Reality Check... Can I do this relatively easily?

[CheezWiz]

Ok,

So I have a unique situation I am trying to work around...
I installed an alarm system and needed a phone line but did not want a *real* one. So I bought an ooma box which is pretty cool and works well. However, I did not like the thought of my alarm system calling me being dependent upon my cable modem, so I have setup a pay-as-you go 3G access point as a fallback internet connection with my N66U... That all works great in testing!!!

Now for the hard part, since the failback is pay-as-you-go, I only want my ooma box and the watchdog events that monitor WAN and Failover to have access to the outside world when it is on the 3G connection. Crashplan would eat it up pretty fast...

So I am thinking I could use the same sort of code that was shown in this forum to send an email on status changes, but instead customize the firewall when in failover and un-do it when back on WAN?

If anyone could just give me some hints as to where to look for what I need to do, it would be much appreciated. Like, would I need to learn all about the iptables command to get this going? I have very little experience in bash but I can figure it out.. Just a little lost on where to get started..

I figure someone has surely done something like this already..?..

CW

 

[Martineau]

Ok,

So I have a unique situation I am trying to work around...
I installed an alarm system and needed a phone line but did not want a *real* one. So I bought an ooma box which is pretty cool and works well. However, I did not like the thought of my alarm system calling me being dependent upon my cable modem, so I have setup a pay-as-you go 3G access point as a fallback internet connection with my N66U... That all works great in testing!!!

Now for the hard part, since the failback is pay-as-you-go, I only want my ooma box and the watchdog events that monitor WAN and Failover to have access to the outside world when it is on the 3G connection. Crashplan would eat it up pretty fast...

So I am thinking I could use the same sort of code that was shown in this forum to send an email on status changes, but instead customize the firewall when in failover and un-do it when back on WAN?

If anyone could just give me some hints as to where to look for what I need to do, it would be much appreciated. Like, would I need to learn all about the iptables command to get this going? I have very little experience in bash but I can figure it out.. Just a little lost on where to get started..

I figure someone has surely done something like this already..?..

CW

You will need to modify /jffs/scripts/firewall-start and /jffs/scripts/wan-start.

In a Dual-WAN environment the scripts will fire twice at reboot, so you will need to ensure that the correct event is processed....

e.g. firewall-start

#!/bin/sh

logger -t "($(basename $0))" $$ firewall-start starting.... " $0${*:+ $*}"

# With DUAL-WAN or OpenVPN clients this event gets triggered more than once!!!


# If Semaphore Lock file exists then exit
if [ -e /tmp/firewall-start-locked ]; then
   logger -t "($(basename $0))" $$ firewall-start already LOCKED since `cat /tmp/firewall-start-locked` .....EXIT
   exit
fi


# Create the locking semaphore file
echo `date` > /tmp/firewall-start-locked
logger -t "($(basename $0))" $$ firewall-start LOCKED `cat /tmp/firewall-start-locked`

# This should indicate if ADSL or 3G MODEM is ACTIVE
ADSL_ACTIVE=$(nvram get wan0_primary)

# Prevent transmission Traffic if on 3G Modem!!!
if [ "$ADSL_ACTIVE" = "1" ]; then
   logger -t "($(basename $0))"  $$ Opening Port 51413 for Transmission BitTorrent
   iptables -I INPUT -p tcp --destination-port 51413 -j ACCEPT
   iptables -I INPUT -p udp --destination-port 51413 -j ACCEPT
else
   logger -t "($(basename $0))"  $$ Blocking Port 51413 for Transmission BitTorrent as using 3G Modem
   iptables -D INPUT -p tcp --destination-port 51413 -j DROP
   iptables -D INPUT -p udp --destination-port 51413 -j DROP
fi
# Delete the locking semaphore file
logger -t "($(basename $0))" $$ firewall-start UNLOCKED  `cat /tmp/firewall-start-locked` 

rm /tmp/firewall-start-locked

wan-start is similar, and will use similar logic such as this...

#!/bin/sh

# For ADSL ,PPP0/PPP1 is ADSL/3G interfaces
#     VDSL ,ETH0/PPP0 is VDSL/3G interfaces

#logger -t "($(basename $0))" $$ Martineau DUAL-WAN extended processing starting.... " $0${*:+ $*}"
logger -t "($(basename $0))" $$ Martineau DUAL-WAN extended processing starting.... [$@] 

# With DUAL-WAN, this event gets triggered for both DSL and 3G

MYROUTER=$(nvram get computer_name)

# RT-AC56U WAN starts way earlier than RT-N66U so ALWAYS use RAM rather than create lock file on USB
#          but write other files to USB as we have a 30 sec delay so USB should have been mounted

LOCKFILE="/tmp/$(basename $0)-locked"

# If Semaphore Lock file exists then exit
if [ -e $LOCKFILE ]; then
   logger -t "($(basename $0))" $$ $(basename $0) already LOCKED since `cat $LOCKFILE` .....EXIT
   exit
fi

# Create the locking semaphore file
echo `date` > $LOCKFILE
logger -t "($(basename $0))" $$ $(basename $0) LOCKED `cat $LOCKFILE`


# 25/08/13 v374_32 ....RMerlin adds the WAN interface that triggered this WAN-START?

if [ "$1" = "0" ];then
   logger -t "($(basename $0))" $$ $(basename $0) Interface $1 Primary WAN start detected....
fi

if [ "$1" = "1" ];then
   logger -t "($(basename $0))" $$ $(basename $0) Interface $1 Secondary WAN start detected....
fi

# True REBOOT in progress? see init-start
if [ -e /tmp/BOOTINPROGRESS  ]; then

   BOOTINPROGRESS="YES"

   logger -t "($(basename $0))" $$ $(basename $0) BOOT in progress .....

<snip>

   # ADSL modem PPP0 disappears? for 3G failover so see if it is back UP POINTOPOINT
   #if [ ! "`ifconfig | grep ppp0`" = "" ] && [ "`ifconfig ppp0 | grep 'POINTOPOINT' | awk '{print $1}'`" = "UP" ]; then
   # VDSL modem ETH0 NEVER disappears? for 3G failover but will show I/P ADDR if UP and available?
   if [ ! "`ifconfig | grep eth0`" = "" ] && [ "`ifconfig eth0 | grep 'inet addr:' | awk '{print $1}'`" = "inet" ]; then 

      logger -t "($(basename $0))" $$ This is the VDSL Fibre recovery starting event.......
      SYSLOG=/tmp/mnt/$MYROUTER/Syslog/Dual-wan    # destination of the syslog on USB disk
      NOW=$(date +"%Y%m%d-%H%M%S")    # current date and time
      echo `date`   > $SYSLOG-$NOW-VDSL-Restored

      MY_WANIPADDR=$(nvram get wan0_ipaddr)
      logger -t "($(basename $0))" $$ Scheduled 03:00 Reboot CANCELLED.....
      /usr/sbin/cru d Reboot_0300 

      logger -t "($(basename $0))" $$ 3G Modem connection ifconfig ppp0 DOWN requested......
      `ifconfig ppp0 down >> /tmp/mnt/$MYROUTER/ifconfig.log` 
 
      # ..just in case the VDSL Fibre WAN doesn't actually connect? i.e. we have shot our ACTIVE 3G connection in the foot?

      sleep 60

      logger -t "($(basename $0))" $$ 3G Modem connection ifconfig ppp0 UP requested...... 
      `ifconfig ppp0 up >> /tmp/mnt/$MYROUTER/ifconfig.log` 

   else

      logger -t "($(basename $0))" $$ This is the 3G Failover starting event.....
      SYSLOG=/tmp/mnt/$MYROUTER/Syslog/Dual-wan    # destination of the syslog on USB disk
      NOW=$(date +"%Y%m%d-%H%M%S")    # current date and time
      echo `date`   > $SYSLOG-$NOW-3G-Active

      MY_WANIPADDR=$(nvram get wan1_ipaddr)

      logger -t "($(basename $0))" $$ Scheduled 03:00 Reboot to restore VDSL connection.....
      /usr/sbin/cru a Reboot_0300 "0 3 * * * reboot"

   fi

Regards,