Skynet Skynet blocking question

  • ATTENTION! You'll notice a Prefix dropdown when you create a thread. If your post applies to one of the topics listed, please use that Prefix for your post. When browsing the thread list you can use the Prefix to filter the view.
  • ATTENTION! As of November 1, 2020, you are not able to reply to threads 6 months after the thread is opened if there are more than 500 posts in the thread.
    Threads will not be locked, so posts may still be edited by their authors.
    Just start a new thread on the topic to post if you get an error message when trying to reply to a thread.

mongodb

Occasional Visitor
DISREGARD THIS THREAD; IT WAS MY FAULT:

OK, so I realised what it was. I completely forgot I had setup a convoluted NAT (to test something out a few weeks ago) on the internal router that NAT'd the destination host to a test DoH client in the DMZ. My bad! Tested from another non-172.16.150.0/24 host and expected result looks good:

Apr 7 15:55:12 kernel: [BLOCKED - OUTBOUND] IN=br0 OUT= SRC=192.168.150.178 DST=213.181.166.26 LEN=60 TOS=0)

Thanks for looking if you did :)

--

Hi,

I'm currently running Skynet v7.2.4 (19/03/2021) and have a question regarding it blocking connections. The router's LAN IP is 172.16.150.254 and there are multiple other networks (behind an internal router) that don't appear to have traffic blocked when a new IP block is applied via Skynet. I can confirm that one other host on the 172.16.150.0/24 network is blocked on Skynet but all other non-172.16.150.0/24 nets are allowed thru.

Router Model; RT-AC88U
Skynet Version; v7.2.4 (19/03/2021) (0380669c11572e222d1fd2f7531d7bfa)
iptables v1.4.15 - (eth0 @ 172.16.150.254)
ipset v6.32, protocol version: 6
IP Address; (aaa.bbb.c.d)

Any ideas on how to address this please?

Thanks

--

Edit: thought I'll paste what I typed a little further down for ease of first-time readers:

Hopefully this explains it a bit better:

When attempting connection to a blocked network/IP from the same network as the router's internal interface network (172.16.150.0/24)

Host on same net:
[email protected]:~$ telnet 213.181.166.26 53
Trying 213.181.166.26...
^C

Skynet logs:
Apr 6 20:31:47 kernel: [BLOCKED - OUTBOUND] IN=br0 OUT= SRC=172.16.150.234 DST=213.181.166.26 LEN=60 TOS=0)

Works as expected.

Host on a diff internal net:
[email protected]:~$ telnet 213.181.166.26 53
Trying 213.181.166.26...
Connected to 213.181.166.26.
Escape character is '^]'.
^]
telnet> quit
Connection closed.

Does not work as expected.

See what I mean?
 
Last edited:

Wallace_n_Gromit

Senior Member
Hi,

I'm currently running Skynet v7.2.4 (19/03/2021) and have a question regarding it blocking connections. The router's LAN IP is 172.16.150.254 and there are multiple other networks (behind an internal router) that don't appear to have traffic blocked when a new IP block is applied via Skynet. I can confirm that one other host on the 172.16.150.0/24 network is blocked on Skynet but all other non-172.16.150.0/24 nets are allowed thru.

Router Model; RT-AC88U
Skynet Version; v7.2.4 (19/03/2021) (0380669c11572e222d1fd2f7531d7bfa)
iptables v1.4.15 - (eth0 @ 172.16.150.254)
ipset v6.32, protocol version: 6
IP Address; (aaa.bbb.c.d)

Any ideas on how to address this please?

Thanks
I'm not sure if this is your problem. When SSH'ed On my RTAC86U running Skynet v7.2.4 and Merlin 386.2_beta3, I have a number of "Banned Countries; Multiple Countries" and shows this:
SWAP File; /tmp/mnt/AsusRTAC86U/myswap.swp (2.0G)
Banned Countries; Multiple Countries

45962 IPs (+0) -- 62305 Ranges Banned (+0) || 7863 Inbound -- 135 Outbound Connections Blocked!

Select Menu Option:
[1] --> Unban
[2] --> Ban
On my RTAC68U running Skynet v7.2.4 and Merlin 386.2, I have a number of "Banned Countries; Multiple Countries" (it's the same list as my 86U) and shows this:
SWAP File; /tmp/mnt/RTAC68U_55/myswap.swp (2.0G)
Banned Countries; Multiple Countries

0 IPs (+0) -- 0 Ranges Banned (+0) || 0 Inbound -- 0 Outbound Connections Blocked!

Select Menu Option:
[1] --> Unban
[2] --> Ban
It appears that with the same two banned country list(s) my 68U fails to show it is banning anything.

What interests me about your RTAC88U, it is a similar class of Broadcom chip as is on the RTAC68U.
 

mongodb

Occasional Visitor
Hi,

Thanks for the reply. I see this in my stats:

45622 IPs (+0) -- 2111 Ranges Banned (+0) || 260 Inbound -- 96 Outbound Connections Blocked!

I know outbound blocks work if traffic originates from the same network address as the router's (LAN) eth0 intf but other internal networks are allowed in my case.

Cheers
 

mongodb

Occasional Visitor
Hopefully this explains it a bit better:

When attempting connection from the same network as the router's internal interface network (172.16.150.0/24)

Host on same net:
[email protected]:~$ telnet 213.181.166.26 53
Trying 213.181.166.26...
^C

Skynet logs:
Apr 6 20:31:47 kernel: [BLOCKED - OUTBOUND] IN=br0 OUT= SRC=172.16.150.234 DST=213.181.166.26 LEN=60 TOS=0)

Works as expected.

Host on a diff internal net:
[email protected]:~$ telnet 213.181.166.26 53
Trying 213.181.166.26...
Connected to 213.181.166.26.
Escape character is '^]'.
^]
telnet> quit
Connection closed.

Does not work as expected.

See what I mean?

Regards
 

Wallace_n_Gromit

Senior Member
Hi,

Thanks for the reply. I see this in my stats:

45622 IPs (+0) -- 2111 Ranges Banned (+0) || 260 Inbound -- 96 Outbound Connections Blocked!

I know outbound blocks work if traffic originates from the same network address as the router's (LAN) eth0 intf but other internal networks are allowed in my case.

Cheers
I was hoping that my issue was similar to your issue. Then I could follow the suggestions of some of the very knowledgeable people on this forum as they provide some troubleshooting help to you. I see now that my issue(s) are likely unrelated to yours.

Good luck to you. (you've come to the right place for help)
 

mongodb

Occasional Visitor
OK, so I realised what it was. I completely forgot I had setup a convoluted NAT on the internal router that NAT'd the destination host to a test DoH client in the DMZ. My bad! Tested from another non-172.16.150.0/24 host and expected result looks good:

Apr 7 15:55:12 kernel: [BLOCKED - OUTBOUND] IN=br0 OUT= SRC=192.168.150.178 DST=213.181.166.26 LEN=60 TOS=0)

Thanks for looking if you did :)
 

mongodb

Occasional Visitor
I was hoping that my issue was similar to your issue. Then I could follow the suggestions of some of the very knowledgeable people on this forum as they provide some troubleshooting help to you. I see now that my issue(s) are likely unrelated to yours.

Good luck to you. (you've come to the right place for help)
Hi there, not sure if this helps you or not but I've managed to fix the issue. Please see the OP or the message above this one.
 

Wallace_n_Gromit

Senior Member
Hi there, not sure if this helps you or not but I've managed to fix the issue. Please see the OP or the message above this one.
Thanks. Don't really understand why my (2nd backup) RTAC68U running the current version of Merlin/Skynet has failed to load a list of blocked country IP ranges. Since it is a backup to a backup Asus device, haven't really invested much time into troubleshooting it. My (1st backup) RTAC68U still running Merlin 386.1_2 is working fine showing the list of banned country IP's.

Glad you were able to troubleshoot your own networking issue.
 
Last edited:

Latest threads

Sign Up For SNBForums Daily Digest

Get an update of what's new every day delivered to your mailbox. Sign up here!
Top