Syed Jahanzaib Personal Blog to Share Knowledge !

March 30, 2015

Playing with the Mikrotik’s PCC

Filed under: Mikrotik Related — Tags: — Syed Jahanzaib / Pinochio~:) @ 1:30 PM

 

3


GT_50mbx2


dual-wan-pcclb


Following post is an reference guide or scrapbook, which have working codes for following.

  1. Dual WAN PCC with 2 DSL modems [configured in bridge mode] and dialing is done via mikrotik
  2. Port forwarding various ports [as required] from the internet to local web server
  3. PPPoE Server

Note: I ahve used SOURCE BASE classifier in this example, to avoid common load balancing problems like https links breakup, buffering issues stuck problem etc etc : )

Just to remind this is not a copy paste version. its not complete export version. I modified the data for reference. Read them carefully for better understanding. You can pick any section of your choice or as required. I will add more sections later …


NETWORK DETAiLS :

Mikrotik LAN Interface name = Local
Mikrotik WAN 1 interface name = WAN1
Mikrotik WAN 2 interface name = WAN2

Mikrotik LAN IP Address = 192.168.0.1
WEB Server on LAN side = 192.168.0.10

Mikrotik IP POOL for LAN DHCP = 10.0.0.1/8
Mikrotik IP POOL for PPPoE Users = 172.16.0.0/16

Let’s Start ….

kick




# Syed Jahanzaib / aacable@hotmail.com
# https://aacable.wordpress.com
# Adding IP pool for dhcp and pppoe

/ip pool
add name=pppoe-pool ranges=172.16.0.1-172.16.1.255
add name=dhcp_pool ranges=10.0.0.1-10.0.0.255

# ADD dhcp server

/ip dhcp-server
add address-pool=dhcp_pool authoritative=after-2sec-delay bootp-support=static disabled=no interface=Local lease-time=6h name="ZAIB DHCP SERVER"
/ip dhcp-server config
set store-leases-disk=5m
/ip dhcp-server network
add address=10.0.0.0/8 comment="zaib DHCP SERVER" dhcp-option="" dns-server=192.168.0.1,8.8.8.8 gateway="" ntp-server="" wins-server=""

# Adding dsl pppoe client connections, make sure your dsl modems are in bridge mode.

/interface pppoe-client
add ac-name="" add-default-route=yes allow=pap,chap,mschap1,mschap2 dial-on-demand=no disabled=no interface=WAN1 max-mru=1480 max-mtu=1480 mrru=disabled name=pppoe-out1 password=ISP_DSL_PASSWORD profile=default \
service-name="" use-peer-dns=no user=ISP_DSL_USERNAME
add ac-name="" add-default-route=yes allow=pap,chap,mschap1,mschap2 dial-on-demand=no disabled=no interface=WAN2 max-mru=1480 max-mtu=1480 mrru=disabled name=pppoe-out2 password=ISP_DSL_PASSWORD profile=default \
service-name="" use-peer-dns=no user=ISP_DSL_USERNAME

# Adding PPPoE Default Profile

/ppp profile
add change-tcp-mss=default dns-server=192.168.0.1,8.8.8.8 local-address=192.168.0.1 name=pppoe-profile only-one=yes rate-limit=512k/512k remote-address=pppoe-pool use-compression=default use-encryption=no \
use-mpls=default use-vj-compression=default

# Adding PPPOE Server
/interface pppoe-server server
add authentication=pap default-profile=pppoe-profile disabled=no interface=Local keepalive-timeout=10 max-mru=1480 max-mtu=1480 max-sessions=0 mrru=disabled one-session-per-host=no service-name=service1

# Create address list and add your users pppoe pool and web server ip addresses in this list, later we will use this list as ACL to allow specific users internet access
/ip firewall address-list
add address=172.16.0.1-172.16.1.255 comment="Allowed Users to Use Internet" disabled=no list="allowed users"
add address=192.168.0.10 comment="Allowed Users to Use Internet" disabled=no list="allowed users"

# Now start Mangling /ip firewall mangle

############################################ > Zaib
#  PORT FORWARDING RELATED MANGLE SECTION STARTS
############################################

# This section is related to packet marking for Marking connections/packets arrived at WAN1 link
add action=mark-connection chain=input comment="Mark Connection - IN wan1,OUT wan1 Syed.Jahanzaib" disabled=no in-interface=pppoe-out1 new-connection-mark=pppoe_out1_conn passthrough=yes
add action=mark-routing chain=output comment="Mark Routing - IN wan1,OUT wan1" connection-mark=pppoe_out1_conn disabled=no new-routing-mark=pppoe_out1_traffic passthrough=no

# This section is related to packet marking for Marking connections/packets arrived at WAN2 link
add action=mark-connection chain=input comment="Mark Connection - IN wan2, OUT wan2" disabled=no in-interface=pppoe-out2 new-connection-mark=pppoe_out2_conn passthrough=yes
add action=mark-routing chain=output comment="Mark Routing -  IN wan2,OUT wan2" connection-mark=pppoe_out2_conn disabled=no new-routing-mark=pppoe_out2_traffic passthrough=no

add action=mark-connection chain=forward comment="Mark Connection for new conn - Packet Forward wan1, out wan1" connection-state=new disabled=no in-interface=pppoe-out1 new-connection-mark=pppoe_out1_pfw \
passthrough=no
add action=mark-routing chain=prerouting comment="Mark Packets for new conn - Packet Forward wan1, out wan1" connection-mark=pppoe_out1_pfw disabled=no in-interface=Local new-routing-mark=\
pppoe_out1_traffic passthrough=no

add action=mark-connection chain=forward comment="Mark Connection for new conn - Packet Forward  wan2, out wan2" connection-state=new disabled=no in-interface=pppoe-out2 new-connection-mark=pppoe_out2_pfw \
passthrough=no
add action=mark-routing chain=prerouting comment="Mark Routing for new conn - Packet Forward  wan2, out wan2" connection-mark=pppoe_out2_pfw disabled=no in-interface=Local new-routing-mark=\
pppoe_out2_traffic passthrough=no

########################
#  GENERAL PCC SECTION
########################

# This section is related to packet marking for general PCC
add action=accept chain=prerouting disabled=no in-interface=pppoe-out1
add action=accept chain=prerouting disabled=no in-interface=pppoe-out2

# Classifier for dual WAN links
add action=mark-connection chain=prerouting disabled=no dst-address-type=!local new-connection-mark=wan1_conn passthrough=yes per-connection-classifier=src-address:2/0 src-address-list="allowed users"
add action=mark-connection chain=prerouting disabled=no dst-address-type=!local new-connection-mark=wan2_conn passthrough=yes per-connection-classifier=src-address:2/1 src-address-list="allowed users"

add action=mark-routing chain=prerouting connection-mark=wan1_conn disabled=no new-routing-mark=to_wan1 passthrough=yes src-address-list="allowed users"
add action=mark-routing chain=prerouting connection-mark=wan2_conn disabled=no new-routing-mark=to_wan2 passthrough=yes src-address-list="allowed users"

##########################################################
#  NAT / DST-NAT / MASQUERADE SECTION / PORT FORWARD
##########################################################

/ip firewall nat

###  Route WEB Port from wan links to local web server IP/PORT
add action=dst-nat chain=dstnat comment="Route WEB Server Port 80 from INTERNET LINK1" disabled=no dst-port=80 in-interface=pppoe-out1 protocol=tcp to-addresses=192.168.0.10 to-ports=80
add action=dst-nat chain=dstnat comment="Route WEB Server Port 80 from INTERNET LINK2" disabled=no dst-port=80 in-interface=pppoe-out2 protocol=tcp to-addresses=192.168.0.10 to-ports=80

### Allow internet access/masquerade to allowed users list only (ACL)
add action=masquerade chain=srcnat disabled=no out-interface=pppoe-out1 src-address-list="allowed users"
add action=masquerade chain=srcnat disabled=no out-interface=pppoe-out2 src-address-list="allowed users"

##################################################
#  ROUTE SECTION FOR PCC AND PORT FORWARD PACKETS
##################################################
# Add routes for general PCC
/ip route
add check-gateway=ping disabled=no distance=1 dst-address=0.0.0.0/0 gateway=pppoe-out1 routing-mark=to_wan1 scope=30 target-scope=10
add check-gateway=ping disabled=no distance=2 dst-address=0.0.0.0/0 gateway=pppoe-out2 routing-mark=to_wan2 scope=30 target-scope=10

# Add routes for IN/OUT port forwarding packets
add disabled=no distance=1 dst-address=0.0.0.0/0 gateway=pppoe-out1 routing-mark=pppoe_out1_traffic scope=30 target-scope=10
add disabled=no distance=1 dst-address=0.0.0.0/0 gateway=pppoe-out2 routing-mark=pppoe_out2_traffic scope=30 target-scope=10

Regard’s
Syed Jahanzaib

Advertisements

March 16, 2015

Windows 7 WEATHER GADGET ‘not working’ workaround!

Filed under: Microsoft Related — Tags: , — Syed Jahanzaib / Pinochio~:) @ 12:40 PM

UPDATE: May, 2015

The method defined in this post is now not working any more. [at the beginning it was working but not anymore] , I will see if alternate methods may work and will update this post in coming week, to see if its working … Insha Allah,  

 


 

 

From past few days, clients reported that Weather gadget stopped working with error “cannot connect to service …

gadgets-not-working

 


 

 

 

After doing some googling, it was revealed that dueto some security concerns Microsoft have discontinued it.  BUT  you can still Enable by following simple steps.

  1. Go to “C:\Users\USERNAME\AppData\Local\Microsoft\Windows Live\Services\Cache”
  2. Edit “Config.xml” by Right Click / EDIT
  3. Now donot change any thing & simply save it (CTRL+S or FILE -> Save) [without doing any modification]
  4. After 1-2 MINUTES, Restart the Gadget!

 

 

It will work Insha Allah !!!!

 

gadgets-working


 

 

Regard’s
Syed Jahanzaib

March 10, 2015

Extending Linux Partition in VMWARE ESXI

Filed under: Linux Related — Tags: , — Syed Jahanzaib / Pinochio~:) @ 4:36 PM

Reference Guide to extend partition size in Linux hosted on vmware

TASK: Linux (Centos) is hosted in Vmware  , Current size of disk is 10 GB, and we want to expand it to 15 GB.

First turn off the guess linux OS. and take its properties and extend the disk as showed in the image below…

 

1

2

Click on EXPAND and it will take some time to complete the operation …

.

once its completed, power ON the guest Linux.


 

 

Add a new partition with the free space of the virtual disk.

fdisk  /dev/sda

press n            < To add new partition
press p            < Select type PRIMARY
press 3            < Type number for new part…
(when it will ask for sectors numbers/values, pres Enter twice for default values)
press t            < To change partition type value
press 3           < Select partition number
press 8e         < Type 8e
press w          <type ‘w’ to write changes to disk

at end you will see following message…

The partition table has been altered!

As showed in the image below …

fdisk-gui

REBOOT THE GUEST OS NOW …

reboot


 

after reboot completes, Now, create a new physical volume from the new partition, issue following command two times

pvcreate /dev/sda3
pvcreate /dev/sda3

  Physical volume "/dev/sda3" successfully created

 

 

Then extend the existing volume group, you may want to use vgdisplay to list and identify the volume groups you have.

vgdisplay

vgdisplay
--- Volume group ---
VG Name               vg_radius
System ID
Format                lvm2
Metadata Areas        1
Metadata Sequence No  3
VG Access             read/write
VG Status             resizable
MAX LV                0
Cur LV                2
Open LV               2
Max PV                0
Cur PV                1
Act PV                1
VG Size               9.51 GiB
PE Size               4.00 MiB
Total PE              2434
Alloc PE / Size       2434 / 9.51 GiB
Free  PE / Size       0 / 0
VG UUID               MzawqN-X33a-e5AY-QxE4-WFHV-r5mh-IM4MuT

4

.

Now look at VG NAME value, note it down… (Your might be different)

vgextend vg_radius /dev/sda3

 Volume group "vg_radius" successfully extended

 

Now, extend the logical volume, again, use vgdisplay to list and identify the logical volumes you have.

lvextend /dev/vg_radius/lv_root  /dev/sda3

 Extending logical volume lv_root to 13.50 GiB
Logical volume lv_root successfully resized

 

And finally, resize the filesystem in the logical volume

resize2fs /dev/vg_radius/lv_root

 resize2fs 1.41.12 (17-May-2010)
Filesystem at /dev/vg_radius/lv_root is mounted on /; on-line resizing required
old desc_blocks = 1, new_desc_blocks = 1
Performing an on-line resize of /dev/vg_radius/lv_root to 3539968 (4k) blocks.
The filesystem on /dev/vg_radius/lv_root is now 3539968 blocks long.


 

Now check the new DISK SIZE in Action !!! ; ) ALHAMDOLILLAH

df -h

 Filesystem                     Size  Used Avail Use% Mounted on
/dev/mapper/vg_radius-lv_root   14G  897M   12G   7% /
tmpfs                          504M     0  504M   0% /dev/shm
/dev/sda1                      485M   31M  430M   7% /boot

 

after-size-increases-

 


 

 

Regard’s
Syed Jahanzaib

March 9, 2015

Mikrotik: WAN Data Monitoring via Scripting

Filed under: Mikrotik Related — Tags: , , , , — Syed Jahanzaib / Pinochio~:) @ 12:08 PM

mail for wan total.JPG

This script was made for Mikrotik (tested with 6.40.x firmware). It will record interface sent/received Bytes using firewall filter rule approach and store it in a file so that in case of router reboot , it can recover last data form the file. It will also send daily email on data usage once the date changes.

Note: Some variables are commented because i scheduled this script to run after evrey 5 minutes resulting in LOG entries every 5 mints , you can un-comment them to get useful information 

Hope it will help you. Leave your comments …

Regard’s
Syed Jahanzaib



 

Benefit of using scripting method is that it can save values in a text file, so even if a route reboots, the script can retrieve last recorded data form the text file , that’s the biggest advantage for DCN 😉 YKWIM

 

 


 

1- Script [name ‘wan-total’]

Set this script in scheduler to run every 5 minutes.


# Script to collect WAN DATA USAGE by FILTER rules, and send Daily email to admin.
# And reset the counters on daily basis in night. it will preserve the data in a file even if the router reboots.
# Syed Jahanzaib / aacable @ hotmail . com
# https://aacable.wordpress.com
# 23-MAY-2016
# Last updated: 15-SEP-2017

# Make sure you add two firewall rules as showed below so that script can take bytes from it and reset it when date changes.
# Change the interface name accordingly, and make sure to enter the matching comments too.
# /ip firewall filter
#add action=passthrough chain=forward comment=WAN-IN in-interface=sfp1
#add action=passthrough chain=forward comment=WAN-OUT out-interface=sfp1

# Set comments for firewall filter rules, change them as required
# Interface name
:local INT
:local INT "sfp1"
:local WAN1INCOMMENT
:local WAN1OUTCOMMENT
# Comment name
:local WAN1INCOMMENT "WAN_1_IN"
:local WAN1OUTCOMMENT "WAN_1_OUT"
:local TOTAL
:local TOTALKB
:local TOTALMB
:local TOTALGB
:local TOTALTB
:local TOTVALUEHUMANREADABLE
:local BYTESOUT [/ip firewall filter get [/ip firewall filter find comment="$WAN1INCOMMENT"] bytes]
:local BYTESIN [/ip firewall filter get [/ip firewall filter find comment="$WAN1OUTCOMMENT"] bytes]

# Setting variables
:local curDate [/system clock get date]
:local curYear [:pick $curDate 7 13]
:local curMon [ :pick $curDate 0 3 ]
:local curDay [:pick $curDate 4 6]
:local CURRENTDATE "$curDay$curYear"
:local COMPANY "Z COMPANY"
:local date
:local time
:set date [/system clock get date];
:set time [/system clock get time];

# SET GMAIL for sending email, make sure you have configured in /TOOLS,EMAIL option of mikrotik.
:global gmailsmtp
:set gmailsmtp [:resolve "smtp.gmail.com"];
# Set your GMAIL Account ID Password
:local gmailid
:local gmailpass
:set gmailid YOUR_GMAIL_ID@gmail.com
:set gmailpass GMAIL_PASSWORD
# Set your email where you want to receieve the alert
:local mailsendto
:set mailsendto aacableAThotmail.com

# # # # #
# Starting Script Functions
# # # # #

# If script is running for the first time, then it should create files, and dump zero data in it
:if ([:len [/file find name="counter.txt"]] > 0) do={
#:log warning "Previous Data found, script is not running forthe first time...";
} else {
:log warning "It seems the script is running for the first time. creating necessary files to store counters..";
/file print file=counter.txt where name=counter.txt
/delay delay-time=2;
/file set counter.txt contents="0";
/delay delay-time=2;
/file print file=counterslastupdate.txt where name=counter.txt
/delay delay-time=2;
/file set counterslastupdate.txt contents="0";
/delay delay-time=2;
/file print file=counterslastupdatenormalformat.txt where name=counter.txt
/delay delay-time=2;
/file set counterslastupdatenormalformat.txt contents="0";
/delay delay-time=2;
/file set counterslastupdate.txt contents=$CURRENTDATE
/delay delay-time=2;
/file set counterslastupdatenormalformat.txt contents=$curDate
/delay delay-time=2;
};

# Setting variables
:local LASTUPDATEDATE value=[/file get counterslastupdate.txt contents]
:local LASTUPDATEDATENORMAL value=[/file get counterslastupdatenormalformat.txt contents]

# Update counters last update with current date time
/file set counterslastupdate.txt contents=$CURRENTDATE

# Calculate data in MB to be displayed in LOG and email
:set $TOTAL ($BYTESOUT+$BYTESIN)
:set $TOTALKB ($TOTAL / 1024)
:set $TOTALMB ($TOTAL / 1024 / 1024)
:set $TOTALGB ($TOTAL / 1024 / 1024 /1024)
:set $TOTALTB ($TOTAL / 1024 / 1024 /1024 /1024)

# Formula to show data in KB/MB/GB/TB
if (($TOTAL>1) && ($TOTAL<1000000)) do={
#:log warning "Data is in KB - $TOTAL"
:set $TOTVALUEHUMANREADABLE "$TOTALKB KB"
}
if (($TOTAL>1000000) && ($TOTAL<1000000000)) do={
#:log warning "Data is in MB - $TOTALMB"
:set $TOTVALUEHUMANREADABLE "$TOTALMB MB"
}
if (($TOTAL>1000000000) && ($TOTAL<1000000000000)) do={
#:log warning "data is in GB - $TOTALGB"
:set $TOTVALUEHUMANREADABLE "$TOTALGB GB"
}
if ($TOTAL>1000000000000) do={
#:log warning "data is in TB - $TOTALTB"
:set $TOTVALUEHUMANREADABLE "$TOTALTB TB"
}

# Show log , good for debug purposes
#:log info ( "Traffic out = " . $BYTESOUT . " bytes" )
#:log info ( "Traffic in = " . $BYTESIN . " bytes" )
#:log warning ( "TOTAL TRAFFIC = " . $TOTAL. " bytes" )
#:log warning "$TOTVALUEHUMANREADABLE have been downloaded via $INT link on $curDate"

# If date is changed (usually in night) , then send email using GMAIL , with the Data
:if ($CURRENTDATE = $LASTUPDATEDATE) do={
#:log warning "Date not changed. No need to send email."

} else {
:log warning "DATE changed, sending email for last day data usage and also reset the Firewall Counters ..."
# Set Email Subject
:local es "$[/system identity get name] - $TOTALMB MB downloaded via $INT link."
# Set Email Body
:local eb "$[/system identity get name] \n\n$TOTVALUEHUMANREADABLE were downloaded via $INT link. \n\n $COMPANY"
# Finally send email
/tool e-mail send to=$mailsendto subject=$es body=$eb start-tls=yes user=$gmailid password=$gmailpass

# Reset the firewall counters if date change is detected / zaib
/ip firewall filter reset-counters [find comment=$WAN1INCOMMENT ]
/ip firewall filter reset-counters [find comment=$WAN1OUTCOMMENT ]
/file set counter.txt contents="0";
};

# If current value is bigger then older, then update the counters,
# Helpfule to save counters, when router reboots.

# Get value from stored data for matching
:local before value=[/file get counter.txt contents]

:if ($TOTAL > $before) do={
/file set counter.txt contents=$TOTAL
} else= {
# Else update both values in the file
:set $TOTAL ($TOTAL+$before)
/file set counter.txt contents=$TOTAL
};

# Update Date time stamp in both files / zaib
/file set counterslastupdate.txt contents=$CURRENTDATE
/file set counterslastupdatenormalformat.txt contents=$curDate

# Regard's
# Syed Jahanzaib

ME

%d bloggers like this: