Trusted, Bureaucrats, Administrators
12,424
edits
Changes
From Amahi Wiki
no edit summary
'''NOTE:''' This is an Amahi 6 ONLY feature. This feature allows control of supported routers and firewalls from the Amahi HDA Setup pages, under Setup -> Networking -> Firewall and Settings. '''It's under active development.''' It's only intended for developers!
Adding router support is modular. Router support is added by adding one module to the router plugins area.
see the example ruby files there (*.rb).
Each module should provide the following ''class '' (not instance methods!) methods:
* '''name''' (> String): returns the name of the module, typically the brand name of the models supported by this module, e.g. "D-Link"* '''models''' (> String Array): returns an array of names of models of routers supported.
* '''set_dmz'''(ip: String): set the DMZ to be the ''full'' IP provided. If none provided (nil or empty string), turn off the DMZ feature
* '''write_rule'''(rule): writes a firewall rule (see below)
* '''dhcp_server_disable''': disable the DHCP server in the router
There is no established way how these methods can control the router/firewall. In the demo router, the router is controlled through HTTP, as the router is remote in the network. However, for something like a local firewall (iptables, shorewall, etc.), it would probably not be HTTP.
There is no support yet for custom admin and password settings in the UI yetto gain administrator permissions to control the router/fw. The default admin username and password for the router should be provided in the '''AUTH''' hash variablefor the time being for the case of conventional routers.
== Firewall Rules ==
the rest of the fields are populated according to the kind field.
== Target Firewalls ==
Ideally we would like to control at least the following routers:
* UPnP routers
* D-Link
* dd-wrt routers
* open-wrt routers
And the following firewalls:
* http://www.pfsense.com/
* http://www.shorewall.net/
* IPTables, the default linux firewall
== Tools ==
A useful tool to discover exactly what URLs are being exercised on during development is [http://portswigger.net/suite/ Burp Suite]
Quick HOWTO on how to use Burp Suite to see what URLs and form parameters your router requires so that you can put them in your module:
* start it with java -jar burpsuite_v1.2.01.jar or however you do it
* on burpsuite, go to the "alerts" tab and make sure the proxy is running on 8080
* all it takes after the proxy is running to use is setup firefox or whatever to use localhost:8080 as the proxy
* then go to the proxy tab, turn on intercept and you will be prompted to either forward or drop every request that firefox makes
* go to your router and set things up to turn on or off the settings you want to research for adding to your module
* what i do is this: i leave intercept off until i am just about to hit the button to accept, then turn it on. and then take a look at the variables being sent
