?

LAN:
- Bridge, br0, STP - What is being bridged, what does br0 stand for? I don’t think I’m bridging anything on the router. Is STP the function that prevents the network from crumbling down in case of someone connecting an UTP cable in two switch ports and thus creating a loop? I don't think that's likely to happen at home, so should I enable or disable it (to get maximum performance)?

Ethernet Ports State - Configuration:
- Enable Ports State - What happens if I disable this, do I lose/disable the 4 port switch of the LAN or just the graphics (state) in the Tomato interface - or something else?

- Show Speed Info - Where is the speed info shown, at the ports graphic (WAN, LAN 1, 2, 3, 4)?

- Invert Ports Order - Meaning simply inverting from 1, 2, 3, 4 to 4, 3, 2, 1? I guess that would come in handy in case you don't want to manually change/switch the cables because the router is placed in a difficoult to reach location? Or is it something else?

Conntrack/Netfilter:
- Maximum connections - Is this about the maximum connections for P2P (torrents), if yes, what would be optimal for my internet speed (DL: 14 Mbps, UL: 2 Mbps)?

- Timeouts - TPC, UDP etc. - please explain a bit about the timeout functions.

- Tracking / NAT Helpers - What are those settings about? How do they help? Are they any security risks or performance inpacts? Do I have to have GRE/PPTP enabled for OpenVPN?

- TTL Adjust - What is this about?

DHCP/DNS:
- Internal DNS etc. - Is this a DNS caching feature that will improve internet surfing speed? Is the default check here enough or do I have to set things up (dnsmasq) - how?

Regarding DNS also - how do I properly set the DNS for best performance? Write in the DNS server addresses manually (port 53 too?) or let the router get the DNS from the ISP automatically?

Firewall:
- ICMP ping response - I have this disabled (no check) but I was able to ping the WAN IP address anyway when I tested it. How come?

- Enable SYN cookies - What is this?

- Enable DSCP Fix - What does that do exactly?

- NAT loopback, NAT target – Can this be a threat in any way if enabled?

- Multicast, IGMPproxy, Udpxy – In what case should I enable this?

Routing:
- Mode, Gateway vs Router - when used as a “home router”, meaning connecting ISP WAN to local LAN, it should always be set as a Gateway, right?

- RIPv1 & v2 - What is this?

- Efficient Multicast Forwarding – And what is this?

- DHCP Routes - And this?

Tor project? Is that the "TOR - Onion thing" for browsing the deep web and whatnot? I’m not really interested in that. But is there a way to set the ad blocking feature in the router though?

VLAN:
- VID Offset (First 802.1Q VLAN tag) - I know the basics of VLAN (to have separated LANs on the same physical switch). What is VID though, what does the VID offset do/mean?

- Wireless (Bridge eth1 to LAN-br0) - Does that simply mean that the Wireless clients will have IP addresses from the same subnet pool as the wired LAN clients?

LAN Access (src, dst)? What does this function do, what can be achieved here?

Virtual Wireless Interfaces? Is that like Wireless VLAN? VWLAN? Providing 2 or more separate WLAN subnets?

Wireless Settings:

- Beacon Interval - Can I improve performance with this?

- Bluetooth Coexistence - Will I lose performance by enabling this?

- Frame Burst - Will this really improve the speed?

- Overlapping BSS Coexistence - What’s that?

- RTS Threshold - Performance gain possibility?

- Transmission Rate - Does increasing this expand the WiFi signal area covered?

- WMM - it’s enabled by default, shouldn’t the ACK be enabled too?

- Wireless Multicast Forwarding - What does that do?

Port Forwarding:
- Triggered Port Forwarding - Does that mean that a port can be opened by an application and then closed again after I'm done using it?

- UPnP, NAT-PMP - I know a bit about UPnP, it's kind of like automatic port forwarding, right? What about the NAT-PMP?

QoS - I have read that QoS basically only helps in shaping the outgoing traffic and not the incoming. So, would enabling and setting up the QoS improve Skype performance at all? And so only the outbound or inbound too (what I see and hear)?

VPN Tunneling:
- OpenVPN Server - I want to learn about this because I will be setting an OpenVPN server on this router, that's why I got it in the first place. I've read about it and it seems complicated with all the certificate stuff but I'm determined to do it. Any help on this is much appreciated!

- OpenVPN Client - In what case could a router act as a VPN client, could you explain please?

Web Administration:
- Remote Access (HxxP vs HxxPS) - Locally (when the internet is on), is it safe to use the HTTP to access the interface? What would I need to be able to use HTTPS (localy and remotely)?

- SSH Daemon - I turned this off since I won’t be needing it, is that OK (more secure)?

- Telnet Daemon - I turned this off since I won’t be needing it, is that OK (more secure)?

- Allowed Remote IP Address - I should enter the allowed client's IP address from which I'll be accesing the Tomato interface through WAN, is that it?

- Allow web login as "root" - What does that mean exactly?

- Bandwidth Monitoring, IP Traffic Monitoring - Saving to RAM is safe and doesn’t degrade performance, right? Should I turn this off to increase performance?

- Debugging - Please explain a bit the features there. I guess that changing anything would not increase stability, performance or/and security?

- JFFS - Can this be used to somehow improve performance?

- NFS Server - What is this, what does it do?

- SNMP - And what is this, what does it do?

- Syslog - Is this creating the log I can check under the STATUS in the interface? Would disabling the log increase performance?

- Web Monitor - Would enabling it decrease the performance?

- Scheduler - I have set the router to reboot once a week, is that a good idea? In what case sould the function “reconnect” be used?

- Erase all data in NVRAM memory - Do I have to do this every time I update the firmware or not?

- Shutdown - When should this be used, what for? Is reboot not enough (in what case)?

I THANK YOU ALL IN ADVANCE, YOU HELP IS MUCH APPRECIATED!

Can you just answer a couple of questions, or at least one? Anyone, please? :)

And I have 2 additional questions:

1. My router's WAN LED is blinking all the time, even at night, when all the clients are disconnected. What does that mean, is there really so much traffic going on just between the ISP's DSL modem and router's WAN port? Is the router dropping unwanted packets from the internet (firewall), is that why it's blinking?

2. What does the "Announce IPv6 on LAN (SLAAC)" and the other IPv6 feature do? Can I disable that since I don't use IPv6, will I gain anything at all by disabling it (security and/or performance)?

Thank you! :)