Posted: Sat Jan 08, 2022 9:25 Post subject: LinkSys EA6700 - building a script to manipulate iptables
Gents, can I find some help here regard the subject?
I have an EA6700 charged with v3.0-r41771. I intend to have the firewall filtering the clients by MAC addresses based on a schedule. So far I think of a script on a USB stick that would build cron jobs upon starting the router in the same way as I'm starting cron jobs now on via Administration->Management->Additional Cron Jobs.
Cron daemon must apply rules to iptables based on current time and day of week. At the same time, there must be a default instance of iptables rule set that would be active in case the router is started without USB stick.
As far as I know, the problem with 32kB of nvram is not solved in the build installed on my router, so I think that the script must be placed on a USB stick.
For the moment I have inserted a stick in the router. When I inserted it, in Services->USB I had the option to enable Core USB Support, USB Storage Support and Automatic Drive Mount. I followed a guide that tells to go to NAS section and format the drive from that page. Here begins the confuse.
In NAS section, in the bottom of the page, there is Drive Manager. I guessed that I have to put there Optware in label and format Ext2 and press Format button. But nothing happens. May it be because of a bug in the build, or because of that that the formatting here works only in case of enabling the Samba or FTPD? Either way it is confusing. So, I restarted the router. It took a little bit longer time to restart. When checked for the drive to be mounted in the /opt - it was not there. So, I formatted the drive from the command line with "mkfs.ext2 -L Optware -t ext2 /dev/sda1".
Finally the stick is there but I have a problem. When I restart the router, the stick is not mounted automatically unless I go to the Services->USB and press Save then Apply. After this the stick shows up in the Services->USB and Services->NAS as /dev/sda and /dev/sda1 formatted as ext4, and in WinSCP in the path /opt as folders that I have created before reboot. But if I run ls in the /opt folder, it doesn't show the content of the stick. Instead it returns a folder "lib" that seems to be there when the stick is not mounted. At the same time I have an empty folder Optware in the /tmp/mnt folder.
Can somebody help me mount the stick automatically in a reliable mode, so I can put a script to handle the cron jobs and iptables rules?
As a bonus question, how can I install Entware so I could install MC which I miss pretty much.
Note:
When running scripts from a USB stick make sure you add "sleep 30" or "is-mounted /opt" to wait for the USB stick being ready
Note 2:
I think your router has the time module so that you can make iptables rule with time.
Some documentation about this can be found in the IPSET documentation: https://forum.dd-wrt.com/phpBB2/viewtopic.php?t=327261
So, you think that in most recent versions the USB is treated in a right way? Or this is just a "good advice"?
Quote:
Note:
When running scripts from a USB stick make sure you add "sleep 30" or "is-mounted /opt" to wait for the USB stick being ready
Thanks for the hint!
Quote:
Note 2:
I think your router has the time module so that you can make iptables rule with time.
Some documentation about this can be found in the IPSET documentation: https://forum.dd-wrt.com/phpBB2/viewtopic.php?t=327261
I will give it a chance.
Thank you very much for your reply.[/quote]
Your build is old, unsupported and has security issues.
So regardless of USB (which changed considerably) you are advised to update.
Hi,
I have upgraded to the version you suggested with reset after install and manually entering all the settings.
At the beginning, I was able to mount my 16GB USB2.0 stick in the /opt folder. Then I had to change the admin password and all the things went wrong, so I had to reset the router to get access to it. After resetting the stick mounted only once, but after subsequent reboots it didn't mount at all. More of this, it doesn't appear neither in the /dev folder as sda1 nor sda.