In Fire We Trust

This is the fifth part of series of articles in which i will explain how to create the perfect SOHO router. I have to note that this is my idea of a perfect router with all the good and bad points stemming from it.

The series will comprise of the following articles:

• Basic hints, ideas, needed services and some thoughts - Here i will try to argument myself upon the choice of software and services for the router
• Base install - i will describe the way our system will be installed and minimized
• Configuration of DNS and DHCP services - here i will describe with arguments what i think is the best configs for the task
• Configure the routing - here is the heart of our routing. I will suggest some tricks that make the life easier, also some pointers for more specific stuff
• Configuring very basic monitoring system
• Extending our router - i will describe some small things that make our life tad easier, smooth and not so demanding

In this part we will build a simple system for monitoring our router
Why
So we can know what is going on with our router. It is allways good to know what’s the state of our router and to be able to reach that information fast.

What we will have
My personal idea for this system features is:

• Web based - for easy access from everywhere
• Internet connectivity check - so we can say in a glance if there is connection problem or our ISP is bugging us
• Network cards check - are they on, loose cable, etc.
• Memory utilisation check - to see if we are in the swap zone or the harddisk is trashing
• TCP/UDP Sessions count - so we can be aware of the utilisation
• Traffic stat with mrtg
• Full system information with phpsysinfo

Script for checking internet connectivity
This is a prety simple script which will do a few pings to an address we are sure will be up. We are using ip address and not host name so we can alleviate the effect of missing DNS.
For this script to be able to work we need ping, tail, cut, php

< ?php
// simple checking of connectivity
// vvitkov
// 02.11.2006
?>
< html >
<head>
<title>Connection check</title>
<meta http-equiv="Content-Type" content="text/html; charset=utf-8" />
<link REL=StyleSheet HREF="style.css" TYPE="text/css" MEDIA=screen>
</link></head>
< body >
< ?php include "header.php"; ?>
<center><br /><br /><h2>Checking Conection with
< ?php
$target="194.145.63.12";
if (isset($_REQUEST['t'])){
        $target=$_REQUEST['t'];
}
echo "<font color=#000000>" . $target . "</h2><br /><br />";
$OK="<div class=ok>CONNECTION IS UP</div>";
$NO="<div class=no>CONNECTION DOWN</div>";
 
$status=exec("ping -q -c3 $target | tail -n 1 | cut -d' ' -f1");
 
if ($status == "rtt") { echo $OK; } else { echo $NO; }
?>
<br /><br />
<div class=sub><a href="?t=www.abv.bg">Check with abv.bg</a>&nbsp;<a href="?t=www.google.com">Check with Google</a></div>
 
< ?php include "footer.php"; ?></center>

This script is neither beautifull nor very secure but it manages to do the job. Here are example outputs of successfull and unsuccessfull checks


As you can see if we use nonexistent host in the check, we will be informed that there is no connection, which may lead us to believe there is no internet. Due to this fact aside from the ip check there are 2 popular sites which are expected to be allways available.

Script for checking NIC’s status
The idea of this script is to check if we have physical connectivity. It is not allways usefull but most of the time is OK.
For this script to work we need sudo, mii-tool.

< ?php
// simple checking of network cards
// vvitkov
// 02.11.2006
?>
< html >
<head>
<title>NIC check</title>
<meta http-equiv="Content-Type" content="text/html; charset=utf-8" />
<link REL=StyleSheet HREF="style.css" TYPE="text/css" MEDIA=screen>
</link></head>
< body >
< ?php include "header.php"; ?>
<center><br /><br /><h2>Checking Network Cards</h2><br />
< ?php
$status=exec("sudo /sbin/mii-tool eth0 | md5sum | cut -d' ' -f1");
if ($status === '011d899f145c89793888771019335049'){
        echo "<div class=ok>External network is UP";
} else {
        echo "<div class=no>External network is DOWN<br />Please check Cable (eth0)</div>";
}
$status=exec("sudo /sbin/mii-tool eth1 | md5sum | cut -d' ' -f1");
if ($status === 'e413ff927a35f4df4c8bdecd70111902'){
        echo "<div class=ok>Internal network is UP</div>";
} else {
        echo "<div class=no>Internal network is DOWN<br />Please check Cable (eth1)</div>";
}
?>
</center>
 
< ?php include "footer.php"; ?>

The check for the nics is not universal due to the usage of md5 sums, but that can be easily corrected. It is enough to look in the output of mii-tool for the string link ok. Additionaly for this script we need to allow access to mii-tool for the user under which the web server runs. This is accomplished by adding in /etc/sudoers the following line

www-data ALL=(ALL) NOPASSWD: /sbin/mii-tool

Check of memory utilisation
This script is usefull for checking the memory usage. With routers it is especially important the system not to use any swap as this steals CPU cycles and is generaly slowing down the machine. For the script to operate we need the command free

< ?php
// simple checking of memory utilisation
// vvitkov
// 02.11.2006
?>
< html >
<head>
<title>Memory Usage</title>
<meta http-equiv="Content-Type" content="text/html; charset=utf-8" />
<link REL=StyleSheet HREF="style.css" TYPE="text/css" MEDIA=screen>
</link></head>
< ?php include "header.php"; ?>
< body ><center><br /><h2>Memory Usage</h2><br /></center>
< ?php
$stat=explode(" ", shell_exec("free -m| head -2|tail -1|awk '{print $2\" \"$3\" \"$4}'"));
$stat2=explode(" ", shell_exec("free -m| head -4|tail -1|awk '{print $2\" \"$3\" \"$4}'"));
$tresh=30;
?>
<table border=0 align=center>
        <tr>
                <th>Mem type</th>
                <th>Used</th>
                <th>free</th>
                <th>Total</th>
        </tr>
        <tr>
                <th>RAM</th>
                <td>< ?php echo $stat[1]; ?></td>
                <td>< ?php echo $stat[2]; ?></td>
                <td>< ?php echo $stat[0]; ?></td>
        </tr>
        <tr>
                <th>SWAP</th>
                <td>< ?php
                        if ($stat2[1] > $tresh) {
                                echo "<font color=red weight=bold>$stat2[1]</font>" ;
                        } else {
                                echo $stat2[1];
                        }
                ?>
                </td>
                <td>< ?php echo $stat2[2]; ?></td>
                <td>< ?php echo $stat2[0]; ?></td>
        </tr>
        <tr>
                <th>TOTAL</th>
                <td>< ?php echo ($stat[1]+$stat2[1]); ?></td>
                <td>< ?php echo ($stat[2]+$stat2[2]); ?></td>
                <td>< ?php echo ($stat[0]+$stat2[0]); ?></td>
        </tr>
        <tr>
                <td>&nbsp;</td>
                <th>< ?php
                        if ($stat2[1] > $tresh) {
                                echo "<font color=red weight=bold>^^^</font>" ;
                        } else {
                                echo "&nbsp";
                        }
                ?>
                </th>
                <td>&nbsp;</td>
                <td>&nbsp;</td>
        </tr>
</table>
<div class="sub">If there is a red number ... that is a problem</div>
< ?php include "footer.php"; ?>

The only variable that has to be changed is $tresh. It is used to light up the warning of excessive swap usage. It is possible to be set for example to 20% but i think it is more suitable to be entered by hand.

Check of the number of active TCP/UDP sessions
If there is a problem with pages not opening, this could indicate exhausted sessions. As some ISP’s limit the number of active sessions, this instrument can be quite usefull. It has to be noted that the numbers shown are not necessary correct, as the state of the sessions is not accounted for. I.e. if the sessions is in state CLOSE_WAIT although it could be almost immediately reused it is still accounted for.
For the script to operate we need sudo, netstat-nat

< ?php
// simple checking of connectivity
// vvitkov
// 02.11.2006
?>
< html >
<head>
<title>Connection statistics</title>
<meta http-equiv="Content-Type" content="text/html; charset=utf-8" />
<link REL=StyleSheet HREF="style.css" TYPE="text/css" MEDIA=screen>
</link></head>
< ?php include "header.php"; ?>
< body ><center><br /><h2>Connection statistics</h2><br /></center>
<table border=0 align=center>
        <tr>
                <th>Proto</th>
                <th>Clients</th>
                <th>Ruter</th>
        </tr>
        <tr>
                <th>TCP</th>
                <td>< ?php echo exec("sudo netstat-nat -n -S -p tcp | grep ESTABLISHED | wc -l"); ?></td>
                <td>< ?php echo exec("sudo netstat-nat -n -L -p tcp | grep ESTABLISHED | wc -l"); ?></td>
        </tr>
        <tr>
                <th>UDP</th>
                <td>< ?php echo exec("sudo netstat-nat -n -S -p udp | grep ESTABLISHED | wc -l"); ?></td>
                <td>< ?php echo exec("sudo netstat-nat -n -L -p udp | grep ESTABLISHED | wc -l"); ?></td>
        </tr>
</table>
<br />
<div class=sub>Only active connections are visible</div>
< ?php include "footer.php"; ?>

Additionaly we have to add the following line

www-data ALL=(ALL) NOPASSWD: /usr/bin/netstat-nat

to /etc/sudoers

Conclusion
I havent shown the configuration of mrtg and phpsysinfo, as they are quite simple. With this we finish our monitoring system. It is quite simple but manages to do the job.
I provide the system in archived form. For it to work you need to configure mrtg using cfgmaker and indexmaker from the package of mrtg and phpsysinfo using the debian package management system.

monitoring system

Also it has to be noted that the system has the possibility for custom messages set by the administrator of the machine to appear in the main view thanks to the header.php

The Series continues with The Perfect SOHO router - Part 6