1. This site uses cookies. By continuing to use this site, you are agreeing to our use of cookies. Learn More.

Toggling access restrictions using scripts/telnet...

Discussion in 'Tomato Firmware' started by davecla, Feb 4, 2008.

  1. davecla

    davecla LI Guru Member

    I've just installed Tomato 1.15 tonight and it looks great. :)

    I've set up "Access Restrictions" so I can toggle my kid’s internet access. From the GUI this is all straight forward.
    What I'd "really" like to do is to be able to enable and disable their access based on a telnet (or ssh) script from my windows PC.
    eg:

    1. Run script or command and they can access internet, perhaps turn on the led on the front of the router so I remember.
    2. Run another script to turn access off.
    3. Even better, add a cron job to turn it off access each night if I forget.

    Can anyone give me some pointers? I get the impression it must be doable, but I can’t find an idiots guide.

    Thanks in advance - Dave
     
  2. m078

    m078 LI Guru Member

    Why don't you just use the time period in the Tomato GUI to turn it on and off?
    Or did I misunderstand what you are trying to do?
     
  3. davecla

    davecla LI Guru Member

    I want to be able to turn it on and off a will, but without using the tomato GUI.

    Basically, kids want to use their PC's on the internet, turn their access on, when their time is up turn it off.

    They cant use the internet without Mum or Dad enabling it for them.

    Once its scripted I can set timed access etc. Want to make it easy as possiple so wife can manage when I'm not here.
     
  4. PeterT

    PeterT Network Guru Member

    I'm not an expert but... from what I can see, all that happens when the rule goes into effect is that an iptables command is issued

    To ACTIVATE the restriction
    iptables -A restrict -j <name of iptables chain for that rule>

    To DEACTIVATE the restriction
    iptables -D restrict -j <name of iptables chain for that rule>

    where the <name of iptables chain for that rule> is rdev00 for rule 1, rdev01 for rule 2 etc.

    So all you need is to create scripts to use the iptables command :)
     
  5. HennieM

    HennieM Network Guru Member

    Dave

    Just to be clear:
    1) Under access restrictions, you can put a rule that you define, on a schedule. I.e. Rule1: between 16:00 and 18:00 on Wednesdays, allow internet access to computer x and y, but disallow computer x and y at any other time.
    Rule2: between 14:00 and 15:00 on Mondays and Tuesdays, allow internet access to computer x and z.
    Rule3: etc.
    Rule4: etc.

    These rules would then be executed/applied by your router automatically at those times; i.e. after you've set up the rule(s) via the web interface of the router, you don't have to go into the router again (via the web interface or any other interface) to apply the rule, provided that your router's time is correct.

    2) If you have setup access rules, but made those rules apply "all day" and "every day", and you thus want to manually enable (or disable) the rule by clicking the "enable" check box for that rule, then you might want to consider:

    I don't know if this is available for Windoze, but a program called "wget" exists for Unix like systems, which is sort of a "scripted" browser interface - You run the wget script, which you programmed do do what you would have done manually in your browser. Maybe google for "wget for Windows"?

    3) If you want to use PeterT's idea, where:
    i) you set up rules like in (2) [all day/every day]
    ii) you make those rules active/inactive by manupilating the iptables command directly

    you should:
    3.1) figure out how exactly to activate or deactivate the iptables rule on the router. Do this by sshing or telnetting into a shell in the router, and then experimenting with the iptables command. [BTW, whether you telnet or ssh into the router, you get the same "shell" or command line interface].
    3.2) Once you know what exactly must be done on the router, google for "execute script via Windows telnet" or something like that, which might give you ideas of what the script must look like that you run on your Windows PC. [Here a VB script example (which seems rather complicated to me) http://www.visualbasicscript.com/m_38306/tm.htm ]

    The chain would thus be:
    execute script (or batch file) on Windows PC
    which then connects to the router (via telnet or putty or whatever)
    and executes a Linux shell script on the router
    which executes specific iptables commands

    Hope this helps.
     
  6. davecla

    davecla LI Guru Member

    Thanks for that

    It looks like IPTABLES is what I need to master.

    Running the IPTABLES command from the telnet or ssh session from a windows box will be the easy bit (for me)

    Its just figuring out the IPTABLES syntax that I need to understand.

    If I have two IP addresses (or mac address) to block fully something like:

    IPTABLES -I OUTPUT 1 -d 10.0.0.100 -j DROP
    IPTABLES -I OUTPUT 1 -d 10.0.0.101 -j DROP

    and then

    IPTABLES -I OUTPUT 1 -d 10.0.0.100 -j ALLOW
    IPTABLES -I OUTPUT 1 -d 10.0.0.101 -j ALLOW

    ?

    Thanks for your interest.

    Dave
     
  7. mstombs

    mstombs Network Guru Member

    gnu wget is available for windows

    There's a windows telnet scripter in here

    http://www.neolics.com/index.php?s=software

    (linux users have expect)

    To block internet access from your 2 source IPs you need to block forwarding ie

    iptables -I FORWARD -s 10.0.0.100 -j DROP

    and to remove this rule

    iptables -D FORWARD -s 10.0.0.100 -j DROP
     

Share This Page