Difference between revisions of "Router Control"

From Amahi Wiki
Jump to: navigation, search
Line 21: Line 21:
 
see the example ruby files there (*.rb).
 
see the example ruby files there (*.rb).
  
Each module should provide the following class methods:
+
Each module should provide the following ''class'' (not instance methods!) methods:
  
 
* '''name''' > String: returns the name of the module, typically the brand name of the models supported by this module, e.g. "D-Link"
 
* '''name''' > String: returns the name of the module, typically the brand name of the models supported by this module, e.g. "D-Link"

Revision as of 00:19, 13 July 2009

This feature allows control of supported routers and firewalls from the Amahi HDA Setup pages, under Setup -> Networking -> Firewall and Settings.

It's under active development. It's only intended for developers!

Adding router support is modular. Router support is added by adding one module to the router plugins area.

Each router module can control one class of routers. The features that can be controlled are:

  • DHCP server on and off
  • Add/delete rules for the following:
    • Port forwarding
    • Set/clear the DMZ
    • Filtering for Ports, IPs and MACs and URLs

Writing new Router Modules

The modules directory is here:

 /var/hda/platform/html/amahi-plugins/routers/

see the example ruby files there (*.rb).

Each module should provide the following class (not instance methods!) methods:

  • name > String: returns the name of the module, typically the brand name of the models supported by this module, e.g. "D-Link"
  • models > String Array: returns an array of names of models of routers supported.
  • set_dmz(ip: String): set the DMZ to be the full IP provided. If none provided (nil or empty string), turn off the DMZ feature
  • write_rule(rule): writes a firewall rule (see below)
  • delete_rule(rule): delete firewall rule
  • dhcp_server_enable: enable the DHCP server in the router
  • dhcp_server_disable: disable the DHCP server in the router

There is no established way how these methods can control the router/firewall. In the demo router, the router is controlled through HTTP, as the router is remote in the network. However, for something like a local firewall (iptables, shorewall, etc.), it would probably not be HTTP.

There is no support yet for custom admin and password settings in the UI yet to gain administrator permissions to control the router/fw. The default admin username and password for the router should be provided in the AUTH hash variable for the time being for the case of conventional routers.

Firewall Rules

a firewall rule is composed of this structure, which is an object of class Firewall:

       t.string        :kind,          :default => ""
       t.boolean       :state,         :default => true
       t.string        :ip,            :default => ""
       t.string        :protocol,      :default => "both"
       t.string        :range,         :default => ""
       t.string        :mac,           :default => ""
       t.string        :url,           :default => ""
       t.string        :comment,       :default => ""

kind is one of:

   'port_filter', 'ip_filter', 'mac_filter', 'url_filter', 'port_forward'

the rest of the fields are populated according to the kind field.

Target Firewalls

Ideally we would like to control at least the following routers:

  • UPnP routers
  • D-Link
  • dd-wrt routers
  • open-wrt routers

And the following firewalls: