Menu
What's new
By:
Filters Better Search

Asuswrt-Merlin 384.8 is now available

  • SNBForums Code of Conduct

    SNBForums is a community for everyone, no matter what their level of experience.

    Please be tolerant and patient of others, especially newcomers. We are all here to share and learn!

    The rules are simple: Be patient, be nice, be helpful or be gone!

Trust buy verify. What is the output of these commands?
Code: 
netstat -anp | grep :22 | grep LISTEN

iptables -L INPUT -v

From the first command, you're looking for something like this with just your router LAN IP listed:
Code: 
netstat -anp | grep :22 | grep LISTEN
tcp        0      0 192.168.1.1:22          0.0.0.0:*               LISTEN      24074/dropbear

From the second command, just looking for any unusual lines and to make sure there are no extra rules to ACCEPT ssh. I ran ShieldsUp! and watched the last line (DROP) increase as it worked its way through the ports.
 
No problem for me on that port

GRC Port Authority Report created on UTC: 2018-12-19 at 22:08:43

Results from scan of ports: 0-1055

0 Ports Open
4 Ports Closed
1052 Ports Stealth
---------------------
1056 Ports Tested

NO PORTS were found to be OPEN.

Ports found to be CLOSED were: 135, 137, 138, 445

Other than what is listed above, all ports are STEALTH.


Our ISP blocks some ports

Blocked ports by Virgin media
TCP & UDP ports 135, 137, 138, 139
TCP & UDP port 445
 
dave14305 said:
Trust buy verify. What is the output of these commands?
Code: 
netstat -anp | grep :22 | grep LISTEN

iptables -L INPUT -v

From the first command, you're looking for something like this with just your router LAN IP listed:
Code: 
netstat -anp | grep :22 | grep LISTEN
tcp        0      0 192.168.1.1:22          0.0.0.0:*               LISTEN      24074/dropbear

From the second command, just looking for any unusual lines and to make sure there are no extra rules to ACCEPT ssh. I ran ShieldsUp! and watched the last line (DROP) increase as it worked its way through the ports.
Click to expand...

Code: 
admin@odyssey:/tmp/home/root# netstat -anp | grep :22 | grep LISTEN
tcp        0      0 0.0.0.0:22              0.0.0.0:*               LISTEN                                  319/dropbear
tcp        0      0 :::22                   :::*                    LISTEN
 
Shonk said:
Code: 
admin@odyssey:/tmp/home/root# netstat -anp | grep :22 | grep LISTEN
tcp        0      0 0.0.0.0:22              0.0.0.0:*               LISTEN                                  319/dropbear
tcp        0      0 :::22                   :::*                    LISTEN
Click to expand...
Double check the SSH setting for LAN. It shouldn’t be listening on 0.0.0.0 if it’s truly LAN only. Or restart sshd in case the router didn’t do it.
Code: 
service restart_sshd
And do you use IPv6?
 
dave14305 said:
Double check the SSH setting for LAN. It shouldn’t be listening on 0.0.0.0 if it’s truly LAN only. Or restart sshd in case the router didn’t do it.
Code: 
service restart_sshd
And do you use IPv6?
Click to expand...

yes i do use ipv6


admin@aurora:/tmp/home/root# service restart_sshd

Done.

1.png


2.jpg


still a closed port
 
Last edited:
Shonk said:
yes i do use ipv6


admin@aurora:/tmp/home/root# service restart_sshd

Done.

still a closed port
Click to expand...
Just have to ask: in your earlier post your router was called “odyssey” at the terminal prompt. In this post it’s named “aurora”. Did you rename it between posts or are you dealing with multiple devices?
 
doesnt matter forgot i compiled the master branch on the 17th
just compiled the latest and its all stealth now
 
dave14305 said:
Just have to ask: in your earlier post your router was called “odyssey” at the terminal prompt. In this post it’s named “aurora”. Did you rename it between posts or are you dealing with multiple devices?
Click to expand...

odyssey is an rt-ac88u in ap mode
aurora is an rt-ac88u in router mode

and yes your right i checked the wrong router earlier :p
 
Last edited:
so damn annoyed today - i had to use a different linksys router off my fios ont to run a test
(i've done this back and forth before when i was using 384.7_2 and 384.8 without issue)
and when i switched back to the asus 384.8_2 router the internet would not clamp on back
nothing i tried worked - i left the linksys running and will revert back to 384.8 and uninstall
diversion and stubby to see if i can at least get the asus router clamping onto internet again.
nothing is more aggravating than having something you thought you could count on - fail :(
thank my cynical stars i keep a decent spare router up on a shelf just for such eventualities.
i'll update tomorrow with what worked - i got a house full of wifi users to contend with.

one weird thing i noticed while 384.8_2 was on my fios ont unable to clamp is;
both cores of the cpu would fluctuate between 10% and 90% every 30 seconds
even though i only had one wired pc on doing nothing and wifi turned off, so
i have no idea what the router was stuck thinking about.

UPDATE: i honestly don't know what's wrong. maybe it's because i did dirty firmware updates instead of factory resetting and inputting all my setting manually, i donno, but regardless a factory reset was the only way i could clamp back my fios internet. this is really frustrating because it takes me an hour of data entry work to get all my setting back in (lots of static lan ip and lan qos), and what's worse is restoring .CFG files with older settings has NEVER worked correctly for me, so this just means the next time merlin has a firmware update, i may ignore the blinking "!" from now on. I just can't have to factory reset and then update firmware every time there's an update, sorry. this mis-alignment between firmware versions and .CFG files such that dirty updates and save/restore of .CFG files not working - is extremely annoying and unreliable, so once i get everything working again, i'm not going to change a thing - life's too short to dick around with this every month with a house full of people crying why is the wifi down again... sorry guys, just venting - i'm of course grateful for all your hard work here.
 
Last edited:
I’m a bit stuck with my OpenVPN server, I can’t get it going.
I just keep getting the same error ‘Failed to import profile’
Would anyone have any suggestions?
 
Hello there,
I was facing a problem since many merlin updates on my RT-AC68U (more than 1 year).
I was unable to connect to Battlenet or on my email web portal (TLS handshake forever), I think it's a problem on DNS.
To solve my problems I'd setup a vpn and I can connect on Battlenet or read my mails by web portal.
This mode of operation did not suit me, so today I flashed the router with the ASUS official firmware and everything is back in order, I do not have to go through a vpn to connect to different services.
This is my setup fiber ONT and RT-AC68U directly connected on. RT-AC68U as Wireless Router and Firmware Version:3.0.0.4.384_45149
 
Any plans to support CloudFlare dynamic DNS updates via their API?

For now I'm using custom `/jffs/scripts/wan-start` but having this function in web UI may be just better.
 
Here are my results. When not using the PIA VPN, all my ports are Green meaning completely Stealthy!! But when I enable the VPN, I get this.

VPN Not Stealth.JPG


[FONT=Verdana,Arial,Helvetica,Sans-Serif,MS Sans Serif][FONT=courier new,courier]GRC Port Authority Report created on UTC: 2018-12-20 at 16:10:41

Results from scan of ports: 0-1055

23 Ports Open
1033 Ports Closed
0 Ports Stealth
---------------------
1056 Ports Tested

NO PORTS were found to be STEALTH.

Ports found to be OPEN were: 22, 53, 80, 110, 443, 500, 501,
502, 600, 601, 602, 603, 604, 605,
606, 607, 608, 609, 610, 611, 612,
613, 614

Other than what is listed above, all ports are CLOSED.

TruStealth: FAILED - NOT all tested ports were STEALTH,
- NO unsolicited packets were received,
- A PING REPLY (ICMP Echo) WAS RECEIVED.[/FONT][/FONT]


Should the ports while on VPN be just as stealthy as when not on the VPN? If yes, what do I do about it? I'm using OpenVPN to connect to PIA.
 
You must log in or register to reply here.

Similar threads

RMerlin
  • Locked
Beta Asuswrt-Merlin 3006.102.2 Beta is now available for Wifi 7 devices
2 3 4
Replies
70
Views
11K
RMerlin
RMerlin
RMerlin
Release Asuswrt-Merlin 386.14 is now available for AC models
8 9 10
Replies
186
Views
28K
bibikalka
B
RMerlin
  • Locked
Release Asuswrt-Merlin 3004.388.8_2 is now available
22 23 24
Replies
469
Views
58K
aitor_mtb
A
RMerlin
  • Locked
Beta Asuswrt-Merlin 386.14 beta is now available
2
Replies
35
Views
9K
RMerlin
RMerlin
RMerlin
  • Locked
Beta Asuswrt-Merlin 3004.388.8 beta is now available
6 7 8
Replies
155
Views
30K
RMerlin
RMerlin
Similar threads
Thread starter Title Forum Replies Date
RMerlin Release Asuswrt-Merlin 3006.102.2 is now available for Wifi 7 devices Asuswrt-Merlin 28
B Unable to establish VPN connection to my PiVPN (ovpn) from my Asus RT-AC86U running Asuswrt-Merlin 386.14 Asuswrt-Merlin 1
F Several Questions Re:Asuswrt-Merlin Feature Implementation Asuswrt-Merlin 2
Yota How to enable port randomization in Asuswrt-Merlin? Asuswrt-Merlin 4
RMerlin Beta Asuswrt-Merlin 3006.102.2 Beta is now available for Wifi 7 devices Asuswrt-Merlin 70
J Does Asuswrt-Merlin support AiMesh over Wifi? Asuswrt-Merlin 4
Siff Printing from Guest Network (ASUSWRT-Merlin 3004.388.8_2) Asuswrt-Merlin 5
Siff Setting dnsmasq on Asuswrt-Merlin Asuswrt-Merlin 8
Rob Bowlby fwupdate.asuswrt-merlin.net - diversion.ch Down? Asuswrt-Merlin 7
R Wireguard on Asuswrt-Merlin Asuswrt-Merlin 11

Similar threads

Latest threads

Support SNBForums w/ Amazon

If you'd like to support SNBForums, just use this link and buy anything on Amazon. Thanks!

Sign Up For SNBForums Daily Digest

Get an update of what's new every day delivered to your mailbox. Sign up here!

Members online

Total: 977 (members: 37, guests: 940)
Top