TomatoUSB

Currently I have a DSL modem plugged into an 8 port HUB. From the HUB I have one line going into the WAN of my Asus RT-N16 and one to the LAN of my Asus RT-N16. The other 5 ports on the HUB are all in use, as well as my the remaining ports on my Asus RT-N16. I'm using this configuration, because I also a phone adaptor that I want to connect it's WAN to over the DSL modem using PPPoE. The routing on tomato USB is smart enough to eliminate potential loops, so this configuration works perfectly. However, it occurs to me I could probably do in software the same thing by bridging the LAN and WAN together on the Asus RT-N16, then there would be no need for second cable to the HUB, freeing up both one more LAN port on my Asus RT-N16 and one more port on my HUB.

Before I start digging into ways to do that, I thought to ask if there is a simple "ip" command and such that will accomblish this without screwing up the loop detection?

BTW. I just remembered why this is tricky. If I bridge the WAN and LAN together within the router, then effectively I've created a hole in my firewall. Right now my firewall is still secure, because all the traffic going out the WAN port is PPPoE. So if someone on the internet cannot send packets directly to say my laptop, even though my laptop and DSL modem are both connected to the same HUB. If I were to just bridge WAN and LAN together, I don't know if my firewall would remain secure.

Bill

Not quite sure how above works, but I think it would be neater to adjust the vlan settings so that a dedicated LAN port for the modem joins the WAN port via the RTN-16 switch 'hardware', then you don't need the Linux kernel to do any routing, and the phone adaptor is left firewalled on the wan side. The router has a 5-way external switch which is divided into WAN and LAN with these nvram settings

vlan1ports=4 3 2 1 8*
vlan2ports=0 8

I guess 8 is the internal side of the switch, I forget what the * means.

dd-wrt has a web gui way of manipulating these

I'm guessing you want to access the modem configuration while it's in bridged mode to the router

You can do it without connecting a second cable to the LAN port.

Let's say your modem's LAN IP is 10.1.1.1 255.255.255.0 and is in a different subnet to your router
Put this in your wanup script:

ifconfig vlan2:0 10.1.1.2 netmask 255.255.255.0
iptables -t nat -I POSTROUTING -o vlan2 -j MASQUERADE

Thanks, Gnuclear. That sounds like exactly what I wanted to do. Only now, I've moved onto a different plan. You see my DSL modem's DHCP server managed to turn itself back on, and it caused me a day worth of headackes until I realized what was causing the problem. So it is probably best not to bridge the WAN and LAN together afterall…

Instead, now I've decided I want to implement as close to 100% redundancy as possible. Which means eliminating as many single points of failure as practical. Starting of course with what fails most, which is a second internet connection connected to a separate router. Since hubs have a very low rate of failure, I'm not sure I will address that single point of failure.

Bill

I think some of you are using ancient versions of Tomato? Latest all have modem routing in the GUI, no need for scripts.

Naw. The GUI is very limited, and also tends to fill up your nvram. So usually people just put the minimum in the GUI needed to bring their router up to a stable state. After that, most experienced users prefere to put confirguration in scripts. BTW. It occured to me the problem with Gnuclear's solution is the bandwidth counter and QOS counter would end-up counting intranet traffic in with internet traffic…

On the redundant hardware project, I now have two nearly identically configured routers. For IPv4 I added a routing rule to each with a high metric value to route for to the other. That way, if one router's internet connection goes down, all traffic automatically route to the other router. For IPv6 I have been having trouble doing something similar. In that if the six0 interface is started, the all the IPv6 traffic routes through that. The problem is HE only allows one tunnel per WAN. So if the WAN is down on a router, the six0 tunnel automatically redirects to the first router, and then the packets get thrown away. Only if I manually remove the routing rule for six0 can I get IPv6 traffic to route to the router where WAN and hense IPv6 is up.

There are several reasonable solutions, and I am trying to decide the best way to go. One solution would be to use a different tunnel broaker all together. I've already tested and if there are two RADVD's servers running, linux clients will simply automatically multicast on both nets. (I haven't tested with Windows yet, or phones yet.) The problem with multicast I really just want to use one DNS entry and one public IPv6 address per machine… Another potential solution would be scripts that manage take down six0 so it only runs on one router at a time. However, that seems overly complicated.