Skynet Skynet keeps failing to start

[jorgsmash]

Run the debug command to gather more info:

firewall debug info extended

It came back on, but it did this the other day when I updated it. It was showing disabled with status failed, skynet missing in the GUI, I updated it, and it came back online. It was broken again this morning. So I'm not convinced that just because it's on now, means it won't break again. I did however just enable inbound firewall rules in the GUI from @SomeWhereOverTheRainBow suggestion. I don't know if that was the issue but I don't have any inbound firewall rules configured in the GUI.

#############################################################################################################
#                                                                                                           #
#                  ███████╗██╗  ██╗██╗   ██╗███╗   ██╗███████╗████████╗    ██╗   ██╗███████╗                #
#                  ██╔════╝██║ ██╔╝╚██╗ ██╔╝████╗  ██║██╔════╝╚══██╔══╝    ██║   ██║╚════██║                #
#                  ███████╗█████╔╝  ╚████╔╝ ██╔██╗ ██║█████╗     ██║       ██║   ██║    ██╔╝                #
#                  ╚════██║██╔═██╗   ╚██╔╝  ██║╚██╗██║██╔══╝     ██║       ╚██╗ ██╔╝   ██╔╝                 #
#                  ███████║██║  ██╗   ██║   ██║ ╚████║███████╗   ██║        ╚████╔╝    ██║                  #
#                  ╚══════╝╚═╝  ╚═╝   ╚═╝   ╚═╝  ╚═══╝╚══════╝   ╚═╝         ╚═══╝     ╚═╝                  #
#                                                                                                           #
#                                 Router Firewall And Security Enhancements                                 #
#                             By Adamm -  https://github.com/Adamm00/IPSet_ASUS                             #
#                                            09/03/2023 - v7.3.6                                            #
#############################################################################################################
#############################################################################################################
#                                                                                                           #
#                  ███████╗██╗  ██╗██╗   ██╗███╗   ██╗███████╗████████╗    ██╗   ██╗███████╗                #
#                  ██╔════╝██║ ██╔╝╚██╗ ██╔╝████╗  ██║██╔════╝╚══██╔══╝    ██║   ██║╚════██║                #
#                  ███████╗█████╔╝  ╚████╔╝ ██╔██╗ ██║█████╗     ██║       ██║   ██║    ██╔╝                #
#                  ╚════██║██╔═██╗   ╚██╔╝  ██║╚██╗██║██╔══╝     ██║       ╚██╗ ██╔╝   ██╔╝                 #
#                  ███████║██║  ██╗   ██║   ██║ ╚████║███████╗   ██║        ╚████╔╝    ██║                  #
#                  ╚══════╝╚═╝  ╚═╝   ╚═╝   ╚═╝  ╚═══╝╚══════╝   ╚═╝         ╚═══╝     ╚═╝                  #
#                                                                                                           #
#                                 Router Firewall And Security Enhancements                                 #
#                             By Adamm -  https://github.com/Adamm00/IPSet_ASUS                             #
#                                            09/03/2023 - v7.3.6                                            #
#############################################################################################################


=============================================================================================================


Router Model; RT-AX88U
Skynet Version; v7.3.6 (09/03/2023) (6f8bdf21762aede4d234c3a8c70e9d35)
iptables v1.4.15 - (eth0 @ 192.168.50.1)
ipset v7.6, protocol version: 7
IP Address; (108*****)
FW Version; 388.2_0 (Apr 12 2023) (4.1.51)
Install Dir; /tmp/mnt/sda5/skynet (6.9G / 10.3G Space Available)
SWAP File; /tmp/mnt/sda5/myswap.swp (2.0G)
Syslog Location; (/opt/var/log/skynet-0.log) (/tmp/syslog.log-1)
Uptime; 1 days, 3 hours, 59 minutes.
Ram Available; (71M / 882M)


---------------                          | ------------     | ---------------      | ----------
| Device Name |                          | | Local IP |     | | MAC Address |      | | Status |
---------------                          | ------------     | ---------------      | ----------

Unknown                                  | 108.*****         | Online
Unknown                                  | 192.168.1.254       | Inactive
Blink-Station                            | 192.168.50.18        | Inactive
iPhone                                     | 192.168.50.38        | DELAY
LGwebOSTV                                | 192.168.50.66        | Online
Ring-edffd6                              | 192.168.50.83       | Inactive
412e151d7e36e9c723c54d882058bf20         | 192.168.50.94        | Inactive
S22-Ultra                                 | 192.168.50.100       | Inactive
Samsung-TV                               | 192.168.50.108       | Inactive
Thermostat                               | 192.168.50.173       | Online
Basestation                              | 192.168.50.186       | Inactive
RT-AX58U-8670                            | 192.168.50.219       | Inactive
M                                             | 192.168.50.226       | Online
MacBook                                 | 192.168.50.235       | Online


--------------------                | ----------
| Test Description |                | | Result |
--------------------                | ----------

Internet-Connectivity               | [Passed]
Write Permission                    | [Passed]
Config File                         | [Passed]
Firewall-Start Entry                | [Passed]
Services-Stop Entry                 | [Passed]
Service-Event Entry                 | [Passed]
Profile.add Entry                   | [Passed]
SWAP File                           | [Passed]
Cron Jobs                           | [Passed]
NTP Sync                            | [Passed]
IPSet Comment Support               | [Passed]
Log Level 5 Settings                | [Passed]
Duplicate Rules In RAW              | [Passed]
IPSets                              | [Passed]
IPTables Rules                      | [Passed]
Local WebUI Files                   | [Passed]
Mounted WebUI Files                 | [Passed]
MenuTree.js Entry                   | [Passed]


-----------                         | ----------
| Setting |                         | | Status |
----------                          | ----------

Skynet Auto-Updates                 | [Enabled]
Malware List Auto-Updates           | [Enabled]
Logging                             | [Enabled]
Filter Traffic                      | [Enabled]
Unban PrivateIP                     | [Enabled]
Log Invalid Packets                 | [Disabled]
Import AiProtect Data               | [Enabled]
Secure Mode                         | [Enabled]
Fast Switch List                    | [Disabled]
Syslog Location                     | [Custom]
IOT Blocking                        | [Disabled]
Country Lookup For Stats            | [Enabled]
CDN Whitelisting                    | [Enabled]
Display WebUI                       | [Enabled]

18/18 Tests Sucessful        


################################################
## Generated By Skynet - Do Not Manually Edit ##
## May 09 20:37:11                            ##

## Installer ##
model="RT-AX88U"
localver="v7.3.6"
autoupdate="enabled"
banmalwareupdate="daily"
forcebanmalwareupdate=""
logmode="enabled"
filtertraffic="all"
swaplocation="/tmp/mnt/sda5/myswap.swp"

## Counters / Lists ##
blacklist1count="38949"
blacklist2count="2136"
customlisturl=""
customlist2url=""
countrylist=""
excludelists=""

## Settings ##
unbanprivateip="enabled"
loginvalid="disabled"
banaiprotect="enabled"
securemode="enabled"
extendedstats="enabled"
fastswitch="disabled"
syslogloc="/opt/var/log/skynet-0.log"
syslog1loc="/tmp/syslog.log-1"
iotblocked="disabled"
iotports=""
iotproto="udp"
lookupcountry="enabled"
cdnwhitelist="enabled"
displaywebui="enabled"

################################################


=============================================================================================================


[#] 38949 IPs (+0) -- 2136 Ranges Banned (+0) || 64 Inbound -- 0 Outbound Connections Blocked! [debug] [1s]

jorg@RT-AX88U-F610:/tmp/home/root#

 

[dave14305]

I did however just enable inbound firewall rules in the GUI from @SomeWhereOverTheRainBow suggestion. I don't know if that was the issue but I don't have any inbound firewall rules configured in the GUI.

Not even remotely related to the issue you reported. The IPv4 inbound firewall feature is incomplete and poorly implemented by Asus. Better to keep it off. If it had any effect, it would have only been because it triggered a firewall restart which would cause Skynet to restart again.

 

[jorgsmash]

Not even remotely related to the issue you reported. The IPv4 inbound firewall feature is incomplete and poorly implemented by Asus. Better to keep it off. If it had any effect, it would have only been because it triggered a firewall restart which would cause Skynet to restart again.

Should I just go ahead and uninstall and reinstall? And remove swap?

 

[SomeWhereOverTheRainBow]

Run the debug command to gather more info:

firewall debug info extended

This helps us understand what all processes are held in skynet processing as @dave14305 mentions.it may give some hint to where the problem resides.

Not even remotely related to the issue you reported. The IPv4 inbound firewall feature is incomplete and poorly implemented by Asus. Better to keep it off. If it had any effect, it would have only been because it triggered a firewall restart which would cause Skynet to restart again.

And as @dave14305 points it is more remotely close than my previous suggestion.

 

[dave14305]

Should I just go ahead and uninstall and reinstall? And remove swap?

Go ahead and uninstall and reinstall, but don't remove swap. It takes too long to re-create it later.

See if anything is left behind in /tmp/mnt/sda5/skynet or /jffs/scripts/firewall-start after uninstall.

 

[jorgsmash]

This help us understand what all processes are help up by skynet as @dave14305 mentions.

I posted the output above

 

[jorgsmash]

Go ahead and uninstall and reinstall, but don't remove swap. It takes too long to re-create it later.

See if anything is left behind in /tmp/mnt/sda5/skynet or /jffs/scripts/firewall-start after uninstall.

Uninstalled, haven't rebooted yet.

jorg@RT-AX88U-F610:/tmp/home/root# ls -la /tmp/mnt/sda5/
drwxrwxrwx    5 jorg     root          4096 May  9 21:19 .
drwxrwxrwx    4 jorg     root            80 May  8 16:50 ..
-rw-rw-rw-    1 jorg     root            19 May  5  2018 .___var.txt
-rw-rw-rw-    1 jorg     root             0 May  8 16:50 .___var.txt.19
-rw-rw-rw-    1 jorg     root            42 May  8 16:50 .__folder_list.txt
-rw-rw-rw-    1 jorg     root             0 May  8 16:50 .__folder_list.txt.42
-rw-rw-rw-    1 jorg     root            19 May  5  2018 .__jorg_var.txt
-rw-rw-rw-    1 jorg     root             0 May  8 16:50 .__jorg_var.txt.19
drwxrwxrwx    2 jorg     root          4096 May  5  2018 .minidlna
drwxr-xr-x   14 jorg     root          4096 Sep  6  2020 entware
d---------    2 jorg     root          4096 Dec 31  1969 lost+found
-rw-rw-rw-    1 jorg     root     2147483648 Apr 21  2020 myswap.swp
jorg@RT-AX88U-F610:/tmp/home/root# cat /jffs/scripts/firewall-start
#!/bin/sh

sh /jffs/addons/flexqos/flexqos.sh -start & # FlexQoS Addition


#Create VPN Routes for Server and Client Passthrough
#https://www.snbforums.com/threads/openvpn-server-and-client-question.38378/page-2 - Post 39
# Allow pass-thru for a connecting OpenVPN Server client to use Selective Policy routing RPDB out via VPN Client
iptables -D POSTROUTING -t nat -s $(nvram get vpn_server1_sn)/24 -o tun11 -j MASQUERADE
iptables -I POSTROUTING -t nat -s $(nvram get vpn_server1_sn)/24 -o tun11 -j MASQUERADE
sh /jffs/addons/diversion/type65blocking.div # Added by Diversion
/jffs/scripts/YazFi runnow & # YazFi Guest Networks
jorg@RT-AX88U-F610:/tmp/home/root#

 

[SomeWhereOverTheRainBow]

I posted the output above

What does opkg list-installed | grep iptables show and echo $PATH show? When you run them directly in the terminal?

 

[jorgsmash]

What does opkg list-installed | grep iptables show and echo $PATH show? When you run them directly in the terminal?

jorg@RT-AX88U-F610:/tmp/home/root# opkg list-installed | grep iptables
jorg@RT-AX88U-F610:/tmp/home/root#
jorg@RT-AX88U-F610:/tmp/home/root#
jorg@RT-AX88U-F610:/tmp/home/root# opkg list-installed | grep iptables
jorg@RT-AX88U-F610:/tmp/home/root#
jorg@RT-AX88U-F610:/tmp/home/root#
jorg@RT-AX88U-F610:/tmp/home/root# echo $PATH
/opt/bin:/opt/sbin:/bin:/usr/bin:/sbin:/usr/sbin:/home/jorg:/mmc/sbin:/mmc/bin:/mmc/usr/sbin:/mmc/usr/bin:/opt/sbin:/opt/bin:/opt/usr/sbin:/opt/usr/bin
jorg@RT-AX88U-F610:/tmp/home/root#

 

[SomeWhereOverTheRainBow]

jorg@RT-AX88U-F610:/tmp/home/root# opkg list-installed | grep iptables
jorg@RT-AX88U-F610:/tmp/home/root#
jorg@RT-AX88U-F610:/tmp/home/root#
jorg@RT-AX88U-F610:/tmp/home/root# opkg list-installed | grep iptables
jorg@RT-AX88U-F610:/tmp/home/root#
jorg@RT-AX88U-F610:/tmp/home/root#
jorg@RT-AX88U-F610:/tmp/home/root# echo $PATH
/opt/bin:/opt/sbin:/bin:/usr/bin:/sbin:/usr/sbin:/home/jorg:/mmc/sbin:/mmc/bin:/mmc/usr/sbin:/mmc/usr/bin:/opt/sbin:/opt/bin:/opt/usr/sbin:/opt/usr/bin
jorg@RT-AX88U-F610:/tmp/home/root#

I only asked because I noticed an issue with skynet statistics with iptables installed ( or there might have been some other check failing?). I was dumb founded until I saw the path was the same as yours, when I changed it my statistics detection issue went away.

The iptables -t raw -nvl listed the appropriate iptable rules, but the skynet statistics were wrong (inaccurate.)

 

[jorgsmash]

Go ahead and uninstall and reinstall, but don't remove swap. It takes too long to re-create it later.

See if anything is left behind in /tmp/mnt/sda5/skynet or /jffs/scripts/firewall-start after uninstall.

I think I have this drive partitioned, but not sure the exact command to check via SSH

[i] Installing Skynet v7.3.6

Looking For Available Partitions
[1]  --> /tmp/mnt/sda5 - (/dev/sda5)

Please Enter Partition Number Or e To Exit
[0-1]:

 

[SomeWhereOverTheRainBow]

I think I have this drive partitioned, but not sure the exact command to check via SSH

[i] Installing Skynet v7.3.6

Looking For Available Partitions
[1]  --> /tmp/mnt/sda5 - (/dev/sda5)

Please Enter Partition Number Or e To Exit
[0-1]:

So look at @dave14305 previous message and make sure you have reviewed any files left behind before reinstalling.
"See if anything is left behind in /tmp/mnt/sda5/skynet or /jffs/scripts/firewall-start after uninstall."
Because he has a sixth sense for when objects are not installed in their correct location, when files have become corrupt, or when extra bits of information are left behind that tell us why things failed to begin with.

 

[jorgsmash]

Disregard last message, I was thinking it was asking partition 0 or partition 1. Turns out, entering 0 was an invalid selection. Skynet has been re-installed.

So look at @dave14305 previous message and make sure you have reviewed any files left behind before reinstalling.
"See if anything is left behind in /tmp/mnt/sda5/skynet or /jffs/scripts/firewall-start after uninstall."

I posted the output of that above.

 

[jorgsmash]

lets say I reduce it by 100,000 entries using iprange

326293 printed CIDRs, break down by prefix:
        - prefix /3 counts 1 entries
        - prefix /8 counts 3 entries
        - prefix /9 counts 1 entries
        - prefix /10 counts 16 entries
        - prefix /11 counts 31 entries
        - prefix /12 counts 76 entries
        - prefix /13 counts 122 entries
        - prefix /14 counts 196 entries
        - prefix /15 counts 322 entries
        - prefix /16 counts 929 entries
        - prefix /17 counts 629 entries
        - prefix /18 counts 949 entries
        - prefix /19 counts 1508 entries
        - prefix /20 counts 2028 entries
        - prefix /21 counts 2481 entries
        - prefix /22 counts 5771 entries
        - prefix /23 counts 5314 entries
        - prefix /24 counts 13500 entries
        - prefix /25 counts 424 entries
        - prefix /26 counts 560 entries
        - prefix /27 counts 583 entries
        - prefix /28 counts 798 entries
        - prefix /29 counts 1285 entries
        - prefix /30 counts 2631 entries
        - prefix /31 counts 9815 entries
        - prefix /32 counts 276320 entries

totals: 326293 lines read, 302935 distinct IP ranges found, 26 CIDR prefixes, 326293 CIDRs printed, 1100260370 unique IPs
completed in 12.08756 seconds (read 0.22889 + think 0.21960 + speak 11.63906)

and here is if I reduce it by 1 million

742955 printed CIDRs, break down by prefix:
        - prefix /16 counts 15653 entries
        - prefix /24 counts 289012 entries
        - prefix /32 counts 438290 entries

totals: 326293 lines read, 302935 distinct IP ranges found, 3 CIDR prefixes, 742955 CIDRs printed, 1100260370 unique IPs
completed in 28.41651 seconds (read 0.22530 + think 0.23088 + speak 27.96033)

the last list would probably be the most "optimized" for IPset hash:ip in-regards to memory (RAM) consumption because I have reduced the differences in prefix lengths to its lowest possible outcome.

For hash:net, the first list would be the most optimized.

As a side note 1100260370 unique IPs could imply that my list blocks slightly more than approximately 1/4th about 25.62% the worlds IP addresses (on all open incoming ports) and (all outbound connections). @Tech9 .

How can I implement this? Is it with Skynet? Which option would be best for me since I have only 50 mb free memory?

My Skynet is only blocking a measly 39,245 IPs.

39245 IPs (+0) -- 2198 Ranges Banned (+0) || 47 Inbound -- 0 Outbound Connections Blocked!

 

[jorgsmash]

Found it https://www.snbforums.com/threads/is-default-firewall-good-enough.76648/page-3#post-759170

Would anyone be willing to help me figure out my RAM consumption issue? I'm at 96% utilization now.

 

[SomeWhereOverTheRainBow]

Found it https://www.snbforums.com/threads/is-default-firewall-good-enough.76648/page-3#post-759170

Would anyone be willing to help me figure out my RAM consumption issue? I'm at 96% utilization now.

Maybe you should consider taking a break for a while, afterall you just unbroke your skynet. Maybe take a few days off.

 

[SomeWhereOverTheRainBow]

Found it https://www.snbforums.com/threads/is-default-firewall-good-enough.76648/page-3#post-759170

Would anyone be willing to help me figure out my RAM consumption issue? I'm at 96% utilization now.

Show us a screenshot of your amtm menu showing all the addons you have installed. Maybe @dave14305 can tell you which ones are consuming the most RAM. His detective abilities are far superior to anyone else's in these forums.

 

[Viktor Jaep]

So look at @dave14305 previous message and make sure you have reviewed any files left behind before reinstalling.
"See if anything is left behind in /tmp/mnt/sda5/skynet or /jffs/scripts/firewall-start after uninstall."
Because he has a sixth sense for when objects are not installed in their correct location, when files have become corrupt, or when extra bits of information are left behind that tell us why things failed to begin with.

Lol... Sixth sense! True though. @dave14305 has a knack for seeing details that illude us!

 

[SomeWhereOverTheRainBow]

Lol... Sixth sense! True though. @dave14305 has a knack for seeing details that illude us!

Definitely, aside from the limits of boolean, his knowledge knows no bounds.

 

[jorgsmash]

Show us a screenshot of your amtm menu showing all the addons you have installed. Maybe @dave14305 can tell you which ones are consuming the most RAM. His detective abilities are far superior to anyone else's in these forums.

Here it is in all its glory