Tomato Firmware

Tomato Firmware
Readme

This firmware is provided as-is without any warranty. USE AT YOUR OWN RISK. I will NOT be responsible for damages that occur due to the use of this firmware.

Index

About
More Information
Read Before Upgrading
Upgrading to a new version of Tomato
Installing from a 3rd-party firmware
Installing from Linksys' firmware
Installing from Buffalo's firmware
Installing from Motorola's firmware
Installing from Asus WL520GU firmware
Installing another firmware / Restoring the original firmware
Known problems & quirks
Changelog

About

Tomato is a small, lean, simple replacement firmware for Linksys' WRT54G/GL/GS, Buffalo WHR-G54S/WHR-HP-G54, and other Broadcom-based routers. It features a new easy to use GUI, a new bandwidth usage monitor, more advanced QOS and access restrictions, enables new wireless features such as WDS and wireless client modes, raises the limits on maximum connections for P2P, allows you to run your custom scripts or telnet/ssh in and do all sorts of things like re-program the SES/AOSS button, adds wireless site survey to see your wifi neighbors, and more.

Please consider donating if you like it. :)

More Information

Want to learn more about Tomato?

Homepage: http://www.polarcloud.com/tomato/
FAQ: http://www.polarcloud.com/tomatofaq
Wikibook (en): http://en.wikibooks.org/wiki/Tomato_Firmware
Wikibook (de): http://de.wikibooks.org/wiki/Tomato_(Firmware)

Read Before Upgrading

The GUI username is "admin" or "root" (username is required), ssh and telnet username is always "root", and the default password is "admin".
By default, the SES (aka AOSS, EZ-Setup) button is programmed to start a password-less telnet deamon at port 233 if held for 20+ seconds. If you run into a problem of not being able to login, you can use this to view or reset the password ("nvram get http_passwd" and "nvram set http_passwd=newpassword"). You can disable this behavior in Admin/Buttons.
If you're upgrading from DD-WRT v23 SP2+, be aware that you may get locked-out because of a change in DD-WRT's use of the nvram password variable. You have a few options: (1) Push the reset button to reset all the configuration after installing Tomato. (2) Use the SES button as described above. (3) Type "nvram get http_passwd" while running DD-WRT and write down the result - this will be your password after loading Tomato.
The firmware files:
- WRT54G_WRT54GL.bin is for Linksys WRT54G v1-4 and WRT54GL.
- WRT54GS.bin is for Linksys WRT54GS v1-3.
- WRT54GSv4.bin is for Linksys WRT54GS v4.
- WRTSL54GS.bin is for Linksys WRTSL54GS (No USB support).
- WR850.bin is for the Motorola WR850G/GP (See warning below before installing).
- tomato.trx is for the Buffalo WHR-G54S, WHR-HP-G54, WZR-G54, WBR2-G54, Asus WL-500G Premium (No USB support), and others.
- tomato-ND.trx is for the WHR-G125, WL520GU, and others.

Upgrading to a new version of Tomato

Open Tomato's GUI in your browser.
Click Administration, then Upgrade.
Select any of the firmware files.
Click the Upgrade button.
Wait for about 2 minutes while the firmware is uploaded & flashed.

Installing from a 3rd-party firmware

Tomato's firmware files are standard formats and in most cases can be used to install directly from other firmwares. The only thing you need to do is open the router's current UI in your browser, and using the same method you use to upgrade the firmware, pick a Tomato firmware file appropriate for your router and "upgrade".

Note: Some settings may not be compatible with Tomato. Resetting the router settings (Administration->Configuration) after installing Tomato is recommended.

Installing from Linksys' firmware

Open the Linksys GUI in your browser. The default URL is http://192.168.1.1/.
Click the Administration tab, then Firmware Upgrade.
Select and upload the correct firmware for your router.
Wait for about 2 minutes while the firmware is uploaded & flashed.

Installing from Buffalo's firmware

WARNING: Be aware that you may not be able to re-install the original firmware back if Buffalo only has the encrypted version of the firmware available for your router.

Push and hold the reset button on the router for a few seconds to reset the configuration.
Plug your computer directly to the router. This will not work over a wireless connection.
Set your computer's ethernet card settings to: IP=192.168.11.2, mask=255.255.255.0, gateway=192.168.11.1.
In Windows, you can set this by going to Control Panel, Network Connections, right-click your ethernet card, click Properties, then select "Internet Protocol (TCP/IP)", then click Properties, click "Use the following IP address". You can leave the DNS settings blank.
Make sure the red diagnostic light isn't lit on the router, unplug the power cable to the router.
Double-click on the whr_install.bat file.
Re-plug the power cable to the router.
There's only about a 5-second window between when the router looks for a new firmware and when it gives up and loads the current firmware. If it doesn't work, unplug, the router, wait a few seconds and try again.
After uploading, wait. It still needs about 2 minutes to flash the image.
Reset your computer's ethernet card settings back to use DHCP.
In Windows, you can set this by going to Control Panel, Network Connections, right-click your ethernet card, click Properties, then select "Internet Protocol (TCP/IP)", then click Properties, click "Obtain IP address automatically" and "Obtain DNS server address automatically".
The default router address after installing Tomato is 192.168.1.1. TFTP-based upgrades will also use this address and will follow the whatever setting you enter in the GUI.
Make sure you're entering the username "root" and password "admin". Unlike the default firmware, they are required in Tomato.
A complete reset of the router after installing Tomato for the first time is recommended. Go to Administration/Configuration then under Restore Default Configuration, select "Erase all Data in NVRAM (thorough)", then click OK. When the router restarts then you can go into the Configuration and makes any changes that you need to.

Installing from Motorola's firmware

WARNING: Some of these routers will not setup the nvram on their own. To make sure the nvram config is built properly, load the original Motorola firmware v6.1.4 (or above) first and select "Restore Factory Configuration" before installing Tomato.

Open Motorola's GUI in your browser. The default URL is http://192.168.1.1/.
Go to Administration/Upgrade.
Select Tomato's WR850 file.

Installing from Asus WL520GU firmware

Rename tomato-ND.trx to WL520gu_2.0.0.9_EN.trx and upgrade as usual.

If the above doesn't work, use the tftp method:

Manually set your computer's IP address to 192.168.1.2 and gateway to 192.168.1.1. [expand]
Turn off the router, then hold the reset button while turning it back on.
Release the reset button when the power led flashes.
Run "tftp -i 192.168.1.1 put tomato-ND.trx" from a console/command line (quickly). It may help if you pre-type the command and press ENTER when ready.
After uploading, wait - do not touch the router. It may take around 2 minutes to flash the image and reboot the router.

Installing another firmware / Restoring the original firmware

Open the GUI in your browser. The default URL is http://192.168.1.1/.
Click Administration, then Upgrade.
Important: Make sure the firmware you are going to use is the correct kind for your router's model. Tomato will accept WRT54G/GL, WRT54GS, WRT54GSv4, WRTSL54GS, WR850G and TRX types of files, but it cannot check if the firmware actually supports your router.
Select the file and click the Upgrade button.
Wait for about 2 minutes while the firmware is uploaded & flashed.
You may need to push the router's reset button to reset its configuration, and release/renew your computer's DHCP lease afterwards.

Known problems & quirks

There is no help file.
In some cases, you may need to reboot the router manually before the changes go into effect. If the changes involve switching wireless settings, you may need to reboot both ends.
Not all wireless modes / security combinations work. For example, WET, Client and WDS will not work in WPA2.
CIFS VFS timesout a lot. (or it might the server kicking the client off...)
Graphs/SVG may not work with all browsers. Firefox: Use 1.5 or higher. Internet Explorer: Use Adobe SVG. Opera: Use 9.0 or higher. Safari: Use Safari 3 or newer.
GUI settings are not saved by Opera if using IP address. The only work-around is to use the router's hostname (http://hostname/) instead of an IP address (http://192.168.0.1/). You can modify the hostname in Basic/Identification, or you can also edit your computer's /etc/hosts or C:\windows\system32\drivers\etc\hosts if you're not using the router's DNS forwarder.

Changelog

Version 1.27

Fix DDNS "-1" error when service used HTTPS.

Version 1.26

Allow a different port to be entered in Basic:Network:Static DNS (enter as "ip:port"). Be aware that dnsmasq must act as the DNS server (the default setting) when not using the normal port 53.
Allow DHCP to serve the user-entered gateway (in Basic:Network) if the option in Advanced:DHCP is enabled.
Do not start miniupnpd early to avoid warning messages.
Update Australian DST (need to re-select), add Darwin, Brisbane TZ. Thanks to Peter O. for the info.
Avoid double loading of tomato.css
Fix possible null dereference in sendpage
Collapsed all menus. For the old look, set nvram: "web_mx=status,bwm,tools"
Obscured some key/password fields when not in focus.
Accept more than two MAC addresses per IP address (ex: one IP for a laptop either wired or wireless [one at a time]). Note: Some computers may not like seeing the same IP unless it's restarted.
Added LED options back in Admin:Buttons/LED.
Added ID for WLA2-G54L, TrueMobile 2300 thanks to Nick B. and David J.
Added EditDNS thanks to Keith M.
Added UTC+4:30 Kabul time zone.
Fixed port set validation allowed more than what could be handled.
Allow rstats to log if WAN port is used for LAN.
Update dnsmasq to 2.51, miniupnpd 1.4, busybox 1.14.4, matrixssl 1.8.8.

Older »

Version 1.25

Fixed WL MAC address may not be set properly. This seems to have caused various connectivity problems, including a possibility of getting locked out.

Version 1.24

Fixed static IP entry was ignored if it exceeded a certain length even though the GUI allowed it.
Fixed Device List may not display Static IP hostnames.
miniupnpd replaces the older UPnP service, adds NAT-PMP support (must enable).
Added options for DDNS refresh time and do not perform an 'NVRAM commit' for DynDNS in the GUI.
Added ID for WTR54GS, WZR-G108 - thanks to BaoWeiQuan; WR100 - thanks to Hovsep.
Various fixes, WL500GP, WL520GU, WBR2G54 - thanks to Fedor.
Added options for more SSH/telnet connect limits in Admin:Access.
Added option to use WAN port for LAN in Basic:network.
Reworked logout. Tested with IE, FF, Safari, Opera, Chrome.
Updated Busybox 1.14.0, Dnsmasq 2.47, L7 filters 20090510.
Startup LED options removed from GUI. You can still enable LEDs at startup by adding any of the following lines in Admin:Scripts:Init:
led amber on
led white on
led aoss on
Show Browser Icon option removed. It's now always enabled.

Version 1.23

Fixed remote logging didn't work if 'log internally' was disabled.
Updated - Dnsmasq 2.46, Dropbear 0.52 & Busybox 1.12.3.
DDNS now works even if WAN is disabled as long as DDNS uses an external checker or a pre-defined IP (Basic:DDNS:IP Address).
TCP Vegas (TCP congestion control) added (enable in QOS:Settings), thanks to Rodney H.
SYN cookies setting in Advanced:Firewall.
Status:Device List now shows OUI, Static IP, Add Wireless Filter links in a separate line.
Removed ebtables patch which appears to have caused various problems.
Create Backup setting & Backup Link URL in Admin:Bandwidth.

Version 1.22

Updated to Busybox 1.12.2.
More flexible DHCP IP address range.
Last 30 days (rolling) is now calculated in Bandwidth:Daily.
KB/s is now displayed in QOS:Graphs.
Some PPPoE logging is now optional. See Admin/Logs to re-enable.
~~ebtables enabled for those that need more advanced filtering. Use insmod/ modprobe to load.~~
Proper id/support for WL520GU. Thanks to Michael G.
Fixed CH12+ may not work.
rstats now creates backups. The filename is rotated every week, up to 3 backup files.

Version 1.21

Updated to dnsmasq 2.45. Fixes crash problems in 2.43.
Automatically restarts dnsmasq if it dies.
/etc/dnsmasq.custom is appended to dnsmasq config if it exists.
Added EveryDNS DDNS.

Version 1.20

Updated to dnsmasq 2.43. This takes care of the CERT VU#800113 security issue.
Fixed setting custom scheduler time doesn't save correctly.
Updated to L7 patterns 2008-04-23
Static DHCP limit increased to 100.
Added EasyDNS HTTPS support.
Added date format option for Bandwidth/* pages.

Version 1.19

Removed route hash size changes. This seems to have caused overflow and "rusty's brain broke" errors for some people.
Fixed disabled GUI button was not dimmed.
Updated DST for France, Germany, Italy, Poland, Sweden timezones.
Updated L7 patterns 2008-02-20.

Version 1.18

Fixed PPPoE may exit instead of retrying during a connection attempt.
DHCP (udhcpc) logging is now optional. To enable, go to Admin/Logging.
Added custom entries and support for "every x minutes" in Admin/Scheduler.
Increased Basic/Wireless Filter limit to 100.
A few changes to hopefully improve speed: Use jhash for conntrack, increase route cache hash size, increase default conntrack size, option for SYN/FIN/RST prioritization (see QOS/Settings). Thanks to Rodney C.
Updated Venezuela, South Australia TZ.
Updated Dropbear 0.51.

Version 1.17

Fixed PPPoE connect on demand.
Fixed DHCP not passing current DNS address.
Fixed TZO external IP check results in chopped address.
Lenghtened DDNS hostname field.

Version 1.16

More logging, fixes for PPPoE support. Thanks to Walter & Markus for lots of testing.
Updated igmprt. This might fix a problem with it dying unexpectedly.
Updated squashfs.
Updated Dnsmasq 2.41.
Updated L7 2008-02-10.
Fixed route was changed incorrectly on renew when using L2TP.
Fixed ping page.
Behavior of how the WEP keys are handled has changed. Previous versions forced the selected key to #1 internally. If you encounter problems, please make sure the key # is correct, or use key #1 manually.
Behavior of WHR-HP-G54's Enhanced RX's (Adv/Wireless) has been swapped. Please verify that it's working correctly.
Support for DynDNS via HTTPS added.
A separate test build with newer drivers (-ND) is now available. It's for the WHR-G125, but it will also work on a few other routers. Not a lot of testing has gone into this, and it will definitely *not* run correctly on all routers that run just fine on the "normal" firmware, so *please use with caution*. Thanks to George for making it work on the WHR-G125.

Version 1.15

Downgraded busybox back to 1.2 for now. The upgrade seems to have caused a few problems with things like DHCP.

Version 1.14

Fixed possible cross-site vulnerability in web admin.
Fixed saving SSL certificate to nvram.
Fixed problem with NAT Loopback thanks to John M. 'Forwarded-Only' is now the default setting.
New favicon thanks to David V.
Microsoft MN-700 ID'd thanks to John F.
Network Label can now be entered for OpenDNS.
Upgraded Busybox to 1.9.0.
Upgrade L7 filters to l7-protocols-2008-01-16.

Version 1.13

Fixed problem with L2TP, PPPoE, PPTP.

Version 1.12

Added WHR-HP-G54 transmit amplifier and enhanced receive options in Advanced/Wireless.
Added DNS-O-Matic and eNom DDNS support.
Added/fixed WBR-G54 support thanks to John M.
Updated South Australia TZ.
NAT loopback (Advanced/Firewall) now has more options: Enabled, Forwarded Only and Disabled.
Removed obsolete Telstra/heartbeat/bpalogin support.
Updated to l7-protocols-2007-11-22.

Version 1.11

Fixed UPnP entries are lost when some settings are changed.
Fixed RIP config causing distribution of indirect routes.
FTP NAT helper can now be disabled in Advanced/CTNF.
Bandwidth data can now be saved on reboot/shutdown.
Added a reboot and reconnect scheduler (Admin/Scheduler).
Decreased time interval from 30 mins to 15 mins for Access Restriction.
Updated New Zealand timezone.
Updated L7 patterns to l7-protocols-2007-10-10.
Rolled back recent changes from 4.30.11 and iptables to fix a forwarding bug that some are experiencing. I've been unable to replicate the problem, but have received some good feedback on this, so hopefully this does fix it for everyone.

Version 1.10

Fixed DDNS custom URL doesn't work correctly if "@" was used in the path.
Fixed config backup download may be renamed/handled by the browser instead of just saving it. This seems to have been introduced when I corrected a content-type typo.
SSL certificate CN is now editable in Admin/Access. The default didn't turn out to be useful, so I'll just let you guys decide what you need in there (your DDNS hostname maybe).
Updated to l7-protocols-2007-10-03.

Version 1.09

Fixed DDNS page error when using Internet Explorer.

Version 1.08

Fixed forwarding a port with a source address and without a source address restriction at the same time may not work correctly. If you have this problem right now, please go to Forward/Basic and click Save to fix the entries.
Fixed Keep Alive's "redial" was not restarted.
Changed the keep alive "redial" method to a more simplier, safer way. Incase you experience a problem with this, please try "nvram set oldredial=1; nvram commit" and reboot. If that fixes the problem, then please let me know.
Fixed DHCP lease time resets when Dnsmasq is restarted.
Fixed UPnP may not start sometimes, changes made when deleting manually are not saved, connect may block for a long time.
Added detection of WZR-HP-G54, WZR-RS-G54, WZR-RS-G54HP, WVR-G54-NF, WHR2-A54-G54, WHR3-AG54, RT390W, WX-6615GT. Thanks to piggy for adding most of these and to others who sent in data.
Added Scott D's nice BlueGreen2 theme.
New DDNS system adds 3322, FreeDNS, OpenDNS, custom https:// URLs, external check ip support, retry on error, refresh after 28 days on all services to prevent expiring.
Added "Intercept DNS Port" option in Advanced/DNS which may be helpful when used with OpenDNS for parental control. When enabled, anything going out to UDP port 53 is redirected to Dnsmasq.
The GUI's SSL certificate SN is now randomized, CN is now also set to the router's LAN IP address, and the certificate can now also be saved in nvram and re-generated more easily if needed in Admin/Access.
The GUI's local HTTP/HTTPS port can now be changed.
A list of NTP servers from pool.ntp.org can now be easily selected in Basic/Time.
Updated dnsmasq 2.40, dropbear 0.50, iptables 1.3.8, l7-protocols-2007-07-27.
Some merging of code and pre-built binaries from WRT54GL 4.30.11.
Various minor changes.

Version 1.07

Added source address restriction for basic forwarding, DMZ and remote web/ssh admin. The IP address format for all are the same: "1.1.1.1", "1.1.1.0/24", "1.1.1.0/255.255.255.0" or "1.1.1.1-2.2.2.2". Note: This required some changes to Basic Forwarding's nvram format.
Bandwidth graph changes: Selectable 24/18/12/6/4 hours, total downloaded/uploaded during the period is now shown, time is now shown on clicked spot and at the bottom, refresh time is now automatically calculated, etc. As usual, please backup your data if needed before upgrading.
Added Motorola WR850G/GP support. Please see the warning in the readme before using.
Added Buffalo WHR2-G54 support.
Added support for wl_distance from OpenWRT. Pretty much untested at this point...
L7 patterns updated to 2007-05-09 version.
Dnsmasq upgraded to 2.39.
Removed Logout option for IE7. No suitable work-around was found for BA.
Fixed wl0_* may not get reset to the same value as wl_* in some cases.

Version 1.06

Fixed restore bandwidth doesn't work with IE.
Fixed executing a script via AOSS/SES button leaves zombies lying around.
Fixed scp to router not working.
Fixed reset/ses button on WRTSL54GS not working.
QOS htb burst does not use a fixed value anymore which may improve performance, especially for those with a high upload speed. If for some reason you want to use the old method: "nvram set qos_burst0=4; nvram set qos_burst1=2"
Added time zone for South Australia.
Added support for Asus WL-500G Premium without USB. Like the WRTSL54GS, this is a simple detection support without any additional USB goodies.

Version 1.05

Removed several updates made during the last few versions which may have caused more problems for some.
Fixed device list may not show all (again).
Added weekly bandwidth usage page and reworked the daily and monthly pages. The weekly page uses the the daily data so no additional changes to the data file is needed.
Time: Added more new DST, adjusted a few TZ, increased field size of servers, blocked servers (kiss-o-death/stratum=0) can be cleared in the GUI (shown only if there is a blocked server).
Logging: Cron event logging can now be disabled, mark interval can now be adjusted, limit can now be disabled.
PPTP, RTSP, H.323 NAT helper modules can now be disabled in Advanced/ Conntrack incase anyone has problems with these. These were always loaded in previous versions.
Upgraded Dnsmasq to 2.38.
Upgraded Dropbear to 0.49.
Added support for Buffalo WZR-G54.
Added support for Linksys WRTSL54GS without USB. There is absolutely no USB support built-in or installable! I was asked for this even without USB. Unfortunately, I don't think I'll be able to make a full version for this one anytime soon.
etc.

Version 1.04

Fixed detection for WRT54G 2.2, 3.x, WRT54GS 1.1, 2.x.

Version 1.03

Fixed using Wireless Survey if wireless was disabled made the power/diag led light up.
Fixed Admin/Bandwidth Custom Path field validation error.
Fixed DDNS may parse a custom DDNS incorrectly if @ is used in a URL with basic authentication.
Fixed DDNS Force Update option wasn't working.
Fixed wrong type detection for some routers.
Removed -mips32 gcc switch which may be causing some random weirdness.
Synced a few changes in Linksys WRT54GL 4.30.9: Fix for CVE-2006-0039, some changes resulting from CDRouter testing, a few prebuilt apps.
Updated PPTP conntrack/NAT helper patch.
Increased allowed length of router hostname and domain name.
Default SSID is now "wireless" instead of "linksys".
Updated iptables to 1.3.7.
Updated L7 filters to 2007-01-14 release. New: Chikka, Radmin. Updated: BitTorrent, Battlefield 2, etc.
Added option to disable wireless radio in Access Restriction.
Added No-IP.com DDNS service, including support for groups.

Version 1.02

Fixed several field validation problems in Basic/Network.
Fixed WINS setting erased on DHCP "deconfig" event.
Fixed awk hangs evaluating a regular expression. Seems to be a compiler quirk.
Fixed PPPoE may take a while to reconnect in some cases because of abrupt termination.
Added an option in Advanced/DHCP for reduced DHCP packet size (WAN side). Toggling this may help fix problems with DHCP failing to aquire an address. The previous behavior was the same as enabled in 1.00 and 1.01, the default is now disabled, the same behavior as the original udhcpc.
DDNS (ez-ipupdate) now retries if connect() fails. This is on a lower level only, it does not include errors given off by DDNS services or web site errors (incorrect password, 404, etc.).

Version 1.01

Fixed PPPoE/PPTP/L2TP may not pick up the first DNS.
Fixed PPPoE manual connect/disconnect.
Fixed UPnP not using the right address for PPTP/L2TP.
Fixed httpd fd leak if "allow wireless access" is disabled.
Bandwidth Monitor now requires that you explicitly allow the creation of a new file if using anything other than NVRAM or temporary storage. The previous behavior was to assume a file is new if it couldn't be loaded after a few minutes. This change is to prevent existing data from being overwritten if a drive fails to mount initially.
On a WHR-HP-G54, enabled amplifier (boardflags=0x2758) and pulled back power to 10mW by default. This is apparently a better setting for this model.
Manually setting debug_clkfix=0 will now disable forced setting of clkfreq=216 on a WRT54G v2.2. Warning: You can brick your router while playing with this.
Port forwarding now allows full IP address.
Increased amount of WDS fields to 10.
Custom DDNS now support "http://user:pass@domain/" style basic authentication.

Version 1.00

Fixed "all day" restrictions always blocks regardless of the day of week setting.
Fixed several problems with the Basic Networking page.
Fixed a problem with WRT54G v1 that may have caused problems with WDS.
Fixed PPPoE timer may not reset.
Fixed DHCP client may not renew when used with some ISPs.
Fixed a memory leak in UPNP.
Added support for Buffalo WHR-G54S/WHR-HP-G54.
Added a real-time (well, almost) bandwidth monitor. This functions a little differently in that you can use it without the rstats program and data is pulled and stored via JavaScript on demand. Since this doesn't run all the time, the initial 5 minutes (@ 60s avg - it will look flat) of data is taken from rstats if available.
Added a chart for bandwidth distribution per QOS class (outbound).
Added an Expire Early button in Advanced/CT to flush conntrack of connections that are idle for more than 15 seconds (for debugging).
Added an "all computers except the following" option in Access Restriction. Keep in mind that this is not the same as an "allow". Even if a computer is exempted from one restriction, it's still checked for other restrictions.
Added an option to block wireless access to the GUI. Note - This will only work if the client is connected directly.
Added an option to change the color scheme for the GUI.
Added a backup/restore, "first day of the month" option, and "excluded interface" option In Bandwidth Monitor. All interfaces that produce stats (except loopback) are now shown unless excluded.
Enabled support for mixed WPA/WPA2.
Resetting of classification when changing QOS settings is now optional. If enabled, it's now instant and will reset even idle connections.
/jffs2 has been renamed to /jffs, and /misc to /rom. If you have scripts that use these, don't forget to change them.
Upgraded busybox to 1.2.2, dnsmasq to 2.35.
Other minor/internal changes and code cleanup.

Version 0.09

Fixed problems with "allow multicast" option: An iptables rule was added before the chain it required was built. igmprt called with the wrong interface if using PPPoE, L2TP or PPTP.
Fixed some minor UI problems: 0 hour time in bandwidth, WAN labeling in bandwidth, unmasked password in CIFS.

Version 0.08

Fixed not working on a v1.x. Thanks to William Myers for providing a guinea pig router. :)
Fixed L7 inbound may not work correctly. It's also now enabled by default.
Fixed Advanced/CTNF not counting UDP correctly.
Fixed UPnP Delete All not working.
Fixed incorrect SSL cert expire time.
L7 patterns updated to 2006-10-18 (new: stun and tor).
You can now match the amount of data transferred to WAN. Note: There is a format change here to accommodate the new field. Please go to QOS:Classification, and hit the Save button to make sure the nvram value is converted.
Switched to a simpler, more logical way of processing QOS rules. There's probably not that much negative to this, but if you do want to switch back to the old method, disable "Strict Ordering" in QOS: Settings. See readme the also.
"root" is now also accepted as username for the UI.
Some minor enhancements to the bandwidth and QOS chart.
Other minor changes.

Version 0.07

Fixed "service.cgi" was missing which caused problems in the Status:Overview (Connect/Disconnect buttons) and Admin:Access (telnetd/sshd buttons).
Fixed error messages being displayed when navigating out of QOS:Detailed while names are being resolved in the background.

Version 0.06

Warning: There's a slight change in the bandwidth data file to increase the amount of saved data to 25 months. The older format will be converted automatically, but this change is not compatible with older versions of the firmware. If you're saving this data, backup before upgrading incase you need to go back.
Fixed a problem with wet/client not working if started before the AP end was up.
Fixed a problem with L7 not working if internal and user patterns are mixed.
Fixed connlimit not loading properly. It's now statically linked.
Fixed split syslog file was shown in incorrect order.
Fixed a problem with MTU not being clamped correctly.
Fixed a problem with device list not listing all wireless devices.
Added a work-around for WEP not working if selected key isn't the first key.
iptables upgraded to 1.36 (changelog). Layer 7 patterns updated to 2006-09-10 (new: mohaa). Also upgraded IPP2P to 0.8.2 and Layer 7 to 2.6, but both are pretty much the same as before.
In BW/Current, some new colors have been added. If it doesn't work immediately after the upgrade, close the browser to reload.
In QOS/Detailed View, there's now an option to resolve the destination address. Also, clicking on a row will resolve a single address, clicking it again will start resolving all addresses currently displayed.
Other minor changes.

Version 0.05

Fixed http request entry in access restriction may not work if separated by a new line.
Fixed several problems with triggered port forwarding. Note: This will cause the description to change due to a shift in the nvram setting.
Fixed not joining when in WET mode.
Fixed ct/nf mark not being masked properly causing problems with QOS.
Fixed a problem in httpd that may cause a tcp reset/blank page if the browser sends a post data and an invalid username/password. Firefox seems to have a quirk of sending old/cached auth which was triggering this.
Fixed several UI errors.
TTL is now adjustable in Advanced/CTNF.
DNS Exit and custom URL-based DDNS service support added. Note: DDNS entries need to be re-entered because of a change in the nvram setting.
DynDNS refresh time moved up to 28 days.
QOS table now has a move icon. Click the icon, then click a new location to move the row.
The default script for the SES button now contains a command to start a password-less telnet deamon incase someone gets locked-out of the router. This can disabled by going to the Admin/Buttons page.
Other minor changes.

Version 0.04

Fixed a problem with wireless clients not being displayed in device list if no encryption was used.
Fixed a problem that could cause dnsmasq not to read resolv file if time hasn't been updated yet and if using certain time zones.
Fixed potential problems if erasing JFFS2 and when rebooting if JFFS2 is mounted.
Fixed several more UI errors.
Fixed how some nvram keys are unset and reset to make sure they don't unnecessarily trigger an nvram commit at startup.
Changed behavior of reset button back so it's simpler and consistent with the standard Linksys firmware: Just hold it for at least 3 seconds.
When upgrading, a check is now performed to make sure JFFS2 is not mounted.
Minor changes, code cleanups.

Version 0.03

Fixed problem with DynDNS not refreshing correctly.

Version 0.02

Fixed problem with Dnsmasq not being able to read dmresolv.conf in some cases which caused DNS to fail.
Fixed connmark wasn't loaded when it was required which caused problems setting up iptables.
Fixed radio enable not working properly.
Fixed 'Measure' button in Device List not correctly displayed.
Fixed problem with manual WAN connect/disconnect not working correctly.
Fixed problem with cifs vfs rebooting if unmounted by reverting to a more stable version.
Fixed erase nvram in UI not working properly.
Fixed reset button restore nvram not working properly.
Fixed a problem with UI not properly handling some characters.
Fixed several other UI errors causing config not to be saved or displayed correctly.
Fixed problem loading user added L7 filters.
Fixed UPnP not sending id correctly.
Fixed some wireless settings were not being set correctly.
Status now displays the WAN's "connecting" state.
Some changes to bandwidth graph to make it easier to read.
Disabled unused Busybox password-related utilities.
More code cleanup, etc.

Version 0.01 (Compared with Linksys' WRT54GL 4.30.7, WRT54GS 4.70.1)

New GUI. The new one is a little easier to use, easier on the eyes (I hope) and does Ajax and SVG. Some of the icons I used are from Mark James's very cool work at famfamfam.com.
Rewrote most of httpd to support the new GUI. Replaced existing API with a simplified set, rewrote file parser, used MatrixSSL 1.8 instead of OpenSSL library (the openssl program is still needed to generate keys however).
Rewrote access restriction mechanism. Support for L7, IPP2P, more blocked host/url. Schedules that cross midnight should now work.
Rewrote QOS mechanism. Support for user-definable rates, down rate policing, L7, IPP2P, other ways of classifying a connection. Added QOS-related status info/eyecandy in the UI.
Upgraded iptables. Added some new netfilters from POM, L7, IPP2P. Created web match to replace webstr.
Rewrote how UPNP does port forwarding, it can now send URL presentation (show in Windows MNP), etc.
Rewrote web upgrade, it now supports most CyberTAN 'W54x' BINs regardless of model, and bare TRX. Rewrote MTD utilities to figure out how it works and to clean it up.
Added support for JFFS2. Partitioning modified to mark JFFS2 space, removed support for lang.bin.
Upgraded squashfs to 2.2r2 with LZMA support thanks to Oleg's Asus WL-500g project.
Added support for CIFS VFS client.
Rewrote some parts of rc and libshared. Removed obsolete code, simplify, reduce, cleanup, various additions and changes, etc.
Removed support for upgrade TFTPD (not the one in bootloader), SES, EZC, EOU.
Created led command for easier control of some of the router's lights.
Created buttons to replace resetbutton. The reset button behaves differently now (see top of readme). The SES button can be configured to perform things like turn off the wireless interface, or run a custom script.
Busybox upgraded. Replaced standalone cron and udhcpc with Busybox's. Enabled various extra utilities.
Dropbear added for SSH support.
Created new nvram utility to replace Broadcom's. It supports some extra features like find, export, etc. Moved a simplified default settings here and out of libshared to reduce memory use. A new config backup/restore was also added to replace the old method.
Created ntpc/ntpsync utility to replace ntpclient. NTP server and update interval are changable in the UI, kiss of death supported.
Created rstats utility to collect bandwidth stats.
Created libfoo to replace optimize_lib and lib/Makefile, and to create an xref map. Created cti to replace addpattern.
Dnsmasq upgraded. It's now used as both a DNS proxy/server and as a DHCP server to replace udhcpd. Static DHCP is supported via Dnsmasq.
ez-ipupdate upgraded. Enabled more of ez-ipupdate's standard services (most are untested however), created new definitions for namecheap (also other eNom resellers?), ieServer. Rewrote DDNS support, added support for a second service.
Added my own bugs.
etc...