Kitz Forum
Broadband Related => Broadband Hardware => Topic started by: banger on July 11, 2017, 09:42:39 PM
-
There does not seem to be a way to set system time on this router when in bridge mode. Is there a way to get into the root shell and issue date command that way as ntp cannot connect in bridge mode?
-
After searching the site I found http://forum.kitz.co.uk/index.php/topic,19186.0.html and it has the very useful supervisor password so I have written a script to update time/date from the supervisor shell. Should have just searched the site in the first place.
Took me a while to work out the time and date format to set it.
-
Took me a while to work out the time and date format to set it.
Any chance of a little more info please ;D
-
set oShell = CreateObject("WScript.Shell")
oShell.run("Telnet")
WScript.Sleep 1000
oShell.SendKeys("Open 192.168.2.10 ")
WScript.Sleep 1000
oShell.SendKeys("{Enter}")
WScript.Sleep 1000
oShell.SendKeys"supervisor"
WScript.Sleep 1000
oShell.SendKeys("{Enter}")
WScript.Sleep 1000
oShell.SendKeys("zyad1234")
WScript.Sleep 1000
oShell.SendKeys("{Enter}")
WScript.Sleep 1000
oShell.SendKeys("sh")
WScript.Sleep 1000
oShell.SendKeys("{Enter}")
WScript.Sleep 1000
oShell.SendKeys("date 201707112332")
WScript.Sleep 1000
oShell.SendKeys("{Enter}")
WScript.Sleep 1000
oShell.SendKeys("exit")
WScript.Sleep 1000
oShell.SendKeys("{Enter}")
WScript.Sleep 1000
oShell.SendKeys("{Enter}")
WScript.Sleep 1000
oShell.SendKeys("quit")
WScript.Sleep 1000
oShell.SendKeys("{Enter}")
WScript.Sleep 1000
oShell.SendKeys("{Enter}")
WScript.Sleep 1000
oShell.SendKeys("quit")
WScript.Sleep 1000
oShell.SendKeys("{Enter}")
Above is a script to set the date and time on a Win 10 machine if you can follow scripts you know what it does. Time format is in yyyymmddhhmmss. I contacted ZyXEL support and they asked me why I needed the time to be correct in bridge mode. Haha, I suppose they are right only thing is log entries are incorrect time.
Any more info give me a yell?
-
Not to be rude but do we really need a new thread for each issue you have? Can't you keep it all in one thread?
-
Cheers....
date 201707112332
with a preceding "sh"
Ian
-
Yes to get into the supervisor shell. :)
-
Not to be rude but do we really need a new thread for each issue you have? Can't you keep it all in one thread?
I didn't have a scooby about this issue but could make some comment about IPv6. If the topics had been combined and this had been the first issue raised in the topic I likely would have ignored new posts in the topic about IPv6 assuming they were still about time and bridge mode. So there is a point in raising a separate topic for each issue - unless ALL the issues to be discussed in the topic are in the initial post.
-
ZyXEL support came back with this answer but it doesnt seem to work!
did you tried already putting a IP address instead of DNS name for NTP?
Like:
Name: 0.pool.ntp.org
Addresses: 5.189.146.13
80.190.97.205
185.183.156.211
213.95.200.109
-
This is a sort of third-world issue, of little importance. I'm just curious.
In my VMG1312-B10A, bridged with access to stats over
a second wire, ps shows the line:
sntp -s pool.ntp.org -s time.nist.gov -s ntp1.tummy.com -t CET-1
As far as I can see, there is no dns defined or available, so no time
synchronisation will ever happen. However, ssh'd into the modem, I can ping
things on my lan, like the router, that I thought was the LAN's gateway to the
internet.
So is there not some simple way to explain to the bridged modem that
IP addresses in the public internet will be dealt with via the
non-pppoe wire to the router (and btw DNS is at 8.8.8.8)?
If the question is stupid, forgive me. I'm an ignoramus.
-
If it's a stupid question then it's one I also asked and played around with until I got a working solution, albeit on a ZyXel 8924-B10A. I don't know how things differ in the VMG1312-B10A, but I would think the approach could be the same.
On my modem I couldn't see any way to add a DNS server so I took the approach of configuring the IP address of the NTP servers rather than their names. So in my case I see this:
~ # ps | grep ntp
18807 supervis 1412 S sntp -s 87.124.126.49 -s 193.150.34.2 -s 178.79.152.182 -t GMT0BST,M3.5.0/1:0,M10.5.0/1:0
For the modem to get to the Internet and the NTP servers it obviously needs appropriate routes added. I wanted to use a default route (0.0.0.0/0) but got the error 'Destination address is invalid IPv4 address' so in the end I simply added specific routes for each of the NTP servers:
~ # ip route show
178.79.152.182 via 192.168.1.1 dev br0
87.124.126.49 via 192.168.1.1 dev br0
193.150.34.2 via 192.168.1.1 dev br0
[snip]
The interface name that each route uses is that which you use to reach the LAN.
Whilst this works and the time is correct, the timezone is still showing UTC rather than the GMT/BST as specified. Presumably this will adjust for daylight savings, but I'll find out for sure in a couple of weeks.
Screen shots of the NTP and routing configuration are attached, although they may be different on your modem.
-
Thanks for that explanation and pics smf22 trying this now on my VMG1312-B10A.
Hmm trying to PING the NTP server doesn't seem to work and using NSLOOKUP gives
Server: localhost
Address 1: 127.0.0.1 localhost
Name: 178.79.152.182
Address 1: 178.79.152.182
----NsLookup end----
-
Is smf22 using bridge mode though? That's where the problem lies.
-
Good question John, I even added a DNS entry for 192.168.1.1 for my gateway but NSLookup still says the same as above.
-
Is smf22 using bridge mode though? That's where the problem lies.
Yes I am using bridge mode. And your question has prompted me to include a signature with my setup. Hope you don't mind me stealing yours ;)
@banger: Where you're going wrong is expecting the modem to be able to resolve the NTP server IP address. As I mentioned, I couldn't find anywhere that would allow me to add a DNS server to the ZyXel configuration, so as I saw it there were two options:
- Configure the NTP server IP address in the ZyXel 'Time' settings so there is no DNS lookup
- Add the NTP server name and IP address to the /etc/hosts file so the IP is locally resolved
I chose the first option and hence the three IP addresses, 87.124.126.49, 193.150.34.2 and 178.79.152.182, seen in the 'ps' output and in the modem configuration picture. This is the main difference to the configuration where the NTP server is defined as a name e.g., pool.ntp.org, time.nist.gov and ntp1.tummy.com as seen in the 'ps' output that 22over7 included here (http://forum.kitz.co.uk/index.php/topic,19966.msg356868.html#msg356868).
But there's one crucial step I omitted from my previous post. As @banger said he couldn't ping the NTP server I thought I'd capture this to include in the post. When I did this I found the following:
~ # ping 193.150.34.2
PING 193.150.34.2 (193.150.34.2): 56 data bytes
Request timed out
Request timed out
Request timed out
Request timed out
--- 193.150.34.2 ping statistics ---
4 packets transmitted, 0 packets received, 100% packet loss
Running a packet capture on my router I could see the ping 'echo request' being sent by the ZyXel and the 'echo reply' from the NTP server.
smf22@erx1:~$ sudo tcpdump -n -i switch0.101 host 192.168.1.250 and icmp
tcpdump: verbose output suppressed, use -v or -vv for full protocol decode
listening on switch0.101, link-type EN10MB (Ethernet), capture size 262144 bytes
08:21:31.450801 IP 192.168.1.250 > 193.150.34.2: ICMP echo request, id 22173, seq 0, length 64
08:21:31.459912 IP 193.150.34.2 > 192.168.1.250: ICMP echo reply, id 22173, seq 0, length 64
08:21:32.450075 IP 192.168.1.250 > 193.150.34.2: ICMP echo request, id 22173, seq 1, length 64
08:21:32.459362 IP 193.150.34.2 > 192.168.1.250: ICMP echo reply, id 22173, seq 1, length 64
08:21:33.449793 IP 192.168.1.250 > 193.150.34.2: ICMP echo request, id 22173, seq 2, length 64
08:21:33.459116 IP 193.150.34.2 > 192.168.1.250: ICMP echo reply, id 22173, seq 2, length 64
08:21:34.449449 IP 192.168.1.250 > 193.150.34.2: ICMP echo request, id 22173, seq 3, length 64
08:21:34.458591 IP 193.150.34.2 > 192.168.1.250: ICMP echo reply, id 22173, seq 3, length 64
This was when I remembered that I'd previously disabled the firewall on the ZyXel. This shouldn't be done if using the device as a router, but it's fine in bridge mode where the LAN interface is behind a firewall. Oddly enough when I checked this I found the firewall disabled just as I'd left it. On the off chance I re-enabled and disabled it and then found that ping worked again:
~ # ping 193.150.34.2
PING 193.150.34.2 (193.150.34.2): 56 data bytes
64 bytes from 193.150.34.2: seq=0 ttl=54 time=9.723 ms
64 bytes from 193.150.34.2: seq=1 ttl=54 time=9.505 ms
64 bytes from 193.150.34.2: seq=2 ttl=54 time=10.004 ms
64 bytes from 193.150.34.2: seq=3 ttl=54 time=9.750 ms
--- 193.150.34.2 ping statistics ---
4 packets transmitted, 4 packets received, 0% packet loss
round-trip min/avg/max = 9.505/9.745/10.004 ms
And if I run another packet capture on my router I also see NTP packets between the ZyXel and the configured NTP servers:
smf22@erx1:~$ sudo tcpdump -n -i switch0.101 host 192.168.1.250 and udp
tcpdump: verbose output suppressed, use -v or -vv for full protocol decode
listening on switch0.101, link-type EN10MB (Ethernet), capture size 262144 bytes
08:23:09.831705 IP 192.168.1.250.39521 > 87.124.126.49.123: NTPv3, Client, length 48
08:23:09.851436 IP 87.124.126.49.123 > 192.168.1.250.39521: NTPv3, Server, length 48
08:23:10.837461 IP 192.168.1.250.45917 > 193.150.34.2.123: NTPv3, Client, length 48
08:23:10.847203 IP 193.150.34.2.123 > 192.168.1.250.45917: NTPv3, Server, length 48
08:23:11.839234 IP 192.168.1.250.40163 > 178.79.152.182.123: NTPv3, Client, length 48
08:23:11.848962 IP 178.79.152.182.123 > 192.168.1.250.40163: NTPv3, Server, length 48
08:23:27.838023 IP 192.168.1.250.53311 > 87.124.126.49.123: NTPv3, Client, length 48
08:23:27.857350 IP 87.124.126.49.123 > 192.168.1.250.53311: NTPv3, Server, length 48
So in summary:
- In the ZyXel 'Time' configuration, instead of using the NTP servers listed in the 'drop down', select 'Other' and configure the IP address of your chosen NTP servers.
- In the 'routing' configuration define a static route for each of your chosen NTP server IP addresses.
- Disable the IPv4 firewall
So things do work as I (eventually) described, but given what I found this morning, it does appear to stop working after a period. Another something to keep an eye on.
-
Regarding smf2s's difficulty in setting a default route, I looked for strings in the busybox executable,
and saw:
[[ip route add default via %gateway% dev %iface%]]
Then I crossed my fingers and typed something like
ip route add default via 192.168.1.254 dev br0
and got with no complaint. Then
~
# ip route show
192.168.2.0/24 dev br1 proto kernel scope link src 192.168.2.1
192.168.1.0/24 dev br0 proto kernel scope link src 192.168.1.3
default via 192.168.1.254 dev br0
I wonder, cluelessly, what I am missing to ping or traceroute 8.8.8.8?
I can't say I'm gagging to learn about running tcpdump on my router.
Should I disable the firewall?
I can still ping the router at 192.168.1.254 and other 192.168.1.* addresses.
-
I tried the 3 steps on my VMG1312 with firewall turned off but no joy. Maybe the firewall isn't actually turning off on the 1312 as ping just seems to get lost.
-
I had a little more luck than @banger.
Seeing a post at http://notes.asd.me.uk/2015/10/06/zyxel-vmg1312-b10a/ (http://notes.asd.me.uk/2015/10/06/zyxel-vmg1312-b10a/),
I tried (with a default route set):
>
~ # iptables -F LAN_ONLY_INPUT
~ # iptables -F LAN_ONLY_FORWARD
The result:
~ # ping 8.8.8.8
PING 8.8.8.8 (8.8.8.8): 56 data bytes
64 bytes from 8.8.8.8: seq=0 ttl=58 time=17.913 ms
64 bytes from 8.8.8.8: seq=1 ttl=58 time=17.604 ms
64 bytes from 8.8.8.8: seq=2 ttl=58 time=17.800 ms
^C
I've no idea if it's possible to set this up permanently.
Is there for sure absolutely no way of telling the (bridged) modem
where a name-server can be found?
UPDATE: as for DNS, my router has some sort of name service. I found if
I said echo nameserver 192.168.1.254 > /var/fyi/sys/dnsthat I could resolve www.bbc.co.uk
~ # ping www.bbc.co.uk
PING www.bbc.co.uk (212.58.246.94): 56 data bytes
64 bytes from 212.58.246.94: seq=0 ttl=55 time=18.832 ms
I suppose it's conceivable the ntp demon will now do something.
-
Thanks for posting your success. I was also looking yesterday at the iptables configuration and whether there was any way to make this persistent and survive reboots. In Linux there's a command iptables-save but that doesn't seem to exist on my VMG8924.
When I was looking to set DNS server address I was hoping to find a way to do this through the GUI. I'm more than comfortable and actually prefer the CLI, but wasn't sure whether any changes made to files such as /var/fyi/sys/dns (with symbolic link to /etc/resolv.conf) would be overwritten at reboot etc.
-
I tried (with a default route set):
>
~ # iptables -F LAN_ONLY_INPUT
~ # iptables -F LAN_ONLY_FORWARD
Just a brief comment to mention that the -F flag flushes the following named chain. The end result is that all rules have been deleted, one by one, for the two chains. (Not knowing what were the original rules, I have no idea if you have reduced the firewall to nothing.)
However I suspect that you do know what you are doing! ;)
-
Thanks Burakkucat. In this context and use case i.e., the ZyXel in bridge mode with its IP address configured on a second LAN facing interface and bridge group, disabling the firewall shouldn't be too much of a concern. The router 'in front' of that LAN facing IP should (hopefully) be providing the necessary security services i.e., configured and operating as the firewall.
I've been looking for how the iptables configuration is saved on the ZyXel as then it would simply be a case of inserting new rules, or creating new chains and rules as required for the duties it performs as a bridge modem. No luck as yet.... and at this stage I've not wanted to reboot to test whether changes are saved. Think I'll make the changes and wait for the next power failure as they're fairly regular these days :'(
-
Think I'll make the changes and wait for the next power failure as they're fairly regular these days :'(
I will be interested to read the outcome of that test.
-
Burakkucat:
However I suspect that you do know what you are doing! ;)
I suspect you suspect, rightly, nothing of the kind.
I'm unsure what the security risk is. iptables -L still shows a lot
of complicated stuff, whose meaning is unclear to me.
It seems obvious that someone who guessed or somehow observed unencrypted passwords
on my wifi traffic could wreak all kinds of havoc, if they had the energy.
-
Just tried this on my VMG1312-B10A and had success.
I did the following...
Resolve the NTP servers hostname. 0.uk.pool.ntp.org to 87.124.126.49
Under the time menu, select "other" for the NTP server and enter the resolved I.P from above.
Disable the firewall.
Add a static route like so:
Active: check
Name: NTP1
IPV4
Destination IP: Resolved IP from above
Subnet Mask: 255.255.255.255
Use Gateway: Enable
Gateway: Your routers I.P (192.168.1.2)
Interface: Default/Bro
I had followed smf22's guide exactly and it wouldn't work. I tried changing the Static route from Gateway: 192.168.1.1 (which my Zyxel uses) to my routers I.P of 192.168.1.2 and it would suddenly ping the NTP server. Returning to the Time window I could see the time was finally correct.
-
Just tried this on my VMG1312-B10A and had success.
I did the following...
Resolve the NTP servers hostname. 0.uk.pool.ntp.org to 87.124.126.49
Under the time menu, select "other" for the NTP server and enter the resolved I.P from above.
Disable the firewall.
Add a static route like so:
Active: check
Name: NTP1
IPV4
Destination IP: Resolved IP from above
Subnet Mask: 255.255.255.255
Use Gateway: Enable
Gateway: Your routers I.P (192.168.1.2)
Interface: Default/Bro
I had followed smf22's guide exactly and it wouldn't work. I tried changing the Static route from Gateway: 192.168.1.1 (which my Zyxel uses) to my routers I.P of 192.168.1.2 and it would suddenly ping the NTP server. Returning to the Time window I could see the time was finally correct.
thanks, just tried this and it worked.
-
thanks, just tried this and it worked.
Ditto.
I have a Negear Orbi router connected to my VMG1312-B10A and still had the Orbi and attached devicees on a seaparte 10.0.0.x subnet and was having no joy.
It took me an hour or so to twig that both the router and modem needed to be on the same subnet and lo and behold the NTP link worked.
Pretty obvious after the event, so just posting in case somene else has had a similar problem.
Thanks j0hn and chenks. Wouldn't have got their without your postings.