Skynet Skynet - Router Firewall & Security Enhancements

[Butterfly Bones]

As suspected you don't have enough available ram to unload the contents of the swap file, so you will need to uninstall in two stages;

sed -i '\~swapon ~d' /jffs/scripts/post-mount

Followed by a reboot of your router, then;

swapoff -a
rm -rf  "/tmp/mnt/USB/myswap.swp"

Then the swap install command should work as expected.

Switching to a SSD was probably the best thing I did. no more worrying about usb drives dying. And accessing everything on the scripts are very quick.



lol now that you have added that warning i'm getting it now due to my 512mb swap file which hasn't given me any issues at all. Not sure if i'm going to enlarge it.

Solved! I light went on when @Makaveli mentioned SSD. I had added a spare 1 TB SSD to use for Apple TimeMachine when I got a Macbook this summer. I copied all files from my USB thumb drive to my Linux desktop except myswap.swp, then copied all of them to the 1 TB SSD.

Shutdown the router, pulled the thumb drive, booted back up. Opened AMTM, created a 1 GB swap, and all scripts except Skynet worked (Could not find USB, sleeping xx seconds...) I just reran the Skynet curl install command, went through all the setup questions and Skynet found the existing files.

Opened Skynet from AMTM, and it works everything updated. AMTM update check shows all scripts up-to-date. All scripts and add ons are much snappier on the 1 TB SSD!

For any who do this, and had to change the location of the Traffic stats in Tools > Other settings.

Feb 15 11:29:33 RT-AC86U-4608 rstats[987]: Problem loading /mnt/SNB/tomato_rstats_88d7f61d4608.gz. Still trying...

 

[visortgw]

To increase swap file size, try this (which worked for me):

1. Temporarily disable Skynet and Diversion.
2. Delete swap file via amtm.
3. Create new 1 GB swap file via amtm.
4. Restart Skynet and Diversion.

 

[Diamond67]

To increase swap file size, try this (which worked for me):

Worked nicely for me as well! Thanks!

 

[Woolf]

i installed the latest version of skynet on my asus ac68u. i can connect via putty and administer skynet, but cant connect into my router via the xxx.asuscomm.com dyndns. also internal ip is also useless. i also used the github/whitelist instructions, but this didnt solve anything. temporarily turning off the firewall wasnt helpful, too.
perhaps this problem occured because i used ip lists to ban china and russian ips and somehow the dyndns got shut out?

 

[Adamm]

i installed the latest version of skynet on my asus ac68u. i can connect via putty and administer skynet, but cant connect into my router via the xxx.asuscomm.com dyndns. also internal ip is also useless. i also used the github/whitelist instructions, but this didnt solve anything. temporarily turning off the firewall wasnt helpful, too.
perhaps this problem occured because i used ip lists to ban china and russian ips and somehow the dyndns got shut out?

Halp - BestApp.exe or BestWebsite.com Is Being Blocked;

Don't worry, tracking down false positive bans was at the core of design. Generally speaking you can follow these steps to find (and whitelist) anything incorrectly on your Blacklist!

1.) Enable Logging

sh /jffs/scripts/firewall settings logmode enable

2.) Open the blocked application/website and use the command;

sh /jffs/scripts/firewall debug watch

Now look for a flood of [BLOCKED - OUTBOUND] coming from the same IP. This most likely will be the IP you are looking for if its being spammed in large numbers.

3.) Copy the IP following "DST=" it should look something like this;

DST=175.115.37.52

4.) Double check the IP is not actually something that should be banned, use a search tool like alienvault. If its related to a domain additional "Associated Domain" information should be printed beneath the log.

https://otx.alienvault.com/indicator/ip/175.115.37.52/

5.) Great we have confirmed we found the IP of the blocked website/application we are looking for, lets whitelist it!

sh /jffs/scripts/firewall whitelist ip 175.115.37.52

 

[Woolf]

well.. thats exactly what i did

 

[Adamm]

well.. thats exactly what i did

You said yourself that disabling Skynet didn't resolve the issue, that means Skynet isn't the cause

Unless your trying to access SSH remotely that is, then thats a different story.

 

[Ola Malmstrom]

Finally prepared a new USB drive and installed skynet once more. Added a few bans. All works very well! Thanks!!

 

[martinr]

Solved! I light went on when @Makaveli mentioned SSD. I had added a spare 1 TB SSD to use for Apple TimeMachine when I got a Macbook this summer. I copied all files from my USB thumb drive to my Linux desktop except myswap.swp, then copied all of them to the 1 TB SSD.

Shutdown the router, pulled the thumb drive, booted back up. Opened AMTM, created a 1 GB swap, and all scripts except Skynet worked (Could not find USB, sleeping xx seconds...) I just reran the Skynet curl install command, went through all the setup questions and Skynet found the existing files.

Opened Skynet from AMTM, and it works everything updated. AMTM update check shows all scripts up-to-date. All scripts and add ons are much snappier on the 1 TB SSD!

For any who do this, and had to change the location of the Traffic stats in Tools > Other settings.

Feb 15 11:29:33 RT-AC86U-4608 rstats[987]: Problem loading /mnt/SNB/tomato_rstats_88d7f61d4608.gz. Still trying...

Did you format the SSD first, and, if so, did you use AMTM?

(And you said you created a 1GB swap file. Did you mean a 2GB swap?)

 

[martinr]

Solved! I light went on when @Makaveli mentioned SSD. I had added a spare 1 TB SSD to use for Apple TimeMachine when I got a Macbook this summer. I copied all files from my USB thumb drive to my Linux desktop except myswap.swp, then copied all of them to the 1 TB SSD.

Shutdown the router, pulled the thumb drive, booted back up. Opened AMTM, created a 1 GB swap, and all scripts except Skynet worked (Could not find USB, sleeping xx seconds...) I just reran the Skynet curl install command, went through all the setup questions and Skynet found the existing files.

Opened Skynet from AMTM, and it works everything updated. AMTM update check shows all scripts up-to-date. All scripts and add ons are much snappier on the 1 TB SSD!

For any who do this, and had to change the location of the Traffic stats in Tools > Other settings.

Feb 15 11:29:33 RT-AC86U-4608 rstats[987]: Problem loading /mnt/SNB/tomato_rstats_88d7f61d4608.gz. Still trying...

I tried similar using a 160GB SSD, but I copied the files across using WinSCP and maybe that’s where I’ve run into my problem. I not only had to reinstall Skynet using the curl command but also Diversion. Now the only snag I have is I can’t get pixelserv-tls to run. I get


/opt/bin/diversion line 1: opkg: Permission denied

/opt/bin/diversion line 51: pixelserv-tls: Permission denied

/opt/bin/diversion line 51: /opt/bin/grep: Permission denied

the permissions of those files are 0644, as are the permissions of every other file in the bin directory.

Suggestions greatly appreciated.

 

[thelonelycoder]

I tried similar using a 160GB SSD, but I copied and files across using WinSCP and maybe that’s where I’ve run into my problem. I not only had to reinstall Skynet using the curl command but also Diversion. Now the only snag I have is I can’t get pixelserv-tls to run. I get


/opt/bin/diversion line 1: opkg: Permission denied

/opt/bin/diversion line 51: pixelserv-tls: Permission denied

/opt/bin/diversion line 51: /opt/bin/grep: Permission denied

the permissions of those files are 0644, as are the permissions of every other file in the bin directory.

Suggestions greatly appreciated.

Yeah, permissions are not to be played with. The whole (Entware) installation is probably set wrong.
Better start from scratch.

 

[martinr]

Yeah, permissions are not to be played with. The whole (Entware) installation is probably set wrong.
Better start from scratch.

Live and learn! Many thanks, Martin.

 

[Butterfly Bones]

Did you format the SSD first, and, if so, did you use AMTM?

(And you said you created a 1GB swap file. Did you mean a 2GB swap?)

SSD was formatted last summer when added via AMTM. Since I only planned to run TimeMachine backups on it, I tried Apple file systems and had many issues. In desperation, I formatted is ext4 with AMTM and not one hiccup in August.

I prefer some moderation, I went from 512 MB on the 16 GB flash drive to a 1 GB swap. I thought about 2 GB, but it just seems excessive. Hopefully I don't have to eat those words in a year.

Permissions were checked carefully. Because my primary computer is Linux, I knew the permissions are copied and retained. I use FileZilla for SFTP transfers, and checked both windows to make sure they stayed from USB (journaled ext4) . Then copied from computer back to SSD (journaled ext4).

 

[martinr]

SSD was formatted last summer when added via AMTM. Since I only planned to run TimeMachine backups on it, I tried Apple file systems and had many issues. In desperation, I formatted is ext4 with AMTM and not one hiccup in August.

I prefer some moderation, I went from 512 MB on the 16 GB flash drive to a 1 GB swap. I thought about 2 GB, but it just seems excessive. Hopefully I don't have to eat those words in a year.

Permissions were checked carefully. Because my primary computer is Linux, I knew the permissions are copied and retained. I use FileZilla for SFTP transfers, and checked both windows to make sure they stayed from USB (journaled ext4) . Then copied from computer back to SSD (journaled ext4).

Thanks. I should have followed your method and booted into Linux. As I copied the files from my thumb drive to my Windows desktop using WinSCP, I wondered if I was asking for trouble. But reverting to my thumb drive brings everything back to normal, so I’ll try your method again, but this time I’ll stick to the recipe.

 

[martinr]

SSD was formatted last summer when added via AMTM. Since I only planned to run TimeMachine backups on it, I tried Apple file systems and had many issues. In desperation, I formatted is ext4 with AMTM and not one hiccup in August.

I prefer some moderation, I went from 512 MB on the 16 GB flash drive to a 1 GB swap. I thought about 2 GB, but it just seems excessive. Hopefully I don't have to eat those words in a year.

Permissions were checked carefully. Because my primary computer is Linux, I knew the permissions are copied and retained. I use FileZilla for SFTP transfers, and checked both windows to make sure they stayed from USB (journaled ext4) . Then copied from computer back to SSD (journaled ext4).

Looks like I managed it. It would have been quicker by far to have just installed everything from scratch, but where’s the fun in that? In the meantime I got blown up a couple of times in the minefield of Linux Permissions, but I learned how to recursively CHMOD, and, of course, I got the satisfaction of having got there in the end and having learned a few things en route. So much fun that I’m tempted to change my name from martinr to sudo su.

Thanks for lighting the touch-paper.

 

[Joshuajackson]

Quick question, since there is no custom firmware for DSL-AC51 that i could find is it possible to have scripts such as Skynet installed on stock asus firmware?

 

[L&LD]

@Joshuajackson, do a quick search in the relevant script's threads to find out.

Most need not just ssh and JFFS access (for the scripts and configs), but also Entware installed to. It doesn't look promising.

 

[Joshuajackson]

@Joshuajackson, do a quick search in the relevant script's threads to find out.

Most need not just ssh and JFFS access (for the scripts and configs), but also Entware installed to. It doesn't look promising.

That really sucks because i feel unsecure with stock asus firmware, i got merlin with the scripts on my AC68U and its really great, but i cant find anything with DSL-51

 

[L&LD]

@Joshuajackson, time to upgrade to an @GNUton compatible DSL model then?

 

[Ubimo]

There is a minor update available now. What are the changes?