Syed Jahanzaib Personnel Blog to Share Knowledge !

March 16, 2015

Windows 7 WEATHER GADGET ‘not working’ workaround!

Filed under: Microsoft Related — Tags: , — Syed Jahanzaib / Pinochio~:) @ 12:40 PM

From past few days, clients reported that Weather gadget stopped working with error “cannot connect to service …






After doing some googling, it was revealed that dueto some security concerns Microsoft have discontinued it.  BUT  you can still Enable by following simple steps.

  1. Go to “C:\Users\USERNAME\AppData\Local\Microsoft\Windows Live\Services\Cache”
  2. Edit “Config.xml” by Right Click / EDIT
  3. Now donot change any thing & simply save it (CTRL+S or FILE -> Save) [without doing any modification]
  4. After 1-2 MINUTES, Restart the Gadget!



It will work Insha Allah !!!!





Syed Jahanzaib

March 10, 2015

Extending Linux Partition in VMWARE ESXI

Filed under: Linux Related — Tags: , — Syed Jahanzaib / Pinochio~:) @ 4:36 PM

Reference Guide to extend partition size in Linux hosted on vmware

TASK: Linux (Centos) is hosted in Vmware  , Current size of disk is 10 GB, and we want to expand it to 15 GB.

First turn off the guess linux OS. and take its properties and extend the disk as showed in the image below…




Click on EXPAND and it will take some time to complete the operation …


once its completed, power ON the guest Linux.



Add a new partition with the free space of the virtual disk.

fdisk  /dev/sda

press n            < To add new partition
press p            < Select type PRIMARY
press 3            < Type number for new part…
(when it will ask for sectors numbers/values, pres Enter twice for default values)
press t            < To change partition type value
press 3           < Select partition number
press 8e         < Type 8e
press w          <type ‘w’ to write changes to disk

at end you will see following message…

The partition table has been altered!

As showed in the image below …





after reboot completes, Now, create a new physical volume from the new partition, issue following command two times

pvcreate /dev/sda3
pvcreate /dev/sda3

  Physical volume "/dev/sda3" successfully created



Then extend the existing volume group, you may want to use vgdisplay to list and identify the volume groups you have.


--- Volume group ---
VG Name               vg_radius
System ID
Format                lvm2
Metadata Areas        1
Metadata Sequence No  3
VG Access             read/write
VG Status             resizable
MAX LV                0
Cur LV                2
Open LV               2
Max PV                0
Cur PV                1
Act PV                1
VG Size               9.51 GiB
PE Size               4.00 MiB
Total PE              2434
Alloc PE / Size       2434 / 9.51 GiB
Free  PE / Size       0 / 0
VG UUID               MzawqN-X33a-e5AY-QxE4-WFHV-r5mh-IM4MuT



Now look at VG NAME value, note it down… (Your might be different)

vgextend vg_radius /dev/sda3

 Volume group "vg_radius" successfully extended


Now, extend the logical volume, again, use vgdisplay to list and identify the logical volumes you have.

lvextend /dev/vg_radius/lv_root  /dev/sda3

 Extending logical volume lv_root to 13.50 GiB
Logical volume lv_root successfully resized


And finally, resize the filesystem in the logical volume

resize2fs /dev/vg_radius/lv_root

 resize2fs 1.41.12 (17-May-2010)
Filesystem at /dev/vg_radius/lv_root is mounted on /; on-line resizing required
old desc_blocks = 1, new_desc_blocks = 1
Performing an on-line resize of /dev/vg_radius/lv_root to 3539968 (4k) blocks.
The filesystem on /dev/vg_radius/lv_root is now 3539968 blocks long.


Now check the new DISK SIZE in Action !!! ; ) ALHAMDOLILLAH

df -h

 Filesystem                     Size  Used Avail Use% Mounted on
/dev/mapper/vg_radius-lv_root   14G  897M   12G   7% /
tmpfs                          504M     0  504M   0% /dev/shm
/dev/sda1                      485M   31M  430M   7% /boot






Syed Jahanzaib

March 9, 2015

Mikrotik: WAN Data Monitoring via Scripting

Filed under: Mikrotik Related — Tags: , , , , — Syed Jahanzaib / Pinochio~:) @ 12:08 PM

As requested by few , specially from PK who are using PTCL DSL links and on few packages, PTCL have embossed Quota limit of 300GB (or likewise) and if the user exceed this limit, some penalty or extra charges are added in the monthly bill which is in some cases creates extra financial burden for DCN. Following are few scripts which can help you in this particular case that if the link crosses specific percentage of Quota limit, the link can be disabled, or second link (if available) can be activated or whatever operator chooses can be done by modifying the script action.

[The script idea was taken from the Mikrotik forum but those scripts didn’t performed well, therefore I modified and re-created few sections in some parts ]

Hope it will help you. Leave your comments …

Syed Jahanzaib



Two DSL Links , Primary DSL (ether1) have 4mb link with 50 GB data limit, where as secondary (or backup) link (ether2) have 2mbps with no data limit. Our requirement is to use Primary DSL Link which have higher bandwidth capacity and if the 50GB quota is reached to 90%, it should give warning (or email or disable Primary Link interface which have distance value of 1 and ENABLE Secondary Link which have distance value of 2 to auto take over)

Primary DSL = ether1
Secondary DSL = ether2


Scripts Description: [Tested with Mikrotik 6.27 Only]

In this example I have created 3 Scripts.

Benefit of using scripting method is that it can save values in a text file, so even if a route reboots, the script can retrieve last recorded data form the text file , that’s the biggest advantage for DCN ;) YKWIM

1- monitor_data

This script will get gather data from the interface stats and add it to text file which will be later read by second script which does the required action based on the counters in this file

2- check_useage

This script will read values from the text file created by above script, (monitor_data) and act accordingly to either ignore if the data usage is below specific value, and to perform what action if the data usage is above specific value.

3- check_date

This script will check in which the data value should be set to ZERO, usually start of month. So that counters can be reset.



1- MONITOR_DATA    [To get interface usage data]

Set this script in scheduler to run every hour. (collecting data every hour is reasonable IMHO]

# MONITOR_DATA Script (to get interface usage in file)
# First Part of WAN Data Quota Monitoring System
# Syed Jahanzaib /

# Set WAN interface you want to monitor
:local INT ether1

# Gather Interface RX bytes
:local counter [/interface get $INT rx-byte]

# Set Counter DATA value gathered by Interface RX bytes and add  TX bytes to get combined value
:set $counter ($counter + [/interface get $INT tx-byte])

:local traffic

# If previous data file not found, then create new one
:if ([:len [/file find where name=wandatauseage.txt]] < 1 ) do={
/file print file=wandatauseage.txt where name=wandatauseage.txt;
# Add some delay, for slow or high load routers
/delay delay-time=2;

# Adding Traffic Value in the file

/file set wandatauseage.txt contents="0";
:local before value=[/file get wandatauseage.txt contents]

:if ($counter > $before) do={
/file set wandatauseage.txt contents=$counter
} else= {
:set $traffic ($counter+$before)
/file set wandatauseage.txt contents=$traffic


2- check_usage    [To read data usage from file, and act accordingly]

Set this script in scheduler to run every hour or two.

# CHECK_USAGE > CHECK DATA USAGE Script (to read from file and act accordingly)
# Second Part of WAN Data Quota Monitoring System
# Syed Jahanzaib /
local traffic ([/file get wandatauseage.txt contents] / 1024 / 1024 / 1024)

# Set the WAN Interface Quota limit in GB
:local limit 50
:local percent ($traffic*100 / $limit)

# Set the percentage as required
:if ($percent >= 90) do={
:log warning "WAN INTERFACE Quota Exceeded 90% of $limit GB / zaib"

# OR Take specific action, either disable interface, change route, email , punch the fun-bags ; ) YKWIM ; ) etc etc
# Example Email like , but first make sure you have configured your email client properly
# /tool e-mail send to=YOUR_EMAIL_ADDRESS subject="WAN Traffic Quota warning: $percent% reached at $[/system clock get date], $[/system clock get time]" body="The traffic amount is $traffic GB \r\nThis is $percent% of the monthly limit\r\nQuota Monitor by Z"


Example if the quota reaches to its limit.



Example of EMAIL if the quota reaches to its limit.




3- check-date    [To reset counters in text file, if its 1st of the month]

Set this script in scheduler to run every daily in night at 1:00am, and if it found date to 1st of the month, it will reset the data counter file to zero.

# CHECK_DATE > CHECK DATE and RESET Counters on specific date ...
# Third Part of WAN Data Quota Monitoring System
# Syed Jahanzaib /

if  ([:pick [/system clock get date] ([:find [/system clock get date] "/" ] + 1) 6 ] = "01") do={/file set wandatauseage.txt contents="0"}






February 24, 2015

Table ‘conntrack.tabidx’ doesn’t exist

Filed under: Linux Related — Tags: , — Syed Jahanzaib / Pinochio~:) @ 11:32 AM


Short reference:

While accessing RM users section , received “Table ‘conntrack.tabidx‘ doesn’t exist” error.
As showed in the image below …



This is how I fixed it.

On your RM box, create a file in which we will add table information.

touch conntrack.sql
nano conntrack.sql

Paste the following table

-- phpMyAdmin SQL Dump
-- version 2.11.0
-- Host: localhost
-- Generation Time: Sep 03, 2008 at 11:57 AM
-- Server version: 5.0.18
-- PHP Version: 5.1.2


-- Database: `conntrack`

-- --------------------------------------------------------

-- Table structure for table `tabidx`

`date` date NOT NULL,
PRIMARY KEY  (`date`)



SAVE and exit.

Now use the following command to import table into mysql database ‘conntrack

mysql -h localhost -u root -pYOURPASS radius < conntrack.sql




The table code have been extracted from radius manager installation archive.  Example:

You can import any missing table from above file and import it in mysql.




Automated installation Script For DMASOFTLAB RADIUS MANAGER v4.1 in CENTOS

Filed under: Linux Related — Tags: — Syed Jahanzaib / Pinochio~:) @ 10:49 AM

[As demanded by few Humans ;) ]

Following is an customized script to install DMASOFTLAB Radius Manager ver 4.1 in CENTOS 6.x / 32bit

The aim of writing this script was to save some time and efforts every time I put in new RM installation. Since DMA don’t have any official support forum (except for there email support which is valid for paid customers only) , so I thought it might be helpful for others too  by sharing this info :)

I know very well that It is not a perfect script, it can be very well shorten as per the requirement, but still it does it’s job very nicely with out any user intervention :)

Suggestions are most welcome at  . . .
aacable @ hotmail . com


1- Fresh Installation of CENTOS 6.x 32bit  (script is well tested with 6.6 edition 32bit edition only)

2- good Internet access, off course ; )

3- Valid License files provided by DMASOFTLAB , valid with your physical (or virtual) interface MAC address [You can upload your license files in /temp folder as this script will try to copy the 2 licenses files required [lic.txt and mod.txt] from temp folder to appropriate place.


What components does this script add to the system ?

This script will install following in your system. (as per order nos.)

> Disable iptables service , ipv6 and selinux in centos

> Download Radius Manager from remote location (preferably Google Drive, adjustable in the script)

> Install necessary components like mysql , apache2, php5 etc

> Download and install dmasoftlab required components like libltd* , IONCUBE and add its entries in Apache’s php config file

> Download and compile freeradius-server-2.2.0-dma-patch-2 package

> Add Radius & Conntrack DB in mysql suing CLI (I have configured default password for mysql which is ‘zaib1234′ , you can change it later)

> Extract Radius Manager Installation file & install it accordingly.

> Restart Services like apache2, mysql, radius



Before accessing RM ACP , make sure you upload valid LICENSE files in /var/www/html/radiusmanager folder

2- This script will set mysql password to “zaib1234″ , you can change it later.

How-to Execute The Script  !!

There are several ways to do it, one is explained below . . .

Create a new script

touch /
chmod +x /
vi /

Now copy paste the following code.


echo "$COL_GREEN Radius Manager installer script for CENTOS 6.x 32bit"
echo "Copyright 2004-2013, DMA Softlab LLC"
echo "All right reserved.. $COL_RESET"
echo "$COL_GREEN Script modified by Syed Jahanzaib for CENTOS"

# Colors Config  . . . [[ JZ . . . ]]

# Variables & Paths [jz]

# MySQL ROOT Password , Change this variable according to your own setup if required. . . [[ JZ . . . ]]

# RM Installation Package Download URL , Change this variable according to your own setup , if required. . . [[ JZ . . . ]]
#Google Drive link is more reliable

# Temporary Folder where all software will be downloaded . . . [[ JZ . . . ]]

# Packages which will be installed as pre requisite and to make your life easier
PKG="nano wget curl net-tools lsof mc make gcc libtool-ltdl curl httpd mysql-server mysql-devel net-snmp net-snmp-utils php php-mysql php-gd php-snmp php-process"

# Turn off iptables and disabled
echo -e "$COL_GREEN Disabling iptables service, $COL_RESET"
service iptables stop
chkconfig iptables off

echo -e "$COL_GREEN Disabling IPv6 to avoid slow link issue $COL_RESET"
echo "net.ipv6.conf.all.disable_ipv6 = 1" >> /etc/sysctl.conf
echo "net.ipv6.conf.default.disable_ipv6 = 1" >> /etc/sysctl.conf
echo "net.ipv6.conf.lo.disable_ipv6 = 1" >> /etc/sysctl.conf

# Turn off SELINUX andd disable it on boot
echo -e "$COL_GREEN Disabling SELINUX & setting it disabled on boot ... $COL_RESET"
echo 0 > /selinux/enforce
sed -i "s/=enforcing/=disabled/g" /etc/selinux/config

# Installing WGET which is not in default installation of CENTOS 6.5 Minimal [jz]
sleep 3
echo -e "$COL_GREEN Installing WGET to fetch required tools later ... $COL_RESET"
yum install -y wget

# Checking if /temp folder is previously present or not . . .
if [ ! -d "/temp" ]; then
echo -e "$COL_RED /temp folder not found, Creating it so all downloads will be placed here  . . . $COL_RESET"
mkdir /$temp
echo -e "$COL_GREEN /temp folder is already present , so no need to create it, Proceeding further . . . $COL_RESET"

# Clearing Old downloads in /temp to avoid DUPLICATIONS . . .
echo -e "$COL_RED Clearing Old downloads in /temp to avoid DUPLICATIONS . . . $COL_RESET"

rm -fr /$temp/radiusmanager*.*
rm -fr /$temp/freeradius*.*
rm -fr /$temp/libltd*.*
rm -fr /$temp/ioncube*.*
rm -fr /$temp/php-my*
rm -fr /$temp/libmy*
rm -fr /$temp/rm4.txt

# Checking IF $rmurl is accessible m if YES then continue further , otherwise EXIT the script with ERROR ! [[ JZ .. . .]]
echo -e "$COL_GREEN Checking if zaib Google Drive or other URL to download requires  packages is accessible in order to proceed further. . .!! $COL_RESET"
sleep 3
cd /$temp
wget -q $rmurl/rm4.txt
if [ ! -f /$temp/rm4.txt ]; then
echo -e "$COL_RED ERROR: Unable to contact $rmurl, or possibly internet is not working or your IP is in black list at destination server  !! $COL_RESET"
echo -e "$COL_RED ERROR: Please check manual if $rmurl is accessible or not or if it have required files, JZ  !! $COL_RESET"
exit 0


echo -e "$COL_GREEN $url accessible $COL_RESET ......OK......"
echo -e "$COL_GREEN Downloading RADIUS MANAGER 4.1.0 package from INTERNET  .  (Press CTRL+C to stop any time) $COL_RESET"
wget $rmurl/radiusmanager-4.1.0.tgz
# Checking if RM installation file have been downloaded. if YES continue further , otherwise EXIT the script with ERRO ! [[ JZ .. . .]]
if [ ! -f /$temp/radiusmanager-4.1.0.tgz ]; then
echo .
echo -e "$COL_RED ERROR: RM Installation File could not be download or found in /$temp ! $COL_RESET"
exit 0

echo -e "$COL_GREEN Installing some tools and other rpe requisite for the application ... ! $COL_RESET"
yum install -y $PKG
echo -e "$COL_GREEN YUM install/update Done.! $COL_RESET"

echo -e "$COL_GREEN Installing LIBMYCRYPT and PHPMCRYPT ... ! $COL_RESET"
wget $rmurl/libmcrypt-2.5.8-9.el6.i686.rpm
wget $rmurl/php-mcrypt-5.3.2-3.el6.i686.rpm
rpm -i libmcrypt-2.5.8-9.el6.i686.rpm
rpm -i php-mcrypt-5.3.2-3.el6.i686.rpm
sleep 3

# IONCUBE Installation:
# Now Download ioncube library and add it to php  . . . [[ JZ . . . ]]
echo .
echo -e "$COL_GREEN Installing IONCUBE  .  (Press CTRL+C to stop any time) $COL_RESET"
wget $rmurl/ioncube_loaders_lin_x86.tar.gz

# Checking if IONCUBE installation file have been downloaded. if YEs continue further , otherwise EXIT the script with ERROR ! [[ JZ .. . .]]
if [ ! -f /$temp/ioncube_loaders_lin_x86.tar.gz ]; then
echo .
exit 0

tar zxvf ioncube_loaders_lin_x86.tar.gz
mkdir /usr/local/ioncube
cp -fr /$temp/ioncube/* /usr/local/ioncube/

# Now Add the appropriate ionCube loader to your php.ini . . . [JZ]
echo .
echo -e "$COL_GREEN Adding iONCUBE extension in PHP config file  .  (Press CTRL+C to stop any time) $COL_RESET"
echo "zend_extension=/usr/local/ioncube/" >> /etc/php.ini
echo .
echo -e "$COL_GREEN Downloading FREERADiUS 2.2.20-dma-patch-2 package  .  (Press CTRL+C to stop any time) $COL_RESET"
wget $rmurl/freeradius-server-2.2.0-dma-patch-2.tar.gz

# Checking if FREERADIUS is downloaded, just to make sure internet is working ,IF NOT, EXIT the script with ERROR ! [[ JZ .. . .]]
if [ ! -f /$temp/freeradius-server-2.2.0-dma-patch-2.tar.gz ]; then
echo .
echo -e "$COL_RED ERROR: COULD NOT DOWNLOAD FREERADIUS 2.2.20-dma-patch-2, possible INTERNET is not Working !!! EXITING . . .  $COL_RESET"
exit 0

echo .
echo -e "$COL_GREEN Starting to Compile FREERADIUS  ...  (Press CTRL+C to stop any time) $COL_RESET"
sleep 3

cd /$temp
tar zxvf freeradius-server-2.2.0-dma-patch-2.tar.gz
cd /$temp/freeradius-server-2.2.0/

### Now proceed with the compilation of FREERAIDUS , applicable for all
make install
echo -e "$COL_GREEN Starting FREERADIUS by radiusd -xx coommand & start radius service.  (Press CTRL+C to stop any time) $COL_RESET"
radiusd -xx
service radiusd start
sleep 3

# ================================================================
# Creating MySQL databases with MySQL command line tool . . . [JZ]
# ================================================================
# ** FROM CLI ** . . . [JZ]
echo -e "$COL_GREEN Starting MYSQLD servuce to create Radius Manager Database.  (Press CTRL+C to stop any time) $COL_RESET"
echo -e "$COL_GREEN MYSQL password is set to   'zaib1234'  $COL_RESET"
service mysqld start
mysqladmin -u root password 'zaib1234'
echo .
echo -e "$COL_GREEN adding RADIUS user & DB in MYSQL  .  (Press CTRL+C to stop any time) $COL_RESET"
mysql -u root -p$sqlpass -e "create database radius";
mysql -u root -p$sqlpass -e "create database conntrack";
mysql -u root -p$sqlpass -e "CREATE USER '$myusr_rad'@'$radhost' IDENTIFIED BY '$mypsw_radius';"
mysql -u root -p$sqlpass -e "CREATE USER '$myusr_cts'@'$radhost' IDENTIFIED BY '$mypsw_cts';"
mysql -u root -p$sqlpass -e "GRANT ALL ON radius.* TO radius@$radhost;"
mysql -u root -p$sqlpass -e "GRANT ALL ON conntrack.* TO conntrack@$radhost;"

# UNTAR Copy WEB content

echo "$COL_GREEN Copying Radius Manager WEB content to $wwwpath/radiusmanager $COL_RESET"
cd /$temp
tar zxvf radiusmanager-4.1.0.tgz
mkdir $wwwpath/radiusmanager
cp -fr /$temp/radiusmanager-4.1.0/www/radiusmanager $wwwpath
sleep 3

# rename .dist files

mv $wwwpath/radiusmanager/config/paypal_cfg.php.dist $wwwpath/radiusmanager/config/paypal_cfg.php
mv $wwwpath/radiusmanager/config/netcash_cfg.php.dist $wwwpath/radiusmanager/config/netcash_cfg.php
mv $wwwpath/radiusmanager/config/authorizenet_cfg.php.dist $wwwpath/radiusmanager/config/authorizenet_cfg.php
mv $wwwpath/radiusmanager/config/dps_cfg.php.dist $wwwpath/radiusmanager/config/dps_cfg.php
mv $wwwpath/radiusmanager/config/2co_cfg.php.dist $wwwpath/radiusmanager/config/2co_cfg.php
mv $wwwpath/radiusmanager/config/payfast_cfg.php.dist $wwwpath/radiusmanager/config/payfast_cfg.php

# set ownership and permissions

chown $httpusr $wwwpath/radiusmanager/config
chown $httpusr $wwwpath/radiusmanager/config/system_cfg.php
chown $httpusr $wwwpath/radiusmanager/config/paypal_cfg.php
chown $httpusr $wwwpath/radiusmanager/config/netcash_cfg.php
chown $httpusr $wwwpath/radiusmanager/config/authorizenet_cfg.php
chown $httpusr $wwwpath/radiusmanager/config/dps_cfg.php
chown $httpusr $wwwpath/radiusmanager/config/2co_cfg.php
chown $httpusr $wwwpath/radiusmanager/config/payfast_cfg.php
mkdir -p $wwwpath/radiusmanager/tmpimages
chown $httpusr $wwwpath/radiusmanager/tmpimages
chown $httpusr $wwwpath/radiusmanager/tftpboot
chmod 600 $wwwpath/radiusmanager/config/system_cfg.php
chmod 600 $wwwpath/radiusmanager/config/paypal_cfg.php
chmod 600 $wwwpath/radiusmanager/config/netcash_cfg.php
chmod 600 $wwwpath/radiusmanager/config/authorizenet_cfg.php
chmod 600 $wwwpath/radiusmanager/config/dps_cfg.php
chmod 600 $wwwpath/radiusmanager/config/2co_cfg.php
chmod 600 $wwwpath/radiusmanager/config/payfast_cfg.php
chmod 644 $wwwpath/radiusmanager/config/docsis_keyfile
chmod 644 $wwwpath/radiusmanager/config/docsis_template

# chmod and copy binaries
cd /$temp/radiusmanager-4.1.0/
echo "Copying binaries to /usr/local/bin"
chmod 755 bin/rm*
cp bin/rm* /usr/local/bin

echo "Copying rootexec to /usr/local/sbin"
cp bin/rootexec /usr/local/sbin
chmod 4755 /usr/local/sbin/rootexec

# chmod and copy radiusmanager.cfg

echo "Copying radiusmanager.cfg to /etc"
cp etc/radiusmanager.cfg /etc
chown $radusr /etc/radiusmanager.cfg
chmod 600 /etc/radiusmanager.cfg

# create Tables

echo -e "$COL_GREEN Creating MYSQL Table $COL_RESET"
mysql -h $radhost -u $myusr_rad -p$mypsw_radius radius < sql/radius.sql
mysql -h $radhost -u $myusr_cts -p$mypsw_cts conntrack < sql/conntrack.sql

# create rmpoller service
echo "Enabling rmpoller service at boot time"
cp rc.d/rmpoller /etc/init.d
chown root.root /etc/init.d/rmpoller
chmod 755 /etc/init.d/rmpoller
chkconfig --add rmpoller

# create rmconntrack service
echo "Enabling rmconntrack service at boot time"
cp rc.d/rmconntrack /etc/init.d
chown root.root /etc/init.d/rmconntrack
chmod 755 /etc/init.d/rmconntrack
chkconfig --add rmconntrack

# copy radiusd init script

echo "$COL_GREEN Enabling radiusd service at boot time $COL_RESET"
chmod 755 rc.d/redhat/radiusd
cp rc.d/redhat/radiusd /etc/init.d
chkconfig --add radiusd

# copy logrotate script
echo "Copying logrotate script"
cp etc/logrotate.d/radiusd /etc/logrotate.d/radiusd

# copy cron job script
echo "$COL_GREEN Copying cronjob script $COL_RESET"
cp etc/cron/radiusmanager /etc/cron.d/radiusmanager
chmod 644 /etc/cron.d/radiusmanager

# comment out the old style cron job
sed -i 's/02\ 0\ \*\ \*\ \*\ root\ \/usr\/bin\/php/#2\ 0\ \*\ \*\ \*\ root\ \/usr\/bin\/php/g' /etc/crontab

# set permission on raddb files
echo "$COL_GREEN Setting permission on raddb files $COL_RESET"
chown $httpusr /usr/local/etc/raddb
chown $httpusr /usr/local/etc/raddb/clients.conf
sleep 3

echo -e "$COL_GREEN Re-Starting Apache2, Radius Service & add them in startup... $COL_RESET"
service httpd restart
chkconfig --add mysqld
chkconfig --add httpd
chkconfig --add radiusd
chkconfig mysqld on
chkconfig httpd on
chkconfig radiusd on

cp /temp/lic.txt $wwwpath/radiusmanager
cp /temp/mod.txt $wwwpath/radiusmanager

echo .
echo .
echo .
echo .
echo .
echo -e "$COL_GREEN All Done. Kindly RESTART the system one time to maek sure everything is ok on reboot."
echo -e "Dont forget to upload the correct License files for your valid MAC address in /var/www/html/radiusmanager folder"
echo -e "Please access ADMIN panel via http://yourip/radiusmanager/admin.php $COL_RESET"
echo -e "DMASOFTLAB RM Installation script modified for CENTOS by $COL_RED SYED JAHANZAIB / $COL_RESET"


Save & Exit …



Now execute the script by



After the script ends, do make sure that you don’t see any Error’s  on the installation. Thats why I have added 3 Seconds delay in few section so you can view the results.

Now UPLOAD your valid License into /var/www/radiusmanager OTEHRWISE YOU WILL SEE BLANK PAGE ON ACCESSING RM ADMIN PANEL.


Now try to access RM ACP via browser by



If you get blank page, then use tail command to view Apache error log , example

tail -f /var/log/apache2/error.log


OR more specifically

tail -f /var/log/apache2/error.log |grep lic


If you see any error like showed in the image below . . . (for not valid license), then make sure your license files are valid for right version and with the right mac address interface.





To deploy Radius Manager Patch 5 (4.1.5) , Kindly see the following Link

I will add few snapshots and video as soon as I get some time.




Syed Jahanzaib

February 20, 2015

LEGACY OF CENTOS ! Continued …

Filed under: Linux Related — Tags: , , — Syed Jahanzaib / Pinochio~:) @ 3:14 PM

Some personnel notes /references for CENTOS , as my future R&D will be done mainly in centos dueto its preloaded options for ease of use.


x- CENTOS  6.6  <32 bit>   DOWNLOAD LINK   …



1- Configuring Static IP address in CENTOS [6.x]

If you want to configure static IP address in CENTOS, then edit following file

vi /etc/sysconfig/network-scripts/ifcfg-eth0

Use following as sample

IPADDR=  # IP Address you want to fix
NETMAST=   # Netmask as per network
GATEWAY=   # Your Router/DLS Gateway
DNS1=   # Your ISP DNS or standard Google dns

Note: set following for sure


Save & Exit, and restart the network service or interface to take effect

service network restart


ifdown eth0
ifup eth0

Issue IFCONFIG command to verify the result.

centos7 is a mess :( so better to stick with 6

2- Change/Clone MAC address

To change mac address in CENTOS , edit your required ethernet network config file , Example …

nano /etc/sysconfig/network-scripts/ifcfg-eth0

here you will see HWADDR line with current mac address, dont modify it, just add another line above it, like following

MACADDR=00:11:11:11:11:11          < Add this line with your required mac address
HWADDR=00:22:22:22:22:22       < Your current mac address

An example of full cfg file for eth0


Save & Exit, and restart the network service or interface to take effect

service network restart


ifdown eth0
ifup eth0

Issue IFCONFIG command to verify the result.


use the sed shortcut ;)

sed -i -e ‘1iHere is my new top line\’ filename


3- Disabling default firewall SELINUX

To disable SELINUX temporary for the current session, use following…

echo 0 > /selinux/enforce


To disable builtin firewall permanently in centos, edit following

vi /etc/selinux/config

and change the




Save & Exit & reboot to take effect.

Or use the SED shortcut to replace the string within cli ;) # Zaib

sed -i "s/=enforcing/=disabled/g" /etc/selinux/config

4- Disabling IPTABLES

To disable iptables services

service iptables off
chkconfig iptables off

You can check the status with following

service iptables status

and you can also use following command to clear the current iptables (for the current session only)

iptables -F
iptables -X
iptables -t nat -F
iptables -t nat -X
iptables -t mangle -F
iptables -t mangle -X
iptables -P INPUT ACCEPT


5- Some must-have tools

yum install -y nano wget curl net-tools lsof

6- SERVICES Related

service --status-all

To disable service on startup , use

chkconfig httpd off

To always start any service on boot, use

chkconfig --add httpd on 

7- Excluding slow mirrors

When I was installing some packages in Centos and the YUm was doing it at painfully slow speed, I figured the mirror (indian and bangladeshi mirror sites) were very slow. So I disabled two mirrors domain it was selecting in start which were .in and .bd

use following file

nano /etc/yum/pluginconf.d/fastestmirror.conf

and add the slow mirror (to be excluded) like, .bd,

or use the cli command to add it in the file

echo ", .in, .vn," >> //etc/yum/pluginconf.d/fastestmirror.conf

 8- How to Check CentOS Version / kernel Number

cat /etc/centos-release
uname -a

9- Howto Disable IPV6 in CENTOS  [Tested on 6.x versions]

First edit sysctl.conf file in any editor , e.g:

nano /etc/sysctl.conf

and add following lines in the end

# IPv6
net.ipv6.conf.all.disable_ipv6 = 1
net.ipv6.conf.default.disable_ipv6 = 1
net.ipv6.conf.lo.disable_ipv6 = 1

Use following to add them directly to file using echo command

echo >> /etc/sysctl.conf  net.ipv6.conf.all.disable_ipv6 = 1
echo >> /etc/sysctl.conf net.ipv6.conf.default.disable_ipv6 = 1
echo >> /etc/sysctl.conf net.ipv6.conf.lo.disable_ipv6 = 1

Save and Exit and execute following to activate changes :)

sysctl -p


10- Howto install PHPMYADMIN in centos 6.x

To install PHPMYAMDIN which is a good tool to manage your mysql via GUI in centos, use following…

 cd /tmp
rpm -ivh epel-release-6-8.noarch.rpm

yum search phpmyadmin
yum -y install phpmyadmin

Now You need to edit /etc/httpd/conf.d/phpMyAdmin.conf file, enter:

vi /etc/httpd/conf.d/phpMyAdmin.conf

Replace your ip in

Require ip

Allow from

Change to your management pc ip from where you want to access phpmyadmin

after saving, restart the httpd service.

service httpd restart


Or use the SED shortcut to replace the string within cli ;) # Zaib

sed -i "s/" /etc/selinux/config

[replace with your management pc ip]


To be continued …


February 16, 2015

Expanding Possibilities / Howto add 3rd party packages in Mikrotik KVM/Metarouter!

Filed under: Mikrotik Related — Tags: , , , — Syed Jahanzaib / Pinochio~:) @ 2:22 PM

As asked by few friends, i thoughts its a good idea to share it with all.
Last Update: 5th March, 2015, 08:43 am


1- Whatis Metarouter
2- Howto install Metarouter in Mikrotik Routerboard
3- Howto install APACHE web server in METAROUTER to host your web files.
4- Howto install ASTERISK 1.8 with GUI [Feb 2015]
5- Howto setup NTP to solve DATE Time synch issue [5th March, 2015 8:43am]
6- Howto disable firewall [17th Mrach, 2015 13:00 hrs]

1- What is METAROUTER?

as defined by Greg

Metarouter is a way to have logical routers running on your existing routerboard. In essence, you create a virtual router on your RB, then you assign some interfaces to it. You then can hand this virtual router off to a customer hand allow them to administer it without effecting any of the core functions necessary on the device. .”

Also on METAROUTER you can use openwrt image to host tiny linux and its few apps in it. like APACHE, asterisk etc. web server was in highly demand by local cable operator who wanted to host NON payment/reminder page to be shown at there clients.

Currently MetaRouter can be used on

  • RB4xx, RB7xx series, RB900 series, RB2011.xx boards
  • Listed PPC boards: RB1000, RB1100, RB1100AH and RB800.


Hardware Software Used in this guide:

Routerboard Model = RB2011UiAS-2HnD
Mikrotik ROS version = 6.27

2- Howto install METAROUTER in Mikrotik Routerboard

First download OPENWRT image into mikrotik. Open New Terminal, and issue following command …

/tool fetch url=

Now import the openwrt downloaded in above step,

As showed in the mage below …

2- Import Image

Now we need to add virtual network interface into this machine. We also have to provide valid network configuration with internet access so that it can download required software later. For this demonstration purposes I added manual IP , but you can use virtual bridge and use your mikrotik DHCP serve to allow internet access to the metarouter machine or whatever you prefer to establish network connectivity.

In the below pic, I selected ETHER2 which is LAN interface of mikrotik host.

add interface



Now double click on newly created machine and select CONSOLE and press enter key few times to get command prompt.

6- Open Metarouter CONSOLE zaib


Edit the network configuration file.

vi /etc/config/network

Press “i” to enter edit mode.

and configure the network as per your local need.



7- edit interface settings.

Add DNS server entry for resolving internet hosts …

vi /etc/resolv.conf



After setting network configuration, save and exit. enable/restart the network services so changes can take effect.

/etc/init.d/network enable
/etc/init.d/network restart

Now try to ping any internet site to verify the connectivity. On successful attempt, you should get reply.


8- ping successfull



3- Howto install APACHE web server in METAROUTER to host your files.

Install APACHE web server with OPKG (like yum or apt-get)

Edit the opkg file

vi /etc/opkg.conf

Change a string in first line, as it should be like below one …

src/gz snapshots

Now update opkg (like you do in ubuntu to update apt-get)

opkg update
opkg install apache

its better if you restart your mikrotik routerboard with reboot command so that all changes should take effect properly otherwise you MAY see few errors on accessing apache.

Now start apache service

apachctl start

(or restart as required)

Access via browser

10-apache works

html index files are placed at


4- Howto install ASTERISK 1.8 with GUI

Make metarouter machine with following image,and setup proper networking.

/tool fetch url=

Edit /etc/opkg.conf and use following repository

src/gz snapshots
dest root /
dest ram /tmp
lists_dir ext /var/opkg-lists
option overlay_root /jffs

Save and exit. then update opkg , install asterisk , and start it.

opkg update
opkg install asterisk18 asterisk18-codec-alaw asterisk18-chan-iax2 asterisk-gui
/etc/init.d/asterisk enable
/etc/init.d/asterisk start

Upon successful start you can see following ports (5038 and 8088 started) as showed below …

root@metarouter:~# netstat -l
Active Internet connections (only servers)
Proto Recv-Q Send-Q Local Address           Foreign Address         State
tcp        0      0  *               LISTEN
tcp        0      0    *               LISTEN
tcp        0      0    *               LISTEN
tcp        0      0  *               LISTEN

Now you can access asterisk GUI via


Default ID Password is

Id = admin
Password = ast-owrt

You can change the password and other stuff in /etc/asterisk/manager.conf

Note: in RB750 , client faced issue that after rebooting / power on off the host router, web page of asterisk doesnt work and time out. on RB2011 there was no such issue with same image.

5- Howto setup NTP to solve DATE Time synch issue

Mikrotik itself and most hardware devices supported by OpenWrt do not have a hardware clock.Therefore use NTP package to solve the date time synch issue,

opkg update
opkg install ntpd
/etc/init.d/sysntpd disable
/etc/init.d/ntpd enable
/etc/init.d/ntpd start

# To view if NTP is started properly or not
netstat -l | grep ntp

Note: It will take some after reboot to synch time with the internet, make sure internet is operational in metarouter.

 6- Howto disable firewall [17th Mrach, 2015 13:00 hrs]

/etc/init.d/firewall stop
/etc/init.d/firewall disable


To be continued ….

Syed Jahanzaib

January 13, 2015

SYGIC GPS Navigation System [With Offline Support]

Filed under: General IT Related — Tags: , , , , , , — Syed Jahanzaib / Pinochio~:) @ 12:10 PM

sygic-gps-navigation sygic2

Last  Updated:  4th February, 2015

1- Sygic Introduction
2- Download Link
3- Installation Instruction
4- Latest Release (14.7.7) Overview with screenshots [Latest Release as of late January, 2015]
5- 14.3.4 Overview with screenshots [Stable Release of 2014, *** RECOMMENDED *** ]
6- Pakistan MAP Last Updates
7- Backup Sygic Favorites/POI/Routes etc.



1- Sygic Introduction

I do have to admit that I have a very poor sense of direction and never quite trust myself that I know the best route. I use Google Maps to plan my route before leaving my place, even for around my home town. Google Maps/Navigation is fantastic. It’s easy to use, stays (mostly) up-to-date, and is built into Android’s core. However, it has one major flaw: Offline navigation simply doesn’t exist within Google Maps. Specially If you’re heading into uncharted territory where cell service may be sketchy or non-existent, you’re basically on your own. And getting lost is not a fun experience. (It happened with me frequently in the past. One horrible experience I still remember of getting lost at Karachi board office area, and in north Nazimabad, I spent more then 1 hour just to get on main road :P lol )

The solution? A third-party GPS application with offline support, like Sygic’s Maps & GPS Navigation. Sygic works by downloading and storing maps on your smartphone for offline use — so you can have a fully functioning GPS with no internet connection.  Be aware, Note that like any other CPU/resource hungry application or other navigation app m this one does use a heavy amount of battery. Make sure if you are using Sygic for android in car for longer time, you must have car mobile charger with you. I used SAMSUNG Galaxy S3 mobile charger (which coasted 400 Pak Rupees / original but slightly used)



2- Download Link

Download URL: [Pre_Activated]  http://xxxxxxxxxxxxxxxxxxxxxxx [Google Drive Link, ]

3- Installation Instructions

To install Sygic 14.x.x for android, follow instructions as below …

1- Unzip the sygic zip file, it will be extracted to a folder name SYGIC.
2- Now upload this SYGIC folder and sygic_xxxxx.apk file to root of your android (like in main root or in SD Card)
3- Open any File Explorer on your android set, browse to main root folder (or sd card where you uploaded the .apk file and sygic folder)  and execute sygic_xxxxx.apk and follow the on screen instructions and it will install sygic application.
4- By default it will not have map for Pakistan, Make sure you have some good internet connection (wifi)
Open Sygic application, and goto Settings, Manage Map , and download PAKISTAN (or your desired) map from MIDDLE EAST section. Download size would be around 80+ MB.


Example of Folder Structure:


I have included its manual in PDF format as well for some learning purposes.

Note: In my personnel experience, Sygic 14.3.4 is still very much stable release with easier search options and works better then all new releases, I suggest to stick with the 14.3.4 version until some really stable release.

4- 14.7.7 Overview with screenshots

Sygic 14.7.7

Sygic GPS Navigation released 14.7.7 version which have fixed occasional crashing and few minor bugs. using it my Samsung Galaxy S3 working good. For more information on Sygic, visit there web site at







CHANGE Log’s for 14.7.x versions …

Changelog: 14.7.7 r121036
– BT fix
– HTC android 5 fixr us now

Changelog: 14.7.5 r121030
– Fix for search
– Fix for signposts [for android 4.0]
– Some little fixes

Changelog: 14.7.4 r121032
Main change is support for Octa-core devices

Changelog: 14.7.3 -r121023
coming soon

Changelog: 14.7.2 -r121024
just two minor fixes

Changelog: 14.7.1 r121014
Triplog – show on map
New icon [launcher]
Navigate to photo from gallery
Fixed roundabout icon in left side driving countries
crash fixes

Changelog: 14.7.0 r120989
many fixes for crashes that we see in Google developer console and Crashlytics
New maps 2014.06
Poi subcategories are orders alphabetically
New widget manager with new widgets: Navigate to photo + SOS widget + Travel book [travel book – show on map will come little later]
Fixed auto close
optimization of dropbox
Search is enabled while navigating
Fix for internet connection after „log-out“
Route summary – avoiding instruction via overflow icon
Fixed crash after clicking home more times
BlackBox settings
reworked roundabout icon

5- 14.3.4 Overview with screenshots with Sidebar / Dashboard Options

[This is good and stable version in my personnel view]










Searching with GPS coordinates is now possible. (applicable with 14.x versions i guess)




Rudolf Wuscher (Sygic Support)
Jan 15 09:30
Hello Syed, Thank you for contacting Sygic.

The current map version for Pakistan is 2011.02. At the moment, we don’t have an update planned, although we will release an update as soon as we strike a deal from one of our map data providers.

Best regards,

Sygic Customer Support




Rudolf Wuscher (Sygic Support)

Feb 26, 15:17

Hello Syed,

Thank you for contacting Sygic.
Please accept our most sincere apologies for the late reply. Our support is currently tasked to capacity.

We are sorry, we currently don’t have a more actual map available for Pakistan, nor do we have any information available on an update. Unfortunately, we don’t have a release date for the new version of maps for Pakistan, we would therefore like to ask you for your patience.

If you have any other question, or need any further assistance, just reply to this message to open the ticket again.

Best regards,

Sygic Customer Support


Its true that SYGIC maps are a bit old (for Pakistan), but still they provide best navigation for general traveling. To overcome this issue, I usually use GOOGLE Map and plan the route according to my requirement, then I save its link and convert it with ITF converter tool. then I import it in SYGIC MAPS , and it works good.

If some is interested to know how to convert Google map route to android Sygic, let me know and I will post an guide for it. or read this link.

Import Route works fine with ver 14.3.x or older , but Not working with 14.7.x

 7- Backup Sygic Favorites / POI / Routes etc

If you need to remove sygic and re install again, then its a good idea to backup your custom POI / Routes and favories, because creating them again and again can be a real headache :s so here are the folders you should backup , and then can restore them in same location to get back the data :)

Howto Backup SYGIC Favorites / Routes / Custom POI / ICONS  =

– Favorites are stored in folder /Sygic/Res/db as items.dat

– Routes are saved in /Sygic/Res/Itinerary (one .itf file is one route).

– Custom POIs are stored in /Sygic/Maps/Rupi/<countries>. Points of Interest are stored for each country separately.
You need to make a backup of all these folders, otherwise they will be lost.

– Custom icons for Points of Interest are stored of in /Sygic/res/icons/rupi.

– Please make a backup of these folders. After a complete re-installation of the navigation, you need to copy them back to the same place.


Syed Jahanzaib

January 9, 2015

Mikrotik script to change PUBLIC ip from available pool

Filed under: Mikrotik Related — Tags: , — Syed Jahanzaib / Pinochio~:) @ 4:08 PM

This script is not for general public usage. sharing it just for a reference purpose.

The following script was made to help a usea in a very specific condition.It was a setup specific issue and a quick dirty temporary solution was made to deploy this script to solve the problem for a short period of time only. Its not very neat and clean and probably it could be done with more sophisticated code with fewer line. but no time :)


You have 8 public ip pool and only one ip is used at mikrotik wan. now problem is that your ISP blocks your Public ip for few minutes dueto some grey traffic passing and you cannot block the grey traffic for some reasons. This script will help in this situation that if your IP gets blocked by the ISP, it will immediately (or by scheduled) changes the ip to next available ip address. and then it will also email you the result or alert.

Scenario was discussed here.




# 9th Jan, 2015
# Script Starts here ... Tested with Mikrotik 6.xx ...
# Internet Host to be checked You can modify them as per required, JZ
# Setting various variables to be used later in this script

# Host to be monitor, like google dns and opends servers
:local host1   ""
:local host2   ""
:global InternetStatus;
:global InternetLastChange;
:global gmailsmtp
:set gmailsmtp [:resolve ""];

# Set your Gmail ID and Password
:global sendermail
:global gmailpass YOUR_GMAIL_PASSWORD

# Do not modify data below without proper understanding.
:local i 0;
:local F 0;
:local date;
:local time;

# PING each host 2 times
:for i from=1 to=2 do={
if ([/ping $host1 count=1]=0) do={:set F ($F + 1)}
if ([/ping $host2 count=1]=0) do={:set F ($F + 1)}

# If both links are down and all replies are timeout, then link is considered down
:if (($F=4)) do={

:log error "ISP LINK SEEMS TO BE DOWN, Changing IP Address /jz"

:set InternetStatus "DOWN";
:set date [/system clock get date];
:set time [/system clock get time];
:set InternetLastChange ($time . " " . $date);
/ip address

:if ([get [find comment="ether1_wan_ip_1"] disabled] = false) do={
disable [find comment="ether1_wan_ip_1"]
enable [find comment="ether1_wan_ip_2"]

} else={
:if ([get [find comment="ether1_wan_ip_2"] disabled] = false) do={
disable [find comment="ether1_wan_ip_2"]
enable [find comment="ether1_wan_ip_3"]

} else={
:if ([get [find comment="ether1_wan_ip_3"] disabled] = false) do={
disable [find comment="ether1_wan_ip_3"]
enable [find comment="ether1_wan_ip_4"]

} else={
:if ([get [find comment="ether1_wan_ip_4"] disabled] = false) do={
disable [find comment="ether1_wan_ip_4"]
enable [find comment="ether1_wan_ip_5"]

} else={
:if ([get [find comment="ether1_wan_ip_5"] disabled] = false) do={
disable [find comment="ether1_wan_ip_5"]
enable [find comment="ether1_wan_ip_6"]

} else={
:if ([get [find comment="ether1_wan_ip_6"] disabled] = false) do={
disable [find comment="ether1_wan_ip_6"]
enable [find comment="ether1_wan_ip_7"]

} else={
:if ([get [find comment="ether1_wan_ip_7"] disabled] = false) do={
disable [find comment="ether1_wan_ip_7"]
enable [find comment="ether1_wan_ip_8"]

} else={
:if ([get [find comment="ether1_wan_ip_8"] disabled] = false) do={
disable [find comment="ether1_wan_ip_8"]
enable [find comment="ether1_wan_ip_1"]

} else={

##      If reply is received , then consider the Link is UP
:if (($InternetStatus="DOWN")) do={
:log warning "WARNING :The INTERNET link have been restored";
:set date [/system clock get date];
:set time [/system clock get time];
:set InternetLastChange ($time . " " . $date);
:set InternetStatus "UP";
:global wanip

# Fetch your PUBLIC ip address from dnsomatic so that its info can be used at required session for info purposes ...
/tool fetch url="" mode=http dst-path=mypublicip.txt
local ip [file get mypublicip.txt contents ]
:set wanip "$ip";
:log warning "Internet Monitor by ZAIB Report: Internet seems to be UP with ISP_NAME ip   $wanip"

/tool e-mail send to="" password=$gmailpass subject="ISP_NAME Link or IP was DOWN. Now new WAN IP address is $wanip" from=$sendermail server=$gmailsmtp start-tls=yes body="ISP_NAME Link or IP was DOWN. Now new WAN IP address is $wanip *******  Regard's > >>>>> Syed Jahanzaib ****** "


Syed Jahanzaib


December 31, 2014

Blocking HOTSPOT SHIELD in Mikrotik

Filed under: Mikrotik Related — Tags: , — Syed Jahanzaib / Pinochio~:) @ 4:51 PM


Last Updated: 6th JANUARY,  2015 / 16:10pm

Assalam Va Alaekum, I was receiving many complains from few network operators of being annoyed by an proxy application name HOTSPOT SHIELD which you can use to create tunnel between you and the ‘unknown’ location and then you can bypass all filtering of your local network and can do all the ‘dirty work’ which is normally blocked in general networks. Also usage of such tools results in blacklisting your or your Internet service provider public IP. It is a very common application here in Pakistan to open the Youtube or VOIP  (which are banned here officially). So I have done some lab testing for Mikrotik and found following IP Block lists and few ports which are used by HOTSPOT SHIELD. [but still you need to monitor via TORCH tool that what IP addresses pool HS is using and keep adding them in the list]

/ip firewall address-list
add address= disabled=no list=hotspotshield_zaib
add address= disabled=no list=hotspotshield_zaib
add address= disabled=no list=hotspotshield_zaib
add address= disabled=no list=hotspotshield_zaib
add address= disabled=no list=hotspotshield_zaib
add address= disabled=no list=hotspotshield_zaib
add address= disabled=no list=hotspotshield_zaib
add address= disabled=no list=hotspotshield_zaib
add address= disabled=no list=hotspotshield_zaib
add address= disabled=no list=hotspotshield_zaib
add address= disabled=no list=hotspotshield_zaib
add address= disabled=no list=hotspotshield_zaib
add address= disabled=no list=hotspotshield_zaib
add address= disabled=no list=hotspotshield_zaib
add address= disabled=no list=hotspotshield_zaib
add address= disabled=no list=hotspotshield_zaib
add address= disabled=no list=hotspotshield_zaib
add address= disabled=no list=hotspotshield_zaib
add address= disabled=no list=hotspotshield_zaib
add address= disabled=no list=hotspotshield_zaib
add address= disabled=no list=hotspotshield_zaib
add address= disabled=no list=hotspotshield_zaib
add address= disabled=no list=hotspotshield_zaib
add address= disabled=no list=hotspotshield_zaib
add address= disabled=no list=hotspotshield_zaib
add address= disabled=no list=hotspotshield_zaib
add address= disabled=no list=hotspotshield_zaib
add address= disabled=no list=hotspotshield_zaib
add address= disabled=no list=hotspotshield_zaib

# Now create Rules to block above address list and additional ports
/ip firewall filter
add action=drop chain=forward comment="Block_Hotspot_Shield_Addresses_(test phase_zaib)" disabled=no src-address-list=hotspotshield_zaib
add action=drop chain=forward comment="Block_Hotspot_Shield_Ports_(test phase_zaib)" disabled=no dst-port=990,179,105,706,5245,3451,15009 protocol=tcp

After applying rules, Hotspot Shield stopped connecting. hserror   . hss-error2

Note: It was observed that it is almost impossible to block it 100% but with above method, I got 99% success. Its impossible to block all the proxy tools/apps as there are thousands of them. but with some smart configuration you can only minimize the chances of there utilization. Make sure you use OPENDNS and if you have static public IP address, then create account and block all the proxy / anonymizer category. Make sure to forcefully redirects all the DNS traffic to your own dns server which should be using opendns or some filtering mechanism to block or POISON the BAD sites.   Also it was noted that I ahve used some large IP blocks like /8 or /16 (rather the just /24) because hotspot shield have thousands of IP addresses/blocks which it uses. So it is quite possible that some valid content also gets DROPPED/BLOCKED which falls in same subnet. More Tests would be required then by using any capturing tool or mikrotik own tool called TORCH. Example of torch in MT. client

Its still under testing and will post some confirmed reports after few days. It is requested that you if have List of IP addresses which are used by HSS or other proxy, post details in comments or email me.

I will update more as I get time… got to run home, Home Ministry calling ;) You know what I mean :D Regard’s Syed Jahanzaib

Older Posts »

The Silver is the New Black Theme. Create a free website or blog at


Get every new post delivered to your Inbox.

Join 2,670 other followers