Skynet Skynet - Router Firewall & Security Enhancements

  • ATTENTION! You'll notice a Prefix dropdown when you create a thread. If your post applies to one of the topics listed, please use that Prefix for your post. When browsing the thread list you can use the Prefix to filter the view.
  • ATTENTION! As of November 1, 2020, you are not able to reply to threads 6 months after the thread is opened if there are more than 500 posts in the thread.
    Threads will not be locked, so posts may still be edited by their authors.
    Just start a new thread on the topic to post if you get an error message when trying to reply to a thread.

MacG32

Regular Contributor
I'm not sure if my log file got corrupt, but information in the stats page were in the wrong fields. It took about 3 minutes to reset the stats. Is that normal?
 

Attachments

  • Shot0001.jpg
    Shot0001.jpg
    72.4 KB · Views: 119

Adamm

Part of the Furniture
I'm not sure if my log file got corrupt, but information in the stats page were in the wrong fields. It took about 3 minutes to reset the stats. Is that normal?

You would have to send me a copy of your stats.js and skynet.log to know whats going on.
 

jorgsmash

Regular Contributor
You are right in saying the wording is.. inconsistent. I've corrected this and pushed an update so it is correctly referenced throughout the script as "Fast Switch".

As for functionality, the command didn't work becuase you are supposed to replace the url with a real one, google certianly isn't hosting skynet content on its main domain :p

Hi Adamm, I just had an idea and thought I'd propose it to you. My router (AX88u) has a button on the front of it that I believe disables the wifi. I have no reason to ever need to press that button to disable the wifi so I figured, if possible, it would be better served as "Wife-Mode" button. Perhaps someone could write a script that enables the wife-mode for an hour or two if they press that button and then switches back after some time. Would be better functionality in my opinion than disabling the wifi. Would be pretty cool but not sure if that's possible. Just a thought.
 

QuikSilver

Very Senior Member
Hi Adamm, I just had an idea and thought I'd propose it to you. My router (AX88u) has a button on the front of it that I believe disables the wifi. I have no reason to ever need to press that button to disable the wifi so I figured, if possible, it would be better served as "Wife-Mode" button. Perhaps someone could write a script that enables the wife-mode for an hour or two if they press that button and then switches back after some time. Would be better functionality in my opinion than disabling the wifi. Would be pretty cool but not sure if that's possible. Just a thought.
How is this related to skynet or the reply you quoted? Did I miss a portion of the thread somewhere?:confused:
 

L&LD

Part of the Furniture
And what exactly is Wife-Mode? :)

If it makes my significant other go to the kitchen and make me a sandwich? I'm all for it. :D
 

jorgsmash

Regular Contributor

QuikSilver

Very Senior Member

jsbeddow

Senior Member
As I suspected I missed a part somewhere. ;)
Are you saying you haven't read all 349 pages? I've only been following for a few years and I remember that discussion....:)
 

QuikSilver

Very Senior Member
Are you saying you haven't read all 349 pages? I've only been following for a few years and I remember that discussion....:)
No I missed that part ;) but I will say I didn't think a reply to a reply from 2018 would have popped up in 2020, but 2020 has been nothing but crazy so....
 

Jim Scardelis

New Around Here
I have a question about the "Private WAN address" thing, as my situation is a bit different than most.

Because I have a home-based business, I have a Comcast Business Class account with a static Ipv4 range. I can't change the Comcast Router-modem to bridge mode because it would break the "true static" configuration. I also have some servers which are on a DMZ network segment that's on a switch that's plugged directly to the Comcast router. To get the static public IP address for those servers (both physical & virtual), all I have to do is configure the static IP that I want, and it just works. So far so good. The host-based firewalls on those servers are configured to deny all inbound traffic on the public IP addresses, except for the specific traffic they're supposed to get.

The Comcast router also offers private IP addresses via a DHCP server, and if you configure a second static IP, subnet mask etc. on one of the servers in that private IP range, you get essentially a private subnet that they can to each other on, and looks to the host-based firewall as though it was another interface with its own rules.

My Asus router is plugged into the same switch as the servers, and, because I need the servers to be able to recognize traffic coming out via the router as "internal" so that, for example, I can remote into the servers using the servers' private IP address, I have the router configured with a private IP address, and, on the Comcast router, I have a route manually configured to route all traffic addressed to the public IP for the Asus to its private IP address, like I would in a traditional multilevel enterprise network, where the Comcast is my edge router and the ASUS my internal<->DMZ firewall/router.

Now I get the Private WAN IP address messages in the syslog from Skynet. Is there any way to convince Skynet that it's OK? If not, is there a way to configure the router to have 2 IP addresses on the WAN interface like I have on my servers?
 

randomName

Very Senior Member
Checked my logs and I am seeing random firewall restarts:

Apr 23 22:34:40 custom_script: Running /jffs/scripts/firewall-start
Apr 23 22:36:10 custom_script: Running /jffs/scripts/firewall-start
 

dave14305

Part of the Furniture
Checked my logs and I am seeing random firewall restarts:

Apr 23 22:34:40 custom_script: Running /jffs/scripts/firewall-start
Apr 23 22:36:10 custom_script: Running /jffs/scripts/firewall-start
That’s exactly 90 seconds apart. How many of these random occurrences are there? Search the syslog for restart_firewall.
 

jsbeddow

Senior Member
No I missed that part ;) but I will say I didn't think a reply to a reply from 2018 would have popped up in 2020, but 2020 has been nothing but crazy so....
I haven't gone back to search for it, but if I remember correctly, there were a couple of pages of discussion that referenced what was temporarily and facetiously being called "wife-mode" (possibly crossing over with @thelonelycoder on the Diversion thread) in the early days of what ultimately became known as Fast User Switching (and later? adding the "Alternate blocking list for specified clients"), so it was a bit more than just a reference to a single "reply to a reply". Not that it really matters anymore... :D.
 

immi803

Senior Member
Need some help to understand what's happening
Using rtorrent for years now and always opened it's port in
Code:
/jffs/scripts/firewall-start
And it always working fine using DDNS well and always found the set port open in any port checker website

Recently i bought PS4 pro few days back, opened ps4 ports in firewall like rtorrent ports in firewall-start, PS4 shows Nat open, but when i check port scanner websites etc, it says ports are closed, why so? Can't figure this out
Please help?? o_O
 

thelonelycoder

Part of the Furniture
I haven't gone back to search for it, but if I remember correctly, there were a couple of pages of discussion that referenced what was temporarily and facetiously being called "wife-mode" (possibly crossing over with @thelonelycoder on the Diversion thread) in the early days of what ultimately became known as Fast User Switching (and later? adding the "Alternate blocking list for specified clients"), so it was a bit more than just a reference to a single "reply to a reply". Not that it really matters anymore... :D.
I never used the wife mode moniker, in Diversion it has always been fs for fast switch. Skynet used wm for a little while when the function was introduced but its author eventually changed it to a neutral name.
 
Last edited:

QuikSilver

Very Senior Member
it was a bit more than just a reference to a single "reply to a reply". Not that it really matters anymore... :D.
I digress, you win. :D Now back to our regularly scheduled topic.
 

randomName

Very Senior Member
That’s exactly 90 seconds apart. How many of these random occurrences are there? Search the syslog for restart_firewall.

Waited till this morning to check and I had only 1 restart_firewall, and 2 firewall-start.

I was doing some config changes, maybe that's why I kept seeing them, so I'm concluding they happen every-time something gets changed on the router.
 

jorgsmash

Regular Contributor
Need some help to understand what's happening
Using rtorrent for years now and always opened it's port in
Code:
/jffs/scripts/firewall-start
And it always working fine using DDNS well and always found the set port open in any port checker website

Recently i bought PS4 pro few days back, opened ps4 ports in firewall like rtorrent ports in firewall-start, PS4 shows Nat open, but when i check port scanner websites etc, it says ports are closed, why so? Can't figure this out
Please help?? o_O

I'm also trying to open my NAT type to my PS4. I used the GUI port forwarding but wasn't able to get an open NAT type while playing. What ports did you open? Does skynet have a place to edit port forward rules? The GUI only allows for 64 port forwards and I was wondering if Skynet allows for more.

The ports I tried to set in the GUI are as follows:
upload_2020-4-24_9-16-43.png


For the above port ranges, the GUI in the firewall allows you to enter a range in the external port, but not a range in the internal port. It only allows you to put one port in the internal port box. So I left the internal port blank (it showed optional). So my port forward list looks like this:

upload_2020-4-24_9-20-42.png


Should I enter each port individually instead of using a range? Or is there a better way to do this in Skynet rather than the GUI? Sorry for the many questions, but I tried using the port forwarding rules in the WAN settings. Now I see additional inbound firewall rules in the general tab of the firewall. What's the difference between these? Thanks!
 
Last edited:

JT Strickland

Senior Member
I haven't had an outbound block in a month I don't think. I'm riding her bareback, no whitelists or ban lists, just like she came out of the stable. I hope this is a moot point, and I understand this is usually a good thing, but felt like I needed to ask in case I missed something. Had lots of inbound blocks.
thanks,
jts

RT-AC86U w/ 384.17 beta1, RT-AC68U Aimesh node w/ same, Diversion, UiDivstats, Skynet, AiProtection, Scribe, UiScribe, Conmon, SpdMerlin, ScMerlin, Nsrum, NtpMerlin, OpenVPN selective clients
 

Similar threads

Latest threads

Sign Up For SNBForums Daily Digest

Get an update of what's new every day delivered to your mailbox. Sign up here!
Top