I agree that Tomato (and other WRT tools) makes a fun and powerful linux firmware network diagnostic device!
WARNING: The reason one installs Tomato is to be able to control, at a greater level, the networking IDS/IPS, stack and other settings, including proxy etc. If you do NOT configure everything correctly (or leave remote management, RDP/VNC and SSH on) you are opening up yourself to security issues from the many bots that scan and target home routers.
I also like the Cisco Small Business Router series WRVS4400N, since it is
based on two SoCs from Star Semi (9109 +
9202, both ARM9 based), the Vitesse VSC7385 Gigabit and the Marvell
TopDog draft-n WLAN chipset. According to the GPL sources the 9109 has
access to 32 MB RAM and the 9202 to 64 MB RAM. One of the Cisco SMB WRVS4400N ARM processors is dedicated solely to IPS/IDS. Cisco provides all of their source available for devices, so wonderful reverse engineering lab tests (we all love so much) can easily port to linux wrt, however to date, none have been able to port any linux stack to these dual ARM devices (hardware limitations). I.E. there is currently no published ddwrt, OpenWRT or Tomato firmware available for the Cisco Small Business series routers, which also provide 1000G ethernet, 802.11B/G/N, VLAN and VPN as well as ability to port forward single or range, hang out nice DMZ honeypot, filter both inbound and outbound, and exclude PPTP, multicast, and UNPN packets. The IPS function also will interfere with a large number of known packet signatures for BitTorrent, Skype, etc. Of course there is extensive ability to filter web traffic based on wordlist or URL, for businesses that find paying bandwidth and hourly salary for Youtube surfers prohibitive.
Most of the SOHO Netgear, LinkSys and Dlink small "routers" and "modems" are vulnerable to the DNS rebinding, so check to verify that your system is not listed:
http://www.smallnetbuilder.com/security/security-features/31212-is-your-router-one-in-a-million
Many other "home" routers have easy web based information leak exploits which are not published. For instance, many known write conditions exist therefore remote management script attempts to use it to get a reverse shell written to the device, whereupon the cracker comes along and replaces the whole firmware with their own version. One of the clues that your router firmware has been overwritten includes new "options" or greyed out options in the web based interface; usually the new users added will not be seen through the Administration section either. Exploiting these holes will also
allow you set your own VERSION number, etc. which can be useful to determine if the files have been changed. Bot builders then use this 24X7 bandwidth to send email, setup open proxy phishing hacks, and run bots against other routers, web systems and hop off. Many of these access portals are traded on international IRC (say 10 soho routers for 1 ssh in France for instance) The sheer number of systems that can be pwned in 1 night using one of these bot tools (similar to Metasploit, using specific plugins [easy to develop - traded on IRC or 2600 group ftp's]) is incredible. Once on a shared network (or in the router) we have access to ALL packets traversing the network [even SSL via sslstrip and other sidejacking tools].
For Linux and Security professionals, I suggest nothing short of a WPA-Enterprise (using radius) connection key, VLAN's and inbound and outbound port filtering (especially if you interact in the community at security or linux conventions, provide build source, etc.) I only advocate SSH access via source and destination, or VPN encryption. I don't recommend ANY remote access ever. Of course, I recommend that logging and be setup to a local mail server (using a gmail plugin should be trivial).
References:
http://freeradius.org/http://www.linux.org/docs/ldp/howto/8021X-HOWTO/freeradius.html