Fun Things To Do with Firewalla

Follow

Comments

13 comments

  • Avatar
    Chris Hewitt

    I’m not a Samba fan and why install something new when the functionality already exists.

    SSHFS (SSH Filesystem) is a filesystem client based on FUSE for mounting remote directories over an SSH connection. SSHFS is using the SFTP protocol, which is a subsystem of SSH and it is enabled by default on most SSH servers.

    When compared to other network file system protocols such as NFS and Samba the advantage of SSHFS is that it does not require any additional configuration on the server side. To use SSHFS you only need SSH access to the remote server - which we already have.

    Because SSHFS uses SFTP , all transmitted data between the server and the client is encrypted and decrypted. This results with a slightly degraded performance compared to NFS, and higher CPU usage on the client and server.

    2
    Comment actions Permalink
  • Avatar
    Kevin Lengel

    Is there a way to do a bulk rule upload via the Firewalla cmdline?  Defining multiple rules in the UI is a bit tedious.  

    0
    Comment actions Permalink
  • Avatar
    Brian Newbold

    I HIGHLY recommend installing Portainer to your Docker stack.

    It makes management of all your containers incredibly simple. I followed this guide:
    https://homenetworkguy.com/how-to/install-pihole-on-raspberry-pi-with-docker-and-portainer/

    More info on portainer in Guide: How to install Pi-Hole on Gold (beta). Seek the 2nd page of comments for my Q&A and findings,
    HERE:
    https://help.firewalla.com/hc/en-us/articles/360051625034-Guide-How-to-install-Pi-Hole-on-Gold-Beta-?page=2#comments

    2
    Comment actions Permalink
  • Avatar
    capnrob97

    Quick question, I installed tshark (had to update some libraries to get it installed) and it worked. I then rebooted the Firewalla Gold through the iOS app, it was no longer installed after rebooting.

    why would that be?

    0
    Comment actions Permalink
  • Avatar
    Chris Hewitt

     

    Install it in a docker container and make the container persistent. However things like tshark that needs direct network access have to be reinstalled at boot.

    You’re installing in a tmpfs / overlay fs which get wiped out on boot.

    Did you read these?

    https://help.firewalla.com/hc/en-us/community/posts/360051304473-settings-not-sicking

    https://help.firewalla.com/hc/en-us/articles/360054056754-Customized-Scripting-

    0
    Comment actions Permalink
  • Avatar
    Alec Sutherland

    I have a monitor linked up to my firewalla gold, I can install tshark from the console, but id like to find a command (like the "top" command) but for packet sniffing e.g. show packets on my network now and have that as a real-time feed. Is this possible?

    0
    Comment actions Permalink
  • Avatar
    Chris Hewitt

    Sure!

    All depends what you want to see. Also, what’s your skill level in Linux scripting?

    So I guess the first question is what do you want to display on your screen?

    2
    Comment actions Permalink
  • Avatar
    Alec Sutherland

    Thanks Chris. I've got some experience with shell scripts, ultimately I'd be looking for a command to display my networks' packets, with the URL and port number if possible. This output would be shown on a screen, refreshing itself like a basic "top" command so it can be left to run, and be read via the monitor. I wouldn't want any files to be created on the router.

    Is this possible?

    0
    Comment actions Permalink
  • Avatar
    Chris Hewitt

    Other than for a fun display, trying to figure out the usability of this. But heck, I often do things because they just look cool.

    Here is a starting point for you @Alec.

    sudo tshark -i any -q -P -Y "http.request or http.response and (ip.addr != 127.0.0.1)" -T fields -e ip.src -e tcp.srcport -e ip.dst -e tcp.dstport -e http.host -e http.request.uri 

     

     

    1
    Comment actions Permalink
  • Avatar
    Chris Hewitt

    You could also get fancy with something like this.

    sudo tshark -i any -q -P -Y "(ip.addr != 127.0.0.1)" -T fields -e ip.src -e tcp.srcport -e ip.dst -e tcp.dstport -e http.host -e http.request.uri | awk '{src_color=""; dst_color=""; src_port_color=""; dst_port_color=""; if (!match($1, /^192\.168\.1\./)) {src_color="\033[1;31m"; src_port_color="\033[1;34m"}; if (!match($3, /^192\.168\.1\./)) {dst_color="\033[1;31m"; dst_port_color="\033[1;34m"}; printf "%s%-15s\033[0m%s:%-5s\033[0m %*s-> %s%-15s\033[0m%s:%-5s\033[0m %-30s %s\n", src_color, $1, src_port_color, $2, 30-length($1)-length($2)-1, "", dst_color, $3, dst_port_color, $4, $5, $6}'

    Which produces something like this.

    I have a few bugs in my command, but you can figure the fix out :-)

    0
    Comment actions Permalink
  • Avatar
    Chris Hewitt

    This command gets rid of duplciates when the come sequentially (no color).

    sudo rm /tmp/wireshark_*; sudo tshark -i any -q -P -Y "(ip.addr != 127.0.0.1) and (ip.addr != 192.168.1.1)" -T fields -e ip.src -e tcp.srcport -e ip.dst -e tcp.dstport -e http.host -e http.request.full_uri | awk 'BEGIN {prev=""} {current=sprintf("%-14s %-14s %-14s %-14s %-30s %s", $1, $2, $3, $4, $5, $6); if (current != prev) {print current; prev = current}}'

     

     

     

    0
    Comment actions Permalink
  • Avatar
    Alec Sutherland

    Thanks Chris, I look forward to trying these. I've had power cuts lately which has meant I've lost tshark as I understand that the install demostrated in this article is not persistent. How can I ensure that tshark is persistent regardless of whether the router reboots? 

    0
    Comment actions Permalink
  • Avatar
    Chris Hewitt

    We have a script called

    customize.sh

    in

    /home/pi/.firewalla/config/post_main.d/home/pi/.firewalla/config/post_main.d

     

    In the file are the tools we always want available.

    #!/bin/bash

    # This script is run every time the Box is restarted
    # see https://help.firewalla.com/hc/en-us/articles/360054056754-Customized-Scripting-

    sudo apt install nano
    sudo apt install whois
    sudo apt install tshark
    ...

    that has whatever we want reinstalled / reconfigured whenever the Firewalla box is restarted.

    If I understand what you want to do this should be able to do it.

     

     

    1
    Comment actions Permalink

Please sign in to leave a comment.