Custom firmware for R7800 to extend its functionality

417 posts / 0 new
Last post
bogdanr
bogdanr's picture
Does this firmware support

Does this firmware support Vlan tagging ?

Voxel
Voxel's picture
There is some VLAN settings

There is some VLAN settings in Advanced option. I do not use this. Should be the same as in stock firmware.

Voxel.

Voxel
Voxel's picture
I publish new version of

I publish new version of custom firmware:1.0.2.15SF.

The link for download is https://yadi.sk/d/UH5g9Haz33Sz9K

Link for Webcam support for this version is: https://yadi.sk/d/sQtrSsQW33VyRy

 

Changes (vs 1.0.2.13SF):

1.0.2.15SF

1. Samba: config file is optimized.

2. OpenVPN: version is upgraded 2.3.13->2.3.14.

3. Toolchain: GCC compiler version is changed and its most recent OpenWRT & Debian patches are used.

4. Toolchain: uClibc most recent patches are added.

5. Toolchain: several host tools are upgraded.

6. Uhttpd: cyassl is changed to openssl (speed).

7. Cyassl: lib is removed to save space (not used now).

8. Transmission: bug in /etc/init.d/transmission is fixed.

9. Transmission: now user can use own config files in directory "transmission" kept on the root of external disk or in /etc/transmission.

10. Kernel codes are a bit optimized (acpuclock-ipq806x.c acpuclock-krait.c acpuclock.h).

11. If /.nocloud or /.nokwilt files are present, update and install of ReadyCLOUD/Kwilt will be disabled.

12. HighSpeed TCP added to available congestion controls.

13. Several Netgear's minor bugs are fixed.

 

Voxel.

Voxel
Voxel's picture
Zeljko:

Zeljko:

 

Regarding Plex Media Server on R7800. your P.M. is full. I cannot answer in P.M.

Voxel.

Zeljko1234
Zeljko1234's picture
Really?! What's the limit of

Really?! What's the limit of messages? Come on Netgear, increase PM to have more than just few ;)

eliz82
eliz82's picture
How to activate SSH from

How to activate SSH from Windows, kind of Windows newbie tutorial:

1) format USB stick on your Windows computer using EaseUS Partition master
2) use EXT3 file system and "optware" label

3) connect to USB stick to the router (wait 30-60 seconds for stick to be mounted and shared)
4) access the USB stick on the router using normal Windows share "\\Readyshare\USB_Storage\"  (if not please enable share in your router ReadyShare options)
5) unzip and copy files from Voxel "setssh.tar" archive to the root of usb stick (\\Readyshare\USB_Storage\)

6) generate a ssh key using "puttygen.exe" http://www.chiark.greenend.org.uk/~sgtatham/putty/download.html
7) select all and copy the key from "puttygen.exe" and paste to "authorized_keys" file from "setssh.tar"
8) in "puttygen.exe" save the private key to the windows computer

9) open the http://routerlogin.net/debug.htm and enable telnet

10) open "putty.exe" http://www.chiark.greenend.org.uk/~sgtatham/putty/download.html and connect to 192.168.1.1 using telnet (port 23)
11) in telnet console use this commands:
"cd tmp/mnt/" --to go to the stick location
"ls" -- to check if the optware stick is mounted (if not reinsert and wait 30-60 sec)
"cd optware" --to go the stick location
"ls" -- to check if files from the "setssh.tar" exist on the stick
"cd .." --to go back one level
"chmod -R 777 optware" -- to give recursive full permissions (including execute)
"cd optware/autorun/scripts" --to go to the script location
"ls -l" --to check the script file permission (to see if is executable)

12) remove the USB stick from the router
13) go to router interface http://routerlogin.net and reboot the router
14) wait 30-60 seconds
15) insert the USB stick, wait 60 seconds (for the usb to be mounted and voxel script to be executed)
16) open "putty.exe", connect to 192.168.1.1 using SSH (port 22)
17) go to putty.exe option in Connection => SSH => Auth and browse the key you saved in step (8)
18) open the ssh connection, when asked use the user "root"

Finish.

Software used: EaseUS Partition master ; 7zip; puttygen; putty

Zeljko1234
Zeljko1234's picture
Great job eliz! Thx a lot.

Great job eliz! Thx a lot.

eliz82
eliz82's picture
I have installed entware

I have installed entware-cortex-a15-3x with hard float support. I made some benchmark tests

cpubench: 3.7s ( the same like Voxel results )

openssl (kong settings): 49863.98k    60882.30k    62309.38k    62972.93k    63829.11k (similar to Kong results on dd-wrt) http://www.dd-wrt.com/phpBB2/viewtopic.php?t=287177

openssl (open-wrt settings):  https://wiki.openwrt.org/doc/howto/benchmark.openssl

Compared to my Asus RT-AC56U

Device Cores tested OpenSSL Version MD5 SHA-1 SHA-256 SHA-512 DES 3DES AES-128 AES-192 AES-256 RSA Sign RSA Verify DSA Sign     DSA Verify
Asus RT-AC56U single 1.0.2g

89469270

26047490

19231960

7027590

12838360

4803900

22055250

19033430

16880590

17

676

66

53

Netgear R7800 single 1.0.2j

155131060

212993950

132409690

67561810

29264210

11059200

84666030

71237630

62913540

149

6537

608

602

 

 

eliz82
eliz82's picture
Now the only problem I have

Now the only problem I have is that I have installed the Apache webserver from Entware, and I can't start it ("apachectl start").

I have this error: "httpd: bad user name nobody"

This is default name (specified in "/opt/etc/apache/httpd.conf" ) that Apache is running .

I have checked in \etc\passwd and the user is there "nobody:*:65534:65534:nobody:/var:/bin/false" . so no idea why don't want to run with this user. all directories and files of entware (bin,sbin,etc,var,...) are 755.

I have tried to run Apache with the user root, admin, guest ... the same error.

 

I have no problem running Apache on my Asus RT-AC56U with Asus WRT Merlin operating system with the same config (with user nobody).

eliz82
eliz82's picture
I have tryied to install

I have tryied to install Nginx using this tutorial https://www.hqt.ro/nginx-web-server-with-php-support-through-entware/

and got a similar error when try to start nginx:

"nginx: [emerg] getpwnam("nobody") failed (2: No such file or directory) in /opt/                        etc/nginx/nginx.conf:1
Started nginx"

The test page don't work.

Voxel any idea ?

 

Voxel
Voxel's picture
eliz82:

eliz82:
 

Thanks a lot for your tutorial and benchmarks. I would only suggest:

Putty: there is a version of putty with ECDSA support. OpenSSH uses by default ECDSA keys and Dropbear works faster with ECDSA keys. http://ice.hotmint.com/putty/ in Japanese, but links for downloads are clear (and Google translator is available ;-))  
p. 11: "chmod -R 777 optware". It is enough to set chmod for /mnt/optware/autorun/scripts/post-mount.sh  I do not like 777 for all files: bad practice. Does not matter in this concrete case, but if you do the same for USB stick with Entware, some programs will be not workable (security reasons).

Well, anyway thank you. It is pleasant to get a help.

User nobody. This Entware-3x uses /opt/etc/passwd, /opt/etc/group files. Make sure that you have "nobody" in /opt/etc/passwd. In my initial archive /opt/etc/passwd is symlink to /etc/passwd:
 

root@nighthawk:~$ ls -l /opt/etc/passwd
lrwxrwxrwx    1 root     root           11 Nov 25 13:24 /opt/etc/passwd -> /etc/passwd
root@nighthawk:~$
 
And check that you did not set 777 permission for all files in Entware ;-) 
 
Regards,
Voxel
Voxel
Voxel's picture
Zeljko:

Zeljko:

Plex on R7800: Limit of mailbox here in this forum is 50 messages. Your mailbox is full again, I cannot answer ;-)

Regards,
Voxel.

eliz82
eliz82's picture
- unfortunately i cannot show

- unfortunately i cannot show all the results, that table do not show corectly on this forum. only if you look at this web page source code

- thanks for the tip with ECDSA , i didn't knew that. speeding ssh is a thing i would want because at work i'm using ssh tunneling to my home router for web browsing ;) i'm using bitvise ssh because is more stable than putty for tunneling and have a very nice graphical interface.

- i have used Asus RT-AC56U + Asus Merlin + Entware NG with  777 on the entire usb stick without any problems for 1 year. I will try with 755 permissions. is that i'm accesing the usb stick with SSH, SCP (WinSCP) and samba. seems that on this operating system SSH use "root" , samba use "admin". so if permission of the files are 755 i cant modify any file from samba, because user admin don't have write permission.

- like i said the user nobody is there, but is seem from the Nginx error that this function getpwnam can't access it. i will try what you said

eliz82
eliz82's picture
The good news:

The good news:

Lighttpd and MySQL server both working without any problems (from LAN). But I would really prefer Apache because of more common rewrite rules, I have use'it for 1 year in my Asus Merlin and it was working great.

 

The bad news:

1) Seems R7800 don't have any power on the eSATA port. I'm amazed by that because Linksys WRT1200AC is half the price and have 5V/500mA power on the eSATA port. I have hoped that I can replace the usb stick with a SSD using a eSATAp to SATA cable. I have tested and it's not working, probably because R7800 dont give any power.

 

2) If i put my webserver on port 81 , i'm unable to port forward from WAN port 80 to 192.168.1.1 to port 81. Seems Netgear genie dont let me port forward to 192.168.1.1 . I had no problem doing that kind of port forward in Asus Merlin graphical interface.

https://hqt.ro/wp-content/uploads/lighttpd-portfw.png

 

3) I was unable to move the Netgear genie webserver "uhttpd" from the port 80 to another port. I have try to edit the uhttpd config in two places and move the port to the 880 but it's not working. it seems uhttpd has another config in "/rom/" directory. Voxel any idea if that files from rom can be overwritten ?

 

4) Seems port 81 and port 22 are unaccesible from outside (wan) , even I have tried to make a script in the "optware/autorun/scripts/firewall-start"

using this iptables rules

#!/bin/sh
iptables -I INPUT -p tcp --destination-port 81 -j ACCEPT

iptables -I INPUT -p tcp --destination-port 22 -j ACCEPT

Arent all fliles from optware/autorun/scripts get executed ?

I will try to modify the dropbear config and set a port for wan acording to this https://wiki.openwrt.org/doc/uci/dropbear

----

P.S.  Hey Voxel would be a good idea to make a topic to snbforums about this firmware? It has a bigger user base and the forum interface is better (I dont even know how to make a quote or code here.

Voxel
Voxel's picture
eliz82:
eliz82:
 
User nobody
 
Really, I tried on the fly to install and start nginx from Entware-3x, there is a problem with this default user nobody. There are two variants to overcome this (for example for nginx):
 
Simple variant: change the user “nobody” to “admin” in nginx in its config files. The user “admin” in R7800 FW is not root with root permissions. ForAC56U admin is equal to root, but not so for R7800, so its use is restricted and OK for such daemons as nginx/apache. In this variant you should keep symlink of /etc/passwd, /etc/group, /etc/shadow to corresponding files in /opt: /opt/etc/passwd, /opt/etc/group, /opt/etc/shadow. I.e. my default settings for Entware-3x.
 
More complex variant: You should remove these symlinks in /opt/etc (/opt/etc/passwd, /opt/etc/group, /opt/etc/shadow), then install from Entware-3x the package “shadow” and create own user “nobody” using /opt/sbin/useradd in /opt/etc/passwd /opt/etc/group
 
But take into account that ports 80 and 443 are used by R7800 WebGUI (web daemons). Most probably it could be changed fro WebGUI, but I did not try.
 
SSH: Yes, I also use backward SSH tunneling to access all of my computer/gadgets behind NAT. But using two routers on the both side, plus autossh, not using Window’s version of SSH (putty or bitvise). But all with ECDSA ;-) 
 
AC56U: I am still using it too together with AC68U. If you are interested, I can publish Entware-NG compiled by me for these routers. Differences are: user of “-O3” flag during compilation and adding OpenSSL asm acceleration (not used in official Entware-NG). Plus some renewed packages.
 
Regards,
Voxel.
 
Voxel
Voxel's picture
eliz82:
eliz82:
 
Maybe, everything is not so bad ;-)
 
eSATA: In principle, it is according to specification of eSATA. eSATA requires external power, not like USB/USB2/USB3.
 
Port forwarding to R7800 itself. Not possible with its WebGUI, but there is a hack with NVRAM. You can set (initially) port forwarding in WebGUI to some generic IP (e.g. 192.168.1.100), then enter to SSH, find you record for port forwarding
 
nvram show | grep “192.168.1.100”
 
there should be value like “forwarding4=…”, and change 192.168.1.100 to 192.168.1.1 using “nvram set” and “nvram commit”. After that reboot your router. You will get what you need.
 
Uhttpd: try to change also /www/cgi-bin/uhttpd.sh. Not only config files. 
 
Netgear firewall: Netgear has own firewall. You setting by iptables will be spoiled after some time. So if you want to open your ports from WAN, just see my readme.docx. I use port 22 from WAN.
 
snbforums: Well. I am too modest to do this myself ;-) If you want I give you 777 permission to do that ;-)
 
Voxel.
 
Voxel
Voxel's picture
Forgot to say:
Forgot to say:
 
I do not like settings of 777 or 755 permissions for all files/directories because of it for example completely breaks chrooted Debian. Linux is Linux, so it should have own default permissions.
 
Web-server: I prefer nginx, it is http server and backward proxy server. So depending on url I use to access my server I get automatically forwarding to port I need. Maybe it will be useful for you too.
 
autorun/scripts/post-mount.sh is workable in my FW, bot other analogs of Eric’s scripts are not. So "optware/autorun/scripts/firewall-start" will not work.
 
Regards,
Voxel.
 
eliz82
eliz82's picture
many thanks Voxel for your

many thanks Voxel for your replays, very helpful.
but let's take it in smaller steps because they are to many things that do not work.
Lighttpd is already working from LAN , I installed using this tutorial:
https://www.hqt.ro/lighttpd-web-server-with-php-support-through-entware-ng/
so I will experiment on it. Let's forget by Nginx and Apache at this point.

The first things I want to make now are:
1) make the SHH (port 22) and WEBSERVER (port 81) accessible from the outside (the internet).
2) move the SSH from port 22 to 443, move the WEBSERVER port from 81 to 80. make them accesible from internet.
-----------
I have added this lines at the end of file in /tmp/mnt/optware/autorun/scripts/post-mount.sh , and restarted the router

iptables -I INPUT -p tcp --destination-port 22 -j ACCEPT
iptables -I INPUT -p tcp --destination-port 81 -j ACCEPT

however this do not work. maybe the script is executed before the iptables service is started ??
if I connect to ssh and execute this lines directly in the SSH console then I can access the from outside (the internet) using wan-ip:22 and http://wan-ip:81 everything is working fine.
-----------
I have edited /etc/config/uhttpd  and moved the ports from 80->880 and 443->8443.
I have edited /www/cgi-bin/uhttpd.sh as you suggested and changed the ports from 80->880 and 443->8443.

Restarted the router. Now is finally working. I access Netgear genie from http://192.168.1.1:880 and it's working. http://192.168.1.1 not working anymore.
-----------
tried to find /etc/config/dropbear but didnt find any file.
edited /etc/init.d/dropbear and changed the port from 22 to 443
So from what I see both uhttpd and dropbear are started with port parameter so any config with port specification will be overwritten.

edited /opt/etc/lighttpd/lighttpd.conf and changed the port from 81 to 80.
Restarted the the router.

Connected to the Lighttpd http://192.168.1.1 from LAN. Working perfect.
Connected to router ssh from LAN using 192.168.1.1:443. Executed this lines:
iptables -I INPUT -p tcp --destination-port 443 -j ACCEPT
iptables -I INPUT -p tcp --destination-port 80 -j ACCEPT

Accesing ssh from internet using wan-ip:443 and working perfect, including tunnelling.
Accesing webserver from the internet with http://wan-ip is not working.
-----------
using "iptables --list" I get this (i only find two lines related to www port)

Chain INPUT (policy DROP)
target     prot opt source               destination
ACCEPT     tcp  --  anywhere             anywhere            tcp dpt:www
ACCEPT     tcp  --  anywhere             anywhere            tcp dpt:ssh

Chain fw2net (1 references)
target     prot opt source               destination
ACCEPT     tcp  --  anywhere             anywhere            state NEW multiport dports nntp,smtp,www,2345,3495,7070,ftp-data,ftp,5050,6060

-----------
Any idea why Lighttpd is working perfect on port 81 for both lan and internet, but for port 80 work from lan but not from internet ?
Should I copy-paste the entire "iptables --list" rules here?
 

eliz82
eliz82's picture
now I have read your replays

now I have read your replays again and saw "Netgear has his own firewall". OK, i saw your readme.docx

so should i try to edit "/root/netwall-rules"

eliz82
eliz82's picture
i have created the file "

i have created the file "/root/netwall-rules" and add this lines into it:

ACCEPT        net    fw        tcp    443
ACCEPT        net    fw        tcp    80
ACCEPT        net    fw        tcp    81

443 is working from both lan and wan

81 is working from both lan and wan

80 is working only from lan. from wan is not working.

So ... the same problem like using iptables.

Voxel
Voxel's picture
So the only what-to-do is
So the only what-to-do is port 80 from WAN, right?
 
Try my trick with port forwarding I suggested above, i.e. to forward port 80 to IP of your router (e.g. 192.168.1.1). Netgear’s firewall is precompiled binary, I have no source codes. Most probably, port 80 is special because it is used for WebGUI from LAN, thus firewall does not open it.
 
The trick, let’s step-by-step:
 
1. In WebGUI set forwarding port 80 WAN to 80 to 192.168.1.222 with comment “HTTP to R7800
 
2. From console run the command:
 
nvram show | grep 192.168.1.222
 
3. You should see output of command, something like:
 
forwarding1=HTTP↔to↔R7800 TCP 80 80 80 80 192.168.1.222 0 1
 
4. Run the command:
 
nvram set “forwarding1=HTTP↔to↔R7800 TCP 80 80 80 80 192.168.1.1 0 1”
 
5. Run the command:
 
nvram commit
 
6. Reboot router and check in WebGUI that now forwarding port 80 is set to 192.168.1.1
 
Try this. IMO it should work.
 
Voxel.
 
eliz82
eliz82's picture
"Most probably, port 80 is

"Most probably, port 80 is special because it is used for WebGUI from LAN, thus firewall does not open it." yes, but 443 is also used by Netgear for HTTPS Lan WebGui management. So I cant really understand their logic, why they have blocked only port 80 not also 443. Is there a way to see all netgear firewall rules? Like "iptables --list" command.
-----
Yes, I have read your hack from the precedent posting but I will prefer to not do it like this.
Why? Because on AsusWRT Merlin I had some strange problems with the webserver when I made this. See details here:
http://www.snbforums.com/threads/accesing-webserver-domain-from-router-i...

One of them affected the webserver, I was not able to make CURL or FOPEN request to webserver itself from PHP. From example if you want to show update to Wordpress sidebar with latest updates from a forum or a gallery using some kind of web api (json/rest) you are usualy using CURL from php (so not making direct searches to the database so rather indirect using CURL requests to the same domain). And this was not working.
-----
So on AsusWRT Merlin I ending up removing the port forward rule wan:80 => 192.168.1.1:81 (from the HQT tutorials) , disabled the Router webgui management on port 80 (you can do that from Merlin Webgui), moved the webui https management from port 443 to another port (you can do that from Merlin Webgui), put my webserver (Apache) on port 80, put my SSH on port 443 (from Merlin Webgui) to be able to access from my work, enabled access to port 80 and 443 from internet (wan) using iptables rules in my "firewall-start" file. And after that I made a small custom DDNS script that register my custom domain when wan IP change using this examples: https://github.com/RMerl/asuswrt-merlin/wiki/Custom-DDNS so I could have a custom domain for my webserver. It was quite easy to make i think I finish all in 1 day and make almost all things from a graphical interface (from Merlin webgui) and WinSCP.
-----
I want to do the same thing for this router. But it seems complicated or impossible. I started to be a little pessimistic at this moment and start to believe that compared to my Asus RT-AC56U router now I have a 2,4x more powerful ... brick.

I will probably try to install dd-wrt on R7800 and try this things again. If they don't work I will sold this 200 euro brick and buy myself a real router like Asus or Linksys WRT. I really hope Asus will launch some of more hardware powerful routers in 2017 , with 1.3Ghz+ processor and 512RAM. if they had something like Linksys WRT1200...3200 but with AsusWRT as operating system on it will be close to my ideal router.

P.S.  Even if dd-wrt will work, I will really miss that CPU graph from AsusWRT. That really helped my optimised some of php scripts from my webserver. I use now htop from entware, but is not the same. Is there any other program that can show a time-graph of the CPU not only instant values?

Voxel
Voxel's picture
Well, so many questions…

Well, so many questions…

 

1. Why Netgear firewall blocks 80 but allow 443. Because (my supposition) it is allowed in WebGUI (i.e. Netgear design) to set access to this WebGUI from WAN. But only using HTTPS (port 443) and disallows not unsecure HTTP (80). Access of any router GUI from WAN by HTTP will cause its hacking.

 

2.Your problem. Sorry, too many unclear info. My “hack” is to forward 80->80. Not changing port, not 80->81 or so. I just remember that I did something like that with R7500, very close to R7800. It was a year ago, I do not remember all details, but I did no have ASUS-like problems.

 

3. iptables. You can play with them. I just know that it may even work sometime, but will be spoiled by Netgear firewall soon. I cannot change their firewall, no source codes. You can use your own iptables settings, see /usr/sbin/net-wall script, it is my own script which calls Netgear's binary firewall. At the end of this script I use my iptables settings (disable ping from WAN). You can modify according to your needs.

 

4 Yes, this router requires some additional efforts for advanced users. Every router does. If such specific advanced needs. If you dislike that, you can use ASUS or Linksys or whatever else of course. I selected it for myself (after years with AC56U and AC68U) because there are no even close to such hardware configuration on the market now. 1.7GHz, 512MB RAM, 2xUSB3 and eSATA. But it is my own personal selection, others could disagree with me, it’s their choice.

 

5 DD-WRT or OpenWRT or other OpenSource WRT are good, of course. But main plus of custom formware (and thus my modifications) is that I do not lose such features as hardware NAT and proprietary drivers. Like Eric (Merlin) can and does use proprietary drivers in his builds.

 

6. Hardware monitor. There is Entware package Netdata. I did not play with it much. Check as it looks:

http://forums.zyxmon.org/viewtopic.php?f=5&t=5448

(in Russian, but screenshot is self explaining) .

 

Voxel.

eliz82
eliz82's picture
1) access gui on port 80 from

1) if sniffing password in plain text yes, but they can try at least to simple encrypt with some javascript in the page (on the client side) to not make the things so simple. and they can implement some brute force protection, they can block authentification request for that IP after 3 wrong tries.

2) now I have seen that you forward wan:80 to 192.168.1.1:80 . ok, i have follow all the steps and it's not working. tried the second time after restart and after step (5) i have made step (2) again to see if they are any changes to nvram. seems the changes are not commited to the ram.

3) thanks for the info.

4) yes, but some software for routers made the things much simple not to spend 10x more times to do the same things like changing the default ports. in computers software complexity increased when hardware became more powerfull, look at unix and windows, webdesign. seems this guys are making more and more powerfull routers but the software and especialy the interfaces look like year 2005. they can barely patch the security holes like openssl heartbleed. 8 years ago i have used the tomato v1.23 and it was better then this Netgear genie 2016. this guys are expecting for the volunters in the open source comunity to do the job for them. but they know how to ask 450$ for R9000 and not give them a simple ssh server.

5) yes, i know. for hardware nat acceleration i have tried to stay with the original firmware first time, and not install dd-wrt first time.

6) wow, http://london.netdata.rocks that demo looks really nice. that how interfaces for a 220euro router in the 2016 should look like !!! full of ajax, modals windows and svg graphs, responsive css design, etc

Voxel
Voxel's picture
2) now I have seen that you

2) now I have seen that you forward wan:80 to 192.168.1.1:80 . ok, i have follow all the steps and it's not working. tried the second time after restart and after step (5) i have made step (2) again to see if they are any changes to nvram. seems the changes are not commited to the ram.

Regarding port forwarding. It is like a betting, so you forced me to break temporary my router settings to check this. I set forwarding port 80 to 192.168.1.1 (IP of my R7800). Using my "trick". Screenshot:

 

https://yadi.sk/i/g-a99lt134Ajjj

 

I added squares to hide details of other settings, forwarding to my server 192.168.1.100. It is my private info. I set the name as Test, port 80-à192.168.1.1:80

This screenshot is done after router reboot.

I cannot test this port forwarding more time because port 80 is used by my web-server and it is inaccessible during this test. During test I had to disable it. So I restored all back after 5 min test.

 

Voxel.

 

eliz82
eliz82's picture
Nice , on my router the damn

Nice smiley, on my router the damn thing just don't work. I tried 4 times, rebooted the router 4 times in the last hour smiley

------

1. In WebGUI set forwarding port 80 WAN to 80 to 192.168.1.222 with comment “Test”
 
2. From console run the command:
 
nvram show | grep 192.168.1.222
 
3. You should see output of command, something like:
 
forwarding1=Test TCP 80 80 80 80 192.168.1.222 0 1
 
4. Run the command:
 
nvram set “forwarding1=Test TCP 80 80 80 80 192.168.1.1 0 1”
 
5. Run the command:
 
nvram commit
 
6. Reboot the router from the webgui
------

I give the commands nvram set and nvram commit and they dont give any error.

Just if after step (5) i try

nvram show | grep 192.168.1.222

I dont see any changes. If i reboot , again no changes. The value in the ram is like the original one.

Are this quotes ok ?

eliz82
eliz82's picture
I think i found the problem.

I think i found the problem. You made a mistake in your step by step tutorial.

nvram set “forwarding1=Test TCP 80 80 80 80 192.168.1.1 0 1”

must be:

nvram set forwarding1="Test TCP 80 80 80 80 192.168.1.1 0 1"

 

eliz82
eliz82's picture
I made Apache be accesible

I made Apache be accesible from the internet on port 80 , with user nobody, with 3 virtual hosts. My Apache and PHP.ini config all running fine exactly like on Asus AC56U. All sites seems to run fine. Victory !! cool Thanks Voxel for your help.

 

The user nobody is running fine on Apache if I rename:

"/opt/etc/passwd.1" to "/opt/etc/passwd"

"/opt/etc/group.1" to "/opt/etc/group"

is there any reason why you renamed those files in your entware release ?

Also your first solution works (with symlinks to those files and change the user to admin). I did not tested your second solution.

 

Now the next thing i want is: how do I execute my custom dynamic DNS script? On merlin I used this tutorials

https://github.com/RMerl/asuswrt-merlin/wiki/Custom-DDNS

My script "\jffs\scripts\firewall-start" looks like this:

AGENT=Custom
USERNAME=eliz
PASSWORD=mypass
SUBDOMAIN=eliz.somedns.com
IP=${1}
URL=http://www.somedns.com/update.php
curl -A "$AGENT" -d "username=$USERNAME&password=$PASSWORD&subdomain=$SUBDOMAIN&ipaddr=$IP&change=Update" $URL

if [ $? -eq 0 ]; then        
  /sbin/ddns_custom_updated 1
else                         
  /sbin/ddns_custom_updated 0
fi

So I basicaly update my IP to my DNS using a CURL request that is filling a <form> on a webpage.

I think Merlin execute \jffs\scripts\firewall-start on every WAN ip change (wan up?) and pass the WAN IP to the script. then report back to the operating system (for updating the WebGui).

So how can I make something automated like this?

Will be great I you make something similar on your next release.

Voxel
Voxel's picture
OK, sorry for my misprint:

OK, sorry for my misprint: influence, head does not work as usual, fingers types themselves ;-)

is there any reason why you renamed those files in your entware release ?

Entware-3x has two different installation. One is named “standard” and it is close to Entware-NG (no own passwd/group are used). Second is named “alternative” and it uses own passwd/root. Details of installation scripts you can check from this link:

http://entware-3x.zyxmon.org/binaries/armv7/installer/

I just used “standard” variant. What is better what is not depends on concrete needs.

Regarding your DDNS: I do not quite understand, is not it enough for you to use DDNS from router WebGUI? It supports three providers. Also there is a package in Entware inadyn. And for example there is ddcient (pearl based script, you can google it) which I use with my DDNS provider from my Debian server. Or you need some specific actions after changing IP, not only registration of new IP?

Voxel.
 

eliz82
eliz82's picture
"is not it enough for you to

"is not it enough for you to use DDNS from router WebGUI? It supports three providers."

nope, I need to use a custom DDNS provider, from my country (Romania). at the moment i'm using a free subdomain  (something like eliz.somedns.ro), but in the near future I will use a full domain ("www.mydomain.ro" for example) for my router.

Now i know they are some DDNS providers that also allow full domains for free (like afraid.org) but I will prefer to use a DDNS provider in my country , because probably IP changes will propagate faster in my country and 90% of the visitors are from my country.

My DDNS provider has some help how you can use perl an a perl module "www mechanize" to fill that form they provide for dinamic IP registration. But I dont see the point for me, is much simpler to do from a bash script and using a CURL request, then installing perl and modules.

So how do i get my WAN IP in my bash script ? I have tried

nvram show | grep wan_ipaddr
but i only get 0.0.0.0 , so i can't use IP=`nvram get wan_ipaddr` in my bash script

 

"Or you need some specific actions after changing IP, not only registration of new IP?"

No, I need only  to make that CURL request to that a my DDNS provider server

AGENT=Custom (User define this in the script)

USERNAME=eliz (User define this in the bash script)

PASSWORD=mypass (User define this in the bash script)

SUBDOMAIN=eliz.somedns.com (User define this in the bash script)

IP=${1} (this is passed by the daemon who execute the script on IP change OR take from another place like nvram)

URL=http://www.somedns.ro/update.php(User define this in the bash script)

curl -A "$AGENT" -d "username=$USERNAME&password=$PASSWORD&subdomain=$SUBDOMAIN&ipaddr=$IP&change=Update" $URL (this execute the request with the defined parameters)

That is all the script I want to be executed every time Wan IP of the router changes (or on restart of the router?).

Pages