Unable to update GoFlex Net

balanga · March 27, 2019, 1:40pm

I will upgrade it once I have copied everything currently on it, but I want to ssh into it first and can't figure out what is stopping me.

lleachii · March 27, 2019, 1:42pm

This has got to be a joke.

I advise resetting the device to defaults and flashing 18.06.2.

Why are you running this command?

Why are you trying to connect to port 22, when @anon50098793 told you it's running at port 2222???

RUN THIS:

ssh 192.168.1.7 -p 2222

Exactly like @anon50098793 already told you:

jeff · March 27, 2019, 1:51pm

The you should never have run opkg to try to upgrade it, eh?

What's stopping you? Use of skills in reading and comprehending directions before taking action. Over-reliance on these forums to spoon-feed you personalized directions.

lleachii · March 27, 2019, 2:20pm

Also, when @balanga uses the phrase "copied everything" - I'm not sure if that means "copy files" or "backup router."

Those are two different goals and tasks...and as I recall, on a previous device he was working on, the backup didn't help (or was never used) anyway.

balanga · March 27, 2019, 3:09pm

I did as I was told and it clearly did not work.

The port is filtered and I'm guessing I need to change something here in /etc/firewall.user :-

# This file is interpreted as shell script.
# Put your custom iptables rules here, they will
# be executed with each firewall (re-)start.

# Internal uci firewall chains are flushed and recreated on reload, so
# put custom rules into the root chains e.g. INPUT or FORWARD or into the
# special user chains, e.g. input_wan_rule or postrouting_lan_rule.

iptables -I zone_lan_input -j REJECT
#iptables -I zone_lan_input -j LOG
iptables -I zone_lan_input -p icmp -j ACCEPT
iptables -I zone_lan_input -p igmp -j ACCEPT
# Allow torrent clients to initiate connections (transmission)
iptables -I zone_lan_input -p tcp --dport 6881:6999 -j ACCEPT
iptables -I zone_lan_input -p udp --dport 6881:6999 -j ACCEPT

iptables -I zone_lan_input -s 192.168.0.128/25 -j ACCEPT
iptables -I zone_lan_input -s 192.168.0.254 -j REJECT

# Allow ssh and rsync access from gw
iptables -I zone_lan_input -p tcp -s 192.168.0.254 --dport 22  -j ACCEPT
iptables -I zone_lan_input -p tcp -s 192.168.0.254 --dport 873 -j ACCEPT

# Allow NFS from gw
iptables -I zone_lan_input -p tcp -s 192.168.0.254 --dport 32780 -j ACCEPT
iptables -I zone_lan_input -p tcp -s 192.168.0.254 --dport 2049 -j ACCEPT

Maybe some helpful person could advise...

jeff · March 27, 2019, 3:12pm

@balanga

Right now, what you are trying to do is well past your apparent understanding of Linux-based OSes in general, and OpenWrt in specific.

I think you would be greatly benefited by purchasing a well-supported device with a relatively fool-proof recovery method. I recommend something like the GL.iNet AR300M-Lite, which is now supported in snapshots[1]. That device has a very good U-Boot, for which GL.iNet has included a web-based method for flashing an image, without use of serial. It is available for under US$20.

Use of such a device will let you better understand how to manage and troubleshoot an OpenWrt system.

While not quite a "12 o'clock flasher", you should stay out of editing config files, configure only using LuCI, and never write to the raw MTD devices.

You should also plan what you what to accomplish. That you're fixated on connecting via ssh to a device that you have serial access to is puzzling. One with sufficient skill should be able to ssh/scp from the device to any other connected device, without needing an SSH server running on the device.

[1] The AR300M-Lite should generally not be flashed with the AR300M (no -Lite) firmware that has been available for some time now. As the AR300M-Lite has a single Ethernet port and the "no -Lite" version has two, the AR300M firmware on a -Lite version will, on first boot or reset to defaults, likely be unreachable. This can be recovered by flashing the proper firmware version through U-Boot over its web-based interface.

lleachii · March 27, 2019, 3:25pm

I see no proof of what you claim, in fact your posting (using port 22 and not 2222) proved otherwise.

YOU SHOULD DELETE ALL THE RULES FOUND THERE, AS YOU DIDN'T ADD THEM!!!
There are 0 rules in /etc/firewall.user on a default OpenWrt Install!!!

DID YOU SEE THIS FIRST RULE - AND DO YOU KNOW WHAT IT MEANS???

Also, make sure you do not address your device as 192.168.0.254, as that is also blocked.

I highly advise you simply upgrade - resetting to defaults in the process, or as @jeff suggests:

purchase a device with button and web-based recovery, etc.

balanga · March 27, 2019, 4:21pm

I can't connect via LUCI.

Also, without midnight commander, which I can't install, I'm finding it difficult to find my way round the filesystem.

jeff · March 27, 2019, 4:25pm

You shouldn't be relying on some GUI to do things as basic as navigating a file system on a device that has only tens of MB of storage.

Start with

ls
less
find

balanga · March 27, 2019, 4:27pm

Then you did not read the log I posted.

If you had read my first post you would know that it is not a default install. It's an existing installation which I have just acquired!

balanga · March 27, 2019, 4:31pm

Midnight commander is not a GUI... in any case I'm constantly told to use LUCI to make any changes.

In case you have not used mc, it is basically a user friendly front end to ls, less, find etc...

balanga · March 27, 2019, 4:34pm

So I've basically managed to get as far a the password prompt in ssh, but whatever password I use, or change via passwd in the serial console has no effect.

I even followed instructions for

Resetting the root password

https://openwrt.org/docs/guide-user/troubleshooting/root_password_reset

...but that didn't work!

lleachii · March 27, 2019, 4:47pm

I never understand your responses...I read your first post.

~~Now fix your issue!~~

(It seems he silently followed my advice and was able to SSH.)

If you can see the rules, you can delete them.

lleachii · March 27, 2019, 4:54pm

Does anyone else think @balanga is a troll?

jeff · March 27, 2019, 5:02pm

Troll, no. Over his head for what he's trying to do, yes.

Not just here, but at https://forums.freebsd.org/search/79022/ as well

tmomas · March 27, 2019, 5:02pm

The requested page could not be found.

jeff · March 27, 2019, 5:04pm

Might require a user to be logged in. Here's a taste

OP is also cross-posting there, without indicating (or perhaps even realizing) that Linux and OpenWrt work very differently than FreeBSD

lleachii · March 27, 2019, 5:26pm

Wow...

anon50098793 · March 27, 2019, 7:38pm

your device operating system is not an official openwrt release. therefore, the help you are receiving here is complimentary. show us you deserved it and go and find a source of information ( preferrably not a forum ) and study, who made the OS, and how they setup the users / login.

or, get some nice linux books.... use that system to learn.... what a great opportunity!

lleachii · March 27, 2019, 8:35pm

It's an Orthodox File Manager...based on look/feel of Norton Commander...one of the first prototypes (not made by the company who made the OS) - for almost all GUI panel-based file managers known today.

I should note it also accepts mouse movements - which means it possesses a Graphical User Interface by definition. Until you made the statement above, I've never heard anyone make such a distinction outside of educational circles.

I should also note that the development of GUIs was exactly because of the reason you stated:

So, @jeff's point was misunderstood. You should truly get a grasp of the underlying software. You'll need to when you encounter a device that doesn't have capability/space for the installation of mc. You may have found your reckoning on that issue in the GoFlex Net.