[Fork] Asuswrt-Merlin 374.43 LTS releases (Archive)

[Builder71]

Hmmm....spaces shouldn't cause a problem. I have them on my primary system.

On the no description, I'll take a look at that. I may be using the local port as the key to look up the name. I maybe should use the port range.

Uhhh, I added the space again and it keeps working.
Description text is now exactly as is was.

I think there was nothing wrong with the name.
Must be some weird glitch that got fixed by removing the port forward rule and add it back again...

 

[SuperFly74]

This app dont work with my N66U with Fork FW[emoji19].... any alternativ ?

ASUS Router - Manage, Secure, Boost WiFi network af ASUS
https://itunes.apple.com/dk/app/asus-router-manage-secure-boost-wifi-network/id1033794044?l=da&mt=8


What 2 manage all my devises on wifi from iPhone


Sent from my iPhone using Tapatalk

 

[RMerlin]

This app dont work with my N66U with Fork FW

.... any alternativ ?

Yes, use a web browser and go through the regular webui.

App support requires a LOT of code in the httpd daemon - I doubt John feels like trying to track down all of it and backport it, especially as there's a portion that's closed source now.

 

[john9527]

Yes, use a web browser and go through the regular webui.

Or switch to ASUS OEM or Merlin firmware. As Merlin said, I have no plans to backport the app support.

 

[SuperFly74]

Or switch to ASUS OEM or Merlin firmware. As Merlin said, I have no plans to backport the app support.

Can u Go from latest Fork to Merlin SW without problems ?


Sent from my iPhone using Tapatalk

 

[zonnebril]

@john9527, can you confirm where the PTCSRV firewall rule is for? It is implemented since one of your latest firmware versions and also in the latest V26E4:

PTCSRV tcp -- * * 0.0.0.0/0 0.0.0.0/0 multiport dports 22

The packetcounter is increasing on this rule (iptables -L -nv), so the rule is getting "hit", but what does it do?

 

[ColinTaylor]

can you confirm where the PTCSRV firewall rule is for?

It appears to be part of Asus' new closed-source protect_srv service.

 

[jrmwvu04]

Can u Go from latest Fork to Merlin SW without problems ?

Fork to Merlin or stock, yes. Merlin or stock to fork...

• For supported routers currently running ASUS firmware 380.3000 or above, or Merlin 380.60 or above, you cannot load this fork using the built in firmware update web interface. You must use the ASUS Firmware Restoration Tool from the ASUS support website to install this fork firmware.

 

[john9527]

can you confirm where the PTCSRV firewall rule is for?

It appears to be part of Asus' new closed-source protect_srv service.

Colin right again (as usual). It's monitoring the ssh (and telnet) ports if enabled, and will dynamically generate a block rule for an ip address that is repetitively trying to access it.

I shortened the chain name from that used in Merlin builds because it was screwing up the columns in the iptables output.

 

[john9527]

Uhhh, I added the space again and it keeps working.
Description text is now exactly as is was.

I think there was nothing wrong with the name.
Must be some weird glitch that got fixed by removing the port forward rule and add it back again...

Have you ever had an 'nvram low' situation? It seems as if port forwards as one of the first things that can be affected (maybe corrupted) if that occurs.

On the no description problem.....just wrote a fix for the next release. Thanks for the report!

 

[p71]

Hi,

I configured the AC66 router to renew every connected devices' IP address in every 15 minutes. I enabled the JFFS partition and configured to save the syslog to that area. My problem is that the router saves only 2.5 days long log, the older entries are automatically overwritten. How can I increase the log / history size?

Thanks!

 

[zonnebril]

Colin right again (as usual). It's monitoring the ssh (and telnet) ports if enabled, and will dynamically generate a block rule for an ip address that is repetitively trying to access it.

I do not open ports to the outside to access LAN. That's why VPN is invented imho. Because the rule is getting hit, is seems to do some inspection of the traffic or? Can I safely remove this rule upon startup, or am I screwing the service (or something else) up when doing so...

 

[Builder71]

Have you ever had an 'nvram low' situation? It seems as if port forwards as one of the first things that can be affected (maybe corrupted) if that occurs.

On the no description problem.....just wrote a fix for the next release. Thanks for the report!

No, no 'nvram low' messages.
I do have my OpenVPN certs/keys in nvram, not on jffs.
But this I have for a long time without problems.
NVRAM usage is always stable at 82% used.

NVRAM usage    53948 / 65536 bytes   (82% utilized)

Usually I power off and on the router before a flash.
To free up RAM.
This time I did not do that and flashed directly after 30days uptime.
Maybe that created this glitch.

Anyway, it's working fine now.
And thanks for the description fix!

 

[ColinTaylor]

Can I safely remove this rule upon startup, or am I screwing the service (or something else) up when doing so...

Personally I wouldn't risk it. It looks like that chain is fairly baked-in to the firmware, and who knows what dependencies there are in the closed source parts. John undoubtedly knows more about this. But I think a better approach would be to kill the protect_srv process (although it might get restated automatically).

 

[john9527]

I do not open ports to the outside to access LAN. That's why VPN is invented imho. Because the rule is getting hit, is seems to do some inspection of the traffic or? Can I safely remove this rule upon startup, or am I screwing the service (or something else) up when doing so...

Metaphor time.....even though you have the door locked (no WAN access), people are continually coming by and knocking on the door. This provides an extra bit of protection if someone (or a bunch of people) continuously knock on the door. As @ColinTaylor said, it's pretty embedded in the code (every time the firewall starts and a separate process to support it). There's no real impact of having it enabled, so I'd recommend just leaving it.

The only time it might be worthwhile to disable it, is if you are running another blocking script like Skynet. So, I'll take a look at providing a disable option....it shouldn't be too hard.

 

[Builder71]

...

The only time it might be worthwhile to disable it, is if you are running another blocking script like Skynet. So, I'll take a look at providing a disable option....it shouldn't be too hard.

Can you explain why this could be needed?
I'm using the ya-malware-block script, which I believe is similar to Skynet.

 

[SuperFly74]

Just tried to Go from Fork 26E4 to Merlin 380.68 and upgrade went through on screen but my router stil says Fork 26E4?[emoji15]

Sent from my iPhone using Tapatalk

 

[john9527]

Can you explain why this could be needed?
I'm using the ya-malware-block script, which I believe is similar to Skynet.

There is nothing specific that I know of. It's just that they can be detecting the same events and trying to implement a block with two different methods. Unnecessary complication.

 

[john9527]

Just tried to Go from Fork 26E4 to Merlin 380.68 and upgrade went through on screen but my router stil says Fork 26E4?[emoji15]

Try powering down the router, unplug any USB devices, power up and retry the firmware upgrade first thing after the boot completes.

 

[Builder71]

There is nothing specific that I know of. It's just that they can be detecting the same events and trying to implement a block with two different methods. Unnecessary complication.

Ahhh, I see.

In that case I would also prefer to switch off this closed source Asus thing.
I really like the well maintained open source scripts found here on SNB.