Skynet Skynet - Router Firewall & Security Enhancements

[bearever]

You need the newest alpha build for your router. 384.15_Alpha1

It works now. Thanks Skeal. [emoji4]


Sent from my iPhone using Tapatalk Pro

 

[Adamm]

Dear all,
I observed a stange behavior with skynet in combination with the x3mrouting script. After updating skynet the specific routing to the different vpnclients worked normally. After rebooting, all traffic was through VPN1 , although mostly should be routed to VPN4.

If I force skynet to update again, the orgininal (wanted) situation is there again, till I boot the router again.
I first thought it was a change in the x3mrouting script, but it seems to be, that I could be related with the latest changes in skynet (maybe)?

Any idea what could happen or what I could test to get it done without any additional manual work after rebooting of the router ?

(If you restart Skynet via AMTM it works at it should. Could there be a conflict with x3mrouting?)

Thanks a lot for your support.

Hugo.

Sounds like a bug with x3mrouting that gets corrected with a restart_firewall event, unrelated to Skynet so I suggest posting in that thread for better assistance.

 

[andresmorago]

hi.
im trying to enable the web gui in order to view some info but so far i havent been able to see it.

im running 384.14_2 on a AC3100. I have running latests version of
Skynet
Diversion
Diversion stats
NTP daemon
Speedtest (develop branch)
Uptime monitoring

So far i have disabled gui, restarted skynet and re enabled gui with no positive results. also, restarting router several times doesnt seem to fix it either.

can you please advise what else can i troubleshoot?

thanks!

 

[QuikSilver]

hi.
im trying to enable the web gui in order to view some info but so far i havent been able to see it.

im running 384.14_2 on a AC3100. I have running latests version of
Skynet
Diversion
Diversion stats
NTP daemon
Speedtest (develop branch)
Uptime monitoring

So far i have disabled gui, restarted skynet and re enabled gui with no positive results. also, restarting router several times doesnt seem to fix it either.

can you please advise what else can i troubleshoot?

thanks!

You must be on the latest 384.15 alpha firmware for it to work

 

[Adamm]

hi.
im trying to enable the web gui in order to view some info but so far i havent been able to see it.

im running 384.14_2 on a AC3100. I have running latests version of
Skynet
Diversion
Diversion stats
NTP daemon
Speedtest (develop branch)
Uptime monitoring

So far i have disabled gui, restarted skynet and re enabled gui with no positive results. also, restarting router several times doesnt seem to fix it either.

can you please advise what else can i troubleshoot?

thanks!

You must be on the latest 384.15 alpha firmware for it to work

Adding to this, I believe the spdMerlin develop branch is actually behind master now so you will need to update that also.

 

[andresmorago]

great. thanks to all!

 

[Clark Griswald]

@Adamm
Thank You for your effort and Skynet beta is working well!!
Despite my advanced technical foolishness, I have been unable to cause any issues.

 

[L&LD]

@RMerlin and @Adamm and @Jack Yaz and @thelonelycoder and any others I am forgetting right now, thank you again for this monumental leap in reporting of the inner workings of our routers.

I have installed RMerlin v384.15 Alpha 1 on RT-AC66U_B1, RT-AC68U, RT-AC3100, RT-AC86U and on RT-AX88U routers. I then updated all scripts as necessary (including a forced 'uf' update on the Jack Yaz scripts) and then finally, I rebooted the routers twice in 15 or 20 minutes. After the second reboot and waiting at least 10 more minutes (particularly on the older models), there were no issues on any of these routers. All scripts/tabs showed as intended in the GUI and the networks remained smooth too.

The enhanced reporting is great and the routers are just as stable as ever.

Now, when will the 'make coffee and toast at 6:45 AM' option be ready for supported routers?

To those that seem to have problems, make sure you update everything from the 'master' branch, make sure you run 'uf' for the scripts as needed, and make sure that the router is rebooted at least twice (with at least a 15-minute wait between reboots).

Again, many thanks to all for your great teamwork to pull this off so fast. Our mere consumer equipment and our networks have never been so safe or so beautifully informative!

 

[JemTheWire]

The SkynetUI had gone pear-shaped for me.

It was working fine, showing everything it was supposed too. However, after a router reboot, the SknetUI tab shows, but I simply get the message 'No Data' displayed in the data fields.

This is a bit weird as the usual non-UI logs are still populating.

I have tried un-installing, re-installing. Forcing an update after the initial installation. Cleared browser cache. Tried from my iPad, iPhone etc.

The SkynetUI is not corrupt, it just isn't showing data.

Any ideas?

 

[Adamm]

The SkynetUI had gone pear-shaped for me.

It was working fine, showing everything it was supposed too. However, after a router reboot, the SknetUI tab shows, but I simply get the message 'No Data' displayed in the data fields.

This is a bit weird as the usual non-UI logs are still populating.

I have tried un-installing, re-installing. Forcing an update after the initial installation. Cleared browser cache. Tried from my iPad, iPhone etc.

The SkynetUI is not corrupt, it just isn't showing data.

Any ideas?

Uninstalling deletes the log file where stats are generated from so this to be expected (logs are also purged when the file reaches 10MB). Give them time to accumulate

 

[martinr]

The SkynetUI had gone pear-shaped for me.

It was working fine, showing everything it was supposed too. However, after a router reboot, the SknetUI tab shows, but I simply get the message 'No Data' displayed in the data fields.

This is a bit weird as the usual non-UI logs are still populating.

I have tried un-installing, re-installing. Forcing an update after the initial installation. Cleared browser cache. Tried from my iPad, iPhone etc.

The SkynetUI is not corrupt, it just isn't showing data.

Any ideas?

You’ve tried the advice in L&LD’s post above yours?

 

[JemTheWire]

I realise that, but I only un-installed/re-installed in the first place because I had the ‘No Data’ issue.

And yes, I have waited over 15 minutes for it to populate and also clicked the ‘Update’ button in the SkynetUI tab.

 

[Adamm]

I realise that, but I only un-installed/re-installed in the first place because I had the ‘No Data’ issue.

And yes, I have waited over 15 minutes for it to populate and also clicked the ‘Update’ button in the SkynetUI tab.

Does Skynet.log in your Skynet install directory contain any data? I also assume you have logging enabled.

 

[JemTheWire]

The log contains:

Jan  6 13:10:01 kernel: [BLOCKED - INBOUND] IN=eth0 OUT= MAC=0c:9d:92:01:d2:30:70:e4:22:f1:98:1a:08:00 SRC=92.118.37.74 DST=86.21.121.203 LEN=40 TOS=0x00 PREC=0x00 TTL=247 ID=40335 PROTO=TCP SPT=52060 DPT=27278 SEQ=2604502730 ACK=0 WINDOW=1024 RES=0x00 SYN URGP=0 MARK=0x8000000
Jan  6 13:10:01 kernel: [BLOCKED - INBOUND] IN=eth0 OUT= MAC=0c:9d:92:01:d2:30:70:e4:22:f1:98:1a:08:00 SRC=92.118.37.74 DST=86.21.121.203 LEN=40 TOS=0x00 PREC=0x00 TTL=247 ID=40335 PROTO=TCP SPT=52060 DPT=27278 SEQ=2604502730 ACK=0 WINDOW=1024 RES=0x00 SYN URGP=0 MARK=0x8000000

 

[Adamm]

The log contains:

Jan  6 13:10:01 kernel: [BLOCKED - INBOUND] IN=eth0 OUT= MAC=0c:9d:92:01:d2:30:70:e4:22:f1:98:1a:08:00 SRC=92.118.37.74 DST=86.21.121.203 LEN=40 TOS=0x00 PREC=0x00 TTL=247 ID=40335 PROTO=TCP SPT=52060 DPT=27278 SEQ=2604502730 ACK=0 WINDOW=1024 RES=0x00 SYN URGP=0 MARK=0x8000000
Jan  6 13:10:01 kernel: [BLOCKED - INBOUND] IN=eth0 OUT= MAC=0c:9d:92:01:d2:30:70:e4:22:f1:98:1a:08:00 SRC=92.118.37.74 DST=86.21.121.203 LEN=40 TOS=0x00 PREC=0x00 TTL=247 ID=40335 PROTO=TCP SPT=52060 DPT=27278 SEQ=2604502730 ACK=0 WINDOW=1024 RES=0x00 SYN URGP=0 MARK=0x8000000

Just two lines or is that an extract? In either case try the following command;

sh /jffs/scripts/firewall debug genstats

See if any data appears then, if not post the contents of your “stats.js” file under the /webui folder in your Skynet install directory.

 

[JemTheWire]

Yes, only those two lines.

I have just run that command and still webUI says no data.

Here is a copy of the stats.js file you requested:

		function SetBLCount1() {
	document.getElementById("blcount1").innerHTML = "152193"
}

function SetBLCount2() {
	document.getElementById("blcount2").innerHTML = "1575"
}

function SetHits1() {
	document.getElementById("hits1").innerHTML = "330"
}

function SetHits2() {
	document.getElementById("hits2").innerHTML = "9"
}

function SetStatsDate() {
	document.getElementById("statsdate").innerHTML = "Last Updated - 07:57:56 PM"
}

var DataInPortHits;
DataInPortHits = [];
DataInPortHits.unshift('2');

var LabelInPortHits;
LabelInPortHits = [];
LabelInPortHits.unshift('27278');

var DataSPortHits;
DataSPortHits = [];
DataSPortHits.unshift('2');

var LabelSPortHits;
LabelSPortHits = [];
LabelSPortHits.unshift('52060');

var LabelInConn_IPs;
LabelInConn_IPs = [];
LabelInConn_IPs.unshift('92.118.37.74');

var LabelInConn_BanReason;
LabelInConn_BanReason = [];
LabelInConn_BanReason.unshift('alienvault_reputation.ipset');

var LabelInConn_AlienVault;
LabelInConn_AlienVault = [];
LabelInConn_AlienVault.unshift('https://otx.alienvault.com/indicator/ip/92.118.37.74');

var LabelInConn_Country;
LabelInConn_Country = [];
LabelInConn_Country.unshift('RU');

var LabelInConn_AssDomains;
LabelInConn_AssDomains = [];
LabelInConn_AssDomains.unshift('*');

var LabelOutConn_IPs;
LabelOutConn_IPs = [];
LabelOutConn_IPs.unshift('');

var LabelOutConn_BanReason;
LabelOutConn_BanReason = [];
LabelOutConn_BanReason.unshift('');

var LabelOutConn_AlienVault;
LabelOutConn_AlienVault = [];
LabelOutConn_AlienVault.unshift('');

var LabelOutConn_Country;
LabelOutConn_Country = [];
LabelOutConn_Country.unshift('');

var LabelOutConn_AssDomains;
LabelOutConn_AssDomains = [];
LabelOutConn_AssDomains.unshift('');

var LabelHTTPConn_IPs;
LabelHTTPConn_IPs = [];
LabelHTTPConn_IPs.unshift('');

var LabelHTTPConn_BanReason;
LabelHTTPConn_BanReason = [];
LabelHTTPConn_BanReason.unshift('');

var LabelHTTPConn_AlienVault;
LabelHTTPConn_AlienVault = [];
LabelHTTPConn_AlienVault.unshift('');

var LabelHTTPConn_Country;
LabelHTTPConn_Country = [];
LabelHTTPConn_Country.unshift('');

var LabelHTTPConn_AssDomains;
LabelHTTPConn_AssDomains = [];
LabelHTTPConn_AssDomains.unshift('');

var DataTHConnHits;
DataTHConnHits = [];
DataTHConnHits.unshift('');

var LabelTHConnHits_IPs;
LabelTHConnHits_IPs = [];
LabelTHConnHits_IPs.unshift('');

var LabelTHConnHits_Country;
LabelTHConnHits_Country = [];
LabelTHConnHits_Country.unshift('');

var DataTIConnHits;
DataTIConnHits = [];
DataTIConnHits.unshift('2');

var LabelTIConnHits_IPs;
LabelTIConnHits_IPs = [];
LabelTIConnHits_IPs.unshift('92.118.37.74');

var LabelTIConnHits_Country;
LabelTIConnHits_Country = [];
LabelTIConnHits_Country.unshift('RU');

var DataTOConnHits;
DataTOConnHits = [];
DataTOConnHits.unshift('');

var LabelTOConnHits_IPs;
LabelTOConnHits_IPs = [];
LabelTOConnHits_IPs.unshift('');

var LabelTOConnHits_Country;
LabelTOConnHits_Country = [];
LabelTOConnHits_Country.unshift('');

 

[Adamm]

Yes, only those two lines.

I have just run that command and still webUI says no data.

Here is a copy of the stats.js file you requested:

        function SetBLCount1() {
    document.getElementById("blcount1").innerHTML = "152193"
}

function SetBLCount2() {
    document.getElementById("blcount2").innerHTML = "1575"
}

function SetHits1() {
    document.getElementById("hits1").innerHTML = "330"
}

function SetHits2() {
    document.getElementById("hits2").innerHTML = "9"
}

function SetStatsDate() {
    document.getElementById("statsdate").innerHTML = "Last Updated - 07:57:56 PM"
}

var DataInPortHits;
DataInPortHits = [];
DataInPortHits.unshift('2');

var LabelInPortHits;
LabelInPortHits = [];
LabelInPortHits.unshift('27278');

var DataSPortHits;
DataSPortHits = [];
DataSPortHits.unshift('2');

var LabelSPortHits;
LabelSPortHits = [];
LabelSPortHits.unshift('52060');

var LabelInConn_IPs;
LabelInConn_IPs = [];
LabelInConn_IPs.unshift('92.118.37.74');

var LabelInConn_BanReason;
LabelInConn_BanReason = [];
LabelInConn_BanReason.unshift('alienvault_reputation.ipset');

var LabelInConn_AlienVault;
LabelInConn_AlienVault = [];
LabelInConn_AlienVault.unshift('https://otx.alienvault.com/indicator/ip/92.118.37.74');

var LabelInConn_Country;
LabelInConn_Country = [];
LabelInConn_Country.unshift('RU');

var LabelInConn_AssDomains;
LabelInConn_AssDomains = [];
LabelInConn_AssDomains.unshift('*');

var LabelOutConn_IPs;
LabelOutConn_IPs = [];
LabelOutConn_IPs.unshift('');

var LabelOutConn_BanReason;
LabelOutConn_BanReason = [];
LabelOutConn_BanReason.unshift('');

var LabelOutConn_AlienVault;
LabelOutConn_AlienVault = [];
LabelOutConn_AlienVault.unshift('');

var LabelOutConn_Country;
LabelOutConn_Country = [];
LabelOutConn_Country.unshift('');

var LabelOutConn_AssDomains;
LabelOutConn_AssDomains = [];
LabelOutConn_AssDomains.unshift('');

var LabelHTTPConn_IPs;
LabelHTTPConn_IPs = [];
LabelHTTPConn_IPs.unshift('');

var LabelHTTPConn_BanReason;
LabelHTTPConn_BanReason = [];
LabelHTTPConn_BanReason.unshift('');

var LabelHTTPConn_AlienVault;
LabelHTTPConn_AlienVault = [];
LabelHTTPConn_AlienVault.unshift('');

var LabelHTTPConn_Country;
LabelHTTPConn_Country = [];
LabelHTTPConn_Country.unshift('');

var LabelHTTPConn_AssDomains;
LabelHTTPConn_AssDomains = [];
LabelHTTPConn_AssDomains.unshift('');

var DataTHConnHits;
DataTHConnHits = [];
DataTHConnHits.unshift('');

var LabelTHConnHits_IPs;
LabelTHConnHits_IPs = [];
LabelTHConnHits_IPs.unshift('');

var LabelTHConnHits_Country;
LabelTHConnHits_Country = [];
LabelTHConnHits_Country.unshift('');

var DataTIConnHits;
DataTIConnHits = [];
DataTIConnHits.unshift('2');

var LabelTIConnHits_IPs;
LabelTIConnHits_IPs = [];
LabelTIConnHits_IPs.unshift('92.118.37.74');

var LabelTIConnHits_Country;
LabelTIConnHits_Country = [];
LabelTIConnHits_Country.unshift('RU');

var DataTOConnHits;
DataTOConnHits = [];
DataTOConnHits.unshift('');

var LabelTOConnHits_IPs;
LabelTOConnHits_IPs = [];
LabelTOConnHits_IPs.unshift('');

var LabelTOConnHits_Country;
LabelTOConnHits_Country = [];
LabelTOConnHits_Country.unshift('');

Odd, you should have at least one entry for incoming connection stats. Any errors in the f12 developer menu on your browser?

Also what os/browser are you using?

 

[JemTheWire]

I have tried: Brave, Firefox and Safari on both my iPad and iPhone.

I have had enough tonight, my head is swimming with it all.

Once again, I have uninstalled Skynet completely. Made sure that the Skynet installation directory has been deleted. Rebooted the router, and then installed Skynet via the AMTM menu. Also creating a new swap file as I chose to delete the old one when I uninstalled Skynet.

I will leave the router untouched over night and check tomorrow evening when I get home from work.

Strange thing is that the traditional Skynet logs are still populating.

I feel that I am going round in circles.

Back tomorrow and thanks for you patience.

 

[dave14305]

Strange thing is that the traditional Skynet logs are still populating.

Your firewall is still set to log dropped packets. You can turn that off in the GUI Firewall tab, otherwise your syslog will be filled with these by morning without SkyNet cleaning them up every hour.

 

[fearz]

Possibly in the future but will need further investigating, doing so could potentially introduce a security hazard as it could be used maliciously to execute commands.

Think of it a little differently, we would want to ban/unban un-malicious IPs more, just the funtion avaiable in GUI is going to a huge time saver for us, maybe later implement a more interactive GUI, like for instance we would be able to interact (not just view) the graphs, hence the IPs, and with just a left click, ban...

I think that will be the shiznit!!!

Anyway well done brother, looking forward to seeing it being more developed.