New oleg firmware version

[al37919]

i found 2 fw for my wl-500gp v2: wl500g-1.9.2.7-d-r160 (2009-03-05) http://code.google.com/p/wl500g/wiki/NEWS and WL500gpv2-1.9.2.7-10.7.trx 02-Mar-2009 http://oleg.wl500g.info/pre10a/

What are differences between`s 2

The difference is actually described here: http://code.google.com/p/wl500g/wiki/NEWS
Oleg's last pre-10a-version is a bugfix, which doesn't include new features. The main improvement is new wireless drivers. This is long awaited update at least by users of wl500gPv2, where old drivers caused sometimes serious problems.

[newbiefan]

Hi,
first thx to Ily for this great job......
Anyhow, installed yesterday r160.trx (gpV1) and installed everything according wengis howto. Everything works stable, but when I want to umount, I get a problem:
umount /tmp/mnt/disc0_3 works fine, is part 3
umount /opt device or resource busy
well, of course, no opt sw should run, hence: /opt/etc/init.d/rc.unslung stop
Even when I killall sw related and/or linked to any /opt folder, I get the same
message: device or resource busy
swopoff -a works
but it's strange - when I run fdisk /dev/discs/disc0/disc I can delete any partition and write the partition table. The only thing is, that I've found until now no way to reload kernels partition table. So it needs a reboot to reload the new part-table.
Can somebody confirm and/or has a solution?
For confirmation, I'll install oleg's and Ily's FW to my 2 wl500gp's, will report tomorrow.
Many thanks!

Edit: all what I wanna do is to umount with a script, because I wrote a script (not finished yet http://autoinstall.lima-city.de) to install everything faster......

[al37919]

newbiefan:
you can try the script from here:
http://www.wl500g.info/showpost.php?...3&postcount=37
it is further development of the pre-shutdown script

Take into account:
1) you may have something in cron which restarts processes (that is where I had problem which was not able to find for a long time), if so --- kill cron before anything.
2) kill everything which is started from pre-* and post-* files outside of rc.unslung explicitly
3) to have an effect from 'rc.unslung stop' some of the startup files should be rewritten, because some of them intended to perform only start
4) if you reboot or unmount from cmd-line you should login by user which uses /bin/sh as shell (and not /opt/bin/bash or so)

Finally, there should be no difference between oleg's and lly's firmwares in this respect. So, pay maximum attention to the lsof utility which actually can tell you which files are open by which application.

[newbiefan]

@ al37919
thanks for pointing me to a better script.......
Have taken care with ps axf to kill everything, even smbd, nmbd, vsftpd (from fw), just to avoid that any pointer points to /opt/var/log via syslogd even after a killall syslogd (that was my guess).
After long trials, I gaved up.......because I had no explanation, why fdisk has not called ioctl to re-read partition table, the only way to umount was the lazy one: umount -l /opt. When lazy unmounted, ioctl was called from fdisk.
Maybe, my install-script is the guilty guy........

Ok, have not installed yet the better shutdown script, because it should work the regular way. (Many thanks, I'll use the script soon!)

Well, then I've done a reset and installed fw again, guess what:
IT WORKS - hardly believable, but true.

Tomorrow or sunday, I'll give it a try to compile fw r160 in a friboli-linux (vmware) environment which I use to compile freetz. If successful, I'll report and write a short howto in engl. and german.

Many thanks again

[ctr99]

Hi,

I have a quick question about the new firmware.

Do you know how I could get the router to log all WPA association attempts, so that I have a definitive record of which MAC addresses were associated at any given time?

Thanks,

Chris.

[newbiefan]

@crt99

should work:

Code:

wl assoclist

[ctr99]

@newbiefan

Thanks for the reply.

"wl assoclist" does indeed show the MAC addresses of the currently associated wireless clients.

I had hoped to get logging of connection attempts to syslog, like happens for DHCP requests already?

Do you know whether that is possible?

If not, is there another command to show FAILED connection attempts?

Thanks,

C.

[wopper]

Hi,

anyone else have the problem that WLAN stops after 2 a 3 days on a WL-500W on release 119.

If it occurs again i will collect some system logging if wired connection still works.

[wpte]

Serious security issue...
All my ports are open!
I actually had people requesting a DHCP IP adress from the internet!
Also people trying to access my upnp service, samba shares, mysql and many other thigs!

This is what I have
I tried r191 and r211

The firewall in the webadmin is enabled (without the brute force prevention), I have a script from tamadite that prevents hackers from logging in (attatched). -> all my ports are open

The firewall in the webadmin is DISABLED, I have a script from tamadite that prevents hackers from logging in (attatched). -> all my ports are open

The firewall in the webadmin is enabled (without the brute force prevention), I have my old iptables script for simple portforwarding. -> all my ports are open

The firewall in the webadmin is enabled with brute force prevention, My old iptables rules (wich are not executed!) -> only FTP and SSH are open...

The firewall in the webadmin is enabled with brute force prevention, the script from tamadite is running -> only ftp and ssh are open...


seriously... what is going on!
in revision 161 I believe it was, nothing was wrong, and now suddenly I've a serious leak...

[lly]

Serious security issue...
All my ports are open!
I actually had people requesting a DHCP IP adress from the internet!
Also people trying to access my upnp service, samba shares, mysql and many other thigs!

Can't reproduce situation on my home gateway router (it have a real IP), please describe how you discover this exactly. External scanner? What else?

btw. DHCP, by default, can assign only LAN addresses.

[al37919]

wpte:
do the following --- disable your post-firewall, enable firewall in web, and check if the problem persists. If yes, post here the output of iptables-save command

[wpte]

Can't reproduce situation on my home gateway router (it have a real IP), please describe how you discover this exactly. External scanner? What else?

btw. DHCP, by default, can assign only LAN addresses.

I used an external scanner, also a portscan directly on the wan port of the router.

I discovered this because I had hughe cpu usages on various services like upnp, samba, webcam server etc.
Also the dhcp leases came from outside my network, leasing a local network IP... the mac adress was a false one, but I had like 30 false leases
(my wireless is set to wpa2 and a strong password, so that can't be the issue)

wpte:
do the following --- disable your post-firewall, enable firewall in web, and check if the problem persists. If yes, post here the output of iptables-save command

I did that and nothing comes thru..
I've actually been trying to get my firewall running properly for over the last 2 hours.
Now I've made it, that my firewall in the web is running with brute-force prevention enabled and a simple iptables script, by cutting the original one I had:

PHP Code:

#!/bin/sh
# This we know...
WANIF=eth1
LANIP=192.168.1.10

# deleting last firewal rules (policy)
iptables -D INPUT -j DROP
#iptables -D INPUT -j logdrop

# Standart open ports
iptables -A INPUT -p tcp --dport 3690 -j ACCEPT
iptables -A INPUT -p udp --dport 3690 -j ACCEPT
iptables -A INPUT -p tcp --dport 80 -j ACCEPT

# Torrent client rules
iptables -A INPUT -p tcp --dport 51413 -j ACCEPT
iptables -A INPUT -p udp --dport 51413 -j ACCEPT
iptables -I INPUT 1 -p tcp -i "$1" --syn --dport 51777:51780 -j ACCEPT
iptables -I INPUT 1 -p udp -i "$1" --dport 6881 -j ACCEPT

#block bad ip-adresses
iptables -I INPUT -s 91.121.111.28 -j DROP
iptables -I INPUT -s 91.121.84.162 -j DROP
iptables -I INPUT -s 91.121.108.28 -j DROP
iptables -I INPUT -s 91.121.111.27 -j DROP
iptables -I INPUT -s 91.121.108.81 -j DROP
iptables -I INPUT -s 91.121.108.73 -j DROP
iptables -I INPUT -s 91.121.108.87 -j DROP
iptables -I INPUT -s 91.121.108.82 -j DROP
iptables -I INPUT -s 91.121.108.81 -j DROP
iptables -I INPUT -s 91.121.110.118 -j DROP
iptables -I INPUT -s 91.121.108.87 -j DROP

# Restablishing INPUT chain policy
#iptables -A INPUT -j logdrop
iptables -A INPUT -j DROP 


I acutally have no idea why it suddenly works now, or why tamadite's script failed for some reason...

Also my FTP and SSH ports are closed now I believe. Do I need to port-forward these first and then apply the brute-force prevention or something?

Thanks for the quick responses, for some reason it seems to have something to do with the firmware in my eyes.

[al37919]

My guess: post-firewall is executed until the first error. You remove DROPALL rule then add something, then restore DROPALL. It means that in case of the break during execution your firewall is in the state ALLOWALL. I'd suggest to issue iptables -P INPUT DROP close to the beginning of the file instead of the last DROPALL line. And of course debug your post-firewall by ether manual execution (while providinge required parameters), or add 'logger ...' commands to check untill which point you really reach on execution

[lly]

I guess that al37919 assumption is right, since there was no security/iptables changes in firmware in r162-r211. But busybox is upgraded and it stability not so good

[wpte]

well... I had a whole day of testing stuff now.
it seems it hasn't anything to do with the firmware (wohoo)
it actually has to do something with the last few lines of the iptables:

PHP Code:

iptables -A INPUT -p tcp -m tcp -j LOG --log-prefix "TARPIT " --log-tcp-sequence --log-tcp-options --log-ip-options
iptables -A INPUT -p tcp -m tcp -j TARPIT 


not sure, but after these are applied, all ports are open, I guess I'm going to PM tamadite about it.
Removing the lines don't hurt anyway, because I have now the portscan prevention from tamadite in the script, and it catches the portscans right and put them in the BANDIT file, next to the web firewall generated BRUTE file
it's not blocking anything now tho... but I do get some messages in my log about scanners...

I also tested stability and speed a bit. I can't notice any stability problems so far... everything runs smoothly.
I however did noticed a bit of a speed-drop with samba2 (ipkg package), it can be the system since on r191 (I think) I had speeds from 4 till 5mb/s, and now with r121 I get about 3,5mb/s.
I did apply the overclock again, because without it I only got about 2,4mb/s.

I'll try to keep it running a couple of days, and wait for a crash (that will probably never happen).