Print

Please login or register.
1 Hour 1 Day 1 Week 1 Month Forever
Login with username, password and session length

[npr]

The DLM on my line doesn't know those rules.
Aluminium wires don't help. 

I can confirm after a reboot, my HG635 remains stealth on all the first 1055 ports.
Router running standard firmware v1.04t with your first config file, remote management port previously changed to 7574.

[les-70]

  The new files are based on that original file starting point with the 7574 port and TR069 enable changes made.   I will wait until someone tries them.   From my tests I think it must be order in which edits are made that can cause things to go wrong.  It may be to do with changing the remote management port on a connection that does not have TR069 enabled - or the other way round!


 I also changed the base IP in one and added  under "connection mode" fibre a pppoe  connection for the wan.  This allows the use of another modem which has helped me test things by allowing experiments and reboots without an actual modem resync.  If you were using that option it is however most unlikely that you would want telnet. 

  PS I find the HG635, like other modems with the same chipset, gives more errors than an HG612, that may be an issue if you have a poor line.

[kitzuser87430]

my HG635 is running the full open source firmware

Interesting; any info on how to do this.

Ian

[les-70]

  Start reading from http://forum.kitz.co.uk/index.php?topic=14185.msg271959#msg271959    !   I would not recommend try it unless someone can get a copy of the official firmware image out of a HG635 via telnet.    Without the official image there is no going back!!   

[npr]

Someone who can work with iptables ought to be able to sort this all out via the telnet.  Update ==  it is report that provided TR069 is enabled the WAN ping and setting to TBB works via adding it to the acl.

The following iptables rule will allow TBB ping graph with TR069 disabled.

su
iptables -I INPUT_SERVICE_ACL 1 -p icmp --icmp-type echo-request -j ACCEPT

The iptable rules in the ACL section of the firewall can be viewed with the following.

su
iptables -L INPUT_SERVICE_ACL --line-numbers

Note: "su" is only needed once in a session.
If you make a mistake with this, a reboot restores the original settings.
So far I can't find a way to save these settings, they are lost on a reboot.
There's no iptables-save command -- any ideas anyone?

[kitzuser87430]

Hmmm..

When i try

iptables -L INPUT_SERVICE_ACL --line-numbers

I get an error "Permission denied:You must be root"

I am also having trouble reading/writing my USB device from the putty shell....I cannot cd into the mount point???

Also digging and testing today. I have always unchecked the checkbox "Enable remote management"  on the http://192.168.1.1html/advance.html#tr069 page.

But have had to check the tr069 checkbox on the wan page (see attached piccy)this then enabled pings on the wan and port 7547 is stealth.

IAn

[npr]

Sorry I should have added, issue su to become root.

If I disable remote management the port 7574 is stealth.
If you allow pings the shieldsup will report the test as failed due to "Ping Reply: RECEIVED (FAILED)"

[kitzuser87430]

If you allow pings the shieldsup will report the test as failed

Yep....that is why i have two acl's on my firewall

Job done.

su

damn....I tried sudo not su

Ian

[npr]

The default ACL config only has 3 rule and all are access direction LAN.
See my screen capture here:
http://npr.me.uk/hg635.html

You appear the have at least 3 in the WAN direction --- are you sure you need those?

[kitzuser87430]

are you sure you need those?

No....I deleted the WAN HTTP acl that was not needed; the other 2 ICMP (WAN) acl's only allow ping's from my monitoring websites IP addresses, so these are required.

Ian

[npr]

Not surprisingly I've bricked the HG635 while experimenting with telnet, not exactly sure but I may have corrupted the "/etc/init.d/rcS" file.
Power light was on red, no other signs of life.

The good news is I've managed to restore it by installing one of the image files referred to earlier in this thread. This is how I did it:

1) starting with the router powered off
2) place the PC's ethernet port on a static IP address (I used 192.168.1.100)
3) press the routers reset button with a paperclip holding it in for about ten seconds while the router powers up.
4) If the power light stays green continue, if it goes red after about 20 seconds repeat step 3).
5) if the power light remains green connect to the PC via ethernet.
6) In a browser (I used Firefox) go to 192.168.1.1
7) if all is well the web page will ask for the location of the firmware image file, enter this and press install.
8 ) The web page says it will take 2 minutes to install. There was no indication when it was done, so after the 2 minutes I reloaded 192.168.1.1 and found the routers alive and kicking.  8)

@les-70
You may be interested to know I intalled the image file "HG635v1.04t_multicast_with_multicfg_pack.bin" and it looks very much like the vanila talktalk firmware. The remote management settings are all default TT using port 7574 etc.
The bad news is, by default telnet doesn't work with this firmware.

[les-70]

  Only the HG635v1.04t_multicast_with_multicfg_main.bin file has telnet.  I am surprised that you managed to brick it, normally it is almost impossible to do that except by uploading duff firmware.   Thanks for the comments on the multicfg_pack version.  I have been running that version with the config file applied myself.  It looked the most up to date.

You should still be able to enable telnet with one of the above config files.  You will at least then be able to test the latest config files above.  If you have any trouble i still have the first one I made available.

[npr]

I am surprised that you managed to brick it, normally it is almost impossible to do that except by uploading duff firmware. 

Bricked it 4 times now 
It doesn't like a new file being placed in /etc/ or /usr/
It's ok until you turn it off then it refuses to boot.

[les-70]

  I am puzzled by what your doing, Surely /etc/ and most of the rest of the file system is in read-only memory. Just to be sure i tried adding a file and only get read-only failures.

[npr]

I'm just messing around and learning my way around busybox.
My hope is to be able to run a script at startup to configure some settings not available in the gui. eg the settings which get lost on reboot like the iptables setting to allow ping from wan.

Commands I've found useful for changing read only files / folders:
su
mount -n -o remount,rw /

So far I've discovered not to add or modify files in the folders /etc/ and /usr/ , that bricks the router on the next boot.

Folder /tmp/ gets wiped on boot.

Folder /config/ does not get wiped on boot.

What I need now is to be able to run a script in the folder /config/ on boot ---- any ideas?

The main thing I've learned is don't mess with the file system in this router unless you're prepared to brick the router.