Syed Jahanzaib Personal Blog to Share Knowledge !

November 8, 2017

TikTik – Script to disconnect hotspot user if its already active in pppoe

Filed under: Mikrotik Related — Syed Jahanzaib / Pinochio~:) @ 1:27 PM

its a weird world we live in !

Fix the root cause that is making issue , dont always go for workarounds

WORKAROUND :

Add this in in Hotspot > User Profile > Default > Scripts > On Login)

# Check if this hotspot user is already logged in on PPPOE on same mikrotik, then kick HOTSPOT
:local uname $user;
:local u;
:foreach u in=[/ppp active find name=$user ] do={
:log warning "$user ID is already active in pppoe. Now disconnecting from HotSpot ... Done!"
:foreach i in=[/ip hotspot active find user=$uname] do= {
/ip hotspot active remove numbers=$i;
}
}

123

.

With some modification you can add script in pppoe login profile as well, which will check if user is already active in hotspot then kick pppoe or hs user.

regard’s
J.

Advertisements

October 31, 2017

Mikrotik with Freeradius/mySQL – Auto MAC Binding on 1st Login – Part 4

Filed under: freeradius, Mikrotik Related, Uncategorized — Tags: , , , — Syed Jahanzaib / Pinochio~:) @ 3:30 PM

mac_auth_radius_mysql

~ Auto Mac Binding via EXEC / PHP in Freeradius 2.x ~
! From the CORE of FREERADIUS !
By
Syed jahanzaib

FREERADIUS WITH MIKROTIK – Part #1

FREERADIUS WITH MIKROTIK – Part #2 

FREERADIUS WITH MIKROTIK – Part #3

FREERADIUS WITH MIKROTIK – Part #4 > You are here 


Personnel Note:

This post is just for demonstration purposes. in production environment you should make your own module and add it in proper relevant places. This post contains just minimalist working config to begin with. Make sure to refine it in prd environment.

This is another post about freeradius. My aim is to let people know that creating your own Radius Billing system is not ROCKET SCIENCE. The only thing required is the ultimate passion to achieve the goal & with the proper googling , reading a LOT, understand logic’s, then you can do all on your own. Just wanted to break the image that most of professionals don’t like to share there knowledge. I strongly encourage to read the FR mailing list and Google


OP Requirements:

[ Sort of Wired one 😉 ]

We have a working Freeradius installation. All users can login to mikrotik which verify user account authentication requests via this radius. All working fine. Now OP wants to add Auto MAC binding feature so that when user first time login to NAS, his MAC should auto binds with his account, so next time if he tries to login from another workstation, he must get access denied.


Components used in this guide:

  • Ubuntu 12.4 / x86
  • Freeradius 2.1.10 [Default apt-get installation]
  • MySQL 5.5.47 [Default apt-get installation]

SOLUTION:

To fulfill such weird requirements, we have to use external program example PHP program (via exec) which will be executed when user gets connect successfully. It will then look in RADCHECK table for this specific user MAC address value name “Calling-Station-Id”. If it’s unable to find it, then it will add the entry so that next time user will login his MAC will be verified by the CHECKVAL module in freeradius to match the mac address. If there is mac address entry, it will simply ignore and process further , will also print message that “MAC Entry already found – z@iB”

First enable the CHECKVAL module in following file > /etc/freeradius/sites-enabled/default

nano /etc/freeradius/sites-enabled/default

Search & uncomment the checkval module. Save & Exit.

Now edit EXEC module file by

nano /etc/freeradius/modules/exec

Remove all previous contents (if its lab testing otherwise be careful editing this file) & paste following

exec {
wait = yes
program = "/usr/bin/php /temp/checkmac.php %{User-Name} %{Calling-Station-Id}"
input_pairs = request
}

Save & Exit.

Now create the php program which will be executed by above module.

mkdir /temp
mkdir /temp/checkmac.php
touch /temp/checkmac.php
nano /temp/checkmac.php

and use following to paste make sure to modify relevant details …

>

checkmac.php contents

<?php
// PHP page to check if MAC is not aleady there for the user, then INSERT it for MAC VALIDATION,
// it will add mac for 1st time login user only
// Syed Jahanzaib / aacable at hotmail dot com
// https://aacable . wordpress . com
// 31-OCT-2017

$link = mysql_connect('localhost', 'root', 'MYSQL-ROOT-PASSWORD');
if (!$link) {
die('Could not connect: ' . mysql_error());
}
// Default DB is radius
mysql_select_db('radius');
// Look for MAC entry for this user
$result=mysql_query("select * FROM radcheck WHERE `UserName`='$argv[1]' AND attribute='Calling-Station-Id' order by Username limit 1");
$val = mysql_num_rows($result);
if ($val > 0) {
printf ("MAC Entry already found by ZAiBBBBBBBBBBBBBBBB");
}
else {
printf ("Seems to be New User, adding its MAC address in table ...");
mysql_query("INSERT into radcheck (UserName, Attribute, op, Value) values ('$argv[1]', 'Calling-Station-Id', ':=', '$argv[2]')");
}
?>

TESTING ….

Start FR in debug mode by freeradius -X and try to login with the test ID from your workstation (or use the radtest or ntradping)


rad_recv: Access-Request packet from host 192.168.0.1 port 42449, id=45, length=188
Service-Type = Framed-User
Framed-Protocol = PPP
NAS-Port = 15728851
NAS-Port-Type = Ethernet
User-Name = "zaib"
Calling-Station-Id = "0C:84:DC:1E:0B:8D"
Called-Station-Id = "service1"
NAS-Port-Id = "ether10"
MS-CHAP-Challenge = 0x49c4549501e07fad5e6dae708bc815ed
MS-CHAP2-Response = 0x0100acaa712e29adad9abb681c5ef666e69300000000000000003cd5a092d7c816de798b7f5d09acba6f04eeed208cd6c19b
NAS-Identifier = "MIKROTIK"
NAS-IP-Address = 192.168.0.1
# Executing section authorize from file /etc/freeradius/sites-enabled/default
+- entering group authorize {...}
++[preprocess] returns ok
++[chap] returns noop
[mschap] Found MS-CHAP attributes. Setting 'Auth-Type = mschap'
++[mschap] returns ok
++[digest] returns noop
[suffix] No '@' in User-Name = "zaib", looking up realm NULL
[suffix] No such realm "NULL"
++[suffix] returns noop
[eap] No EAP-Message, not doing EAP
++[eap] returns noop
[exec] expand: %{User-Name} -> zaib
[exec] expand: %{Calling-Station-Id} -> 0C:84:DC:1E:0B:8D
Exec-Program output: Seems to be New User, adding its MAC address in table ...
Exec-Program-Wait: plaintext: Seems to be New User, adding its MAC address in table ...
Exec-Program: returned: 0
++[exec] returns ok

As you CAN SEE

“Exec-Program output: Seems to be New User, adding its MAC address in table …”

Now see the difference …

RADCHECK TABLE, Before Login …

1- before login

RADCHECK TABLE, After Login …

2- after login ok

When user will login again, radcheck table will be searched, if the mac found it will simply skip the add part and print the statement

[exec] expand: %{User-Name} -> zaib
[exec] expand: %{Calling-Station-Id} -> 0C:84:DC:1E:0B:8D
Exec-Program output: MAC Entry already found
Exec-Program-Wait: plaintext: MAC Entry already found
Exec-Program: returned: 0
++[exec] returns ok

& If the user will login from any other mac/workstation, he will be denied access.

October 19, 2017

Prevent Mikrotik from Chocking with Cisco Inter-Vlan Routing

Filed under: Cisco Related, Mikrotik Related — Tags: , , — Syed Jahanzaib / Pinochio~:) @ 4:50 PM

overload

Disclaimer:
I donot have professional level expertise with the mikrotik & specially Cisco. It’s just personnel R&D that sometimes leads me to a working solution. After posting on the internet, I got some clues & Alhamdoillah it worked !


Scenario: [example]

OP have mini ISP setup. Different areas are connected with Cisco 3750 switch where Vlan(s) for each port is configured. Trunk port is connected with Mikrotik Routerboard where vlan interfaces are configured accordingly. DHCP for each VLAN is configured on the Mikrotik RB which provides different subnet to each vlan with default gateway pointing to each VLAN IP.

PPPoE Server is configured on the RB to facilitate ppp dialing for each vlan. As per policy, user must dial pppoe dialer to connect with the mikrotik PPP server in order to access internet.


Problem:

OP have few media sharing server located on Vlan No 3. When user starts downloading heavy media files from the Vlan No 3, all of his traffic routes via Mikrotik Router which creates load on router.


Solution # 1: [that worked partially]

After some R&D, I implemented following

  • Moved DHCP role to Cisco
  • Setup intervlan routing. enabled ip routing
  • Added default gateway in DHCP options pointing to Cisco local vlan ip respectively

This partially solves the problem. When user join the LAN, he gets IP address from the Cisco dhcp with default gateway to its respective vlan IP. all goes well , communication was happening fine with in vlan without touching the Mikrotik. But as soon as users dial the PPPOE dialer, his traffic starts routing via Mikrotik . after some troubleshooting it appears that when user dials pppoe dialer, his routes changes and ppp gets preference over other routes which force all traffic to go via RB.

As showed in the image below …

Load on Trunk Port when ppp user download from vlan no 3

 

routes and ipconfig of client before dhcp option


Solution # 2: [worked 100% as required]

In Cisco Switch DHCP settings for each vlan, Remove Default Gateway,  and add static routes for the sharing media servers subnet via using DHCP classless static routes option

Sounds fair enough :~)


Working Example Config for Cisco Switch 3750

# Cisco Switch Part

[Model: ws-c3750e-24pd / Version 15.0(2)SE10a ]


!
system mtu routing 1500
ip routing
!
ip dhcp pool vlan2
network 192.168.2.0 255.255.255.0
dns-server 101.11.11.36
option 121 ip 24.192.168.3 192.168.2.1 ## This option provides route information , /24.x is the subnet info and other is gw
!
ip dhcp pool vlan3
network 192.168.3.0 255.255.255.0 ## This is media server vlan, we have added manual ip & gateway pointing to vlan ip 192.168.3.0
! to add multiple routes use below
! option 121 ip 24.192.168.3 192.168.2.1 24.192.168.100 192.168.2.1
!
ip dhcp pool vlan4
network 192.168.4.0 255.255.255.0
option 121 ip 24.192.168.3 192.168.4.1 ## This option provides route information , /24.x is the subnet info and other is gw
!

! This port is connected with the Mikrotik RB
interface GigabitEthernet1/0/1
switchport trunk encapsulation dot1q
switchport mode trunk

! This port is connected with user area 2
interface GigabitEthernet1/0/2
switchport access vlan 2
switchport mode access

! This port is connected with local FTP/Media sharing server's
interface GigabitEthernet1/0/3
switchport access vlan 3
switchport mode access

!This port is connected with user area 4
interface GigabitEthernet1/0/4
switchport access vlan 4
switchport mode access
!
interface Vlan1
ip address 192.168.254.1 255.255.255.0
!
interface Vlan2
ip address 192.168.2.1 255.255.255.0
!
interface Vlan3
ip address 192.168.3.1 255.255.255.0
!
interface Vlan4
ip address 192.168.4.1 255.255.255.0
! Following route is pointing to Mikrotik RB
ip route 0.0.0.0 0.0.0.0 192.168.254.2
!

# Mikrotik Routerboard Part


/interface ethernet

set [ find default-name=ether1 ] name=LAN-TRUNK

/interface vlan
add interface=LAN-TRUNK name=vlan2 vlan-id=2
add interface=LAN-TRUNK name=vlan3 vlan-id=3
add interface=LAN-TRUNK name=vlan4 vlan-id=4

# It is recommended to use small subnet, like /29 for below (zaib)
/ip address
add address=192.168.254.2/24 interface=LAN-TRUNK network=192.168.254.0

/interface pppoe-server server
add default-profile=pppoe-profile disabled=no interface=vlan2 max-mru=1480 max-mtu=1480 mrru=1600 one-session-per-host=yes service-name=service2
add default-profile=pppoe-profile disabled=no interface=vlan3 max-mru=1480 max-mtu=1480 mrru=1600 one-session-per-host=yes service-name=service3
add default-profile=pppoe-profile disabled=no interface=vlan4 max-mru=1480 max-mtu=1480 mrru=1600 one-session-per-host=yes service-name=service4

# FTP / Media Sharing Server Part

at your FTP server, which is under vlan no 3, define static ip like 192.168.3.2 and point its gateway to 192.168.3.1, That’s It 🙂

Results are showed as below …

 

client ROUTEs and ipconfig AFTER DHCP OPTIOIN

 

download gpoign via vlan only after addding dhcp option

 

no load on mikrotik router and local vlan download going via local vlan

 


 

Note:

I have posted minimalist configuration to reduce any complication. Most of parts are quite self explanatory. This exercise was done successfully in LAB & required results were achieved. However you must consult with some Cisco expert & conduct your own testing  before implementing it on production.

Also you may want to use ACL in order to restrict access to shared resources, YKWIM


Regard’s
Syed Jahanzaib

 

October 16, 2017

Restart ppp dialer if getting ‘Private IP’

Filed under: Mikrotik Related — Tags: — Syed Jahanzaib / Pinochio~:) @ 3:42 PM

Reference Post:

Following is short script to reconnect PPPoE dialer if it receives any private IP from the ISP including 10.x.x.x / 172.x.x.x & 192.x.x.x series.

reconnect-with-spouse


# Script to find if wan link have private ip and act accordingly,
# Tested with Mikrotik ROS 5.x & 6.x versions
# 19-APR-2016 / Syed Jahanzaib

# Set your WAN Interface name , i have added pppoe-out1 , change it as required
:local WANINTERFACE
:set WANINTERFACE pppoe-out1

# Find Public IP from pppoe-out1 interface & cut subnet
:local WANIP [/ip address get [find where interface=$WANINTERFACE] address];
:set WANIP [:pick $WANIP 0 ([:len $WANIP]-3) ];

# Match if IP address starts with private address 10.*
:if ($WANIP ~"^[0-9 ]*10") do={
:log warning "Private ip address found !!!"
# Set your action here , like Re-Connect the pppoe-link
# /interface pppoe-client disable pppoe-out-1
# :delay 3
# /interface pppoe-client enable pppoe-out-1
} else={

# Match if IP address starts with private address 172.*
:if ($WANIP ~"^[0-9 ]*172") do={
:log warning "Private ip address found !!!"
# Set your action here , like Re-Connect the pppoe-link
# /interface pppoe-client disable pppoe-out-1
# :delay 3
# /interface pppoe-client enable pppoe-out-1
} else={

# Match if IP address starts with private address 192.*
:if ($WANIP ~"^[0-9 ]*192") do={
:log warning "Private ip address found !!!"
# Set your action here , like Re-Connect the pppoe-link
# /interface pppoe-client disable pppoe-out-1
# :delay 3
# /interface pppoe-client enable pppoe-out-1
} else={

# If above statement do not match, then consider it a public ip and take no action, just log : ~ )
:log warning "Public IP - $WANIP - Found, OK ! No action required"
# OR Set your desire action here if required
}
}
}
# Script Ends Here ...


Reference: https://forum.mikrotik.com/viewtopic.php?t=107231

Regard’s
Syed Jahanzaib

July 26, 2017

Mikrotik script to monitor any host with optional SMS/Email alert

Filed under: Mikrotik Related — Syed Jahanzaib / Pinochio~:) @ 2:04 PM

Note to Self:

Following is a simple script for Mikrotik RouterOS to monitor any device by PING & upon status change like Donw/UP, it can take action like sending SMS/Email alert, change routes , interface etc. It is customized according to local OP requirements on demand. You can modify at , add remove any option as per taste. There are lot of good working scripts available on the internet. Just try not to blindly copy paste any one else script. Read it few times until you understand clearly what its made for & what functions it will perform. I have added some comments for the clarity.

Script??? Why use Script ?

Why use such complicated scripts while you can do this easily with builtin net-watch or windows base applications like the Dude, or Nix base Nagios, and so many other tools? the answer is simple, using script you have more Power, more control, more maneuverability , customized ,bizarre and strange actions you can add. Above all, Learning & feeling of Power you have over the system 🙂 this alone justify for me to use scripting 🙂

Thank you
~Syed Jahanzaib~


Script Output Examples:

When Device is DOWN …

1- deviec down

.

When Device is UP (restored) …

2- deviec up

.

Example of SMS received:

2017-07-26 13.44.01


the Script !


# This is Mikrotik Script for Local Device Link monitoring by IP
# - with Optional SMS Alert. We are using local Linux base KANNEL
# You can modify it to add EMAIL alerts as well using GMAIL or local Mail Gw.
# system as SMS gateway with local modem attached
# Script By Syed Jahanzaib / # https://aacable.wordpress.com
# Email : aacable at hotmail dot com
# Script Last Modified : 26-July-2017

# Set Device IP here
:local DEVICE1host1 "192.168.0.1"
# Dont use SPACEC Here, because our KANNEL system dont like spaces, use + sign instead
:local DEVNAME "MY_HOST"
:global DEVICE1LanStatus;
:global DEVICE1LanLastChange;

#:log warning "Checking status of Device $DEVICE1host1 by ping ..."
:local DELAY "3s"
:local i 0;
:local F 0;
:local date;
:local time;
:set date [/system clock get date];
:set time [/system clock get time];
# Setting Date Time variables
:local sub1 ([/system identity get name])
:local sub2 ([/system clock get date])
:local sub3 ([/system clock get time])

# Company Name, Dont use SPACEC Here, because our KANNEL system dont liek spaces, use + sign instead
:local COMPANY "ZABBO"

# Number of Ping Count, how many times mikrotik should ping the target device
:local PINGCOUNT "5"
# Ping threshold
:local PINGTS "5"

# Provide details of Kannel SMS gateway, ID pass, and cell numbers on which sms is required
:local KURL "http://KANNEL-GW-IP-OR-NAME:13013/cgi-bin/sendsms"
:local KID "kannel"
:local KPASS "KANNELPASS"
:local cell1 "03333021909"

# Mail Alert information
:local ADMINMAIL1 "your_to_email@foo.com"

# SMS Msg format for Kannel SMS gateway (donot use spaces in it)
:local MSGDOWNSMS "$COMPANY+ALERT:%0A$DEVNAME%0A$DEVICE1host1+is+now+DOWN."
:local MSGUPSMS "$COMPANY+INFO:%0A$DEVNAME%0A$DEVICE1host1+is+now+UP."

# LOG error
:local DOWNLOG1 "$COMPANY ALERT: $DEVNAME with IP $DEVICE1host1 is now DOWN @ $sub1 $sub2 $sub3..."
:local UPLOG1 "$COMPANY INFO: $DEVNAME with IP $DEVICE1host1 is now UP @ $sub1 $sub2 $sub3 ..."

# Start the SCRIPT
# DONOT EDIT BELOW

# If Script is running for the first time , consider target device UP,
# Just to avoid any errors in the script dueto empty variable.
:if ([:len $DEVICE1LanStatus] = 0) do={
:set DEVICE1LanStatus "UP";
}

# PING each host $PINGCOUNT times
# IF NOT A SINGLE PING SUCCESSFULL THEN CONSIDER LINK DOWN ## ZAIB
:for i from=1 to=$PINGCOUNT do={
if ([/ping $DEVICE1host1 count=1]=0) do={:set F ($F + 1)}
:delay 1;
};

# If no response (all ping counts fails for both hosts, Time out, then LOG down status and take action
:if (($F=$PINGTS)) do={
:if (($DEVICE1LanStatus="UP")) do={

# If the link is down, then LOG warning in Mikrotik LOG window [Zaib]
:log error "$DOWNLOG1";
:set DEVICE1LanStatus "DOWN";
# Also add status in global variables to be used as tracking
:set date [/system clock get date];
:set time [/system clock get time];
:set DEVICE1LanLastChange ($time . " " . $date);
# Send SMS via KANNEL for DOWN Status
:log warning "Sending EMAIL/SMS for DOWN status of $DEVNAME $DEVICE1host1 ..."
#/tool fetch url="$KURL\?username=$KID&password=$KPASS&to=$cell1&text=$MSGDOWNSMS"
/tool e-mail send to=$ADMINMAIL1 subject="$COMPANY ALERT: $DEVNAME $DEVICE1host1 is now DOWN @ $sub3 $sub2 $sub1" start-tls=yes
#/interface sfp1 disable;
#:delay $DELAY
#/interface sfp1 enable;

######################
# ADD YOUR CUSTOMIZED ACTION HERE LIKE CHANGE ROUTE OR DISABL/ENABLE ANY THING
######################
# If ping reply received, then LOG UP and take action as required
} else={:set DEVICE1LanStatus "DOWN";}
} else={
:if (($DEVICE1LanStatus="DOWN")) do={
# If link is UP, then LOG info and warning in Mikrotik LOG window [Zaib]
:log warning "$UPLOG1"
:set DEVICE1LanStatus "UP";

# Send SMS via KANNEL for UP Status
:set date [/system clock get date];
:set time [/system clock get time];
:set DEVICE1LanLastChange ($time . " " . $date);
:log warning "Sending EMAIL/SMS for UP status of $DEVNAME $DEVICE1host1 ..."
#/tool fetch url="$KURL\?username=$KID&password=$KPASS&to=$cell1&text=$MSGUPSMS"
/tool e-mail send to=$ADMINMAIL1 subject="$COMPANY INFO: $DEVNAME $DEVICE1host1 is now UP @ $sub3 $sub2 $sub1" start-tls=yes
# ADD YOUR CUSTOMIZED ACTION HERE LIKE CHANGE ROUTE OR DISABL/ENABLE ANY THING LIKE
#/interface sfp1 disable;
#:delay $DELAY
#/interface sfp1 enable;
} else={:set DEVICE1LanStatus "UP";}
}
# Script ends here ...

June 7, 2017

Blocking WhatsApp in Mikrotik

Filed under: Mikrotik Related — Tags: , , , — Syed Jahanzaib / Pinochio~:) @ 1:14 PM

block whatsapp image.PNG

Updates: This guide may no longer work as whatsapp have moved there ip pool to facebook pool. as stated here.

(You may still be able to block the whatsapp by using script to catch only whatsapp related ip’s which may take some time to catch all the related ip’s but maybe some other contents will be blocked as well. you need to do deep inspection in this regard. I am not removing this post just for reference purposes)

Dear partners,
Please note that we have migrated the latest IP pools of WhatsApp to Facebook Mobile Partner Portal. Feel free to browse to the Settings page of the portal and download the latest WhatsApp IP pool: https://fb.me/mpp_support
Further IP pool updates are also done through the portal and are no longer distributed via email or through WhatsApp web site.
If you have not yet registered on the Mobile Partner Portal or have difficulties accessing it – please request access through the following form and we’ll be happy to assist: https://fb.me/mpp_access
For any technical requests please contact us through the Support section of the portal: https://fb.me/mpp_support
WhatsApp team


In order to block WhatsAPP application in Mikrotik I used WhatsAPP provided address list [167 IPV4 addresses as of June,2017] in order to block the app. [there are already many guides on internet, but I used old school method to block this app & got success!]. Please beware that if user uses vpn, then this restriction will not be effective.

I am sharing two methods to achieve the same target. There is also another method in which you forcefully divert users dns traffic to your mikrotik dns and use script to fetch ip addresses associated with any URL having whatsapp in it, but I am not discussing it here at a moment.

You can also automate this task by fetching the list from whatsapp directly and import it in address list , so that you can always have updated whatsapp servers list. Although the list doesn’t update very frequently but still its good idea to automate it with scheduler.


Method #1 – Download list & import to address list along with firewall block rule

 

1- Download whatsapp IP (CIDR) list from

https://www.whatsapp.com/cidr.txt

Save it as  cidr.txt

Note: If you dont have ipv6 , then open this file and remove all the IPV6 addressess or else you will see below error while importing 

ipv6 error

 

2- Upload this cidr.txt file to Mikrotik FILES section.

[if you use fetch method to download file directly to mikrotik, then you dont need to upload file manualy, but I used this method because most local networks are running on ipv4, so I had to remove ipv6 entries first in order to import list)

cidr

 

3- Import the file contents (which includes ip addresses) using following script. you can simply copy paste it. make sure file name is correct in it.

{
:local content [/file get [/file find name=cidr.txt] contents]
:local contentLen [:len $content]
:local lineEnd 0
:local line ""
:local lastEnd 0
:while ($lineEnd < $contentLen) do={
:set lineEnd [:find $content "\r\n" $lastEnd]
:if ([:len $lineEnd] = 0) do={
:set lineEnd $contentLen
}
:set line [:pick $content $lastEnd $lineEnd]
:set lastEnd ($lineEnd + 2)
/ip firewall address-list add list="whatsapp_list" address=$line
}
}

If successfull , you will see address list as below [currently 167 entries] …

whtsapp address list

4- Create Firewall Filter rule to block requests going to whatsapp_list 

/ip firewall filter
add action=drop chain=forward comment="Block Whatsapp address list - zaib" disabled=yes dst-address-list=whatsapp_list

Result!

block whatapp result

Done!







Method #2 – Copy Paste Method with ipV4 package only.

Open Terminal & copy paste following code. It will add address list name ‘whatsapp_list’ along with firewall rule to block requests going to this list.

/ip firewall address-list
add address=31.13.64.51 list=whatsapp_list
add address=31.13.65.49 list=whatsapp_list
add address=31.13.66.49 list=whatsapp_list
add address=31.13.68.52 list=whatsapp_list
add address=31.13.69.240 list=whatsapp_list
add address=31.13.70.49 list=whatsapp_list
add address=31.13.71.49 list=whatsapp_list
add address=31.13.72.52 list=whatsapp_list
add address=31.13.73.49 list=whatsapp_list
add address=31.13.74.49 list=whatsapp_list
add address=31.13.75.52 list=whatsapp_list
add address=31.13.76.81 list=whatsapp_list
add address=31.13.77.49 list=whatsapp_list
add address=31.13.78.53 list=whatsapp_list
add address=31.13.80.53 list=whatsapp_list
add address=31.13.81.53 list=whatsapp_list
add address=31.13.82.51 list=whatsapp_list
add address=31.13.83.51 list=whatsapp_list
add address=31.13.84.51 list=whatsapp_list
add address=31.13.85.51 list=whatsapp_list
add address=31.13.86.51 list=whatsapp_list
add address=31.13.87.51 list=whatsapp_list
add address=31.13.88.49 list=whatsapp_list
add address=31.13.90.51 list=whatsapp_list
add address=31.13.91.51 list=whatsapp_list
add address=31.13.92.52 list=whatsapp_list
add address=31.13.93.51 list=whatsapp_list
add address=31.13.94.52 list=whatsapp_list
add address=31.13.95.63 list=whatsapp_list
add address=50.22.198.204/30 list=whatsapp_list
add address=50.22.210.32/30 list=whatsapp_list
add address=50.22.210.128/27 list=whatsapp_list
add address=50.22.225.64/27 list=whatsapp_list
add address=50.22.235.248/30 list=whatsapp_list
add address=50.22.240.160/27 list=whatsapp_list
add address=50.23.90.128/27 list=whatsapp_list
add address=50.97.57.128/27 list=whatsapp_list
add address=75.126.39.32/27 list=whatsapp_list
add address=108.168.174.0/27 list=whatsapp_list
add address=108.168.176.192/26 list=whatsapp_list
add address=108.168.177.0/27 list=whatsapp_list
add address=108.168.180.96/27 list=whatsapp_list
add address=108.168.254.65 list=whatsapp_list
add address=108.168.255.224 list=whatsapp_list
add address=108.168.255.227 list=whatsapp_list
add address=157.240.0.53 list=whatsapp_list
add address=157.240.1.53 list=whatsapp_list
add address=157.240.2.53 list=whatsapp_list
add address=157.240.3.53 list=whatsapp_list
add address=157.240.6.53 list=whatsapp_list
add address=157.240.7.54 list=whatsapp_list
add address=157.240.8.53 list=whatsapp_list
add address=157.240.9.53 list=whatsapp_list
add address=157.240.10.53 list=whatsapp_list
add address=157.240.11.53 list=whatsapp_list
add address=157.240.12.53 list=whatsapp_list
add address=157.240.13.54 list=whatsapp_list
add address=158.85.0.96/27 list=whatsapp_list
add address=158.85.5.192/27 list=whatsapp_list
add address=158.85.46.128/27 list=whatsapp_list
add address=158.85.48.224/27 list=whatsapp_list
add address=158.85.58.0/25 list=whatsapp_list
add address=158.85.61.192/27 list=whatsapp_list
add address=158.85.224.160/27 list=whatsapp_list
add address=158.85.233.32/27 list=whatsapp_list
add address=158.85.249.128/27 list=whatsapp_list
add address=158.85.254.64/27 list=whatsapp_list
add address=169.44.23.192/27 list=whatsapp_list
add address=169.44.36.0/25 list=whatsapp_list
add address=169.44.57.64/27 list=whatsapp_list
add address=169.44.58.64/27 list=whatsapp_list
add address=169.44.80.0/26 list=whatsapp_list
add address=169.44.82.96/27 list=whatsapp_list
add address=169.44.82.128/27 list=whatsapp_list
add address=169.44.82.192/26 list=whatsapp_list
add address=169.44.83.0/26 list=whatsapp_list
add address=169.44.83.96/27 list=whatsapp_list
add address=169.44.83.128/27 list=whatsapp_list
add address=169.44.83.192/26 list=whatsapp_list
add address=169.44.84.0/24 list=whatsapp_list
add address=169.44.85.64/27 list=whatsapp_list
add address=169.44.87.160/27 list=whatsapp_list
add address=169.44.167.0/27 list=whatsapp_list
add address=169.45.71.32/27 list=whatsapp_list
add address=169.45.71.96/27 list=whatsapp_list
add address=169.45.87.128/26 list=whatsapp_list
add address=169.45.169.192/27 list=whatsapp_list
add address=169.45.182.96/27 list=whatsapp_list
add address=169.45.210.64/27 list=whatsapp_list
add address=169.45.214.224/27 list=whatsapp_list
add address=169.45.219.224/27 list=whatsapp_list
add address=169.45.237.192/27 list=whatsapp_list
add address=169.45.238.32/27 list=whatsapp_list
add address=169.45.248.96/27 list=whatsapp_list
add address=169.45.248.160/27 list=whatsapp_list
add address=169.46.52.224/27 list=whatsapp_list
add address=169.46.111.144/28 list=whatsapp_list
add address=169.47.5.192/26 list=whatsapp_list
add address=169.47.6.64/27 list=whatsapp_list
add address=169.47.33.128/27 list=whatsapp_list
add address=169.47.35.32/27 list=whatsapp_list
add address=169.47.37.128/27 list=whatsapp_list
add address=169.47.40.128/27 list=whatsapp_list
add address=169.47.42.96/27 list=whatsapp_list
add address=169.47.42.160/27 list=whatsapp_list
add address=169.47.42.192/26 list=whatsapp_list
add address=169.47.47.160/27 list=whatsapp_list
add address=169.47.130.96/27 list=whatsapp_list
add address=169.47.192.192/27 list=whatsapp_list
add address=169.47.194.128/27 list=whatsapp_list
add address=169.47.198.128/27 list=whatsapp_list
add address=169.47.212.160/27 list=whatsapp_list
add address=169.53.29.128/27 list=whatsapp_list
add address=169.53.48.32/27 list=whatsapp_list
add address=169.53.71.224/27 list=whatsapp_list
add address=169.53.81.64/27 list=whatsapp_list
add address=169.53.250.128/26 list=whatsapp_list
add address=169.53.252.64/27 list=whatsapp_list
add address=169.53.255.64/27 list=whatsapp_list
add address=169.54.2.160/27 list=whatsapp_list
add address=169.54.44.224/27 list=whatsapp_list
add address=169.54.51.32/27 list=whatsapp_list
add address=169.54.55.192/27 list=whatsapp_list
add address=169.54.193.160/27 list=whatsapp_list
add address=169.54.210.0/27 list=whatsapp_list
add address=169.54.222.128/27 list=whatsapp_list
add address=169.55.67.224/27 list=whatsapp_list
add address=169.55.69.128/26 list=whatsapp_list
add address=169.55.74.32/27 list=whatsapp_list
add address=169.55.75.96/27 list=whatsapp_list
add address=169.55.100.160/27 list=whatsapp_list
add address=169.55.126.64/26 list=whatsapp_list
add address=169.55.210.96/27 list=whatsapp_list
add address=169.55.235.160/27 list=whatsapp_list
add address=173.192.162.32/27 list=whatsapp_list
add address=173.192.219.128/27 list=whatsapp_list
add address=173.192.222.160/27 list=whatsapp_list
add address=173.192.231.32/27 list=whatsapp_list
add address=173.193.205.0/27 list=whatsapp_list
add address=173.193.230.96/27 list=whatsapp_list
add address=173.193.230.128/27 list=whatsapp_list
add address=173.193.230.192/27 list=whatsapp_list
add address=173.193.239.0/27 list=whatsapp_list
add address=174.36.208.128/27 list=whatsapp_list
add address=174.36.210.32/27 list=whatsapp_list
add address=174.36.251.192/27 list=whatsapp_list
add address=174.37.199.192/27 list=whatsapp_list
add address=174.37.217.64/27 list=whatsapp_list
add address=174.37.243.64/27 list=whatsapp_list
add address=174.37.251.0/27 list=whatsapp_list
add address=179.60.192.51 list=whatsapp_list
add address=179.60.195.51 list=whatsapp_list
add address=184.173.136.64/27 list=whatsapp_list
add address=184.173.147.32/27 list=whatsapp_list
add address=184.173.161.64 list=whatsapp_list
add address=184.173.173.116 list=whatsapp_list
add address=184.173.179.32/27 list=whatsapp_list
add address=185.60.216.53 list=whatsapp_list
add address=185.60.218.53 list=whatsapp_list
add address=185.60.219.53 list=whatsapp_list
add address=192.155.212.192/27 list=whatsapp_list
add address=198.11.193.182/31 list=whatsapp_list
add address=198.11.251.32/27 list=whatsapp_list
add address=198.23.80.0/27 list=whatsapp_list
add address=208.43.115.192/27 list=whatsapp_list
add address=208.43.117.79 list=whatsapp_list
add address=208.43.122.128/27 list=whatsapp_list
# Adding firewall rule to block whatsapp address list.
/ip firewall filter
add action=drop chain=forward comment="Block Whatsapp address list" dst-address-list=whatsapp_list

Result:

block whatapp result


Regard’s
Syed Jahanzaib

May 26, 2017

Howto bypass specific client from PCC & route to specific WAN link [Part-2]

Filed under: Mikrotik Related — Tags: , , , — Syed Jahanzaib / Pinochio~:) @ 11:57 AM

Distribution.jpg


Scenario:

Since many asked the same query, so rather to reply individually, here is one method I used at one OP & it works fine. You may opt for others solution which ever is easy for you. the thing is it should work thats it:)]

We have configured Mikrotik as 3 wan load balancer [DSL links]. PPPoE Server is configured as well. All working Good. Now we have introduced premium package for dedicated users & we want to route them via newly added 4th WAN link only so there service should work smoothly even in peak times as well. therefore we need to bypass this group from the PCC & route them to 4th WAN link which has dedicated CIR bandwidth.

Solution:

There are always different ways to achieve any task. It depends on the Operator expertise, & network scenario as well.

Copy Paste WILL Not work !

Every network is different ~ I am sharing this code so you should learn concepts. Minimize copy paste culture, invent your solutions by understanding logic’s & implement it by modifying or creating code. 

Drink Wiki & you shall succeed 😀

~ zaiB

In this example I am showing one example, [You may opt for others which ever is easy for you. the thing is it should work that’s it:) ]

  1. make pppoe pool-1 in address list. [This one for general clients = 172,16.0.1-172,16.0.255 ]
  2. make pppoe pool-2 in address list  [This one for dedicated clients = 172,16.1.1-172,16.1.255 ]
  3. when you will create normal users , assign them pppoe pool-1
  4. when you will create dedicated users , assign them pppoe pool-2
  5. In your Mangle rules, where you mark connections (classifier section] , make sure you specify pppoe pool-1 list in source address list. Also you need to duplicate this rule, and in source address list, select pool-2, basically we will mark connections for both pools, and assign them different marking connection name.
  6. now in mark routing section, repeat above, and mark routing for both marked connections.
  7. in Nat, create natting rules so traffic can be natted by all 4 wan links. you can trim this by single rule as well 🙂
  8. in Routes, create rules for all marked packets, for normal clients, user wan1-3, for dedicated clients marked packets, route them specific wan link [like wan4]

* Working Example


/ip pool
# General users pppoe profile pool, which will be routed in 3 wan links
add name=pool-1 ranges=172.16.0.1-172.16.0.254
# Dedicated users pppoe profile pool, which will be routed via wan-4 link only
add name=pool-2 ranges=172.16.1.1-172.16.1.254

/ip firewall address-list
# General users pool list, which will be routed in 3 wan links
add address=172.16.0.1-172.16.0.255 list=pool-1
# Dedicated users pool list , which will be routed via wan-4 link only
add address=172.16.1.1-172.16.1.255 list=pool-2

/ip firewall mangle

add action=accept chain=prerouting comment=PCC in-interface=pppoe-out-1
add action=accept chain=prerouting comment=PCC in-interface=pppoe-out-2
add action=accept chain=prerouting comment=PCC in-interface=pppoe-out-3
add action=accept chain=prerouting comment=PCC in-interface=pppoe-out-4

# Marking connections for dedicated clients from pool-2 address list, to be routed via WAN-3 link only
add action=mark-connection chain=prerouting comment="Mark pool-2 dedicated Users Connections" new-connection-mark=pool2-conn passthrough=yes src-address-list=15mb-pool-list
add action=mark-routing chain=prerouting comment="Mark pool-2 dedicated Users Routing Pkts" connection-mark=pool2-conn dst-address-type="" log-prefix=20mb_ new-routing-mark=pool2-route passthrough=yes

# Marking connections for general users clients from pool-1 address list, to be distributed among 3 wan link
add action=mark-connection chain=prerouting comment=PCC_MARK_CONNECTION dst-address-type=!local new-connection-mark=wan1_conn passthrough=yes per-connection-classifier=src-address:3/0 src-address-list=pool-1
add action=mark-connection chain=prerouting comment=PCC_MARK_CONNECTION dst-address-type=!local new-connection-mark=wan2_conn passthrough=yes per-connection-classifier=src-address:3/1 src-address-list=pool-1
add action=mark-connection chain=prerouting comment=PCC_MARK_CONNECTION dst-address-type=!local new-connection-mark=wan3_conn passthrough=yes per-connection-classifier=src-address:3/2 src-address-list=pool-1

# Marking routing form above marked conections, for general users
add action=mark-routing chain=prerouting comment=PCC_MARK_ROUTING connection-mark=wan1_conn new-routing-mark=to_wan1 passthrough=yes
add action=mark-routing chain=prerouting comment=PCC_MARK_ROUTING connection-mark=wan2_conn new-routing-mark=to_wan2 passthrough=yes
add action=mark-routing chain=prerouting comment=PCC_MARK_ROUTING connection-mark=wan3_conn new-routing-mark=to_wan3 passthrough=yes

/ip firewall nat
# Allow natting for dedicated clients, to be nat via wan-4
add action=masquerade chain=srcnat comment="ALLOW NATTING FOR POOL-2 Dedicated USERS " out-interface=pppoe-out-4 src-address-list=pool-2
# Allow natting for general clients, to be nat via wan link number 1-2-3
add action=masquerade chain=srcnat comment=NATTING_DSL_1 out-interface=pppoe-out-1 src-address-list="pool-1"
add action=masquerade chain=srcnat comment=NATTING_DSL_2 out-interface=pppoe-out-2 src-address-list="pool-1"
add action=masquerade chain=srcnat comment=NATTING_DSL_3 out-interface=pppoe-out-3 src-address-list="pool-1"

/ip route
# Route for general users marked traffic - to be passed via 3 wan links
add check-gateway=ping distance=1 gateway=pppoe-out-1 routing-mark=to_wan1
add check-gateway=ping distance=1 gateway=pppoe-out-2 routing-mark=to_wan2
add check-gateway=ping distance=1 gateway=pppoe-out-3 routing-mark=to_wan3

# Route for dedicated users marked traffic - to be passed via wan-4 link only
add comment="Route Rule for dedicated users to go via WAN-4 only " distance=1 gateway=pppoe-out-4 routing-mark=pool2-route


Regard’s
Syed Jahanzaib

December 19, 2016

Tik: 9 wan pcc with vpn server

Filed under: Mikrotik Related — Syed Jahanzaib / Pinochio~:) @ 10:12 AM

~ There are no absolute answers in this universe, only assumptions, guesses, Jeopardies
Syed Jahanzaib !


9 wan pcc.png


 

Following is just a reference post. This configuration contains PCC and PPtP server. (to provide net access to local users via dialer) , You may need to tweak in order to make it work.

Disclaimer: 
The script in this post is made for reference purposes only. This is no way a COPY PASTE material which you can use it as a whole. every network is different and should be build accordingly. Modify the config as per local requirements and then implement it. You may need to play a bit or tweak it in order to make it Workable config.


Scenario:

Hardware Used : Mikrotik – Rb1100ahx2

  • 9 DSL (ptcl) routers are connected with the RB1100ahx2.
  • Each DSL modem is in router mode, so the gateway ip are in series like 192.168.1,1 or 192.168.2.1 and so on …
  • Ports name have been renamed to friendlier label for easy marking.
    Example Port 1-9 are renamed as WANx , and Port 10 is marked as Local
  • VPN Server is configured on same RB, and users dials in to this server in order to access internet.
  • No DHCP is being used on this setup as OP prefers to use static ips due to some specific circumstances.

the scriptO!

# 9 wan PCC load balancing script along with PPtP config
# Make sure to adjust it as per your setup
# Syed Jahanzaib / aacable at hotmail dot com
# http:// aacable . wordpress . com
# Made in 2016 / Pakistan

# Local Interface connected with the Users Switch
/ip address
add address=10.0.0.1/24 interface=Local network=10.0.0.0

# WAN interfaces IP addresses, which are connected with ptcl dsl routers
/ip address
add address=192.168.1.2/24 interface=WAN1 network=192.168.1.0
add address=192.168.2.2/24 interface=WAN2 network=192.168.2.0
add address=192.168.3.2/24 interface=WAN3 network=192.168.3.0
add address=192.168.4.2/24 interface=WAN4 network=192.168.4.0
add address=192.168.5.2/24 interface=WAN5 network=192.168.5.0
add address=192.168.6.2/24 interface=WAN6 network=192.168.6.0
add address=192.168.7.2/24 interface=WAN7 network=192.168.7.0
add address=192.168.8.2/24 interface=WAN8 network=192.168.8.0
add address=192.168.9.2/24 interface=WAN9 network=192.168.9.0

# Add IP pool for VPN dialer users, which will be allowed to use internet
/ip pool
add name=vpn-pool ranges=172.16.0.1-172.16.0.255

# Add VPN Profile for users , example 1mb per user profile
/ppp profile
add change-tcp-mss=yes dns-server=110.0.0.1,8.8.8.8 local-address=10.0.0.1 name=vpn-1mb only-one=yes rate-limit=1024k/1024k remote-address=vpn-pool use-encryption=yes

/interface pptp-server server set authentication=pap,chap,mschap1,mschap2 default-profile=vpn-1mb enabled=yes

# Enable DNS server
/ip dns
set allow-remote-requests=yes servers=8.8.8.8

/ip firewall address-list
add address=172.16.0.1-172.16.0.255 list=local_vpn_users_internet_allowed_list

# This is a local sharing server
add address=192.168.10.1 list=local_sharing_server

/ip firewall mangle

# Bypass Local Media Sharing server from PCC, so user can access it / Adjust it according to your need/ Jz
add action=accept chain=prerouting comment="Allow access to local sharing server / bypass them from the PCC" dst-address-list=local_sharing_server

# Accept traffic going to DSL Routers / Adjust it according to your need/ Jz
add action=accept chain=prerouting dst-address=192.168.1.0/24
add action=accept chain=prerouting dst-address=192.168.1.0/24
add action=accept chain=prerouting dst-address=192.168.2.0/24
add action=accept chain=prerouting dst-address=192.168.3.0/24
add action=accept chain=prerouting dst-address=192.168.4.0/24
add action=accept chain=prerouting dst-address=192.168.5.0/24
add action=accept chain=prerouting dst-address=192.168.6.0/24
add action=accept chain=prerouting dst-address=192.168.7.0/24
add action=accept chain=prerouting dst-address=192.168.8.0/24
add action=accept chain=prerouting dst-address=192.168.9.0/24

# Mark connections using PCC for 9 WAN / Adjust it according to your need / Jz
add action=mark-connection chain=prerouting dst-address-type=!local new-connection-mark=WAN1_conn passthrough=yes per-connection-classifier=both-addresses-and-ports:9/0 src-address-list=local_vpn_users_internet_allowed_list
add action=mark-connection chain=prerouting dst-address-type=!local new-connection-mark=WAN2_conn passthrough=yes per-connection-classifier=both-addresses-and-ports:9/1 src-address-list=local_vpn_users_internet_allowed_list
add action=mark-connection chain=prerouting dst-address-type=!local new-connection-mark=WAN3_conn passthrough=yes per-connection-classifier=both-addresses-and-ports:9/2 src-address-list=local_vpn_users_internet_allowed_list
add action=mark-connection chain=prerouting dst-address-type=!local new-connection-mark=WAN4_conn passthrough=yes per-connection-classifier=both-addresses-and-ports:9/3 src-address-list=local_vpn_users_internet_allowed_list
add action=mark-connection chain=prerouting dst-address-type=!local new-connection-mark=WAN5_conn passthrough=yes per-connection-classifier=both-addresses-and-ports:9/4 src-address-list=local_vpn_users_internet_allowed_list
add action=mark-connection chain=prerouting dst-address-type=!local new-connection-mark=WAN6_conn passthrough=yes per-connection-classifier=both-addresses-and-ports:9/5 src-address-list=local_vpn_users_internet_allowed_list
add action=mark-connection chain=prerouting dst-address-type=!local new-connection-mark=WAN7_conn passthrough=yes per-connection-classifier=both-addresses-and-ports:9/6 src-address-list=local_vpn_users_internet_allowed_list
add action=mark-connection chain=prerouting dst-address-type=!local new-connection-mark=WAN8_conn passthrough=yes per-connection-classifier=both-addresses-and-ports:9/7 src-address-list=local_vpn_users_internet_allowed_list
add action=mark-connection chain=prerouting dst-address-type=!local new-connection-mark=WAN9_conn passthrough=yes per-connection-classifier=both-addresses-and-ports:9/8 src-address-list=local_vpn_users_internet_allowed_list

# Mark routing for above marked connections, so that it can be used in ROUTE section / Adjust it according to your need/ Jz
add action=mark-routing chain=prerouting connection-mark=WAN1_conn new-routing-mark=to_WAN1 passthrough=yes
add action=mark-routing chain=prerouting connection-mark=WAN2_conn new-routing-mark=to_WAN2 passthrough=yes
add action=mark-routing chain=prerouting connection-mark=WAN3_conn new-routing-mark=to_WAN3 passthrough=yes
add action=mark-routing chain=prerouting connection-mark=WAN4_conn new-routing-mark=to_WAN4 passthrough=yes
add action=mark-routing chain=prerouting connection-mark=WAN5_conn new-routing-mark=to_WAN5 passthrough=yes
add action=mark-routing chain=prerouting connection-mark=WAN6_conn new-routing-mark=to_WAN6 passthrough=yes
add action=mark-routing chain=prerouting connection-mark=WAN7_conn new-routing-mark=to_WAN7 passthrough=yes
add action=mark-routing chain=prerouting connection-mark=WAN8_conn new-routing-mark=to_WAN8 passthrough=yes
add action=mark-routing chain=prerouting connection-mark=WAN9_conn new-routing-mark=to_WAN9 passthrough=yes

# Add NAT/MASQUERADE rule allowing only allowed users, restricted to allowed users only
add action=masquerade chain=srcnat comment="Allow Local Sharing Servers / NATING" dst-address-list=local_sharing_server
add action=masquerade chain=srcnat comment="WAN-1 / Allow Internet Access - For VPN Users only" out-interface=WAN1 src-address-list=local_vpn_users_internet_allowed_list
add action=masquerade chain=srcnat comment="WAN-2 / Allow Internet Access - For VPN Users only" out-interface=WAN2 src-address-list=local_vpn_users_internet_allowed_list
add action=masquerade chain=srcnat comment="WAN-3 / Allow Internet Access - For VPN Users only" out-interface=WAN3 src-address-list=local_vpn_users_internet_allowed_list
add action=masquerade chain=srcnat comment="WAN-4 / Allow Internet Access - For VPN Users only" out-interface=WAN4 src-address-list=local_vpn_users_internet_allowed_list
add action=masquerade chain=srcnat comment="WAN-5 / Allow Internet Access - For VPN Users only" out-interface=WAN5 src-address-list=local_vpn_users_internet_allowed_list
add action=masquerade chain=srcnat comment="WAN-6 / Allow Internet Access - For VPN Users only" out-interface=WAN6 src-address-list=local_vpn_users_internet_allowed_list
add action=masquerade chain=srcnat comment="WAN-7 / Allow Internet Access - For VPN Users only" out-interface=WAN7 src-address-list=local_vpn_users_internet_allowed_list
add action=masquerade chain=srcnat comment="WAN-8 / Allow Internet Access - For VPN Users only" out-interface=WAN8 src-address-list=local_vpn_users_internet_allowed_list
add action=masquerade chain=srcnat comment="WAN-9 / Allow Internet Access - For VPN Users only" out-interface=WAN9 src-address-list=local_vpn_users_internet_allowed_list

# Adding routes for marked traffic
# Each DSL router ip is in series like 192.168.1.1 / 2.1 / 3.1 and so on

/ip route
add check-gateway=ping distance=1 gateway=192.168.1.1 routing-mark=to_WAN1
add check-gateway=ping distance=1 gateway=192.168.2.1 routing-mark=to_WAN2
add check-gateway=ping distance=1 gateway=192.168.3.1 routing-mark=to_WAN3
add check-gateway=ping distance=1 gateway=192.168.4.1 routing-mark=to_WAN4
add check-gateway=ping distance=1 gateway=192.168.5.1 routing-mark=to_WAN5
add check-gateway=ping distance=1 gateway=192.168.6.1 routing-mark=to_WAN6
add check-gateway=ping distance=1 gateway=192.168.7.1 routing-mark=to_WAN7
add check-gateway=ping distance=1 gateway=192.168.8.1 routing-mark=to_WAN8
add check-gateway=ping distance=1 gateway=192.168.9.1 routing-mark=to_WAN9

# Adding routes for default routes, so that if any WAN goes down, those packets should go via MAIN table : ) kind of fail over/ Jz
add check-gateway=ping comment="WAN-1 / DEFAULT ROUTE" distance=1 gateway=192.168.1.1
add check-gateway=ping comment="WAN-2 / DEFAULT ROUTE" distance=2 gateway=192.168.2.1
add check-gateway=ping comment="WAN-3 / DEFAULT ROUTE" distance=3 gateway=192.168.3.1
add check-gateway=ping comment="WAN-4 / DEFAULT ROUTE" distance=4 gateway=192.168.4.1
add check-gateway=ping comment="WAN-5 / DEFAULT ROUTE" distance=5 gateway=192.168.5.1
add check-gateway=ping comment="WAN-6 / DEFAULT ROUTE" distance=6 gateway=192.168.6.1
add check-gateway=ping comment="WAN-7 / DEFAULT ROUTE" distance=7 gateway=192.168.7.1
add check-gateway=ping comment="WAN-8 / DEFAULT ROUTE" distance=8 gateway=192.168.8.1
add check-gateway=ping comment="WAN-9 / DEFAULT ROUTE" distance=9 gateway=192.168.9.1

W/Salam

December 1, 2016

rrdtool: MRTG next level graphing

Filed under: Linux Related, Mikrotik Related — Tags: , , , , , , , — Syed Jahanzaib / Pinochio~:) @ 10:56 AM

DRAFT VERSION: This is incomplete Post ! Some points may be missing, I will update them later ..

rrdtool

We all know what is MRTG. You can graph so many information including temperature humidity, speed, voltage, uptime, routers, active numbers of users,  number of printouts and sometimes out of the box graphing/zaib.

In this post, I am just posting reference material on how to move plain mrtg graphs to RRD. The advantage of RRD over MRTG is that using RRD you can generate the graphs on the fly, as opposed as MRTG that generates the graphs all the time, no matter that nobody sees the generated HTML pages or not. we can use RRD to make graphs with one minute interval, whereas in plain MRTG, we have to use 5 minutes interval which is not good to monitor jerks or sensitive devices.

For initial / basic level of MRTG installation on Ubuntu Server , refer to the inernet or my previous post at

https://aacable.wordpress.com/tag/mrtg-installation-on-ubuntu/


Sample CFG Files:

main MRTG.CFG file

cat /etc/mrtg.cfg


#########################
# START OF /etc/mrtg.cfg#
#########################
# Author: Syed Jahanzaib
# Email : aacable@hotmail.com
# Web : https://aacable.wordpress.com

WorkDir: /var/www/mrtg
Options[_]: growright,nobanner,pngdate,noinfo,nobanner

XSize[_]: 600
YSize[_]: 200
EnableIPv6: no
RunAsDaemon: no
Interval: 1
Logformat: rrdtool
#Use MIBS as per your local config, make sure you download the mibs as mentioned here
# https://aacable.wordpress.com/tag/mrtg-installation-on-ubuntu/
LoadMIBs: /cfg/mibs/HOST-RESOURCES-MIB /cfg/mibs/IF-MIB /cfg/mibs/UCD-SNMP-MIB
PageFoot[^]: Page managed by SYED JAHANZAIB
AddHead[_]:
<img src="data:image/gif;base64,R0lGODlhAQABAIAAAAAAAP///yH5BAEAAAAALAAAAAABAAEAAAIBRAA7" data-wp-preserve="%3Cstyle%20type%3D%22text%2Fcss%22%3E%20%3C!.%20a%20%7B%20color%3A%20%23263F66%3B%20text-decoration%3A%20none%3B%20%7D%20a%3Ahover%20%7B%20color%3A%20%23785B41%3B%20text-decoration%3A%20none%3B%20%7D%20body%20%7B%20color%3A%20black%3B%20font%3A%208pt%20Verdana%2C%20Geneva%2C%20Arial%2C%20Helvetica%2C%20sans-serif%3B%20%7D%20h1%20%7B%20font%3A%20bold%2016pt%20Verdana%2C%20Geneva%2C%20Arial%2C%20Helvetica%2C%20sans-serif%3B%20color%3A%20%23342A21%3B%20%7D%20h2%20%7B%20color%3A%20%23666666%3B%20font%3A%20bold%2012pt%20Verdana%2C%20Geneva%2C%20Arial%2C%20Helvetica%2C%20sans-serif%3B%20%7D%20h3%20%7B%20color%3A%20black%3B%20font%3A%20bold%209pt%20Verdana%2C%20Geneva%2C%20Arial%2C%20Helvetica%2C%20sans-serif%3B%20%7D%20table%20%7B%20border%3A%200%3B%20%7D%20td%20%7B%20background-color%3A%20%23E7DDD3%3B%20border%3A%200px%20solid%20%23FFFFFF%3B%20color%3A%20Black%3B%20font%3A%208pt%20Verdana%2C%20Geneva%2C%20Arial%2C%20Helvetica%2C%20sans-serif%3B%20vertical-align%3A%20top%3B%20%7D%20th%20%7B%20background-color%3A%20%23735A4A%3B%20color%3A%20White%3B%20font%3A%2011px%20Verdana%2C%20arial%2C%20geneva%2C%20helvetica%2C%20sans-serif%3B%20border%3A%200%3B%20font-weight%3A%20bold%3B%20text-align%3A%20left%3B%20%7D%20.%3E%20%3C%2Fstyle%3E" data-mce-resize="false" data-mce-placeholder="1" class="mce-object" width="20" height="20" alt="&lt;style&gt;" title="&lt;style&gt;" />

Background[_]: #F6F1EE

# Change it as required , it means mrtg will read following file and will create graphs based on its contents
# ADD remove them as required, they are added for reference purposes only
#Include: /cfg/temp.cfg
Include: /cfg/kesc.cfg
Include: /cfg/lanwan.cfg
Include: /cfg/radius.cfg
Include: /cfg/mt.cfg
Include: /cfg/ping.cfg
#Include: /cfg/vlan.cfg

##################
# END OF /etc/mrtg.cfg #
##################


radius.cfg


# Created by
# /usr/bin/cfgmaker public@10.0.0.1

# or for NT
WorkDir: /var/www/mrtg

### Interface 2 >> Descr: 'eth0' | Name: 'eth0' | Ip: '1' | Eth: '00' ###

Target[10.0.0.1_eth0]: #eth0:public@10.0.0.1:
SetEnv[10.0.0.1_eth0]: MRTG_INT_IP="10.0.0.1" MRTG_INT_DESCR="eth0"
MaxBytes[10.0.0.1_eth0]: 125000000
Title[10.0.0.1_eth0]: Traffic Analysis for eth0 -- BILLING
PageTop[10.0.0.1_eth0]:
<h1>Traffic Analysis for eth0 -- BILLING</h1>
<div id="sysdetails">
<table>
<tr>
<td>System:</td>
<td>in "BILLING"</td>
</tr>
<tr>
<td>Maintainer:</td>
<td>aacable at hotmail dot com</td>
</tr>
<tr>
<td>Description:</td>
<td>eth0</td>
</tr>
<tr>
<td>ifType:</td>
<td>ethernetCsmacd (6)</td>
</tr>
<tr>
<td>ifName:</td>
<td>eth0</td>
</tr>
<tr>
<td>Max Speed:</td>
<td>125.0 MBytes/s</td>
</tr>
<tr>
<td>Ip:</td>
<td>10.0.0.1 (click.onmypc.net)</td>
</tr>
</table>
</div>
#Percent of memory used
Target[radius_server_mem_ram]: ( hrStorageUsed.1&hrStorageUsed.1:public@10.0.0.1) * 100 / ( hrStorageSize.1&hrStorageSize.1:public@10.0.0.1 ) / 10
Title[radius_server_mem_ram]: Memory usage for Radius Server
PageTop[radius_server_mem_ram]:
<H1> Memory usage for Radius Server </H1>

MaxBytes[radius_server_mem_ram]: 100
AbsMax[radius_server_mem_ram]: 100
ShortLegend[radius_server_mem_ram]: %
YLegend[radius_server_mem_ram]: % of Memory
Legend1[radius_server_mem_ram]: Used Memory
LegendI[radius_server_mem_ram]: Used :
LegendO[radius_server_mem_ram]:
Options[radius_server_mem_ram]: growright,nopercent,gauge,integer,nobanner,printrouter,pngdate,noo
#Unscaled[radius_server_mem_ram]: ymwd

Target[linux_server_dis_usage]: ( hrStorageUsed.31&hrStorageUsed.31:public@10.0.0.1 ) * 100 / ( hrStorageSize.31&hrStorageSize.31:public@10.0.0.1 ) / 8
Title[linux_server_dis_usage]: Disk usage for Linux Server
PageTop[linux_server_dis_usage]:
<H1> Disk usage for Linux Server </H1>

MaxBytes[linux_server_dis_usage]: 100
AbsMax[linux_server_dis_usage]: 100
ShortLegend[linux_server_dis_usage]: %
YLegend[linux_server_dis_usage]: % of RM_DISK
Legend1[linux_server_dis_usage]: Used RM_DISK
LegendI[linux_server_dis_usage]: Used :
LegendO[linux_server_dis_usage]:
Options[linux_server_dis_usage]: growright,gauge,integer,nobanner,printrouter,pngdate,noo,nopercent,logscale
#Unscaled[linux_server_dis_usage]: ymwd


Mikrotik Sample CFG File


workdir: /var/www/mrtg/
#Options[_]: growright,nopercent

# Z_CCR_MIKROTIK CCR_1036 PPPoE ACTIVE Users
Target[mtPPPoEusers]: 1.3.6.1.4.1.9.9.150.1.1.1.0&1.3.6.1.4.1.9.9.150.1.1.1.0:public@10.0.0.1 / 8
Title[mtPPPoEusers]: Active PPPoE Users on Z_CCR_MIKROTIK CCR_1036
PageTop[mtPPPoEusers]:
<H1>Active PPPoE Users on Z_CCR_MIKROTIK CCR_1036</H1>

MaxBytes[mtPPPoEusers]: 2000
Colours[mtPPPoEusers]: B#8888ff,B#8888ff,B#5398ff,B#5398ff
Options[mtPPPoEusers]: growright,nopercent,gauge,integer,nobanner,printrouter,pngdate,noo
LegendI[mtPPPoEusers]: Active PPPoE Users on MT
LegendO[mtPPPoEusers]:
YLegend[mtPPPoEusers]: Active PPPoE Users on MT
Legend1[mtPPPoEusers]: Active PPPoE Users on MT
Legend2[mtPPPoEusers]:
#Unscaled[mtPPPoEusers]: dwmy

### Z_CCR_MIKROTIK CCR_1036 192.168.100.2 CPU load ###
Target[192.168.100.2_cpu]: 1.3.6.1.2.1.25.3.3.1.2.1&1.3.6.1.2.1.25.3.3.1.2.1:public@10.0.0.1 / 8
AbsMax[192.168.100.2_cpu]: 100
MaxBytes[192.168.100.2_cpu]: 100
Title[192.168.100.2_cpu]: Z_CCR_MIKROTIK CCR_1036 CPU load
PageTop[192.168.100.2_cpu]:
<H1>Z_CCR_MIKROTIK CCR_1036 CPU load</H1>

Options[192.168.100.2_cpu]: growright,gauge,integer,nobanner,printrouter,pngdate,noo,nopercent
Legend1[192.168.100.2_cpu]: CPU load
YLegend[192.168.100.2_cpu]: CPU load
ShortLegend[192.168.100.2_cpu]: %
LegendI[192.168.100.2_cpu]: CPU load (percentage)
#Unscaled[192.168.100.2_cpu]: y

### MONITORING Z_CCR_MIKROTIK CCR_1036 CPU TEMP ###
Target[mt.cpu.temp]: 1.3.6.1.4.1.14988.1.1.3.11.0&1.3.6.1.4.1.14988.1.1.3.11.0:public@10.0.0.1 / 100
Options[mt.cpu.temp]: gauge, growright, nopercent, noinfo
MaxBytes[mt.cpu.temp]: 100
Colours[mt.cpu.temp]: RED#ff4f27,Y#fffb15,RED#ff4f27,RED#fffb15
#Unscaled[mt.cpu.temp]: dwmy
YLegend[mt.cpu.temp]: CPU Temprature
Title[mt.cpu.temp]: Z_CCR_MIKROTIK CCR_1036 RB CPU Temprature
PageTop[mt.cpu.temp]:
<H1>Z_CCR_MIKROTIK CCR_1036 RB CPU Temprature</H1>

ShortLegend[mt.cpu.temp]: c
LegendI[mt.cpu.temp]:
LegendO[mt.cpu.temp]: CPU Temp
Legend1[mt.cpu.temp]: CPU Temprature
Legend2[mt.cpu.temp]: CPU Temprature

### MONITORING Z_CCR_MIKROTIK CCR_1036 RB TEMP ###
Target[mt.rb.temp]: 1.3.6.1.4.1.14988.1.1.3.10.0&1.3.6.1.4.1.14988.1.1.3.10.0:public@10.0.0.1 / 100
Options[mt.rb.temp]: gauge, growright, nopercent, noinfo
MaxBytes[mt.rb.temp]: 100
Colours[mt.rb.temp]: RED#ff4f27,Y#fffb15,RED#ff4f27,RED#fffb15
#Unscaled[mt.rb.temp]: dwmy
YLegend[mt.rb.temp]: RB Temprature
Title[mt.rb.temp]: Z_CCR_MIKROTIK CCR_1036 Router Board Temprature
PageTop[mt.rb.temp]:
<H1>Z_CCR_MIKROTIK CCR_1036 Router Board Temprature</H1>

ShortLegend[mt.rb.temp]: c
LegendI[mt.rb.temp]:
LegendO[mt.rb.temp]: RB Temp
Legend1[mt.rb.temp]: RB Temprature
Legend2[mt.rb.temp]: RB Temprature

### MONITORING Z_CCR_MIKROTIK CCR_1036 VOLTAGE Monitor ###
Target[mt-voltage]: 1.3.6.1.4.1.14988.1.1.3.8.0&1.3.6.1.4.1.14988.1.1.3.8.0:public@10.0.0.1 / 8
Options[mt-voltage]: growright,nopercent,gauge,integer,nobanner,printrouter,pngdate
MaxBytes[mt-voltage]: 30
Colours[mt-voltage]: RED#ff4f27,Y#fffb15,RED#ff4f27,RED#fffb15
Unscaled[mt-voltage]: dwmy
YLegend[mt-voltage]: Voltaeg Monitor
Title[mt-voltage]: Z_CCR_MIKROTIK CCR_1036 Cloudcore RB VOLTAGE Monitor
PageTop[mt-voltage]:
<H1>Z_CCR_MIKROTIK CCR_1036 Cloudcore RB VOLTAGE Monitor</H1>

ShortLegend[mt-voltage]: v
LegendI[mt-voltage]:
LegendO[mt-voltage]: Voltage
Legend1[mt-voltage]: Voltage
Legend2[mt-voltage]: Voltage

### MONITORING Z_CCR_MIKROTIK CCR_1036 power.consumption Watt Usage Monitor ###
Target[mt-powerconsumption]: .1.3.6.1.4.1.14988.1.1.3.12.0&.1.3.6.1.4.1.14988.1.1.3.12.0:public@10.0.0.1 / 100
Options[mt-powerconsumption]: gauge, growright, nopercent, noinfo
MaxBytes[mt-powerconsumption]: 1000
Colours[mt-powerconsumption]: RED#ff4f27,Y#fffb15,RED#ff4f27,RED#fffb15
#Unscaled[mt-powerconsumption]: dwmy
YLegend[mt-powerconsumption]: Watts USAGE Monitor
Title[mt-powerconsumption]: Z_CCR_MIKROTIK CCR_1036 Cloudcore RB Watts Usage Monitor
PageTop[mt-powerconsumption]:
<H1>Z_CCR_MIKROTIK CCR_1036 Cloudcore RB Watts Usage Monitor</H1>

ShortLegend[mt-powerconsumption]: W
LegendI[mt-powerconsumption]:
LegendO[mt-powerconsumption]: power.consumption.wts
Legend1[mt-powerconsumption]: power.consumption.wts
Legend2[mt-powerconsumption]: power.consumption.wts

### MONITORING Z_CCR_MIKROTIK CCR_1036 FAN-2 Speed Monitor ###
Target[mt-FAN2-speed]: 1.3.6.1.4.1.14988.1.1.3.18.0&1.3.6.1.4.1.14988.1.1.3.18.0:public@10.0.0.1 / 8
Options[mt-FAN2-speed]: growright,nopercent,gauge,integer,nobanner,printrouter,pngdate,logscale,noi
MaxBytes[mt-FAN2-speed]: 10000
Colours[mt-FAN2-speed]: RED#ff4f27,Y#fffb15,RED#ff4f27,RED#fffb15
#Unscaled[mt-FAN2-speed]: dwmy
YLegend[mt-FAN2-speed]: FAN-2 RPM
Title[mt-FAN2-speed]: Z_CCR_MIKROTIK CCR_1036 Cloudcore RB FAN-2 Speed Monitor
PageTop[mt-FAN2-speed]:
<H1>Z_CCR_MIKROTIK CCR_1036 Cloudcore RB FAN-2 Speed Monitor</H1>

ShortLegend[mt-FAN2-speed]: RPM
LegendI[mt-FAN2-speed]:
LegendO[mt-FAN2-speed]: fan-2.rpm.speed
Legend1[mt-FAN2-speed]: fan-2.rpm.speed
Legend2[mt-FAN2-speed]: fan-2.rpm.speed

### MONITORING Z_CCR_MIKROTIK CCR_1036 AMP Monitor ###
Target[mt-amp-mon]: 1.3.6.1.4.1.14988.1.1.3.13.0&1.3.6.1.4.1.14988.1.1.3.13.0:public@10.0.0.1 / 10000
Options[mt-amp-mon]: gauge,growright,nopercent,pngdate,nobanner
MaxBytes[mt-amp-mon]: 30
Colours[mt-amp-mon]: RED#ff4f27,Y#fffb15,RED#ff4f27,RED#fffb15
#Unscaled[mt-amp-mon]: dwmy
YLegend[mt-amp-mon]: AMP USAGE Monitor
Title[mt-amp-mon]: Z_CCR_MIKROTIK CCR_1036 Cloudcore RB AMP Monitor
PageTop[mt-amp-mon]:
<H1>Z_CCR_MIKROTIK CCR_1036 Cloudcore RB AMP Monitor</H1>

ShortLegend[mt-amp-mon]: amp
LegendI[mt-amp-mon]:
LegendO[mt-amp-mon]: amps
Legend1[mt-amp-mon]: amps
Legend2[mt-amp-mon]: amps


ping.cfg


WorkDir: /var/www/mrtg
### ping.cfg
# 10.0.0.1 MIKROTIK NAS SERVERPING GRAPH
Title[mikrotik.ping]: MIKROTIK NAS SERVER PING RTT / Pkt LOSS Report
PageTop[mikrotik.ping]:
<H1>MIKROTIK NAS SERVER PING RTT / Pkt LOSS Report</H1>

Target[mikrotik.ping]: `/cfg/norping.sh 10.0.0.1`
Colours[mikrotik.ping]: R#f75712,G#04bf27,G#70ff53,R#70ff53
MaxBytes[mikrotik.ping]: 100
AbsMax[mikrotik.ping]: 100
Options[mikrotik.ping]: growright,gauge,pngdate,printrouter,nopercent,noinfo,logscale
#growright,nopercent,gauge
LegendI[mikrotik.ping]: Pkt LOSS
LegendO[mikrotik.ping]: Active Round Trip Time
YLegend[mikrotik.ping]: RTT
Legend1[mikrotik.ping]: Pkt LOSS
Legend2[mikrotik.ping]: Active RTT

# 8.8.8.8 GOOGLE SERVERPING GRAPH
Title[8.8.8.8.ping]: GOOGLE DNS PING RTT / Pkt LOSS Report
PageTop[8.8.8.8.ping]:
<H1>GOOGLE DNS PING RTT / Pkt LOSS Report</H1>

Target[8.8.8.8.ping]: `/cfg/norping.sh 8.8.8.8`
Colours[8.8.8.8.ping]: R#f75712,G#04bf27,G#70ff53,R#70ff53
MaxBytes[8.8.8.8.ping]: 100
AbsMax[8.8.8.8.ping]: 100
Options[8.8.8.8.ping]: growright,gauge,pngdate,printrouter,nopercent,noinfo,logscale
#growright,nopercent,gauge
LegendI[8.8.8.8.ping]: Pkt LOSS
LegendO[8.8.8.8.ping]: Active Round Trip Time
YLegend[8.8.8.8.ping]: RTT
Legend1[8.8.8.8.ping]: Pkt LOSS
Legend2[8.8.8.8.ping]: Active RTT


kesc.cfg


WorkDir: /var/www/mrtg

# 10.0.0.2 MIKROTIK AP FOR KESC RPING GRAPH
Title[kesc.ping]: K.E.S.C LIGHT FAILURE GRAPH / MRTG GRAPH
PageTop[kesc.ping]:
<H1>K.E.S.C LIGHT FAILURE / MRTG GRAPH Report ! z@iB</H1>

Target[kesc.ping]: `/cfg/kping.sh 10.0.0.2`
Colours[kesc.ping]: RED#ff4f27,GREEN#00eb0c,RED#ff4f27,RED#fffb15
MaxBytes[kesc.ping]: 100
AbsMax[kesc.ping]: 100
Options[kesc.ping]: growright,gauge,pngdate,printrouter,nopercent,noinfo,logscale
ShortLegend[kesc.ping]: %
LegendI[kesc.ping]: K.E Light Loss
LegendO[kesc.ping]: K.E Availability
YLegend[kesc.ping]: Red Bar Shows Failure (:)


norping.sh


#!/bin/bash
HOST=$1
ping -c 3 $HOST > /dev/null
DATA=`ping -c 3 $1 -q `
if [ $? -eq 0 ]
then
echo "0"
echo $DATA | awk -F/ '{print $6 }'

else
echo "100
0"
fi


APACHE / WEB SERVER Section

To enable cgi execution in /var/www/mrtg folder, edit the apache config file, and

nano /etc/apache2/sites-enabled/000-default

and paste following so that the last section of file should be like below …


<Directory /var/www/mrtg>
AddHandler cgi-script .cgi
Options +ExecCGI +Indexes
DirectoryIndex index.cgi
</Directory>
</VirtualHost>


mrtg-rrd.cgi or index.cgi to graph creation

Following CGI file will create MRTG graph on the fly (on demand)


#!/usr/bin/perl -w
# $Id: mrtg-rrd.cgi,v 1.35 2003/08/18 15:58:57 kas Exp $
# mrtg-rrd.cgi: The script for generating graphs for MRTG statistics.
# Loosely modelled after the Rainer.Bawidamann@informatik.uni-ulm.de's
# 14all.cgi
use strict;
use POSIX qw(strftime);
use Time::Local;
# The %.1f should work on 5.005+. There may be other problems, though.
# I've tested this on 5.8.0 only, so mind the gap!
require 5.005;
# Location of RRDs.pm, if it is not in @INC
# use lib '/usr/lib/perl5/5.00503/i386-linux';
use RRDs;
use vars qw(@config_files @all_config_files %targets $config_time
%directories $version $imagetype);

# EDIT THIS to reflect all your MRTG config files
BEGIN { @config_files = qw(/etc/mrtg.cfg); }

$version = '0.7';
# This depends on what image format your libgd (and rrdtool) uses
$imagetype = 'png'; # or make this 'gif';
# strftime(3) compatibility test
my $percent_h = '%-H';
$percent_h = '%H' if (strftime('%-H', gmtime(0)) !~ /^\d+$/);
sub handler ($)
{
my ($q) = @_;
try_read_config($q->url());
my $path = $q->path_info();
$path =~ s/^\///;
$path =~ s/\/$//;
if (defined $directories{$path}) {
if ($q->path_info() =~ /\/$/) {
print_dir($path);
} else {
print "Location: ", $q->url(-path_info=>1), "/\n\n";
}
return;
}

my ($dir, $stat, $ext) = ($q->path_info() =~
/^(.*)\/([^\/]+)(\.html|-(day|week|month|year)\.$imagetype)$/);

$dir =~ s/^\///;

print_error("Undefined statistics")
unless defined $targets{$stat};

print_error("Incorrect directory")
unless defined $targets{$stat}{directory} || $targets{$stat}{directory} eq $dir;

my $tgt = $targets{$stat};

common_args($stat, $tgt, $q);

# We may be running under mod_perl or something. Do not destroy
# the original settings of timezone.
my $oldtz;
if (defined $tgt->{timezone}) {
$oldtz = $ENV{TZ};
$ENV{TZ} = $tgt->{timezone};
}

if ($ext eq '.html') {
do_html($tgt);
} elsif ($ext eq '-day.' . $imagetype) {
do_image($tgt, 'day');
} elsif ($ext eq '-week.' . $imagetype) {
do_image($tgt, 'week');
} elsif ($ext eq '-month.' . $imagetype) {
do_image($tgt, 'month');
} elsif ($ext eq '-year.' . $imagetype) {
do_image($tgt, 'year');
} else {
print_error("Unknown extension");
}
$ENV{TZ} = $oldtz
if defined $oldtz;
}

sub do_html($)
{
my ($tgt) = @_;

my @day = do_image($tgt, 'day');
my @week = do_image($tgt, 'week');
my @month = do_image($tgt, 'month');
my @year = do_image($tgt, 'year');

http_headers('text/html', $tgt->{config});
print <<'EOF';
<HTML>
<HEAD>
<TITLE>
EOF
print $tgt->{title} if defined $tgt->{title};
print "</TITLE>\n";

html_comments($tgt, 'd', @{$day[0]}) if $#day != -1;
html_comments($tgt, 'w', @{$week[0]}) if $#week != -1;
html_comments($tgt, 'm', @{$month[0]}) if $#month != -1;
html_comments($tgt, 'y', @{$year[0]}) if $#year != -1;

print $tgt->{addhead} if defined $tgt->{addhead};

print "</HEAD>\n", $tgt->{bodytag}, "\n";

print $tgt->{pagetop} if defined $tgt->{pagetop};

unless (defined $tgt->{options}{noinfo}) {
my @st = stat $tgt->{rrd};

print "

<hr>

\nThe statistics were last updated ",
strftime("<B>%A, %d %B, %H:%M:%S %Z</B>\n",
localtime($st[9]));
}

my $dayavg = $tgt->{config}->{interval};

html_graph($tgt, 'day', 'Daily', $dayavg . ' Minute', \@day);
html_graph($tgt, 'week', 'Weekly', '30 Minute', \@week);
html_graph($tgt, 'month', 'Monthly', '2 Hour', \@month);
html_graph($tgt, 'year', 'Yearly', '1 Day', \@year);

unless (defined $tgt->{options}{nolegend}) {
print <<EOF;

<hr>

<table WIDTH=500 BORDER=0 CELLPADDING=4 CELLSPACING=0>
EOF
print <<EOF unless ($tgt->{options}{noi});
<tr>
<td ALIGN=RIGHT><font SIZE=-1 COLOR="$tgt->{col1}">
<b>$tgt->{colname1} ###</b></font></td>
<td><font SIZE=-1>$tgt->{legend1}</font></td>
</tr>
EOF
print <<EOF unless ($tgt->{options}{noo});
<tr>
<td ALIGN=RIGHT><font SIZE=-1 COLOR="$tgt->{col2}">
<b>$tgt->{colname2} ###</b></font></td>
<td><font SIZE=-1>$tgt->{legend2}</font></td>
</tr>
EOF
if ($tgt->{withpeak} ne '') {
print <<EOF unless ($tgt->{options}{noi});
<tr>
<td ALIGN=RIGHT><font SIZE=-1 COLOR="$tgt->{col3}">
<b>$tgt->{colname3} ###</b></font></td>
<td><font SIZE=-1>$tgt->{legend3}</font></td>
</tr>
EOF
print <<EOF unless ($tgt->{options}{noo});
<tr>
<td ALIGN=RIGHT><font SIZE=-1 COLOR="$tgt->{col4}">
<b>$tgt->{colname4} ###</b></font></td>
<td><font SIZE=-1>$tgt->{legend4}</font></td>
</tr>
EOF
}
print <<EOF;</table>
EOF
}

print_banner($tgt->{config})
unless defined $tgt->{options}{nobanner};

print $tgt->{pagefoot} if defined $tgt->{pagefoot};
print "\n", <<'EOF';
</body>
</html>
EOF

}

sub html_comments($$@)
{
my ($tgt, $letter, @val) = @_;

return if $#val == -1;

unless ($tgt->{options}{noi}) {
print "<!-- maxin $letter ", $val[1], " -->\n";
print "<!-- avin $letter ", $val[3], " -->\n";
print "<!-- cuin $letter ", $val[5], " -->\n";
}
unless ($tgt->{options}{noo}) {
print "<!-- maxout $letter ", $val[0], " -->\n";
print "<!-- avout $letter ", $val[2], " -->\n";
print "<!-- cuout $letter ", $val[4], " -->\n";
}
}
sub html_graph($$$$$)
{
my ($tgt, $ext, $freq, $period, $params) = @_;

return unless defined $tgt->{$ext};

my @values = @{$params->[0]};
my $x = $params->[1];
my $y = $params->[2];

$x *= $tgt->{xzoom} if defined $tgt->{xzoom};
$y *= $tgt->{yzoom} if defined $tgt->{yzoom};

my $kilo = $tgt->{kilo};
my @kmg = split(',', $tgt->{kmg});

my $fmt;
if (defined $tgt->{options}{integer}) {
$fmt = '%d';
} else {
$fmt = '%.1f';
}

my @percent = do_percent($tgt, \@values);
my @relpercent = do_relpercent($tgt, \@values);

my @nv;
for my $val (@values) {
if (@kmg == 0) { # kMG[target]: <empty>
push @nv, sprintf($fmt, $val);
next;
}
for my $si (@kmg) {
if ($val < 10000) {
push @nv, sprintf($fmt, $val) . " $si";
last;
}
$val /= $kilo;
}
}
@values = @nv;

print "

<hr>

\n<B>\`$freq\' Graph ($period Average)</B>
\n";

print '<IMG SRC="', $tgt->{url}, '-', $ext, '.' . $imagetype .
'" WIDTH=', $x, ' HEIGHT=', $y, ' ALT="', $freq,
' Graph" VSPACE=10 ALIGN=TOP>
', "\n";
print '
<TABLE CELLPADDING=0 CELLSPACING=0>';
print <<EOF if $tgt->{legendi} ne '' && !$tgt->{options}{noi};
<TR>
<TD ALIGN=RIGHT><SMALL>Max <FONT COLOR="$tgt->{col1}">$tgt->{legendi}</FONT></SMALL></TD>
<TD ALIGN=RIGHT><SMALL>&nbsp;$values[1]$tgt->{shortlegend}$percent[1]</SMALL></TD>
<TD WIDTH=5></TD>
<TD ALIGN=RIGHT><SMALL>Average <FONT COLOR="$tgt->{col1}">$tgt->{legendi}</FONT></SMALL></TD>
<TD ALIGN=RIGHT><SMALL>&nbsp;$values[3]$tgt->{shortlegend}$percent[3]</SMALL></TD>
<TD WIDTH=5></TD>
<TD ALIGN=RIGHT><SMALL>Current <FONT COLOR="$tgt->{col1}">$tgt->{legendi}</FONT></SMALL></TD>
<TD ALIGN=RIGHT><SMALL>&nbsp;$values[5]$tgt->{shortlegend}$percent[5]</SMALL></TD>
</TR>

EOF
print <<EOF if $tgt->{legendo} ne '' && !$tgt->{options}{noo};
<TR>
<TD ALIGN=RIGHT><SMALL>Max <FONT COLOR="$tgt->{col2}">$tgt->{legendo}</FONT></SMALL></TD>
<TD ALIGN=RIGHT><SMALL>&nbsp;$values[0]$tgt->{shortlegend}$percent[0]</SMALL></TD>
<TD WIDTH=5></TD>
<TD ALIGN=RIGHT><SMALL>Average <FONT COLOR="$tgt->{col2}">$tgt->{legendo}</FONT></SMALL></TD>
<TD ALIGN=RIGHT><SMALL>&nbsp;$values[2]$tgt->{shortlegend}$percent[2]</SMALL></TD>
<TD WIDTH=5></TD>
<TD ALIGN=RIGHT><SMALL>Current <FONT COLOR="$tgt->{col2}">$tgt->{legendo}</FONT></SMALL></TD>
<TD ALIGN=RIGHT><SMALL>&nbsp;$values[4]$tgt->{shortlegend}$percent[4]</SMALL></TD>

EOF
if (defined $tgt->{options}{dorelpercent}) {
print <<"EOF";
</TR>
<TR>
<TD ALIGN=RIGHT><SMALL>Max <FONT COLOR="$tgt->{col5}">&nbsp;Percentage:</FONT></SMALL></TD>
<TD ALIGN=RIGHT><SMALL>&nbsp;$relpercent[0]</SMALL></TD>
<TD WIDTH=5></TD>
<TD ALIGN=RIGHT><SMALL>Average <FONT COLOR="$tgt->{col5}">&nbsp;Percentage:</FONT></SMALL></TD>
<TD ALIGN=RIGHT><SMALL>&nbsp;$relpercent[1]</SMALL></TD>
<TD WIDTH=5></TD>
<TD ALIGN=RIGHT><SMALL>Current <FONT COLOR="$tgt->{col5}">&nbsp;Percentage:</FONT></SMALL></TD>
<TD ALIGN=RIGHT><SMALL>&nbsp;$relpercent[2]</SMALL></TD>

EOF
}
print <<'EOF';
</TR>
</TABLE>

EOF
}

sub do_percent($$)
{
my ($tgt, $values) = @_;

my @percent = ('', '', '', '', '', '');

return @percent if defined $tgt->{options}{nopercent};

for my $val (0..$#$values) {
my $mx = ($val % 2 == 1) ? $tgt->{maxbytes1} : $tgt->{maxbytes2};
next unless defined $mx;
my $p = sprintf("%.1f", $values->[$val]*100/$mx);
$percent[$val] = ' (' . $p . '%)';
}

@percent;
}

sub do_relpercent($$)
{
my ($tgt, $values) = @_;

my @percent = ('', '', '');

return @percent unless defined $tgt->{options}{dorelpercent};

for my $val (0..2) {
$percent[$val] = sprintf("%.1f",
$values->[2*$val+1] * 100 / $values->[2*$val])
if $values->[2*$val] > 0;
$percent[$val] ||= 0;
$percent[$val] .= ' %';
}

@percent;
}

sub http_headers($$)
{
my ($content_type, $cfg) = @_;

print <<"EOF"; Content-Type: $content_type Refresh: $cfg->{refresh}
Pragma: no-cache
EOF
# Expires header calculation stolen from CGI.pm
print strftime("Expires: %a, %d %b %Y %H:%M:%S GMT\n",
gmtime(time+60*$cfg->{interval}));

print "\n";
}

sub do_image($$)
{
my ($target, $ext) = @_;

my $file = $target->{$ext};

return unless defined $file;

# Now the vertical rule at the end of the day
my @t = localtime(time);
$t[0] = $t[1] = $t[2] = 0;

my $seconds;
my $oldsec;
my $back;
my $xgrid;

my $unscaled;
my $withpeak;

my $noi = 1 if $target->{options}{noi};
my $noo = 1 if $target->{options}{noo};

if ($ext eq 'day') {
$seconds = timelocal(@t);
$back = 30*3600; # 30 hours
$oldsec = $seconds - 86400;
$unscaled = 1 if $target->{unscaled} =~ /d/;
$withpeak = 1 if $target->{withpeak} =~ /d/;
# We need this only for day graph. The other ones
# are magically correct.
$xgrid = 'HOUR:1:HOUR:6:HOUR:2:0:' . $percent_h;
} elsif ($ext eq 'week') {
$seconds = timelocal(@t);
$t[6] = ($t[6]+6) % 7;
$seconds -= $t[6]*86400;
$back = 8*86400; # 8 days
$oldsec = $seconds - 7*86400;
$unscaled = 1 if $target->{unscaled} =~ /w/;
$withpeak = 1 if $target->{withpeak} =~ /w/;
} elsif ($ext eq 'month') {
$t[3] = 1;
$seconds = timelocal(@t);
$back = 36*86400; # 36 days
$oldsec = $seconds - 30*86400; # FIXME (the right # of days!!)
$unscaled = 1 if $target->{unscaled} =~ /m/;
$withpeak = 1 if $target->{withpeak} =~ /m/;
} elsif ($ext eq 'year') {
$t[3] = 1;
$t[4] = 0;
$seconds = timelocal(@t);
$back = 396*86400; # 365 + 31 days
$oldsec = $seconds - 365*86400; # FIXME (the right # of days!!)
$unscaled = 1 if $target->{unscaled} =~ /y/;
$withpeak = 1 if $target->{withpeak} =~ /y/;
} else {
print_error("Unknown file extension: $ext");
}

my @local_args;

if ($unscaled) {
@local_args = ('-u', $target->{maxbytes1});
push @local_args, '--rigid' unless defined $target->{absmax};
}

if ($xgrid) {
push @local_args, '-x', $xgrid;
}

my @local_args_end;

if ($withpeak) {
push @local_args_end, 'LINE1:maxin'.$target->{col3}.':MaxIn'
unless $noi;
push @local_args_end, 'LINE1:maxout'.$target->{col4}.':MaxOut'
unless $noo;
}

my @rv = RRDs::graph($file, '-s', "-$back", @local_args,
@{$target->{args}}, "VRULE:$oldsec#ff0000",
"VRULE:$seconds#ff0000", @local_args_end);

my $rrd_error = RRDs::error;
print_error("RRDs::graph failed, $rrd_error") if defined $rrd_error;

# In array context just return the values
if (wantarray) {
if (defined $target->{factor}) {
@{$rv[0]} = map { $_ * $target->{factor} } @{$rv[0]};
}
if ($noi) {
return ([$rv[0][0], 0, $rv[0][1], 0, $rv[0][2], 0],
$rv[1], $rv[2]);
} elsif ($noo) {
return ([0, $rv[0][0], 0, $rv[0][1], 0, $rv[0][2]],
$rv[1], $rv[2]);
} else {
return @rv;
}
}

# Not in array context ==> print out the PNG file.
open PNG, "<$file" or print_error("Can't open $file: $!"); binmode PNG; http_headers("image/$imagetype", $target->{config});

my $buf;
# could be sendfile in Linux 😉
while(sysread PNG, $buf, 8192) {
print $buf;
}
close PNG;
}

sub common_args($$$)
{
my ($name, $target, $q) = @_;

return @{$target->{args}} if defined @{$target->{args}};

my $noi = 1 if $target->{options}{noi};
my $noo = 1 if $target->{options}{noo};

$target->{name} = $name;

$target->{directory} = ''
unless defined $target->{directory};

my $tdir = $target->{directory};
$tdir .= '/'
unless $tdir eq '' || $tdir =~ /\/$/;

$target->{url} = $q->url . '/' . $tdir . $name;

my $cfg = $target->{config};

my $dir = $cfg->{workdir};
$dir = $cfg->{logdir}
if defined $cfg->{logdir};

$target->{rrd} = $dir . '/' . $tdir . $name . '.rrd';

%{$target->{options}} = ()
unless defined %{$target->{options}};

$dir = $cfg->{workdir};
$dir = $cfg->{imagedir}
if defined $cfg->{imagedir};

$target->{suppress} ||= '';

$target->{day} = $dir . '/' . $tdir . $name
. '-day.' . $imagetype unless $target->{suppress} =~ /d/;
$target->{week} = $dir . '/' . $tdir . $name
. '-week.' . $imagetype unless $target->{suppress} =~ /w/;
$target->{month} = $dir . '/' . $tdir . $name
. '-month.' . $imagetype unless $target->{suppress} =~ /m/;
$target->{year} = $dir . '/' . $tdir . $name
. '-year.' . $imagetype unless $target->{suppress} =~ /y/;

$target->{maxbytes1} = $target->{maxbytes}
if defined $target->{maxbytes} && !defined $target->{maxbytes1};

$target->{maxbytes2} = $target->{maxbytes1}
if defined $target->{maxbytes1} && !defined $target->{maxbytes2};

my @args = ();

push @args, '--lazy', '-c', 'FONT#000000', '-c',
'MGRID#000000', '-c', 'FRAME#000000',
'-g', '-l', '0';

$target->{background} = '#f5f5f5'
unless defined $target->{background};

push @args, '-c', 'BACK'. $target->{background};

push @args, '-c', 'SHADEA' . $target->{background},
'-c', 'SHADEB' . $target->{background}
if defined $target->{options}{noborder};

if (defined $target->{options}{noarrow}) {
push @args, '-c', 'ARROW' . $target->{background};
} else {
push @args, '-c', 'ARROW#000000';
}

push @args, '-b', $target->{kilo}
if defined $target->{kilo};

if (defined $target->{xsize}) {
if (defined $target->{xscale}) {
push @args, '-w', $target->{xsize}*$target->{xscale};
} else {
push @args, '-w', $target->{xsize};
}
}

if (defined $target->{ysize}) {
if (defined $target->{yscale}) {
push @args, '-h', $target->{ysize}*$target->{yscale};
} else {
push @args, '-h', $target->{ysize};
}
}

my $scale = 1;

if (defined $target->{options}->{perminute}) {
$scale *= 60;
} elsif (defined $target->{options}->{perhour}) {
$scale *= 3600;
}

if (defined $target->{options}->{bits}) {
$scale *= 8;
$target->{ylegend} = 'Bits per second'
unless defined $target->{ylegend};
$target->{legend1} = 'Incoming Traffic in Bits per Second'
unless defined $target->{legend1};
$target->{legend2} = 'Outgoing Traffic in Bits per Second'
unless defined $target->{legend2};
$target->{legend3} = 'Peak Incoming Traffic in Bits per Second'
unless defined $target->{legend3};
$target->{legend4} = 'Peak Outgoing Traffic in Bits per Second'
unless defined $target->{legend4};
$target->{shortlegend} = 'b/s'
unless defined $target->{shortlegend};
} else {
$target->{ylegend} = 'Bytes per second'
unless defined $target->{ylegend};
$target->{legend1} = 'Incoming Traffic in Bytes per Second'
unless defined $target->{legend1};
$target->{legend2} = 'Outgoing Traffic in Bytes per Second'
unless defined $target->{legend2};
$target->{legend3} = 'Peak Incoming Traffic in Bytes per Second'
unless defined $target->{legend3};
$target->{legend4} = 'Peak Outgoing Traffic in Bytes per Second'
unless defined $target->{legend4};
$target->{shortlegend} = 'B/s'
unless defined $target->{shortlegend};
}

if ($scale > 1) {
push @args, "DEF:in0=$target->{rrd}:ds0:AVERAGE",
"CDEF:in=in0,$scale,*",
"DEF:maxin0=$target->{rrd}:ds0:MAX",
"CDEF:maxin=maxin0,$scale,*"
unless $noi;
push @args, "DEF:out0=$target->{rrd}:ds1:AVERAGE",
"CDEF:out=out0,$scale,*",
"DEF:maxout0=$target->{rrd}:ds1:MAX",
"CDEF:maxout=maxout0,$scale,*"
unless $noo;
} else {
push @args, "DEF:in=$target->{rrd}:ds0:AVERAGE",
"DEF:maxin=$target->{rrd}:ds0:MAX"
unless $noi;
push @args, "DEF:out=$target->{rrd}:ds1:AVERAGE",
"DEF:maxout=$target->{rrd}:ds1:MAX"
unless $noo;
}

my $i=1;
for my $coltext (split(/,/, $target->{colours})) {
my ($text, $rgb) = ($coltext =~ /^([^#]+)(#[0-9a-fA-F]{6})$/);
$target->{'col'.$i} = $rgb;
$target->{'colname'.$i} = $text;
$i++;
}

push @args, '-v', $target->{ylegend};

push @args, 'AREA:in' . $target->{col1} . ':In',
unless $noi;
push @args, 'LINE2:out' . $target->{col2} . ':Out'
unless $noo;

push @args, 'PRINT:out:MAX:%.1lf' unless $noo;
push @args, 'PRINT:in:MAX:%.1lf' unless $noi;
push @args, 'PRINT:out:AVERAGE:%.1lf' unless $noo;
push @args, 'PRINT:in:AVERAGE:%.1lf' unless $noi;
push @args, 'PRINT:out:LAST:%.1lf' unless $noo;
push @args, 'PRINT:in:LAST:%.1lf' unless $noi;

if (defined $target->{maxbytes1}) {
$target->{maxbytes1} *= $scale;
push @args, 'HRULE:' . $target->{maxbytes1} . '#cc0000';
}

if (defined $target->{maxbytes2}) {
$target->{maxbytes2} *= $scale;
push @args, 'HRULE:' . $target->{maxbytes2} . '#cccc00'
if $target->{maxbytes2} != $target->{maxbytes1};
}

@{$target->{args}} = @args;

@args;
}

sub try_read_config($)
{
my ($prefix) = (@_);
$prefix =~ s/\/[^\/]*$//;

# Verify the version of RRDtool:
if (!defined $RRDs::VERSION || $RRDs::VERSION < 1.000331) {
print_error("Please install more up-to date RRDtool - need at least 1.000331");
}

my $read_cfg;
if (!defined $config_time) {
$read_cfg = 1;
} else {
for my $file (@all_config_files) {
my @stat = stat $file;
if ($config_time < $stat[9]) { $read_cfg = 1; last; } } } return unless $read_cfg; my %defaults = ( xsize => 400,
ysize => 100,
kmg => ',k,M,G,T,P',
kilo => 1000,
bodytag => "<BODY BGCOLOR=#ffffff>\n",
colours => 'GREEN#00cc00,BLUE#0000ff,DARK GREEN#006600,MAGENTA#ff00ff,AMBER#ef9f4f',
legendi => '&nbsp;In:',
legendo => '&nbsp;Out:',
unscaled => '',
withpeak => '',
directory => '',
);

%targets = ();

@all_config_files = @config_files;

my $order = 0;
for my $cfgfile (@config_files) {
%{$targets{_}} = %defaults;
%{$targets{'^'}} = ();
%{$targets{'$'}} = ();

my $cfgref = {
refresh => 300,
interval => 5,
icondir => $prefix
};

read_mrtg_config($cfgfile, \%defaults, $cfgref, \$order);
}

delete $targets{'^'};
delete $targets{_};
delete $targets{'$'};

parse_directories();

$config_time = time;
}

sub read_mrtg_config($$$$);

sub read_mrtg_config($$$$)
{
my ($file, $def, $cfgref, $order) = @_;

my %defaults = %$def;

my @lines;

open(CFG, "<$file") || print_error("Cannot open config file: $!");
while (<CFG>) {
chomp; # remove newline
s/\s+$//; # remove trailing space
s/\s+/ /g; # collapse white spaces to ' '
next if /^ *\#/; # skip comment lines
next if /^\s*$/; # skip empty lines
if (/^ \S/) { # multiline options
$lines[$#lines] .= $_;
} else {
push @lines, $_;
}
}
close CFG;

foreach (@lines) {
if (/^\s*([\w\d]+)\[(\S+)\]\s*:\s*(.*)$/) {
my ($tgt, $opt, $val) = (lc($2), lc($1), $3);
unless (exists $targets{$tgt}) {
# pre-set defaults constructed on all of ^, _, and $
for my $key (%{$targets{'^'}}) {
$targets{$tgt}{$key} = $targets{'^'}{$key};
}
for my $key (%{$targets{'$'}}) {
$targets{$tgt}{$key} .= $targets{'$'}{$key};
}
# WARNING: Tobi explicitly said that when all ^, _, and $
# options are set, the result should be just the value
# of the _ option (when the option itself is not explicitly
# defined. I do not agree with him here but I respect this
# and will try to be compatible with MRTG.
for my $key (%{$targets{'_'}}) {
$targets{$tgt}{$key} = $targets{'_'}{$key};
}

# anonymous hash ref - need copy, not ref
delete $targets{$tgt}{options};
# The same as above - we need to create this
# based on [^], [_], and [$] values
%{$targets{$tgt}{options}} = ();
%{$targets{$tgt}{options}} = %{$targets{'^'}{options}}
if defined $targets{'^'}{options};
%{$targets{$tgt}{options}} = (%{$targets{$tgt}{options}},
%{$targets{'_'}{options}})
if defined $targets{'_'}{options};
%{$targets{$tgt}{options}} = (%{$targets{$tgt}{options}},
%{$targets{'$'}{options}})
if defined $targets{'$'}{options};

$targets{$tgt}{order} = ++$$order;
$targets{$tgt}{config} = $cfgref;
}
if ($tgt eq '_' && $val eq '') {
if (defined $defaults{$opt}) {
$targets{_}{$opt} = $defaults{$opt};
} else {
delete $targets{_}{$opt};
}
} elsif (($tgt eq '^' || $tgt eq '$') && $val eq '') {
delete $targets{$tgt}{$opt};
} elsif ($opt eq 'options') {
# Do not forget defaults [^] and [$]
delete $targets{$tgt}{options};
%{$targets{$tgt}{options}} = %{$targets{'^'}{options}}
if defined $targets{'^'}{options};
$val = lc($val);
map { $targets{$tgt}{options}{$_} = 1 } ($val =~ m/([a-z]+)/g);
%{$targets{$tgt}{options}} = (%{$targets{$tgt}{options}},
%{$targets{'$'}{options}})
if defined $targets{'$'}{options};
} else {
my $pre = $targets{'^'}{$opt}
if defined $targets{'^'}{$opt};
$pre ||= '';
$targets{$tgt}{$opt} = $pre.$val;
$targets{$tgt}{$opt} .= $targets{'$'}{$opt}
if defined $targets{'$'}{$opt};
}
next;
} elsif (/^Include\s*:\s*(\S*)$/) {
push @all_config_files, $1;
read_mrtg_config($1, $def, $cfgref, $order);
next;
} elsif (/^([\w\d]+)\s*:\s*(\S.*)$/) {
my ($opt, $val) = (lc($1), $2);
$cfgref->{$opt} = $val;
next;
}
print_error("Parse error in $file near $_");
}

if (defined $cfgref->{pathadd}) {
$ENV{PATH} .= ':'.$cfgref->{pathadd};
}

# if (defined $cfgref->{libadd}) {
# use lib $cfgref->{libadd}
# }
}

sub parse_directories {
%directories = ();

# FIXME: the sort is expensive
for my $name (sort { $targets{$a}{order} <=> $targets{$b}{order} } keys %targets) {
my $dir = $targets{$name}{directory}
if defined $targets{$name}{directory};
$dir = '' unless defined $dir;

my $prefix = '';
for my $component (split /\/+/, $dir) {
unless (defined $directories{$prefix.$component}) {
push (@{$directories{$prefix}{subdir}},
$component);

# For the directory, get the global parameters
# from the # config of the first item of the
# directory:
$directories{$prefix}{config} =
$targets{$name}{config};
$directories{$prefix}{bodytag} =
$targets{$name}{bodytag};
}
$prefix .= $component . '/';
}
unless (defined $directories{$dir}) {
$directories{$dir}{config} =
$targets{$name}{config};
$directories{$dir}{bodytag} =
$targets{$name}{bodytag};
}

push (@{$directories{$dir}{target}}, $name);
}
}

sub print_dir($) {
my ($dir) = @_;

my $dir1 = $dir . '/';

http_headers('text/html', $directories{$dir}{config});

print <<EOF;
<HTML>
<HEAD>
<TITLE>MRTG: Directory $dir1</TITLE>
</HEAD>
EOF
print $directories{$dir}{bodytag};

my $subdirs_printed;
if (defined @{$directories{$dir}{subdir}}) {
$subdirs_printed = 1;
print <<EOF;
<H1>MRTG subdirectories in the directory $dir1</H1>
<UL>
EOF
for my $item (@{$directories{$dir}{subdir}}) {
print "
<LI><A HREF=\"$item/\">$item/</A>\n";
}

print "</UL>

\n";
}
if (defined @{$directories{$dir}{target}}) {
print "

<hr>

\n" if defined $subdirs_printed;
print <<EOF;
<H1>MRTG graphs in the directory $dir1</H1>
<TABLE BORDER=0 WIDTH=100%>
EOF
my $odd;
for my $item (@{$directories{$dir}{target}}) {
my $itemname = $item;
$itemname = $targets{$item}{title}
if defined $targets{$item}{title};
print "
<TR>\n" unless $odd;
print <<EOF;
<TD><A HREF="$item.html">$itemname
<IMG SRC="$item-day.$imagetype" BORDER=0 ALIGN=TOP VSPACE=10 ALT="$item">
</A><BR CLEAR=ALL>
</TD>

EOF
print " </TR>

\n" if $odd;
$odd = !$odd;
}
print " </TR>

\n</TABLE>

\n";
}

print_banner($directories{$dir}{config});
print "</BODY>\n</HTML>\n";
}

sub print_banner($) {
my $cfg = shift;

print <<EOF;

<hr>

<table BORDER=0 CELLSPACING=0 CELLPADDING=0>
<tr>
<td WIDTH=63><a ALT="MRTG" HREF="http://ee-staff.ethz.ch/~oetiker/webtools/mrtg/mrtg.html"><img BORDER=0 SRC="$cfg->{icondir}/mrtg-l.$imagetype"></a></td>
<td WIDTH=25><a ALT="" HREF="http://ee-staff.ethz.ch/~oetiker/webtools/mrtg/mrtg.html"><img BORDER=0 SRC="$cfg->{icondir}/mrtg-m.$imagetype"></a></td>
<td WIDTH=388><a ALT="" HREF="http://ee-staff.ethz.ch/~oetiker/webtools/mrtg/mrtg.html"><img BORDER=0 SRC="$cfg->{icondir}/mrtg-r.$imagetype"></a></td>
</tr>
</table>
<spacer TYPE=VERTICAL SIZE=4>
<table BORDER=0 CELLSPACING=0 CELLPADDING=0 WIDTH=476>
<tr VALIGN=top>
<td ALIGN=LEFT><font FACE="Arial,Helvetica" SIZE=2>
version 2.9.17</font></td>
<td ALIGN=RIGHT><font FACE="Arial,Helvetica" SIZE=2>
<a HREF="http://ee-staff.ethz.ch/~oetiker/">Tobias Oetiker</a>
<a HREF="mailto:oetiker\@ee.ethz.ch">&lt;oetiker\@ee.ethz.ch&gt;</a>
</font></td>
</tr>
<tr>
<td></td>
<td ALIGN=RIGHT><font FACE="Arial,Helvetica" SIZE=2>
and&nbsp;<a HREF="http://www.bungi.com">Dave&nbsp;Rand</a>&nbsp;<a HREF="mailto:dlr\@bungi.com">&lt;dlr\@bungi.com&gt;</a></font></td>
<tr VALIGN=top>
<td ALIGN=LEFT><font FACE="Arial,Helvetica" SIZE=2>
<A HREF=http://www.fi.muni.cz/~kas/mrtg-rrd/>mrtg-rrd.cgi version $version</A>
</font></td>
<td ALIGN=RIGHT><font FACE="Arial,Helvetica" SIZE=2>
<A HREF="http://www.fi.muni.cz/~kas/">Jan "Yenya" Kasprzak</A>
<A HREF="mailto:kas\@fi.muni.cz">&lt;kas\@fi.muni.cz&gt;</A>
</font></td>
</tr>
</table>
EOF
print '<!--$Id: mrtg-rrd.cgi,v 1.35 2003/08/18 15:58:57 kas Exp $-->', "\n";
}

sub dump_targets() {
for my $tgt (keys %targets) {
print "Target $tgt:\n";
for my $opt (keys %{$targets{$tgt}}) {
if ($opt eq 'options') {
print "\toptions: ";
for my $o1 (keys %{$targets{$tgt}{options}}) {
print $o1, ",";
}
print "\n";
next;
}
print "\t$opt: ", $targets{$tgt}{$opt}, "\n";
}
}
}

sub dump_directories {
print "Directories:\n";

for my $dir (keys %directories) {
print "Directory $dir:\n";
for my $item (@{$directories{$dir}}) {
print "\t$item\n";
}
}
}

sub print_error(@)
{
print "Content-Type: text/plain\n\nError: ", join(' ', @_), "\n";
exit 0;
}

#--BEGIN CGI--
#For CGI, use this:

use CGI;
my $q = new CGI;

# thttpd fix up by Akihiro Sagawa
if ($q->server_software() =~ m|^thttpd/|) {
my $path = $q->path_info();
$path .= '/' if ($q->script_name=~ m|/$|);
$q->path_info($path);
}

handler($q);

#--END CGI--
#--BEGIN FCGI--
# For FastCGI, uncomment this and comment out the above:
#-# use FCGI;
#-# use CGI;
#-#
#-# my $req = FCGI::Request();
#-#
#-# while ($req->Accept >= 0) {
#-# my $q = new CGI;
#-#
#-# # thttpd fix up by Akihiro Sagawa
#-# if ($q->server_software() =~ m|^thttpd/|) {
#-# my $path = $q->path_info();
#-# $path .= '/' if ($q->script_name=~ m|/$|);
#-# $q->path_info($path);
#-# }
#-#
#-# handler($q);
#-# }
#--END FCGI--

1;


Few Tips

Make sure you install rrdtool before using it 🙂

apt-get -y install rrdtool

To execute MRTG with command manually

env LANG=C mrtg /etc/mrtg.cfg

To assign apache www-data users full rights to /var/www/mrtg folder

chown -R www-data /var/www/mrtg/

SNMPWALK sample command to query any OID from snmp enabled target machine

snmpwalk -v1 -c gt 10.0.0.1  .1.3.6.1.2.1.25.2.3.1.6.65536

CFGMAKER command to create interface commands (this will support acquiring data larget then 120 M limit) as explained here. ( https://aacable.wordpress.com/tag/mrtg-120m-limit/ )

cfgmaker public@10.0.0.1:::::2 > temp.cfg

MRTG crontab sample (1 minute interval when using RRD)

*/1 * * * * env LANG=C mrtg /etc/mrtg.cfg –logging /var/log/mrtg.log

Enable CGI

sudo a2enmod cgi

Can’t locate RRDs.pm in @INC

SOLUTION:

sudo apt-get install librrds-perl


Some Sample Outputs !

WAN Usage: [Below …]

1-wan

Noc Room Temperature

1- noc room temp.PNG

Disk Space Used in Percent %

2- disk space of mail.PNG

Active PPP Users on CCR_1036

2-active-pppoe

CPU Usage of CCR_1036

3-mt-cpu-load

PING to Google DNS via CCR_1036

4-ping

Memory Usage of CCR_1036

5-memory

RB Temperature of CCR_1036

6-ccr-1036-rb-board-temperature

RB Voltage history of CCR_1036

7-rb-ccr-1036-voltage

SERVER UPTIME

3- server uptime.PNG

Memory Usage of Linux System

8-radius-memory


Regard’s
~ Syed Jahanza!B ~

November 25, 2016

Mikrotik: Switching between interface

Filed under: Mikrotik Related — Tags: , , , — Syed Jahanzaib / Pinochio~:) @ 2:18 PM

f

NOT FOR GENERAL PUBLIC

SHARING IT FOR PERSONAL REFERENCE


Following is an script that switches connectivity between two interfaces (usually wan).

Example: ISP x have provided internet connectivity via fiber link . as a backup / redundancy link ISP have provided second fiber line. Both link have same ip address with same gateway. There are other ways too , this is just one way of achieving task. it can be customized in many ways like forcing specific hosts to be monitored by ping and act accordingly , or by having bridge etc.

IP address example:

in /ip address >>>

sfp1 = 10.0.0.1 (with comments “PRIMARY-SFP1”)
[remains enabled until next status changed]

sfp2 = 10.0.0.1 (with comments “SECONDARY-SFP2”)
[remains enabled until next status changed]

The script will do following.

Check the SFP1 Status, if it does not found “linkok” reply, it will log event, send email/sms alert to admin, and switch to SFP2 port by enabling IP of SFP2 [and Disable ip on SFP1]

On next run, if it found SFP1 link ok, then it will log event, send email/sms alert to admin, and switch back to SFP1 port by enabling IP of SFP1 and disable ip on SFP2.


# Mikrotik SPF Link monitoring SCRIPT with optional Email and SMS Alert,
# We are using local KANNEL as SMS gateway and GMAIL as email sender
# by Syed Jahanzaib
# https://aacable.wordpress.com
# Email : aacable at hotmail dot com
# Script Last Modified : 25-NOV-2016 / 1400 hours

# PRIMARY FIBER LINK
:local INT "sfp1"
# SECONDARY BACKUP FIBER LINK
:local INT2 "sfp2"
:local i 0;
:local F 0;
:local date;
:local time;
:global sub1 ([/system identity get name])
:global sub2 ([/system clock get time])
:global sub3 ([/system clock get date])
:set date [/system clock get date];
:set time [/system clock get time];
:local cell1 "03333021909"
:global FIBERnetstatus;
:global FIBERnetlastchange;
:global FIBERIP;

# Company Name, do not use spaces in it
:local COMPANY "ZZZ"

# Setting GMAIL config
:local sub1 ([/system identity get name])
:local sub2 ([/system clock get date])
:local sub3 ([/system clock get time])
:local TO1 "RECIPIENT-1@hotmail.com"
:local gmailid "YOUR-GMAIL-ID@gmail.com"

#If you dont have kannel sms gateway ignore this.
:local KURL "http://10.0.0.1:13013/cgi-bin/sendsms"
:local KID "kannel"
:local KPASS "KANNEL-PASS"

# SMS DOWN status Msg format for Kannel SMS gateway (donot use spaces in it)
:local MSGDOWNSMS "$COMPANY+FIBER+ALERT:%0A$INT+fiber+is+now+DOWN.%0ASwitching+to+$INT2+backup+fiber+link"
# SMS UP status Msg format for Kannel SMS gateway (donot use spaces in it)
:local MSGUPSMS "$COMPANY+FIBER+INFO:%0A$INT+fiber+is+now+UP.%0ASwitching+back+to+$INT"

# EMAIL Msg format for FIBER DOWN
:local MSGDOWNEMAIL "$COMPANY FIBER ALERT: $INT fiber is now DOWN at $sub1 $sub2 $sub3 . Switching to $INT2 backup link. Please Verify it."
# EMAIL Msg format for FIBER UP
:local MSGUPEMAIL "$COMPANY FIBER INFO: $INT fiber is now UP at $sub1 $sub2 $sub3 . Switching back to $INT primary link. Please Verify it."
# LOG error
:local DOWNLOG1 "$COMPANY FIBER ALERT: $INT fiber is now DOWN at $sub1 $sub2 $sub3 . Switching to $INT2 backup link. Please Verify it."
:local UPLOG1 "$COMPANY FIBER INFO: $INT fiber is now UP at $sub1 $sub2 $sub3 . Switching back to $INT primary link. Please Verify it"

######################################
########## Start the SCRIPT ###############
########## DONOT EDIT BELOW ############
######################################

local link;
/interface ethernet cable-test $INT once do={
:set link $"status";
};

:if ($link != "link-ok") do={
:log error "$INT SFP DOWN"

:if (($FIBERnetstatus="UP")) do={
:set FIBERnetstatus "DOWN";

# Also add status in global variables to be used as tracking
:set date [/system clock get date];
:set time [/system clock get time];
:set FIBERnetlastchange ($time . " " . $date);
##################################################
####### FOR DOWN STATUS, CHANGE THE RULES ########
##################################################

# If the link is down, then LOG info and warning in Mikrotik LOG window [Zaib]
:log error "$DOWNLOG1"

# DOWN ACTION , shifting to SFP2 , backup link
/ip address set disabled=yes [find comment="PRIMARY-SFP1"]
/ip address set disabled=no [find comment="BACKUP-SFP2"]

# Adding delay so gateway should be reachable properly
:delay 5s;

:global gmailsmtp
:set gmailsmtp [:resolve "smtp.gmail.com"];

# "Emailing the DOWN status. . . "
/tool e-mail send to=$TO1 subject="$MSGDOWNEMAIL" start-tls=yes body="$MSGDOWNEMAIL"

# Send SMS the DOWN status via KANNEL
/tool fetch url="$KURL\?username=$KID&password=$KPASS&to=$cell1&text=$MSGDOWNSMS"

##################################################
####### FOR UP STATUS, CHANGE THE RULES ########
##################################################

} else={:set FIBERnetstatus "DOWN";}
} else={
:if (($FIBERnetstatus="DOWN")) do={

:set FIBERnetstatus "UP";

# If link is UP, then LOG info and warning in Mikrotik LOG window [Zaib]
:log warning "$UPLOG1"

# UP ACTION , shifting back to SFP1
/ip address set disabled=no [find comment="PRIMARY-SFP1"]
/ip address set disabled=yes [find comment="BACKUP-SFP2"]

# Adding delay so gateway should be reachable properly
:delay 5s;
:global gmailsmtp
:set gmailsmtp [:resolve "smtp.gmail.com"];

# "Emailing the UP status. . . "
/tool e-mail send to=$TO1 subject="$MSGUPEMAIL" start-tls=yes body="$MSGUPEMAIL"

# Send SMS via KANNEL Gateway
/tool fetch url="$KURL\?username=$KID&password=$KPASS&to=$cell1&text=$MSGUPSMS"

:set date [/system clock get date];
:set time [/system clock get time];
:set FIBERnetlastchange ($time . " " . $date);

} else={:set FIBERnetstatus "UP";}
}

Older Posts »

%d bloggers like this: