Syed Jahanzaib Personal Blog to Share Knowledge !

November 22, 2012

Howto enable mikrotik to Send/Receive SMS using GSM Modem

Filed under: Mikrotik Related — Tags: , , — Syed Jahanzaib / Pinochio~:) @ 1:25 PM

More reference can be found here.

https://aacable.wordpress.com/2015/10/08/for-reference-quick-script-for-mikrotik-daily-info-via-sms-or-email/

Following is a small guide on how you can enable your mikrotik box/routerboard to send /receive SMS using GSM modem or any supported mobile set. This guide will also demonstrate that how you can enable mikrotik to receive SMS via GSM modem and execute script based on the command received in the SMS 🙂

Its very useful in many situation , for example you can configure multiple script to do various task, Few examples are that you can

  • Mikrotik Health Status,
  • create/disable users ,
  • change queues ,
  • reset router admin/user password ,
  • ask router about internet connectivity,
  • alert you if any link goes down,
  • restart router

& so much other fun things you can imagine,  another example to restart router remotely by sending SMS message to mikrotik and then it can execute the specified script, it will reboot right away. I have used this SMS function for number of tasks and it performed very well.

Hardware used for this guide

1) Mikrotik 5.20 x86 version installed on PC
2) Teltonika GSM Modem Device. (Picture attached below, you can also use any supported mobile set to do the task)

Teltonika ModemUSB/E12 UM1400

Teltonika  ModemUSB/E12 UM1400

After plugin the device into mikrotik box, reboot the mikrotik once so it can initialize the modem device.

Open Terminal and issue the following command to make view the usb port detail.

/port print

and you will see its result something like below image . . .

If you can see usb listed, it means your device have been detected.

  • Now goto TOOLS > SMS
  • Click on  ‘Receive Enabled‘ (Only if you want to enable receiving for various functions)
  • in Port, select Select USB3 (or whatever your USB port name is appearing)
  • Set the Channel to 1 [as showed in the image above]
  • In Secret type any password e.g 12345 [Secret is like your password, it is used if you want mikrotik to execute any script/command when it received appropriate sms]
  • Click APPLY

As showed in the image below . . .


Test SMS sending using Mikrotik

Now its time to send test SMS to any number using mikrotik.

  • Click on Send SMS
  • In Port, select USB3 (or whatever name of your USB is detected)
  • in Phone number, type your destination mobile number
  • in Message, type your desired message,
  • and click on SEND SMS

As showed in the image below . . .

 


Howto execute script upon receiving SMS

If you have selected ‘Receive Enabled‘, then you can receive Messages on Mikrotik in INBOX section of SMS. It can also execute any script of your choice.

For example you want to reboot your router by sending sms, use the following method.

First create appropriate script that can restart router.

/system script add name=reboot policy=ftp,reboot,read,write,policy,test,winbox,password,sniff,sensitive,api source="/system reboot"

Now from your own mobile , send the following sms to mikrotik connected GSM Device number.

:cmd 12345 script reboot

Explanation of above command.

  • :cmd = tell mikrotik that its the command it need to execute
  • 12345 = is the secret/password that we set in the SMS setting
  • script = it tells mikrotik that it have to execute script function
  • reboot = the script name we want mikrotik to run, which we created in above step.

You can do so much interesting stuff using this feature. I did used this option in the past to control my whole company network including Mikrotik/Linux/Microsoft Domain environment. It was used to power OFF / Power ON using WOL/ Reboot and many other functions.

I will write about them later . . .


TIPs:

Enabling receive-enabled via script

Receive Enabled turns off auto when the router reboots [it was observed in 5.x version no idea about later versions]. You can schedule a script that runs on every reboot and after 15 minutes of interval.

Below is a simple command to enable the receiving via terminal manually.

/tool sms set receive-enabled=yes

Now we will create script and add scheduler, We will use terminal to do the task quickly.

/system script add name=enable-sms-rec policy=\
    ftp,reboot,read,write,policy,test,winbox,password,sniff,sensitive,api \
    source="/tool sms set receive-enabled=yes;"

Now add scheduler so this script runs periodically after 15 minutes each. and on start up also.

/system scheduler
add comment="execute enable-sms-rec script" disabled=no interval=15m name=\
    "execute enable-sms-rec script" on-event=enable-sms-rec policy=\
    ftp,reboot,read,write,policy,test,winbox,password,sniff,sensitive,api \
    start-time=startup

Using NETWATCH tool to monitor your WAN connectivity

You can configure NETWATCH to monitor any WAN ip , for example Google dns, when it will timeout, it can can trigger script that can send sms so you can be aware about your WAN connectivity.

For example:

/tool netwatch
 add disabled=no down-script=”/sys script run down” host=8.8.8.8 \
 interval=5m timeout=1s up-script=”/sys script run up”

/system script
 add name=down policy=\
 ftp,reboot,read,write,policy,test,winbox,password,sniff,sensitive,api \
 source=”/tool sms send message=WAN_DOWN phone-number=03333021909 usb3”"
 add name=up policy=\
 ftp,reboot,read,write,policy,test,winbox,password,sniff,sensitive,api \
 source=”/tool sms send message=WAN_UP phone-number=03333021909 usb3”

Script SAMPLE:

Tto send reboot alert, when mikrotik reboots. schedule it to run on reboot.


# SENDING SMS TO ADMINS FOR RESTART ALERT
:delay 30s
:log error "Sending RESTART ALERT SMS ... by jz"

/tool sms send port=usb3 phone-number=03xxxxx message="ALERT: Mikrotik Routerboard CCR restarted now."  channel=0

Regard’s
Syed Jahanzaib

Howto Block Adult websites using OPENDNS for free :) (with category base filtering support)

Filed under: General IT Related, Mikrotik Related — Tags: , — Syed Jahanzaib / Pinochio~:) @ 10:09 AM

Last day someone asked me howto block Adult websites in mikrotik. There is no builtin way to do it as it involves URL filtering and its not the job of ROUTER to do such task. Dedicated proxy server can do it effectively since they are built for such purposes like caching/URL filtering/redirecting etc.

We are using Microsoft TMG in our organization which filters URL based on category, so its easier for us to just select the required category that we want to block , for example Porn / Gambling / Spywares etc but Microsoft charge for this service on annual basis (Which I guess is about 15$ per user annually) , It does the job perfectly and very efficiently but its not a cost effective solution specially if you dont have much budget to pay Microsoft.

However following is the free, neat and clean method to block almost 99$ of porn web sites using OpenDNS server as your primary DNS server in your router/proxy or even desktop PC.

Use the below DNS server as your primary dns server in mikrotik / isa server / router or even a desktop. If you are using Mikrotik or other Server, make sure clients are using your server ip as there DNS server, because opendns will work only if the client / router is using there dns server. You can also force users to use your DNS server by adding redirect rule so every request for dns should be redirected to your local server.



 

208.67.222.123

208.67.220.123



 

If you are using mikrotik server, then it would look alike something below image . . .

Now if you will try to open any adult web site , it wont open and will give you the default browser ‘Could not open’ error,  or the request will  will be redirected to OpenDNS block page informing you that your request was blocked by OpenDNS.
As showed in the image below . . .

 

123.

You can also show your own page explaining that Adult web sites are blocked and with your Advertisement. For this purpose, you have to enable web.proxy and redirect user traffic to local proxy, then in proxy access, block the http://www.blocked-website.com / block.opendns.com and redirect it to local web server page.



 

 

Category  Base  Filtering …

 

If you have fix public ip address , then you can create account at http://www.opendns.com and then you can do category base filtering.

as showed in the image below …

1 2

 



 

Howto Enable Web Proxy in Mikrotik and redirect opendns error page to local error page.


 


/ip proxy
set always-from-cache=no cache-administrator=webmaster cache-hit-dscp=4 \
cache-on-disk=no enabled=yes max-cache-size=none max-client-connections=\
600 max-fresh-time=3d max-server-connections=600 parent-proxy=0.0.0.0 \
parent-proxy-port=0 port=8080 serialize-connections=no src-address=\
0.0.0.0

/ip proxy access
add action=deny disabled=no dst-host=www.blocked-website.com dst-port="" \
redirect-to=101.11.11.240/nonpayment/nonpayment.htm</pre>

/ip proxy access
add action=deny disabled=no dst-host=opendns.blockdns.com dst-port="" \
redirect-to=101.11.11.240/nonpayment/nonpayment.htm

Replace the 101.11.11.240 and the full path with your local web server.

Now enable NAT rule to redirect user traffic to local proxy.

Now Redirect All User Traffic to Local Proxy


/ip firewall nat
 add action=redirect chain=dstnat disabled=no dst-port=80 protocol=tcp \
 to-ports=8080

Make sure you move this rule in NAT section above the default masquerading rule. so it captures the http traffic & redirect it, before masquerading it to outside world.

As showed in the image below . . .

If you dont want to use proxy for all request, but for only http://www.blocked-website.com , then use the below rule that will only redirect blocked-website.com traffic to local web proxy, all other traffic will go directly.

/ip firewall nat
add action=redirect chain=dstnat disabled=no dst-address=208.69.33.135 \
dst-port=80 protocol=tcp to-ports=8080

Now when the user will try to open any adult web site, he will be redirected to local proxy, and proxy will (using access rules we defined above) redirect the request to our local web server page showing our info page.
As showed in the image below . . .



 



 

How to force users to use specific DNS Server

/ip firewall nat
add chain=dstnat action=dst-nat to-addresses=192.168.1.1 to-ports=53 protocol=tcp dst-port=53
add chain=dstnat action=dst-nat to-addresses=192.168.1.1 to-ports=53 protocol=udp dst-port=53

only udp is required i guess



 

 

Regard’s
Syed Jahanzaib

%d bloggers like this: