Recent Forum Posts
From categories:
page »

Is Shibby USB affected by the Krack exploit etc. ?

Re: Shibby Builds by davis bacondavis bacon, 19 Oct 2017 21:44
wpa2 bug
Ehab HeikalEhab Heikal 18 Oct 2017 16:38
in discussion Discussions / General » wpa2 bug

Does this have the wpa2 bug

wpa2 bug by Ehab HeikalEhab Heikal, 18 Oct 2017 16:38
vpn exclusions
mnt_grrrlmnt_grrrl 17 Oct 2017 23:49
in discussion Discussions / General » vpn exclusions

How to I exclude certain sites (netflix) from using my vpn.

Thanks in advance

vpn exclusions by mnt_grrrlmnt_grrrl, 17 Oct 2017 23:49

* Update: 30-30-30 resolved the issue *

Unable to mount Toshiba 1TB ext. desktop USB drive to R6300V1 running Sibby 1.28.0000 MIPSR2-132 K26AC USB AIO-64K. I have tried formatting the drive to NTFS and EXT3, with all the appropriate settings under USB and NAS > USB Support. Also attempted to find the drive by logging into the router and running fdisk -l, but had nothing returned. Also re-flashed with no joy. Any resources or direction form the group would be appreciated.

Hello i have problem with my configuration Asus RT-N18 firmware shibby 140

I have dual WAN connection and three LAN (br0, br1, br2)

The problem is that port forwarding to br2 network not work.
If I setup Number of WAN Ports only to 1 everything is OK and work great
- port forwarding to br0 and br2 work OK

But when I setup Number of WAN Ports to 2 port forwarding to br2 stop working.

some firewall logs that i cannot explain.

ACCEPT IN=vlan2 OUT=vlan10 SRC= DST=
vlan2 - WAN1
vlan10 -WAN2
DST - br2 network

for br0 it is correct
DST - br0 network

Can you help with this?

I have the same issue with tomato on a wrt54gv3. Tomato can see my network in the wireless site survey and all info is set correctly but it never connects. Hope someone posts a solution.

This is what I currently have: one router/modem (Fritzbox 7490) connected to my ISP.
This currently supplies DHCP and wireless to the house, using the IP (default) and this feeds two TP-Link AP's running DD-WRT via cat6 cables thru a simple switch for one SSID “Family”

I would like to insert my new Asus RT AC3200 running Tomato firmware after the current Fritzbox to look after all DHCP, Wifi etc. The Fritzbox would then just handle pass thru routing. No DHCP or WiFi

On the Asus I would like to run the main LAN on with three VLANs as follows:
SSID “NetFamily” on
SSID “NetGuests” on
SSID “NetPrinters” on

Netfamily can browse the whole network and use the printers, NetGuests can only see and use the printers on
Also the Fritzbox should be able to access the Printers network.

Does this look ok? Any modifications needed? How would I go about setting this up?

Are the AP’s capable of handling the 3 SSID’s for spreading them around the house?

Many thanks

With hulu and netflixin general, there are a lot of problems occurring.


I am curious to know if there is any difference in features between builds 138 and 140. I am currently using 1.38 on netgear R7000.

How to turn off ipv6 using console under:

1.28.0000 MIPSR2-2.4-123 K26 USB AIO

I know it is possible using web UI. Is it possible also by command line / ssh?

How to turn off ipv6 by dawciobieldawciobiel, 30 Sep 2017 21:25

It would be nice to have also ip_gre module.

I'm using Tomato v1.28.0000 -140 K26ARM USB AIO-64K on Asus RT-AC68R/U

ip_gre Module by Andrei TanaseAndrei Tanase, 27 Sep 2017 10:55

I've got an Asus RT-N66U running Tomato Firmware 1.28.0000 MIPSR2-132 K26AC USB AIO-64K and haved used it very successfully as my LAN/WLAN router. As I recently got gigabit internet, I now use a more powerful, ethernet-only router on the front and my Asus for WIFI only.

But I'm not satisfied with the current setup of having the Asus plugged using the main router as the WAN interface, as this results in twice NATing the traffic.
I have unsuccessfully tried to put my Asus in "bridge-only" mode, meaning that it would let people connect to it, but all traffic is then forwarded to the LAN router that will then do all dns, dhcp, nat etc.

Using the option "Wireless Ethernet Bridge" seemed to be a good choice and worked for the wired Asus Ports, but when choosing that, the Access Point vanished.

Does anybody know if/how I can solve this problem?

Hi Shibby,

I'm using tomato shibby version few years and it's great. Recently, i tried to upgrade my linksys ea3200 from 132 to any multi wan version (136, 138 and 140). All of them will make my 5G wireless disappear. Once I rollback to 132, the 5G is back. I did hard reset and erase all data in NVRAM every time i upgrade and downgrade. Finally I found out it's relate to my VPN. once i enable the OpenVPN server with TLS authorization Mode with all the keys input and reboot the device. the 5G wireless will disappear.

Hope this info can help you fix on next version.


Re: Shibby Builds by cyberbastioncyberbastion, 19 Sep 2017 01:41

Asus rt-ac66u
Shibby release 140

Every time I try and enable the bandwidth limit I find all traffic from the lan/wireless devices get blocked from the internet/WAN.
I have used this in the past on a much older release (I forgot with version) and it appeared to work fine.

Now every time time I setup a simple rule and enable bw limit, it appears to stop iptables running.
When don't enable bw limit I end up with the file /tmp/etc/iptables and all looks ok and everything run ok.
However when I enable bw limit, I don't get /tmp/etc/iptables but iptables.error instead. Looking at this file
root@crossway:/tmp/etc# more iptables.error
-A POSTROUTING ! -s -d -j MARK —set-mark 10
-A PREROUTING -s ! -d -j MARK —set-mark 10
-I PREROUTING -i vlan2 -j DSCP —set-dscp 0
-I FORWARD -p tcp —tcp-flags SYN,RST SYN -j TCPMSS —clamp-mss-to-pmtu

Trying to load this error file using iptables-restore and reducing it down to the first line that gives an error, it seems the first line:-
-A POSTROUTING ! -s -d -j MARK —set-mark 10
does indeed error.
When tried by inself with iptables command I get:-
iptables -t mangle -A POSTROUTING ! -s
55.255.0 -d -j MARK —set-mark 10
iptables: No chain/target/match by that name

but iptables -t mangle —list seems to show there is a POSTROUTING, so I don't see whats worng.

iptables -t mangle —list
target prot opt source destination
DSCP all — anywhere anywhere DSCP set 0x00

Chain INPUT (policy ACCEPT)
target prot opt source destination

Chain FORWARD (policy ACCEPT)
target prot opt source destination
TCPMSS tcp — anywhere anywhere tcp flags:SYN,RST/SYN TCPMSS clamp to PMTU

Chain OUTPUT (policy ACCEPT)
target prot opt source destination

target prot opt source destination

I'm no expert with iptables so any help gratefully received. Any thoughts as to where to look next?


Hello. I am spooked after bricking a TP-Link router last night.

I have the correct Tomato image file, I want to be clear on this one. Do I do a 30/30/30, go to the administraction->upgrade flash. After its successful, do I do another 30/303/30?

I really do not want another brick.

thanks, Bj

Cisco EA2500 flash by Brian_caBrian_ca, 14 Sep 2017 22:43

Hi everyone

I´m using "Advanced Tomato Version 3.4-140" on a Asus RT-N16, but it doesn´t showed my "HEWLETT-PACKARD DESKJET 930C" under "Attached Devices".

Before I used "Advanced Tomato Version 3.2-137" and this problem doesn´t happen. There were no recognition problems never…

Has any driver been removed from the firmware? How could you recognize this printer model again?



1. 学校或任课老师会先给作弊学生发邮件,并给予承认或申诉的机会。
如若该生承认作弊,则此次作业或考试记零分,并记录在案(由于美国校园非常注重隐私性的保护,作弊记录通常都是秘密的,不会被其他同学或老师知道),以观后效。如若该生日后再犯则会面临停课休学或开除遣返等更为严重的后果。 若无再犯,该作弊记录毕业后会清除。

2. 若该生不承认作弊,则其有权利在学校的学术违纪委员会前申诉。
3. 如果你不幸被美国大学开除,I-20被取消,F1签证失效,也请不要过分的绝望,因为被遣返回国并不是唯一的道路



I'm also stuck on almost same problem, I can't route a segment or an address through the PPTP Client.

What I want is to route only a local PC with ip through the PPTP Client.

== PPTP Client Configuration ==
Start with WAN: checked  
Server Address: (....)
Username: (....)
Password: (....)
Encryption: None
Stateless MPPE connection: checked
Accept DNS configuration: Disabled
Redirect Internet traffic: Disabled (doesn't matter if on or off)
Remote subnet / netmask
Create NAT on tunnel: Checked
MTU: Default 1450
MRU: Default 1450
Custom Configuration: (empty)
== In ssh terminal ==
ip rule add from table 200 prio 4
ip route flush table 200
VPN_GW=`ifconfig ppp4 | awk '/inet addr/ {split ($3,A,":"); print A[2]}'`; ip route add table 200 default via $VPN_GW dev ppp4
ip route flush cache

iptables -I FORWARD -i br0 -o ppp4 -j ACCEPT
iptables -I FORWARD -i ppp4 -o br0 -j ACCEPT
iptables -I INPUT -i ppp4 -j REJECT
iptables -t nat -A POSTROUTING -o ppp4 -j MASQUERADE

I can verify that the PPTP Client is work by routing all traffic through the client.
Done by changing the default routing:

ip route del default
VPN_GW=`ifconfig ppp4 | awk '/inet addr/ {split ($3,A,":"); print A[2]}'`; ip route add default via $VPN_GW dev ppp4
iptables -t nat -A POSTROUTING -o ppp4 -j MASQUERADE
ip route flush cache

Using Wireshark on the WAN side shows that only 2 requests are encapsulated by PPP 215.x.x.x   TCP 55001->80 [SYN]        (Encapsulated in PPP)
215.x.x.x   TCP 80->55001 [SYN, ACK]   (Encapsulated in PPP) 215.x.x.x   TCP 55001->80 [ACK]        (NOT!!! Encapsulated in PPP)
The rest of the traffic is not Encapsulated. If all traffic are routed through PPTP Client then all packages are correctly encapsulated in PPP!

When looking at the SYN / SYN,ACK above it is like iptable is doing something with 'Established connection' but I can't find any statement indicating this.

== build ==
Netgear R7000
Tomato Firmware 1.28.0000 -140 K26ARM USB AIO-64K

I am stuck here, but I may have missed something simple….


I would like to use my asus tomato router instead of my ISP router. They say that it should be possible directly, if my new router can set VLAN 101.
Is it possible to set VLAN 101? I can only see a limited amount of VLANs(15) in the UI, would this be possible.
Ive read that passtrough could also be an option, but cant find that on the ISP router configurations. But if that is done, wouldnt I still need to setup the appropriate vlan things?

page »
Unless otherwise stated, the content of this page is licensed under Creative Commons Attribution-ShareAlike 3.0 License