Custom firmware build for R7800 v. 1.0.2.23SF & v. 1.0.2.24SF

[Voxel]

Thanks Voxel. I'm not using HTTPS, just plain non secure protocol. I have already set the download directory to Easyshare default (I think it's called USB_share, mapped to U drive in my case), and I have Netgear Downloader disabled.
I could access Transmission at port 9091 as you pointed, but there is no control buttons, i.e. can't add a torrent. I'm using Chrome.

UPDATE: Now it's working at port 9091 after clearing Chrome cache. Thank you

Sent from my ONEPLUS A3003 using Tapatalk

OK, so problem was in browser's cache. You can use Transmission from router WebGUI now, after clearing cache.

Voxel.

 

[majeedun]

OK, so problem was in browser's cache. You can use Transmission from router WebGUI now, after clearing cache.

Voxel.

Yes. I also removed the swap file form the USB stick and Transmission is still working on port 9091.

After rebooting the router, I noticed that the UPnP ports were deleted. Is this normal? Not a big deal though, just needed to run my NAS's router config again to remap the ports for my FTP

 

[majeedun]

Another feature I noticed over stock firmware is longer logs sent to my email less frequently (I set up to send when log is full). So I think the log limit is increased, which I like

There are few incorrectly formatted lines though, compared to NG stock, e.g.:

[DoS Attack: SYN/ACK Scan] from sorce:288.5.2,pr 4,<4>[DoS Attack: SYN/ACKSa]fo ore 0.01424 ot4, Thursday, March 09, 2017 04:55:03
[DoS Attack: TCP/UDP Chare]fo ore .91226 ot454, Thursday, March 09, 2017 10:22:11

Again, only a cosmetic thing

 

[Voxel]

After rebooting the router, I noticed that the UPnP ports were deleted. Is this normal? Not a big deal though, just needed to run my NAS's router config again to remap the ports for my FTP

More details please. How did you find it etc.

Another feature I noticed over stock firmware is longer logs sent to my email less frequently (I set up to send when log is full). So I think the log limit is increased, which I like

There are few incorrectly formatted lines though, compared to NG stock, e.g.:

[DoS Attack: SYN/ACK Scan] from sorce:288.5.2,pr 4,<4>[DoS Attack: SYN/ACKSa]fo ore 0.01424 ot4, Thursday, March 09, 2017 04:55:03
[DoS Attack: TCP/UDP Chare]fo ore .91226 ot454, Thursday, March 09, 2017 10:22:11

Again, only a cosmetic thing

Cosmetic is important too OK, will check, but not right now.

Voxel.

 

[majeedun]

More details please. How did you find it etc.




Cosmetic is important too OK, will check, but not right now.

Voxel.

UPnP is in advanced section, next to were you do port forwarding. It's enabled by default, but can be disabled. Some say it's a security risk, but I use it with no problems. I don't know if these ports reset on reboot with NG stock as well.

Sent from my ONEPLUS A3003 using Tapatalk

 

[Voxel]

UPnP is in advanced section, next to were you do port forwarding. It's enabled by default, but can be disabled. Some say it's a security risk, but I use it with no problems. I don't know if these ports reset on reboot with NG stock as well.

Sent from my ONEPLUS A3003 using Tapatalk

My router displays (when UPnP is enabled):

Advertisement Period(in minutes)      30
Advertisement Time to Live(in hops)    4

UPnP Portmap Table
Active    Protocol    Int. Port    Ext. Port    IP Address
YES        TCP            51413        51413        192.168.1.1
YES        UDP            51413        51413        192.168.1.1

So what's wrong?

Voxel.

 

[majeedun]

My router displays (when UPnP is enabled):

Advertisement Period(in minutes)      30
Advertisement Time to Live(in hops)    4

UPnP Portmap Table
Active    Protocol    Int. Port    Ext. Port    IP Address
YES        TCP            51413        51413        192.168.1.1
YES        UDP            51413        51413        192.168.1.1

So what's wrong?

Voxel.

Mine displays the same ports as yours (which I think are for Transmission) PLUS a whole lot of other ports for my NAS. The latter are lost when rebooting the router (so do not survive a reboot) and I have to go to NAS's GUI and reconfigure to be able to use my FTP from WAN.

 

[Voxel]

Mine displays the same ports as yours (which I think are for Transmission) PLUS a whole lot of other ports for my NAS. The latter are lost when rebooting the router (so do not survive a reboot) and I have to go to NAS's GUI and reconfigure to be able to use my FTP from WAN.

Mine are not displayed immediately after I turn On/Off UPnP. Only after some time. Probably you just should wait a bit.

Voxel.

 

[majeedun]

Mine are not displayed immediately after I turn On/Off UPnP. Only after some time. Probably you just should wait a bit.

Voxel.

I waited for about 30 min, but did not show up. Anyway, I thought port forwarding is more reliable and I forwarded the FTP ports to my NAS.
Yesterday at night my DNS stopped working and I lost all internet connection. I had this dnscrypt-list under root:
dnscrypt.org-fr
dnscrypt.nl-ns0
dnscrypt.eu-dk
dnscrypt.eu-nl
I pinged all of the above, and they were working, but still DNS not resolving. I deleted the file and rebooted the router this morning. Now DNS is working again (but without DNSSEC/DNSCRYPT). Any idea as to why the secure DNS resolvers stopped working?

 

[Voxel]

Yesterday at night my DNS stopped working and I lost all internet connection. I had this dnscrypt-list under root:
dnscrypt.org-fr
dnscrypt.nl-ns0
dnscrypt.eu-dk
dnscrypt.eu-nl
I pinged all of the above, and they were working, but still DNS not resolving. I deleted the file and rebooted the router this morning. Now DNS is working again (but without DNSSEC/DNSCRYPT). Any idea as to why the secure DNS resolvers stopped working?

Well, only two suppositions (I use three of dnscrypt servers above and they all are working, yesterday and now too):

1. You have started to use ports 64001, 64002 etc. For your NAS or so. Dnscrypt in my firmware uses these ports adding "1" to each next in the list. I.e. for your list:


dnscrypt.org-fr 64001
dnscrypt.nl-ns0 64002
dnscrypt.eu-dk 64003
dnscrypt.eu-nl 64004

2. Your ISP started to block these sites.

Anyway, you should check in console (e.g. in telnet): can dnscrypt be started. I.e. restore your dnscrypt-list, then enter to console and run:

/etc/init.d/dnscrypt-proxy stop (to make sure that it is not started)

and after:

/etc/init.d/dnscrypt-proxy start

and then check:

ps ax | grep dnscrypt

Voxel.

 

[xeqw]

Is it possible to change the default Wifi Mode setting from "Up to xxMbps" to something more conventional like n only/n+ac/ac only? It would be nice to lock down the 5GHz to ac only operation.

 

[Voxel]

Is it possible to change the default Wifi Mode setting from "Up to xxMbps" to something more conventional like n only/n+ac/ac only? It would be nice to lock down the 5GHz to ac only operation.

If you want just to change the message in this selection (WebGUI) then it is possible. There is /www/languages-en.js translation file for English language and you can edit it replacing e.g. "Up to 1733 Mbps" to "Whatever Else".

Voxel.

 

[xeqw]

If you want just to change the message in this selection (WebGUI) then it is possible. There is /www/languages-en.js translation file for English language and you can edit it replacing e.g. "Up to 1733 Mbps" to "Whatever Else".

Voxel.

Not just the message but rather preventing the 5GHz radio from allowing non ac clients to connect. The Up to 1733 Mbps selection would still broadcast 802.11a/n frames and allow a/n clients to connect to it .

 

[Voxel]

Not just the message but rather preventing the 5GHz radio from allowing non ac clients to connect. The Up to 1733 Mbps selection would still broadcast 802.11a/n frames and allow a/n clients to connect to it .

Actual setting Wi-Fi mode (after you choose this mode from WebGUI) is performed by pre-compiled by Netgear "net-cgi" binary (no source codes).

Voxel.

 

[Csection]

Voxel is Fantastic!
He has helped me in many ways to check my network and resolve issues that were occurring.
He has determined that the Netgear "DOS Attack" reported by my router were in fact false positives. I get a lot of these in my logs, but they are actually from sites like Dropbox, Windows update etc.
He has put a lot of time into this investigation and I cannot thank him enough.
His revision of the Netgear firmware is really great.
So! Use with confidence!
He will help you resolve your issues(Time being available).

 

[Voxel]

He has determined that the Netgear "DOS Attack" reported by my router were in fact false positives. I get a lot of these in my logs, but they are actually from sites like Dropbox, Windows update etc.

As I found this is old problem of Netgear routers, e.g. known yet in 2012:

https://community.netgear.com/t5/Wired-Routers/Dos-attack/td-p/423857

or this, "DoS attack from Google":

https://community.netgear.com/t5/R6000-Series-AC-WiFi-Routers/Dos-Attacks/td-p/501219

Funny, I wrote to Csection already that when I checked remotely log of my home R7800 from my office laptop (with public IP), I found a record of DoS attack from my laptop IP... Something like I tried to hack my home router from my office laptop...

I do not understand why Netgear does not provide a fix for these false alarms? Old known problem. Not only in R7800... Problem is in ipt_spiDoS.ko pre-compiled kernel object in Netgear routers.

Voxel.

 

[majeedun]

Well, only two suppositions (I use three of dnscrypt servers above and they all are working, yesterday and now too):

1. You have started to use ports 64001, 64002 etc. For your NAS or so. Dnscrypt in my firmware uses these ports adding "1" to each next in the list. I.e. for your list:


dnscrypt.org-fr 64001
dnscrypt.nl-ns0 64002
dnscrypt.eu-dk 64003
dnscrypt.eu-nl 64004

2. Your ISP started to block these sites.

Anyway, you should check in console (e.g. in telnet): can dnscrypt be started. I.e. restore your dnscrypt-list, then enter to console and run:

/etc/init.d/dnscrypt-proxy stop (to make sure that it is not started)

and after:

/etc/init.d/dnscrypt-proxy start

and then check:

ps ax | grep dnscrypt

Voxel.

1. I'm not using ports in dnscrypt range for my NAS
2. Probably my ISP
One thing I noticed just before internet was unreachable is the free memory was only 30 MB (with about 200 MB eaten by cache/buffer). Now, with the same usage, free memory is at 250 MB. Maybe there was a memory leak that caused the problem.
Also, without dnscrypt, internet browsing feels snappier so did not restore the dnscrypt-list for now to see what will happen with memory

 

[Voxel]

One thing I noticed just before internet was unreachable is the free memory was only 30 MB (with about 200 MB eaten by cache/buffer). Now, with the same usage, free memory is at 250 MB. Maybe there was a memory leak that caused the problem.
Also, without dnscrypt, internet browsing feels snappier so did not restore the dnscrypt-list for now to see what will happen with memory

Just to avoid misunderstanding: Nothing is bad in cached memory. After some time (even w/o use of dnscrypt-proxy) you will see increased cached memory. It does not mean that it is memory leak. De facto cached memory is free memory and could be easily used if some started programs need right now the memory. Just there is a probability that some data in cached memory could be re-used again and they (data) are already in memory (speed up).

Probably you should try to use the package from Entware with name procps-ng-top: it provides more user-friendly info about CPU/MEM usage:

It is how it looks from my router console (with dnscrypt-proxy ON )

My Debian server with 16GB RAM shows me now that 11GB fom these 16 are used for buffers/cache (and only 5GB are free). But does not mean that it is because of memory leak.

Voxel.