1. This site uses cookies. By continuing to use this site, you are agreeing to our use of cookies. Learn More.

Send email upon reconnect?

Discussion in 'Tomato Firmware' started by kameleon, Aug 31, 2008.

  1. kameleon

    kameleon LI Guru Member

    Ok, I know this is crazy but with the pending hurricanes and all I know power will be going out alot here. I have my main servers on a smartups system running NUT so they will shutdown properly in the event of a power outage. I have however left my cable modem and wrt54gs v2 off any type of UPS. I do this in hopes that I will be able to send myself an email say to my blackberry when it powers back up and regains connection. I know this is possible but how easily? I am currently running roadkills openvpn mod v1.19 flavor of tomato on my main router.

    Basically, how would I go about sending myself an email once the router is back up and connected to the internet?
     
  2. mstombs

    mstombs Network Guru Member

    Tomato doesn't have a mail client so this is not easy. You can put a mail client on jffs and run a script on wanup. I have this from testing dual WAN a while ago

    Code:
    #!/bin/sh -x
    # ----------------------------------------------------------
    #  bootmsg.sh
    # Script to send an email whenever the router is (re)booted.
    # ----------------------------------------------------------
    
    # go to a writeable place
    cd /var
    #===============================
    FROM="wrt54gs"
    TO="myemail@address"
    NAME="mstombs"
    SMTP="smtp.myisp"
    #===============================
    
    # write the email headers
    cat > msg.txt <<EOF
    From: $FROM
    To: $TO
    Subject: Router reboot
    Date: $(date)
    
    Hello $NAME
    
    The router has reconnected on: $(date)
    
    I just thought I'd notify you.
    
    Here's the new ISP IP details
    
    $(ifconfig vlan2 |grep inet) 
    
    
    Best regards,
       Your beloved router.
    
    EOF
    # send the email
    /jffs/msmtp --from=$FROM --host=$SMTP $TO < msg.txt
    
    # cleanup
    rm msg.txt
     
  3. bico

    bico Addicted to LI Member

    To send e-mail messages from the router you can use a telnet connection to an external mailserver. Your ISP (Internet Service Provider) might give you access to such a mailserver. Here is a code snippet for how to implement it:

    Code:
                    :
                    :
                    :
    
    	DATETIME="\`date\`"
    
    	MAILERNAME="mailer"
    	MAILERVERSION="1.0"
    
    	DELAY=2
    	DOMAINNAME="your.domain.name"
    	MAILSERVERNAME="your.mailserver.name"
    	MAILSERVERPORT=25
    
    	FROM="Linksys WRT54GL Tomato ... <...@\$DOMAINNAME>"
    	MESSAGE="..."
    	SUBJECT="Linksys WRT54GL Tomato ..."
    	TO="Linksys WRT54GL Tomato ... <...@\$DOMAINNAME>"
    
            if (
                    sleep \$DELAY
                    echo "HELO \$DOMAINNAME"
                    sleep \$DELAY
                    echo "MAIL FROM: \$FROM"
                    sleep \$DELAY
                    echo "RCPT TO: \$TO"
                    sleep \$DELAY
                    echo "DATA"
                    sleep \$DELAY
                    echo "Date: \$DATETIME"
                    echo "From: \$FROM"
                    echo "To: \$TO"
                    echo "Subject: \$SUBJECT"
                    echo "X-Mailer: \$MAILERNAME \$MAILERVERSION"
                    echo ""
                    echo "\$MESSAGE"
                    echo "."
                    sleep \$DELAY
                    echo "QUIT"
                    sleep \$DELAY
            ) | telnet \$MAILSERVERNAME \$MAILSERVERPORT; then
                    :
            else
                    logger local7.warning -t "..." "WARNING: ..."
            fi
    
                    :
                    :
                    :
    
    Put this code within a "here document" wrapper in the "Init" script (script_init.sh), to generate a "Mailer" script (/tmp/mailer.sh). This script can then be called from wherever you want an e-mail message notification.

    It is important to set the DELAY variable to a proper value. By experience, 2 is a proper value.

    It might also be important to use the same DOMAINNAME everywhere. As I have done in the script above.
     
  4. mstombs

    mstombs Network Guru Member

    Some time ago I failed to get Tomato's busybox telnet to work like this - what version Tomato does this work with?
     
  5. bico

    bico Addicted to LI Member

    Tomato 1.21!
     
  6. sardaukar

    sardaukar Addicted to LI Member

    I am trying to use this script, but I've hit a snag... I have an SMTP host in my internal network at 192.168.0.12 and Tomato (v1.23) is running at 192.168.0.1.

    In my ssh to tomato, I can ping 192.168.0.12 but issuing "telnet 192.168.0.12 25" gives me

    Code:
    telnet: cannot connect to remote host (192.168.0.12): No route to host
    But I can ping it...

    Code:
    ping 192.168.0.12
    PING 192.168.0.12 (192.168.0.12): 56 data bytes
    64 bytes from 192.168.0.12: seq=0 ttl=64 time=1.017 ms
    64 bytes from 192.168.0.12: seq=1 ttl=64 time=1.123 ms
    64 bytes from 192.168.0.12: seq=2 ttl=64 time=0.831 ms
    64 bytes from 192.168.0.12: seq=3 ttl=64 time=1.124 ms
    What gives? :|
     
  7. paped

    paped LI Guru Member

    it might be a typo on your message but you have "telnet 192.168.0.12 25" should it not be "telnet 192.168.0.12" then it will use the standard telnet port of 23, or if for some reason your telnet (on the server) is listening on port 25 "telnet 192.168.0.12:25" with a colon before the specified port?
     
  8. mstombs

    mstombs Network Guru Member

    my out of date Tomato production router connects to an external smtp host fine with the above syntax,

    Code:
    Tomato v1.22.1570
    
    
    BusyBox v1.12.2 (2008-11-16 03:35:24 PST) built-in shell (ash)
    Enter 'help' for a list of built-in commands.
    
    # telnet smtp.ntlworld.com 25
    220 ESMTP server ready
    QUIT
    
    I don't understand the error message "No route to host" in this context.
     
  9. sardaukar

    sardaukar Addicted to LI Member

    Yes, it's not a typo - I'm not trying to telnet to a telnet session but rather an SMTP one. I just tried again and it still can't connect:

    Code:
    # ping 192.168.0.12
    PING 192.168.0.12 (192.168.0.12): 56 data bytes
    64 bytes from 192.168.0.12: seq=0 ttl=64 time=1.090 ms
    64 bytes from 192.168.0.12: seq=1 ttl=64 time=0.839 ms
    64 bytes from 192.168.0.12: seq=2 ttl=64 time=0.823 ms
    64 bytes from 192.168.0.12: seq=3 ttl=64 time=0.896 ms
    # 
    --- 192.168.0.12 ping statistics ---
    4 packets transmitted, 4 packets received, 0% packet loss
    round-trip min/avg/max = 0.823/0.912/1.090 ms
    
    # telnet 192.168.0.12
    # telnet 192.168.0.12
    telnet: cannot connect to remote host (192.168.0.12): No route to host
    
    
    I had to type the telnet command twice since the first time it appears to do nothing but return to the prompt immediately. Should I consider this a bug in Tomato v1.23? :frown:

    Here's a successful telnet to GMail's SMTP:

    Code:
    # telnet smtp.gmail.com 25  
    220 mx.google.com ESMTP j8sm8951835gvb.11
    
     
  10. fyellin

    fyellin LI Guru Member

    telnet can be used to talk to almost any "text-based" TCP server. By default it uses 23, but you can give it a different numeric argument.

    For fun, try:
    Code:
    telnet www.amazon.com 80
    GET /
    to connect to Amazon's HTTP server (port 80) and see its home page.
     
  11. fyellin

    fyellin LI Guru Member

    I've also run into this problem where the first call to telnet or to ping returns immediately, and then the second one works just fine. I'm not sure if it's new to 1.23 or not.

    I agree that the error message is bizarre. I would have expected a "Cannot connect" message. "No route to host" is just plain weird.
     
  12. sardaukar

    sardaukar Addicted to LI Member

    If this is indeed a bug, where can I report it?
     
  13. mstombs

    mstombs Network Guru Member

    This seems to be a BusyBox 1.12.2 bug in Tomato 1.22 at least, not specific to telnet, we discussed it recently in another thread re awk. I didn't find it specifically mentioned on www.busybox.net, but you can imagine the response to a bug report - "please try again with the latest busybox - now 15 April 2009 -- BusyBox 1.14.0 (unstable), BusyBox 1.13.4 (stable) - to see if it has been fixed.
     
  14. sardaukar

    sardaukar Addicted to LI Member

    How can I update BusyBox in Tomato? Or is a new version coming out soon?

    Also, can anyone telnet into a device in their LAN with Tomato v1.23? This "no route to host" thing is plain weird. Here's the output of "route" on my WRT:

    Code:
    # route
    Kernel IP routing table
    Destination     Gateway         Genmask         Flags Metric Ref    Use Iface
    194.79.94.17    *               255.255.255.255 UH    0      0        0 ppp0
    192.168.1.0     *               255.255.255.0   U     0      0        0 vlan1
    192.168.0.0     *               255.255.255.0   U     0      0        0 br0
    127.0.0.0       *               255.0.0.0       U     0      0        0 lo
    default         194-79-94-17.nr 0.0.0.0         UG    0      0        0 ppp0
    
     
  15. mstombs

    mstombs Network Guru Member

    BusyBox is at the core of Tomato, needs careful configuration/integration/ patching and testing by a mod author. Victek and teddy_bear have been trail-blazing in this area in their mods - not sure what versions they are currently on, I see a 1.13.3 config in the mod Git repository.
     
  16. landa

    landa LI Guru Member

    How to put a mail client (msmtp) on jffs? Can someone make a tutorial?

    Thanks!
     
  17. mstombs

    mstombs Network Guru Member

    No tutorial but you

    a) create/format jffs from Tomato web gui
    b) Use winscp and Tomato ssh login to transfer files to /jffs
    c) Write scripts, make scripts and execuatable executable (winscp properties or "chmod +x")

    I probably still have an msmtp I compiled myself but it was over 100K (smtpclient is under 20K but didn't work!). Victek did compile a version of BusyBox with its built-in sendmail function included, which is now a preferred method but don't think anyone else wanted?

    I never got any mail clients to work with ssl enabled smtp.gmail.com which would a useful universal mail post method.
     
  18. sardaukar

    sardaukar Addicted to LI Member

    I was just looking for an adequate msmtp MIPS binary, and couldn't find one. And SSL is a non-issue for me, my box inside the LAN has a plain text SMTP relay open (for internal IPs only) and does its processing to my ISP by itself.

    But still - I can't telnet to a host inside the LAN with v1.23, so I'm guessing I can't send mail either? :mad: Although I can ping...
     
  19. mstombs

    mstombs Network Guru Member

  20. sardaukar

    sardaukar Addicted to LI Member

    Thanks for the info! I'll try it.

    But back on topic from a while back - can anyone else reproduce the "telnet no route to host" bug I'm experiencing? Should I report it? I want to improve Tomato :D
     
  21. landa

    landa LI Guru Member

    a) ok
    b) that files to transfer in /jffs?
    c) this is not so clear to me!!!
     
  22. mars

    mars Addicted to LI Member

    following up on mstombs hint: in case the executable needs aditional libraries, how can i get that to work ?
     
  23. sardaukar

    sardaukar Addicted to LI Member

    This is a dumb method, but it works for me :)

    Place the files in a webserver on your LAN. Login to your Tomato, do "cd /jffs" and then "wget http://YOUR_LAN_IP/PATH/TO/FILE" to download the file from a webserver on your LAN, then remove the file from your webserver (if it's exposed to the world)

    Feel free to flame me for doing things this way :cool:
     
  24. mstombs

    mstombs Network Guru Member

    If you have CIFS working you can run files from there directly without copying to the router. For a file to be run in Linux it must be marked as executable using

    Code:
    chmod +x myfile
    the to run you need to specify the path for example

    Code:
    /jffs/myfile
    Use the ram disk /var for experimentation to avoid unnecessary flash writes need to store on /jffs.

    I think you need "static linked" self contained executables for portability, you cannot add files to the readonly file system, but there are some hard-links back to the writable ram disk so extra web pages etc can be added to the gui.

    I use winscp from windows and under wine from Linux for easy transfer of files to Tomato ram disk or jffs.
     
  25. sardaukar

    sardaukar Addicted to LI Member

    Tried the msmtp binary from the download, it works! (kinda) I mean, it runs but I'm getting the same error as the telnet app, i.e., no route to host:

    Code:
    # ./msmtp sardaukar.siet@gmail.com --host=192.168.0.12 -from root@tomato
    msmtp: cannot connect to 192.168.0.12, port 25: No route to host
    msmtp: could not send mail
    
    Output from route command:
    Code:
    # route
    Kernel IP routing table
    Destination     Gateway         Genmask         Flags Metric Ref    Use Iface
    194.79.94.16    *               255.255.255.255 UH    0      0        0 ppp0
    192.168.1.0     *               255.255.255.0   U     0      0        0 vlan1
    192.168.0.0     *               255.255.255.0   U     0      0        0 br0
    127.0.0.0       *               255.0.0.0       U     0      0        0 lo
    default         194-79-94-16.nr 0.0.0.0         UG    0      0        0 ppp0
    
    Pinging my internal mailserver:

    Code:
    # ping 192.168.0.12
    PING 192.168.0.12 (192.168.0.12): 56 data bytes
    64 bytes from 192.168.0.12: seq=0 ttl=64 time=1.086 ms
    64 bytes from 192.168.0.12: seq=1 ttl=64 time=0.879 ms
    64 bytes from 192.168.0.12: seq=2 ttl=64 time=0.886 ms
    64 bytes from 192.168.0.12: seq=3 ttl=64 time=0.861 ms
    64 bytes from 192.168.0.12: seq=4 ttl=64 time=0.889 ms
    #
    --- 192.168.0.12 ping statistics ---
    5 packets transmitted, 5 packets received, 0% packet loss
    round-trip min/avg/max = 0.861/0.920/1.086 ms
    
    I'm going nuts with this bug... :| Can anyone help?
     
  26. mstombs

    mstombs Network Guru Member

    So its not a BusyBox Telnet bug - it is a routing issue. Have a good look at output of "ifconfig" and "iptables -Lvn", "iptables -Lvn -t nat". The only things I can think that may inadvertantly hit you is the setting of the WAN IP "nat loopback" function, or the firewall script to access your modem?
     
  27. sardaukar

    sardaukar Addicted to LI Member

    Please help me out with this.

    Ifconfig:

    Code:
    # ifconfig
    br0        Link encap:Ethernet  HWaddr -REMOVED-
               inet addr:192.168.0.1  Bcast:192.168.0.255  Mask:255.255.255.0
               UP BROADCAST RUNNING MULTICAST  MTU:1500  Metric:1
               RX packets:17658899 errors:0 dropped:0 overruns:0 frame:0
               TX packets:23306401 errors:0 dropped:0 overruns:0 carrier:0
               collisions:0 txqueuelen:0 
               RX bytes:2819020472 (2.6 GiB)  TX bytes:1857604970 (1.7 GiB)
    
    eth0       Link encap:Ethernet  HWaddr -REMOVED-
               UP BROADCAST RUNNING MULTICAST  MTU:1500  Metric:1
               RX packets:39407932 errors:199 dropped:0 overruns:195 frame:195
               TX packets:38769590 errors:0 dropped:0 overruns:0 carrier:0
               collisions:0 txqueuelen:100 
               RX bytes:4291038835 (3.9 GiB)  TX bytes:2545333853 (2.3 GiB)
               Interrupt:4 Base address:0x1000 
    
    eth1       Link encap:Ethernet  HWaddr -REMOVED-
               UP BROADCAST RUNNING MULTICAST  MTU:1500  Metric:1
               RX packets:612527 errors:0 dropped:0 overruns:0 frame:564
               TX packets:1146368 errors:290 dropped:0 overruns:0 carrier:0
               collisions:0 txqueuelen:100 
               RX bytes:49099916 (46.8 MiB)  TX bytes:1579907763 (1.4 GiB)
               Interrupt:2 Base address:0x5000 
    
    lo         Link encap:Local Loopback  
               inet addr:127.0.0.1  Mask:255.0.0.0
               UP LOOPBACK RUNNING MULTICAST  MTU:16436  Metric:1
               RX packets:307 errors:0 dropped:0 overruns:0 frame:0
               TX packets:307 errors:0 dropped:0 overruns:0 carrier:0
               collisions:0 txqueuelen:0 
               RX bytes:27566 (26.9 KiB)  TX bytes:27566 (26.9 KiB)
    
    ppp0       Link encap:Point-to-Point Protocol  
               inet addr-REMOVED-  P-t-P:194.79.94.16  Mask:255.255.255.255
               UP POINTOPOINT RUNNING MULTICAST  MTU:1492  Metric:1
               RX packets:9478651 errors:0 dropped:0 overruns:0 frame:0
               TX packets:6319825 errors:0 dropped:0 overruns:0 carrier:0
               collisions:0 txqueuelen:3 
               RX bytes:1715618137 (1.5 GiB)  TX bytes:627960274 (598.8 MiB)
    
    vlan0      Link encap:Ethernet  HWaddr -REMOVED-
               UP BROADCAST RUNNING MULTICAST  MTU:1500  Metric:1
               RX packets:17049597 errors:0 dropped:0 overruns:0 frame:0
               TX packets:22187119 errors:0 dropped:0 overruns:0 carrier:0
               collisions:0 txqueuelen:0 
               RX bytes:2846988228 (2.6 GiB)  TX bytes:383908477 (366.1 MiB)
    
    vlan1      Link encap:Ethernet  HWaddr -REMOVED_
               inet addr:192.168.1.254  Bcast:192.168.1.255  Mask:255.255.255.0
               UP BROADCAST RUNNING MULTICAST  MTU:1492  Metric:1
               RX packets:22358335 errors:0 dropped:0 overruns:0 frame:0
               TX packets:16582471 errors:0 dropped:0 overruns:0 carrier:0
               collisions:0 txqueuelen:0 
               RX bytes:734707831 (700.6 MiB)  TX bytes:2161425376 (2.0 GiB)
    
    iptables output:

    Code:
    # iptables -Lvn
    iptables: No chain/target/match by that name
    # iptables -Lvn -t nat
    iptables: No chain/target/match by that name
    
    Firewall script to acces my modem:

    Code:
    /usr/sbin/iptables -I POSTROUTING -t nat -o vlan1 -d 192.168.1.0/24 -j MASQUERADE
    
    And my NAT Loopback setting in Tomato is "Forwarded Only"...
     
  28. mstombs

    mstombs Network Guru Member

    Sorry typo please use "iptables -nvL". Isn't there another command to add an IP address for modem access?
     
  29. landa

    landa LI Guru Member

    What files should i put in jffs? How to run the files trought WINSCP?
    Please help!!
     
  30. sardaukar

    sardaukar Addicted to LI Member

    Here's the correct output. Hope someone can help me with it...

    Code:
    # iptables -nvL
    Chain INPUT (policy DROP 0 packets, 0 bytes)
     pkts bytes target     prot opt in     out     source               destination         
        0     0 DROP       0    --  br0    *       0.0.0.0/0            MY_IP_REMOVED        
      221 13796 logdrop    0    --  *      *       0.0.0.0/0            0.0.0.0/0           state INVALID 
    10661 1891K ACCEPT     0    --  *      *       0.0.0.0/0            0.0.0.0/0           state RELATED,ESTABLISHED 
    12462 3793K ACCEPT     0    --  br0    *       0.0.0.0/0            0.0.0.0/0           
       26  1601 ACCEPT     0    --  lo     *       0.0.0.0/0            0.0.0.0/0           
     7984  224K ACCEPT     icmp --  *      *       0.0.0.0/0            0.0.0.0/0           
       67  3028 ACCEPT     tcp  --  *      *       0.0.0.0/0            192.168.0.1         tcp dpt:443 
        2    88 ACCEPT     tcp  --  *      *       0.0.0.0/0            192.168.0.1         tcp dpt:22 
     2605  209K logdrop    0    --  *      *       0.0.0.0/0            0.0.0.0/0           
    
    Chain FORWARD (policy DROP 0 packets, 0 bytes)
     pkts bytes target     prot opt in     out     source               destination         
    14005 9238K ACCEPT     0    --  br0    br0     0.0.0.0/0            0.0.0.0/0           
      316 21740 DROP       0    --  *      *       0.0.0.0/0            0.0.0.0/0           state INVALID 
    31578 1830K TCPMSS     tcp  --  *      *       0.0.0.0/0            0.0.0.0/0           tcp flags:0x06/0x02 tcpmss match 1453:65535 TCPMSS set 1452 
      19M   13G ACCEPT     0    --  *      *       0.0.0.0/0            0.0.0.0/0           state RELATED,ESTABLISHED 
    12175  694K wanin      0    --  ppp+   *       0.0.0.0/0            0.0.0.0/0           
    27665 1663K wanout     0    --  *      ppp+    0.0.0.0/0            0.0.0.0/0           
    27791 1669K ACCEPT     0    --  br0    *       0.0.0.0/0            0.0.0.0/0           
        0     0 upnp       0    --  ppp+   *       0.0.0.0/0            0.0.0.0/0           
    
    Chain OUTPUT (policy ACCEPT 36909 packets, 8430K bytes)
     pkts bytes target     prot opt in     out     source               destination         
    
    Chain logdrop (2 references)
     pkts bytes target     prot opt in     out     source               destination         
     2605  209K LOG        0    --  *      *       0.0.0.0/0            0.0.0.0/0           state NEW LOG flags 6 level 4 prefix `DROP ' 
     2826  223K DROP       0    --  *      *       0.0.0.0/0            0.0.0.0/0           
    
    Chain logreject (0 references)
     pkts bytes target     prot opt in     out     source               destination         
        0     0 LOG        0    --  *      *       0.0.0.0/0            0.0.0.0/0           LOG flags 6 level 4 prefix `REJECT ' 
        0     0 REJECT     tcp  --  *      *       0.0.0.0/0            0.0.0.0/0           reject-with tcp-reset 
    
    Chain upnp (1 references)
     pkts bytes target     prot opt in     out     source               destination         
    
    Chain wanin (1 references)
     pkts bytes target     prot opt in     out     source               destination         
     9422  502K ACCEPT     tcp  --  *      *       0.0.0.0/0            192.168.0.12        tcp dpts:5000:5010 
     2706  190K ACCEPT     udp  --  *      *       0.0.0.0/0            192.168.0.12        udp dpts:5000:5010 
       25  1500 ACCEPT     tcp  --  *      *       0.0.0.0/0            192.168.0.12        tcp dpt:80 
        0     0 ACCEPT     tcp  --  *      *       0.0.0.0/0            192.168.0.12        tcp dpt:443 
       12   696 ACCEPT     tcp  --  *      *       0.0.0.0/0            192.168.0.12        tcp dpt:22 
        0     0 ACCEPT     tcp  --  *      *       0.0.0.0/0            192.168.0.12        tcp dpt:5222 
       10   440 ACCEPT     tcp  --  *      *       0.0.0.0/0            192.168.0.12        tcp dpt:5269 
    
    Chain wanout (1 references)
     pkts bytes target     prot opt in     out     source               destination         
    
    
     
  31. sardaukar

    sardaukar Addicted to LI Member

    Download WinSCP and create a new connection. In the "New Connection" window, choose

    User: root
    Port: 22
    Host: yout Tomato's IP address (192.168.x.x) (both x's being numbers)
    Protocol: SCP

    You'll be logged in remotely to your Tomato. Navigate on the right pane to /jffs. And you can drag and drop files to it! Simple, right? :)
     
  32. mstombs

    mstombs Network Guru Member

    It all looks OK to me, and a lot of traffic has passed through...

    The last part of the picture, maybe there's something in POSTROUTING... please post the output of
    Code:
    iptables -nvL -t nat
    You will also find your QOS strategy implemented in
    Code:
    iptables -nvL -t mangle
    but that should only be marking/counting packets not blocking or diverting them!
     
  33. sardaukar

    sardaukar Addicted to LI Member

    Output of iptables -nvL -t nat:

    Code:
    # iptables -nvL -t nat
    Chain PREROUTING (policy ACCEPT 55515 packets, 5239K bytes)
     pkts bytes target     prot opt in     out     source               destination         
        0     0 DROP       0    --  ppp+   *       0.0.0.0/0            192.168.0.0/24      
    11370  319K DNAT       icmp --  *      *       0.0.0.0/0            EXTERNAL_IP_REMOVED        to:192.168.0.1 
      747 38376 DNAT       tcp  --  *      *       0.0.0.0/0            EXTERNAL_IP_REMOVED        tcp dpt:8080 to:192.168.0.1:443 
        4   176 DNAT       tcp  --  *      *       0.0.0.0/0            EXTERNAL_IP_REMOVED        tcp dpt:2222 to:192.168.0.1:22 
     8814  481K DNAT       tcp  --  *      *       0.0.0.0/0            EXTERNAL_IP_REMOVED        tcp dpts:5000:5010 to:192.168.0.12 
     1518  127K DNAT       udp  --  *      *       0.0.0.0/0            EXTERNAL_IP_REMOVED        udp dpts:5000:5010 to:192.168.0.12 
      501 26268 DNAT       tcp  --  *      *       0.0.0.0/0            EXTERNAL_IP_REMOVED        tcp dpt:80 to:192.168.0.12:80 
        0     0 DNAT       tcp  --  *      *       0.0.0.0/0            EXTERNAL_IP_REMOVED        tcp dpt:443 to:192.168.0.12:443 
       12   696 DNAT       tcp  --  *      *       0.0.0.0/0            EXTERNAL_IP_REMOVED        tcp dpt:22 to:192.168.0.12:22 
        0     0 DNAT       tcp  --  *      *       0.0.0.0/0            EXTERNAL_IP_REMOVED        tcp dpt:5222 to:192.168.0.12:5222 
       16   704 DNAT       tcp  --  *      *       0.0.0.0/0            EXTERNAL_IP_REMOVED        tcp dpt:5269 to:192.168.0.12:5269 
     2254  164K upnp       0    --  ppp+   *       0.0.0.0/0            0.0.0.0/0           
    
    Chain POSTROUTING (policy ACCEPT 12179 packets, 1095K bytes)
     pkts bytes target     prot opt in     out     source               destination         
      126  6552 MASQUERADE  0    --  *      vlan1   0.0.0.0/0            192.168.1.0/24      
       66  3960 SNAT       tcp  --  *      *       192.168.0.0/24       192.168.0.12        tcp dpts:5000:5010 to:192.168.0.1 
        0     0 SNAT       udp  --  *      *       192.168.0.0/24       192.168.0.12        udp dpts:5000:5010 to:192.168.0.1 
      474 24648 SNAT       tcp  --  *      *       192.168.0.0/24       192.168.0.12        tcp dpt:80 to:192.168.0.1 
        0     0 SNAT       tcp  --  *      *       192.168.0.0/24       192.168.0.12        tcp dpt:443 to:192.168.0.1 
        0     0 SNAT       tcp  --  *      *       192.168.0.0/24       192.168.0.12        tcp dpt:22 to:192.168.0.1 
        0     0 SNAT       tcp  --  *      *       192.168.0.0/24       192.168.0.12        tcp dpt:5222 to:192.168.0.1 
        0     0 SNAT       tcp  --  *      *       192.168.0.0/24       192.168.0.12        tcp dpt:5269 to:192.168.0.1 
    19531 1197K MASQUERADE  0    --  *      ppp+    0.0.0.0/0            0.0.0.0/0           
    
    Chain OUTPUT (policy ACCEPT 2598 packets, 534K bytes)
     pkts bytes target     prot opt in     out     source               destination         
    
    Chain upnp (1 references)
     pkts bytes target     prot opt in     out     source               destination         
        5   232 DNAT       udp  --  *      *       0.0.0.0/0            EXTERNAL_IP_REMOVED        udp dpt:25911 to:192.168.0.66 
        2   100 DNAT       tcp  --  *      *       0.0.0.0/0            EXTERNAL_IP_REMOVED        tcp dpt:25911 to:192.168.0.66 
    
    I've been doing a lot of traffic lately :D
     
  34. mstombs

    mstombs Network Guru Member

    Sorry I can't see anything wrong, on my system I get "connection refused" when trying to access a local mail server (machine exists but doesn't have service running). I do not see anything blocking the router accessing the Lan or why ping packets are different to tcp port 25!
     
  35. sardaukar

    sardaukar Addicted to LI Member

    Thanks for looking. Guess I should file a bug? If so... where?
     
  36. SgtPepperKSU

    SgtPepperKSU Network Guru Member

    You can try to find what stage in the process the packets are getting dropped by adding logging to the iptables chains (I added it to all of them here, even the ones that it shouldn't traverse). Add these to your firewall script, reboot, and try the commands that are failing:
    Code:
    iptables -t filter -I INPUT -d 192.168.0.12 -j LOG --log-prefix "FINPUT "
    iptables -t filter -I FORWARD -d 192.168.0.12 -j LOG --log-prefix "FFORWARD "
    iptables -t filter -I OUTPUT -d 192.168.0.12 -j LOG --log-prefix "FOUTPUT "
    iptables -t filter -I upnp -d 192.168.0.12 -j LOG --log-prefix "Fupnp "
    iptables -t filter -I wanin -d 192.168.0.12 -j LOG --log-prefix "Fwanin "
    iptables -t filter -I wanout -d 192.168.0.12 -j LOG --log-prefix "Fwanout "
    iptables -t mangle -I PREROUTING -d 192.168.0.12 -j LOG --log-prefix "MPREROUTING "
    iptables -t mangle -I INPUT -d 192.168.0.12 -j LOG --log-prefix "MINPUT "
    iptables -t mangle -I FORWARD -d 192.168.0.12 -j LOG --log-prefix "MFORWARD "
    iptables -t mangle -I OUTPUT -d 192.168.0.12 -j LOG --log-prefix "MOUTPUT "
    iptables -t mangle -I POSTROUTING -d 192.168.0.12 -j LOG --log-prefix "MPOSTROUTING "
    iptables -t nat -I PREROUTING -d 192.168.0.12 -j LOG --log-prefix "NPREROUTING "
    iptables -t nat -I POSTROUTING -d 192.168.0.12 -j LOG --log-prefix "NPOSTROUTING "
    iptables -t nat -I OUTPUT -d 192.168.0.12 -j LOG --log-prefix "NOUTPUT "
    iptables -t nat -I upnp -d 192.168.0.12 -j LOG --log-prefix "Nupnp "
    
     
  37. sardaukar

    sardaukar Addicted to LI Member

    Here's the log contents after grep-ing for "DPT=25"

    Code:
    May  9 01:43:49 tomato kernel: FOUTPUT IN= OUT=br0 SRC=192.168.0.1 DST=192.168.0.12 LEN=60 TOS=0x00 PREC=0x00 TTL=64 ID=0 DF PROTO=TCP SPT=2051 DPT=25 WINDOW=5840 RES=0x00 SYN URGP=0
    May  9 01:43:49 tomato kernel: MPOSTROUTING IN= OUT=br0 SRC=192.168.0.1 DST=192.168.0.12 LEN=60 TOS=0x00 PREC=0x00 TTL=64 ID=33800 DF PROTO=TCP SPT=2051 DPT=25 WINDOW=5840 RES=0x00 SYN URGP=0
    May  9 01:43:49 tomato kernel: NPOSTROUTING IN= OUT=br0 SRC=192.168.0.1 DST=192.168.0.12 LEN=60 TOS=0x00 PREC=0x00 TTL=64 ID=33800 DF PROTO=TCP SPT=2051 DPT=25 WINDOW=5840 RES=0x00 SYN URGP=0
    
     
  38. SgtPepperKSU

    SgtPepperKSU Network Guru Member

    It's at least getting to the last chain, so now we'll test if it's getting through that chain. Change it to:
    Code:
    iptables -t nat -I POSTROUTING -p tcp -d 192.168.0.12 --dport 25 -j LOG --log-prefix "BEGINNPOST "
    iptables -t nat -A POSTROUTING -p tcp -d 192.168.0.12 --dport 25 -j LOG --log-prefix "ENDNPOST "
    
    If you get both of these messages showing up, then it packets have made it through all of the routing/firewall software and should be heading out on the LAN interface...
     
  39. sardaukar

    sardaukar Addicted to LI Member

    I replaced the previous firewall script with this one and am getting nothing on grep DTP=25 now...
     
  40. SgtPepperKSU

    SgtPepperKSU Network Guru Member

    It's DPT (I don't know whether to typo also occurred in your grep), but you shouldn't need to do any grepping - I added --dport to the specification.

    EDIT: I forgot that if you specify the port, you have to specify the protocol. Add " -p tcp" after "POSTROUTING" on each rule (updated in previous post).
     
  41. MrSVT

    MrSVT LI Guru Member

    Many thanks bico.

    I got it working. I had to change the script a bit but it works!

    Code:
    DATETIME="`date`"
    
    MAILERNAME="mailer"
    MAILERVERSION="1.0"
    
    DELAY=2
    DOMAINNAME="My domain name"
    MAILSERVERNAME="my ISP mail server name"
    MAILSERVERPORT=25
    
    FROM="wrt54lg_tomato@MyDomainName"
    MESSAGE="Router's ip address changed:"
    SUBJECT="HOME IP Address changed"
    TO="MyEmailAddress"
    
      if (
        sleep $DELAY
        echo "HELO $DOMAINNAME"
        sleep $DELAY
        echo "MAIL FROM: $FROM"
        sleep $DELAY
        echo "RCPT TO: $TO"
        sleep $DELAY
        echo "DATA"
        sleep $DELAY
        echo "Date: $DATETIME"
        echo "From: $FROM"
        echo "To: $TO"
        echo "Subject: $SUBJECT"
        echo "X-Mailer: $MAILERNAME $MAILERVERSION"
        echo ""
        echo "$MESSAGE"
        ifconfig ppp0 |grep inet
        echo "."
        sleep $DELAY
        echo "QUIT"
        sleep $DELAY
      ) | telnet $MAILSERVERNAME $MAILSERVERPORT; then
        :
      else
        logger local7.warning -t "..." "WARNING: ..."
      fi
    
     
  42. sardaukar

    sardaukar Addicted to LI Member

    Ok, after correcting the firewall script I get this on the logs:

    Code:
    May  9 13:22:26 tomato kernel: BEGINNPOST IN= OUT=br0 SRC=192.168.0.1 DST=192.168.0.12 LEN=60 TOS=0x00 PREC=0x00 TTL=64 ID=53488 DF PROTO=TCP SPT=2051 DPT=25 WINDOW=5840 RES=0x00 SYN URGP=0 
    May  9 13:22:26 tomato kernel: ENDNPOST IN= OUT=br0 SRC=192.168.0.1 DST=192.168.0.12 LEN=60 TOS=0x00 PREC=0x00 TTL=64 ID=53488 DF PROTO=TCP SPT=2051 DPT=25 WINDOW=5840 RES=0x00 SYN URGP=0
    
    Thanks for your continued support with this :thumbup:
     
  43. SgtPepperKSU

    SgtPepperKSU Network Guru Member

    Don't thank me too soon :wink:! I'll I've done is confirm that all the routing/firewalling on the router seeds to be working fine.

    Have you tried a reflash and thorough NVRAM erase? If so, the only other thing I can think of is to run traffic capturing/analyzing software on your server to see if the packets really are getting there.
     
  44. sardaukar

    sardaukar Addicted to LI Member

    I must confess I did not clear the NVRAM when I flashed the router :biggrin: it all worked so well, using Linksys' firmware previous settings, that I thought it wasn't necessary in my case...

    So, in order to do it, I just have to backup my current Tomato config, do it, and then restore it?
     
  45. SgtPepperKSU

    SgtPepperKSU Network Guru Member

    Bizarre, not immediately apparent problems are exactly what people see from nvram/upgrade problems. I really don't see how some of the things people (including myself) have experienced can be caused by that, but they sure seem to.
    No, unfortunately, the only safe way is to reconfigure manually. You can save an nvram dump (nvram show from ssh/telnet shell), and refer to it to see what to put in the different fields, but not directly restore it. Others have used firefox plugins (called "Scrapbook" or similar) to save the configuration pages so they could see their old settings.
     
  46. sardaukar

    sardaukar Addicted to LI Member

    So, backing up the configuration has no purpose? :confused:

    If I clear the NVRAM and reboot, what will happen to prevent me from restoring a stored configuration backup?
     
  47. SgtPepperKSU

    SgtPepperKSU Network Guru Member

    Given the problems people have had, I can't think of a use-case where people should use it.

    Nothing would stop you, but it could just bring your probably right back. You could try backing up, wiping, and restoring first. Then if your problem comes back, configure manually.
     
  48. sardaukar

    sardaukar Addicted to LI Member

    Tried clearing the NVRAM and restoring from backup, still can't telnet to inside my LAN. Guess I'll try the "hard" way :rolleyes:
     
  49. landa

    landa LI Guru Member

    Thanks for the script. After several attempts I managed to install msmtp on the sd card. And with some modification, the result is cool!
     

    Attached Files:

Share This Page