alpha rt-n firmware releases

[wpte]

Which older version exactly? Can you provide your rule, just for information?

P.S. ipt_recent was modified in r1393

it never worked as far as I can see

When I turned on the protection in the web-gui it doesn't open the port.
Then when I make a rule for accepting port 22, the port is unprotected.

Then I tried my old iptables, which portforwards and use tarpit and ipt_recent

Code:

#!/bin/sh
WANIF=vlan2
LANIP=`nvram get wan_ipaddr_t`

# deleting last firewal rules (policy)
iptables -D INPUT -j DROP

# Drop previous offenders - you dont want them in your net at all!
iptables -N BANDITDROP
iptables -A INPUT   -m recent --rcheck --name BRUTE -j BANDITDROP
iptables -A FORWARD -m recent --rcheck --name BRUTE -j BANDITDROP
iptables -A BANDITDROP -m recent --update --seconds 3600 --rttl --name BRUTE -j LOG --log-prefix "Bandit DROP " --log-tcp-sequence --log-tcp-options --log-ip-options
iptables -A BANDITDROP -j REJECT --reject-with  icmp-net-unreachable

# Detect port scan
iptables -N PORTSCANDROP
iptables -A INPUT -i ${WANIF} -m psd -j PORTSCANDROP
iptables -A PORTSCANDROP -m recent --set --name BRUTE
iptables -A PORTSCANDROP -m recent --update --seconds 3600 --rttl --name BRUTE -j LOG --log-prefix "Port_Scan DROP " --log-tcp-sequence --log-tcp-options --log-ip-options
iptables -A PORTSCANDROP -j REJECT --reject-with  icmp-net-unreachable

# FTP server with brute force prevention
iptables -N FTPFORCEDROP
iptables -N FTPACCEPT
iptables -A INPUT -m tcp -p tcp --dport 21 -m state --state NEW -m limit --limit 3/min --limit-burst 2 -j FTPACCEPT
iptables -A INPUT -m tcp -p tcp --dport 21 -j FTPFORCEDROP
iptables -A FTPFORCEDROP -m recent --set --name BRUTE
iptables -A FTPFORCEDROP -m recent --update --seconds 3600 --rttl --name BRUTE -j LOG --log-prefix "FTP_Brute_Force DROP " --log-tcp-sequence --log-tcp-options --log-ip-options
iptables -A FTPFORCEDROP -p tcp -j TARPIT
iptables -A FTPFORCEDROP -j  REJECT --reject-with  icmp-proto-unreachable
iptables -A FTPACCEPT -j LOG --log-prefix "FTP ACCEPT " --log-tcp-sequence --log-tcp-options --log-ip-options
iptables -A FTPACCEPT -j ACCEPT
iptables -t nat -A PREROUTING -i ${WANIF} -p tcp --dport 21 -j DNAT --to-destination ${LANIP}:21

# SSH server with brute force prevention
iptables -N SSHFORCEDROP
iptables -N SSHACCEPT
iptables -A INPUT -m tcp -p tcp --dport 22 -m state --state NEW -m limit --limit 3/min --limit-burst 2 -j SSHACCEPT
iptables -A INPUT -m tcp -p tcp --dport 22 -j SSHFORCEDROP
iptables -A SSHFORCEDROP -m recent --set --name BRUTE
iptables -A SSHFORCEDROP -m recent --update --seconds 3600 --rttl --name BRUTE -j LOG --log-prefix "SSH_Brute_Force DROP " --log-tcp-sequence --log-tcp-options --log-ip-options
iptables -A SSHFORCEDROP -p tcp -j TARPIT
iptables -A SSHFORCEDROP -j  REJECT --reject-with  icmp-proto-unreachable
iptables -A SSHACCEPT -j LOG --log-prefix "SSH ACCEPT " --log-tcp-sequence --log-tcp-options --log-ip-options
iptables -A SSHACCEPT -j ACCEPT
iptables -t nat -A PREROUTING -i ${WANIF} -p tcp --dport 22 -j DNAT --to-destination ${LANIP}:22

# Restablishing INPUT chain policy
iptables -A INPUT -j DROP

the ones that sort of work like I described before.
I'm not sure who gave them to me... I believe it was tamadite, and they worked well on the wl-500w


happy easter btw (for the people who celebrate it )

[s1za]

the drives should be alright according to the iomega website: http://www.iomega.com/europe/support...ts/10657e.html

Yes, the memory of the router.
Just back up the settings when it doesn't change anything of course

So, after testing everything (installed everything from scratch FW R1456, tested step by step and using different disks) I noted this facts

-Tested with 3 different types of usb pens: no brand each with 1Gb)
and 2 types of usb hdd: one generic enclose with a Fujitsu MHV2100AT 2.5 100Gb and the Iomega enclosure with Seagate ST31000333AS 3.5 1Tb powered independently;

-Every drive works normally if attached alone, i.e. without other drives attached in any combination;

-Only the combination pen (partitions with swap and /opt) and 2.5 hdd worked without problems;

-Other combinations pen + pen, pen + 3.5 hdd, etc. result in errors similar to this:
kernel: usb 2-2: reset high speed USB device using ehci_hcd and address 5
kernel: usb 2-2: device descriptor read/64, error -32
kernel: sd 1:0:0:0: scsi: Device offlined - not ready after error recovery
kernel: sd 1:0:0:0: [sdb] Result: hostbyte=0x05 driverbyte=0x00
kernel: end_request: I/O error, dev sdb, sector 484411207

-Every drive (disk, cables, etc.) worked flawlessly on a Ubuntu 9.10 (2.6.31.20) notebook;

-This leaves RAID out of the equation;

[lly]

-Other combinations pen + pen, pen + 3.5 hdd, etc. result in errors similar to this:

First of all, you forget to tell us your router model (rtn branch supports several devices).

Currently, we have EHCI driver in rtn branch older than in 1.9.2.7-d since backport from 2.6.29 to 2.6.22 not ready yet.

-Every drive (disk, cables, etc.) worked flawlessly on a Ubuntu 9.10 (2.6.31.20) notebook;

Once again - we have to use obsolete kernel 2.6.22 due to binary Broadcom WiFi drivers

You can do experiments with log2_irq_thresh parameter ehci_hcd module parameter, i.e. something like

Code:

rmmod ehci_hcd
insmod ehci_hcd log2_irq_thresh=4

[s1za]

First of all, you forget to tell us your router model (rtn branch supports several devices).

Currently, we have EHCI driver in rtn branch older than in 1.9.2.7-d since backport from 2.6.29 to 2.6.22 not ready yet.

Once again - we have to use obsolete kernel 2.6.22 due to binary Broadcom WiFi drivers

You can do experiments with log2_irq_thresh parameter ehci_hcd module parameter, i.e. something like

Code:

rmmod ehci_hcd
insmod ehci_hcd log2_irq_thresh=4

Asus RT-N16. (Sorry, was on previous posts)

I also tried:

Code:

echo 120 > /sys/block/sda/queue/max_sectors_kb

as on https://help.ubuntu.com/community/Mount/USB

with 120, 128 and 64 with no luck.

I'll try your suggestion. Thanks.

[s1za]

First of all, you forget to tell us your router model (rtn branch supports several devices).

Currently, we have EHCI driver in rtn branch older than in 1.9.2.7-d since backport from 2.6.29 to 2.6.22 not ready yet.

Once again - we have to use obsolete kernel 2.6.22 due to binary Broadcom WiFi drivers

You can do experiments with log2_irq_thresh parameter ehci_hcd module parameter, i.e. something like

Code:

rmmod ehci_hcd
insmod ehci_hcd log2_irq_thresh=4

Tried

Code:

rmmod ehci_hcd
insmod ehci-hcd log2_irq_thresh=4 (from 6 to 1)

with no luck on both RT-N16 R1456 and the latest R1478

removing the ehci_hcd and mounting the drives on ohci_hcd worked with no errors but (of course) with the limited speed of 420 KB/s

[lly]

with no luck on both RT-N16 R1456 and the latest R1478

removing the ehci_hcd and mounting the drives on ohci_hcd worked with no errors but (of course) with the limited speed of 420 KB/s

Well, backport of EHCI (second try - first was to 2.4.37 ) already was in my TODO, but I can't promise you exact date when it will happens.

[s1za]

Well, backport of EHCI (second try - first was to 2.4.37 ) already was in my TODO, but I can't promise you exact date when it will happens.

1st test with R1481 was:
OK. Managed to copy a 2Gb file without any errors...

I'll continue the tests (hub, RAID, etc.)

Nevertheless I'd like to thank Ily (and also all the others) for the effort putted on this project.

[s1za]

1st test with R1481 was:
OK. Managed to copy a 2Gb file without any errors...

I'll continue the tests (hub, RAID, etc.)

Nevertheless I'd like to thank Ily (and also all the others) for the effort putted on this project.

2nd test

with 2 hdd discs on a hub connected to the 2nd usb port (1st with a pen /opt) (still on R1478 I'll continue testing on new releases)

mount the RAID /dev/md0 ok, start to sync at about 1000KB/s and the speed of sync drop to 100KB/s (was 8000KB/s on the 500gp). After a while the second disk is disconnected with the same 'reset error' as before.

Also the maximum speed in samba, file transfer from disk (no RAID) to notebook, is 2.5MB/s. I think I saw a post with higher speeds (about 8MB/s) is this alright?

[wpte]

Also the maximum speed in samba, file transfer from disk (no RAID) to notebook, is 2.5MB/s. I think I saw a post with higher speeds (about 8MB/s) is this alright?

From router to pc it should be around 6-7MB/s
dunno if you did that wirelessly since some laptops don't really seem to lift off those speeds
Via a wire you should be able to get the proper speeds

oh.. and the ipv6 nic doesn't show up yet
going to compile those new wifi settings 2morrow and give it a try

[ecaddict]

Does iPv6 work with the rtn versions?
Using r1484 (with RT-N16) I've tried enabling it in the IP config (Native IPv6).
First strange thing was that setting LAN IP (in LAN IPv6 Setting) I could not find it in the output of

Code:

ip addr show

nevertheless I could add it with:

Code:

ip addr add fec0::92e6:baff:fe2c:xxxx/64 dev vlan1

However

Code:

ip neigh show

does not outputs my PCs IPv6 address (similar fec0 site local, statically assigned).
Ping does not work in either direction (ping6 from router to PC, or ping6 from PC to router, not even with link local fe80:: address).

Also running ip neigh show in my PC the link local IP of the router as FAILED.

Using d-r1445 (on WL-500gP) all of these works, also tried ssh, telnet even vsftpd (it was a bit faster than using IPv4 probably as there is no header checksum in IPv6).

[lly]

Does iPv6 work with the rtn versions?

Didn't check it yet. Thanks for report - will look at problem.

[wpte]

Didn't check it yet. Thanks for report - will look at problem.

yes the sixtun interface doesn't show up...

Anyway... those changes of asus from r1484 seem to improve the actual troughput of wireless I noticed.
Now I can get similair troughput as with a cable on my slow netbook

[theMIROn]

yes the sixtun interface doesn't show up...

Anyway... those changes of asus from r1484 seem to improve the actual troughput of wireless I noticed.
Now I can get similair troughput as with a cable on my slow netbook

just checked, sixtun interface does show up, but autoconfig was broken due icmpv6 neighbor discovery packets are treating as invalid.
anyway, here's workaround from r1520 for 2.6 build

please check and feedback here

[ecaddict]

If someone is interested I've created a script to build the firmware for RT-N16. It requires a Linux PC and sudoers right to install the needed tools.

First step is to install necessary tools (here it's assumed that Asus directory is used under home):

Code:

mkdir ~/Asus ; cd ~/Asus
wget http://wl500g.googlecode.com/files/hndtools-mipsel-uclibc-4.2.4-2.tar.bz2
sudo mkdir -p /opt/brcm
sudo tar -C /opt/brcm -jxvf hndtools-mipsel-uclibc-4.2.4-2.tar.bz2
sudo ln -sf /opt/brcm/hndtools-mipsel-uclibc-4.2.4 /opt/brcm/hndtools-mipsel-uclibc

Then save to build_N16.sh the following lines (+don't forget to chmod +x it after):

Code:

#!/bin/sh

KVER=2.6.22.19
BDIR=cfm_n16
RVER=1536

BDIR="`pwd`/${BDIR}"
mkdir ${BDIR}
mkdir -p ${BDIR}/broadcom/src/linux
! [ -f "${PWD}/linux-${KVER}.tar.bz2" ] && wget http://www.kernel.org/pub/linux/kernel/v2.6/linux-${KVER}.tar.bz2
tar -C ${BDIR}/broadcom/src/linux -jxvf linux-${KVER}.tar.bz2
ln -sf ${BDIR}/broadcom/src/linux/linux-${KVER} ${BDIR}/broadcom/src/linux/linux-2.6

[ -n "$RVER" ] && BVER="-r$RVER"
[ -z "`echo $PATH | grep hndtools-mipsel-uclibc`" ] && export PATH=$PATH:/opt/brcm/hndtools-mipsel-uclibc/bin
svn checkout "$BVER" http://wl500g.googlecode.com/svn/branches/rt-n/ ${BDIR}/broadcom/src/wl500g-1.9.2.7-rtn
cd ${BDIR}/broadcom/src/wl500g-1.9.2.7-rtn
make kernel
make
cd ${BDIR}/broadcom/src/gateway
make
make install

RVER has to be set to the version you'd like to build.
Build is with ./build_N16.sh in Asus directory.

Firmware (trx file) and modules are in ~/Asus/cfm_n16/broadcom/src/gateway/mipsel-uclibc

After this, build can be done selectively only what is changed.

Wiki in google code could be updated for rtn branch as currently lacking this kind of information...

[lly]

Wiki in google code could be updated for rtn branch as currently lacking this kind of information...

Tell us your opinion - is separate wiki page should be created or information about both branches should reside on single page?