What's new

Skynet Skynet - Router Firewall & Security Enhancements

  • SNBForums Code of Conduct

    SNBForums is a community for everyone, no matter what their level of experience.

    Please be tolerant and patient of others, especially newcomers. We are all here to share and learn!

    The rules are simple: Be patient, be nice, be helpful or be gone!

I've been running Skynet for about three weeks now and I have yet to get any blocked inbound connection attempts. Outbound, yes, but inbound is completely clean ["No Data To Display"] which I find hard to believe. Any suggestions on how to investigate this?
 
Based on what metric?

top command. 300m. Am I misreading?

e3bd0611ad2ae70700a8df25661d0007.jpg
 
I've been running Skynet for about three weeks now and I have yet to get any blocked inbound connection attempts. Outbound, yes, but inbound is completely clean ["No Data To Display"] which I find hard to believe. Any suggestions on how to investigate this?

Whats the output of;

Code:
sh /jffs/scripts/firewall debug info
 
top command. 300m. Am I misreading?

e3bd0611ad2ae70700a8df25661d0007.jpg
There is something seriously wrong there, although I ain't smart enough to know what. Pixelserv certainly shouldn't be 222mb either.
Code:
Mem: 86188K used, 169248K free, 800K shrd, 1756K buff, 22920K cached
CPU: 54.1% usr 41.0% sys  0.0% nic  2.5% idle  0.6% io  0.0% irq  1.4% sirq
Load average: 2.48 2.54 2.45 3/112 11799
  PID  PPID USER     STAT   VSZ %VSZ CPU %CPU COMMAND
23168 23167 lionroot S    15556  6.0   1  0.0 syslog-ng
23167     1 lionroot S     8600  3.3   0  0.0 {syslog-ng} supervising syslog-ng
  274     1 lionroot S     6124  2.3   0  0.0 httpd -i br0
 1910     1 lionroot S     6084  2.3   1  0.0 /usr/sbin/smbd -D -s /etc/smb.conf
  295     1 lionroot S     5912  2.3   0  0.0 networkmap --bootwait
 1889     1 lionroot S     5880  2.3   1  0.0 nmbd -D -s /etc/smb.conf
 
There is something seriously wrong there, although I ain't smart enough to know what. Pixelserv certainly shouldn't be 222mb either.
Code:
Mem: 86188K used, 169248K free, 800K shrd, 1756K buff, 22920K cached
CPU: 54.1% usr 41.0% sys  0.0% nic  2.5% idle  0.6% io  0.0% irq  1.4% sirq
Load average: 2.48 2.54 2.45 3/112 11799
  PID  PPID USER     STAT   VSZ %VSZ CPU %CPU COMMAND
23168 23167 lionroot S    15556  6.0   1  0.0 syslog-ng
23167     1 lionroot S     8600  3.3   0  0.0 {syslog-ng} supervising syslog-ng
  274     1 lionroot S     6124  2.3   0  0.0 httpd -i br0
 1910     1 lionroot S     6084  2.3   1  0.0 /usr/sbin/smbd -D -s /etc/smb.conf
  295     1 lionroot S     5912  2.3   0  0.0 networkmap --bootwait
 1889     1 lionroot S     5880  2.3   1  0.0 nmbd -D -s /etc/smb.conf

mine is similar for syslog however I don't see that for pixelserv

 
mine is similar for syslog however I don't see that for pixelserv

My AC86U went Tango Uniform last Sunday, so I'm using my old AC3200, but still, it shouldn't be THAT big of a difference between platforms. Can someone with a (working) AC86U chime in with their syslog-ng memory usage?
 
I wonder if whoever is compiling them for Entware left some switches set wrong for the HND platform? Last version there was a problem with the non-HND reporting a bogus error. Not throwing stones at the Entware team, if the documentation for compiling syslog-ng is as poorly written as the "administration guide" I'm sure it took a lot of effort to figure out how to get it to work at all.
 
Quick question - is there a way that I can add an exception for a particular device on my network from the country blocks?

I have Unbound running on a Raspberry Pi and when it is trying to connect to any TLD servers located in China, Skynet steps in & blocks the connection. I'd like to keep the China country block, as I have a few devices on my network that try to 'phone home'.
 
Quick question - is there a way that I can add an exception for a particular device on my network from the country blocks?

I have Unbound running on a Raspberry Pi and when it is trying to connect to any TLD servers located in China, Skynet steps in & blocks the connection. I'd like to keep the China country block, as I have a few devices on my network that try to 'phone home'.

No, not with how the rules are currently designed.
 
There is something seriously wrong there, although I ain't smart enough to know what. Pixelserv certainly shouldn't be 222mb either.
Code:
Mem: 86188K used, 169248K free, 800K shrd, 1756K buff, 22920K cached
CPU: 54.1% usr 41.0% sys  0.0% nic  2.5% idle  0.6% io  0.0% irq  1.4% sirq
Load average: 2.48 2.54 2.45 3/112 11799
  PID  PPID USER     STAT   VSZ %VSZ CPU %CPU COMMAND
23168 23167 lionroot S    15556  6.0   1  0.0 syslog-ng
23167     1 lionroot S     8600  3.3   0  0.0 {syslog-ng} supervising syslog-ng
  274     1 lionroot S     6124  2.3   0  0.0 httpd -i br0
 1910     1 lionroot S     6084  2.3   1  0.0 /usr/sbin/smbd -D -s /etc/smb.conf
  295     1 lionroot S     5912  2.3   0  0.0 networkmap --bootwait
 1889     1 lionroot S     5880  2.3   1  0.0 nmbd -D -s /etc/smb.conf

I am pretty sure pixelserv is because of my google home devices. I have whole home using DNS Filtering to redirect to my router, and they generate waves of traffic... I see the memory of pixelserv go up and down, and when up I see like 120 threads running inside the servstats page. They do track to call home a lot... this generates large dnsmasq files as well.
 
I am pretty sure pixelserv is because of my google home devices. I have whole home using DNS Filtering to redirect to my router, and they generate waves of traffic... I see the memory of pixelserv go up and down, and when up I see like 120 threads running inside the servstats page. They do track to call home a lot... this generates large dnsmasq files as well.
A quote from the first post of the pixelserv-tls thread -
pixelserv-tls is a tiny bespoke HTTP/1.1 webserver with HTTPS and SNI support. It acts on behalf of hundreds of thousands of advert/tracker servers and responds to all requests with nothing to speed up web browsing.
I really do not believe your IoT devices are calling home to a web page full of ads. They are likely retrieving data from a server, and leaving some data as well. It is the members of your house accessing web pages on their browsers.

Run a tcdump on the router or follow the dnsmasq log in Diversion to see the astonishing number of calls that browser makes on each page.
 
Last edited:
A quote from the first post of the pixelserv-tls thread -

I really do not believe your IoT devices are not calling home to a web page full of ads. They are more like retrieving data from a server, and leaving some data as well. It is the members of your house accessing web pages on their browsers.

Ok, good point, the google homes generate a ton of DNS traffic but you are right they are not being redirected to https ad pages. It is odd that pixelserv is seeing huge spikes in blocked usage when it goes up to 12 threads and the memory increases. This happens as well late when many in the family are asleep.

Now I need to investigate more.

That being said, how much memory should syslog ng be using?
 
Guys lets keep it Skynet related to not drift offtopic and confuse people ;)
 
Ok, good point, the google homes generate a ton of DNS traffic but you are right they are not being redirected to https ad pages. It is odd that pixelserv is seeing huge spikes in blocked usage when it goes up to 12 threads and the memory increases. This happens as well late when many in the family are asleep.

Now I need to investigate more.

That being said, how much memory should syslog ng be using?
I just revised the post above as you typed. :)

Do this when your family is busy using the 'Net. Run a tcdump on the router (port 53 or port 853 depending on if you are using DoT or not) or follow the dnsmasq log in Diversion to see the astonishing number of calls that browser makes on each page.
 
Guys lets keep it Skynet related to not drift offtopic and confuse people ;)
Sorry, above is my last post - lets take this to Diversion or a new thread.
 
We are well within their 30k per month limit, I actually implemented the update frequency around this value. I assume the changes made on their end were unintended.
Thanks, but I think this is not working anymore. Skynet takes again several minutes to start.
Was good until now.
 
Thanks, but I think this is not working anymore. Skynet takes again several minutes to start.
Was good until now.

Can't reproduce on my end, make sure you are running the latest version, the run;

Code:
sh /jffs/scripts/firewall debug genstats

Post the time log here.
 
Code:
sh /jffs/scripts/firewall debug genstats
Post the time log here.

Nothing is happening:
Code:
[i] Generating Stats For WebUI


=============================================================================================================


[#] 305982 IPs (+0) -- 2052 Ranges Banned (+0) || 5 Inbound -- 0 Outbound Connections Blocked! [debug] [75s]

admin@myrouter-CD47:/tmp/home/root#
I don't use WebUI.
 

Latest threads

Support SNBForums w/ Amazon

If you'd like to support SNBForums, just use this link and buy anything on Amazon. Thanks!

Sign Up For SNBForums Daily Digest

Get an update of what's new every day delivered to your mailbox. Sign up here!

Staff online

Top