EdgeRouter - alexium/internet-filter GitHub Wiki
Some notes on the Ubiquiti EdgeRouter ER-X used in the reference installation.
The EdgeRouter is a Debian Linux device running a fork of the Vyatta software-based routing system.
$ show version
Version: v2.0.6
$ uname -a
Linux ubnt 4.14.54-UBNT #1 SMP Mon Jul 8 05:11:07 UTC 2019 mips GNU/Linux
$ cat /etc/os-release
PRETTY_NAME="Debian GNU/Linux 9 (stretch)"
In my home network, I do not have a test router system. The router cron job is normally configured to use production and will thus remove sessions set up using the captive portal in development mode. You can disable the cron job temporarily.
Run pylint on the router control scripts:
pylint --indent-string=' ' --indent-after-paren=2 router/*.py
Run unit tests:
export PYTHONPATH=/home/$USER/internet-filter
./router/tests/edgerouter_test.py
Steps to upgrade the firmware:
add system image https://dl.ui.com/firmwares/edgemax/v2.0.x/ER-e50.v2.0.6.5208541.tar
show system image
reboot
add system boot-image
reboot
You can backup the EdgeRouter configuration by downloading from the System page in the web interface, then save to a storage service like Google Drive.
While you are debugging the system, it makes sense to create a rule that prevents you from blocking all internet access.
set firewall modify SQUID rule 10 action accept
set firewall modify SQUID rule 10 description 'Allow john laptop traffic'
set firewall modify SQUID rule 10 source mac-address 00:E0:4C:68:01:33
If the router becomes unreachable, you can reset to factory defaults.
The /config/config.boot file is the saved configuration. The show configuration command displays the active configuration, which has been committed, but not necessarily saved.
Logs for the shell script: /var/log/vyatta/cfg-stdout.log
I was unable to use the following to write a script:
source /opt/vyatta/etc/functions/script-template
I got the following errors when committing changes:
[ firewall modify SQUID ]
Firewall config error: Cannot delete rule set "SQUID" (still in use)
Commit failed
I also was not able to use a firewall description with spaces, even when quoted.
To log when the cron jobs are executed in /var/log/messages, change log level from notice to info:
set system syslog global facility cron level info
Cron schedule is configured in /etc/cron.d/vyatta-crontab.
The normal way to log output from cron commands is something like the following:
command 2>&1 | /usr/bin/logger -t <name>
But it seems that Vyatta cron does not permit redirecting output. So the shell script calls logger when started in non-interactive mode.
The EdgeRouter runs an old version of Python:
$ python -V
Python 2.7.3
I could not install pip. The get-pip.py script hung.
Some of the Linux commands that I found helpful for debugging follow.
The policy based routing rules mark incoming HTTP/S packets using the mangle table. Then the routing rules pick the correct next hop depending on how the packet has been marked.
$ /sbin/iptables -t mangle -L -v
$ ip rule list
$ ip route list table 90
To debug the iptables configuration, you can reset counters:
$ /sbin/iptables -t mangle -Z
To see traffic:
$ /usr/sbin/tcpdump -i switch0 port 80
Turn on logging:
$ /sbin/iptables -t mangle -I SQUID -j LOG
To turn off logging:
$ /sbin/iptables -t mangle -D SQUID 1
- EdgeOS documentation only covers the web UI, not the command line interface
- A user wrote this helpful documentation on setting up the EdgeRouter
- VyOS is a fork of Vyatta with excellent documentation of the CLI
- Linux documentation is useful for understanding what is going on under-the hood: