Here’s some of the config I give my Tomato (Toastman flavor) router:
Basic / Network: DHCP is 192.168.0.2 – 192.168.0.63. Lease 1440. Wireless is WPA2 Personal security, Encryption is TKIP/AES. Wifi is currently auto channel, 20MHz wide. 40MHz is an interesting 802.11n option I’ll play with later.
Advanced / DHCP/DNS: I have “Use internal DNS” checked on. Not sure if this is wise, particularly since I can’t figure out how to override what DNS servers the router uses (presumably the ISP’s advertised on DHCP?) I mostly tell my computers to use Google DNS anyway, so maybe this doesn’t matter.
Advanced / Firewall: respond to ICMP ping. Not responding to ping is just stupid; it offers no meaningful security and makes diagnostics harder.
Port Forwarding / UPnP/NAT-PMP: enable both UPnP and NAT-PMP
QoS: enable QoS, this is the best feature of all of Tomato. It makes things work well if you can estimate your bandwidth limits. Note that “Outbound” refers to upload speed, packets leaving your house and going to the Internet. That’s the slow side on a DSL line. Also I turn on prioritize ACK packets (why isn’t this on by default?!)
Administration / Admin Access: enable SSH at startup. (No remote access, of course.) Save my SSH key.
Administration / Bandwidth Monitoring: enable, save to JFFS every 24 hours. Screw it if it’s not recommended.
Administration / IP Traffic Monitoring: enable, save to JFFS every 24 hours.
Administration / JFFS: enable, format.
Some settings to do once the router is installed:
Basic / Network: is 40Mhz channels wise?
Basic / DDNS: this is very useful, I’ve been using dyndns.com for years and it works great via Tomato.
Basic / DHCP/ARP/BW: another useful option, give static IP addresses to known computers.
Advanced / Conntrack: the default Toastman timeouts for NAT tracking seem awfully short, we’ll see how that works.
Advanced / Wireless: Transmit power was only 17 mW on this router. My old WRT54GL defaulted to 42mW. These may or may not be directly comparable numbers. Some discussion on this setting is here and here, no one seems to have any idea what they’re talking about.
Update I tried changing this from 17mW to 100mW and saw no measurable difference in RSSI on my laptop, or throughput, or anything. I only tested with a laptop very near the router already enjoying -55dBm (as measured via the Mac’s Wi-Fi diagnostics). So if the setting is most useful for distance I wouldn’t notice it. I left it back at 17mW. I am a bit peeved that my 802.11n laptop can only do 10mbits/sec to an 802.11g Mac Mini, despite a theoretical 54mbits/sec connection. Update 2: getting 22mbits/sec now, after rebooting the Mac Mini. Now it’s in 802.11n mode as well. But all on a mixed mode 2.4GHz network and with 20MHz wide bands.
Port Forwarding / Basic: haven’t set this up yet. I’m discouraged that it’s displaying an error “iptables-restore: line 39 failed”
QoS: check caps for the live network and set in place
QOS / Classification: Toastman has enabled a bunch of service classes. Would be nice to check if they are reasonable.
USB and NAS / FTP server: enable on LAN only. (Geez!)
Administration / Logging: remote log to syslog, particularly DHCP traffic. Big help for narrowing down problems.
Update 2: someone named “vibe666” commented “I saw your post about your router and that you are using TKIP/AES. drop TKIP and just use AES on it’s own as TKIP is both a) not very secure, and b) pretty much obsolete anyway, and c) likely to be slowing down your wifi speeds overall to keep (potential) backwards compatibility with stuff almost nobody has anyway. :)”