-
Notifications
You must be signed in to change notification settings - Fork 49
Tomato config instructions setup
Setup instructions for copying LAN/WAN packets over to your Raspberry PI box using Tomato firmware
-
After you setup the Tomato Firmware, enable SSH and DISABLE telnet for obvious reasons
-
SSH into your Tomato Router. You will be greeted with a friendly banner message
-
Issue the commands below accordingly to monitor your entire LAN/WAN traffic. The commands below have been updated recently and seem to cooperate much better without hardly any noticeable slowdown with network speeds, etc:
/sbin/modprobe ipt_ROUTE
/usr/sbin/iptables -t mangle -A PREROUTING -j ROUTE --gw [Rpi IP address] --tee
/usr/sbin/iptables -t mangle -A POSTROUTING -j ROUTE --gw [Rpi IP address] --tee -
Watch the packets start to roll in to your IDS! Keep in mind that this is temporary and you will need to save these iptables once you confirm they are working as expected. They will remain until the router is rebooted. I've included information below on how to save iptables, that way they will remain if the router is rebooted.
Saving your IP tables
- Navigate to Administration -> Scripts
- Select the Firewall tab
- From here you can paste iptables rules
- You do NOT need to add in /usr/sbin/ when adding iptables using the GUI method. Only when you are testing iptables directly using the console/SSH
- simply do something similar to what I've done in the image below:
- Next, open the Init Tab and do what I've done in the image below:
- Save + Reboot to take effect
Additional configuration options
How about individual devices? try this (192.168.1.134 is simply an example machine):
/usr/sbin/iptables -t mangle -I PREROUTING -s 192.168.1.134/32 -j ROUTE --gw [RaspberryPI-IP-address] --tee
Range of IPs:
/usr/sbin/iptables -t mangle -A PREROUTING -m iprange --src-range 192.168.1.102-192.168.1.254 -j ROUTE - -gw [RaspberryPI-IP-address] --tee
/usr/sbin/iptables -t mangle -A POSTROUTING -m iprange --src-range 192.168.1.102-192.168.1.254 -j ROUTE - -gw [RaspberryPI-IP-address] --tee
that's it for now! ***
Helpful Information:
Note: VLAN2 is your WAN interface btw...
If you want to flush your IPTable rules simply do the following : iptables -F -t mangle
if you would like to remove just the iptable rules we created for your pi, do the following:
iptables -n -L -t mangle --line-numbers
Next, locate the number in the list next to your PRE and POSTROUTING entry for your raspberry pi IP. Once you locate the number, type this: iptables -t mangle -D PREROUTING [number]
If you'd like to confirm they exist/deleted, do: iptables -L -t mangle
More info on iptables and how to list and delete them here:
https://www.cyberciti.biz/faq/how-to-iptables-delete-postrouting-rule/