Scheduling IP blocking

[paulus22]

I am running RT2.9 on a Safecom wireless modem/router. I seem to recollect (altho I never used it) that the original fw had scheduling options for allowing/blocking by ip. Is this capability anywhere in the RT fw? My sons have fixed ips for their Xboxes and I would like to schedule a curfew time!

[thechief]

I would just use rshaper or netshaper to throttle their bandwidth.

[paulus22]

I can see in RT Configuration how to enable rshaper and netshaper, but having enabled one how do I then select the ip and time schedule?

[thechief]

Details are in features.html.

[paulus22]

features.htm gives me a sample command for throttling a particular ip. Nothing that I can see about an automatic time-based schedule, and in fact I'm not sure that the router maintains a 24 hour clock?! So I cannot see that I could do what I want to. If I have to issue the command manually then I could just as easily block traffic to that IP via the menu? I think I may have to give up on this . . . unless anyone knows better.

[thechief]

The router most definitely maintains a 24 hour clock - after all, the firmware is a fully-fledged Linux operating system. Scheduling is done via "cron" (the crontab file is "/root_cron"). You can add entries to that file manually (in "crontab" format) to do your scheduling, or you can use the built-in commands "cronjob.sh" or "cronjob-env.sh". The latter makes the scheduled jobs persist between reboots of the router. So, for what you want to achieve, you can do something like:

Code: Select all

cronjob-env.sh "rshaperctl 192.168.1.6 128" "0" "21" "*" "*" "*" "RT_cmd_5"
cronjob-env.sh "rshaperctl 192.168.1.6 0" "30" "15" "*" "*" "*" "RT_cmd_6"

The first command schedules a throttling of the bandwidth of 192.168.1.6 to 128 bytes per second at 21.00 hours everyday, and the second one removes the bandwidth throttling at 15.30 hours everyday. You only need to run these commands once. If you want to remove them, then you will need to run this: "unsetenv RT_cmd_5 && unsetenv RT_cmd_6", and then reboot the router.

For further information about "cron", see http://en.wikipedia.org/wiki/Cron

[paulus22]

Brilliant: so I can run these commands from the Tools/RT Configurations/Run Command can I? Also how can I find out whether the clock is correctly set to local time (preferably from the browser menu)?

paulus22

[paulus22]

One final thing . . . . can I specify a day? (Ideally to give them a later curfew at weekends) and (very finally!) rather than switching this off with another command, would unchecking the rshaper box in the browser menu effectively suspend these commands, and reticking it later reactivating them (without re-entering)?

[thechief]

Brilliant: so I can run these commands from the Tools/RT Configurations/Run Command can I?

I would not recommend that. You should do it from a telnet/ssh login session.

Also how can I find out whether the clock is correctly set to local time (preferably from the browser menu)?

Enable "sntp" in the "Advanced" menu, and that will take care of things. To find out the time, run the "date" command (you can do this one from "Run Command").

One final thing . . . . can I specify a day? (Ideally to give them a later curfew at weekends)

You can do virtually anything with cron and crontab files, and you can fine-tune it to the minutest detail. This will involve getting your hands dirty with the crontab syntax - but there are enough resources available on the web that explain its use (including the link I posted earlier).

and (very finally!) rather than switching this off with another command, would unchecking the rshaper box in the browser menu effectively suspend these commands, and reticking it later reactivating them (without re-entering)?

It won't work. Actually, the rshaper box is a bit superfluous, as the kernel module is loaded on demand (i.e., when you run rshaperctl, the kernel module will be loaded if it wasn't loaded during the boot process). The easiest option is to disable cron, and then reboot.

[paulus22]

Decided to have my very first forray into telnet! FAILED - cannot even achieve a login. The firmware is the AR7WRD but my normal browser login and password doesn't get me logged in via telnet. I have never set a telnet login so what is the default login/password that telnet is looking for?

[paulus22]

Worked it out! Now let's see where I can get to now!!

[paulus22]

Successful! Well at least managed to enter all I needed to, and crontab reports that it's set up just as intended. Will wait and see whether the kids ask coded questions about whether I was "having trouble with the internet last night"!!!

Many thanks for all of your help,
paulus22

[paulus22]

My son's XBox has always been on a single ip (192.168.1.3) - which I have made static. Altho' he connects via DHCP the router seem to always remember his mac and reconnect to that ip. Hence I have made scheduling rules for that ip. However, having rebooted today I find that he has been connected to 192.168.1.4 - although in the table (Advanced/Lan Clients) it show a static ip 3 with his mac against it and a dynamic ip 4 also with his mac against it, and the real connection is to 4. Am I wrong is assuming that the router should force his ip to 3? how have we got into this situation? and how can I rectify it?

[thechief]

I am not a networking guru, so I may be well off the mark - but this may have to do with lease times ...

[biro]

Have you changed the DHCP range on the router?
if 192.168.1.3 isn't within the routers DHCP range then it won't issue it even when set as a static IP.