Firmware v1.8.1.7 CR2 [Oleg] - updated ( CR2a )

[Oleg]

New custom firmware available for download. Up2date information is available at this page.

There are also firmware for the units in this directory. Consider them experimental.

Changes in this release:

• Fixed a problem with firewall not working correctly, when logging was active
• Fixed a bug in the stock firmware causing time synchronization fail with dyndns service active
• Applied a patch to fix problem with Genesys Logic usb chipset
• Telstra BigPond changes (thanks to Rod Whitby)
• Australian timezones patch (thanks to Rod Whitby)
• Added new option "Number of connections to track" to Internet Firewall | Basic Settings

Important notice for post-firewall users: post-firewall script should be adjusted, be carefull when adding rules with -A - this will no longer work correctly, due to unconditional rule at the end of table. Check the iptables -L -v output.

For 1.8.1.7-1 discussion check this thread.

Update: updated to 1.8.1.7-2a, there is no need to reupload firmware if you do not use dropbear. Links are also updated.

[sleuther]

Hi Oleg,
thank you for your great work. Due to your effort this ASUS router is a real useful machine. Now to the probs I'm faced to. I installed 1.8.1.7-1 2 days ago and setup the router everything was fine except the topics already listed in the corresponding thread.

So today I installed the new release 1.8.1.7-2 and a new problem is appearing: the ssh daemon (dropbear) is running, but I can't login any longer. After typing in the password the session will hang. Here's the corresponding entry of the router logfiles:

Oct 19 18:34:59 (none) authpriv.err dropbear[124]: ioctl(TIOCSCTTY): Input/output error
Oct 19 18:34:59 (none) authpriv.err dropbear[124]: /dev/pts/0: No such file or directory
Oct 19 18:34:59 (none) authpriv.err dropbear[124]: open /dev/tty failed - could not set controlling tty: No such device or address

Nothing was changed but the loglevel was changed from 'none' to 'dropped' .This is happening on the router which was running fine under 1.8.1-7-1 and the same is happening on a naked router after the update and installing from the scratch. If you'll need more information or tests, please feel free to contact me.

CU Sigurd

[Oleg]

Thank you for your report. Dropbear is completely broken in this release... Sources are ok, binary is bad.
Update: rebuild as 1.8.1.7-2a, there is no need to reupload firmware if you do not use dropbear. Links are also updated.

[Styno]

I feel a bit silly but I'm having troubbles getting write access through Samba with firmwares 1.8.1.7-2-pre1 and 1.8.1.7-2a.

When mounting the hidden share$, I can view the directorys and open files, but I'm unable to write files to the disk. This was working fine in 1.7.5.6 CR5.

Any ideas?

Edit 1: I can confirm that Dropbear is working just fine in the 2a release.

Edit 2: I have the following line in the 'post-boot' script to start a 2nd webserver which is not working

Code:

/usr/sbin/busybox_httpd -p 81 -h /tmp/harddisk/wwwroot

But when I execute the same command from the commandline the webserver starts normally. Any ideas on why this is not working from post-boot? Everything else is working fine from the post-boot script...

[virilius]

Hi ppl...

I'm now using 1.8.1.7-2a and having a little problem with manually assigning IPs through MAC. I've added all MACs and the respective IPs to the web interface table, however, only the wired PCs get it's correct IP and the wireless PCs get an IP from the DHCP pool...
I had the same poblem with 1.8.1.7-1, but not with 1.7.5.9-5.

Sorry if this isn't the right place to post this problem...

Thanks in advance

[sleuther]

... is now working again (1.8.1.7-2a). Thank you Oleg.

Regards
Sigurd

by the way the link to the 1.8.1.7-2a.zip file is not working. I was only able to download the ...trx file from the other versions directory.

[Oleg]

I'm now using 1.8.1.7-2a and having a little problem with manually assigning IPs through MAC. I've added all MACs and the respective IPs to the web interface table, however, only the wired PCs get it's correct IP and the wireless PCs get an IP from the DHCP pool...

Please post your /etc/ethers file and MAC addresses of problematic clients. Also, it's possible, that wireless clients are requesting old IP addresses, static assignment does not work in this case.

[oldudu]

I feel a bit silly but I'm having troubbles getting write access through Samba with firmwares 1.8.1.7-2-pre1 and 1.8.1.7-2a.

When mounting the hidden share$, I can view the directorys and open files, but I'm unable to write files to the disk. This was working fine in 1.7.5.6 CR5.

Any ideas?

I've had the same problem.
The solution I've found is to replace the user root by user admin in the line : force user =

Thanks to all for the nice job

Regards

Oldudu

[Oleg]

[I've had the same problem.
The solution I've found is to replace the user root by user admin in the line : force user =

Thanks to all for the nice job

Regards

Oldudu

Right, smb.conf has hardcoded root name, but it's provided as sample only. Well, I will probably fix this. For now either change user name to root or edit smb.conf file and save it to flashfs.

[sleuther]

Hi it's me again.
if you select logging dropped files and use virtuell servers inside theres a problem:

logdrop all -- br0 ppp0 0.0.0.0/0 0.0.0.0/0
logdrop all -- ppp0 br0 0.0.0.0/0 0.0.0.0/0 <-----

The second logdrop rules is catching all transfer comming in a dropping it, the firewall ACCEPT rules for the forwarded ports are in following lines and will not be reached anytime. I did a workaroung in killing this rule and adding the necessary drop rules at the end... version 1.8.1.7-2a

CU Sigurd

[Oleg]

Hi it's me again.
if you select logging dropped files and use virtuell servers inside theres a problem:

logdrop all -- br0 ppp0 0.0.0.0/0 0.0.0.0/0
logdrop all -- ppp0 br0 0.0.0.0/0 0.0.0.0/0 <-----

This seems to be a bug in the original firmware... Could you please post entire /tmp/filter_rules?

[sleuther]

This seems to be a bug in the original firmware... Could you please post entire /tmp/filter_rules?

here it is:

*filter
:INPUT ACCEPT [0:0]
:FORWARD ACCEPT [0:0]
:OUTPUT ACCEPT [0:0]
:logaccept - [0:0]
:logdrop - [0:0]
-A INPUT -m state --state INVALID -j logdrop
-A INPUT -m state --state RELATED,ESTABLISHED -j ACCEPT
-A INPUT -i lo -m state --state NEW -j ACCEPT
-A INPUT -i br0 -m state --state NEW -j ACCEPT
-A INPUT -p tcp -m tcp -d 84.128.179.237 --dport 21 -j ACCEPT
-A INPUT -p icmp -d 84.128.179.237 -j ACCEPT
-A INPUT -j logdrop
-A FORWARD -m state --state INVALID -j logdrop
-A FORWARD -i br0 -o br0 -j ACCEPT
-A FORWARD -p tcp --tcp-flags SYN,RST SYN -m tcpmss --mss 1453: -j TCPMSS --set-mss 1452
-A FORWARD -p tcp --syn -m limit --limit 1/s -j ACCEPT
-A FORWARD -p tcp --tcp-flags SYN,ACK,FIN,RST RST -m limit --limit 1/s -j ACCEPT
-A FORWARD -p icmp --icmp-type echo-request -m limit --limit 1/s -j ACCEPT
-A FORWARD -i br0 -o ppp0 -p tcp -s 192.168.252.1 -j ACCEPT
-A FORWARD -i br0 -o ppp0 -p udp -s 192.168.252.1 -j ACCEPT
-A FORWARD -i br0 -o ppp0 -p tcp -s 192.168.252.115 -j ACCEPT
-A FORWARD -i br0 -o ppp0 -p udp -s 192.168.252.115 -j ACCEPT
-A FORWARD -i br0 -o ppp0 -p tcp -s 192.168.252.116 -j ACCEPT
-A FORWARD -i br0 -o ppp0 -p udp -s 192.168.252.116 -j ACCEPT
-A FORWARD -i br0 -o ppp0 -j logdrop
-A FORWARD -i ppp0 -o br0 -p tcp --sport 20:130 -d 192.168.252.1 -j ACCEPT
-A FORWARD -i ppp0 -o br0 -p tcp -d 192.168.252.1 --dport 20:130 -j ACCEPT
-A FORWARD -i ppp0 -o br0 -j logdrop
-A FORWARD -p udp -m udp -d 255.255.255.255 --dport 47624 -j ACCEPT
-A FORWARD -p tcp -m tcp -d 192.168.252.1 --dport 20:21 -j ACCEPT
-A FORWARD -p tcp -m tcp -d 192.168.252.1 --dport 80 -j ACCEPT
-A FORWARD -p tcp -m tcp -d 192.168.252.1 --dport 443 -j ACCEPT
-A FORWARD -p tcp -m tcp -d 192.168.252.1 --dport 5900 -j ACCEPT
-A FORWARD -p tcp -m tcp -d 192.168.252.1 --dport 2506 -j ACCEPT
-A FORWARD -p tcp -m tcp -d 192.168.252.1 --dport 3389 -j ACCEPT
-A FORWARD -p tcp -m tcp -d 192.168.252.1 --dport 30660 -j ACCEPT
-A FORWARD -p udp --dport 6112 -j ACCEPT
-A logaccept -m state --state NEW -j LOG --log-prefix "ACCEPT " --log-tcp-sequence --log-tcp-options --log-ip-options
-A logaccept -j ACCEPT
-A logdrop -m state --state NEW -j LOG --log-prefix "DROP" --log-tcp-sequence --log-tcp-options --log-ip-options
-A logdrop -j DROP
COMMIT

Without the added rules for ports 20:130 the logdrop lines will receive all traffic and I couldn't get a connection. all rules after the logdrop are added by the virtual server web page. but will never be executed because of
-A FORWARD -i ppp0 -o br0 -j logdrop

[Oleg]

Well, firewall between WAN & LAN is broken... Don't know why ASUS has done this in this way...
Do you need it at all?

Edit: fixed.

[Styno]

I have some problems undestanding the new layout of flashfs partition and how the boot script handles it:

As an example I will use /etc/smb.conf. On your wl500g.dyndns.org page you state:

once you've made the changes to the ramfs system (/usr/local/ now also mapped to ramfs, you need to launch special command to store modified files permanently in the flash. During the next boot wl500g will extract these files for you. So, you can store whatever you need just like in real non-volatile file system. Consider using /usr/local/etc for files which is normally resides in /etc, /usr/local/sbin for "ASUS style" init scripts and /usr/local/sbin for executables files/scripts

As I understand right, any file in /usr/local/etc will be placed in /etc at boottime. This was working fine and dandy in firmware 1.7.5.9 CR5.

Now comes the confusing part:
I've copied /etc/smb.conf to /usr/local/etc/smb.conf, edited the file and saved it using 'flashfs save' and 'flashfs commit'. After reboot the /etc/smb.conf appears unchanged, but if I view the /usr/local/etc/smb.conf file I can clearly see the changes.

What am I doing wrong here?

[Oleg]

As an example I will use /etc/smb.conf. On your wl500g.dyndns.org page you state:

As I understand right, any file in /usr/local/etc will be placed in /etc at boottime. This was working fine and dandy in firmware 1.7.5.9 CR5.

No, this never works this way. You just need to add /etc/smb.conf to the list of files (i.e. /usr/local/.files. You may want to check /sbin/flashfs - it's shell script, and it's called as "flashfs start" on boot.