What's new

Skynet Skynet - Router Firewall & Security Enhancements

  • SNBForums Code of Conduct

    SNBForums is a community for everyone, no matter what their level of experience.

    Please be tolerant and patient of others, especially newcomers. We are all here to share and learn!

    The rules are simple: Be patient, be nice, be helpful or be gone!

Hey guys,

I have an odd problem, Skynet won't start anymore using amtm menu. It gives me the error message: "Skynet: [*] USB Not Found - Sleeping For 10 Seconds" and does 10 attempts without any luck and goes back to amtm menu. Therefore I also cannot uninstall Skynet and Reinstall it.

There is a USB drive attached to the router which works (as Diversion and amtm is installed on it).

Any idea how to solve that?

sh /jffs/scripts/firewall install
 
Hey guys,

I have an odd problem, Skynet won't start anymore using amtm menu. It gives me the error message: "Skynet: [*] USB Not Found - Sleeping For 10 Seconds" and does 10 attempts without any luck and goes back to amtm menu. Therefore I also cannot uninstall Skynet and Reinstall it.

There is a USB drive attached to the router which works (as Diversion and amtm is installed on it).

Any idea how to solve that?
Format the drive to fat32 first, then run the format disk option in amtm to put Linux file system on the drive.
 
Ran into some problems whereby my Asus DDNS (....asuscomm.com) wouldn’t resolve. In case anyone comes across this, you may need to whitelist:

nwsrv-ns1.asus.com

(Note: that is a “one” in “ns1”)

If you know the corresponding nvram value I can add it by default (I don't use DDNS)
 
You will need to install everything again.
 
Ran into some problems whereby my Asus DDNS (....asuscomm.com) wouldn’t resolve. In case anyone comes across this, you may need to whitelist:

nwsrv-ns1.asus.com

(Note: that is a “one” in “ns1”)



If you know the corresponding nvram value I can add it by default (I don't use DDNS)

No, I don’t know, Adam, but, after a quick search, I can ask an expert (@ColinTaylor ) how I’d go about finding that variable for you.
 
No, I don’t know, Adam, but, after a quick search, I can ask an expert (@ColinTaylor ) how I’d go about finding that variable for you.

Code:
nvram show | grep ddns

Anything relevant there would be a pretty good start
 
Code:
nvram show | grep ddns

Anything relevant there would be a pretty good start

Code:
ASUSWRT-Merlin RT-AC68U 384.9-0 Sat Feb  2 18:16:52 UTC 2019
admin@RT-AC68U-2190:/tmp/home/root# nvram show | grep ddns
ddns_refresh_x=21
ddns_regular_check=0
ddns_hostname_x_old=
ddns_wan_unit=-1
ddns_old_name=
ddns_username_x=
ddns_last_wan_unit=-1
ddns_transfer=78:24:AF:E6:21:90
ddns_ipaddr=92.0.xx.xxx
ddns_cache=1549364681,92.0.24.131
ddns_regular_period=60
ddns_enable_x=1
ddns_update_by_wdog=
ddns_wildcard_x=0
size: ddns_server_x_old=WWW.ASUS.COM
57548 bytes (7988 left)
ddns_hostname_old=removed.asuscomm.com
ddns_return_code_chk=200
ddns_updated=1
ddns_ipcheck=0
ddns_return_code=
ddns_passwd_x=
ddns_hostname_x=removed.asuscomm.com
ddns_status=1
ddns_server_x=WWW.ASUS.COM
admin@RT-AC68U-2190:/tmp/home/root#


Is that of any help? (I inserted x in the ip address, and “removed” in the ddns address, and altered the username to admin)
 
Looks like that one specific address is hard-coded into the source code: https://github.com/RMerl/asuswrt-merlin.ng/blob/master/release/src/router/inadyn/plugins/asuscomm.c

Why it would be on a blacklist I can't imagine.

I see it. Many thanks, Colin. As to why it would be blacklisted, could it be that the IP address it translates to is a server that’s also hosting some dodgy sites? Would that account for it?

I’ve never needed to whitelist that domain up to now: resolution has always occurred within seconds of a new IP address. And, last night, before I discovered I needed to whitelist it, it did indeed once resolve, though it took perhaps an hour, which made me think the problem was remote. And when I did discover the solution, I saw that the answer had been posted a year ago, and I had even posted on the topic!

https://www.snbforums.com/threads/solved-is-there-a-problem-with-the-asus-ddns-service.44626/

Thanks again, Colin.
 
Last edited:
I was wondering if someone could help me out here. I want to block a certain IP address from accessing certain websites. How do I do that? I just want to block the one client from using these sites.
 
I was wondering if someone could help me out here. I want to block a certain IP address from accessing certain websites. How do I do that? I just want to block the one client from using these sites.
If something like Facebook or Youtube, good luck. They have multiple routes in different countries.
If p@rn@, warez, other specific site, then look at the Skynet firewall option to blacklist specific sites. There are instructions at the Skynet support site that walk through how to add a blacklist entry for a specific site not already covered in the blacklist download.
 
I suppose if it's just for the one client, I could use the Windows firewall but I was wondering if I could just block the one website so, let's say system2, can't connect to it but system1 can.
 
Today, after a router restart I found this in syslog:

Code:
Feb  5 22:37:18 rc_service: zcip 1100:notify_rc start_firewall
Feb  5 22:37:18 zcip_client: configured xxx.xxx.xxx.xxx
Feb  5 22:37:19 nat: apply nat rules (/tmp/nat_rules_ppp0_eth0)
Feb  5 22:37:20 custom_script: Running /jffs/scripts/firewall-start (args: ppp0)
Feb  5 22:37:41 kernel: TCP: time wait bucket table overflow
Feb  5 22:37:41 kernel: TCP: time wait bucket table overflow
Feb  5 22:37:41 kernel: TCP: time wait bucket table overflow
Feb  5 22:37:41 kernel: TCP: time wait bucket table overflow
Feb  5 22:37:41 kernel: TCP: time wait bucket table overflow
Feb  5 22:37:41 kernel: TCP: time wait bucket table overflow
Feb  5 22:37:41 kernel: TCP: time wait bucket table overflow
Feb  5 22:37:41 kernel: TCP: time wait bucket table overflow
Feb  5 22:37:41 kernel: TCP: time wait bucket table overflow
Feb  5 22:37:41 kernel: TCP: time wait bucket table overflow
Feb  5 22:37:42 kernel: ip_set: protocol 6
Feb  5 22:37:47 kernel: net_ratelimit: 95 callbacks suppressed
Feb  5 22:37:47 kernel: TCP: time wait bucket table overflow
Feb  5 22:37:47 kernel: TCP: time wait bucket table overflow
Feb  5 22:37:47 kernel: TCP: time wait bucket table overflow
Feb  5 22:37:48 kernel: TCP: time wait bucket table overflow
Feb  5 22:37:48 kernel: TCP: time wait bucket table overflow
Feb  5 22:37:48 kernel: TCP: time wait bucket table overflow
Feb  5 22:37:48 kernel: TCP: time wait bucket table overflow
Feb  5 22:37:48 kernel: TCP: time wait bucket table overflow
Feb  5 22:37:48 kernel: TCP: time wait bucket table overflow
Feb  5 22:37:48 kernel: TCP: time wait bucket table overflow
Feb  5 22:37:49 crond[250]: time disparity of 398432 minutes detected
Feb  5 22:37:53 kernel: net_ratelimit: 8 callbacks suppressed
Feb  5 22:37:53 kernel: TCP: time wait bucket table overflow
Feb  5 22:37:54 kernel: TCP: time wait bucket table overflow
Feb  5 22:37:57 kernel: TCP: time wait bucket table overflow
Feb  5 22:37:58 kernel: TCP: time wait bucket table overflow
Feb  5 22:38:00 kernel: TCP: time wait bucket table overflow
Feb  5 22:38:03 kernel: TCP: time wait bucket table overflow
Feb  5 22:38:09 Skynet: [#] 122553 IPs (+0) -- 4674 Ranges Banned (+0) || 0 Inbound -- 0 Outbound Connections Blocked! [start] [63s]
Never saw this before. Do I have to be worried?
 
Today, after a router restart I found this in syslog:

Code:
Feb  5 22:37:18 rc_service: zcip 1100:notify_rc start_firewall
Feb  5 22:37:18 zcip_client: configured xxx.xxx.xxx.xxx
Feb  5 22:37:19 nat: apply nat rules (/tmp/nat_rules_ppp0_eth0)
Feb  5 22:37:20 custom_script: Running /jffs/scripts/firewall-start (args: ppp0)
Feb  5 22:37:41 kernel: TCP: time wait bucket table overflow
Feb  5 22:37:41 kernel: TCP: time wait bucket table overflow
Feb  5 22:37:41 kernel: TCP: time wait bucket table overflow
Feb  5 22:37:41 kernel: TCP: time wait bucket table overflow
Feb  5 22:37:41 kernel: TCP: time wait bucket table overflow
Feb  5 22:37:41 kernel: TCP: time wait bucket table overflow
Feb  5 22:37:41 kernel: TCP: time wait bucket table overflow
Feb  5 22:37:41 kernel: TCP: time wait bucket table overflow
Feb  5 22:37:41 kernel: TCP: time wait bucket table overflow
Feb  5 22:37:41 kernel: TCP: time wait bucket table overflow
Feb  5 22:37:42 kernel: ip_set: protocol 6
Feb  5 22:37:47 kernel: net_ratelimit: 95 callbacks suppressed
Feb  5 22:37:47 kernel: TCP: time wait bucket table overflow
Feb  5 22:37:47 kernel: TCP: time wait bucket table overflow
Feb  5 22:37:47 kernel: TCP: time wait bucket table overflow
Feb  5 22:37:48 kernel: TCP: time wait bucket table overflow
Feb  5 22:37:48 kernel: TCP: time wait bucket table overflow
Feb  5 22:37:48 kernel: TCP: time wait bucket table overflow
Feb  5 22:37:48 kernel: TCP: time wait bucket table overflow
Feb  5 22:37:48 kernel: TCP: time wait bucket table overflow
Feb  5 22:37:48 kernel: TCP: time wait bucket table overflow
Feb  5 22:37:48 kernel: TCP: time wait bucket table overflow
Feb  5 22:37:49 crond[250]: time disparity of 398432 minutes detected
Feb  5 22:37:53 kernel: net_ratelimit: 8 callbacks suppressed
Feb  5 22:37:53 kernel: TCP: time wait bucket table overflow
Feb  5 22:37:54 kernel: TCP: time wait bucket table overflow
Feb  5 22:37:57 kernel: TCP: time wait bucket table overflow
Feb  5 22:37:58 kernel: TCP: time wait bucket table overflow
Feb  5 22:38:00 kernel: TCP: time wait bucket table overflow
Feb  5 22:38:03 kernel: TCP: time wait bucket table overflow
Feb  5 22:38:09 Skynet: [#] 122553 IPs (+0) -- 4674 Ranges Banned (+0) || 0 Inbound -- 0 Outbound Connections Blocked! [start] [63s]
Never saw this before. Do I have to be worried?
Just answered by RMerlin in the 384.9 release thread.
https://www.snbforums.com/threads/r...-9-is-now-available.54843/page-11#post-464170
 
I just want to block the one client from using these sites.

put parental control software on the client if you have to deal with a user who knows how
to modify windows firewall, hosts file or use a vpn client to circumvent your intended blocks.
 
If I am using USB for Diversion, can I use same or this HAS to be separate?
 
If I am using USB for Diversion, can I use same or this HAS to be separate?

It’s perfectly ok to use same USB drive and partition for all scripts. That’s what I do. Recommend you use AMTM fd function for formatting the USB ext filesystem. I use ext4 journaled.
 
Last edited:
I see it. Many thanks, Colin. As to why it would be blacklisted, could it be that the IP address it translates to is a server that’s also hosting some dodgy sites? Would that account for it?

I’ve never needed to whitelist that domain up to now: resolution has always occurred within seconds of a new IP address. And, last night, before I discovered I needed to whitelist it, it did indeed once resolve, though it took perhaps an hour, which made me think the problem was remote. And when I did discover the solution, I saw that the answer had been posted a year ago, and I had even posted on the topic!

https://www.snbforums.com/threads/solved-is-there-a-problem-with-the-asus-ddns-service.44626/

Thanks again, Colin.

I went ahead and whitelisted the address by default. It currently doesn't show on any default blacklist but I guess it did at some point.

I was wondering if someone could help me out here. I want to block a certain IP address from accessing certain websites. How do I do that? I just want to block the one client from using these sites.

Skynet doesn't have any parental control related features, you are best off using whatever tools are provided in the Web UI.
 
Hey guys,

I have an odd problem, Skynet won't start anymore using amtm menu. It gives me the error message: "Skynet: [*] USB Not Found - Sleeping For 10 Seconds" and does 10 attempts without any luck and goes back to amtm menu. Therefore I also cannot uninstall Skynet and Reinstall it.

There is a USB drive attached to the router which works (as Diversion and amtm is installed on it).

Any idea how to solve that?
It happened to me as well.

I removed the USB Drive, put it back and Skynet came back.
 
Why is a USB drive required? I have not found an answer to this. I am sure the answer is quite simple as there is not enough storage on the router in the JFFS area but I have not seen this question asked or an explanation provided.
 

Support SNBForums w/ Amazon

If you'd like to support SNBForums, just use this link and buy anything on Amazon. Thanks!

Sign Up For SNBForums Daily Digest

Get an update of what's new every day delivered to your mailbox. Sign up here!
Top