Difference between revisions of "Router Control"
(14 intermediate revisions by 2 users not shown) | |||
Line 1: | Line 1: | ||
− | This feature allows control of supported routers from the Amahi HDA Setup pages, under Setup -> Networking -> Firewall and Settings. | + | '''NOTE:''' This is an Amahi 6 ONLY feature. |
+ | |||
+ | This feature allows control of supported routers and firewalls from the Amahi HDA Setup pages, under Setup -> Networking -> Firewall and Settings. | ||
+ | |||
+ | '''It's under active development.''' It's only intended for developers! | ||
Adding router support is modular. Router support is added by adding one module to the router plugins area. | Adding router support is modular. Router support is added by adding one module to the router plugins area. | ||
Line 19: | Line 23: | ||
see the example ruby files there (*.rb). | see the example ruby files there (*.rb). | ||
− | Each module should provide the following class methods: | + | Each module should provide the following ''class'' (not instance methods!) methods: |
− | * '''name''' | + | * '''name''' > String: returns the name of the module, typically the brand name of the models supported by this module, e.g. "D-Link" |
− | * '''models''' | + | * '''models''' > String Array: returns an array of names of models of routers supported. |
* '''set_dmz'''(ip: String): set the DMZ to be the ''full'' IP provided. If none provided (nil or empty string), turn off the DMZ feature | * '''set_dmz'''(ip: String): set the DMZ to be the ''full'' IP provided. If none provided (nil or empty string), turn off the DMZ feature | ||
* '''write_rule'''(rule): writes a firewall rule (see below) | * '''write_rule'''(rule): writes a firewall rule (see below) | ||
Line 29: | Line 33: | ||
* '''dhcp_server_disable''': disable the DHCP server in the router | * '''dhcp_server_disable''': disable the DHCP server in the router | ||
+ | There is no established way how these methods can control the router/firewall. In the demo router, the router is controlled through HTTP, as the router is remote in the network. However, for something like a local firewall (iptables, shorewall, etc.), it would probably not be HTTP. | ||
− | + | There is no support yet for custom admin and password settings in the UI yet to gain administrator permissions to control the router/fw. The default admin username and password for the router should be provided in the '''AUTH''' hash variable for the time being for the case of conventional routers. | |
− | There is no support for custom admin and password settings in the UI yet. The default admin username and password for the router should be provided in the '''AUTH''' hash variable. | ||
== Firewall Rules == | == Firewall Rules == | ||
Line 50: | Line 54: | ||
the rest of the fields are populated according to the kind field. | the rest of the fields are populated according to the kind field. | ||
+ | |||
+ | == Target Firewalls == | ||
+ | |||
+ | Ideally we would like to control at least the following routers: | ||
+ | |||
+ | * UPnP routers | ||
+ | * D-Link | ||
+ | * dd-wrt routers | ||
+ | * open-wrt routers | ||
+ | |||
+ | And the following firewalls: | ||
+ | |||
+ | * http://www.pfsense.com/ | ||
+ | * http://www.shorewall.net/ | ||
+ | * IPTables, the default linux firewall | ||
+ | |||
+ | == Tools == | ||
+ | |||
+ | A useful tool to discover exactly what URLs are being exercised on during development is [http://portswigger.net/suite/ Burp Suite] | ||
+ | |||
+ | Quick HOWTO on how to use Burp Suite to see what URLs and form parameters your router requires so that you can put them in your module: | ||
+ | |||
+ | * start it with java -jar burpsuite_v1.2.01.jar or however you do it | ||
+ | * on burpsuite, go to the "alerts" tab and make sure the proxy is running on 8080 | ||
+ | * all it takes after the proxy is running to use is setup firefox or whatever to use localhost:8080 as the proxy | ||
+ | * then go to the proxy tab, turn on intercept and you will be prompted to either forward or drop every request that firefox makes | ||
+ | * go to your router and set things up to turn on or off the settings you want to research for adding to your module | ||
+ | * what i do is this: i leave intercept off until i am just about to hit the button to accept, then turn it on. and then take a look at the variables being sent |
Latest revision as of 00:09, 3 April 2014
NOTE: This is an Amahi 6 ONLY feature.
This feature allows control of supported routers and firewalls from the Amahi HDA Setup pages, under Setup -> Networking -> Firewall and Settings.
It's under active development. It's only intended for developers!
Adding router support is modular. Router support is added by adding one module to the router plugins area.
Each router module can control one class of routers. The features that can be controlled are:
- DHCP server on and off
- Add/delete rules for the following:
- Port forwarding
- Set/clear the DMZ
- Filtering for Ports, IPs and MACs and URLs
Writing new Router Modules
The modules directory is here:
/var/hda/platform/html/amahi-plugins/routers/
see the example ruby files there (*.rb).
Each module should provide the following class (not instance methods!) methods:
- name > String: returns the name of the module, typically the brand name of the models supported by this module, e.g. "D-Link"
- models > String Array: returns an array of names of models of routers supported.
- set_dmz(ip: String): set the DMZ to be the full IP provided. If none provided (nil or empty string), turn off the DMZ feature
- write_rule(rule): writes a firewall rule (see below)
- delete_rule(rule): delete firewall rule
- dhcp_server_enable: enable the DHCP server in the router
- dhcp_server_disable: disable the DHCP server in the router
There is no established way how these methods can control the router/firewall. In the demo router, the router is controlled through HTTP, as the router is remote in the network. However, for something like a local firewall (iptables, shorewall, etc.), it would probably not be HTTP.
There is no support yet for custom admin and password settings in the UI yet to gain administrator permissions to control the router/fw. The default admin username and password for the router should be provided in the AUTH hash variable for the time being for the case of conventional routers.
Firewall Rules
a firewall rule is composed of this structure, which is an object of class Firewall:
t.string :kind, :default => "" t.boolean :state, :default => true t.string :ip, :default => "" t.string :protocol, :default => "both" t.string :range, :default => "" t.string :mac, :default => "" t.string :url, :default => "" t.string :comment, :default => ""
kind is one of:
'port_filter', 'ip_filter', 'mac_filter', 'url_filter', 'port_forward'
the rest of the fields are populated according to the kind field.
Target Firewalls
Ideally we would like to control at least the following routers:
- UPnP routers
- D-Link
- dd-wrt routers
- open-wrt routers
And the following firewalls:
- http://www.pfsense.com/
- http://www.shorewall.net/
- IPTables, the default linux firewall
Tools
A useful tool to discover exactly what URLs are being exercised on during development is Burp Suite
Quick HOWTO on how to use Burp Suite to see what URLs and form parameters your router requires so that you can put them in your module:
- start it with java -jar burpsuite_v1.2.01.jar or however you do it
- on burpsuite, go to the "alerts" tab and make sure the proxy is running on 8080
- all it takes after the proxy is running to use is setup firefox or whatever to use localhost:8080 as the proxy
- then go to the proxy tab, turn on intercept and you will be prompted to either forward or drop every request that firefox makes
- go to your router and set things up to turn on or off the settings you want to research for adding to your module
- what i do is this: i leave intercept off until i am just about to hit the button to accept, then turn it on. and then take a look at the variables being sent