PDA

Bekijk de volledige versie : Some more tips and tricks



wirespot
29-01-2007, 10:19
I've had the WL-500gP for about a week now, using Oleg's firmware, with an USB HDD rack and it works really great. I wanted to point out some stuff I've learned the hard way.

Bittorrent client:

I've read this a lot of times and I didn't believe it until I tried and convinced myself: Oleg's torrent.cgi or transmission.cgi is really the best all around torrent client out there at this time.

As far as console clients go, I've tried transmission, ctorrent, enhanced-ctorrent, tornado and rtorrent. Most of them are single-torrent. tornado is multi-torrent but is not interactive. Really, the best console client out there is rtorrent, but after Oleg managed to port it I suddenly realised it lacks automated queue control and that I much more enjoy a web interface, since it's more likely to have a web browser handy wherever I go than a ssh client.

I've also tried various web interfaces. I've managed to make torrentflux-b4rt work with lighttpd, PHP4 and sqlite2, using tornado as a client (see this tutorial (http://www.nslu2-linux.org/wiki/HowTo/BitTorrent)) and then managed to compile the special transmission version that comes with b4rt. With tornado it's a real hog. The combination of PHP, lighttpd, sqlite and Python is simply too much. Simply reloading a PHP page works the HDD a lot. With only one torrent going the load stays above 1.4 and I've heard that once you go to about 4 torrents at once the router is pretty much dedicated to that. I've tried and the load shot to 6 or 7. With transmission it's quite alright, but when I stood back and looked at the thing I realized that it didn't do anything that Oleg's cgi doesn't essentially do already.

And compare it to Oleg's cgi, which gives me average load of 0.3 or 0.4 with 6 torrents going. The only gripe I have with the transmission.cgi is that it doesn't move torrents around the queues by itself (LE yes it does, I just hadn't understood about the watchdog at the time). Well, overall is really a simple and very good torrent client and if I have the time I may hack it one day to clean up the code in the watchdog and cgi and add some more features. (I'd like it to know how to queue more than one torrent at once, or to change the speed limits from the web interface.)

How to allow SSH and other stuff from outside:

If you run iptables -L INPUT on your router, you'll probably see something like this in Oleg's latest firmware (1.9.2.7-7f):


logdrop all -- anywhere anywhere state INVALID
ACCEPT all -- anywhere anywhere state RELATED,ESTABLISHED
ACCEPT all -- anywhere anywhere state NEW
ACCEPT all -- anywhere anywhere state NEW
SECURITY all -- anywhere anywhere state NEW
ACCEPT udp -- anywhere anywhere udp spt:bootps dpt:bootpc
ACCEPT tcp -- anywhere anywhere tcp dpt:ftp
logdrop all -- anywhere anywhere

The reason many of you haven't been able to open up your outside ports (for SSH and other stuff) is because of that first rule. I don't know what the INVALID chain is for and where it comes from, but that's where the packets stop.

So this is how my /usr/local/sbin/post-firewall looks like:


#!/bin/sh
## FIREWALL
## set default policy
iptables -P INPUT DROP
## deny ftp access from WAN
iptables -I INPUT 1 -p tcp -i "$1" --syn --dport 21 -j DROP
## Allow access to various router services from WAN
for P in 22 65534 8008; do
iptables -I INPUT 1 -p tcp --syn -i "$1" --dport $P -j ACCEPT
done

What I do with the firewall is:
A. I change the default policy from ACCEPT to DROP, which is saner, security-wise.
B. I insert some rules before the INVALID rule, thus bypassing it: first I deny FTP SYN packets on the outside interface, which cuts access to FTP. Second, I make a list of ports (ssh, torrent and transmission.cgi) and let SYN packages to pass through to them. That's it.

Some more security ideas:

1. For SSH: it would be a good idea to change the default port from 22 to something else, like 24. It cuts down on automatic scanners figuring out you have SSH open. It is NOT a foolproof security measure, but it's good nonetheless. You do this by finding where you start dropbear (probably /usr/local/sbin/post-boot) and adding -p 24 as parameter. Don't forget to change the firewall rule above too.

2. For torrent, opening up 65534 has really helped me. I get a LOT more peers now, about 2-4 times as many as before. I get so many it's ridiculous, it makes some instances of transmissiond have a hard time keeping up with them and use up CPU. (A configurable connection limit in transmissiond would be really sweet BTW.)

3. If you open up web access to transmission.cgi from outside be sure to protect it with a password. See the /opt/etc/httpd.conf help or /opt/etc/init.d/S80busybox_httpd for instructions on how to do that. EVEN SO, it still not good enough! The user and password pass around in cleartext! It will stop someone who accidentally stumbles across your web interface from using it, but if you access it from work for instance almost anyone (your admin definitely) can eavesdrop and pick up the user and password without a problem. So be warned. What would really help here is SSL, but I've yet to figure how to make busybox make a self-signed SSL website.

Wondershaper:

The place to add this is also in /usr/local/bin/post-firewall, at the bottom:


## WONDERSHAPER
/sbin/wshaper start "$1" 400 190

Replace 400 and 190 with appropriate numbers for your connection.

How to determine them? First, you take the maximum figures for your connection. If you know what they're supposed to be from your ISP (like mine are supposed to be 512 and 192) than start from there. Even better, do a test. I personally love the Speakeasy test (http://www.speakeasy.net/speedtest/). It will give you real figures (remember to stop all other traffic, such as torrents, while you do the test!)

So, you got 512 and 192. But for wshaper to work best you actually need to lower them somewhat. How much? To see how much, you need to ping an outside host, preferably from the router console, but you can do it from a LAN computer too. You can ping anything, such as www.google.com.

But the best would be to ping your gateway. To find out what it is, do this command: cat /proc/net/arp. You'll see something like this:


IP address HW type Flags HW address Mask Device
89.xxx.xxx.xxx 0x1 0x2 XX:XX:XX:XX:F5:4B * vlan1

That IP on the vlan1 line is the gateway, ping that.

So now you have one console where a ping runs, and you watch the times. It would be best to start some heavy traffic, like torrents, too, to see how it does under real heavy conditions. My ping would go to around 300ms under these circumstances. Now, in another router console, run that wshaper command:


/sbin/wshaper start vlan1 512 192

(Note I use vlan1, not "$1", since we're in the console not post-firewall). Then look at the ping and see if it goes lower. It probably won't, not much, so start lowering both the download and the upload numbers slightly and run the command again, then look at the ping again. The download number needs to go down a lot more than the upload. I finally ended up with 400 and 190, and at that point my ping went between 10-60ms.

Note that this WILL NOT LIMIT your download speed! So don't be worried. All it does is to tweak the wondershaper for better latency, it has no connection to the actual download speed you get.

That's it for now, will get back if I find out more worthy stuff.

oleo
29-01-2007, 11:01
The only gripe I have with the transmission.cgi is that it doesn't move torrents around the queues by itself
Not true. Transmisison and Torrent move packages from queue to queue from day one.

wirespot
29-01-2007, 11:04
Then it means I haven't figured it out. How do they determine how to do that? I've placed torrents under source/ and they stayed queued. I let them be and they wouldn't start by themselves. I had to push them by hand. When they finish they'd stay seeding (I put AUTOSEED=NO) instead of stopping and letting another one from the queue start.

oleo
29-01-2007, 11:21
watchdog shoul be run by cron every half an hour

wirespot
29-01-2007, 11:24
Watchdog is in cron, of course, and this still happens. I've figured watchdog must be taking care of this but even if I run it manually it doesn't move them around.

oleo
29-01-2007, 12:03
watchdog enqueues new if none in download queue (empty).

wirespot
29-01-2007, 12:39
Another great use for the router is ripping music from Internet radios.

1. Install streamripper and some additional music format libraries:


ipkg install streamripper libogg libvorbis libmad

2. Choose a directory on your USB HDD or flash disk, let's say /opt/files/streamripper.

3. Start ripping (using the screen utility is probably a good idea):


streamripper http://some.radio.ip -d /opt/files/streamripper

That's pretty much it. Streamripper will rip music, make the necessary subdirectories (incomplete pieces go their own subdir, complete pieces go to a dir named after the radio station) and so on. Look at the other parameters to see what else it can do. Some ideas:
* It can rip in one big file or separate files; but be warned that sometimes stations delay the name of the song on purpose, so it will cut the songs wrong. You may want to use one big file and use an audio editor to cut them by hand.
* It will rip Ogg, MP3 and AAC stations.
* It can relay while it's ripping on a port of your choice, so you can listen to the music from the LAN without having to download the stream twice (or more).

Here's a shell script I use so that I don't have to call streamripper with all my favorite parameters each time. I called it "rip" and I put it in /opt/bin. If you put it under /usr/local/bin remember to save to flash!


#!/bin/sh
[ -z "$1" ] && { echo "Usage: `basename \"$0\"` URL [options]"; exit 1; }
URL="$1"
shift
streamripper "$URL" -d /opt/files/streamripper "$@"

Change the target dir to your own.

If you want Internet radio stations see www.shoutcast.com where you'll find a few thousands to pick from.

This is great use for your bandwidth if you're paying for it anyway and you don't use when not at home. If you rip an AAC stream the files are very small (yet good quality) so 1 or 2 GB of space will give you a LOT of music. And it's perfectly legal to do this according to most countries' copyright law, as long as you do not redistribute the music too much. (not so sure about USA though :)).

If you want to rip MMS (http://en.wikipedia.org/wiki/Microsoft_Media_Services) streams you can use mmsrip. Installation tutorial here (http://wl500g.info/showthread.php?p=118658#post118658) (thanks to Mokake).

wirespot
29-01-2007, 13:55
I managed to protect the transmission.cgi by SSL. As I said above, not having SSL is not really secure, and even a self-signed SSL certificate is better than sending the user+pass around in cleartext.

It turns out lighttpd supports SSL. So go ahead and install that and openssl: ipkg install lighttpd openssl.

I assume you already have a working setup with transmission.cgi (or torrent.cgi) and busybox_httpd. The CGI is most likely under /opt/share/www/cgi-bin.

1. Kill off busybox_httpd. This means:
* killall busybox_httpd
* make sure it doesn't start at startup (edit /usr/local/sbin/post-boot if that's where you're starting it, or edit /opt/etc/init.d/S80buysbox_httpd and add exit 0 right after #!/bin/sh).

2. Make a new configuration for lighttpd. Go to /opt/etc/lighttpd and copy lighttpd.conf to something else, like transmission-ssl.conf. Edit that and do the following:
* Under server.modules, make sure you uncomment mod_access, mod_cgi and mod_accesslog.
* Change server.document-root to point at "/opt/share/www".
* Look up server.port and make sure it points to whatever port busybox_httpd used to point at (8008, 8081, whatever).
* Uncomment the cgi.assign section. Change the assignment for ".cgi" from "/usr/bin/perl" to "/bin/sh".
* Look up ssl.engine and uncomment it (make sure it says "enable" too).
* Look up ssl.pemfile and point it to a suitable location. I chose "/opt/var/run/lighttpd.pem".

3. You need to create an SSL certificate. You do it like this:


cd /opt/var/run
openssl req -new -x509 -keyout lighttpd.pem \
-out lighttpd.pem -days 3650 -nodes

Notice how I went to the dir I picked in the config file, and how I named the file. I also chose the certificate to work for 10 years (3650 days); since it's self-signed you'll get PLENTY of warnings about it anyway so one more warning about it being expired is overkill. :)

You'll be asked all kinds of questions about your country, town and so on. I suggest putting bogus information in there, otherwise someone could infer your identity by examining the certificate (all that data will be available freely if you open the transmission cgi interface to the Internet).

4. Edit /opt/etc/init.d/S80lighttpd and edit the location of the conf file. Remember, we changed it to transmission-ssl.conf!

5. Start lighttpd by running /opt/etc/init.d/S80lighttpd start. If everything went fine you should be able to access the interface at:

https://your.ip:port/cgi-bin/transmission.cgi

Note that it's httpS, not simple http!

6. Add the above command at the end of /usr/local/sbin/post-boot. Teoretically /opt/etc/init.d/rc.unslung should take care of it, but in practice it seems to not do so.

7. Save the changes to the post- script by running this!


flashfs save && flashfs commit && flashfs enable

wirespot
30-01-2007, 15:59
A lot of people, myself included, are probably having some trouble when they first run into Oleg's web interface for torrent download (transmission.cgi). That's because it's a little different from the torrent programs they're used to. So I'm going to describe what's going on under the hood.

There are 3 pieces of software working on the torrents:
1) transmissiond. This is the actual workhorse that's downloading and uploading a torrent. If you run "ps" in a console you will see several of them working (if you have torrents running). Every time a torrent starts, one of these comes along and takes charge of it.
2) transmission_watchdog. This one runs periodically, usually every 30 minutes, and is in charge of moving torrents around the queues (from "queued" to "active" to "done").
3) transmission.cgi this is the actual web interface and is the thing you use to see your torrents and control them.

How to use the torrents

You start by putting a torrent file under the source/ directory. You can do this in many ways: you can download it on a desktop computer and FTP or SCP it to the router; you can SSH to the router, go into that directory and wget it from a website; you can use the "Fetch" button in the web interface to give the URL and the cgi will wget it and put it under source/.

All torrents found under source/ are automatically seen as part of the "Queued" set of torrents. If there are no torrents in the "Active" set, the watchdog will fetch the first one in the Queued set the next time it runs and make it Active. Or, you can manually make as many torrents as you want Active by selecting them and using the Push button in the interface.

Everytime the watchdog runs it will also check for completed Active torrents (the ones seeding) and will move them to the Completed set, where they stop moving and wait for you to come get the files.

You can manually pause an Active torrent by selecting it and using the Push button. This will stop the torrent and put it in the Suspended set. It will not leave this set anymore unless you select it and use the Push button again. (That's right, Push does two different things; when the torrent is first Queued it moves it to Active, and then it moves it between Active and Suspended; there's no way to move it back to Queued anymore).

Active torrents (and their files) are found under the work/ dir. Queued torrents are under source/. Completed torrents are under target/. Suspended torrents are under work/, but are temporarily renamed to ".torrent.suspended".

What other buttons do:

List: this one gives the complete list of all the torrents in all the queues.

Update: this one updates the Active information with actual data. Since this update is an expensive operation for the router, it is usually cached and you need to press Update to refresh it. Otherwise, using List will only show the same old info.

Watchdog: this will force the watchdog to run now instead of waiting for the next normal time. This is useful if you see that a torrent has finished downloading and is seeding, but you don't want to wait for it to be moved to Completed the next time the watchdog would normally run. (Please note that you should let torrents seed so other people can benefit too. Instead of stopping that torrent, consider Push-ing a Queued one instead.)

Pause: this will stop all torrents temporarily. It does this by telling all transmissiond programs to die. It doesn't move torrents around the queues at all, there simply aren't downloads or uploads going. This will be marked clearly in big bold letters saying "torrent processing paused". Use Pause again to resume the Active torrents.

Info will show some information about the torrent (tracker, what files are in it and so on).

Log will try to create a graph showing the state of the downloads. Depends on whether you have gnuplot installed. (I personally prefer rrdtool, look around the forum for the rrdtool tutorial.)

Remove will mark a torrent for removal, and Purge will actually DELETE BOTH THE TORRENT AND THE FILES FOR IT. So be careful with it.

Scrape will attempt to ask the tracker for the scrape info, and Best will attempt to suggest the best seed torrent from the completed ones.

Note will add your personal note to the torrent, in case you want to jot down something about it.

wirespot
07-02-2007, 16:33
User+password access to your webserver is very very useful because, together with SSL encryption of the connection, it allows you to access your router fairly safely even when not at home.

Warnings:
* SSL by itself is useful, but not much use if anybody can access the router webpages without being asked for user+password.
* This is NOT ABOUT PROTECTING THE SETUP interface. I'm only talking about protecting websites you set up on the router by yourself, such as the transmission cgi interface. The web setup of the router is another breed of webserver who runs separately.
* Even when using SSL+user+pass, you ARE NOT COMPLETELY SAFE. The owner or admin of the computer you're using may have installed keyloggers or network transparent proxies which will intercept your user+pass or decode SSL. They protect against casual eavesdropping, but will not stop a determined and knowledgeable person with access to your immediate network setup or to the computer you're using. Nothing can do that.

These being said, here's how to add user+pass to lighttpd:

NOTE: I've chosen digest authentication because it is a bit more secure than basic authentication. If you want basic change "digest" to "basic" and "htdigest" to "htpasswd" in the instructions below. Be WARNED that dumber browsers (like lynx) cannot use digest authentication!

1) Install lighttpd: ipkg install lighttpd.

2) Copy the default config file (/opt/etc/lighttpd/lighttpd.conf) to another file. This is so you don't risk it being overwritten by mistake during upgrades.
NOTE: if you took the SSL tutorial above and already have an SSL-enabled config, very good, modify that to add user+pass!

3) Edit the config file. Under server_modules, make sure to uncomment "mod_auth".

4) Scroll down and look for "auth.". Set auth.backend to "htdigest". Set auth.backend.htdigest.userfile to the a file where you want to keep users and passwords. Example: /opt/etc/lighttpd/.passwd.

5) Modify the auth.require section. Make sure it looks something like this:


auth.require = ( "/" =>
(
"method" => "digest",
"realm" => "ABC",
"require" => "valid-user"
)
)
Make sure to close all the brackets, and watch out for those commas!

The "/" is the directory you want to protect, relative to the webserver root dir. Here I say I want to protect all the files.

The method is "digest", and because I chose digest I have called the auth. directives above accordingly! Have I called it "basic", for example, I'd have changed the auth. stuff too.

Realm is the name of the authentication set. Remember what you write here, we'll need it in a moment below. (Every bracket set needs its own name, because other things may be the same across more than one set and can't be used to refer to them.)

Finally, require means who you want to be able to authenticate. "Valid-user" means any user that supplies a valid user+pass. You could also say "user=john" and only allow john in that set, even though mary also has a valid user+pass.

6) You're done with the config, save it and restart lighttpd whenever you want.

7) Now you need to generate the passwd file. You can't just edit it by hand. You need the "htdigest" program, which is found in the apache package. You can "ipkg install apache", of course, but I prefer to go to a temp dir (NOT /tmp!), do "ipkg download apache" and then look inside for what I want (the ipk files are actually tar.gz files and have another "data.tar.gz" file in them).

8) One way or the other, you got htdigest. Use it whenever you want to generate it or change a password or add a user:


#to generate it:
htdigest -c /opt/etc/lighttpd/.passwd ABC john
# change john's password for the ABC realm
htdigest /opt/etc/lighttpd/.passwd ABC john
# add mary on the XYZ realm
htdigest /opt/etc/lighttpd/.passwd XYZ mary

When you want to delete users edit the files with a text editor and delete lines you don't want.

9) Test your server. If you can't log in, some common errors are:
* wrong user and/or password
* you didn't put the same realm in the conf and the password file
* the password file can't be read (check permissions)
* your browser can't do digest authentication

Check your lighttpd error log (probably /opt/var/log/lighttpd/error.log) for clues.

wirespot
14-02-2007, 16:11
I've modified transmission_watchdog and transmission.cgi to accomplish a small feature I wasn't able to live without anymore.

Sometimes I have these torrents that are extremely slow for some reason (no seeds ATM, slow peers etc.) I'd like them to keep on doing their job no matter how slowly, but I don't want them to be counted as running by the watchdog, because they keep the queue occupied and other queued torrents don't get a chance to run.

So what I've done is a 2 step hack:

Step 1: hacked transmission.cgi to offer a button that toggles an "ignored" flag on running torrents.

To do this, edit transmission.cgi (tipically found in /opt/share/www/cgi-bin/).

a) Add the following function somewhere:


# Toggle ignore flag
_toggle_ignore()
{
if [ -z "$ID" ] ; then
echo "<b>Please select torrent first!</b>"
return
fi
_find

if [ -f "${WORK}${TORRENT#${WORK}}" ]; then
if [ -f "${TORRENT%.torrent}.torrent" ]; then
DIR=$(dirname "$TORRENT")
[ -f "${DIR}/ignored" ] && rm -f "${DIR}/ignored" || touch "${DIR}/igno
echo "<b>$TORRENT toggled</b>"
fi
fi
}

b) Find the buttons, near the end of the file, and add this one:


<input type=submit name=ACTION value="Ignore">

c) Find the actions, almost all the way to the bottom, and add this one:


"Ignore") _toggle_ignore ; _list ;;

d) To show the ignored flag, find a place that looks like this:


if [ -n "${URL}" ]; then
echo "<td><a href=\"${URL}\" target=_blank>${DUMMY}</a></td>"
else
echo "<td>${DUMMY}</td>"
fi

And change it to look like this:


if [ -n "${URL}" ]; then
echo "<td><a href=\"${URL}\" target=_blank>${DUMMY}</a>"
else
echo "<td>${DUMMY}"
fi
[ -f "$P/ignored" ] && echo "<b style="color:red">[I]</b>"
echo "</td>"

Step 2: make the watchdog actually respect the flag.

Edit /opt/sbin/transmission_watchdog. Find a place that looks like this:


# Check if any torrent file exists in run env.
TORRENT=`ls -1 $WORK/*/*.torrent 2>/dev/null | head -n 1`

# Start up new torrent if work is empty
if [ -z "$TORRENT" ]; then
max_active_torrents=10
if [ ${ACTIVE_TORRENTS} = ${max_active_torrents} ]; then


And change it to look like this:


WERKIN=$ACTIVE_TORRENTS
IGNEUR=$(ls "$WORK"/*/ignored 2>/dev/null | wc -l)
DIFFER=$((WERKIN-IGNEUR))

echo "<p>${WERKIN} active torrents, ${IGNEUR} ignored, ${DIFFER} acknowledged.</p>
if [ "$DIFFER" -lt 1 ]; then
if [ "$DIFFER" -gt 9 ]; then

How to use:

When in the cgi web interface, select an Active torrent then click on the "Ignore" button. You should see a bold I appear next to it. Do it again to clear the flag.

You can only toggle the flag for Active torrents. As long as they have the flag, they are not counted towards active torrents when the watchdog determines if it needs to promote more torrents from the Queued ones.

Use this to mark slow torrents which you want to keep chugging along slowly and not keep back the other torrents.

Warning! ipkg upgrade may override the modified files!

Everytime the transmission package is upgraded you may lose the files you've just modified! So you are advised to make copies for personal use and name them something else. To do this:

a) Rename transmission.cgi to transmission2.cgi.
b) Rename transmission_watchdog to transmission_watchdog2.
c) Edit your cgi (transmission2.cgi), look at the bottom, find transmission_watchdog among the actions for the buttons, and replace it with transmission_watchdog2.
d) Start using /cgi-bin/transmission2.cgi instead of the original.

oleo
14-02-2007, 18:31
Nice. I was also thinking about that.
I will include this in next transmission package release.

Another wish of mine is to show also upload/download percentage and maybe a ascending listing of best seed suggestion.

wirespot
15-02-2007, 13:28
If you include it, please note that you can only toggle the ignore flag on active torrents. If it ends or you push it, for instance, you can't toggle it anymore. So perhaps the check for Active should be skipped, to allow it to be toggled in any state.

oleo
15-02-2007, 14:46
Patchlevel 3 in http://trac.nslu2-linux.org/optware/changeset/5505 includes Bypass capability and proper error handling.

wirespot
08-03-2007, 21:03
I've hacked wshaper to take a 9th parameter, which specifies ports that are to be given priority over other kinds of traffic.

To hack wshaper yourself, edit it and look for the following two snippets of code. The bold parts are to be added by you, the non-bold parts are what you should look for:


# low priority destination ports
NOPRIOPORTDST="$8"
# high priority destination ports
HIPRIOPORTDST="$9"


match u8 0x10 0xff at 33 \
flowid 1:10

# some traffic suffers a better fate
for a in $HIPRIOPORTDST
do
tc filter add dev $DEV parent 1: protocol ip prio 14 32 \
match ip dport $a 0xffff flowid 1:10
done

# some traffic however suffers a worse fate
for a in $NOPRIOPORTDST
do

I think I did it properly. :) I've also tested it: after I made use of the new parameter, I've used a bandwidth measurement site while I had a couple of torrents going. I got the full speed of my line in the test, even though the torrents were using about half of it. This is because now port 80 (http) takes priority.

To use this you need to run wshaper at least once on your router, and re-run it after every boot. It's best to edit /usr/local/sbin/post-firewall and add the call to wshaper in there. Remember to save the modifications to flash!

Here's how I run it:


wshaper start $1 400 190 "" "" "" "" "20 21 22 25 110 143 80 443 587 995"

If you run wshaper from post-firewall you need to use $1. If you run it from the command line you need to use "vlan1".

To determine the proper values for the 3rd and 4th parameters (400 190) you need to read the first post in this thread.

The ports I've included in the example are: FTP, SSH, SMTP (outgoing email), POP3 and IMAP (incoming email), regular web, secure web, plus a couple of other ports I'm using.

REMEMBER! This setup refers to ports on remote sites or machines, opened with programs on the computers in your LAN (or on the router).

wirespot
11-03-2007, 16:40
torrentflux-b4rt is a fork of torrentflux. It's a full features bittorrent web interface, but it's somewhat of a hog on resources. If you can live with a load of 1.5-2.0 when running 2-3 torrents, each limited to about 40-50 maximum connections, then here's how to set it up.

1. Install the requirements:
ipkg install lighttpd php php-fcgi sqlite2 python

2. Get the attached torrent-flux.conf. Put it under /opt/etc/lighttpd/. Examine it and create the appropriate directories (such as /opt/share/www/torrent.flux) or log dirs.

3. Download torrentflux-b4rt (http://tf-b4rt.berlios.de/). Copy the contents of the html/ dir in the package under /opt/share/www/torrent.flux.

4. Start lighttpd:
/opt/sbin/lighttpd -f /opt/etc/lighttpd/torrent-flux.conf If you get error messages examine them and fix them, most likely you need some dirs created.

5. Use a browser and go to your router on port 8081, and load /setup.php. You should get the installation wizard. Tip: when asked for an sqlite database, the first field (the file) is best if it's empty or "localhost".

That's it. The rest is up to how you set it up, because it has a very complex configuration. Don't be scared of how slow the interface is, that's how it works I'm afraid, the Asus is a small and slow machine. :(

If you want queueing you'll need to start fluxd from the interface.

I advise you to use bittornado as the client, because it's included with the package and works well out of the box. If you want transmission it won't work with Oleg's transmissioncli! You need to compile the hacked version that comes with torrentflux-b4rt and put it somewhere on your HDD and point the configuration to it. I'm attaching a compiled binary taken from b4rt alpha6, try to use it, YMMV.

sollie
11-03-2007, 20:25
thanks man, but i get the message:


Error: Your PHP installation does not have support for SQLite built into it. Please reinstall PHP and ensure support for your database is built in.

Sollie.

wirespot
11-03-2007, 20:34
What repository are you using? I'm using Oleg's (http://ipkg.nslu2-linux.org/feeds/optware/oleg/cross/stable). It's possible your PHP package doesn't have Sqlite support. If you do "php -i|less" in the console you should see sqlite somewhere in the output. He compiled PHP using "--with-sqlite=shared", don't know about other package maintainers.

sollie
11-03-2007, 20:45
Its there:


'--with-sqlite=shared' '--with-pdo-mysql=shared,

Sollie.

PS: I have a wl700ge and use olegs repository.

sollie
11-03-2007, 21:23
I fixed that error by adding the following lines to php.ini:



extension=pdo.so
extension=sqlite.so

Sollie.

PS: keep the order i gave (extension=pdo.so ontop)

wirespot
11-03-2007, 21:25
Ah yes, I seem to recall I had to do that as well. Good job pointing it out, thanks. :)

sollie
11-03-2007, 21:50
Second problem, i could almost install all packages, but i have some left:

Tool Name Path Info


awk NOT FOUND Warning: could not find awk on your system. Default path /usr/bin/awk used.

cksfv NOT FOUND Warning: could not find cksfv on your system. Default path /usr/bin/cksfv used.

uudeview NOT FOUND Warning: could not find uudeview on your system. Default path /usr/local/bin/uudeview used.

I dont know where to find.

Sollie.

wirespot
11-03-2007, 21:56
They're not essential. At least cksfv and uudeview aren't, and most likely vlc and unrar aren't either. Not sure about awk, but install it to be on the safe side, it's in the "gawk" package.

PS: cksfv is a nice tool to have though, so I've added it here (http://wl500g.info/showthread.php?t=8496).

sollie
11-03-2007, 22:09
Hmm ok thanks. Its up, but not running. After login it doesnt do anything.

Sollie.

PS: i can browse the admin.php page, but when i go to home it stops loading and ends up with a white screen.

wirespot
12-03-2007, 08:24
You should check the logs for errors in this case. Also make sure you have JavaScript enabled, I think it needs it to some extent.

wirespot
12-03-2007, 10:53
Oleg's transmission wiggles around even when there are no torrents in work. Enough for the load to go around 0.3. So when you're not using it, go in the interface and hit "Pause". All transmission clients will stop soon after that, and you'll get a nice load of 0.0. Or, you can use that CPU power to do something else.

d3viant
12-03-2007, 20:11
I fixed that error by adding the following lines to php.ini:



extension=pdo.so
extension=sqlite.so

Sollie.

PS: keep the order i gave (extension=pdo.so ontop)

I appear to be having some trouble with this - I have added those lines to my php.ini file, but I still get the same error when I try and setup the database in torrentflux-b4rt.

EDIT: nevermind, a full router reboot seems to have sorted it...

wirespot
12-03-2007, 20:16
Just to be on the safe side, did you restart the web server? I know, PHP is supposed to run in CGI mode and thus pick up php.ini changes instantly, but just in case.

LE: there you go. :)

d3viant
13-03-2007, 14:44
Yes - I was trying webserver restarts to get it going - that should really be enough, but after a router reboot, the php.ini changes appeared to take effect.

vadito
21-03-2007, 23:02
User+password access to your webserver is very very useful because, together with SSL encryption of the connection, it allows you to access your router fairly safely even when not at home...........

Hi! Just a comment.
htdigest don't work, when extracted from the .ipk(error: can't load library 'libaprutil.so.0')
apr-util(ipkg install apr-util) must be installed to get htdigest working, without installing apache+deps:)

sollie
24-03-2007, 10:15
I installed everything. Sqlite went ok. I can start for the first time. Entered pass + username. After that i configured all. I pressed home to see the index page. And that went wrong. I took 2 minutes to show a white screen.

Can somebody help me.

Sollie.

Sandman
24-03-2007, 18:55
Hi folks,

I also implemented transmission and I am very much excited. But shame on me, I am not able to purge these damned completed torrents. I tried everything:
First I see, the torrent is completed but is seeding as hell. Then I mark it in Transmission WI and press "remove" I get a very unfriendly "Can only remove suspended torrents!".
Ok, now I tried every button... I thougt, "pause" would do the trick. But I then realized, that only my active (downloading that is) torrents go to suspended mode. These torrents I surely DON'T want to purge.
Could you please have mercy and give a newbie a little hint?
What is the correct manner to purge a completed and copied torrent?:confused:

Thanks in advance

Sandman

Elect
26-03-2007, 09:26
Push them with the 'push' button from Seeding state to Suspend. Then select the torrent en click Remove. After that you can Purge them into oblivion.

Else check out the SCTCS. http://wl500g.info/showthread.php?t=8420

Sandman
26-03-2007, 22:50
I dunno..
still got problems.
If I push a seeding torrent (one who has finished downloading and is ONLY seeding) the result his that this torrent is listed under "done".... (not suspended).
When I then mark him for remove i get the same error ... "only suspended torrents can be removed"
any further ideas?
would appreciate, because i like transmission...

oleo
26-03-2007, 23:04
This is the feature of the transmission. You cannot remove torrents with WWW interface! Use simple file removal like

cd /tmp/harddisk/torrent/target
rm -rf My.Torrent.directory

reaad http://www.nslu2-linux.org/wiki/Optware/Transmission

wirespot
27-03-2007, 09:15
What "purge" does depends on the state of the torrents. Indeed, to completely remove a torrent and all its files, you need to be able to push it to suspended, then remove it, then purge it. Otherwise, a "purge all" will only delete extra files (such as the .torrent file and statistics) and NOT the downloaded files. Trust me, it's for the best. You do not want to allow downloaded files to be deleted from the web interface. For one thing, if someone bad were to gain access to it they could clear up everything you downloaded. Second, you could delete them yourself by mistake.

Sandman
28-03-2007, 17:46
What "purge" does depends on the state of the torrents. Indeed, to completely remove a torrent and all its files, you need to be able to push it to suspended, then remove it, then purge it.

AAAARRGH!
This is what I don't know how to do!?
If I push an already downloaded torrent I can get it only to "done". I can't manage it to go "suspended".
Perhaps I have installed Transmission in the wrong way?

@oleo
First: thnx for your great work at my new firmware ;)
Second: I was able to delete an active (incomplete) torrent via "push"(to suspended) and "remove" and "purge" in thee www Interface.
It deleted all the files... (as it should)...
perhaps some gremlins in my installation? :)

oleo
29-03-2007, 09:58
Second: I was able to delete an active (incomplete) torrent via "push"(to suspended) and "remove" and "purge" in thee www Interface.
It deleted all the files... (as it should)...
perhaps some gremlins in my installation? :)

This is the only way to get deleted bad torrent from working queue. For source and target use samba. Work queue should not be exposed to others. That's because you can remove/purge it through WWW interface.

Three stage deletion is implemlemented because sometimes watchdog realises error on active torrent ant throws it to suspended. Then you can decide what to do with it. You can push it back to active or remove it. At last here is a real purge of removed things. This concept is not new. It dates back to VMS on VAX machines as I remember.

Rui_Carlos
24-06-2007, 14:14
How to allow SSH and other stuff from outside:

If you run iptables -L INPUT on your router, you'll probably see something like this in Oleg's latest firmware (1.9.2.7-7f):


logdrop all -- anywhere anywhere state INVALID
ACCEPT all -- anywhere anywhere state RELATED,ESTABLISHED
ACCEPT all -- anywhere anywhere state NEW
ACCEPT all -- anywhere anywhere state NEW
SECURITY all -- anywhere anywhere state NEW
ACCEPT udp -- anywhere anywhere udp spt:bootps dpt:bootpc
ACCEPT tcp -- anywhere anywhere tcp dpt:ftp
logdrop all -- anywhere anywhere

The reason many of you haven't been able to open up your outside ports (for SSH and other stuff) is because of that first rule. I don't know what the INVALID chain is for and where it comes from, but that's where the packets stop.


the first rule will block all invalid packects. INVALID is not a chain, but a state of the packets (like RELATED, ESTABLISHED or NEW).

wirespot
26-06-2007, 10:38
Yeah, figures. But the fact remains that it blocks you from having a FTP or SSH server. Why would those count as INVALID? (It's good paranoia, security-wise, but still wondering.)

Rui_Carlos
26-06-2007, 12:49
Yeah, figures. But the fact remains that it blocks you from having a FTP or SSH server. Why would those count as INVALID? (It's good paranoia, security-wise, but still wondering.)

I still have that rule and the ssh server is working (the ftp server isn't active).
In my pc, I also have that rule and the ftp/ssh servers are working.

wirespot
26-06-2007, 21:08
Then I can only guess that something about my Internet connection makes those packages come in as INVALID for some reason.

OK, so it's good to know that Oleg's INVALID rules are good and removing them is only a particular workaround, not a generally good advice.

TearTox
13-09-2007, 18:25
Cant get the password to work.. :/

Log says:
2007-09-13 17:54:28: (http_auth.c.964) digest: unsupported backend (only htdigest or plain)

Should I change the auth.backend.plain.userfile to auth.backend.htdigest.userfile and then put that /opt/etc/lighttpd/.passwd inside "" ?

I tried both, neither work :&

wirespot
13-09-2007, 19:33
Look for a line saying this:

auth.backend = "htdigest"

I'm thinking perhaps you put "digest" in there. You're not supposed to put it there, "digest" goes below where it says "method" => "digest".

TearTox
13-09-2007, 20:02
It's how you said..
It still doesen't work

Hmm.. Should I uncomment all those that were edited?
I have done that..

Now it says "Bad Request" :(

Could someone send me those config files, cause I cant find any problems from there, they seem fine.
my paths are:
/opt/etc/transmission-ssl.conf
/opt/etc/lighttpd
/opt/etc/lighttpd/.passwd


and btw. I changed the lighttpd to start from post-mount..

When I comment the auth parts, ssl works fine, but when I uncomment the auth shit and make user and password, it says bad request..
And I tested user 1 and password 1 but still it says 400 - bad request..

Maybe I just should use the ssl and deny access from outerweb.. :/

georgoz
01-11-2007, 14:55
match u8 0x10 0xff at 33 \
flowid 1:10

# some traffic suffers a better fate
for a in $HIPRIOPORTDST
do
tc filter add dev $DEV parent 1: protocol ip prio 14 32 \
match ip dport $a 0xffff flowid 1:10
done

# some traffic however suffers a worse fate
for a in $NOPRIOPORTDST
do

Hi wirespot,
I have followed your tut to hack Wondershaper but I ran into some problems.
First of all making changes to /sbin/wshaper is impossible, so I made a copy in /usr/local/sbin and modified it here and running it from post-firewall. Is this ok?
The second problem I have noticed were this warning when I was trying to start wshaper manually:

wshaper start eth1 400 190 "" "" "" "" "20 21 22 25 110 143 80 443 587 995"
Unknown filter "32", hence option "match" is unparsable
When browsing the code I have noticed there is a missing u before the filter "32". When I add it everything seems to run ok. Do you have a typo in your code or am I doing something wrong?

Thx

wirespot
01-11-2007, 15:05
Yes, making a copy and running it from post-firewall is the accepted practice. Here's how I currently do mine:


SPEEDS="2980 500"
PORTS="20 21 22 25 110 143 80 443 587 995 5050 1863 5222 6667"
[ -x /opt/app/local/bin/wshaper ] && \
/opt/app/local/bin/wshaper start $1 $SPEEDS "" "" "" "" "$PORTS" || \
/sbin/wshaper start $1 $SPEEDS

This will test if my version of wshaper exists and is an executable. If it is, it will call it and pass the ports as well. If not, it will call the original wshaper and pass just the speeds.

Of course, you should use speed values as appropriate for your connection. The ports are my own choices and you may find them useful: from left to right, we have FTP, SSH, SMTP, POP3, IMAP, HTTP, HTTPS, secure POP3 and SMTP, a few messenger transfer ports and finally IRC DCC.

As for the "u32" yes, it should have an u there. Mine does, I have no idea why it turned up missing it on the forum.

ecori
07-03-2008, 21:56
Dear Wirespot,
Using your instructions I think I managed to get wshaper to work. HOwever, I would like to use FTP, next to torrent traffic. The FTP traffic I want to use to transport files to other locations, and I want the download of my server to be of a reasonable speed, so this should not be low priority. COuld you explain to me what parameter I have to change in order to achieve this? At the moment my browsing and email traffic works great while downloading a torrent, but accessing the router from elsewhere by FTP is very slow. How can I put FTP traffic in the High priority class?
Thanks in advance,
Ecori:o

wirespot
07-03-2008, 22:53
Ports 20 and 21 are FTP. They're already in the instructions I gave so they should work. Unless you're trying to upload or download stuff directly on the router. This wondershaper stuff only works for traffic done from the computers in the LAN behind the router.

ecori
08-03-2008, 11:43
Hi Wirespot,
Thanks for your reply, indeed on my lan the wondershaper works great, but I would like to access it from the internet, if I am at my work to get to my files on the FTP drive. Is this possible at a reasonable speed while a torrent is downloading?
Thanks!:)
Best regards,
Ecori

wirespot
08-03-2008, 12:31
I'm not sure. Traffic shaping on Linux has some quirks in that it can shape things that go out of the router, but not things that come in. In your case, you want to shape traffic between the router and the Internet. FTP traffic from the router to the outside (your workplace) could be shaped, but BT... not so much. BT traffic is at least 50% download (from Internet to router) and in most cases more than 50%. That percentage cannot be shaped.

I repeat, this is a particular case: FTP vs BT traffic, both between the router and Internet. If it was traffic from the Internet to the LAN via the router you'd be able to do it. So the only choice is to stop or limit BT traffic whenever you need to transfer via FTP.

Also, please remember that you're probably going to be limited by both your home connection upload speed limit from your ISP. And if you use files on the USB drive, the router has this problem where it can't go over a certain speed (1.5-3 MB/sec) when transferring to/from the USB drive.

raas
08-03-2008, 15:23
Hi Ecori,

There's another approach to accomplish this.

I've had problems with transfer speeds (on lan) when the asus was heavily downloading from newsgroups. (HellaNZB).
Response and speed where very bad.

So I thought about priority settings. like giving samba (and ftp in your case) higher priorities over the downloader (HellaNZB, in your case the torrent downloader).

This can be accomplished with the use of nice. (I've had to ask other forum members on how to do this, but here's the link: http://www.wl500g.info/showthread.php?t=12189 )

Now, downloading from newsgroups is not affected unless I use samba or ftp for transfering data. Because they have higher priorities than the downloader they tend to work better, so while downloading, the response and speed is really good. The speed of the downloader drops about 80-90% (from 600-700kbyte/sec to 60-90 kbyte/sec) in the background, but speeds are resumed once you're ready transferring through samba or ftp.

So this is exactly like I wanted it to be.

transfering speeds using wired lan
samba: 3.2 - 3.5 mbyte/s
vsftpd: 3.8 - 4.0 mbyte/s

http://dhost.info/raas/speed.gif

Also bear in mind when you're at work and want to download files.:
Your upload speed of your internet connection. Unless you're on fiber or something else I bet the transfer speed of your asus is faster than your uplink (for which in fact you need about 50mbit/s upstream).

HTH

ecori
08-03-2008, 19:32
Thanks alot Wirespot and Raas, I will try the nice method, and see if this wil work for my purpose. I realize that the upload speed is mainly dependent on the internet connection. Without torrents I was able to download from my ftp server with 100 kbs, but that dropped to 5 kbps when torrents were active. Thus using torrents made it almost impossible to use the ftp server for collecting files. Thanks for the info, I will studie the nice method, getting closer to the router config I really want!:)
Have a nice weekend,
Ecori

PS Raas, where do you know where I can find the file I have to edit for using the ftp program. I am using the FTP server standard present in Oleg's firmware. I cannot find the file where this is started.....

raas
09-03-2008, 02:09
PS Raas, where do you know where I can find the file I have to edit for using the ftp program. I am using the FTP server standard present in Oleg's firmware. I cannot find the file where this is started.....

I'm sorry man..
I don't know this, using vsftpd myself.
Maybe another forum member can dig this up out of their head(s)

ecori
09-03-2008, 12:37
Raas, thanks for your answer. In the mean time I found this thread on the forum: http://wl500g.info/showthread.php?t=758
I have added to the post-boot file:

killall stupid-ftpd
sleep 2s
/opt/bin/nice -n-5 /usr/sbin/stupid-ftpd -f /tmp/local/stupid-ftpd.conf

The ftp server is up and running, I don't know if the speed has improved (still need to test it...)
Thanks,
Ecori

kauczu
06-05-2008, 13:50
It turns out lighttpd supports SSL.

I used your tutorial, and ssl works fine, but only ssl. When I point browser to http://myrouterip it displays blank page.
In lighttpd error.log i see:

2008-05-06 13:37:19: (connections.c.279) SSL: 1 error:1407609C:SSL routines:SSL23_GET_CLIENT_HELLO:http request

Is there any solution to use both http and https protocols?

raas
06-05-2008, 16:25
Is there any solution to use both http and https protocols?

That's what I also wanted to do.
But I haven't found anything.
Seems that lighttpd is running in http OR in https mode, not both.

wirespot
06-05-2008, 22:31
AFAIK, lighttpd doesn't have "true" virtual host features ie. the same instance is not able to serve several websites simultaneously, with completely different configurations.

It has limited vhost functionality (see module evhost (http://trac.lighttpd.net/trac/wiki/Docs%3AModEVhost)) which means it can map a subdomain to a certain path automatically. So you can for instance map user.domain.com to /home/user/public_html. But that's as far as it goes. It's more of a root directory hack, really.

So to answer your problem, just run one lighttpd instance for each configuration. Here's what I did:

* I've made several .conf files under /opt/etc/lighttpd by copying the original (lighttpd.conf). For instance, I have internal.conf which sets up a LAN website where I can see my rrdtool graphs, and I have external.conf which sets up a public website (with SSL and user+password) for my friends.
* Under /opt/etc/init.d/ I've copied S80lighttpd to S80lighttpd-internal and S80lighttpd-external. I've edited each of them and changed DAEMON_OPTS to reflect the appropiate .conf file as described above.
* Normally, these S80 files should start automatically at reboot. In case they don't, edit your /usr/local/sbin/post-boot and add each of them somewhere, like this:

/opt/etc/init.d/S80lighttpd-internal start

It's up to you how many different .conf files you set up and how you customize them. Just remember to make them in pairs (each .conf under /opt/etc/lighttpd needs to have a /opt/etc/init.d/S80... file that uses it).

Oh, and make sure not to have two conf files trying to use the same host+port combination ie. server.port and server.bind in the configuration must be a different combination. You can't have two servers listening on the same interface AND the same port, but you can have them listen on different interfaces and the same port or different ports and the same interface.

al37919
07-05-2008, 07:01
I'm using such piece of the config to enable 2 separate roots --- secure and insecure:


server.document-root = "/opt/home/www/lighttpd"

$SERVER["socket"] == ":443" {
ssl.engine = "enable"
ssl.pemfile = "/opt/var/run/lighttpd.pem"
server.document-root = "/opt/home/www/secure"

auth.require = ( "" =>
(
"method" => "digest",
"realm" => "VU",
"require" => "valid-user"
)
)
}

raas
07-05-2008, 08:26
ok.. nice... going to try this tonight.

Thank you !

kauczu
07-05-2008, 11:12
I used @al37919 method, and it works like a charm! :)

Thanks!

wirespot
07-05-2008, 14:07
It's very nice, I didn't know you could do that.

You can still use different config files if you want to run one of the servers only occasionally. Especially on the outside interface, you may not wish to have it available all the time (even if it has SSL and password, the most secure way is for it not to run at all.)

al37919
07-05-2008, 15:22
It is enough just not to open port 443 in the firewall ;)

wirespot
07-05-2008, 15:38
Yeah, but where security is concerned it's really bad practice to rely on the firewall for something that the service itself can do (not be available when you don't want it to). You can't hack what is not there. With a firewall, it's there, just cloaked. Are you 100% confident in your iptables skills, for example, to absolutely guarantee you haven't missed a way to allow access to your server? Firewalls are more of a last resort in security, there's no substitute for the applications themselves doing the right thing. Rant over. :)

bogd_A
07-06-2008, 18:31
Another great use for the router is ripping music from Internet radios.
...



Hi,

I'm getting the following msg:

streamripper: can't load library 'libfaad.so.0'

when starting streamripper download

Can you help me?

Thank you,

wirespot
07-06-2008, 20:19
Yes, you need to install a few other packages along with streamripper (audio codecs): libmad, faad2, libogg, libvorbis. Do "ipkg install" for each of them.

I wonder why they weren't marked as required by the streamripper package. It's obvious that streamripper won't work without them -- the binary appears to be linked with all four and needs them in order to run.

shinji257
08-06-2008, 20:43
For anyone wondering I got a list of the extensions that were installed by the stock php setup.



bcmath.so
bz2.so
calendar.so
curl.so
dba.so
dom.so
exif.so
ftp.so
gd.so
openssl.so
pdo.so
pdo_sqlite.so
shmop.so
sockets.so
sqlite.so
sysvmsg.so
sysvsem.so
sysvshm.so
xml.so
xmlreader.so
xsl.so
zlib.so


Note that pdo_sqlite.so is for the newer SQLite 3 and sqlite.so is for SQLite 2. You can load both but you really only need pdo.so and pdo_sqlite.so enabled for sqlite support to work.

SeverusSneep
09-06-2008, 18:55
I tried to setup SSL + User/Pass

It all works fine untill I need to have htdigest, downloaded the package apache by ipkg download apache, found the htdigest, but when I want to use it, i obtain:

[admin@kolibrieroutert tmp]$ htdigest -c /opt/etc/lighttpd/.passwd facturen robert
-sh: htdigest: not found

with command ls

[admin@kolibrieroutert tmp]$ ls
apache_2.2.8-1_mipsel.ipk htdigest

what do I do wrong

shinji257
10-06-2008, 06:00
I tried to setup SSL + User/Pass

It all works fine untill I need to have htdigest, downloaded the package apache by ipkg download apache, found the htdigest, but when I want to use it, i obtain:

[admin@kolibrieroutert tmp]$ htdigest -c /opt/etc/lighttpd/.passwd facturen robert
-sh: htdigest: not found

with command ls

[admin@kolibrieroutert tmp]$ ls
apache_2.2.8-1_mipsel.ipk htdigest

what do I do wrong

Since htdigest is in the current folder you can replace htdigest with ./htdigest

So... based on the following command up there it should be...

./htdigest -c /opt/etc/lighttpd/.passwd facturen robert

SeverusSneep
10-06-2008, 09:58
[admin@kolibrieroutert tmp]$ ./htdigest -c /opt/etc/lighttpd/.passwd facturen Robert
./htdigest: can't load library 'libuuid.so.1'
[admin@kolibrieroutert tmp]$

Now I am feeling soooo stupid!

I have installed the package apr-utils and found on ubuntu forums to install a certain e2fsprogs package to install...did both, still got this message

wpte
10-06-2008, 14:19
hey I want to metion a bug on the wonder shaper.

if you are using the command in putty, you should use eth1 instead of vlan1.

also, it somehow doesnt allow download speeds bigger than 8mbit:(


/sbin/wshaper start eth1 8000 900
when uploading I have now a ping of 40 instead of 300, that is good for gaming:)
however, I have an internet package with 24mbit!
so when I set it to 8mbit in wshaper I get only 500kb/s maximum...
without the shaper I get more than 2mb/s:rolleyes:
when I change the value higher than 8mbit I get lower speeds, sometimes even 100kb/s:mad:
do you know any work-around?:confused:

wirespot
10-06-2008, 16:04
@SeverusSneep: I'm not sure what's going on there on your router. For me, installing apr-util took care of it, now htdigest works as expected.

@wpte: It's possible that the CPU on the Asus can't handle that many packets. I can't help you much there, I've never used lines of over 4 Mbits so I can't say what the problem might be.

SeverusSneep
10-06-2008, 16:31
@SeverusSneep: I'm not sure what's going on there on your router. For me, installing apr-util took care of it, now htdigest works as expected.

@wpte: It's possible that the CPU on the Asus can't handle that many packets. I can't help you much there, I've never used lines of over 4 Mbits so I can't say what the problem might be.

Solved the problem with apr-util. Apparently one or two packages could not be found, so installed them manually. Got the htdigest working.

But...(yes, I know! Don't shoot me)

I added user Robert (my colleague) to the list with trusted users (.passwd file), I got him in the correct realm (facturen) and inserted the correct information.



#### auth module
## read authentication.txt for more info
auth.backend = "htdigest"
auth.backend.plain.userfile = "/opt/etc/lighttpd/.passwd"
auth.backend.plain.groupfile = "lighttpd.group"

auth.backend.ldap.hostname = "localhost"
auth.backend.ldap.base-dn = "dc=my-domain,dc=com"
auth.backend.ldap.filter = "(uid=$)"

auth.require = ( "/" =>
(
"method" => "digest",
"realm" => "Facturen",
"require" => "valid-user"
),
)


When I xs the interface at https://192.168.1.33:8081/folder I see an user/pass field, when I fill in the (with htdigest) inserted combinations of user/pass (Robert/deleeuw) this combination won't be accepted.

My commands with htdigest



[admin@Kolibrieroutert tmp]$ ./htdigest /opt/etc/lighttpd/.passwd Facturen Robert
Changing password for user Robert in realm Facturen
New password:
Re-type new password:
[admin@Kolibrieroutert tmp]$


When I open the .passwd file I see:



Robert:Facturen:2732a9acf2e70597dddcb6aa3e5dbe41


So the generation of the user/pass went correct...but it still won't work...everything else works like a charm!!!

My special thanks to you all for your help

wirespot
10-06-2008, 17:10
No problem, you've fallen for a rather classic mistake. If you're setting up authentication backend as "htdigest" (auth.backend) then you have to use config directives with "htdigest" in them. You used "plain". So the correct line is:


auth.backend.htdigest.userfile = "/opt/etc/lighttpd/.passwd"

The way you did it, lighttpd couldn't find a passwd file for the htdigest backend so obviously it wouldn't allow access.

In the future, set up an error log file (server.errorlog = "/opt/var/log/lighttpd/error.log") and make sure /opt/var/log/lighttpd exists and is owned by the user and group the server runs as (see server.username and server.groupname). And when you have problems you just peek into that file and it will tell you what went wrong. If you had it ready now you would have most likely seen something like "can't find the htdigest passwd file" in there.

wpte
10-06-2008, 19:35
hey I want to metion a bug on the wonder shaper.

if you are using the command in putty, you should use eth1 instead of vlan1.

also, it somehow doesnt allow download speeds bigger than 8mbit:(


when uploading I have now a ping of 40 instead of 300, that is good for gaming:)
however, I have an internet package with 24mbit!
so when I set it to 8mbit in wshaper I get only 500kb/s maximum...
without the shaper I get more than 2mb/s:rolleyes:
when I change the value higher than 8mbit I get lower speeds, sometimes even 100kb/s:mad:
do you know any work-around?:confused:


I tried out a newer version of wshaper 1.1a
this version differs from the original one on the router
however, there is a problem, it keeps saying me to read the readme first... while I did:mad:

anyway... the cpu doesnt seem to respond to wondershaper, it's not even a process;)

wpte
12-06-2008, 12:30
/sbin/wshaper start eth1 -1 900
this code works quite well... however, still no bigger speeds than 8mbit with download:(
the downloading is more stable tough:)

SeverusSneep
12-06-2008, 16:19
No problem, you've fallen for a rather classic mistake. If you're setting up authentication backend as "htdigest" (auth.backend) then you have to use config directives with "htdigest" in them. You used "plain". So the correct line is:


auth.backend.htdigest.userfile = "/opt/etc/lighttpd/.passwd"

The way you did it, lighttpd couldn't find a passwd file for the htdigest backend so obviously it wouldn't allow access.

In the future, set up an error log file (server.errorlog = "/opt/var/log/lighttpd/error.log") and make sure /opt/var/log/lighttpd exists and is owned by the user and group the server runs as (see server.username and server.groupname). And when you have problems you just peek into that file and it will tell you what went wrong. If you had it ready now you would have most likely seen something like "can't find the htdigest passwd file" in there.

Works like a charm, thanks!

bogd_A
14-06-2008, 09:52
Yes, you need to install a few other packages along with streamripper (audio codecs): libmad, faad2, libogg, libvorbis. Do "ipkg install" for each of them.

I wonder why they weren't marked as required by the streamripper package. It's obvious that streamripper won't work without them -- the binary appears to be linked with all four and needs them in order to run.

Thank you for your answer, I didn't have the time to try, but it must work :)
I'm having some troubles with slow download speed using transmission on my wl-500gP v2, I must admit that all this is new for me (meaning linux and stuf), and an error from me it's possible, but i think is an transmission error.

Can you help me with some sugestions?

Thank you

bogd_A
16-06-2008, 19:46
Thank you for your answer, I didn't have the time to try, but it must work :)
I'm having some troubles with slow download speed using transmission on my wl-500gP v2, I must admit that all this is new for me (meaning linux and stuf), and an error from me it's possible, but i think is an transmission error.

Can you help me with some sugestions?

Thank you

I still have the same error: streamripper: can't load library 'libfaad.so.0' :(

djmickey83
20-06-2008, 02:19
Hi to everyone!

As I tried to set up torrentflux, everything went well, untill this part:

torrentflux-b4rt 1.0-beta2 - Setup
Database - Create Tables

The installation will now attempt to create the database tables required for running torrentflux-b4rt.

Error: Cannot connect to database.

what could I do to finish this set up?
thx

btw: I'm a dummie when it comes to linux:eek:

accurate
26-07-2008, 22:07
Solved the problem with apr-util. Apparently one or two packages could not be found, so installed them manually. Got the htdigest working.


Which packages are they, and where to find them? I am having the exact same problem with library 'libuuid.so.1'.

lordu
06-10-2008, 18:19
Test your server. If you can't log in, some common errors are:
* wrong user and/or password
* you didn't put the same realm in the conf and the password file
* the password file can't be read (check permissions)
* your browser can't do digest authentication

Check your lighttpd error log (probably /opt/var/log/lighttpd/error.log) for clues.

401 - Unauthorized from IE7 and also from FireFox
What can i do?
How to ceck permissions ???

PROBLEM FIXED !!!
Instead of auth.backend.htdigest.userfile i've putted auth.backend.plain.userfile (wrong)

Mokake
06-11-2008, 19:20
I installed streamripper and got the same error as bogd_A:


I still have the same error: streamripper: can't load library 'libfaad.so.0' :(

I solved the problem with the installation of libfaad and libglib (which was missing as well)


ipkg install faad2 glib

Streamripper is working fine now but is only able to rip mp3 and ogg streams. Since many radio streams (at least in Germany) only use realaudio and wma I looked for a way to rip these streams.

I found mmsrip (http://nbenoit.tuxfamily.org/projects.php?rq=mmsrip) which is able to record any content coming from a mms server (video and audio streams) and works on my 500gP.

So, if you want to install mmsrip here is a tutorial:

Get the sourcecode (http://nbenoit.tuxfamily.org/projects/mmsrip/mmsrip-0.7.0.tar.gz) and unzip it on your windows/linux system (I had trouble opening the tarball on my asus). Then move the mmsrip-0.7.0 folder on your box using samba or ftp and login.
Move the mmsrip-0.7.0 folder on your box to /opt/bin/:

mvdir YOUR/FTP/OR/SAMBA/DIRECTORY/mmsrip-0.7.0 /opt/bin/

Now we need buildroot and make to compile:

ipkg install make buildroot
This may take a while (buildroot has around 40 mb).

Then

cd /opt/bin/mmsrip-0.7.0/
sh ./configure
make
make install

mmsrip is installed in /usr/local/bin so we have to save to flash:

flashfs save && flashfs commit && flashfs enable && reboot

If you want to make cronjobs with mmsrip, make sure you add :/usr/local/bin to the paths in your crontab.

If mmsrip dies while doing the handshake, it might be caused by your firewall. I switched my firewall off and then on again and now everything is working fine...

Maybe wirespot can include this in his streamripper post at the beginning of this thread.

wirespot
06-11-2008, 20:00
Done, I've linked to your post.

The handshake hiccup may have something to do with the way MMS works. I read on the Wikipedia page (http://en.wikipedia.org/wiki/Microsoft_Media_Services) that it tries UDP first and TCP second and tries RTSP first and MMS second. I'm not sure how mmsrip goes about it, but here's a tip: it may help to open 1755 and 554 in the firewall, both UDP and TCP, both in and out. You can find out how to do this in the first post of this thread (look for post-firewall). Just remember to use "vlan1" instead of $1 if you try the iptables commands from the command prompt as opposed to post-firewall.

It would be nice if someone who uses mmsrip could run `netstat -tlnp` with it running and see what ports it's trying to use so we can confirm that opening these ports will really help.

Mokake
07-11-2008, 17:31
Thank you for linking to my post and thanks for your great tutorials. Forgot to mention that in my first post :D

I still use the firewall from the webinterface since everything works fine with it.

"netstat -tlnp" failed with "netstat: illegal option -- p" but "netstat -tuan" worked (see below).
Mmsrip seems to use port 2545.

[admin@Asusbox root]$ netstat -tuan
Active Internet connections (servers and established)
Proto Recv-Q Send-Q Local Address Foreign Address State
tcp 0 0 0.0.0.0:515 0.0.0.0:* LISTEN
tcp 0 0 192.168.1.1:139 0.0.0.0:* LISTEN
tcp 0 0 0.0.0.0:9100 0.0.0.0:* LISTEN
tcp 0 0 0.0.0.0:80 0.0.0.0:* LISTEN
tcp 0 0 0.0.0.0:21 0.0.0.0:* LISTEN
tcp 0 0 0.0.0.0:53 0.0.0.0:* LISTEN
tcp 0 0 0.0.0.0:5431 0.0.0.0:* LISTEN
tcp 0 0 0.0.0.0:3838 0.0.0.0:* LISTEN
tcp 0 0 127.0.0.1:80 127.0.0.1:2552 TIME_WAIT
tcp 0 0 127.0.0.1:80 127.0.0.1:2553 TIME_WAIT
tcp 0 0 127.0.0.1:80 127.0.0.1:2554 TIME_WAIT
tcp 0 0 127.0.0.1:80 127.0.0.1:2550 TIME_WAIT
tcp 0 0 92.229.xx.xx:2545 87.248.216.200:1755 ESTABLISHED
tcp 0 0 127.0.0.1:80 127.0.0.1:2551 TIME_WAIT
tcp 0 0 :::22 :::* LISTEN
tcp 0 0 ::ffff:192.168.1.1:22 ::ffff:192.168.1.:36142 ESTABLISHED
tcp 0 0 ::ffff:192.168.1.1:22 ::ffff:192.168.1.:33849 ESTABLISHED
udp 0 0 0.0.0.0:1024 0.0.0.0:*
udp 0 0 192.168.1.1:137 0.0.0.0:*
udp 0 0 0.0.0.0:137 0.0.0.0:*
udp 0 0 192.168.1.1:138 0.0.0.0:*
udp 0 0 0.0.0.0:138 0.0.0.0:*
udp 0 0 127.0.0.1:34954 0.0.0.0:*
udp 0 0 0.0.0.0:9999 0.0.0.0:*
udp 0 0 0.0.0.0:53 0.0.0.0:*
udp 0 0 0.0.0.0:67 0.0.0.0:*
udp 0 0 0.0.0.0:1900 0.0.0.0:*
[admin@Asusbox root]$

wirespot
08-11-2008, 00:30
That's just your outgoing port, connected to a remote server on port 80. Which means that mmsrip acts pretty much like a browser, so the firewall isn't causing problems for it.

Install the net-tools package BTW, it has a better netstat and some other stuff. The netstat in the router firmware doesn't have -p (which shows you the process that owns a connection).

xplay
10-11-2008, 00:11
Hi

i folowed the "SSL protected website" tutorial and every thing it`s ok , then i folowed "How to protect your webserver with a password" also works very well !

But i have a little problem:
after i installed SSL when i go to https://192.168.1.1:8082 the first page was the page with the programs menu !
after i install webserver password when i go to https://192.168.1.1:8082 the first page is changed , they show me only a transmission page and a link to Transmission daemon CGI interface

I want my first page back .. when i can chose any programs from list !!

any advice?

thx very much !

PS: sory for my english !

wirespot
10-11-2008, 09:01
There's nothing in the "password protect" tutorial that changes the root dir, so please double-check what you put in server.document-root in the config file.

Oh, and please make sure you're starting lighttpd with the same config file, at some point the SSL tutorial tells you to make a copy and use that. Have you applied both tutorials to the same config file? Is lighttpd starting with that file in both cases? Check your /opt/etc/init.d/S80-lighttpd* file.

xplay
10-11-2008, 20:20
wirespot , yesss you have right !!
now it`s works very well !
initial server.document-root it was : "/mnt" and i change it like in tutorial : "/opt/share/www" ... that was the mistake !!
now i change back to : /mnt/ and works !!!
and yes i use on both tutorials with the same config file wich is : transmission-ssl.conf



And one little think ,
-I- if can tell me someone ohow i can open ports : ssh 22 , and 8082 , because i want to connect from my work to web interface , or to putty ssh on the router !
-II- i use streamripper and the script made by chef wirespot :) , but in shell console i run the comand rip URL , and the streaming start , when i close the windows of putty , the streamripper close !
how i can run the script and to work .. even i close putty window ???






There's nothing in the "password protect" tutorial that changes the root dir, so please double-check what you put in server.document-root in the config file.

Oh, and please make sure you're starting lighttpd with the same config file, at some point the SSL tutorial tells you to make a copy and use that. Have you applied both tutorials to the same config file? Is lighttpd starting with that file in both cases? Check your /opt/etc/init.d/S80-lighttpd* file.

wirespot
10-11-2008, 21:47
-I- if can tell me someone ohow i can open ports : ssh 22 , and 8082 , because i want to connect from my work to web interface , or to putty ssh on the router !

See the first post in this thread.


-II- i use streamripper and the script made by chef wirespot :) , but in shell console i run the comand rip URL , and the streaming start , when i close the windows of putty , the streamripper close !
how i can run the script and to work .. even i close putty window ???

You need to install the screen or dtach package and run it inside them. Look around, there must be a tutorial for them too.

xplay
12-11-2008, 21:45
Thx chef ..wirespot!
firewall works very good also the streamripper!

I have some nasty problem with transmission now :

If i download the torent file and put in Source directory every think it`s ok , the only problem is the error messages :Unable to find recent transfer stats in syslog (Pictures 3 )

Iff i use Fetch , the torent file is downloaded and Satus changed to started , but immediately the status change again in: .status not found ( Picture 1,2 )

Also when i clik to log , they dont show me any log or stats ! only Creating Graph .. and that all ! ( Pictures 4 )

If someone can advice me wat to do !

I will apreciate !

Thx

http://img152.imageshack.us/img152/7767/82731728pm2.jpg
http://img152.imageshack.us/img152/6866/50800711vz8.jpg
http://img152.imageshack.us/img152/3875/77285258gj0.jpg
http://img152.imageshack.us/img152/802/logns1.jpg

xplay
19-11-2008, 14:00
nobody?

pls , i need some advice !
i just want to work the graphic on log and to resolve the syslog error !!



Thx. !