Pages

Saturday 6 June 2015

Why 10 bucks are worth more than 60$ (RX-WR150WH)

Update - 2 years later 2017/07/12: After some analysis I see that the router is a re-brand of TOTO Link router, but it did it's purpose - now it is gathering dust, Mikrotik's WIFI range coverage is just unbeatable by stability and bandwidth.

I bought a router RX-WR150WH for 10$ the brand is Serioux and is a Romania brand - which sells here in Bulgaria pretty cheap. Why would I possibly do this over a Linksys WRT54GL!? Well first it was quite old already and the second thing is it was quite huge which is a problem in the moment on my desk. And third I did not want to trash my WRT54GL experimenting on it.

Why I choose this router first:
1. It is very compact.
2. It has a lot of features for the money: http://www.serioux.com/uploads/support/common/7a874-SRX-WR150WH---Declaratie-CE.pdf
It even has NAT and a firewall.
3. The price.
4. Although it has nothing to do with Mikrotik it does a lot for 10$ compared to 60$. 
5. The speed:



6. Obviously a linux:
File Type: u-boot legacy uImage, zxrouter, Linux/MIPS, Standalone Program (Not compressed), 713440 bytes, Tue Apr 23 20:26:05 2013, Load Address: 0x80300000, Entry Point: 0x80300000, Header CRC: 0xD022E028, Data CRC: 0x3ED5B432

7.Try Exporting the configuration. You might want to have a look at the weak passwords and these:

L2T_MTU=4076
WAN_MTU=4076

References: http://www.slatedroid.com/topic/76777-how-to-extract-u-boot-bootimg-for-amlogic-mx-devices/
http://www.checkfiletype.com/upload-and-check
http://www.devttys0.com/2011/05/reverse-engineering-firmware-linksys-wag120n/

Raspberry and arch linux

I got a raspberry Pi B+ and decided to turn it into a web server for the moment. I installed Arch-linux and have to say that it pretty much reminds me of Slackware although they are not the same.

By the way you can build your own case:
http://sixes.net/rdcHQ/rdchq-extra-credit-raspi-b/
However my own experience is that it wasn't quite what it should be ... if you really want something that lasts buy a case.

First thing you  have to do after you log in is to update the package repository:
pacman -Syu
pacman-db-upgrade

After this we can start installing packages:
pacman -S mc
pacman -S iptraf-ng
pacman -S nginx
pacman -S php php-fpm
pacman -S whois 
pacman -S dnsutils
pacman -S screen

To remove a package and its dependencies which are not required by any other installed package use:
pacman -Rs package_name

Let us enable nginx and php on boot:
systemctl enable nginx php-fpm

Then you might get the following error:
May 24 06:47:55 alarmpi systemd[1]: Starting A high performance web server .....
May 24 06:47:55 alarmpi nginx[19638]: 2015/05/24 06:47:55 [emerg] 19638#0: ...m)
May 24 06:47:55 alarmpi systemd[1]: nginx.service: control process exited, ...=1
May 24 06:47:55 alarmpi systemd[1]: Failed to start A high performance web ...r.
May 24 06:47:55 alarmpi systemd[1]: Unit nginx.service entered failed state.
May 24 06:47:55 alarmpi systemd[1]: nginx.service failed.
Hint: Some lines were ellipsized, use -l to show in full.
[root@alarmpi ~]# systemctl status nginx -l
* nginx.service - A high performance web server and a reverse proxy server
   Loaded: loaded (/usr/lib/systemd/system/nginx.service; enabled; vendor preset: disabled)
   Active: failed (Result: exit-code) since Sun 2015-05-24 06:47:55 MDT; 26s ago
  Process: 19638 ExecStart=/usr/bin/nginx -g pid /run/nginx.pid; error_log stderr; (code=exited, status=1/FAILURE)

The solution to this is:
In /boot/cmdline.txt, add rw just before rootwait also you might consider enabling ipv6 ipv6.disable=0 later ufw will need this.

Let's have a look at the web server configuration:
/etc/nginx/nginx.conf

#user html;
worker_processes  1;

#error_log  logs/error.log;
#error_log  logs/error.log  notice;
#error_log  logs/error.log  info;

#pid        logs/nginx.pid;


events {
    worker_connections  1024;
}


http {
    include       mime.types;
    default_type  application/octet-stream;

    #log_format  main  '$remote_addr - $remote_user [$time_local] "$request" '
    #                  '$status $body_bytes_sent "$http_referer" '
    #                  '"$http_user_agent" "$http_x_forwarded_for"';

    #access_log  logs/access.log  main;

    sendfile        on;
    #tcp_nopush     on;

    #keepalive_timeout  0;
    keepalive_timeout  65;

    #gzip  on;

    server {
        listen       80;
        server_name  localhost;

        #charset koi8-r;

        #access_log  logs/host.access.log  main;

        location / {
            root   /usr/share/nginx/html;
            index  index.html index.htm;
        }

        #error_page  404              /404.html;

        # redirect server error pages to the static page /50x.html
        #
        #error_page   500 502 503 504  /50x.html;
       # location = /50x.html {
       #     root   /usr/share/nginx/html;
       # }

        # proxy the PHP scripts to Apache listening on 127.0.0.1:80
        #
        #location ~ \.php$ {
        #    proxy_pass   http://127.0.0.1;
        #}

        # pass the PHP scripts to FastCGI server listening on 127.0.0.1:9000
        #
        location ~ \.php$ {
            root           /usr/share/nginx/html;
            fastcgi_pass   127.0.0.1:9000;
            fastcgi_index  index.php;
            fastcgi_param  SCRIPT_FILENAME  $document_root$fastcgi_script_name;
            include        fastcgi_params;
        }

        # deny access to .htaccess files, if Apache's document root
        # concurs with nginx's one
        #
        #location ~ /\.ht {
        #    deny  all;
        #}
    }


    # another virtual host using mix of IP-, name-, and port-based configuration
    #
    #server {
    #    listen       8000;
    #    listen       somename:8080;
    #    server_name  somename  alias  another.alias;

    #    location / {
    #        root   html;
    #        index  index.html index.htm;
    #    }
    #}


    # HTTPS server
    #
    #server {
    #    listen       443 ssl;
    #    server_name  localhost;

    #    ssl_certificate      cert.pem;
    #    ssl_certificate_key  cert.key;

    #    ssl_session_cache    shared:SSL:1m;
    #    ssl_session_timeout  5m;

    #    ssl_ciphers  HIGH:!aNULL:!MD5;
    #    ssl_prefer_server_ciphers  on;

    #    location / {
    #        root   html;
    #        index  index.html index.htm;
    #    }
    #}

}

And now about the final touches. It seems that I had some issue with arch running php so after some research I found that  it was the "open_basedir" option in php.ini. You should point that parameter to your document root directory. It should be the same as the "root" option in this section:

cat /etc/php/php.ini
; open_basedir, if set, limits all file operations to the defined directory
; http://php.net/open-basedir
open_basedir =  /usr/share/nginx/html

After some analysis I found that there was some interest ;) in my Raspberry so I secured it with ufw:

ufw allow from <ip> to any port <port number>
ufw status
systemctl enable ufw

The numbers of your firewall rules can listed using:

ufw status numbered

To delete rules:
ufw delete ####
where #### is the number of your firewall rule.



Changing the local time: # ln -s /usr/share/zoneinfo/Europe/Minsk /etc/localtime


Other nice ideas please see the references. Cheers!

References: 
http://blog.tersmitten.nl/ufw-delete-firewall-rules-by-number.html
http://guides.webbynode.com/articles/security/ubuntu-ufw.html