Syed Jahanzaib Personal Blog to Share Knowledge !

March 30, 2015

Playing with the Mikrotik’s PCC

Filed under: Mikrotik Related — Tags: — Syed Jahanzaib / Pinochio~:) @ 1:30 PM

 

3


GT_50mbx2


dual-wan-pcclb


Following post is an reference guide or scrapbook, which have working codes for following.

  1. Dual WAN PCC with 2 DSL modems [configured in bridge mode] and dialing is done via mikrotik
  2. Port forwarding various ports [as required] from the internet to local web server
  3. PPPoE Server

Note: I ahve used SOURCE BASE classifier in this example, to avoid common load balancing problems like https links breakup, buffering issues stuck problem etc etc : )

Just to remind this is not a copy paste version. its not complete export version. I modified the data for reference. Read them carefully for better understanding. You can pick any section of your choice or as required. I will add more sections later …


NETWORK DETAiLS :

Mikrotik LAN Interface name = Local
Mikrotik WAN 1 interface name = WAN1
Mikrotik WAN 2 interface name = WAN2

Mikrotik LAN IP Address = 192.168.0.1
WEB Server on LAN side = 192.168.0.10

Mikrotik IP POOL for LAN DHCP = 10.0.0.1/8
Mikrotik IP POOL for PPPoE Users = 172.16.0.0/16

Let’s Start ….

kick




# Syed Jahanzaib / aacable@hotmail.com
# https://aacable.wordpress.com
# Adding IP pool for dhcp and pppoe

/ip pool
add name=pppoe-pool ranges=172.16.0.1-172.16.1.255
add name=dhcp_pool ranges=10.0.0.1-10.0.0.255

# ADD dhcp server

/ip dhcp-server
add address-pool=dhcp_pool authoritative=after-2sec-delay bootp-support=static disabled=no interface=Local lease-time=6h name="ZAIB DHCP SERVER"
/ip dhcp-server config
set store-leases-disk=5m
/ip dhcp-server network
add address=10.0.0.0/8 comment="zaib DHCP SERVER" dhcp-option="" dns-server=192.168.0.1,8.8.8.8 gateway="" ntp-server="" wins-server=""

# Adding dsl pppoe client connections, make sure your dsl modems are in bridge mode.

/interface pppoe-client
add ac-name="" add-default-route=yes allow=pap,chap,mschap1,mschap2 dial-on-demand=no disabled=no interface=WAN1 max-mru=1480 max-mtu=1480 mrru=disabled name=pppoe-out1 password=ISP_DSL_PASSWORD profile=default \
service-name="" use-peer-dns=no user=ISP_DSL_USERNAME
add ac-name="" add-default-route=yes allow=pap,chap,mschap1,mschap2 dial-on-demand=no disabled=no interface=WAN2 max-mru=1480 max-mtu=1480 mrru=disabled name=pppoe-out2 password=ISP_DSL_PASSWORD profile=default \
service-name="" use-peer-dns=no user=ISP_DSL_USERNAME

# Adding PPPoE Default Profile

/ppp profile
add change-tcp-mss=default dns-server=192.168.0.1,8.8.8.8 local-address=192.168.0.1 name=pppoe-profile only-one=yes rate-limit=512k/512k remote-address=pppoe-pool use-compression=default use-encryption=no \
use-mpls=default use-vj-compression=default

# Adding PPPOE Server
/interface pppoe-server server
add authentication=pap default-profile=pppoe-profile disabled=no interface=Local keepalive-timeout=10 max-mru=1480 max-mtu=1480 max-sessions=0 mrru=disabled one-session-per-host=no service-name=service1

# Create address list and add your users pppoe pool and web server ip addresses in this list, later we will use this list as ACL to allow specific users internet access
/ip firewall address-list
add address=172.16.0.1-172.16.1.255 comment="Allowed Users to Use Internet" disabled=no list="allowed users"
add address=192.168.0.10 comment="Allowed Users to Use Internet" disabled=no list="allowed users"

# Now start Mangling /ip firewall mangle

############################################ > Zaib
#  PORT FORWARDING RELATED MANGLE SECTION STARTS
############################################

# This section is related to packet marking for Marking connections/packets arrived at WAN1 link
add action=mark-connection chain=input comment="Mark Connection - IN wan1,OUT wan1 Syed.Jahanzaib" disabled=no in-interface=pppoe-out1 new-connection-mark=pppoe_out1_conn passthrough=yes
add action=mark-routing chain=output comment="Mark Routing - IN wan1,OUT wan1" connection-mark=pppoe_out1_conn disabled=no new-routing-mark=pppoe_out1_traffic passthrough=no

# This section is related to packet marking for Marking connections/packets arrived at WAN2 link
add action=mark-connection chain=input comment="Mark Connection - IN wan2, OUT wan2" disabled=no in-interface=pppoe-out2 new-connection-mark=pppoe_out2_conn passthrough=yes
add action=mark-routing chain=output comment="Mark Routing -  IN wan2,OUT wan2" connection-mark=pppoe_out2_conn disabled=no new-routing-mark=pppoe_out2_traffic passthrough=no

add action=mark-connection chain=forward comment="Mark Connection for new conn - Packet Forward wan1, out wan1" connection-state=new disabled=no in-interface=pppoe-out1 new-connection-mark=pppoe_out1_pfw \
passthrough=no
add action=mark-routing chain=prerouting comment="Mark Packets for new conn - Packet Forward wan1, out wan1" connection-mark=pppoe_out1_pfw disabled=no in-interface=Local new-routing-mark=\
pppoe_out1_traffic passthrough=no

add action=mark-connection chain=forward comment="Mark Connection for new conn - Packet Forward  wan2, out wan2" connection-state=new disabled=no in-interface=pppoe-out2 new-connection-mark=pppoe_out2_pfw \
passthrough=no
add action=mark-routing chain=prerouting comment="Mark Routing for new conn - Packet Forward  wan2, out wan2" connection-mark=pppoe_out2_pfw disabled=no in-interface=Local new-routing-mark=\
pppoe_out2_traffic passthrough=no

########################
#  GENERAL PCC SECTION
########################

# This section is related to packet marking for general PCC
add action=accept chain=prerouting disabled=no in-interface=pppoe-out1
add action=accept chain=prerouting disabled=no in-interface=pppoe-out2

# Classifier for dual WAN links
add action=mark-connection chain=prerouting disabled=no dst-address-type=!local new-connection-mark=wan1_conn passthrough=yes per-connection-classifier=src-address:2/0 src-address-list="allowed users"
add action=mark-connection chain=prerouting disabled=no dst-address-type=!local new-connection-mark=wan2_conn passthrough=yes per-connection-classifier=src-address:2/1 src-address-list="allowed users"

add action=mark-routing chain=prerouting connection-mark=wan1_conn disabled=no new-routing-mark=to_wan1 passthrough=yes src-address-list="allowed users"
add action=mark-routing chain=prerouting connection-mark=wan2_conn disabled=no new-routing-mark=to_wan2 passthrough=yes src-address-list="allowed users"

##########################################################
#  NAT / DST-NAT / MASQUERADE SECTION / PORT FORWARD
##########################################################

/ip firewall nat

###  Route WEB Port from wan links to local web server IP/PORT
add action=dst-nat chain=dstnat comment="Route WEB Server Port 80 from INTERNET LINK1" disabled=no dst-port=80 in-interface=pppoe-out1 protocol=tcp to-addresses=192.168.0.10 to-ports=80
add action=dst-nat chain=dstnat comment="Route WEB Server Port 80 from INTERNET LINK2" disabled=no dst-port=80 in-interface=pppoe-out2 protocol=tcp to-addresses=192.168.0.10 to-ports=80

### Allow internet access/masquerade to allowed users list only (ACL)
add action=masquerade chain=srcnat disabled=no out-interface=pppoe-out1 src-address-list="allowed users"
add action=masquerade chain=srcnat disabled=no out-interface=pppoe-out2 src-address-list="allowed users"

##################################################
#  ROUTE SECTION FOR PCC AND PORT FORWARD PACKETS
##################################################
# Add routes for general PCC
/ip route
add check-gateway=ping disabled=no distance=1 dst-address=0.0.0.0/0 gateway=pppoe-out1 routing-mark=to_wan1 scope=30 target-scope=10
add check-gateway=ping disabled=no distance=2 dst-address=0.0.0.0/0 gateway=pppoe-out2 routing-mark=to_wan2 scope=30 target-scope=10

# Add routes for IN/OUT port forwarding packets
add disabled=no distance=1 dst-address=0.0.0.0/0 gateway=pppoe-out1 routing-mark=pppoe_out1_traffic scope=30 target-scope=10
add disabled=no distance=1 dst-address=0.0.0.0/0 gateway=pppoe-out2 routing-mark=pppoe_out2_traffic scope=30 target-scope=10

Regard’s
Syed Jahanzaib

March 16, 2015

Windows 7 WEATHER GADGET ‘not working’ workaround!

Filed under: Microsoft Related — Tags: , — Syed Jahanzaib / Pinochio~:) @ 12:40 PM

UPDATE: May, 2015

The method defined in this post is now not working any more. [at the beginning it was working but not anymore] , I will see if alternate methods may work and will update this post in coming week, to see if its working … Insha Allah,  

 


 

 

From past few days, clients reported that Weather gadget stopped working with error “cannot connect to service …

gadgets-not-working

 


 

 

 

After doing some googling, it was revealed that dueto some security concerns Microsoft have discontinued it.  BUT  you can still Enable by following simple steps.

  1. Go to “C:\Users\USERNAME\AppData\Local\Microsoft\Windows Live\Services\Cache”
  2. Edit “Config.xml” by Right Click / EDIT
  3. Now donot change any thing & simply save it (CTRL+S or FILE -> Save) [without doing any modification]
  4. After 1-2 MINUTES, Restart the Gadget!

 

 

It will work Insha Allah !!!!

 

gadgets-working


 

 

Regard’s
Syed Jahanzaib

March 10, 2015

Extending Linux Partition in VMWARE ESXI

Filed under: Linux Related — Tags: , — Syed Jahanzaib / Pinochio~:) @ 4:36 PM

Reference Guide to extend partition size in Linux hosted on vmware

TASK: Linux (Centos) is hosted in Vmware  , Current size of disk is 10 GB, and we want to expand it to 15 GB.

First turn off the guess linux OS. and take its properties and extend the disk as showed in the image below…

 

1

2

Click on EXPAND and it will take some time to complete the operation …

.

once its completed, power ON the guest Linux.


 

 

Add a new partition with the free space of the virtual disk.

fdisk  /dev/sda

press n            < To add new partition
press p            < Select type PRIMARY
press 3            < Type number for new part…
(when it will ask for sectors numbers/values, pres Enter twice for default values)
press t            < To change partition type value
press 3           < Select partition number
press 8e         < Type 8e
press w          <type ‘w’ to write changes to disk

at end you will see following message…

The partition table has been altered!

As showed in the image below …

fdisk-gui

REBOOT THE GUEST OS NOW …

reboot


 

after reboot completes, Now, create a new physical volume from the new partition, issue following command two times

pvcreate /dev/sda3
pvcreate /dev/sda3

  Physical volume "/dev/sda3" successfully created

 

 

Then extend the existing volume group, you may want to use vgdisplay to list and identify the volume groups you have.

vgdisplay

vgdisplay
--- Volume group ---
VG Name               vg_radius
System ID
Format                lvm2
Metadata Areas        1
Metadata Sequence No  3
VG Access             read/write
VG Status             resizable
MAX LV                0
Cur LV                2
Open LV               2
Max PV                0
Cur PV                1
Act PV                1
VG Size               9.51 GiB
PE Size               4.00 MiB
Total PE              2434
Alloc PE / Size       2434 / 9.51 GiB
Free  PE / Size       0 / 0
VG UUID               MzawqN-X33a-e5AY-QxE4-WFHV-r5mh-IM4MuT

4

.

Now look at VG NAME value, note it down… (Your might be different)

vgextend vg_radius /dev/sda3

 Volume group "vg_radius" successfully extended

 

Now, extend the logical volume, again, use vgdisplay to list and identify the logical volumes you have.

lvextend /dev/vg_radius/lv_root  /dev/sda3

 Extending logical volume lv_root to 13.50 GiB
Logical volume lv_root successfully resized

 

And finally, resize the filesystem in the logical volume

resize2fs /dev/vg_radius/lv_root

 resize2fs 1.41.12 (17-May-2010)
Filesystem at /dev/vg_radius/lv_root is mounted on /; on-line resizing required
old desc_blocks = 1, new_desc_blocks = 1
Performing an on-line resize of /dev/vg_radius/lv_root to 3539968 (4k) blocks.
The filesystem on /dev/vg_radius/lv_root is now 3539968 blocks long.


 

Now check the new DISK SIZE in Action !!! ; ) ALHAMDOLILLAH

df -h

 Filesystem                     Size  Used Avail Use% Mounted on
/dev/mapper/vg_radius-lv_root   14G  897M   12G   7% /
tmpfs                          504M     0  504M   0% /dev/shm
/dev/sda1                      485M   31M  430M   7% /boot

 

after-size-increases-

 


 

 

Regard’s
Syed Jahanzaib

March 9, 2015

Mikrotik: WAN Data Monitoring via Scripting

Filed under: Mikrotik Related — Tags: , , , , — Syed Jahanzaib / Pinochio~:) @ 12:08 PM

DUETO WORDPRESS CODING MESSED UP, THIS POST MAY NOT HELP MUCH, IF YOU NEED INFO ON IT, EMAIL ME AND I WILL PROVIDE NEW SCRIPT.

As requested by few , specially from PK who are using PTCL DSL links and on few packages, PTCL have embossed Quota limit of 300GB (or likewise) and if the user exceed this limit, some penalty or extra charges are added in the monthly bill which is in some cases creates extra financial burden for DCN. Following are few scripts which can help you in this particular case that if the link crosses specific percentage of Quota limit, the link can be disabled, or second link (if available) can be activated or whatever operator chooses can be done by modifying the script action.

[The script idea was taken from the Mikrotik forum but those scripts didn’t performed well, therefore I modified and re-created few sections in some parts ]

Hope it will help you. Leave your comments …

Regard’s
Syed Jahanzaib



 

Scenario:

Two DSL Links , Primary DSL (ether1) have 4mb link with 50 GB data limit, where as secondary (or backup) link (ether2) have 2mbps with no data limit. Our requirement is to use Primary DSL Link which have higher bandwidth capacity and if the 50GB quota is reached to 90%, it should give warning (or email or disable Primary Link interface which have distance value of 1 and ENABLE Secondary Link which have distance value of 2 to auto take over)

Primary DSL = ether1
Secondary DSL = ether2

 


Scripts Description: [Tested with Mikrotik 6.27 Only]

In this example I have created 3 Scripts.

Benefit of using scripting method is that it can save values in a text file, so even if a route reboots, the script can retrieve last recorded data form the text file , that’s the biggest advantage for DCN 😉 YKWIM

1- monitor_data

This script will get gather data from the interface stats and add it to text file which will be later read by second script which does the required action based on the counters in this file

2- check_useage

This script will read values from the text file created by above script, (monitor_data) and act accordingly to either ignore if the data usage is below specific value, and to perform what action if the data usage is above specific value.

3- check_date

This script will check in which the data value should be set to ZERO, usually start of month. So that counters can be reset.

 


 

1- MONITOR_DATA    [To get interface usage data]

Set this script in scheduler to run every hour. (collecting data every hour is reasonable IMHO]

# MONITOR_DATA Script (to get interface usage in file)
# First Part of WAN Data Quota Monitoring System
# Syed Jahanzaib / aacable@hotmail.com
# https://aacable.wordpress.com

# Set WAN interface you want to monitor
:local INT ether1

# Gather Interface RX bytes
:local counter [/interface get $INT rx-byte]

# Set Counter DATA value gathered by Interface RX bytes and add  TX bytes to get combined value
:set $counter ($counter + [/interface get $INT tx-byte])

:local traffic

# If previous data file not found, then create new one
:if ([:len [/file find where name=wandatauseage.txt]] &amp;lt; 1 ) do={
/file print file=wandatauseage.txt where name=wandatauseage.txt;
# Add some delay, for slow or high load routers
/delay delay-time=2;

# Adding Traffic Value in the file

/file set wandatauseage.txt contents=&quot;0&quot;;
};
:local before value=[/file get wandatauseage.txt contents]

:if ($counter &amp;gt; $before) do={
/file set wandatauseage.txt contents=$counter
} else= {
:set $traffic ($counter+$before)
/file set wandatauseage.txt contents=$traffic
};

 


2- check_usage    [To read data usage from file, and act accordingly]

Set this script in scheduler to run every hour or two.

# CHECK_USAGE &amp;gt; CHECK DATA USAGE Script (to read from file and act accordingly)
# Second Part of WAN Data Quota Monitoring System
# Syed Jahanzaib / aacable@hotmail.com
# https://aacable.wordpress.com&amp;lt;/pre&amp;gt;
local traffic ([/file get wandatauseage.txt contents] / 1024 / 1024 / 1024)

# Set the WAN Interface Quota limit in GB
:local limit 50
:local percent ($traffic*100 / $limit)

# Set the percentage as required
:if ($percent &amp;gt;= 90) do={
:log warning &quot;WAN INTERFACE Quota Exceeded 90% of $limit GB / zaib&quot;

# OR Take specific action, either disable interface, change route, email , punch the fun-bags ; ) YKWIM ; ) etc etc
# Example Email like , but first make sure you have configured your email client properly
# /tool e-mail send to=YOUR_EMAIL_ADDRESS subject=&quot;WAN Traffic Quota warning: $percent% reached at $[/system clock get date], $[/system clock get time]&quot; body=&quot;The traffic amount is $traffic GB \r\nThis is $percent% of the monthly limit\r\nQuota Monitor by Z&quot;

}

Example if the quota reaches to its limit.

 

log_warning.

Example of EMAIL if the quota reaches to its limit.

 

email-war


 

3- check-date    [To reset counters in text file, if its 1st of the month]

Set this script in scheduler to run every daily in night at 1:00am, and if it found date to 1st of the month, it will reset the data counter file to zero.

# CHECK_DATE &amp;gt; CHECK DATE and RESET Counters on specific date ...
# Third Part of WAN Data Quota Monitoring System
# Syed Jahanzaib / aacable@hotmail.com
# https://aacable.wordpress.com

if  ([:pick [/system clock get date] ([:find [/system clock get date] &quot;/&quot; ] + 1) 6 ] = &quot;01&quot;) do={/file set wandatauseage.txt contents=&quot;0&quot;}

 


 

 

 

ME

Blog at WordPress.com.

%d bloggers like this: