What's new
  • SNBForums Code of Conduct

    SNBForums is a community for everyone, no matter what their level of experience.

    Please be tolerant and patient of others, especially newcomers. We are all here to share and learn!

    The rules are simple: Be patient, be nice, be helpful or be gone!

I hope there is someone here who can figure out why I have been unable to install Skynet.
Your issue has always seemed to be the inability to reach the github site. Run some tests from the router.
Code:
nslookup raw.githubusercontent.com
ping raw.githubusercontent.com
traceroute raw.githubusercontent.com
curl -v https://raw.githubusercontent.com/Adamm00/IPSet_ASUS/master/firewall.sh -o /dev/null
Don’t bother with USB replacement or double NAT. If you can’t reach the download site, none of it matters.

Do you live somewhere in the world where an ISP or government would want to block github? Or a country known for bad internet guys and so maybe github is blocking your country or ISP’s addresses?

Can you reach the normal github site from a PC (without a VPN)?

 
I will add screenshots of each steps and post again unless the double NAT issue is the culprit

The router is running in router mode, 192.168.2.9 is the IP address I assigned to it

Double NAT is likely as I have my router behind the ISP fiber router - unfortunately I am not able to switch that one to modem only as they only give you limited access to it. I was able to switch off UPnp on it, however DMZ is on and pointed toward my router at 192.168.2.9. So this might be the issue?
Hey as long as you know your router is in router mode, and your firewall is not disabled, I suspect Skynet would still work at filtering your outgoing packets only.
 
Your issue has always seemed to be the inability to reach the github site. Run some tests from the router.
Code:
nslookup raw.githubusercontent.com
ping raw.githubusercontent.com
traceroute raw.githubusercontent.com
curl -v https://raw.githubusercontent.com/Adamm00/IPSet_ASUS/master/firewall.sh -o /dev/null
Don’t bother with USB replacement or double NAT. If you can’t reach the download site, none of it matters.

Do you live somewhere in the world where an ISP or government would want to block github? Or a country known for bad internet guys and so maybe github is blocking your country or ISP’s addresses?

Can you reach the normal github site from a PC (without a VPN)?

It is interesting because he was able to install entware(unless that comes built within asuswrt merlin?) As his amtm image demonstrates he has both amtm and entware installed successfully.
 
I will add screenshots of each steps and post again unless the double NAT issue is the culprit

The router is running in router mode, 192.168.2.9 is the IP address I assigned to it

Double NAT is likely as I have my router behind the ISP fiber router - unfortunately I am not able to switch that one to modem only as they only give you limited access to it. I was able to switch off UPnp on it, however DMZ is on and pointed toward my router at 192.168.2.9. So this might be the issue?
One thing is for sure. Placing your router in the DMZ will expose all of its ports to the external network. So you would have the firewall of the router that is in double nat with internet hitting its firewall directly, however skynet will only filter be able to filter on the outgoing because skynet only filters outgoing traffic when the "wan-ip" is a private address. Skynet assumes that the ISP's modems firewall will be doing all the incoming filtering; however, it is not when you place the doublenat router in the DMZ.
 
Last edited:
My instance of Skynet looks to be filtering incoming traffic and I am in a triple NAT setup.

My AX86U Pro is in a DMZ on the ER605, which is in a DMZ on the ISP cable modem.

Skynet logs clearly show blocked incoming traffic.
 

Attachments

  • IMG_0623.jpeg
    IMG_0623.jpeg
    70.1 KB · Views: 55
My instance of Skynet looks to be filtering incoming traffic and I am in a triple NAT setup.

My AX86U Pro is in a DMZ on the ER605, which is in a DMZ on the ISP cable modem.

Skynet logs clearly show blocked incoming traffic.
Hey I am just going off of what @Adamm has said in the past.


And as pointed out in the past, skynet logs any dropped traffic. Whether it is skynet doing the dropping is the actual question.
 
My instance of Skynet looks to be filtering incoming traffic and I am in a triple NAT setup.

My AX86U Pro is in a DMZ on the ER605, which is in a DMZ on the ISP cable modem.

Skynet logs clearly show blocked incoming traffic.
Yes, but skynet logs all blocked incoming traffic. If there is no skynet blocklists associated with the blocks, then that is just the default firewall blocking those packets.
 
Hey I am just going off of what @Adamm has said in the past.


And as pointed out in the past, skynet logs any dropped traffic. Whether it is skynet doing the dropping is the actual question.
That would make sense. At least it logs the drops regardless if it’s Skynet or the default settings of the firewall itself doing the dropping.
 
That would make sense. At least it logs the drops regardless if it’s Skynet or the firewall itself doing the dropping.
However, it shows skynets blocklists are not being used on incoming blocks. That is the picture I am painting. If you look at the other tables on skynets statistics of incoming traffic, look at the ban reason.
Screenshot_20230515_074929_Samsung Internet.jpg


You can see which lists were used to determine the block. If it is a star, that means it was blocked by the firewall in general.
 
Here is my listing
 

Attachments

  • IMG_0624.jpeg
    IMG_0624.jpeg
    85.1 KB · Views: 40

Attachments

  • IMG_0625.jpeg
    IMG_0625.jpeg
    122 KB · Views: 38
More info….
 

Attachments

  • IMG_0626.jpeg
    IMG_0626.jpeg
    38.7 KB · Views: 47
Yes, but skynet logs all blocked incoming traffic. If there is no skynet blocklists associated with the blocks, then that is just the default firewall blocking those packets.
Skynet only logs what’s in its blocklists.
You can see which lists were used to determine the block. If it is a star, that means it was blocked by the firewall in general.
If it’s an asterisk only, it likely means the IP range being blocked was using a larger CIDR than the 3 octets Skynet checks for in case an exact match is not found. Look at line 1000 in the code.
That's interesting, I wonder if @Adamm can explain why he says inbound traffic is not filtered by skynet if wanip is private when clearly it is.
In most lazy double-NAT configuractions, the unsolicited WAN traffic will never reach the second router. If the second router is in the DMZ of the first router, then that changes things.

Nothing to do with amtm, so this whole discussion should move elsewhere.
 
Skynet only logs what’s in its blocklists.

If it’s an asterisk only, it likely means the IP range being blocked was using a larger CIDR than the 3 octets Skynet checks for in case an exact match is not found. Look at line 1000 in the code.

In most lazy double-NAT configuractions, the unsolicited WAN traffic will never reach the second router. If the second router is in the DMZ of the first router, then that changes things.

Nothing to do with amtm, so this whole discussion should move elsewhere.
Agreed the whole, I can install amtm, but cannot install skynet convo should have been in its own thread to begin with. Not on the list for steps of installing amtm. And we still have yet to see screenshots of the concerned users step by step installation process for skynet, or any confirmation on whether it is because their country blocks github.
 
But would skynet install in accesspoint mode is the real question here.
I have an AC1900P (386.11) which I am using as an AP. AMTM runs, I was able to format an USB drive, create a swap file, get scMerlin working including showing up on the addons tab, however I am unable to get Entware to install and without Entware most other scripts can not be added.

I suppose if someone had a need for the scripts on an AP they first could set it up as a router and then install the wanted scripts and then see if after it was switched back to an AP if they would continue to work.
 
I have an AC1900P (386.11) which I am using as an AP. AMTM runs, I was able to format an USB drive, create a swap file, get scMerlin working including showing up on the addons tab, however I am unable to get Entware to install and without Entware most other scripts can not be added.

I suppose if someone had a need for the scripts on an AP they first could set it up as a router and then install the wanted scripts and then see if after it was switched back to an AP if they would continue to work.
That is an interesting thought, supposedly in AP mode the firewall is disabled, so would firewall-start scripts in jffs continue to run?
 

Similar threads

Latest threads

Support SNBForums w/ Amazon

If you'd like to support SNBForums, just use this link and buy anything on Amazon. Thanks!

Sign Up For SNBForums Daily Digest

Get an update of what's new every day delivered to your mailbox. Sign up here!
Top