Router Control

From Amahi Wiki
Revision as of 21:59, 17 November 2010 by Acecydoxose (talk | contribs)
Jump to: navigation, search

This feature allows control of supported routers and firewalls from the Amahi HDA Setup pages, under Setup -> Networking -> Firewall and Settings.

It's under active development. It's only intended for developers!

Adding router support is modular. Router support is added by adding one module to the router plugins area.

Each router module can control one class of routers. The features that can be controlled are:

  • DHCP server on and off
  • Add/delete rules for the following:
    • Port forwarding
    • Set/clear the DMZ
    • Filtering for Ports, IPs and MACs and URLs

>== Writing new Router Modules ==

The modules directory is here:

 /var/hda/platform/html/amahi-plugins/routers/

see the example ruby files there (*.rb).

Each module should provide the following class (not instance methods!) methods:

  • name > String: returns the name of the module, typically the brand name of the models supported by this module, e.g. "D-Link"
  • models > String Array: returns an array of names of models of routers supported.
  • set_dmz(ip: String): set the DMZ to be the full IP provided. If none provided (nil or empty string), turn off the DMZ feature
  • write_rule(rule): writes a firewall rule (see below)
  • delete_rule(rule): delete firewall rule
  • dhcp_server_enable: enable the DHCP server in the router
  • dhcp_server_disable: disable the DHCP server in the router

There is no established way how these methods can control the router/firewall. In the demo router, the router is controlled through HTTP, as the router is remote in the network. However, for something like a local firewall (iptables, shorewall, etc.), it would probably not be HTTP.

There is no support yet for custom admin and password settings in the UI yet to gain administrator permissions to control the router/fw. The default admin username and password for the router should be provided in the AUTH hash variable for the time being for the case of conventional routers.


Firewall Rules

a firewall rule is composed of this structure, which is an object of class Firewall:

       t.string        :kind,          :default => ""
       t.boolean       :state,         :default => true
       t.string        :ip,            :default => ""
       t.string        :protocol,      :default => "both"
       t.string        :range,         :default => ""
       t.string        :mac,           :default => ""
       t.string        :url,           :default => ""
       t.string        :comment,       :default => ""

kind is one of:

   'port_filter', 'ip_filter', 'mac_filter', 'url_filter', 'port_forward'

the rest of the fields are populated according to the kind field.

Target Firewalls

Ideally we would like to control at least the following routers:

  • UPnP routers
  • D-Link
  • dd-wrt routers
  • open-wrt routers

And the following firewalls:

Tools

A useful tool to discover exactly what URLs are being exercised on during development is Burp Suite

Quick HOWTO on how to use Burp Suite to see what URLs and form parameters your router requires so that you can put them in your module:

  • start it with java -jar burpsuite_v1.2.01.jar or however you do it
  • on burpsuite, go to the "alerts" tab and make sure the proxy is running on 8080
  • all it takes after the proxy is running to use is setup firefox or whatever to use localhost:8080 as the proxy
  • then go to the proxy tab, turn on intercept and you will be prompted to either forward or drop every request that firefox makes
  • go to your router and set things up to turn on or off the settings you want to research for adding to your module
  • what i do is this: i leave intercept off until i am just about to hit the button to accept, then turn it on. and then take a look at the variables being sent