Skynet Skynet - Router Firewall & Security Enhancements

[john9527]

/tmp/mnt/DT_1/myswap.swp

So there's a 3rd partition (DT_1)? Is the swap on a different USB stick?

 

[Diamond67]

So there's a 3rd partition (DT_1)? Is the swap on a different USB stick?

I am not TonyK132 and I have no problem with swap.

Just copy/pasted line of my syslog.

 

[john9527]

I am not TonyK132 and I have no problem with swap.

Just copy/pasted line of my syslog.

Oops...my bad

 

[Diamond67]

Oops...my bad

No problemo.

Actually I did have a problem with my swap file earlier (see message #3472 of this thread), supposedly because I had Disk check script enabled in amtm and the swap file wouldn't be ready soon enough for Skynet.

But after disabling the Disk check script Skynet starts OK now.

 

[TonyK132]

And I'm guessing the swap is installed on the first partition.....

No, it's at sda2, same as the location of the Skynet directory.

And no, in the logs at boot time, I have no line about that Swap file, other than Skynet complaining I need one. Remember, I'm using the Swap file that Skynet created.

 

[Diamond67]

I have no line about that Swap file, other than Skynet complaining I need one. Remember, I'm using the Swap file that Skynet created.

Have you Diversion installed? Because under more options (o) of Diversion you can easily create and manage (sw) your swap file.

https://www.snbforums.com/threads/diversion-the-router-ad-blocker.48538/

 

[TonyK132]

Have you Diversion installed? Because under more options (o) of Diversion you can easily create and manage (sw) your swap file.

https://www.snbforums.com/threads/diversion-the-router-ad-blocker.48538/

No, I do not.

 

[Diamond67]

No, I do not.

OK.

I created my swap with Diversion. I haven't tested the swap file management of Skynet though. So cannot tell if it works somehow differently.

 

[Diamond67]

I have no line about that Swap file

If you go to your router gui and to Tools - Sysinfo, does it show your swap under Memory? Something like this:

Swap       9.85 / 256.00 MB

If you don't have a working swap, there should be: "Swap 0.00/0.00 MB"

 

[TonyK132]

If you go to your router gui and to Tools - Sysinfo, does it show your swap under Memory? Something like this:

Swap       9.85 / 256.00 MB

Here's what the Memory section looks like.

This is the size that I entered when I installed Skynet, but how can I tell if this is the same Swap file?

 

[Diamond67]

This is the size that I entered when I installed Skynet, but how can I tell if this is the same Swap file?

I am not an expert. So, maybe I should shut up anyway. But there seems to be a swap file (gui), and even your Skynet showed it and its location:

SWAP File; /tmp/mnt/data/myswap.swp (512.5M)

But somehow it doesn't work or at least your Skynet won't see a working swap file when the router is booting. Cannot say why.

I think there should be a syslog line saying "...kernel: Adding blah-blahk swap on /tmp/mnt/blah-blah/myswap.swp"

Your syslog is missing that line totally?

 

[joe scian]

Adam
I received comments from Martineau - not sure if this is useful to you


↑
There are inherent ASUS implemented firewall rules that refer to '-j logdrop'
Code:
iptables-save | grep -E "logdrop"

:logdrop - [0:0]
-A INPUT -i eth0 -p icmp -m icmp --icmp-type 8 -j logdrop
-A INPUT -m state --state INVALID -j logdrop
-A INPUT -j logdrop

-A FORWARD -m state --state INVALID -j logdrop

-A NSFW -i br0 -o eth0 -j logdrop

-A SECURITY -p tcp -m tcp --tcp-flags FIN,SYN,RST,ACK SYN -j logdrop
-A SECURITY -p tcp -m tcp --tcp-flags FIN,SYN,RST,ACK RST -j logdrop
-A SECURITY -p icmp -m icmp --icmp-type 8 -j logdrop

-A logdrop -j DROP

-A other2wan -j logdrop
so presumably in the SECURITY chain (and if the USER enables Network Services Filter) etc. then ASUS deems it a requirement to write a tracking message to Syslog rather than silently DROP the packet.

When Skynet is installed, this expected logging functionality is no longer available - no idea why Skynet now wishes to interfere and unilaterally prevent firewall rule trigger messages being written to Syslog?
(NOTE: Even if you temporarily disable Skynet, it doesn't restore the logdrop chain.)

P.S. You can provide the 'fixskynet' directive when requesting IPCamsBlock.sh and both the script and the ASUS firewall rules will work as intended.

 

[TonyK132]

I am not an expert. So, maybe I should shut up anyway. But there seems to be a swap file (gui), and even your Skynet showed it and its location:

SWAP File; /tmp/mnt/data/myswap.swp (512.5M)

But somehow it doesn't work or at least your Skynet won't see a working swap file when the router is booting. Cannot say why.

I think there should be a syslog line saying "...kernel: Adding blah-blahk swap on /tmp/mnt/blah-blah/myswap.swp"

Your syslog is missing that line totally?

Correct, I do not have such a line in my logs after a boot. I was assuming (maybe wrongly) that that Swap file was only being used by Skynet and is unrelated to whatever other Swap files are needed by the rest of the system. So I'm surprised that the GUI shows that size which just happens to be identically the same size as what I declared for Skynet. Hopefully Adam or a guru can help here. But thanks for your help.

 

[skeal]

Correct, I do not have such a line in my logs after a boot. I was assuming (maybe wrongly) that that Swap file was only being used by Skynet and is unrelated to whatever other Swap files are needed by the rest of the system. So I'm surprised that the GUI shows that size which just happens to be identically the same size as what I declared for Skynet. Hopefully Adam or a guru can help here. But thanks for your help.

Since flashing to the new firmware have you reset to factory defaults?

 

[TonyK132]

Since flashing to the new firmware have you reset to factory defaults?

Yes, I did that when I installed the beta1 f/w. I installed beta1 over alpha3, but because of a password issue, I needed to reset to defaults, then reloaded everything, which included Skynet. Skynet was working great for me under alpha3. I'm only having this issue since I moved to beta1.

 

[skeal]

Yes, I did that when I installed the beta1 f/w. I installed beta1 over alpha3, but because of a password issue, I needed to reset to defaults, then reloaded everything, which included Skynet. Skynet was working great for me under alpha3. I'm only having this issue since I moved to beta1.

Simplify your setup. Try just using 1 drive instead of 2 and using only 1 partition. File system ext2. Get things working and then add the other drive.

 

[TonyK132]

Simplify your setup. Try just using 1 drive instead of 2 and using only 1 partition. File system ext2. Get things working and then add the other drive.

Thanks, but I only have 1 drive. 2 partitions but 1 drive. I could try putting that swap file in the other partition, and eliminating that other partition completely since I only have entware in case I find something I'd want in the future.

 

[visortgw]

Thanks, but I only have 1 drive. 2 partitions but 1 drive. I could try putting that swap file in the other partition, and eliminating that other partition completely since I only have entware in case I find something I'd want in the future.

No real reason to partition small USB flash drives...

 

[skeal]

Thanks, but I only have 1 drive. 2 partitions but 1 drive. I could try putting that swap file in the other partition, and eliminating that other partition completely since I only have entware in case I find something I'd want in the future.

I think Skynet and the swap should be on the same partition. IMHO

 

[visortgw]

I think Skynet and the swap should be on the same partition. IMHO

That makes a lot of sense -- it guarantees that Skynet has access to the swap file as needed.