Menu
What's new
By:
Filters
Better Search

Help with ipset (AC68U 380.62_1)

  • SNBForums Code of Conduct

    SNBForums is a community for everyone, no matter what their level of experience.

    Please be tolerant and patient of others, especially newcomers. We are all here to share and learn!

    The rules are simple: Be patient, be nice, be helpful or be gone!

K

kingskib

Occasional Visitor
Hello,

I am trying to run the selective routing for Netflix script and am encountering the following ipset errors.

+ ipset -A NETFLIX 108.175.32.0/20
ipset v4.5: Unknown set
+ ipset -A AMAZONAWS 52.221.221.128/29
ipset v4.5: Unknown set
+ ipset -A AMAZONAWS 177.71.207.16/29
ipset v4.5: Unknown set

The chart on https://github.com/RMerl/asuswrt-merlin/wiki/Using-ipset says my router uses version 6, but the router itself reports v4.5
Firmware : 380.62_1
ipset v4.5, protocol version 4.
Kernel module protocol version 4.​

Any suggestions on how I can resolve this ipset issue?
 
kingskib said:
Hello,

I am trying to run the selective routing for Netflix script and am encountering the following ipset errors.

+ ipset -A NETFLIX 108.175.32.0/20
ipset v4.5: Unknown set
+ ipset -A AMAZONAWS 52.221.221.128/29
ipset v4.5: Unknown set
+ ipset -A AMAZONAWS 177.71.207.16/29
ipset v4.5: Unknown set

The chart on https://github.com/RMerl/asuswrt-merlin/wiki/Using-ipset says my router uses version 6, but the router itself reports v4.5
Firmware : 380.62_1
ipset v4.5, protocol version 4.
Kernel module protocol version 4.​

Any suggestions on how I can resolve this ipset issue?
Click to expand...

Update your firmware, that should upgrade your IPSet version to v6 (plus massive amount of security/performance fixes)
 
kingskib said:
I am trying to run the selective routing for Netflix script and am encountering the following ipset errors.
+ ipset -A NETFLIX 108.175.32.0/20
ipset v4.5: Unknown set
The chart on https://github.com/RMerl/asuswrt-merlin/wiki/Using-ipset says my router uses version 6, but the router itself reports v4.5

Any suggestions on how I can resolve this ipset issue?
Click to expand...

IPSET v6.xx is only included with firmware v380.63> for ARM routers.
Hopefully you are using the most recent version of @Xentrk's v3.2 script?

Unfortunately the script is hard-coded for IPSET v6.xx commands (although the IPSET v4.5 syntax is described in the comments header) but previous scripts included code to load the appropriate IPSET modules (depending on the version of IPSET installed) and used variable names rather than explicit commands.

e.g. v6.xx
Code: 
ipset create NETFLIX hash:net family inet hashsize 1024 maxelem 65536
vs. v4.5
Code: 
ipset -N NETFLIX nethash
So if using the load module code
Code: 
# 380.63+ for ARM routers, IPSET v6  is available...Load appropriate IPSET modules
case $(ipset -v | grep -o "v[4,6]") in
  v6) MATCH_SET='--match-set'; LIST='list'; CREATE='create'; SAVE='save'; RESTORE='restore'; FLUSH='flush'; DESTROY='destroy'; ADD='add'; SWAP='swap'; TEST='test'; DELETE="del"
      IPHASH='hash:ip'; NETHASH='hash:net'; PORTBITMAP="bitmap:port range 1-65535"; IPPORT=; SETNOTFOUND='name does not exist'; TIMEOUT='timeout'
      lsmod | grep -q "xt_set" || for module in ip_set ip_set_hash_net ip_set_hash_ip xt_set
      do modprobe $module; done;;
  v4) MATCH_SET='--set'; LIST='--list'; CREATE='--create'; SAVE='--save'; RESTORE='--restore'; FLUSH='--flush'; DESTROY='--destroy'; ADD='--add'; SWAP='--swap'; TEST='--test'; DELETE="--del"
      IPHASH='iphash'; NETHASH='nethash'; PORTBITMAP="portmap --from 1 --to 65535"; IPPORT="ipporthash"; SETNOTFOUND='Unknown set'; TIMEOUT=; RETAIN_SECS=
      lsmod | grep -q "ipt_set" || for module in ip_set ip_set_nethash ip_set_iphash ipt_set
      do modprobe $module; done;;
  *) logger -st "($(basename $0))" $$ "**ERROR** Unknown ipset version: $(ipset -v). Exiting." && (echo -e "\a";exit 99);;
esac
then the following line would then be compatible with both IPSET v4.5 and v6.32
e.g.
Code: 
ipset $CREATE NETFLIX $NETHASH

Whilst a firmware upgrade is highly recommended for the security patches alone (if not bug fixes/features), you can of course simply issue the following to create the NETFLIX IPSET
Code: 
ipset -N NETFLIX nethash
to allow the adding of the IP addresses to the NETFLIX v4.5 IPSET.
Code: 
ipset -A NETFLIX 108.175.32.0/20
etc.
 
Thank you both for your reply. I updated my firmware to 384.4 and reentered the script. It is now without the ipset errors.

Cheers,
 
You must log in or register to reply here.

Similar threads

P
IPSET rule keeps disappearing on AC68U
Replies
4
Views
801
peraburek
P
mkaand
Tutorial [TUTORIAL] Domain (Policy) based routing with ipset and dnsmaq
Replies
4
Views
4K
mkaand
mkaand
Xentrk
x3mRouting x3mRouting ~ Selective Routing for Asuswrt-Merlin Firmware
56 57 58
Replies
1K
Views
189K
mr8
M
J
New syntax for iptables/ipset in AC68U - v380.66_4 ?
Replies
6
Views
3K
ColinTaylor
C
B
Selective routing not working for RT-AC68U
Replies
9
Views
3K
Xentrk
Xentrk
Similar threads
Thread starter Title Forum Replies Date
R Need help setting up DLNA server Asuswrt-Merlin 8
C Help about dual Gateway Asuswrt-Merlin 1
C Solved Need help with nat-start scripts Asuswrt-Merlin 3
G Need help with VPN Asuswrt-Merlin 2
P Help with traffic filtering Asuswrt-Merlin 0
C Need some help with a DHCP problem Asuswrt-Merlin 9
S Help Required AC68U (TM-AC1900) troubleshooting after power outage Asuswrt-Merlin 3
C Need help with GT-AXE11000 and DNS Director Asuswrt-Merlin 0
Spydawg need help with network loop. Asuswrt-Merlin 9
J Help - duckdns has started returning an IPv6 IP address Asuswrt-Merlin 1

Similar threads

Latest threads

Sign Up For SNBForums Daily Digest

Get an update of what's new every day delivered to your mailbox. Sign up here!

Members online

Total: 562 (members: 19, guests: 543)
Top