How to auto-execute a sh script on openwrt start

jmar83 · September 10, 2018, 11:06pm

do they block the execution of other scrips, our just itself?

i just need to wail until the internal iptables rules are processed...

now it works, with a start and stop function...

jeff · September 10, 2018, 11:08pm

Depending on the "mother of all processes", they may block everything that follow. If you have to wait for something, it's good practice to either sequence until after that thing is "done", or to spawn a detached process to do the waiting.

jmar83 · September 10, 2018, 11:16pm

"public_ip.txt" seems to exist after start, but it's empty... i think the networking subsystem is not avaialble at this time..?

jmar83 · September 10, 2018, 11:18pm

...and the timestamp is ALWAYS Sep 11 01:02 - date is correct, but time is always the same... WTF?!?!?

jmar83 · September 10, 2018, 11:19pm

When i execute manually in linux promt, time is correct and it contains my external ip..

jeff · September 10, 2018, 11:30pm

Time sync has not happened yet, initial set is done to the latest file in /etc/ -- see /etc/init.d/sysfixtime

jmar83 · September 10, 2018, 11:36pm

The whole thing it too crazy, nothing else...!!

Now i need some cigerettes and a coffe first!!!

jmar83 · September 10, 2018, 11:43pm

now i saw that alles entries in /etc/rc.d/ are numbered with Kx or Sx where x is a number...

Is that number the execution priority? What is the letter?

jmar83 · September 10, 2018, 11:44pm

and it seems now i have 2 enties: K15iptables_custrules.sh S10iptables_custrules.sh

jmar83 · September 10, 2018, 11:47pm

when i execute /etc/init.d/iptables_custrules.sh disable, both entries are gone...

jeff · September 10, 2018, 11:47pm

Those are symlinks installed by enable/disable of services. One for system start, other for graceful shutdown. One typically leaves those to the process manager and sets dependencies in the service-definition files.

This is "normal" for "init"-based systems, before systemd became the rage.

jmar83 · September 10, 2018, 11:48pm

i think i need to write a c or c++ application with an own thread and thread sleep for x secs, right?

jeff · September 10, 2018, 11:50pm

Nope, you can do it with a shell script. procd will supervise it. You might want to trigger on network events rather than sleeping. See ubus documentation. I don't know a good reference for procd as the other site that once hosted a good description no longer does and it isn't on the Internet Archive.

jmar83 · September 11, 2018, 12:15am

now i try it with ```

chkconfig: 5 9999 9999


https://serverfault.com/questions/176055/how-to-change-linux-services-startup-boot-order

jeff · September 11, 2018, 12:26am

Hold on -- OpenWrt isn't a desktop/server Linux-based distro. Most of what you read about "Linux" will not apply to OpenWrt startup and service management.

Think through what needs to be up and running for your script to work.

Think about what happens if, for example:

DNS for your download host fails
The download host doesn't respond
DNS is spoofed for the download host and you get a "list" from we-be-hackers.org

If you're doing this in startup scripts, the first two will cause OpenWrt (and most "sane" OSes) to fail to boot as the script fails and returns an error.

Edit:

Also look at mktemp as it's good practice to not be able to predict where temporary files are being written. You probably should put it under /tmp/ somewhere as well, since there's no reason to thrash flash for a temporary file.

jmar83 · September 11, 2018, 12:40am

I need a fast as possible to make my webserver public - that's currently the only one thing..

That seems to work:

#!/bin/sh /etc/rc.common
# chkconfig: 5 9999 9999

START=9999
STOP=9999

start() {
set -x
# sleep 30
rm /etc/init.d/public_ip.txt > /dev/null 2>&1
wget -qO- https://api.ipify.org > /etc/init.d/public_ip.txt
for IP in $(cat /etc/init.d/public_ip.txt); do iptables -t nat -A PREROUTING -d $IP -m tcp -p tcp --
dport 80 -j DNAT --to-destination 192.168.1.21; done
iptables -t nat -A POSTROUTING -d 192.168.1.21 -s 192.168.1.0/24 -j SNAT --to-source 192.168.1.1
# rm -f /etc/init.d/public_ip.txt
}

stop() {
rm /etc/init.d/public_ip.txt > /dev/null 2>&1
}

Thank you very much!!!

Best regards,
Jan

jeff · September 11, 2018, 12:43am

LOL -- ~~You're concerned about blocking a bunch of "bad" URLs, but~~ you're running your webserver on OpenWRT? Let me guess, uhttpd?

Do yourself a favor and run it on something like a Raspberry Pi and nginx, behind your OpenWrt device.

Edit: I now followed what you're trying to do, seemingly getting your public IP, not a block list.

jmar83 · September 11, 2018, 12:45am

No, the reason for that firewall is completely different:

No configurable router from ISP (but with dmz), additional own router, net loopback problem on isp router..

Regards,
Jan

jeff · September 11, 2018, 12:51am

See comment on that thread -- DNS is probably a lot easier solution than all you're going through with this. Might need DDNS to make it "cleaner"

jmar83 · November 18, 2018, 6:28am

OK thx.
Regards, Jan