Syed Jahanzaib Personal Blog to Share Knowledge !

December 30, 2015

2015 in review

Filed under: Uncategorized — Syed Jahanzaib / Pinochio~:) @ 8:43 AM

The WordPress.com stats helper monkeys prepared a 2015 annual report for this blog.

Here’s an excerpt:

The Louvre Museum has 8.5 million visitors per year. This blog was viewed about 1,300,000 times in 2015. If it were an exhibit at the Louvre Museum, it would take about 56 days for that many people to see it.

Click here to see the complete report.

December 18, 2015

ACCESS DSL MODEM PAGE IN BRIDGE MODE

Filed under: Mikrotik Related — Tags: , — Syed Jahanzaib / Pinochio~:) @ 11:29 AM

bridge

ACCESS DSL MODEM PAGE IN BRIDGE MODE (FROM INTERNET , or local)

As asked by many, here is the short code.

Mikrotik WAN Interface IP = 192.168.2.10
[configure in Mikrotik]

Modem LAN IP Interface IP = 192.168.2.1
[configure in Modem]
[as showed in the image below]

 

First configure IP address in the modem LAN so it can be accessed by Mikrotik.

As showed in the image below …

1- lan


 

Now add rules in Mikrotik NAT section, and move them on TOP

/ip firewall nat
add action=masquerade chain=srcnat comment="Masquerade request going to access DSL Panel/zaib" dst-address=192.168.20.10

add action=dst-nat chain=dstnat comment="Route vdsl modem panel request from internet to local modem - dst-port 1234 to port 80 of modem/zaib" dst-port=1234 in-interface=pppoe-out1 protocol=tcp to-addresses=192.168.2.1 to-ports=80

.

Now you can access modem panel from the internet by

http://your_wan_ip_or_host:1234

or from LAN

http://your_modem_local_ip

Note: You can create ACL to restrict access.

December 14, 2015

Manage Cisco Ports from PHP/VBS/BASH or incoming SMS using kannel/playSMS


linux


 

NOTE:
I am documenting this port just for references purposes. not for everyone. it do requires
some really good knowledge of bash scripting and cisco. These scripts were designed
for very specific network with very targeted requirements. It may not run in your 
network as its really customized and made exclusively for that particular 
network to facilitate terminal and SMS base execution. I will add few sections later
like php and playSMS/kannel.
Regard's
Syed Jahanzaib / 14-DEC-2015 / 1030 hours

 

Scenario:

Two Cisco 3750-E switches are installed in local area. SSH/TELNET access is enabled.
SNMP is also enabled with profile name ‘public‘.

Requirements:

Sometimes any port gets auto shut dueto flooding or manually by admin for management purposes.  It is required that admin can disable or enable any port by using BASH script. Later it should be integrated with SMS using existing KANNEL gateway via playSMS app. so that admin can send an sms to his KANNEL gateway with the parameters and then system can act upon it as directed. in ubuntu, ‘EXPECT’ package is also installed which will be required in executing helper scripts so take a note of it.

SCRIPTS:

It requires 3 scripts.

master.sh
It will act as launcher which will check for 3 variables validity.It will also check the switch availability via ping, it will check for port status before doing any action and will act accordingly.

ciscoup.sh     [helper script for master]
It will SSH to cisco switch and execute shut/noshut command to turn the PORT UP.

ciscodown.sh     [helper script for master]
It will SSH to cisco switch and execute shut command to turn the PORT DOWN.

 

SCRIPT Example

./master.sh switch_number port_number ACTION_required

./master.sh SW1 24 DOWN
./master.sh SW1 24 UP


master.sh

#!/bin/bash
# Script to manage CISCO 3750/xxxx model switch via bash script.
# It can print all errors related to script, it can perform given Action like UP/DOWN for any given port on require switch.
# Comes handy like you can integrate it with PHP  or any frontend.
# I made it for specific network where OP wanted to UP/DOWN the PORT via sending SMS to linux base system, and it will perform
# action as directed.
# Syed Jahanzaib
# aacable at hotmail dot com
# https://aacable.wordpress.com
# Created = 11-DEC-2015
# Last Mofidied = 11-DEC-2015

# Enable set -x to enable SCRIPT DEBUG mode.
#set -x

# Setting various Variables

# SWITCH IP Address VALUE
# Check VAR1 and match value with valid data
if [ "$1" != "SW1" ] && [ "$1" != "SW2" ];
then
echo "Switch Value must be SW1 or SW2
Usage Example:

./master.sh SW1 24 UP"

exit 1; fi

# SWITCH IP ADDRESSES. CHANGE IT AS REQUIRED / ZAIB
SW1IP="192.168.0.1"
SW2IP="192.168.0.2"

###########################################
# MAKE SURE YOU CHANGE THIS OID AS REQUIRED. SOME SWITCHES LIKE MB/GB MAY HAVE DIFFERNT OID IN UR NETWORK.
PORTOID="1.3.6.1.2.1.2.2.1.8.101"
# To get Port description, friendly text for port
PORTDESC="1.3.6.1.2.1.31.1.1.1.18.101"

# SWITCH IP variable
# Check VAR1 and match value with valid data
if [ "$1" = "SW1" ] ; then
SWITCH="$SW1IP"
fi

if [ "$1" == "SW2" ] ; then
SWITCH="$SW2IP"
fi

# SWITCH Variable
# Check VAR1 and match value with valid data
PORT="$2"
if [[ "$PORT" =~ ^[0-9]+$ ]] && [[ "$PORT" -le 48 ]] ; then
echo
else
echo "PORT value not correct. It must be in numeric format like 01 upto max 48 etc
Usage Example:

./master.sh SW1 24 UP"

exit 1; fi

# ACTION Variable
# Check VAR1 and match value with valid data
ACTION="$3"

if [ "$ACTION" != "UP" ] && [ "$ACTION" != "DOWN" ];
then
echo "Action Value not correct, it must be either UP or DONW
Usage Example:

./master.sh SW1 24 UP"

exit 1; fi

# Check PING status of switch.
# Check if Mikrotik is accessibel or not, if not then EXIT immediately with error / zaib
if [[ $(ping -q -c 2 $SWITCH) == @(*100% packet loss*) ]]; then
echo "ALERT ..... $SWITCH is DOWN. cannot process further. check connectivity."
exit
else
echo "$SWITCH is accessible OK."
fi

# Port Description infor to get more accurate idea about port info
DESCR=`snmpwalk -v1 -c public $SWITCH $PORTDESC$PORT | sed -e 's/\"//' | sed -e 's/\"//' | awk '{print $4,$5,$6,$7,$8,$9}'`

# Print Data gaterhed
echo -e "Command Data Received.
SWITCH = $1 = $SWITCH
PORT = $PORT
PORT DESCR = $DESCR
REQUIRED ACTION = $ACTION"

# Query Present / Current PORT Status
PORTQUERY=`snmpwalk -v1 -c public $SWITCH $PORTOID$PORT | awk '{print $4}'`
RESULT="$PORTQUERY"
if [ "$RESULT" == "1" ]; then
PRESULT="UP"
echo -e "PORT Current Status = $PRESULT"
else
PRESULT="DOWN"
echo -e "PORT Current Status = $PRESULT"
fi

# Match condition. If Action required is UP and port is already UP, then NO ACTION, just exit.
PORTQUERY=`snmpwalk -v1 -c public $SWITCH $PORTOID$PORT | awk '{print $4}'`
RESULT="$PORTQUERY"
if [ "$RESULT" == "1" ] && [ "$ACTION" == 'UP' ];
then
echo "Port $PORT is already UP. No action is required. Exiting ..."
fi

# Match condition. If Action required is UP and port is DOWN , then run UP script.
if [ "$RESULT" == "2" ] && [ "$ACTION" == 'UP' ];
then
echo -e "PORT $PORT $PRESULT. doing UP Action..."
/temp/ciscoup.sh  $SWITCH $PORT $ACTION
#> /dev/null 2>&1
fi

# Match condition. If Action required is DOWN and port is also DOWN , then NO ACTION, Just EXIT.
if [ "$RESULT" == "2" ] && [ "$ACTION" == 'DOWN' ];
then
echo "PORT $PORT is already DOWN, no action required. Exiting ..."
fi


# Match condition. If Action required is DOWN and port is UP , then eyb UP script.
if [ "$RESULT" == "1" ] && [ "$ACTION" == 'DOWN' ];
then
echo "Doing DOWN Action..."
/temp/ciscodown.sh $SWITCH $PORT $ACTION
#> /dev/null 2>&1
fi

# PRINT Final Status (after the above actions are done, so we can have idea whats the final result)
PORTQUERY=`snmpwalk -v1 -c public $SWITCH $PORTOID$PORT | awk '{print $4}'`
RESULT="$PORTQUERY"
if [ "$RESULT" == "1" ]; then
echo
echo "FINAL RESULT = UP
~~~~~~~~~~~~~~~~~"

else
echo
echo "FINAL RESULT = DOWN
~~~~~~~~~~~~~~~~~"
fi

# SCRIPT END.
# EXIT
# JZ

ciscodown.sh [make sure you change username and password to match your switch credentials]

#!/usr/bin/expect -f
set timeout 20
set IPaddress [lindex $argv 0]
set Username "zaib"
set Password "zaib"
set PORT [lindex $argv 1]

spawn ssh -o "StrictHostKeyChecking no" $Username@$IPaddress

expect "*assword: "
send "$Password\r"

expect ">"

send "enable\r"
expect "*assword: "
send "$Password\r"


send "conf term\r"


send "interface gigabitEthernet 1/0/$PORT\r"
expect "#"

send "shut\r"
expect "#"

send "exit\r"
expect "#"
send "exit\r"

send "wr\r"
send "exit\r"

# Exit Script
exit

ciscoup.sh [make sure you change username and password to match your switch credentials]

#!/usr/bin/expect -f
set timeout 20
set IPaddress [lindex $argv 0]
set Username "zaib"
set Password "zaib"
set PORT [lindex $argv 1]

spawn ssh -o "StrictHostKeyChecking no" $Username@$IPaddress

expect "*assword: "
send "$Password\r"

expect ">"

send "enable\r"
expect "*assword: "
send "$Password\r"


send "conf term\r"


send "interface gigabitEthernet 1/0/$PORT\r"
expect "#"

send "shut\r"
expect "#"

send "no shut\r"
expect "#"

send "exit\r"
expect "#"
send "exit\r"

expect ">"
send "wr\r"
send "exit\r"

# Exit Script
exit

RESULTS SCREENSHOT

down-switch

 

.

UP

DONE!

T.C


 

WINDOWS VBS TO EXECUTE PORT COMMAND, EXMAPLE ONLY

create file on your windows desktop or in any folder

cisco.vbs

paste the following contents in it.


set  WshShell = WScript.CreateObject("WScript.Shell")
WshShell.Run "cmd"
WScript.Sleep 300
WshShell.AppActivate "C:\Windows\system32\cmd.exe"
WScript.Sleep 300
WshShell.SendKeys "telnet 192.168.0.1{ENTER}"
WScript.Sleep 300
WshShell.SendKeys "zaib"
WshShell.SendKeys "{ENTER}"
WScript.Sleep 300
WshShell.SendKeys "zaib"
WshShell.SendKeys "{ENTER}"
WScript.Sleep 300
WshShell.SendKeys "enable"
WshShell.SendKeys "{ENTER}"
WScript.Sleep 300
WshShell.SendKeys "zaib"
WshShell.SendKeys "{ENTER}"
WScript.Sleep 300

WshShell.SendKeys "configure terminal"
WshShell.SendKeys "{ENTER}"
WScript.Sleep 300
WshShell.SendKeys "interface gigabitEthernet 1/0/24"
WshShell.SendKeys "{ENTER}"
WScript.Sleep 300

WshShell.SendKeys "shut"
WshShell.SendKeys "{ENTER}"
WScript.Sleep 300

WshShell.SendKeys "exit"
WshShell.SendKeys "{ENTER}"
WScript.Sleep 300

WshShell.SendKeys "exit"
WshShell.SendKeys "{ENTER}"
WScript.Sleep 300

WshShell.SendKeys "wr"
WshShell.SendKeys "{ENTER}"
WScript.Sleep 300

WshShell.SendKeys "exit"
WshShell.SendKeys "{ENTER}"
WScript.Sleep 300

Adjust the key stroke as required. some switches access requires user name and password both, and some requires only password. SO YOU MUST SET THE CONTENTS ACCORDINGLY. best is to open command prompt and run script in cmd so that you can see the errors.  DON’T INTERRUPT after RUNNING THE FILE.

Screenshot.

vbs


 

 

Regard’s
Syed Jahanzaib

December 1, 2015

DYNU Script for Mikrotik (free dynamic dns script)

Filed under: Mikrotik Related — Tags: , , , — Syed Jahanzaib / Pinochio~:) @ 4:04 PM

logo

An alternate to changeip.com (free ddns) with more features.

From few days , we were having issues in updating our mikrotik/linux base machines dynamic ip to free ddns service like changeip.com, therefore today I tested DYNU as an alternate and it worked very good. we can use it as backup or primary ddns service for our mikrotik routers.

First create account at http://www.dynu.com, add your required host. and then add script and schedule it to run after every 5  (or xx) minutes

Mikrotik Script for dynu ddns.

The below script is working 100% on Mikrotik 5.x and 6.x versions.
[Tested as of now / 1st-DEC-2015]

(You can copy paste following code in mikrotik by going to SYSTEMS / SCRIPTS / CLICK ON + sign to add script, and paste following.

NOTE: MAKE SURE YOU CHANGE THE REQUIRED FIELDS BEFORE DEPLOYMENT.

SCRIPT NAME: “DYNU”

1- SCRIPT FOR DSL MODEM IN BRIDGE MODE, MIKROTIK HAVE THE PUBLIC IP ADDRESS AT WAN INTERFACE.

(FOR BRIDGE MODE, PUBLIC IP IS DIRECTLY ON MIKROTIK WAN INTERFACE)


##############################################
# DYNU SCRIPT for Mikrotik , DSL Modem BRIDGE MODE, 
# Wan dialing is done by mikrotik so public ip is on mikrotik directly
# CHANGE THE FOLLOWING ACCORDING TO YOUR CREDENTIALS
# Syed Jahanzaib / aacable at hotmail dot com
# ####################################################

:global ddnsuser DYNU_USER
:global ddnspass "DYNU_PASSWORD"
:global theinterface "WAN_INTERFACE_NAME"
:global ddnshost "YOUR_DYNU_HOSTNAME.dynu.com"

#### Donot change below this line ####

:global ipddns [:resolve $ddnshost];
:global ipfresh [ /ip address get [/ip address find interface=$theinterface ] address ]
:if ([ :typeof $ipfresh ] = nil ) do={
:log info ("DynuDDNS: No IP address on $theinterface .")
} else={
:for i from=( [:len $ipfresh] - 1) to=0 do={
:if ( [:pick $ipfresh $i] = "/") do={
:set ipfresh [:pick $ipfresh 0 $i];
}
}
:if ($ipddns != $ipfresh) do={
:log info ("DynuDDNS: IP-Dynu = $ipddns")
:log info ("DynuDDNS: IP-Fresh = $ipfresh")
:log info "DynuDDNS: Update IP needed, Sending UPDATE...!"
:global str "/nic/update?hostname=$ddnshost&myip=$ipfresh"
/tool fetch address=api.dynu.com src-path=$str mode=http user=$ddnsuser password=$ddnspass dst-path=("/Dynu.".$ddnshost)
:delay 1
:global str [/file find name="Dynu.$ddnshost"];
/file remove $str
:global ipddns $ipfresh
:log info "DynuDDNS: IP updated to $ipfresh!"
} else={
:log info "DynuDDNS: dont need changes";
} }

####################################################

Now run it and watch the results.


3


 

2- SECOND SCRIPT FOR DSL MODE, MIKROTIK IS CONNECTED TO INTERNET BEHIND DSL. (NAT)

 


########################################
# DYNU DNS Script for Mikrotik Behind DSL
# 14th JAN-2015
# Syed Jahanzaib / aacable at hotmail dot com
# ####################################################


# get the current IP address from the internet (in case of double-nat)

/tool fetch mode=http address="checkip.dyndns.org" src-path="/" dst-path="/dyndns.checkip.html"
:local result [/file get dyndns.checkip.html contents]

# parse the current IP result
:local resultLen [:len $result]
:local startLoc [:find $result ": " -1]
:set startLoc ($startLoc + 2)
:local endLoc [:find $result "</body>" -1]
:local currentIP [:pick $result $startLoc $endLoc]
#:log warning "UpdateDynDNS: currentIP = $currentIP"

######################################################

:global ddnsuser DNSUSERNAME
:global ddnspass "DNSPASSWORD"
:global ddnshost "YOURHOST.dynu.com"
:global ipddns [:resolve $ddnshost];
#:global ipddns 1.2.3.4

:if ($ipddns != $currentIP) do={
:log info ("DynuDDNS: IP-Dynu = $ipddns")
:log info ("DynuDDNS: IP-Fresh = $currentIP")
:log info "DynuDDNS: Update IP needed, Sending UPDATE...!"
:global str "/nic/update?hostname=$ddnshost&myip=$currentIP"
/tool fetch address=api.dynu.com src-path=$str mode=http user=$ddnsuser password=$ddnspass dst-path=("/Dynu.".$ddnshost)
:delay 1
:global str [/file find name="Dynu.$ddnshost"];
/file remove $str
:global ipddns $currentIP
:log info "DynuDDNS: IP updated to $currentIP!"
} else={
:log info "DynuDDNS: dont need changes";
} }

 

To  scheudle it to run every 5 minutes , use


/system scheduler
add disabled=no interval=5m name=dynu on-event=dynu policy=\
ftp,reboot,read,write,policy,test,winbox,password,sniff,sensitive,api start-date=jan/01/1970 \
start-time=00:00:00


 

Regard’s

Syed Jahanzaib

 

Blog at WordPress.com.

%d bloggers like this: