Skynet Skynet - Router Firewall & Security Enhancements

  • ATTENTION! You'll notice a Prefix dropdown when you create a thread. If your post applies to one of the topics listed, please use that Prefix for your post. When browsing the thread list you can use the Prefix to filter the view.
  • ATTENTION! As of November 1, 2020, you are not able to reply to threads 6 months after the thread is opened if there are more than 500 posts in the thread.
    Threads will not be locked, so posts may still be edited by their authors.
    Just start a new thread on the topic to post if you get an error message when trying to reply to a thread.

Wishmaster1965

Regular Contributor
I have this question right now. For me it is the UDP 1149 port for my OpenVPN server that is always blocked: $

But unfortunately the Adamm only says IP based.

Have you tried the ASUS gui / WAN / Port Trigger or Port Forwarding ?
 

dave14305

Part of the Furniture
I get this message for the last two weeks when updating the Malwarebanlist
Refreshing Whitelists | du: : No such file or directory
When I print the debug info it passes all tests.
Diversion is on its most current release.
Sounds like your swap file is missing or undetected.
 

Kenji

Occasional Visitor
Have you tried the ASUS gui / WAN / Port Trigger or Port Forwarding ?

Yes, but I'm not sure if that's all true. that's why i put everything i thought here :eek: do you know your way better?
with activated firewall it still doesn't work: / Tips?

lg.
 

Attachments

  • Screenshot_20200505-234037.jpg
    Screenshot_20200505-234037.jpg
    43.3 KB · Views: 76
  • Screenshot_20200505-234019.jpg
    Screenshot_20200505-234019.jpg
    36.7 KB · Views: 76

dave14305

Part of the Furniture
Filename Type Size Used Priority
/tmp/mnt/SKYNET/myswap.swp file 1048572 0 -1
How about running this:
Code:
grep swaplocation /tmp/mnt/SKYNET/skynet/skynet.cfg
I'm guessing it doesn't exist or is blank.
 

Triton

Occasional Visitor
How about running this:
Code:
grep swaplocation /tmp/mnt/SKYNET/skynet/skynet.cfg
I'm guessing it doesn't exist or is blank.
output was
swaplocation=""

then the file lock notice showed up for some minutes.
now it's gone but i still get the same message when updating the malware banlist
 

dave14305

Part of the Furniture
output was
swaplocation=""

then the file lock notice showed up for some minutes.
now it's gone but i still get the same message when updating the malware banlist
How about running
Code:
sh /jffs/scripts/firewall debug swap install
Then see if that populates the skynet.cfg file.
 

Triton

Occasional Visitor
How about running
Code:
sh /jffs/scripts/firewall debug swap install
Then see if that populates the skynet.cfg file.
seems to have done the trick, no error message anymore :D
thanks!
 

dave14305

Part of the Furniture
Yes, but I'm not sure if that's all true. that's why i put everything i thought here :eek: do you know your way better?
with activated firewall it still doesn't work: / Tips?

lg.
There is usually no need to port forward or trigger for the built-in OpenVPN server. Remove all that stuff you added. Then check the state of the firewall rules:
Code:
iptables -nvL OVPN
 

Kenji

Occasional Visitor
There is usually no need to port forward or trigger for the built-in OpenVPN server. Remove all that stuff you added. Then check the state of the firewall rules:
Code:
iptables -nvL OVPN


All rules removed. Now only the VPN server and the VPN client (Nordvpn) are running
I don't know my way around but it shouldn't look like this?

lg.
 

Attachments

  • iptables.png
    iptables.png
    337.2 KB · Views: 79
  • VPN Status.png
    VPN Status.png
    292.8 KB · Views: 67
  • Port Forwarding.png
    Port Forwarding.png
    223.5 KB · Views: 68

dave14305

Part of the Furniture
All rules removed. Now only the VPN server and the VPN client (Nordvpn) are running
I don't know my way around but it shouldn't look like this?

lg.
So you have a client and server both running on the router simultaneously. Too complicated for my limited VPN knowledge.
 

L0nkFromPA

New Around Here
I'm not sure if this has been requested before, but could there be an option, preferably on by default, to automatically whitelist addresses like the resolved IP of the configured NTP servers, the currently configured DNS resolvers, and the WAN default gateway? Basically things that if they were FPs in IP lists, they would stop everything from working and prevent fetching updated lists and therefore prevent fixing the FP.

This hasn't happened, I just have custom lists and was thinking of bad things that could happen.
 
Last edited:

dave14305

Part of the Furniture
I'm not sure if this has been requested before, but could there be an option, preferably on by default, to automatically whitelist addresses like the resolved IP of the configured NTP servers, the currently configured DNS resolvers, and the WAN default gateway? Basically things that if they were FPs in IP lists, they would stop everything from working and prevent fetching updated lists and therefore prevent fixing the FP.
Already part of the script. It includes the WAN IP, but not the WAN gateway.
 

L0nkFromPA

New Around Here
Already part of the script. It includes the WAN IP, but not the WAN gateway.

Thanks for the reply. I looked through the script and found what I think are whitelist entries for all of the things I asked for here except the WAN gateway. I might have missed it, though.
 

AntonK

Very Senior Member
Hi everyone,

Question from a total non-techie (well, almost total): is there anything that either Diversion or SkyNet would be doing that would block my Desktop PC from connecting to my Echo Studio when listening via Spotify? All of a sudden I can't play Spotify through my Echo. I can play SiriusXM no problem. I'm guessing it's a temporary outage somewhere else, because I've been using Diversion and SkyNet for some time without any issues (see my signature below). Still, just checking...

Thanks,
Anton
 

SomeWhereOverTheRainBow

Very Senior Member
Hi everyone,

Question from a total non-techie (well, almost total): is there anything that either Diversion or SkyNet would be doing that would block my Desktop PC from connecting to my Echo Studio when listening via Spotify? All of a sudden I can't play Spotify through my Echo. I can play SiriusXM no problem. I'm guessing it's a temporary outage somewhere else, because I've been using Diversion and SkyNet for some time without any issues (see my signature below). Still, just checking...

Thanks,
Anton
if you are using any adblockers that block domains associated with spotify, It would most likely be an issue with the block list you are using with diversion as skynet mainly only blocks threat level stuff. check your logs in diversion and look for domains specifically being blocked when you try to access spotify from your echo. it will list all the domain traffic that is being blocked for the ip addess that is associated with your echo. ( first you need to identify the ip address assigned to your echo before this will be relevant). Once you identify the domains being blocked, then add them to your whitelist and run process all list.
if you need more help with this try moving this issue to the diversion thread for more help.
 

SomeWhereOverTheRainBow

Very Senior Member
Hi everyone,

Question from a total non-techie (well, almost total): is there anything that either Diversion or SkyNet would be doing that would block my Desktop PC from connecting to my Echo Studio when listening via Spotify? All of a sudden I can't play Spotify through my Echo. I can play SiriusXM no problem. I'm guessing it's a temporary outage somewhere else, because I've been using Diversion and SkyNet for some time without any issues (see my signature below). Still, just checking...

Thanks,
Anton
Code:
apresolve.spotify.com
upgrade.scdn.com
market.spotify.com
spclient.wg.spotify.com
audio-ake.spotify.com.edgesuite.net
mobile-ap.spotify.com

here is some commonly whitelisted ones for spotify try them out in your diversion whitelist and let me know if it resolves your issue.

**edit** Note i just updated the list with a corrected spelling **
 

Similar threads

Latest threads

Sign Up For SNBForums Daily Digest

Get an update of what's new every day delivered to your mailbox. Sign up here!
Top