Skynet Skynet errors

[pedeb04]

I've noticed some safe websites are not loading, but if I restart Skynet the website loads ok. This is happening regularly.
I have noticed when Skynet restarts I get the following message.
[*] Lock File Detected (start skynetloc=/tmp/mnt/Merlin/skynet) (pid=15263)
[*] Locked Processes Generally Take 1-2 Minutes To Complete And May Result In Temporarilys

IPTables Rules | [Failed]

Not sure why I get this message and why I have to restart Skynet to load some safe websites.

I am using the latest Skynet version on RT-AX86U_Pro.

 

[TonyK132]

What Skynet version are you using?

 

[pedeb04]

Skynet Version; v7.5.8 (07/02/2024)

 

[Viktor Jaep]

I've noticed some safe websites are not loading, but if I restart Skynet the website loads ok. This is happening regularly.
I have noticed when Skynet restarts I get the following message.
[*] Lock File Detected (start skynetloc=/tmp/mnt/Merlin/skynet) (pid=15263)
[*] Locked Processes Generally Take 1-2 Minutes To Complete And May Result In Temporarilys

IPTables Rules | [Failed]

Not sure why I get this message and why I have to restart Skynet to load some safe websites.

I am using the latest Skynet version on RT-AX86U_Pro.

Perhaps give the ol' uninstall skynet -> reboot router -> reinstall skynet option a try?

It's actually completely normal for skynet to display that lock file message... it does that anytime you restart or upgrade skynet. It resolves itself in 1-2 minutes... just keep hanging on the "r" key to reload the menu... and you'll see that's the case.

Are you using any particular blocklists, or just the defaults? Are you using diversion?

 

[pedeb04]

Ah yes, reloading the menu got rid of the errors thanks.
I am just using the default settings, not using diversion.
The two websites that were not loading were hosefactory.com.au and zorroaustralia.com.au
I have whitelisted them both and all ok now.

 

[Viktor Jaep]

I have whitelisted them both and all ok now.

Whitelisting is sometimes a necessary step... while looking at your syslog, and you're seeing a lot of [BLOCKED - OUTBOUND] messages, do a quick reverse lookup on that IP, and you'll probably find that it's the site you are having trouble loading... next logical step is whitelisting that IP. Good job solving your issue!

 

[pedeb04]

I located syslog.log under tmp directory, but could not see Blocked -Outbound messages.
The message in Skynet
39356 IPs (+0) -- 2791 Ranges Banned (+0) || 3 Inbound -- 69 Outbound Connections Blocked!
Where do I see these 69 Outbound Connections Blocked!

 

[elorimer]

Skynet trims the log hourly, deleting all those messages and rolling them up into that line. You need to look at the last hour, or on the gui under firewall|skynet.

 

[Viktor Jaep]

I located syslog.log under tmp directory, but could not see Blocked -Outbound messages.
The message in Skynet
39356 IPs (+0) -- 2791 Ranges Banned (+0) || 3 Inbound -- 69 Outbound Connections Blocked!
Where do I see these 69 Outbound Connections Blocked!

The easiest way is right from the Asus web UI, from the menu on the left, one of the last items near the bottom, "system log"

 

[jksmurf]

Sorry to jump in on this post but I have what I thought was a similar issue (may not be?) with what I know to be a safe site, that worked for days but just stopped working. If I check the site using my Phone (on LTE not on Wifi) it is fine, so it is definitely through the router.

The site is https://reachback.builtintelligence.com/

If I add (whitelist) the site and variants and what I think is the IP, none work. See attachments.
If I disable both Diversion and SkyNet it still doesn't work (hence the "what I thought" comment).

I use Cloudflare, both 1.1.1.1, 1.0.0.1 and the IPv6 versions, i.e.

2606:4700:4700:0000:0000:0000:0000:1111
2606:4700:4700:0000:0000:0000:0000:1001

I mention this as oddly I am seeing these Cloudflare address entries in the logs, seemingly associated with the failed site:

Jun 12 11:14:36 dnsmasq[25306]: reply dub1.discourse-cdn.com is 2600:9000:2200:7e00:f:f8cd:8240:93a1
Jun 12 11:14:42 dnsmasq[25306]: query[A] reachback.builtintelligence.com from 192.168.9.10
Jun 12 11:14:42 dnsmasq[25306]: forwarded reachback.builtintelligence.com to 1.1.1.1
Jun 12 11:14:42 dnsmasq[25306]: query[AAAA] reachback.builtintelligence.com from 192.168.9.10
Jun 12 11:14:42 dnsmasq[25306]: forwarded reachback.builtintelligence.com to 1.1.1.1
Jun 12 11:14:42 dnsmasq[25306]: forwarded reachback.builtintelligence.com to 1.1.1.1
Jun 12 11:14:42 dnsmasq[25306]: forwarded reachback.builtintelligence.com to 1.0.0.1
Jun 12 11:14:42 dnsmasq[25306]: forwarded reachback.builtintelligence.com to 2606:4700:4700::1111
Jun 12 11:14:42 dnsmasq[25306]: forwarded reachback.builtintelligence.com to 2606:4700:4700::1001
Jun 12 11:14:42 dnsmasq[25306]: reply error is SERVFAIL
Jun 12 11:14:42 dnsmasq[25306]: query[AAAA] reachback.builtintelligence.com from 2404:xxxx:xxxx:xxxx:xxxx:
Jun 12 11:14:42 dnsmasq[25306]: forwarded reachback.builtintelligence.com to 1.1.1.1
Jun 12 11:14:42 dnsmasq[25306]: forwarded reachback.builtintelligence.com to 1.1.1.1
Jun 12 11:14:42 dnsmasq[25306]: forwarded reachback.builtintelligence.com to 1.0.0.1
Jun 12 11:14:42 dnsmasq[25306]: forwarded reachback.builtintelligence.com to 2606:4700:4700::1111
Jun 12 11:14:42 dnsmasq[25306]: forwarded reachback.builtintelligence.com to 2606:4700:4700::1001
Jun 12 11:14:42 dnsmasq[25306]: reply error is SERVFAIL
Jun 12 11:14:42 dnsmasq[25306]: query[A] reachback.builtintelligence.com from 2404:xxxx:xxxx:xxxx:xxxx:
Jun 12 11:14:43 dnsmasq[25306]: query[A] reachback.builtintelligence.com from 192.168.9.10
Jun 12 11:14:43 dnsmasq[25306]: forwarded reachback.builtintelligence.com to 1.1.1.1
Jun 12 11:14:43 dnsmasq[25306]: forwarded reachback.builtintelligence.com to 1.0.0.1
Jun 12 11:14:43 dnsmasq[25306]: forwarded reachback.builtintelligence.com to 2606:4700:4700::1111
Jun 12 11:14:43 dnsmasq[25306]: forwarded reachback.builtintelligence.com to 2606:4700:4700::1001
Jun 12 11:14:43 dnsmasq[25306]: reply error is SERVFAIL

Whenever I check the site with SkyNet and Diversion running I get this [BLOCKED - INBOUND] message repeated in the logs:

Jun 12 11:44:12 rc_service: service 10136:notify_rc restart_dnsmasq
Jun 12 11:44:12 custom_script: Running /jffs/scripts/service-event (args: restart dnsmasq)
Jun 12 11:44:12 custom_config: Appending content of /jffs/configs/dnsmasq.conf.add.
Jun 12 11:44:12 custom_script: Running /jffs/scripts/dnsmasq.postconf (args: /etc/dnsmasq.conf)
Jun 12 11:44:12 Diversion: restarted Dnsmasq to apply settings
Jun 12 11:44:38 Skynet: [i] Mounting Skynet Web Page As user2.asp
Jun 12 11:44:47 kernel: [BLOCKED - INBOUND] IN=eth0 OUT= MAC=xx:xx:xx:xx:xx:xx:00:00:5e:00:01:02:08:00 SRC=64.62.197.45 DST=219.77.172.76 LEN=40 TOS=0x00 PREC=0x00 TTL=244 ID=54321 PROTO=TCP SPT=54477 DPT=30005 SEQ=3984160058 ACK=0 WINDOW=65535 RES=0x00 SYN URGP=0 MARK=0x8000000
Jun 12 11:44:57 kernel: [BLOCKED - INBOUND] IN=eth0 OUT= MAC=xx:xx:xx:xx:xx:xx:00:00:5e:00:01:02:08:00 SRC=87.121.69.27 DST=219.77.172.76 LEN=40 TOS=0x00 PREC=0x00 TTL=240 ID=54321 PROTO=TCP SPT=36129 DPT=8080 SEQ=3907714210 ACK=0 WINDOW=65535 RES=0x00 SYN URGP=0 MARK=0x8000000
Jun 12 11:45:00 kernel: [BLOCKED - INBOUND] IN=eth0 OUT= MAC=xx:xx:xx:xx:xx:xx:00:00:5e:00:01:02:08:00 SRC=91.92.251.235 DST=219.77.172.76 LEN=44 TOS=0x00 PREC=0x00 TTL=245 ID=15209 PROTO=TCP SPT=43839 DPT=3306 SEQ=3608124367 ACK=0 WINDOW=1025 RES=0x00 SYN URGP=0 OPT (020405B4) MARK=0x8000000
Jun 12 11:45:24 kernel: [BLOCKED - INBOUND] IN=eth0 OUT= MAC=xx:xx:xx:xx:xx:xx:00:00:5e:00:01:02:08:00 SRC=80.66.83.47 DST=219.77.172.76 LEN=44 TOS=0x00 PREC=0x00 TTL=245 ID=41704 PROTO=TCP SPT=43048 DPT=2083 SEQ=805373575 ACK=0 WINDOW=1025 RES=0x00 SYN URGP=0 OPT (020405B4) MARK=0x8000000
Jun 12 11:45:29 kernel: [BLOCKED - INBOUND] IN=eth0 OUT= MAC=xx:xx:xx:xx:xx:xx:00:00:5e:00:01:02:08:00 SRC=89.248.163.201 DST=219.77.172.76 LEN=44 TOS=0x00 PREC=0x00 TTL=245 ID=6797 PROTO=TCP SPT=46594 DPT=557 SEQ=35370220 ACK=0 WINDOW=1025 RES=0x00 SYN URGP=0 OPT (020405B4) MARK=0x8000000
Jun 12 11:45:35 kernel: [BLOCKED - INBOUND] IN=eth0 OUT= MAC=xx:xx:xx:xx:xx:xx:00:00:5e:00:01:02:08:00 SRC=162.142.125.136 DST=219.77.172.76 LEN=60 TOS=0x00 PREC=0x00 TTL=54 ID=9576 PROTO=TCP SPT=36310 DPT=47478 SEQ=843732368 ACK=0 WINDOW=42340 RES=0x00 SYN URGP=0 OPT (020405B40402080A66635B8F000000000103030A) MARK=0x8000000
Jun 12 11:45:36 kernel: [BLOCKED - INBOUND] IN=eth0 OUT= MAC=xx:xx:xx:xx:xx:xx:00:00:5e:00:01:02:08:00 SRC=89.248.163.201 DST=219.77.172.76 LEN=44 TOS=0x00 PREC=0x00 TTL=245 ID=54885 PROTO=TCP SPT=46610 DPT=14649 SEQ=3640148752 ACK=0 WINDOW=1025 RES=0x00 SYN URGP=0 OPT (020405B4) MARK=0x8000000
Jun 12 11:45:37 kernel: [BLOCKED - INBOUND] IN=eth0 OUT= MAC=xx:xx:xx:xx:xx:xx:00:00:5e:00:01:02:08:00 SRC=199.45.154.185 DST=219.77.172.76 LEN=60 TOS=0x00 PREC=0x00 TTL=58 ID=28169 PROTO=TCP SPT=60500 DPT=5671 SEQ=1717815665 ACK=0 WINDOW=42340 RES=0x00 SYN URGP=0 OPT (020405B40402080A66635B00000000000103030A) MARK=0x8000000

I'm really not sure what I am looking at here, but just odd it started days after installing Skynet (which was working fine until today).

Rebooting the Router did not help.

 

[jksmurf]

Sorry to jump in on this post but I have what I thought was a similar issue (may not be?) with what I know to be a safe site, that worked for days but just stopped working. If I check the site using my Phone (on LTE not on Wifi) it is fine, so it is definitely through the router.

The site is https://reachback.builtintelligence.com/

SNIP

I'm really not sure what I am looking at here, but just odd it started days after installing Skynet (which was working fine until today).

Rebooting the Router did not help.

Seems to have fixed itself. No idea how.