Recent Forum Posts
From categories:
page »

Hello, i solved this problem by forwarding ports…

Re: Cant access from outside by 4majkl4majkl, 21 Mar 2018 14:54

I figured how to make the GUI port forwarding working for clients on the other side of the VPN connection, you just need to add the following iptables rule:

iptables -t nat -A PREROUTING -j WANPREROUTING --destination <your-assigned-VPN-IP-address-or-network>

To make it "persistent", I use custom scheduler script with "every minute" schedule:

(iptables -t nat -L PREROUTING | grep -q <your-assigned-VPN-IP-address-or-network>) || iptables -t nat -A PREROUTING -j WANPREROUTING --destination <your-assigned-VPN-IP-address-or-network>

Example (my VPN network is

(iptables -t nat -L PREROUTING | grep -q || iptables -t nat -A PREROUTING -j WANPREROUTING --destination

Hello all
I have 3 static IP address leased true my Internet provider i have 3 servers connected true the router I have to give one IP for each SERVER how to
or i can use just one IP for all 3 servers i did that but when i go to call the website i get BED REQUESTED? there are any way to go around?
each server has won domain name not for website it's for mining pool and Master Node

Hello all!

I just started using Tomato with my Asus RT-AC66U, and it's been great for the most part. One problem I can't seem to solve is if I try to assign a STATIC IP to my laptop using the MAC, when I connect to the TPLINK RE450 wifi extender (which is connected to the Asus), there is no internet. The correct IP is assigned and it appears on the device list of Tomato GUI. I can't ping the router either.

If I connect directly to the Asus router, then internet works fine, and again correct Static IP is assigned. Anybody have any ideas?

It used to work when I tried dd-wrt on the AC66U, but unfortunately had a lot of port forwarding issues with dd-wrt and my router that I had to abandon dd-wrt.

Thanks in advance for any help!



I have installed tomato firmware on Linksys E900 route. we have team of 50 users. I am trying to put in place below access restriction policy:-
1. White List (access to only sites which added in white list)
2. Block List (Always blocked)
3. Full internet access for selected users
I searched for some scripts which can allow me to perform the above access restriction but it is not working.

Below is the scrip i used

  1. Allow these hosts unrestricted access

iptables -A wanout -i `nvram get lan_ifname` -m mac —mac-source <allowed MAC #1> -j ACCEPT
iptables -A wanout -i `nvram get lan_ifname` -m mac —mac-source <allowed MAC #2> -j ACCEPT

  1. Allow everyone access to these sites

iptables -A wanout -i `nvram get lan_ifname` -d -j ACCEPT
iptables -A wanout -i `nvram get lan_ifname` -d -j ACCEPT

  1. Everything else gets blocked

iptables -A wanout -i `nvram get lan_ifname` -j DROP

Any help would be appreciated.

Mahendra Shivsharan

Was hoping someone would be able to advise.

I need to set up port forwarding on my router running Tomato Firmware 1.28.0000.

There are two WANs configured and both require some different port forwards (E.g - Port 22 - WAN1 and Port 2222 - WAN2
I have looked in the web interface but there doesnt seem to be anywhere I can configure per wan.

Is this possible?

Thanks in advance.

So I am using a UTM for my firewall+filtering, and want to use a netgear router with tomato loaded to pass the external ISP IP onto my UTM to avoid double natting as below.

Is this possible to convert to a bridged modem mode?


Tomato as a isp bridge? by NorthantsPeteNorthantsPete, 05 Feb 2018 09:19

You can at least configure the openvpn to retrieve the certificates from usb storage via the custom configuration field. Not a solution but helps tremendously on free nvram size.

Re: Increasing NVRAM size? by oppsigoppsig, 03 Feb 2018 20:46

When TOR Project enabled, router running OPENVPN client is unable to access server side resources (port 80). Other ports (eg 800) work ok.

Client router log shows connection rejected - Log message:
daemon.warn Tor[1394]: Rejecting request for anonymous connection to private address [scrubbed] on a TransPort or NATDPort. Possible loop in your NAT rules?

Disabling TOR Client things resume to working as expected.
Using firmware build: 1.28.0000 MIPSR2-140 K26 USB AIO-64K

It is not obvious that the TOR Project reroutes OpenVPN client routing and that it will not exclude re-routing private addresses (eg 10.x, 192.168.x.x).

Would be better if some of the following had existed:
(a) Warning notes on TOR Settings that OpenVPN client traffic will be redirected
(b) Option selector to include/exclude OpenVPN client traffic from TOR
(c) Option selector to include/exclude routing of private address range traffic.

plss some could help….went into winscp and found out that openvpn auto generate config …there is no bind, i tried to edit it with bind float lport ??? but it comes back right away…i cant seems to save it ….

openvpn plsss help by jknee00jknee00, 28 Jan 2018 16:22

well, agree its rather annoying.
some other can do it, it seems. AsusWRT does have some means.
Look: in GitHub for asuswrt and Scheduled-LED-control LED Control

Thought it was builtin, like some other models like AC68U.

P.S. Sorry I cant link it to you, I'm a newbie here, so its not allowed to link to 'outside' world.

Peter Rosenberg

Tomato K26USB-1.28.RT-N5x-MIPSR2-140-VPN
Asus RT-N66U

I have been a happy user of Tomato by Shibby for a while.
Needed to create a network for Internet access only, but isolated from the main one.
Port 4 would be reserved for that network.
Already had a separated wireless access as br1.

Did as follows:

Basic > Network
Created a network with another address (192.168.3.x)
Note that DHCP is enabled for that one


Advanced > VLAN
Removed Port 4 from br0 (which is 192.168.1.x) thus leaving only Ports 1, 2 and 3 for that.
Added vlan3, enabled for Port 4 only

The problem is that any computer connected to Port 4 only gets a 169 address - DHCP is not working there (the original network 192.168.1.x continues normal).

Am I missing something?

Cześć Shibby.
Great work!

Last few days I see on my R7000 (1.28.0000 -140 K26ARM USB AIO-64K):

!! Attention !!
Tomato by Shibby undefined is now available. Click here to read more.


Undefined is now available by ryssonrysson, 21 Jan 2018 19:37

Who knows what command in the scheduler commands can be done to reboot the router, when the Internet disappears through a 3G modem?

Tomato Firmware 1.28.0000 MIPSR2-140 K26 USB AIO
Netgear WNR3500L v2

Thank you Roland!
UK works for me as well (Tomato by Shibby v138 on Asus RT-N16). It didn't work when I chose Ukraine, the same 1 channel and 20MHz.

Could someone help me, please.

I'm trying to install Tomato by Shibby or Advance Tomato on my brand new D-link DIR868L rev C. Flashing were made by instructions on klseet site (i'm not allowed to paste links - new user) with newest files for my router but with no luck, router bricks every time with every firmware version flashing from DD-WRT to Tomato.

Please help.

I was trying to find an answer on the forum and I went through the whole WEB GUI trying to find a setting that could create this issue. I have a few PCs, Macs and other devices on my home network. Some of them are wired and some are wireless. After a fresh reboot of the router (RTAC66u with Tomato Firmware 1.28.0000 MIPSR2-140 K26AC USB AIO-64K) I can ping from any device to any other device with no issues. After about an hour, the devices stop seeing each-other on the local network. This is a big issue for me, because I can not print to my wireless printer or share the music and video from my server without constantly rebooting the router. I did not have these issues using manufacturer's firmware. My two options for fixing the issue now are:
1. reboot on schedule
2. restore original firmware
I really like the features offered by TomatoUSB and I would like to keep it on my router if somebody could help me to resolve the LAN connectivity issue.
Thank you

I would like to block facebook, I was reading several posts yesterday and it seems like that is not possible, could you please confirm that indeed it is the case?


Hello peoples,

I am having trouble printing via airprint ipad/iphone to my canon pixma 5400 series printer. I have shibby 1.28 on an asus rt-n16u. Clue: If I reset the router it will work for a short time. I think it must be that the router is not forwarding the Bonjour packets after some time but I don’t know why. All the various help topics I have found online don’t work for me. Any ideas of things to try would be appreciated.


Help with airprint by BretGBretG, 11 Jan 2018 02:52

I was noticing that a website was down for just me (friends could visit it). It could not be accessed from any device connected to my wifi network. I could access it if I plugged my computer directly into the cable modem. So I restored the default Tomato (Shibby 1.40) configuration on my AC-66u, and then I again restored selecting the "erase all NVRAM" option. When the router came back up, I still cannot access the site at the given IP address:

This is the traceroute I get:
traceroute to (, 64 hops max, 52 byte packets
1 unknown ( 0.500 ms 0.304 ms 0.263 ms
2 * * *
3 ( 17.000 ms 11.544 ms 11.983 ms
4 ( 12.552 ms 14.661 ms 13.817 ms
5 ( 12.707 ms ( 14.283 ms ( 14.292 ms
6 ( 13.090 ms 10.865 ms 12.831 ms
7 ( 142.732 ms 147.835 ms 231.572 ms
8 ( 63.867 ms 65.707 ms 66.302 ms
9 ( 61.690 ms 100.826 ms 63.989 ms
10 ( 67.783 ms 67.424 ms 66.220 ms
11 * * *
12 * * *
13 * * *
14 * * *
15 * * *
16 * * *
17 * * *
18 * * *
19 * * *
20 * * *
21 * * *
Can anyone with a similar config to me confirm if they are able to access?


page »
Unless otherwise stated, the content of this page is licensed under Creative Commons Attribution-ShareAlike 3.0 License