≡ Menu

router firewall

Linux Shell Script to reboot DSL or ADSL router

If you need to reboot the router then you need to use web interface or telnet interface. Both methods take time, especially if you are playing with ACL, NAT or router firewall or you just wanna reboot the router from your Linux desktop. I have created simple script using expect tool to reboot router. Make sure you have expect command installed. Use rpm or apt-get command to install expect tool.

Shell script

Create a script as follows (tested on Beetel ADSL 220x router):

#!/usr/bin/expect -f
set timeout 20
# router user name
set name "admin"
# router password
set pass "PASSWORD"
# router IP address
set routerip ""
# Read command as arg to this script
set routercmd [lindex $argv 0]
# start telnet
spawn telnet $routerip
# send username & password
expect "Login:"
send -- "$name\r"
expect "Password:"
send -- "$pass\r"
# get out of ISP's  Stupid menu program, go to shell
expect " -> "
send --  "sh\r"
# execute command
expect "# "
send -- "$routercmd\r"
# exit
send -- "^D"

Save script and setup executable permission on it:
$ chmod +x router.exp

How do I run this script?

You need to pass command to script to execute on a router. For example to display router uptime, interface information and to reboot router you need to type command as follows:
$ ./router.exp uptime
$ ./router.exp ifconfig
$ ./router.exp reboot

Since my ISP router offers menu as soon as login above script may not work on generic router such as Cisco or linksys router. Therefore, you may need to modify above script to work with your router. If you are a new to expect then use autoexpect command to generate script. It watches you interacting with another program and creates an Expect script that reproduces your interactions For straightline scripts, autoexpect saves substantial time over writing scripts by hand. Even if you are an Expect expert, you will find it convenient to use autoexpect to automate the more mindless parts of interactions. It is much easier to cut/paste hunks of autoexpect scripts together than to write them from scratch. Moreover, if you are a beginner, you may be able to get away with learning nothing more about Expect than how to call autoexpect. Just type autoexecpt:
$ autoexpectautoexpect started, file is script.exp

Next type telnet command (telnet to the router):
$ telnet

Login: USER
Password: Password

Now type commands on the router:
$ ifconfig
$ exit

You are done, type exit to stop autoexepct command:
$ exit

autoexpect done, file is script.exp

Just type ./script.exp to run ifconfig command:
$ ./script.exp
You can now modify script.exp to reboot or to run other commands. It is a real lifesaver.

See also:

Linux Iptables open Bittorrent tcp ports 6881 to 6889

I already wrote about Linux command line bittorrent client. However, I received few more queries regarding firewall issues. Basically you need to open ports using iptables.

Bittorrent client by default uses tcp 6881 to 6889 ports only. In order to work with Bittorrent client you need to open these ports on firewall. Remember, if you are behind a firewall (hardware or software) you need to enable port forwarding to internal systems.

Scenario # 1: Windows or Linux desktop behind router firewall

Internet ->     Hardware Router    -> Your Linux Desktop
          with port forwarding          Client

You have router (ADSL/DSL/Cable modem+router) and you have already enabled port forwarding on router (open web browser > Open router web admin interface > Find port forwarding > Enable port forwarding for bittorent protocol). You also need to open port using following iptables rules on Linux desktop (open TCP port 6881 to 6999):

iptables -A INPUT -p tcp --destination-port 6881:6999 -j ACCEPT
iptables -A OUTPUT -p tcp --source-port 6881:6999 -j ACCEPT

Here is a complete sample firewall script:

iptables -F
iptables -X
iptables -t nat -F
iptables -t nat -X
iptables -t mangle -F
iptables -t mangle -X
modprobe ip_conntrack
modprobe ip_conntrack_ftp
# Setting default filter policy
iptables -P INPUT DROP
# Unlimited access to loop back
iptables -A INPUT -i lo -j ACCEPT
iptables -A OUTPUT -o lo -j ACCEPT
# Allow UDP, DNS and Passive FTP
iptables -A INPUT -i eth0 -m state --state ESTABLISHED,RELATED -j ACCEPT
#allow bittorent incomming client request
iptables -A INPUT -p tcp --destination-port 6881:6999 -j ACCEPT
#Uncomment below to allow sshd incoming client request
#iptables -A INPUT -p tcp -dport 22 -j ACCEPT
# DROP everything and Log it
iptables -A INPUT -j LOG
iptables -A INPUT -j DROP

Scenario # 2

Internet -> Linux computer Router  ->  Your Linux Desktop
         with port forwarding      OR Windows XP client
         enabled using IPTABLES       IP:

Here you are using a Linux as software firewall and iptables as your NAT (firewall) for internal network ( You need to enable port forwarding to a internal Linux desktop (may be Windows XP desktop) for BitTorrent client system. Add following two line of code to your existing NAT firewall script.

iptables -t nat -A PREROUTING -p tcp --dport 6881:6889
-j DNAT --to-destination
iptables -A FORWARD -s -p tcp --dport 6881:6889

Related: Linux Command line BitTorrent client