What's new

Skynet Skynet - Router Firewall & Security Enhancements

  • SNBForums Code of Conduct

    SNBForums is a community for everyone, no matter what their level of experience.

    Please be tolerant and patient of others, especially newcomers. We are all here to share and learn!

    The rules are simple: Be patient, be nice, be helpful or be gone!

I'm not sure if my log file got corrupt, but information in the stats page were in the wrong fields. It took about 3 minutes to reset the stats. Is that normal?
 

Attachments

  • Shot0001.jpg
    Shot0001.jpg
    72.4 KB · Views: 222
I'm not sure if my log file got corrupt, but information in the stats page were in the wrong fields. It took about 3 minutes to reset the stats. Is that normal?

You would have to send me a copy of your stats.js and skynet.log to know whats going on.
 
You are right in saying the wording is.. inconsistent. I've corrected this and pushed an update so it is correctly referenced throughout the script as "Fast Switch".

As for functionality, the command didn't work becuase you are supposed to replace the url with a real one, google certianly isn't hosting skynet content on its main domain :p

Hi Adamm, I just had an idea and thought I'd propose it to you. My router (AX88u) has a button on the front of it that I believe disables the wifi. I have no reason to ever need to press that button to disable the wifi so I figured, if possible, it would be better served as "Wife-Mode" button. Perhaps someone could write a script that enables the wife-mode for an hour or two if they press that button and then switches back after some time. Would be better functionality in my opinion than disabling the wifi. Would be pretty cool but not sure if that's possible. Just a thought.
 
Hi Adamm, I just had an idea and thought I'd propose it to you. My router (AX88u) has a button on the front of it that I believe disables the wifi. I have no reason to ever need to press that button to disable the wifi so I figured, if possible, it would be better served as "Wife-Mode" button. Perhaps someone could write a script that enables the wife-mode for an hour or two if they press that button and then switches back after some time. Would be better functionality in my opinion than disabling the wifi. Would be pretty cool but not sure if that's possible. Just a thought.
How is this related to skynet or the reply you quoted? Did I miss a portion of the thread somewhere?:confused:
 
And what exactly is Wife-Mode? :)

If it makes my significant other go to the kitchen and make me a sandwich? I'm all for it. :D
 
As I suspected I missed a part somewhere. ;)
Are you saying you haven't read all 349 pages? I've only been following for a few years and I remember that discussion....:)
 
Are you saying you haven't read all 349 pages? I've only been following for a few years and I remember that discussion....:)
No I missed that part ;) but I will say I didn't think a reply to a reply from 2018 would have popped up in 2020, but 2020 has been nothing but crazy so....
 
I have a question about the "Private WAN address" thing, as my situation is a bit different than most.

Because I have a home-based business, I have a Comcast Business Class account with a static Ipv4 range. I can't change the Comcast Router-modem to bridge mode because it would break the "true static" configuration. I also have some servers which are on a DMZ network segment that's on a switch that's plugged directly to the Comcast router. To get the static public IP address for those servers (both physical & virtual), all I have to do is configure the static IP that I want, and it just works. So far so good. The host-based firewalls on those servers are configured to deny all inbound traffic on the public IP addresses, except for the specific traffic they're supposed to get.

The Comcast router also offers private IP addresses via a DHCP server, and if you configure a second static IP, subnet mask etc. on one of the servers in that private IP range, you get essentially a private subnet that they can to each other on, and looks to the host-based firewall as though it was another interface with its own rules.

My Asus router is plugged into the same switch as the servers, and, because I need the servers to be able to recognize traffic coming out via the router as "internal" so that, for example, I can remote into the servers using the servers' private IP address, I have the router configured with a private IP address, and, on the Comcast router, I have a route manually configured to route all traffic addressed to the public IP for the Asus to its private IP address, like I would in a traditional multilevel enterprise network, where the Comcast is my edge router and the ASUS my internal<->DMZ firewall/router.

Now I get the Private WAN IP address messages in the syslog from Skynet. Is there any way to convince Skynet that it's OK? If not, is there a way to configure the router to have 2 IP addresses on the WAN interface like I have on my servers?
 
Checked my logs and I am seeing random firewall restarts:

Apr 23 22:34:40 custom_script: Running /jffs/scripts/firewall-start
Apr 23 22:36:10 custom_script: Running /jffs/scripts/firewall-start
 
Checked my logs and I am seeing random firewall restarts:

Apr 23 22:34:40 custom_script: Running /jffs/scripts/firewall-start
Apr 23 22:36:10 custom_script: Running /jffs/scripts/firewall-start
That’s exactly 90 seconds apart. How many of these random occurrences are there? Search the syslog for restart_firewall.
 
No I missed that part ;) but I will say I didn't think a reply to a reply from 2018 would have popped up in 2020, but 2020 has been nothing but crazy so....
I haven't gone back to search for it, but if I remember correctly, there were a couple of pages of discussion that referenced what was temporarily and facetiously being called "wife-mode" (possibly crossing over with @thelonelycoder on the Diversion thread) in the early days of what ultimately became known as Fast User Switching (and later? adding the "Alternate blocking list for specified clients"), so it was a bit more than just a reference to a single "reply to a reply". Not that it really matters anymore... :D.
 
Need some help to understand what's happening
Using rtorrent for years now and always opened it's port in
Code:
/jffs/scripts/firewall-start
And it always working fine using DDNS well and always found the set port open in any port checker website

Recently i bought PS4 pro few days back, opened ps4 ports in firewall like rtorrent ports in firewall-start, PS4 shows Nat open, but when i check port scanner websites etc, it says ports are closed, why so? Can't figure this out
Please help?? o_O
 
I haven't gone back to search for it, but if I remember correctly, there were a couple of pages of discussion that referenced what was temporarily and facetiously being called "wife-mode" (possibly crossing over with @thelonelycoder on the Diversion thread) in the early days of what ultimately became known as Fast User Switching (and later? adding the "Alternate blocking list for specified clients"), so it was a bit more than just a reference to a single "reply to a reply". Not that it really matters anymore... :D.
I never used the wife mode moniker, in Diversion it has always been fs for fast switch. Skynet used wm for a little while when the function was introduced but its author eventually changed it to a neutral name.
 
Last edited:
it was a bit more than just a reference to a single "reply to a reply". Not that it really matters anymore... :D.
I digress, you win. :D Now back to our regularly scheduled topic.
 
That’s exactly 90 seconds apart. How many of these random occurrences are there? Search the syslog for restart_firewall.

Waited till this morning to check and I had only 1 restart_firewall, and 2 firewall-start.

I was doing some config changes, maybe that's why I kept seeing them, so I'm concluding they happen every-time something gets changed on the router.
 
Need some help to understand what's happening
Using rtorrent for years now and always opened it's port in
Code:
/jffs/scripts/firewall-start
And it always working fine using DDNS well and always found the set port open in any port checker website

Recently i bought PS4 pro few days back, opened ps4 ports in firewall like rtorrent ports in firewall-start, PS4 shows Nat open, but when i check port scanner websites etc, it says ports are closed, why so? Can't figure this out
Please help?? o_O

I'm also trying to open my NAT type to my PS4. I used the GUI port forwarding but wasn't able to get an open NAT type while playing. What ports did you open? Does skynet have a place to edit port forward rules? The GUI only allows for 64 port forwards and I was wondering if Skynet allows for more.

The ports I tried to set in the GUI are as follows:
upload_2020-4-24_9-16-43.png


For the above port ranges, the GUI in the firewall allows you to enter a range in the external port, but not a range in the internal port. It only allows you to put one port in the internal port box. So I left the internal port blank (it showed optional). So my port forward list looks like this:

upload_2020-4-24_9-20-42.png


Should I enter each port individually instead of using a range? Or is there a better way to do this in Skynet rather than the GUI? Sorry for the many questions, but I tried using the port forwarding rules in the WAN settings. Now I see additional inbound firewall rules in the general tab of the firewall. What's the difference between these? Thanks!
 
Last edited:
I haven't had an outbound block in a month I don't think. I'm riding her bareback, no whitelists or ban lists, just like she came out of the stable. I hope this is a moot point, and I understand this is usually a good thing, but felt like I needed to ask in case I missed something. Had lots of inbound blocks.
thanks,
jts

RT-AC86U w/ 384.17 beta1, RT-AC68U Aimesh node w/ same, Diversion, UiDivstats, Skynet, AiProtection, Scribe, UiScribe, Conmon, SpdMerlin, ScMerlin, Nsrum, NtpMerlin, OpenVPN selective clients
 

Similar threads

Latest threads

Sign Up For SNBForums Daily Digest

Get an update of what's new every day delivered to your mailbox. Sign up here!
Top