• SNBForums Code of Conduct

    SNBForums is a community for everyone, no matter what their level of experience.

    Please be tolerant and patient of others, especially newcomers. We are all here to share and learn!

    The rules are simple: Be patient, be nice, be helpful or be gone!

DIY routers and APs

Seems that I have some more reading to do as you had to do a lot manually.
The good news is that I've been able to configure everything I need in some way.
Now, I'm going back to try again to understand LuCI and try to update the gui to incorporate those 'manual' config requirements where possible. It does make one appreciate the work that has gone in to 'consumer' routers to try and simplify the setup.
 
I can confirm "speedtest cli" from Ookla installs and run fine from the command line

wget -c https://install.speedtest.net/app/cli/ookla-speedtest-1.0.0-aarch64-linux.tgz

Now I just need to borrow some code snippets from @Jack Yaz to automate and record the results to a sqlite file :) Another winter project :)
 
The Pi World is filled with all kinds of Magical Holes to follow.
Edit:
Currently installed & learning Docker, Portainer, and WatchTower.
i'd recommend ourborous over watchtower for updating. i have docker addictions :)
1634763333211.png
 
I can confirm "speedtest cli" from Ookla installs and run fine from the command line

wget -c https://install.speedtest.net/app/cli/ookla-speedtest-1.0.0-aarch64-linux.tgz

Now I just need to borrow some code snippets from @Jack Yaz to automate and record the results to a sqlite file :) Another winter project :)
you can probably steal most of the speedtest functions as is, to be honest!
 
you can probably steal most of the speedtest functions as is, to be honest!

I am a simple person who does not have a clue how to start a web GUI - in Merlin or LuCI. I used just enough of your code to save to a database file. I don't mind getting the file from a shared location and importing into Excel. Maybe someday I will get fancy and write a *.conf file for the script to read.

One question @Jack Yaz . The binary on Ookla's website is different than yours for Merlin. In particular, the -c option is missing now (custom config). In the Merlin version, you had the -c option pointing to some api on the web. was this to get things working with Merlin? With the new binary, you just install it and run it (./speedtest). It does everything automatic if you give no options.

Here is what I borrowed and fixed up to work for me (I kept your database reset in case I need it)

EDIT: OK, I guess not. The website won't let me post the finished product, but it works for me :)
 
I am a simple person who does not have a clue how to start a web GUI - in Merlin or LuCI. I used just enough of your code to save to a database file. I don't mind getting the file from a shared location and importing into Excel. Maybe someday I will get fancy and write a *.conf file for the script to read.

One question @Jack Yaz . The binary on Ookla's website is different than yours for Merlin. In particular, the -c option is missing now (custom config). In the Merlin version, you had the -c option pointing to some api on the web. was this to get things working with Merlin? With the new binary, you just install it and run it (./speedtest). It does everything automatic if you give no options.

Here is what I borrowed and fixed up to work for me (I kept your database reset in case I need it)

EDIT: OK, I guess not. The website won't let me post the finished product, but it works for me :)
-c is part of the built-in speedtest on Asuswrt. I added an option to use it in a recent version instead of the one that is available to download from Ookla. You'll see conditional statements in my code that supply different arguments depending on which speedtest binary is chosen
 
There is something about the elegance and simplicity of all the /jffs/scripts/***start and end scripts, triggered at appropriate times that makes me stay with Asuswrt-Merlin. Its too easy ;-)
Not exactly the same, but how about being able to insert scripts at any point in the system start/stop..... The entries of '*.user' are my custom scripts.


StartScripts.png
 
Since my TrueNAS server is running 24/7, I wonder if it would be feasible to run something in a Linux container. hmmm.
You try ESXI or Proxmox and have have TrueNAS & whatever firewall distro both running as containers. It should work fine.
 
Not exactly the same, but how about being able to insert scripts at any point in the system start/stop..... The entries of '*.user' are my custom scripts.


View attachment 36922
Looks like a good solution. How/what are the priority levels?

Also, wondering about things like firewall-start, pre/post mount, etc. Maybe some kind of “wrapper” around some of the binaries? I.e. /bin/mount has a wrapper that checks for a pre-mount script before mount?
 
Looks like a good solution. How/what are the priority levels?

Also, wondering about things like firewall-start, pre/post mount, etc. Maybe some kind of “wrapper” around some of the binaries? I.e. /bin/mount has a wrapper that checks for a pre-mount script before mount?
They use hotplug for lots of these events.
 
I don't want to slow the creative flow, yet wanted to say I Like Where This Is Going!
 
The good news is that I've been able to configure everything I need in some way.
Now, I'm going back to try again to understand LuCI and try to update the gui to incorporate those 'manual' config requirements where possible. It does make one appreciate the work that has gone in to 'consumer' routers to try and simplify the setup.
Maybe a useful starting point, committed today:
 
DNSFilter/NTPFilter
Configuration: manual, no gui
Fairly easy to implement for both IPv4 and IPv6 since it's a modern kernel and supports both route_local and NAT6
What do your rules look like? Are they in fw3 or custom?

I’m trying to learn uci so I have this:
Code:
# uci show firewall.@redirect[-1]
firewall.cfg263837=redirect
firewall.cfg263837.target='DNAT'
firewall.cfg263837.src='lan'
firewall.cfg263837.src_dip='!192.168.1.1'
firewall.cfg263837.dest_ip='192.168.1.1'
firewall.cfg263837.proto='tcp udp'
firewall.cfg263837.dest='lan'
firewall.cfg263837.src_dport='53'
firewall.cfg263837.name='DNS Filter'
which gets me this:
Code:
# fw3 print | grep Filter
iptables -t nat -A zone_lan_prerouting -p tcp ! -d 192.168.1.1/255.255.255.255 -m tcp --dport 53 -m comment --comment "!fw3: DNS Filter" -j DNAT --to-destination 192.168.1.1:53
iptables -t nat -A zone_lan_prerouting -p udp ! -d 192.168.1.1/255.255.255.255 -m udp --dport 53 -m comment --comment "!fw3: DNS Filter" -j DNAT --to-destination 192.168.1.1:53
As I mentioned in another thread, I’m enjoying re-learning the basics.
 
Just an update - I decided to play with Samba4 on the RasPi with 21.02.

The packages were easy to install. There is a number of them; Server, admin package, tools, etc. There was also a LuCI interface, so I gave that a shot as well.

The LuCI interface was a big let down. Minimal config through the interface. Nothing to add users. You are best to stay with manual setup (smb.conf file).

Also, to add Samba Users, you need to add the user to the OS. Since OpenWRT has no native adduser command, you have to edit the user/group/shadow file manually or install the shadow-adduser package. Once the OS user has been added, you can add the Samba user using the command smbpasswd -a USER (can't do it with LuCI).

To make the RasPi show up in network browser, you need to install the wsdd2 package. Install Samba first as the wsdd2 script parses the smb.conf file for the workgroup name when starting.

A little manual work required, but seems to work fine. I have not tested performance yet.

Cheers
 
What do your rules look like? Are they in fw3 or custom?
I wimped out and just added them in custom....
Code:
#DNSFilter
iptables -t nat -N DNSFILTER
iptables -t nat -I prerouting_lan_rule -p tcp -m tcp --dport 53 -j DNSFILTER
iptables -t nat -I prerouting_lan_rule -p udp -m udp --dport 53 -j DNSFILTER
iptables -t nat -I prerouting_media_rule -p tcp -m tcp --dport 53 -j DNSFILTER
iptables -t nat -I prerouting_media_rule -p udp -m udp --dport 53 -j DNSFILTER
iptables -t nat -I prerouting_iot_rule -p tcp -m tcp --dport 53 -j DNSFILTER
iptables -t nat -I prerouting_iot_rule -p udp -m udp --dport 53 -j DNSFILTER
#iptables -t nat -A DNSFILTER -m mac --mac-source X:X:X:X:X:X -j DNAT --to-destination <dns.ip>
iptables -t nat -A DNSFILTER -j DNAT --to-destination 127.0.0.1

ip6tables -t nat -I PREROUTING -i bond0.1 -p tcp --dport 53 -j DNAT --to-destination [::1]:53
ip6tables -t nat -I PREROUTING -i bond0.1 -p udp --dport 53 -j DNAT --to-destination [::1]:53
ip6tables -t nat -I PREROUTING -i bond0.120 -p tcp --dport 53 -j DNAT --to-destination [::1]:53
ip6tables -t nat -I PREROUTING -i bond0.120 -p udp --dport 53 -j DNAT --to-destination [::1]:53
ip6tables -t nat -I PREROUTING -i bond0.140 -p tcp --dport 53 -j DNAT --to-destination [::1]:53
ip6tables -t nat -I PREROUTING -i bond0.140 -p udp --dport 53 -j DNAT --to-destination [::1]:53

#NTPFilter
iptables -t nat -I prerouting_rule -p udp -m udp --dport 123 -j DNAT --to-destination 127.0.0.1
ip6tables -t nat -I PREROUTING -p udp --dport 123 -j DNAT --to-destination [::1]:123

for the IPv4 rules you need to set 'route_localnet' via sysctl.
for the IPv6 rules you need to add the packages to enable ipv6/ip6tables NAT6

But your work with uci is great. If I (someone) can figure out luci, that's probably how we would need to manipulate things.
 
I wimped out and just added them in custom....
Code:
#DNSFilter
iptables -t nat -N DNSFILTER
iptables -t nat -I prerouting_lan_rule -p tcp -m tcp --dport 53 -j DNSFILTER
iptables -t nat -I prerouting_lan_rule -p udp -m udp --dport 53 -j DNSFILTER
iptables -t nat -I prerouting_media_rule -p tcp -m tcp --dport 53 -j DNSFILTER
iptables -t nat -I prerouting_media_rule -p udp -m udp --dport 53 -j DNSFILTER
iptables -t nat -I prerouting_iot_rule -p tcp -m tcp --dport 53 -j DNSFILTER
iptables -t nat -I prerouting_iot_rule -p udp -m udp --dport 53 -j DNSFILTER
#iptables -t nat -A DNSFILTER -m mac --mac-source X:X:X:X:X:X -j DNAT --to-destination <dns.ip>
iptables -t nat -A DNSFILTER -j DNAT --to-destination 127.0.0.1

ip6tables -t nat -I PREROUTING -i bond0.1 -p tcp --dport 53 -j DNAT --to-destination [::1]:53
ip6tables -t nat -I PREROUTING -i bond0.1 -p udp --dport 53 -j DNAT --to-destination [::1]:53
ip6tables -t nat -I PREROUTING -i bond0.120 -p tcp --dport 53 -j DNAT --to-destination [::1]:53
ip6tables -t nat -I PREROUTING -i bond0.120 -p udp --dport 53 -j DNAT --to-destination [::1]:53
ip6tables -t nat -I PREROUTING -i bond0.140 -p tcp --dport 53 -j DNAT --to-destination [::1]:53
ip6tables -t nat -I PREROUTING -i bond0.140 -p udp --dport 53 -j DNAT --to-destination [::1]:53

#NTPFilter
iptables -t nat -I prerouting_rule -p udp -m udp --dport 123 -j DNAT --to-destination 127.0.0.1
ip6tables -t nat -I PREROUTING -p udp --dport 123 -j DNAT --to-destination [::1]:123

for the IPv4 rules you need to set 'route_localnet' via sysctl.
for the IPv6 rules you need to add the packages to enable ipv6/ip6tables NAT6

But your work with uci is great. If I (someone) can figure out luci, that's probably how we would need to manipulate things.
I’m really holding out for them to work out the issues building SNAPSHOT with firewall4 and nftables. That’s going to be a new frontier. Drink the Kool-Aid.
 
I don't think that is for samba - isn't that for the kernel-based implementation?



Yep, that is what I found out last night. Ksmb does look like a compact lightweight alternative to samba. I am curious enough to want to check it out in a VM. I just needed a share to get a data file off. Ksmb looks like something compact enough for that job.

That is another advantage of the Raspberry Pi image. I was able to expand the image out to fill the SD card, so space is not a concern.
 

Latest threads

Support SNBForums w/ Amazon

If you'd like to support SNBForums, just use this link and buy anything on Amazon. Thanks!

Sign Up For SNBForums Daily Digest

Get an update of what's new every day delivered to your mailbox. Sign up here!
Top