Networking

Review: Tomato router firmware

If you're willing to risk voiding a warranty by flashing your device's firmware, Tomato firmware can unlock powerful new functionality on your router. Jack Wallen reviews its features.

A router is a router is a router. Right? Wrong. If you have had enough experience with routers, you know that many a default router firmware fails to handle some of the tasks that many IT admins really need (or want) them to handle. Sure, in a residential setting a default Asus router works great. But what if you want that router to work as a printer server? That Asus firmware is going to fail you for sure.

That doesn't mean you are out of luck. There are a number of options you can use to replace that default firmware. One of those options is the Tomato firmware. This firmware replacement will bring a number of features to your router that you wouldn't have had otherwise. But is this firmware right for you and your needs? Let's find out.

Requirements

  • Supported hardware ( Linksys' WRT54G/GL/GS, Buffalo WHR-G54S/WHR-HP-G54 and other Broadcom-based routers)
  • Working Internet connection (to download firmware)
  • Wired connection from computer to router (to flash firmware to router)

Who's it for?

The Tomato firmware is for anyone that needs more from their router than just the basics. And even though many of today's routers offer much more advanced features, the firmware they use lock those features out. Tomato unlocks those features and puts them back into play. But flashing a router isn't for just anyone. Even though the task is simple, one mistake can turn that router into nothing more than a paperweight. So only those with stomach enough to handle the flashing of a devices' firmware need apply.

What problem does it solve?

Tomato opens up so many features to your router you will be shocked at how basic the default router was. Instead of being locked to what the manufacturer thinks you need, why not install a firmware that will allow you to do what you need it to do. And once you have used Tomato you will never use a stock router firmware again.

Standout features

  • Printer server
  • Bandwidth tracking
  • Configurable quality of service rules
  • Alerts
  • Access restriction rules
  • Wireless Distribution System support

Tomato main page.

As you can see, from the first login page, Tomato offers features standard router firmware only dreams of.

What's wrong?

If you don't like the idea of flashing a piece of hardware you may as well forget about Tomato. Although Tomato is one of the finest router firmwares available, no company has yet to pick it up and make it official. Because of that, you will not have support. And by flashing your device with Tomato you will invalidate your Linksys warranty.

Competitive Products

Bottom line for business

The one feature that makes this firmware so attractive to businesses is the printer server. If your business needs to deploy network printers, but you don't want to pony up for a network printer, you can simply flash a Linksys router with Tomato and connect your printer. What more do you need from a router? Well, with Tomato you get plenty. If your business uses a supported router, you should definitely consider flashing with Tomato. The extra features and functionality you get with this firmware makes voiding the warranty a complete afterthought. Now, if only companies like Linksys would model their own firmware after Tomato.

User rating

Have you deployed Tomato on your router? If so, how would you rate your experience? Rate this operating system below and compare your results to what other TechRepublic members think.

About

Jack Wallen is an award-winning writer for TechRepublic and Linux.com. He’s an avid promoter of open source and the voice of The Android Expert. For more news about Jack Wallen, visit his website getjackd.net.

37 comments
detours
detours

I just installed dd-wrt on my asus rt-n12 at home, and it's awesome. I wanted a wireless repeater to bring network ports to my entertainment center. The asus firmware was wicked easy to configure, but all wireless security was disabled by default, leaving my network wide open to the whole neighborhood. That's when I tried DD-WRT. The DD-WRT config is really granular, but following the walkthroughs in their wiki and forums, security setup was easy. You can even disable the wireless AP on the repeater if you want so only the wired ports are live. Very cool.

StoneSatellite
StoneSatellite

"Now, if only companies like Linksys would model their own firmware after Tomato." Would be nice, but I would imagine the costs for support of just their standard feature set pooh-poohs any ideas of something like Tomato.

ray.jones
ray.jones

I've been using the Tomato firmware for a couple of years now, so what is so illuminating about this article that references 2 year old+ firmware?

jim.belesiu
jim.belesiu

When I was back at H-P designing wireless printers we converted all the WRT54G routers to Tomato FW. I found the Tomato FW much more reliable than the original Linksys FW and the open source allow us to modify the code with specials.

bookkeeper
bookkeeper

Just a though take a working spare router that is not being used or not needed put Tomato on it and see whats in there if there,s nothing there then don't use but if you find something in there then it was well worth it. I plan on trying to see if there something in there that i might be able to use. Oh and just a thought "Don't knock until you try it" as the old saying goes. Signed just an opinion

IAMheretohelp
IAMheretohelp

Can anyone recommend a site or article that can proved detail information of router/firewall technology. I am looking for information that dissects a router and explain the various parts of it. I would like to get a technical understanding as to the differences of a $60 vs a $600.

Super_MCSE
Super_MCSE

This isn't a "review." It's a commercial. Give us an in-depth analysis of why we should use this and what the benefits are. This was a waste of time.

neely08
neely08

used tomato in the past, ended up going back to dd-wrt. I havent used tomato in bout a year, but was unable to get the snmp package to install/work (had to mount it on local HD) and no net flow capability, those features are what makes dd-wrt better imo. I do like tomato's qos layout, much better than dd-wrt.

daniel.vanhoof
daniel.vanhoof

Quite recently I purchased a Netgear DGND3300 modem router and found the interface quite overwhelming compared to their previous model the DG845 router. With that new model I don't feel thatI need to upgrade the firmware to Tomato.

Justin James
Justin James

I don't see how the printer server functionality makes this attractive to businesses. Every printer better than a $40 Best Buy special has networking built-in to it and can be added to Active Directory and discovered there. And the supported routers you are talking about here are also consumer-grade pieces of equipment. Most organizations big enough to have someone on staff to manage something as complex as this software are not going to be using $50 Linksys routers in their network. J.Ja

ComputerFieldsInc
ComputerFieldsInc

I've had mixed results enabling the built-in logging feature on various Linksys routers (with the default firmware). It always seemed like the router wasn't powerful enough to deal with logging and routing at the same time. How can all these additional features perform well when the router hardware was not designed to support all this stuff at the same time?

spage
spage

I've had lots of experience with DD-WRT and OpenWRT. How does Tomato measure up against these long-standing open firmware platforms? The measures should be hardware requirements, GUI, features/functionality, and stability. Thanks.

fallout330
fallout330

I also "upgraded" to: DD-WRT v24-sp2 (05/25/10) mega - build 14473 on my wrt320n.....much better than the stock Linksys firmware.

Neon Samurai
Neon Samurai

I'd suspect much of the support issues relate to the afterthought quality of the factory firmware. Also, other consumer router providers have chosen to use DD-WRT so the use of Tomato fits well within the proof of concept.

jwebfoot2togo
jwebfoot2togo

I whole heartedly agree try it before knocking it. And as with any software or hardware always put on test box first. I even do this with upgrades from manufacturers. Always best to test!!

wdewey@cityofsalem.net
wdewey@cityofsalem.net

In my opinion the main difference would be capability and reliability. I have a cisco 831 at home and it has been running since 2002 with no issues. It's been powered off to move it occasionally but powering it off has never solved a network issue. With cheaper commercial routers, I have found that it is necessary to power cycle them occasionally to fix network issues. I have ran into this with netgear, linksys (which is now a cisco subsidiary), and various other brands. A different firmware could very well solve some of these issues as most of what a router does is in software. Most of the training type documentation you will find will probably be basic router functionality. Most routers have this functionality (receive a packet, decide where it should go and forward it). Where the differences occur would be in things like VPN and firewall support, routing protocol capabilities, access and authentication and authorization protocols. Some of this could be actual hardware like a dedicated processor for encryption, more memory or faster CPU, but I would say that most of it is software based (for lower end routers. Higher end routers have a lot of specialized hardware). Cisco systems has a lot of documentation about routing, but it is a big site with lots of advanced topics that may be intimidating for someone with out a good background. I spent a couple of years going through the cisco networking acadamy through my local community college. I don't really have any sites that I use for general knowledge type training. Bill

mvasquez
mvasquez

What kind of review is this when it provides no useful information whatsoever?

Neon Samurai
Neon Samurai

You can get 100$ consumer routers like the Linksys and other home user boxes. You can get business grade routers starting around 2000$ There's a huge hole in the market between the two where you are either buying far more hardware than you need or doing a roll-your-own with a self build distro install or one of the few prefab BSD router/firewall distros. If it's not critical for uptime, 300$ for a couple of good consumer routers and an hour with DD-WRT setup/testing makes far more financial sense than 2000$ for a Cisco AP.

jmbrasfield
jmbrasfield

This may be true of medium to large companies, but it is not at all true for small businesses. I can see where this capability could come in handy. I have a closet full of OLD Linksys routers that have been given to me after I upgrade them to a newer model. I would be very interested to see if any of them could be converted into print servers. Not everyone runs M$ Server with Active Directory. Most small businesses run XP Pro over a peer to peer network, which is all they need. They certainly DON'T need the hassle of Active Directory to manage two or three computers. Talk about an overkill.

smack
smack

When your a small lean company the Tomato router is a godsend. Yes you don't use it as your primary data center router/firewall, that is what pfSense is for! But for teleworkers or remote offices these are great. We have over 40 deployed, utilizing a variant Tomato/SgtPepper that has openVPN integrated. We tunnel all of the teleworkers sip traffic also. Tomato has great QOS capabilities. You can get more information and a comparison of the variant features here http://en.wikibooks.org/wiki/Tomato_Firmware It also has great access control, so say you want to make sure the kids are off line at night? Ban all http traffic ( or all ) from say all but your own computer from 11pm to 6am, dead easy with Tomato.

tnboren
tnboren

Because a linksys WRT54G router has only 5 ports - all ethernet. If your printer only has a usb or parallel port, how do you connect it to this router? Seems like you would need a printer with an ethernet port, which by definition, is already a network printer. What is the point? Just give it an IP address and move on.

LinuxGuy2.5
LinuxGuy2.5

I use DD-WRT on my home router, and have since installed it on 3 Buffalo routers in my work place. Linksys and the others don't want you to know that their $600+ routers are the same internally, with better software. A $600+ router for $50... I'll take one thanks!! The commercial products really only differ in a couple of aspects, they have larger chassis with better heat dissipation, and likely a more hardened PCB. My Buffalo routers with DD-WRT have worked flawlessly in a hot, dirty, humid factory environment for over 2 years now - I'd say they stand up just fine. Plus I look like a hero for saving my company a few coins.

SgtPappy
SgtPappy

I use 4 of them on my internal corporate network. They come in handy.

LinuxGuy2.5
LinuxGuy2.5

Yes the router processor can generally handle it. The bottleneck with the hardware is generally the software. The old factory default firmware is big, bloated, and has no features. The Tomato, and DD-WRT firmwares are actually a VERY optimized and tiny Linux OS designed specifically for this purpose. If anything it makes the router faster (and I dare say much more powerful). I am pulling almost 200% higher signal with my DD-WRT firmware, than with stock firmware. If anything you risk buring out the radio, not the processor... just watch the heat and adjust accordingly. :)

El Machete
El Machete

I have working with DD-WRT for the last few years. I replaced firmware and moved to tomato. My clients (kids) are amazed of the change. So am I. The difference is amazing. No more dropping wireless connections. Port forwarding also failed some times with DD-WRT. Not so with Tomato

Neon Samurai
Neon Samurai

Tomato is the introductory firmware. It probably blows away the factory firmware based on functions but it's your entry level model. DD-WRT is middle range. You want a GUI but also want more than Tomato provides. It gives you more open access to customization nad a longer function list. OpenWRT is the industrial tools. It gives you the widest range of functions and most robust platform. It's the unix headless CLI only server versus the Windows all gui all wizard server. There was an OpenWRT+GUI fork also which would sit between DD-WRT and OpenWRT if it's still an active project. That as my feeling when last I tested the four anyhow. I ended up with DD-WRT for my personal needs. Tomato I'd recommend to someone less comfortable with managing there router. OpenWRT I'd recommend to someone comfy with managing stuff like Cisco boxes by cli login.

wdewey@cityofsalem.net
wdewey@cityofsalem.net

Most of the more expensive routers come with WAN ports where as the cheap consumer grade routers don't. Purchasing PCI WAN cards for a standard computer system adds a great deal of cost to the project even if the software is free. A similar style router would be something like the cisco 800 series and they start in the $900 range not the $2000 range. Bill

smack
smack

The printer server feature is meant to be used with routers that have the USB interface.

matt
matt

60 v 600... the internal guts do matter... 60 router lack CPU and memory that the 600 has. the 600 has more features because the hardware can handle it... My advice, for those looking to pench a penny, to use OLD PC as router, then find software (much is free) consider the $2-$4000 cisco 3750 router that uses a PowerPC405 @ 400Mhz, 128MB ram.. and now lets not forget about ASICs $60 @ Broadcom 200mhz, 8Mb, how many sessions do you think can have with vpn too?

Neon Samurai
Neon Samurai

For users not comfortable with hardware tweaking and the resulting heat monitoring and adjustment; stick with the default signal strength. Off all the settings DD-WRT provides, that is the one that is actually dangerous for hardware. You might get a better signal for a while but your radio will bake if you don't know what your doing (eg. hack in cooling fans and such).

Lee
Lee

I have a Linksys WRT52GL that I loaded Tomato on and now would like to try out the DD-WRT. Can I install DD-WRT over Tomato and have it pick up my settings, similar to the way Tomato migrated my Linksys settings?

Akais1
Akais1

Why in the world would a router have a USB interface if it did not already have a print server function? For a NAS? I don't think so. Any home router that has a usb port that I have seen, already had print server functionality built in. Now QOS and accessability, those are a different matter.

matt
matt

Oh and lets not forget about the $60 router 4 port switch throughput is probably 2Mbits if your lucky....

Justin James
Justin James

Sure, you can get some firmware on them which provides much of the same functionality as the high end stuff. And, for the record, I love the Linksys high end equipment for business use; it has enough enterprise-like features to meet my needs, at a much better price than the Cisco big brother; I like their 24 and 48 port GigE switches an awful lot for the price! But that being said, so you save some money on a wireless access point... and what are you giving up in managability? Where your support package? If you've got the Cisco stuff (or whoever's stuff) in your server rooms, and all of the management stuff in place, and then you add this Tomato-flashed gear in the mix, now you have to manage them seperately. You mayve have saves a few hundred bucks on equipment, but you can easily see some negative ROI when it costs you time and money to manage. And the support situation is a nightmare. When one of these things goes haywire or starts causing you issues, how much does it cost to troll forums and search engines begging for an answer instead of dialing 1-800-HELP-ME, giving your support contract number, and getting actual help? For everything I don't like about Cisco, their support people are outstanding (unless things have changed since I last talked to them). And as matt mentioned, there is the hardware factor. These consumer grade pieces of equipment are designed to handle a couple of PCs doing Web browsing, maybe playing YouTube. They are not equipped for the large amounts of traffic that an office has. Compare the traffic of a home network (really, capped at about cable modem speeds, so little traffic is between devices) to that of an office LAN, where the majority of the traffic needs to be at GigE speeds to the server room to transfer files, work against databases, etc., and then look at how many devices are in a home (5?) to how many might be on a corporate wireless network (10 in one conference room alone... maybe 25 - 50 per access point depending on the office?). Sure, if you have a small office and there might only be 2 - 5 people "roaming" at any given time, this hardware will work fine, but in anything bigger than, say, a 50 person company, this setup really isn't a good idea. J.Ja

Neon Samurai
Neon Samurai

As already mentioned, you can't migrate your settings over. The backup files are not compatible between the two firmware. DD-WRT's website has good instructions on installing though. If it's like it was last time I did you, you'll take two steps. download the firmware "mini" version and the applicable firmware full version (voip, generic or such). upload the dd-wrt mini firmware as a "firmware update" through the tomato admin tabs. upload the dd-wrt full firmware as a "firmware update" through the dd-wrt admin tabs. Confirure your settings including enabling https administration. Download a "backup" of your settings. disable http administration (leaving https so you can connect). When you make anough further changes to justify a backup, enable http administration, download your backup, disable http administration and continue with https as normal. (dd-wrt won't backup by https connection and I won't run http connections on my personal or business hardware if any other option exists)

mattbratt
mattbratt

Lee, you can not migrate the settings, but you can flash DD-WRT over your Tomato! I would just screen print your settings, and do it the old fashion way, type them in again. Ugggh. Good luck.