Menu
What's new
By:
Filters Better Search

Search results

  • SNBForums Code of Conduct

    SNBForums is a community for everyone, no matter what their level of experience.

    Please be tolerant and patient of others, especially newcomers. We are all here to share and learn!

    The rules are simple: Be patient, be nice, be helpful or be gone!

  1. garycnew

    Suricata Any else still using on device?

    @Tech9 I was just about to ask this question: What's the average RAM footprint of Suricata on an Asus router? I should probably just go through and read all your comments in this forum. Thanks, again. Respectfully, Gary P.S. I still feel your nic should have had a hip-hop origin (opposed...
  2. garycnew

    Allow Non-Root User to Bind to Lower Ports < 1024?

    @RMerlin It seems there is quite the debate in the kernel world around the premise of this "security feature." I understand both sides of the debate and don't really have a strong opinion one way or the other on the matter. I was simply trying to discern an answer with regard to its...
  3. garycnew

    Allow Non-Root User to Bind to Lower Ports < 1024?

    I believe port-forwarding might be the alternative workaround I've been searching for. Thanks @ColinTaylor and @raven-au for your input. Respectfully, Gary
  4. garycnew

    Allow Non-Root User to Bind to Lower Ports < 1024?

    I suppose that would be a compromise to running the application as root. The preference would be to allow non-root binding to lower ports < 1024, but that doesn't seem plausible under Asuswrt.
  5. garycnew

    Allow Non-Root User to Bind to Lower Ports < 1024?

    The services in question are run on AiMesh Nodes within the private network.
  6. garycnew

    Allow Non-Root User to Bind to Lower Ports < 1024?

    @ColinTaylor Security was the primary concern. It seems functionality trumps security with Asuswrt. As always, I appreciate your input. Respectfully, Gary
  7. garycnew

    Allow Non-Root User to Bind to Lower Ports < 1024?

    @ColinTaylor I noticed some references to authbind as an alternative. However, it doesn't appear to be packaged within OpenWRT or Entware. I'd have to roll my own to test. The last alternative I can think of is to give the application in question root access. Any additional thoughts on the...
  8. garycnew

    Allow Non-Root User to Bind to Lower Ports < 1024?

    Colin, I receive "Failed to set capabilities on file" and "Operation not supported" errors attempting to use setcap. # opkg install libcap-bin Installing libcap-bin (2.63-1) to root... Downloading https://bin.entware.net/armv7sf-k2.6/libcap-bin_2.63-1_armv7-2.6.ipk Configuring libcap-bin. #...
  9. garycnew

    Allow Non-Root User to Bind to Lower Ports < 1024?

    How does one allow a Non-Root User to Bind to Lower Ports < 1024 in Asuswrt-Merlin? Thank You.
  10. garycnew

    Tutorial Asus Dual WAN Router Load Balancing and Failover Router Problems and Fix

    @kulgan You'll likely need to create iptables MANGLE rules to ensure the return traffic is routed back over the originating interface (eth1 or eth2). Dual WAN load balancer + port forwarding from both ISP I had to implement similar iptables MANGLE rules for a Split-Tunnel VPN I implemented...
  11. garycnew

    Tutorial Asus Dual WAN Router Load Balancing and Failover Router Problems and Fix

    @kulgan Consider configuring the OpenVPN Server directly on your Mikrotik rather than your Asus router. There are Mikrotik tutorials on the subject with assistance in the Mikrotik forum. Good Luck! Gary
  12. garycnew

    Tutorial [SOLUTION] Asuswrt-Merlin Tor via Bridge, Device, Browser, Entry (Guard)/Middle (Non-Exit) Relay, and Device/Browser/Relay Hybrid Implementations

    @SoFluffy I've updated the original post. Thank you for the correction. Respectfully, Gary
  13. garycnew

    Why was CONFIG_NETFILTER_XT_TARGET_TPROXY Reverted from Asuswrt-Merlin Linux-2.6.36 Kernel?

    @ColinTaylor That's what I get for not reading each post carefully. Thank you for the clarification. Respectfully, Gary
  14. garycnew

    Why was CONFIG_NETFILTER_XT_TARGET_TPROXY Reverted from Asuswrt-Merlin Linux-2.6.36 Kernel?

    @ColinTaylor - Thank you for confirming what @Tech9 previously verified. @RMerlin - Have I misunderstood your point?
  15. garycnew

    Tutorial [SOLUTION] Asuswrt-Merlin Tor via Bridge, Device, Browser, Entry (Guard)/Middle (Non-Exit) Relay, and Device/Browser/Relay Hybrid Implementations

    Asuswrt-Merlin uses /tmp/torrc by default. Asuswrt-Merlin uses Tor (capital T) by default. I've found that running Tor manually without the -quiet option helps to validate the torrc. I would also recommend reviewing the /tmp/torlog for errors. BTW... Common issues are Nickname cannot be...
  16. garycnew

    Why was CONFIG_NETFILTER_XT_TARGET_TPROXY Reverted from Asuswrt-Merlin Linux-2.6.36 Kernel?

    @Tech9 Did I misunderstand your response in the previously referenced post suggesting you were able to modprobe xt_socket and xt_tproxy on a kernel-4.1 device? Respectfully, Gary
  17. garycnew

    Why was CONFIG_NETFILTER_XT_TARGET_TPROXY Reverted from Asuswrt-Merlin Linux-2.6.36 Kernel?

    @RMerlin I thought I remember @Tech9 validating that these modules were still included and loaded with kernel-4.1 in the following thread: https://www.snbforums.com/threads/asuswrt-rt-ac-x-routers-support-time-machine-ipsec.76992/page-2#post-740571 Respectfully, Gary
  18. garycnew

    is a USB 2.0 flash drive fast enough for use with asuswrt-merlin + add ons?

    I had another SanDisk 2.0 die on me, today. Already back up and running with a replacement using amtm. Thanks, again!
  19. garycnew

    Tutorial [SOLUTION] Asuswrt-Merlin Tor via Bridge, Device, Browser, Entry (Guard)/Middle (Non-Exit) Relay, and Device/Browser/Relay Hybrid Implementations

    @diman82 I don't see an attached torrc.postconf. From the error message, it seems the torrc.postconf is referencing a non-existent directory. Make sure you're referencing valid directories in your torrc.postconf. Regards, Gary
  20. garycnew

    Solved [SOLUTION] Asuswrt-Merlin NFS v3 File Locking using NSM (statd) & NLM (lockd)

    @ColinTaylor Adding the NFS v3 locking mount to the /jffs/scripts/services-start still doesn't give the nfs kernel modules enough time to load, so I've tried adding a sleep 60 prior to the NFS v3 locking mount command hoping it will provide sufficient time. I'll monitor the next AiMesh Node...
Top