Syed Jahanzaib Personnel Blog to Share Knowledge !

April 13, 2015

Short Notes Series: Adding VPN (PPTP) Dialer in Linux

Filed under: Linux Related — Tags: , , , — Syed Jahanzaib / Pinochio~:) @ 12:06 PM

 

vpn-animationAssalam Va Alaykum,

Following are short notes on How I added VPN [pptp] client in Linux [initially in centos, later I will add commands for Ubuntu as well] to a mikrotik base pptp vpn server. Mikrotik is using default profile for vpn users. Something like this

Mikrotik Section:

PPP Default Profile …

mt2

 

PPP Default Profile Protocols Section …

mt-ppp-default-profile

& PPP USER …

mt-3

Ok now moving to linux to add vpn client


 

Adding PPTP VPN Client in CENTOS 6

First install PPTP client.

yum install pptp -y

Now add the username and password inside /etc/ppp/chap-secrets file

Note: I used NANO editor as its easier, but you can use any other editor like VI or other

nano /etc/ppp/chap-secrets

Now add your USER ID and PASSWORD in following scheme …

# Secrets for authentication using CHAP
# client        server           secret                 IP addresses
test              PPTP           testpass                       *

In above example, my vpn user name is test, and password is testpass.

Save & Exit.

Now create a VPN Dialer configuration file under /etc/ppp/peers directory called testvpn  using any text editor

nano /etc/ppp/peers/testvpn

and use following format


pty "pptp 1.1.1.1 --nolaunchpppd"
lock
noauth
nobsdcomp
nodeflate
name test
remotename PPTP
require-mppe-128
#file /etc/ppp/options.pptp
ipparam testvpn

In above Example. Make sure to change following items

1.1.1.1 > with your target vpn server IP address or name
name test > Replace TEST with your supplied vpn dialer user name

Save & Exit.

 


 

Test Dialer Connectivity …

To dial , use following command from terminal …

pppd call testvpn

In second terminal, open messages log file so you can see the log info (and error messages if any, useful in troubleshooting) …

tail -f /var/log/messages

Upon successful logon,  the messages log shoul show you something as following …

Apr 13 06:43:39 radius pppd[1441]: pppd 2.4.5 started by root, uid 0
Apr 13 06:43:39 radius pppd[1441]: Using interface ppp0
Apr 13 06:43:39 radius pppd[1441]: Connect: ppp0 <--> /dev/pts/2
Apr 13 06:43:39 radius pptp[1442]: anon log[main:pptp.c:314]: The synchronous pptp option is NOT activated
Apr 13 06:43:39 radius pptp[1450]: anon log[ctrlp_rep:pptp_ctrl.c:251]: Sent control packet type is 1 'Start-Control-Connection-Request'
Apr 13 06:43:39 radius pptp[1450]: anon log[ctrlp_disp:pptp_ctrl.c:739]: Received Start Control Connection Reply
Apr 13 06:43:39 radius pptp[1450]: anon log[ctrlp_disp:pptp_ctrl.c:773]: Client connection established.
Apr 13 06:43:40 radius pptp[1450]: anon log[ctrlp_rep:pptp_ctrl.c:251]: Sent control packet type is 7 'Outgoing-Call-Request'
Apr 13 06:43:40 radius pptp[1450]: anon log[ctrlp_disp:pptp_ctrl.c:858]: Received Outgoing Call Reply.
Apr 13 06:43:40 radius pptp[1450]: anon log[ctrlp_disp:pptp_ctrl.c:897]: Outgoing call established (call ID 0, peer's call ID 921).
Apr 13 06:43:40 radius pppd[1441]: CHAP authentication succeeded
Apr 13 06:43:40 radius pppd[1441]: MPPE 128-bit stateless compression enabled
Apr 13 06:43:41 radius pppd[1441]: local  IP address 172.16.0.249
Apr 13 06:43:41 radius pppd[1441]: remote IP address 172.16.0.1

 

You can also check vpn interface via

ip a | grep ppp

Result:

[root@radius ~]# ip a | grep ppp
13: ppp0: <POINTOPOINT,MULTICAST,NOARP,UP,LOWER_UP> mtu 1456 qdisc pfifo_fast state UNKNOWN qlen 3
link/ppp
inet 172.16.0.249 peer 172.16.0.1/32 scope global ppp0

Try pinging a system in the VPN network and you should get response from other side :)


 

 

ADDING ROUTE via pptp dialer to access remote / target destination

Khunjerab - Pass Route / Beautiful PAKISTAN :) / zaib

Khunjerab – Pass Route / Beautiful PAKISTAN :) / zaib

 

NOTE: This will not add any ROUTE information in routing table, you can add it manually or in ifup/down file, As I didn’t required any default gateway but I added just one static route to access specific server only, example:

> Edit or create following file /etc/ppp/ip-up.local

& add following entries

#!/bin/bash
route add -net 2.0.0.0/8 dev ppp0

Now assign it executable rights
chmod +x /etc/ppp/ip-up.local

Note: change 2.0.0.0/8 to match your remote target subnet you want to access via your linux pc. This is recommended method as it works on AUTO :)

 

Or if its just for one session , use following command

route add -net 192.168.10.0 netmask 255.255.255.0 gw 172.16.0.1 dev ppp0 

192.168.10.0 is the remote office server subnet, and 172.16.0.1 is the virtual gateway this pc should use to access remote site.

Or if all traffic should route via this , use (not tested yet)

route add default gw 172.16.0.1 ppp0

Howto Stop Dialer

To Stop dialer, you can simply kill it with

killall pppd

 


 

Howto add AUTO RE-CONNECT / RE-DIAL option

Note: To make it auto re-connect (redial) you can add following directives in your vpn configuration file (example /etc/ppp/peers/testvpn) to make it auto reconnect.

maxfail 0
persist

maxfail 0 and persist is for the connection to reconnect and retry forever.

You can also use script and schedule it to keep check on the dialer connectivity and perform specific action like inform you  via email, or whatever you like it to trigger. If interested in script base approach, there is already a good guide for this purposes here :)

http://www.jamescoyle.net/how-to/968-script-to-automatically-detect-and-restart-linux-pptp-client


 


.

Regard’s
Syed Jahanzaib

April 1, 2015

Howto display combined values of two interfaces in single MRTG graph

Filed under: Linux Related, Mikrotik Related — Tags: , — Syed Jahanzaib / Pinochio~:) @ 9:16 AM

mrtgmrtg-for-combo-wan

 


 

 

If you want to view combined value for two or more interfaces in single mrtg graph, here is the simple way to go…
[thanks to MRTG which supports simple math formulas as well :)  ]

Example:

On your router you have two wan interfaces (You’re not limited to just two) with the names of WAN1 and WAN2 (in load balancing mode or whatever) and you want to display single graph which should displays combined value for both interfaces so that you can have an idea how much WAN bandwidth is consuming (good to make average historical based graphs) , use following cfg

 


# combinedwan.cfg
Target[192.168.0.1_combowan]: #WAN1:publicsnmp@192.168.0.1: + #WAN2:publicsnmp@192.168.0.1:
MaxBytes[192.168.0.1_combowan]: 12500000
Title[192.168.0.1_combowan]: Traffic Analysis for BOTH DSL WAN Links WAN1+WAN2 -- MikroTik
PageTop[192.168.0.1_combowan]: <h1>Traffic Analysis for BOTH DSL WAN Links WAN1+WAN2  -- MikroTik</h1>
<div id="sysdetails">
<table>
<tr>
<td>System:</td>
<td>MikroTik Routerboard with Load Balacning</td>
</tr>
<tr>
<td>Maintainer:</td>
<td>aacable@hotmail.com</td>
</tr>
<tr>
<td>Description:</td>
<td>WAN1 + WAN2 Combined</td>
</tr>
<tr>
<td>ifType:</td>
<td>ethernetCsmacd (6)</td>
</tr>
<tr>
<td>ifName:</td>
<td>WAN1+WAN2</td>
</tr>
<tr>
<td>Max Speed:</td>
<td>100 Mbits/s</td>
</tr>
<tr>
<td>Ip: DYNAMIC</td>
<td>No Ip (No DNS name)</td>
</tr>
</table>
</div>

 


 

Note: Change the Interfaces names, SNMP string and IP according to your network setup. You can get interface numbers/names from the individual mrtg.cfg / router.cfg entries. cfgmaker can help you in this regard example

cfgmaker snmp@192.168.0.1 > router.cfg

 

Happy Graphing :)

Regard’s

Syed Jahanzaib

 

March 30, 2015

Playing with the Mikrotik’s PCC

Filed under: Mikrotik Related — Tags: — Syed Jahanzaib / Pinochio~:) @ 1:30 PM

GT_50mbx2


dual-wan-pcclb


Following post is an reference guide or scrapbook, which have working codes for following.

  1. Dual WAN PCC with 2 DSL modems [configured in bridge mode] and dialing is done via mikrotik
  2. Port forwarding various ports [as required] from the internet to local web server
  3. PPPoE Server

Note: I ahve used SOURCE BASE classifier in this example, to avoid common load balancing problems like https links breakup, buffering issues stuck problem etc etc : )

Just to remind this is not a copy paste version. its not complete export version. I modified the data for reference. Read them carefully for better understanding. You can pick any section of your choice or as required. I will add more sections later …


NETWORK DETAiLS :

Mikrotik LAN Interface name = Local
Mikrotik WAN 1 interface name = WAN1
Mikrotik WAN 2 interface name = WAN2

Mikrotik LAN IP Address = 192.168.0.1
WEB Server on LAN side = 192.168.0.10

Mikrotik IP POOL for LAN DHCP = 10.0.0.1/8
Mikrotik IP POOL for PPPoE Users = 172.16.0.0/16

Let’s Start ….

kick




# Syed Jahanzaib / aacable@hotmail.com
# https://aacable.wordpress.com
# Adding IP pool for dhcp and pppoe

/ip pool
add name=pppoe-pool ranges=172.16.0.1-172.16.1.255
add name=dhcp_pool ranges=10.0.0.1-10.0.0.255

# ADD dhcp server

/ip dhcp-server
add address-pool=dhcp_pool authoritative=after-2sec-delay bootp-support=static disabled=no interface=Local lease-time=6h name="ZAIB DHCP SERVER"
/ip dhcp-server config
set store-leases-disk=5m
/ip dhcp-server network
add address=10.0.0.0/8 comment="zaib DHCP SERVER" dhcp-option="" dns-server=192.168.0.1,8.8.8.8 gateway="" ntp-server="" wins-server=""

# Adding dsl pppoe client connections, make sure your dsl modems are in bridge mode.

/interface pppoe-client
add ac-name="" add-default-route=yes allow=pap,chap,mschap1,mschap2 dial-on-demand=no disabled=no interface=WAN1 max-mru=1480 max-mtu=1480 mrru=disabled name=pppoe-out1 password=ISP_DSL_PASSWORD profile=default \
service-name="" use-peer-dns=no user=ISP_DSL_USERNAME
add ac-name="" add-default-route=yes allow=pap,chap,mschap1,mschap2 dial-on-demand=no disabled=no interface=WAN2 max-mru=1480 max-mtu=1480 mrru=disabled name=pppoe-out2 password=ISP_DSL_PASSWORD profile=default \
service-name="" use-peer-dns=no user=ISP_DSL_USERNAME

# Adding PPPoE Default Profile

/ppp profile
add change-tcp-mss=default dns-server=192.168.0.1,8.8.8.8 local-address=192.168.0.1 name=pppoe-profile only-one=yes rate-limit=512k/512k remote-address=pppoe-pool use-compression=default use-encryption=no \
use-mpls=default use-vj-compression=default

# Adding PPPOE Server
/interface pppoe-server server
add authentication=pap default-profile=pppoe-profile disabled=no interface=Local keepalive-timeout=10 max-mru=1480 max-mtu=1480 max-sessions=0 mrru=disabled one-session-per-host=no service-name=service1

# Create address list and add your users pppoe pool and web server ip addresses in this list, later we will use this list as ACL to allow specific users internet access
/ip firewall address-list
add address=172.16.0.1-172.16.1.255 comment="Allowed Users to Use Internet" disabled=no list="allowed users"
add address=192.168.0.10 comment="Allowed Users to Use Internet" disabled=no list="allowed users"

# Now start Mangling /ip firewall mangle

############################################ &gt; Zaib
#  PORT FORWARDING RELATED MANGLE SECTION STARTS
############################################

# This section is related to packet marking for Marking connections/packets arrived at WAN1 link
add action=mark-connection chain=input comment="Mark Connection - IN wan1,OUT wan1 Syed.Jahanzaib" disabled=no in-interface=pppoe-out1 new-connection-mark=pppoe_out1_conn passthrough=yes
add action=mark-routing chain=output comment="Mark Routing - IN wan1,OUT wan1" connection-mark=pppoe_out1_conn disabled=no new-routing-mark=pppoe_out1_traffic passthrough=no

# This section is related to packet marking for Marking connections/packets arrived at WAN2 link
add action=mark-connection chain=input comment="Mark Connection - IN wan2, OUT wan2" disabled=no in-interface=pppoe-out2 new-connection-mark=pppoe_out2_conn passthrough=yes
add action=mark-routing chain=output comment="Mark Routing -  IN wan2,OUT wan2" connection-mark=pppoe_out2_conn disabled=no new-routing-mark=pppoe_out2_traffic passthrough=no

add action=mark-connection chain=forward comment="Mark Connection for new conn - Packet Forward wan1, out wan1" connection-state=new disabled=no in-interface=pppoe-out1 new-connection-mark=pppoe_out1_pfw \
passthrough=no
add action=mark-routing chain=prerouting comment="Mark Packets for new conn - Packet Forward wan1, out wan1" connection-mark=pppoe_out1_pfw disabled=no in-interface=Local new-routing-mark=\
pppoe_out1_traffic passthrough=no

add action=mark-connection chain=forward comment="Mark Connection for new conn - Packet Forward  wan2, out wan2" connection-state=new disabled=no in-interface=pppoe-out2 new-connection-mark=pppoe_out2_pfw \
passthrough=no
add action=mark-routing chain=prerouting comment="Mark Routing for new conn - Packet Forward  wan2, out wan2" connection-mark=pppoe_out2_pfw disabled=no in-interface=Local new-routing-mark=\
pppoe_out2_traffic passthrough=no

########################
#  GENERAL PCC SECTION
########################

# This section is related to packet marking for general PCC
add action=accept chain=prerouting disabled=no in-interface=pppoe-out1
add action=accept chain=prerouting disabled=no in-interface=pppoe-out2

# Classifier for dual WAN links
add action=mark-connection chain=prerouting disabled=no dst-address-type=!local new-connection-mark=wan1_conn passthrough=yes per-connection-classifier=src-address:2/0 src-address-list="allowed users"
add action=mark-connection chain=prerouting disabled=no dst-address-type=!local new-connection-mark=wan2_conn passthrough=yes per-connection-classifier=src-address:2/1 src-address-list="allowed users"

add action=mark-routing chain=prerouting connection-mark=wan1_conn disabled=no new-routing-mark=to_wan1 passthrough=yes src-address-list="allowed users"
add action=mark-routing chain=prerouting connection-mark=wan2_conn disabled=no new-routing-mark=to_wan2 passthrough=yes src-address-list="allowed users"

##########################################################
#  NAT / DST-NAT / MASQUERADE SECTION / PORT FORWARD
##########################################################

/ip firewall nat

###  Route WEB Port from wan links to local web server IP/PORT
add action=dst-nat chain=dstnat comment="Route WEB Server Port 80 from INTERNET LINK1" disabled=no dst-port=80 in-interface=pppoe-out1 protocol=tcp to-addresses=192.168.0.10 to-ports=80
add action=dst-nat chain=dstnat comment="Route WEB Server Port 80 from INTERNET LINK2" disabled=no dst-port=80 in-interface=pppoe-out2 protocol=tcp to-addresses=192.168.0.10 to-ports=80

### Allow internet access/masquerade to allowed users list only (ACL)
add action=masquerade chain=srcnat disabled=no out-interface=pppoe-out1 src-address-list="allowed users"
add action=masquerade chain=srcnat disabled=no out-interface=pppoe-out2 src-address-list="allowed users"

##################################################
#  ROUTE SECTION FOR PCC AND PORT FORWARD PACKETS
##################################################
# Add routes for general PCC
/ip route
add check-gateway=ping disabled=no distance=1 dst-address=0.0.0.0/0 gateway=pppoe-out1 routing-mark=to_wan1 scope=30 target-scope=10
add check-gateway=ping disabled=no distance=2 dst-address=0.0.0.0/0 gateway=pppoe-out2 routing-mark=to_wan2 scope=30 target-scope=10

# Add routes for IN/OUT port forwarding packets
add disabled=no distance=1 dst-address=0.0.0.0/0 gateway=pppoe-out1 routing-mark=pppoe_out1_traffic scope=30 target-scope=10
add disabled=no distance=1 dst-address=0.0.0.0/0 gateway=pppoe-out2 routing-mark=pppoe_out2_traffic scope=30 target-scope=10

Regard’s
Syed Jahanzaib

March 16, 2015

Windows 7 WEATHER GADGET ‘not working’ workaround!

Filed under: Microsoft Related — Tags: , — Syed Jahanzaib / Pinochio~:) @ 12:40 PM

From past few days, clients reported that Weather gadget stopped working with error “cannot connect to service …

gadgets-not-working

 


 

 

 

After doing some googling, it was revealed that dueto some security concerns Microsoft have discontinued it.  BUT  you can still Enable by following simple steps.

  1. Go to “C:\Users\USERNAME\AppData\Local\Microsoft\Windows Live\Services\Cache”
  2. Edit “Config.xml” by Right Click / EDIT
  3. Now donot change any thing & simply save it (CTRL+S or FILE -> Save) [without doing any modification]
  4. After 1-2 MINUTES, Restart the Gadget!

 

 

It will work Insha Allah !!!!

 

gadgets-working


 

 

Regard’s
Syed Jahanzaib

March 10, 2015

Extending Linux Partition in VMWARE ESXI

Filed under: Linux Related — Tags: , — Syed Jahanzaib / Pinochio~:) @ 4:36 PM

Reference Guide to extend partition size in Linux hosted on vmware

TASK: Linux (Centos) is hosted in Vmware  , Current size of disk is 10 GB, and we want to expand it to 15 GB.

First turn off the guess linux OS. and take its properties and extend the disk as showed in the image below…

 

1

2

Click on EXPAND and it will take some time to complete the operation …

.

once its completed, power ON the guest Linux.


 

 

Add a new partition with the free space of the virtual disk.

fdisk  /dev/sda

press n            < To add new partition
press p            < Select type PRIMARY
press 3            < Type number for new part…
(when it will ask for sectors numbers/values, pres Enter twice for default values)
press t            < To change partition type value
press 3           < Select partition number
press 8e         < Type 8e
press w          <type ‘w’ to write changes to disk

at end you will see following message…

The partition table has been altered!

As showed in the image below …

fdisk-gui

REBOOT THE GUEST OS NOW …

reboot


 

after reboot completes, Now, create a new physical volume from the new partition, issue following command two times

pvcreate /dev/sda3
pvcreate /dev/sda3

  Physical volume "/dev/sda3" successfully created

 

 

Then extend the existing volume group, you may want to use vgdisplay to list and identify the volume groups you have.

vgdisplay

vgdisplay
--- Volume group ---
VG Name               vg_radius
System ID
Format                lvm2
Metadata Areas        1
Metadata Sequence No  3
VG Access             read/write
VG Status             resizable
MAX LV                0
Cur LV                2
Open LV               2
Max PV                0
Cur PV                1
Act PV                1
VG Size               9.51 GiB
PE Size               4.00 MiB
Total PE              2434
Alloc PE / Size       2434 / 9.51 GiB
Free  PE / Size       0 / 0
VG UUID               MzawqN-X33a-e5AY-QxE4-WFHV-r5mh-IM4MuT

4

.

Now look at VG NAME value, note it down… (Your might be different)

vgextend vg_radius /dev/sda3

 Volume group "vg_radius" successfully extended

 

Now, extend the logical volume, again, use vgdisplay to list and identify the logical volumes you have.

lvextend /dev/vg_radius/lv_root  /dev/sda3

 Extending logical volume lv_root to 13.50 GiB
Logical volume lv_root successfully resized

 

And finally, resize the filesystem in the logical volume

resize2fs /dev/vg_radius/lv_root

 resize2fs 1.41.12 (17-May-2010)
Filesystem at /dev/vg_radius/lv_root is mounted on /; on-line resizing required
old desc_blocks = 1, new_desc_blocks = 1
Performing an on-line resize of /dev/vg_radius/lv_root to 3539968 (4k) blocks.
The filesystem on /dev/vg_radius/lv_root is now 3539968 blocks long.


 

Now check the new DISK SIZE in Action !!! ; ) ALHAMDOLILLAH

df -h

 Filesystem                     Size  Used Avail Use% Mounted on
/dev/mapper/vg_radius-lv_root   14G  897M   12G   7% /
tmpfs                          504M     0  504M   0% /dev/shm
/dev/sda1                      485M   31M  430M   7% /boot

 

after-size-increases-

 


 

 

Regard’s
Syed Jahanzaib

March 9, 2015

Mikrotik: WAN Data Monitoring via Scripting

Filed under: Mikrotik Related — Tags: , , , , — Syed Jahanzaib / Pinochio~:) @ 12:08 PM

As requested by few , specially from PK who are using PTCL DSL links and on few packages, PTCL have embossed Quota limit of 300GB (or likewise) and if the user exceed this limit, some penalty or extra charges are added in the monthly bill which is in some cases creates extra financial burden for DCN. Following are few scripts which can help you in this particular case that if the link crosses specific percentage of Quota limit, the link can be disabled, or second link (if available) can be activated or whatever operator chooses can be done by modifying the script action.

[The script idea was taken from the Mikrotik forum but those scripts didn’t performed well, therefore I modified and re-created few sections in some parts ]

Hope it will help you. Leave your comments …

Regard’s
Syed Jahanzaib



 

Scenario:

Two DSL Links , Primary DSL (ether1) have 4mb link with 50 GB data limit, where as secondary (or backup) link (ether2) have 2mbps with no data limit. Our requirement is to use Primary DSL Link which have higher bandwidth capacity and if the 50GB quota is reached to 90%, it should give warning (or email or disable Primary Link interface which have distance value of 1 and ENABLE Secondary Link which have distance value of 2 to auto take over)

Primary DSL = ether1
Secondary DSL = ether2

 


Scripts Description: [Tested with Mikrotik 6.27 Only]

In this example I have created 3 Scripts.

Benefit of using scripting method is that it can save values in a text file, so even if a route reboots, the script can retrieve last recorded data form the text file , that’s the biggest advantage for DCN ;) YKWIM

1- monitor_data

This script will get gather data from the interface stats and add it to text file which will be later read by second script which does the required action based on the counters in this file

2- check_useage

This script will read values from the text file created by above script, (monitor_data) and act accordingly to either ignore if the data usage is below specific value, and to perform what action if the data usage is above specific value.

3- check_date

This script will check in which the data value should be set to ZERO, usually start of month. So that counters can be reset.

 


 

1- MONITOR_DATA    [To get interface usage data]

Set this script in scheduler to run every hour. (collecting data every hour is reasonable IMHO]

# MONITOR_DATA Script (to get interface usage in file)
# First Part of WAN Data Quota Monitoring System
# Syed Jahanzaib / aacable@hotmail.com
# https://aacable.wordpress.com

# Set WAN interface you want to monitor
:local INT ether1

# Gather Interface RX bytes
:local counter [/interface get $INT rx-byte]

# Set Counter DATA value gathered by Interface RX bytes and add  TX bytes to get combined value
:set $counter ($counter + [/interface get $INT tx-byte])

:local traffic

# If previous data file not found, then create new one
:if ([:len [/file find where name=wandatauseage.txt]] < 1 ) do={
/file print file=wandatauseage.txt where name=wandatauseage.txt;
# Add some delay, for slow or high load routers
/delay delay-time=2;

# Adding Traffic Value in the file

/file set wandatauseage.txt contents="0";
};
:local before value=[/file get wandatauseage.txt contents]

:if ($counter > $before) do={
/file set wandatauseage.txt contents=$counter
} else= {
:set $traffic ($counter+$before)
/file set wandatauseage.txt contents=$traffic
};

 


2- check_usage    [To read data usage from file, and act accordingly]

Set this script in scheduler to run every hour or two.

# CHECK_USAGE > CHECK DATA USAGE Script (to read from file and act accordingly)
# Second Part of WAN Data Quota Monitoring System
# Syed Jahanzaib / aacable@hotmail.com
# https://aacable.wordpress.com</pre>
local traffic ([/file get wandatauseage.txt contents] / 1024 / 1024 / 1024)

# Set the WAN Interface Quota limit in GB
:local limit 50
:local percent ($traffic*100 / $limit)

# Set the percentage as required
:if ($percent >= 90) do={
:log warning "WAN INTERFACE Quota Exceeded 90% of $limit GB / zaib"

# OR Take specific action, either disable interface, change route, email , punch the fun-bags ; ) YKWIM ; ) etc etc
# Example Email like , but first make sure you have configured your email client properly
# /tool e-mail send to=YOUR_EMAIL_ADDRESS subject="WAN Traffic Quota warning: $percent% reached at $[/system clock get date], $[/system clock get time]" body="The traffic amount is $traffic GB \r\nThis is $percent% of the monthly limit\r\nQuota Monitor by Z"

}

Example if the quota reaches to its limit.

 

log_warning.

Example of EMAIL if the quota reaches to its limit.

 

email-war


 

3- check-date    [To reset counters in text file, if its 1st of the month]

Set this script in scheduler to run every daily in night at 1:00am, and if it found date to 1st of the month, it will reset the data counter file to zero.

# CHECK_DATE > CHECK DATE and RESET Counters on specific date ...
# Third Part of WAN Data Quota Monitoring System
# Syed Jahanzaib / aacable@hotmail.com
# https://aacable.wordpress.com

if  ([:pick [/system clock get date] ([:find [/system clock get date] "/" ] + 1) 6 ] = "01") do={/file set wandatauseage.txt contents="0"}

 


 

 

 

ME

February 24, 2015

Table ‘conntrack.tabidx’ doesn’t exist

Filed under: Linux Related — Tags: , — Syed Jahanzaib / Pinochio~:) @ 11:32 AM

mysql

Short reference:

While accessing RM users section , received “Table ‘conntrack.tabidx‘ doesn’t exist” error.
As showed in the image below …

 

1

This is how I fixed it.

On your RM box, create a file in which we will add table information.

touch conntrack.sql
nano conntrack.sql

Paste the following table

-- phpMyAdmin SQL Dump
-- version 2.11.0
-- http://www.phpmyadmin.net
--
-- Host: localhost
-- Generation Time: Sep 03, 2008 at 11:57 AM
-- Server version: 5.0.18
-- PHP Version: 5.1.2

SET SQL_MODE="NO_AUTO_VALUE_ON_ZERO";

--
-- Database: `conntrack`
--

-- --------------------------------------------------------

--
-- Table structure for table `tabidx`
--

DROP TABLE IF EXISTS `tabidx`;
CREATE TABLE IF NOT EXISTS `tabidx` (
`date` date NOT NULL,
PRIMARY KEY  (`date`)
) ENGINE=MyISAM DEFAULT CHARSET=utf8;

 

 

SAVE and exit.

Now use the following command to import table into mysql database ‘conntrack

mysql -h localhost -u root -pYOURPASS radius < conntrack.sql

 


 

FYI,

The table code have been extracted from radius manager installation archive.  Example:
/radiusmanager-4.x.x/sql/rconntrack.sql

You can import any missing table from above file and import it in mysql.


 

 

Regard’s
Syed_Jahanzaib

Automated installation Script For DMASOFTLAB RADIUS MANAGER v4.1 in CENTOS

Filed under: Linux Related — Tags: — Syed Jahanzaib / Pinochio~:) @ 10:49 AM

radiusmanager-modified

[As demanded by few Humans ;) ]

Following is an customized script to install DMASOFTLAB Radius Manager ver 4.1 in CENTOS 6.x / 32bit

The aim of writing this script was to save some time and efforts every time I put in new RM installation. Since DMA don’t have any official support forum (except for there email support which is valid for paid customers only) , so I thought it might be helpful for others too  by sharing this info :)

I know very well that It is not a perfect script, it can be very well shorten as per the requirement, but still it does it’s job very nicely with out any user intervention :)

Suggestions are most welcome at  . . .
aacable @ hotmail . com

Requirements:

1- Fresh Installation of CENTOS 6.x 32bit  (script is well tested with 6.6 edition 32bit edition only)

2- good Internet access, off course ; )

3- Valid License files provided by DMASOFTLAB , valid with your physical (or virtual) interface MAC address [You can upload your license files in /temp folder as this script will try to copy the 2 licenses files required [lic.txt and mod.txt] from temp folder to appropriate place.


 

What components does this script add to the system ?

This script will install following in your system. (as per order nos.)

> Disable iptables service , ipv6 and selinux in centos

> Download Radius Manager from remote location (preferably Google Drive, adjustable in the script)

> Install necessary components like mysql , apache2, php5 etc

> Download and install dmasoftlab required components like libltd* , IONCUBE and add its entries in Apache’s php config file

> Download and compile freeradius-server-2.2.0-dma-patch-2 package

> Add Radius & Conntrack DB in mysql suing CLI (I have configured default password for mysql which is ‘zaib1234′ , you can change it later)

> Extract Radius Manager Installation file & install it accordingly.

> Restart Services like apache2, mysql, radius


 

IMPORTANT:


1-
Before accessing RM ACP , make sure you upload valid LICENSE files in /var/www/html/radiusmanager folder

2- This script will set mysql password to “zaib1234″ , you can change it later.


How-to Execute The Script  !!

There are several ways to do it, one is explained below . . .

Create a new script

touch /rm-centos-32bit.sh
chmod +x /rm-centos-32bit.sh
vi /rm-centos-32bit.sh


Now copy paste the following code.

 


#!/bin/bash
clear
echo "$COL_GREEN Radius Manager installer script for CENTOS 6.x 32bit"
echo "Copyright 2004-2013, DMA Softlab LLC"
echo "All right reserved.. $COL_RESET"
echo "$COL_GREEN Script modified by Syed Jahanzaib for CENTOS"

# Colors Config  . . . [[ JZ . . . ]]
ESC_SEQ="\x1b["
COL_RESET=$ESC_SEQ"39;49;00m"
COL_RED=$ESC_SEQ"31;01m"
COL_GREEN=$ESC_SEQ"32;01m"

# Variables & Paths [jz]
wwwpath="/var/www/html"
radhost="localhost"
myusr_rad="radius"
mypsw_radius="radius123"
ctshost="localhost"
myusr_cts="conntrack"
mypsw_cts="conn123"
radusr="root"
httpusr="apache"

# MySQL ROOT Password , Change this variable according to your own setup if required. . . [[ JZ . . . ]]
sqlpass="zaib1234"

# RM Installation Package Download URL , Change this variable according to your own setup , if required. . . [[ JZ . . . ]]
#rmurl="http://wifismartzone.com/files/rm_related"
#Google Drive link is more reliable
rmurl="https://b59d0c94e88b62119ea102d0f74a3ba5fc260ea6.googledrive.com/host/0B8B_P2ljEc2xUEgyb1RjcWl1aUE"

# Temporary Folder where all software will be downloaded . . . [[ JZ . . . ]]
temp="temp"

# Packages which will be installed as pre requisite and to make your life easier
PKG="nano wget curl net-tools lsof mc make gcc libtool-ltdl curl httpd mysql-server mysql-devel net-snmp net-snmp-utils php php-mysql php-gd php-snmp php-process"

# Turn off iptables and disabled
echo -e "$COL_GREEN Disabling iptables service, $COL_RESET"
service iptables stop
chkconfig iptables off

echo -e "$COL_GREEN Disabling IPv6 to avoid slow link issue $COL_RESET"
echo "net.ipv6.conf.all.disable_ipv6 = 1" >> /etc/sysctl.conf
echo "net.ipv6.conf.default.disable_ipv6 = 1" >> /etc/sysctl.conf
echo "net.ipv6.conf.lo.disable_ipv6 = 1" >> /etc/sysctl.conf

# Turn off SELINUX andd disable it on boot
echo -e "$COL_GREEN Disabling SELINUX & setting it disabled on boot ... $COL_RESET"
echo 0 > /selinux/enforce
sed -i "s/=enforcing/=disabled/g" /etc/selinux/config

# Installing WGET which is not in default installation of CENTOS 6.5 Minimal [jz]
sleep 3
echo -e "$COL_GREEN Installing WGET to fetch required tools later ... $COL_RESET"
yum install -y wget

# Checking if /temp folder is previously present or not . . .
{
if [ ! -d "/temp" ]; then
echo
echo -e "$COL_RED /temp folder not found, Creating it so all downloads will be placed here  . . . $COL_RESET"
mkdir /$temp
else
echo
echo -e "$COL_GREEN /temp folder is already present , so no need to create it, Proceeding further . . . $COL_RESET"
echo
fi
}

# Clearing Old downloads in /temp to avoid DUPLICATIONS . . .
echo -e "$COL_RED Clearing Old downloads in /temp to avoid DUPLICATIONS . . . $COL_RESET"

rm -fr /$temp/radiusmanager*.*
rm -fr /$temp/freeradius*.*
rm -fr /$temp/libltd*.*
rm -fr /$temp/ioncube*.*
rm -fr /$temp/php-my*
rm -fr /$temp/libmy*
rm -fr /$temp/rm4.txt

# Checking IF $rmurl is accessible m if YES then continue further , otherwise EXIT the script with ERROR ! [[ JZ .. . .]]
echo -e "$COL_GREEN Checking if zaib Google Drive or other URL to download requires  packages is accessible in order to proceed further. . .!! $COL_RESET"
sleep 3
cd /$temp
wget -q $rmurl/rm4.txt
{
if [ ! -f /$temp/rm4.txt ]; then
echo
echo -e "$COL_RED ERROR: Unable to contact $rmurl, or possibly internet is not working or your IP is in black list at destination server  !! $COL_RESET"
echo -e "$COL_RED ERROR: Please check manual if $rmurl is accessible or not or if it have required files, JZ  !! $COL_RESET"
exit 0
fi
}

######################

echo -e "$COL_GREEN $url accessible $COL_RESET ......OK......"
echo -e "$COL_GREEN Downloading RADIUS MANAGER 4.1.0 package from INTERNET  .  (Press CTRL+C to stop any time) $COL_RESET"
wget $rmurl/radiusmanager-4.1.0.tgz
# Checking if RM installation file have been downloaded. if YES continue further , otherwise EXIT the script with ERRO ! [[ JZ .. . .]]
{
if [ ! -f /$temp/radiusmanager-4.1.0.tgz ]; then
echo .
echo -e "$COL_RED ERROR: RM Installation File could not be download or found in /$temp ! $COL_RESET"
exit 0
fi
}

echo -e "$COL_GREEN Installing some tools and other rpe requisite for the application ... ! $COL_RESET"
yum install -y $PKG
echo -e "$COL_GREEN YUM install/update Done.! $COL_RESET"

echo -e "$COL_GREEN Installing LIBMYCRYPT and PHPMCRYPT ... ! $COL_RESET"
wget $rmurl/libmcrypt-2.5.8-9.el6.i686.rpm
wget $rmurl/php-mcrypt-5.3.2-3.el6.i686.rpm
rpm -i libmcrypt-2.5.8-9.el6.i686.rpm
rpm -i php-mcrypt-5.3.2-3.el6.i686.rpm
sleep 3

# IONCUBE Installation:
# Now Download ioncube library and add it to php  . . . [[ JZ . . . ]]
echo .
echo -e "$COL_GREEN Installing IONCUBE  .  (Press CTRL+C to stop any time) $COL_RESET"
wget $rmurl/ioncube_loaders_lin_x86.tar.gz

# Checking if IONCUBE installation file have been downloaded. if YEs continue further , otherwise EXIT the script with ERROR ! [[ JZ .. . .]]
{
if [ ! -f /$temp/ioncube_loaders_lin_x86.tar.gz ]; then
echo .
echo -e "$COL_RED ERROR: COULD NOT DOWNLOAD IONCUBE !!! EXITING . . .  $COL_RESET"
exit 0
fi
}

tar zxvf ioncube_loaders_lin_x86.tar.gz
mkdir /usr/local/ioncube
cp -fr /$temp/ioncube/* /usr/local/ioncube/

# Now Add the appropriate ionCube loader to your php.ini . . . [JZ]
echo .
echo -e "$COL_GREEN Adding iONCUBE extension in PHP config file  .  (Press CTRL+C to stop any time) $COL_RESET"
echo "zend_extension=/usr/local/ioncube/ioncube_loader_lin_5.3.so" >> /etc/php.ini
echo .
echo -e "$COL_GREEN Downloading FREERADiUS 2.2.20-dma-patch-2 package  .  (Press CTRL+C to stop any time) $COL_RESET"
wget $rmurl/freeradius-server-2.2.0-dma-patch-2.tar.gz

# Checking if FREERADIUS is downloaded, just to make sure internet is working ,IF NOT, EXIT the script with ERROR ! [[ JZ .. . .]]
{
if [ ! -f /$temp/freeradius-server-2.2.0-dma-patch-2.tar.gz ]; then
echo .
echo -e "$COL_RED ERROR: COULD NOT DOWNLOAD FREERADIUS 2.2.20-dma-patch-2, possible INTERNET is not Working !!! EXITING . . .  $COL_RESET"
exit 0
fi
}

echo .
echo -e "$COL_GREEN Starting to Compile FREERADIUS  ...  (Press CTRL+C to stop any time) $COL_RESET"
sleep 3

cd /$temp
tar zxvf freeradius-server-2.2.0-dma-patch-2.tar.gz
cd /$temp/freeradius-server-2.2.0/

### Now proceed with the compilation of FREERAIDUS , applicable for all
./configure
make
make install
ldconfig
echo -e "$COL_GREEN Starting FREERADIUS by radiusd -xx coommand & start radius service.  (Press CTRL+C to stop any time) $COL_RESET"
radiusd -xx
service radiusd start
sleep 3

# ================================================================
# Creating MySQL databases with MySQL command line tool . . . [JZ]
# ================================================================
# ** FROM CLI ** . . . [JZ]
echo -e "$COL_GREEN Starting MYSQLD servuce to create Radius Manager Database.  (Press CTRL+C to stop any time) $COL_RESET"
echo -e "$COL_GREEN MYSQL password is set to   'zaib1234'  $COL_RESET"
service mysqld start
mysqladmin -u root password 'zaib1234'
echo .
echo -e "$COL_GREEN adding RADIUS user & DB in MYSQL  .  (Press CTRL+C to stop any time) $COL_RESET"
mysql -u root -p$sqlpass -e "create database radius";
mysql -u root -p$sqlpass -e "create database conntrack";
mysql -u root -p$sqlpass -e "CREATE USER '$myusr_rad'@'$radhost' IDENTIFIED BY '$mypsw_radius';"
mysql -u root -p$sqlpass -e "CREATE USER '$myusr_cts'@'$radhost' IDENTIFIED BY '$mypsw_cts';"
mysql -u root -p$sqlpass -e "GRANT ALL ON radius.* TO radius@$radhost;"
mysql -u root -p$sqlpass -e "GRANT ALL ON conntrack.* TO conntrack@$radhost;"

# UNTAR Copy WEB content

echo "$COL_GREEN Copying Radius Manager WEB content to $wwwpath/radiusmanager $COL_RESET"
cd /$temp
tar zxvf radiusmanager-4.1.0.tgz
mkdir $wwwpath/radiusmanager
cp -fr /$temp/radiusmanager-4.1.0/www/radiusmanager $wwwpath
sleep 3

# rename .dist files

mv $wwwpath/radiusmanager/config/paypal_cfg.php.dist $wwwpath/radiusmanager/config/paypal_cfg.php
mv $wwwpath/radiusmanager/config/netcash_cfg.php.dist $wwwpath/radiusmanager/config/netcash_cfg.php
mv $wwwpath/radiusmanager/config/authorizenet_cfg.php.dist $wwwpath/radiusmanager/config/authorizenet_cfg.php
mv $wwwpath/radiusmanager/config/dps_cfg.php.dist $wwwpath/radiusmanager/config/dps_cfg.php
mv $wwwpath/radiusmanager/config/2co_cfg.php.dist $wwwpath/radiusmanager/config/2co_cfg.php
mv $wwwpath/radiusmanager/config/payfast_cfg.php.dist $wwwpath/radiusmanager/config/payfast_cfg.php

# set ownership and permissions

chown $httpusr $wwwpath/radiusmanager/config
chown $httpusr $wwwpath/radiusmanager/config/system_cfg.php
chown $httpusr $wwwpath/radiusmanager/config/paypal_cfg.php
chown $httpusr $wwwpath/radiusmanager/config/netcash_cfg.php
chown $httpusr $wwwpath/radiusmanager/config/authorizenet_cfg.php
chown $httpusr $wwwpath/radiusmanager/config/dps_cfg.php
chown $httpusr $wwwpath/radiusmanager/config/2co_cfg.php
chown $httpusr $wwwpath/radiusmanager/config/payfast_cfg.php
mkdir -p $wwwpath/radiusmanager/tmpimages
chown $httpusr $wwwpath/radiusmanager/tmpimages
chown $httpusr $wwwpath/radiusmanager/tftpboot
chmod 600 $wwwpath/radiusmanager/config/system_cfg.php
chmod 600 $wwwpath/radiusmanager/config/paypal_cfg.php
chmod 600 $wwwpath/radiusmanager/config/netcash_cfg.php
chmod 600 $wwwpath/radiusmanager/config/authorizenet_cfg.php
chmod 600 $wwwpath/radiusmanager/config/dps_cfg.php
chmod 600 $wwwpath/radiusmanager/config/2co_cfg.php
chmod 600 $wwwpath/radiusmanager/config/payfast_cfg.php
chmod 644 $wwwpath/radiusmanager/config/docsis_keyfile
chmod 644 $wwwpath/radiusmanager/config/docsis_template

# chmod and copy binaries
cd /$temp/radiusmanager-4.1.0/
echo "Copying binaries to /usr/local/bin"
chmod 755 bin/rm*
cp bin/rm* /usr/local/bin

echo "Copying rootexec to /usr/local/sbin"
cp bin/rootexec /usr/local/sbin
chmod 4755 /usr/local/sbin/rootexec

# chmod and copy radiusmanager.cfg

echo "Copying radiusmanager.cfg to /etc"
cp etc/radiusmanager.cfg /etc
chown $radusr /etc/radiusmanager.cfg
chmod 600 /etc/radiusmanager.cfg

# create Tables

echo -e "$COL_GREEN Creating MYSQL Table $COL_RESET"
mysql -h $radhost -u $myusr_rad -p$mypsw_radius radius < sql/radius.sql
mysql -h $radhost -u $myusr_cts -p$mypsw_cts conntrack < sql/conntrack.sql

# create rmpoller service
echo "Enabling rmpoller service at boot time"
cp rc.d/rmpoller /etc/init.d
chown root.root /etc/init.d/rmpoller
chmod 755 /etc/init.d/rmpoller
chkconfig --add rmpoller

# create rmconntrack service
echo "Enabling rmconntrack service at boot time"
cp rc.d/rmconntrack /etc/init.d
chown root.root /etc/init.d/rmconntrack
chmod 755 /etc/init.d/rmconntrack
chkconfig --add rmconntrack

# copy radiusd init script

echo "$COL_GREEN Enabling radiusd service at boot time $COL_RESET"
chmod 755 rc.d/redhat/radiusd
cp rc.d/redhat/radiusd /etc/init.d
chkconfig --add radiusd

# copy logrotate script
echo "Copying logrotate script"
cp etc/logrotate.d/radiusd /etc/logrotate.d/radiusd

# copy cron job script
echo "$COL_GREEN Copying cronjob script $COL_RESET"
cp etc/cron/radiusmanager /etc/cron.d/radiusmanager
chmod 644 /etc/cron.d/radiusmanager

# comment out the old style cron job
sed -i 's/02\ 0\ \*\ \*\ \*\ root\ \/usr\/bin\/php/#2\ 0\ \*\ \*\ \*\ root\ \/usr\/bin\/php/g' /etc/crontab

# set permission on raddb files
echo "$COL_GREEN Setting permission on raddb files $COL_RESET"
chown $httpusr /usr/local/etc/raddb
chown $httpusr /usr/local/etc/raddb/clients.conf
sleep 3

echo -e "$COL_GREEN Re-Starting Apache2, Radius Service & add them in startup... $COL_RESET"
service httpd restart
chkconfig --add mysqld
chkconfig --add httpd
chkconfig --add radiusd
chkconfig mysqld on
chkconfig httpd on
chkconfig radiusd on

cp /temp/lic.txt $wwwpath/radiusmanager
cp /temp/mod.txt $wwwpath/radiusmanager

echo .
echo .
echo .
echo .
echo .
echo -e "$COL_GREEN All Done. Kindly RESTART the system one time to maek sure everything is ok on reboot."
echo -e "Dont forget to upload the correct License files for your valid MAC address in /var/www/html/radiusmanager folder"
echo -e "Please access ADMIN panel via http://yourip/radiusmanager/admin.php $COL_RESET"
echo -e "DMASOFTLAB RM Installation script modified for CENTOS by $COL_RED SYED JAHANZAIB / aacable@hotmail.com $COL_RESET"

 

Save & Exit …


 

 

Now execute the script by

/rm-centos-32bit.sh

 

After the script ends, do make sure that you don’t see any Error’s  on the installation. Thats why I have added 3 Seconds delay in few section so you can view the results.

Now UPLOAD your valid License into /var/www/radiusmanager OTEHRWISE YOU WILL SEE BLANK PAGE ON ACCESSING RM ADMIN PANEL.

.

Now try to access RM ACP via browser by

http://yourip/radiusmanager/admin.php

.

If you get blank page, then use tail command to view Apache error log , example

tail -f /var/log/apache2/error.log

.

OR more specifically

tail -f /var/log/apache2/error.log |grep lic

.

If you see any error like showed in the image below . . . (for not valid license), then make sure your license files are valid for right version and with the right mac address interface.

.

rm-lic-error.

.

.

To deploy Radius Manager Patch 5 (4.1.5) , Kindly see the following Link

https://aacable.wordpress.com/2014/02/28/radius-manager-4-1-patch5-deployment/

I will add few snapshots and video as soon as I get some time.

.

.

.

Regard’s
Syed Jahanzaib

February 20, 2015

LEGACY OF CENTOS ! Continued …

Filed under: Linux Related — Tags: , , — Syed Jahanzaib / Pinochio~:) @ 3:14 PM

Some personnel notes /references for CENTOS , as my future R&D will be done mainly in centos dueto its preloaded options for ease of use.


 

x- CENTOS  6.6  <32 bit>   DOWNLOAD LINK   …

http://mirrors.nayatel.com/centos/6.6/isos/i386/CentOS-6.6-i386-minimal.iso

 


 

1- Configuring Static IP address in CENTOS [6.x]

If you want to configure static IP address in CENTOS, then edit following file

vi /etc/sysconfig/network-scripts/ifcfg-eth0

Use following as sample

DEVICE=eth0
HWADDR=00:0C:29:73:0A:5A
TYPE=Ethernet
UUID=d34531a1-3c76-4527-8e50-448857568abc
ONBOOT=yes
NM_CONTROLLED=no
BOOTPROTO=static
IPADDR=192.168.10.2  # IP Address you want to fix
NETMAST=255.255.255.0   # Netmask as per network
GATEWAY=192.168.10.1   # Your Router/DLS Gateway
DNS1=8.8.8.8   # Your ISP DNS or standard Google dns

Note: set following for sure

NM_CONTROLLED=no
BOOTPROTO=static
ONBOOT=yes

Save & Exit, and restart the network service or interface to take effect

service network restart

OR

ifdown eth0
ifup eth0

Issue IFCONFIG command to verify the result.

centos7 is a mess :( so better to stick with 6


2- Change/Clone MAC address

To change mac address in CENTOS , edit your required ethernet network config file , Example …

nano /etc/sysconfig/network-scripts/ifcfg-eth0

here you will see HWADDR line with current mac address, dont modify it, just add another line above it, like following

MACADDR=00:11:11:11:11:11          < Add this line with your required mac address
HWADDR=00:22:22:22:22:22       < Your current mac address

An example of full cfg file for eth0

DEVICE=eth0
MACADDR=00:11:11:11:11:11
HWADDR=00:22:22:22:22:22
TYPE=Ethernet
UUID=d34531a1-3c76-4527-8e50-448857568abc
ONBOOT=yes
NM_CONTROLLED=no
BOOTPROTO=static
IPADDR=192.168.1.2
NETMAST=255.255.255.0
GATEWAY=192.168.1.1
DNS1=8.8.8.8

Save & Exit, and restart the network service or interface to take effect

service network restart

OR

ifdown eth0
ifup eth0

Issue IFCONFIG command to verify the result.

OR

use the sed shortcut ;)

sed -i -e ‘1iHere is my new top line\’ filename


 

3- Disabling default firewall SELINUX

To disable SELINUX temporary for the current session, use following…

echo 0 > /selinux/enforce

>

To disable builtin firewall permanently in centos, edit following

vi /etc/selinux/config

and change the

SELINUX=enforcing

to

SELINUX=disabled

Save & Exit & reboot to take effect.

Or use the SED shortcut to replace the string within cli ;) # Zaib

sed -i "s/=enforcing/=disabled/g" /etc/selinux/config


4- Disabling IPTABLES

To disable iptables services

service iptables off
chkconfig iptables off

You can check the status with following

service iptables status

and you can also use following command to clear the current iptables (for the current session only)

iptables -F
iptables -X
iptables -t nat -F
iptables -t nat -X
iptables -t mangle -F
iptables -t mangle -X
iptables -P INPUT ACCEPT
iptables -P OUTPUT ACCEPT
iptables -P FORWARD ACCEPT

 

5- Some must-have tools

yum install -y nano wget curl net-tools lsof

6- SERVICES Related

service --status-all

To disable service on startup , use

chkconfig httpd off

To always start any service on boot, use

chkconfig --add httpd on 

7- Excluding slow mirrors

When I was installing some packages in Centos and the YUm was doing it at painfully slow speed, I figured the mirror (indian and bangladeshi mirror sites) were very slow. So I disabled two mirrors domain it was selecting in start which were .in and .bd

use following file

nano /etc/yum/pluginconf.d/fastestmirror.conf

and add the slow mirror (to be excluded) like

exclude=.in, .bd, xyz.com

or use the cli command to add it in the file

echo "exclude=.gov, .in, .vn, mirror-fpt-telecom.fpt.net" >> //etc/yum/pluginconf.d/fastestmirror.conf

 8- How to Check CentOS Version / kernel Number

cat /etc/centos-release
uname -a

9- Howto Disable IPV6 in CENTOS  [Tested on 6.x versions]

First edit sysctl.conf file in any editor , e.g:

nano /etc/sysctl.conf

and add following lines in the end

# IPv6
net.ipv6.conf.all.disable_ipv6 = 1
net.ipv6.conf.default.disable_ipv6 = 1
net.ipv6.conf.lo.disable_ipv6 = 1

OR
Use following to add them directly to file using echo command

echo >> /etc/sysctl.conf  net.ipv6.conf.all.disable_ipv6 = 1
echo >> /etc/sysctl.conf net.ipv6.conf.default.disable_ipv6 = 1
echo >> /etc/sysctl.conf net.ipv6.conf.lo.disable_ipv6 = 1

Save and Exit and execute following to activate changes :)

sysctl -p

 

10- Howto install PHPMYADMIN in centos 6.x

To install PHPMYAMDIN which is a good tool to manage your mysql via GUI in centos, use following…

 cd /tmp
wget http://download.fedoraproject.org/pub/epel/6/i386/epel-release-6-8.noarch.rpm
rpm -ivh epel-release-6-8.noarch.rpm

yum search phpmyadmin
yum -y install phpmyadmin

Now You need to edit /etc/httpd/conf.d/phpMyAdmin.conf file, enter:

vi /etc/httpd/conf.d/phpMyAdmin.conf

Replace your ip in

Require ip 127.0.0.1

Allow from 127.0.0.1

Change 127.0.0.1 to your management pc ip from where you want to access phpmyadmin

after saving, restart the httpd service.

service httpd restart

 

Or use the SED shortcut to replace the string within cli ;) # Zaib

sed -i "s/127.0.0.1/10.0.0.1/g" /etc/selinux/config

[replace 10.0.0.1 with your management pc ip]

 

To be continued …

#z@iB

February 16, 2015

Expanding Possibilities / Howto add 3rd party packages in Mikrotik KVM/Metarouter!

Filed under: Mikrotik Related — Tags: , , , — Syed Jahanzaib / Pinochio~:) @ 2:22 PM

As asked by few friends, i thoughts its a good idea to share it with all.
Last Update: 5th March, 2015, 08:43 am

 

1- Whatis Metarouter
2- Howto install Metarouter in Mikrotik Routerboard
3- Howto install APACHE web server in METAROUTER to host your web files.
4- Howto install ASTERISK 1.8 with GUI [Feb 2015]
5- Howto setup NTP to solve DATE Time synch issue [5th March, 2015 8:43am]
6- Howto disable firewall [17th Mrach, 2015 13:00 hrs]

1- What is METAROUTER?

as defined by Greg

Metarouter is a way to have logical routers running on your existing routerboard. In essence, you create a virtual router on your RB, then you assign some interfaces to it. You then can hand this virtual router off to a customer hand allow them to administer it without effecting any of the core functions necessary on the device. .”

Also on METAROUTER you can use openwrt image to host tiny linux and its few apps in it. like APACHE, asterisk etc. web server was in highly demand by local cable operator who wanted to host NON payment/reminder page to be shown at there clients.

Currently MetaRouter can be used on

  • RB4xx, RB7xx series, RB900 series, RB2011.xx boards
  • Listed PPC boards: RB1000, RB1100, RB1100AH and RB800.

 

Hardware Software Used in this guide:

Routerboard Model = RB2011UiAS-2HnD
Mikrotik ROS version = 6.27

2- Howto install METAROUTER in Mikrotik Routerboard

First download OPENWRT image into mikrotik. Open New Terminal, and issue following command …

/tool fetch url=http://openwrt.wk.cz/trunk/mr-mips/openwrt-mr-mips-rootfs-31411-basic.tar.gz

Now import the openwrt downloaded in above step,

As showed in the mage below …

2- Import Image

Now we need to add virtual network interface into this machine. We also have to provide valid network configuration with internet access so that it can download required software later. For this demonstration purposes I added manual IP , but you can use virtual bridge and use your mikrotik DHCP serve to allow internet access to the metarouter machine or whatever you prefer to establish network connectivity.

In the below pic, I selected ETHER2 which is LAN interface of mikrotik host.

add interface

 

.

Now double click on newly created machine and select CONSOLE and press enter key few times to get command prompt.

6- Open Metarouter CONSOLE zaib

.

Edit the network configuration file.

vi /etc/config/network

Press “i” to enter edit mode.

and configure the network as per your local need.

 

 

7- edit interface settings.

Add DNS server entry for resolving internet hosts …

vi /etc/resolv.conf

dns

 

After setting network configuration, save and exit. enable/restart the network services so changes can take effect.

/etc/init.d/network enable
/etc/init.d/network restart

Now try to ping any internet site to verify the connectivity. On successful attempt, you should get reply.

.

8- ping successfull

.

 

3- Howto install APACHE web server in METAROUTER to host your files.

Install APACHE web server with OPKG (like yum or apt-get)

Edit the opkg file

vi /etc/opkg.conf

Change a string in first line, as it should be like below one …

src/gz snapshots http://openwrt.wk.cz/trunk/mr-mips/packages

Now update opkg (like you do in ubuntu to update apt-get)

opkg update
opkg install apache

its better if you restart your mikrotik routerboard with reboot command so that all changes should take effect properly otherwise you MAY see few errors on accessing apache.

Now start apache service

apachctl start

(or restart as required)

Access via browser

10-apache works

html index files are placed at

/usr/share/htdocs


4- Howto install ASTERISK 1.8 with GUI

Make metarouter machine with following image,and setup proper networking.

/tool fetch url=http://ms1.nserver.us/openwrt.wk.cz/kamikaze/openwrt-mr-mips-rootfs-18961.tar.gz

Edit /etc/opkg.conf and use following repository

src/gz snapshots http://ms1.nserver.us/openwrt.wk.cz/kamikaze/packages/mr-mips
dest root /
dest ram /tmp
lists_dir ext /var/opkg-lists
option overlay_root /jffs

Save and exit. then update opkg , install asterisk , and start it.

opkg update
opkg install asterisk18 asterisk18-codec-alaw asterisk18-chan-iax2 asterisk-gui
/etc/init.d/asterisk enable
/etc/init.d/asterisk start

Upon successful start you can see following ports (5038 and 8088 started) as showed below …

root@metarouter:~# netstat -l
Active Internet connections (only servers)
Proto Recv-Q Send-Q Local Address           Foreign Address         State
tcp        0      0 0.0.0.0:5038            0.0.0.0:*               LISTEN
tcp        0      0 0.0.0.0:80              0.0.0.0:*               LISTEN
tcp        0      0 0.0.0.0:22              0.0.0.0:*               LISTEN
tcp        0      0 0.0.0.0:8088            0.0.0.0:*               LISTEN

Now you can access asterisk GUI via

http://ipofmetarouter:8088

Default ID Password is

Id = admin
Password = ast-owrt

You can change the password and other stuff in /etc/asterisk/manager.conf

Note: in RB750 , client faced issue that after rebooting / power on off the host router, web page of asterisk doesnt work and time out. on RB2011 there was no such issue with same image.


5- Howto setup NTP to solve DATE Time synch issue

Mikrotik itself and most hardware devices supported by OpenWrt do not have a hardware clock.Therefore use NTP package to solve the date time synch issue,

opkg update
opkg install ntpd
/etc/init.d/sysntpd disable
/etc/init.d/ntpd enable
/etc/init.d/ntpd start

# To view if NTP is started properly or not
netstat -l | grep ntp

Note: It will take some after reboot to synch time with the internet, make sure internet is operational in metarouter.


 6- Howto disable firewall [17th Mrach, 2015 13:00 hrs]

/etc/init.d/firewall stop
/etc/init.d/firewall disable
reboot

 




To be continued ….

Regard’s
Syed Jahanzaib

Older Posts »

The Silver is the New Black Theme. Blog at WordPress.com.

Follow

Get every new post delivered to your Inbox.

Join 2,713 other followers