/usr/sbin/useradd namauser -u 0 -o -g 0 -d /home/namauser -s /bin/bash
passwd namauser
Tuesday, 11 November 2014
Saturday, 19 July 2014
Lan Firewall Rules ClearOS
add your iptables commands to /etc/rc.d/rc.firewall.local
iptables -A FORWARD -i tun+ -j ACCEPT
iptables -A OUTPUT -o tun+ -j ACCEPT
iptables -A INPUT -i tun+ -j ACCEPT
iptables -t nat -A POSTROUTING -s 10.8.0.0/24 -j MASQUERADE
iptables -A FORWARD -i tun+ -j ACCEPT
iptables -A OUTPUT -o tun+ -j ACCEPT
iptables -A INPUT -i tun+ -j ACCEPT
iptables -t nat -A POSTROUTING -s 10.8.0.0/24 -j MASQUERADE
Sunday, 6 July 2014
Create your CSR faster
sudo openssl genrsa -des3 -out ilo.key 1024
sudo openssl req -new -key ilo.key -out ilo.csr
sudo openssl x509 -req -days 10000 -in ilo.csr -signkey ilo.key -out ilo.crt
sudo openssl req -new -key ilo.key -out ilo.csr
sudo openssl x509 -req -days 10000 -in ilo.csr -signkey ilo.key -out ilo.crt
Thursday, 13 March 2014
PCQ Mikrotik
Bandwidth Total= 1m
Jumlah Client = 28
ip router Mikrotik = 192.168.65.2
ip client = 192.168.65.3-192.168.65.254
1. Buat Mangle :
/ip firewall mangle
(menangkap semua traffic/koneksi untuk semua client)
add chain=forward action=mark-connection new-connection-mark=all-warnet passthrough=yes dst-address=192.168.1.2-192.168.1.9
add chain=forward action=mark-packet new-packet-mark=all-warnet passthrough=no connection-mark=all-warnet
(menangkap semua traffic/koneksi client satu persatu. ulangi rule ini sesuai dengan banyaknya client anda)
add chain=forward action=mark-connection new-connection-mark=client1 passthrough=yes dst-address=192.168.65.10
add chain=forward action=mark-packet new-packet-mark=client1 passthrough=no connection-mark=client1
add chain=forward action=mark-connection new-connection-mark=client2 passthrough=yes dst-address=192.168.1.3
add chain=forward action=mark-packet new-packet-mark=client2 passthrough=no connection-mark=client2
......... dan seterusnya sampai 8 client................
2. Buat Queue Tree
/queue tree
(melihat total bandwidth yang digunakan oleh semua client)
add name="all-warnet" parent=global-out packet-mark=all-warnet limit-at=0 queue=default priority=8 max-limit=512000
(membatasi bandwidth per client)
add name="client1" parent=all-warnet packet-mark=client1 limit-at=70000 queue=default priority=3 max-limit=512000
add name="client2" parent=all-warnet packet-mark=client2 limit-at=70000 queue=default priority=3 max-limit=512000
......... dan seterusnya sampai 8 client................
3. Pada rule queue tree saya, semua client mempunyai hak dan jaminan bandwidth yang sama. ilustrasinya, bandwidth akan diberikan full 512k apabila hanya satu client yang online (contoh client1), tapi ketika ada client lain yang online atau request bandwidth maka bandwidth client1 akan turun secara otomatis. apabila semua client membutuhkan bandwidth maka masing2 client bandwitdh akan mendapatkan 512k dibagi 8 client = 64k.
4. Mungkin anda bertanya, kenapa saya pasang limit at = 0 pada queue al warnet sedangkan pada client limit at = 70k dan kenapa priority pada queue all warnet berbeda dengan queue client..?? jawaban dan cara perhitungannya bisa anda temukan
Jumlah Client = 28
ip router Mikrotik = 192.168.65.2
ip client = 192.168.65.3-192.168.65.254
1. Buat Mangle :
/ip firewall mangle
(menangkap semua traffic/koneksi untuk semua client)
add chain=forward action=mark-connection new-connection-mark=all-warnet passthrough=yes dst-address=192.168.1.2-192.168.1.9
add chain=forward action=mark-packet new-packet-mark=all-warnet passthrough=no connection-mark=all-warnet
(menangkap semua traffic/koneksi client satu persatu. ulangi rule ini sesuai dengan banyaknya client anda)
add chain=forward action=mark-connection new-connection-mark=client1 passthrough=yes dst-address=192.168.65.10
add chain=forward action=mark-packet new-packet-mark=client1 passthrough=no connection-mark=client1
add chain=forward action=mark-connection new-connection-mark=client2 passthrough=yes dst-address=192.168.1.3
add chain=forward action=mark-packet new-packet-mark=client2 passthrough=no connection-mark=client2
......... dan seterusnya sampai 8 client................
2. Buat Queue Tree
/queue tree
(melihat total bandwidth yang digunakan oleh semua client)
add name="all-warnet" parent=global-out packet-mark=all-warnet limit-at=0 queue=default priority=8 max-limit=512000
(membatasi bandwidth per client)
add name="client1" parent=all-warnet packet-mark=client1 limit-at=70000 queue=default priority=3 max-limit=512000
add name="client2" parent=all-warnet packet-mark=client2 limit-at=70000 queue=default priority=3 max-limit=512000
......... dan seterusnya sampai 8 client................
3. Pada rule queue tree saya, semua client mempunyai hak dan jaminan bandwidth yang sama. ilustrasinya, bandwidth akan diberikan full 512k apabila hanya satu client yang online (contoh client1), tapi ketika ada client lain yang online atau request bandwidth maka bandwidth client1 akan turun secara otomatis. apabila semua client membutuhkan bandwidth maka masing2 client bandwitdh akan mendapatkan 512k dibagi 8 client = 64k.
4. Mungkin anda bertanya, kenapa saya pasang limit at = 0 pada queue al warnet sedangkan pada client limit at = 70k dan kenapa priority pada queue all warnet berbeda dengan queue client..?? jawaban dan cara perhitungannya bisa anda temukan
Monday, 9 December 2013
BACKUP MIKROTIK WITH EMAIL
1) Adding Script
The below script does the following function.
1) Backup Complete Mikrotik Configuration
2) Backup User Manager Database [You can skip this section if its not required]
3) Export Complete Mikrotik Configuration
2) Backup User Manager Database [You can skip this section if its not required]
3) Export Complete Mikrotik Configuration
After creating 3 files, it will email them using GMAIL SMTP server (You can change it in the script if you are using some other isp smtp server, some isp’s allow only there IP series to relay through there SMTP server) , and then deletes the files after sending Email to save space on RB (as we all know that RB have very limited storage, so if you dont delete the files created on daily basis, it will soon fill up the storage)
Goto System > Scripts
Click on + icon to add script.
Name it backup-script
In the Source box, paste the below script.
Click on + icon to add script.
Name it backup-script
In the Source box, paste the below script.
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
| :log info "Mikrotik Backup JOB Started . . . By Syed Jahanzaib":global backupfile configbackup:global mikrotikexport mtexport_backup:global umbackup um_backup:log info "Deleting old Backup File If available otherwise ignore & process further . . . "/system backup save name=$backupfile/export file=$mikrotikexport/tool user-manager database save name=$umbackup:log info "Backup process pausing for 10s so it complete creating backup file":delay 10s:log info "Start Sending Backup File via Email using GMAIL SMTP . . ."/tool e-mail send to="YourGMAIL-ID@gmail.com" password=GMAILPASSWD subject=([/system clock get date] . \" Mikrotik Config Backup by zaib") from=YourGMAIL-ID@gmail.com file=$backupfile server=173.194.69.109 tls=yes/tool e-mail send to="YourGMAIL-ID@gmail.com" password=GMAILPASSWD subject=([/system clock get date] . \" Mikrotik Export Backup by zaib") from=YourGMAIL-ID@gmail.com file=$mikrotikexport server=173.194.69.109 tls=yes/tool e-mail send to="YourGMAIL-ID@gmail.com" password=GMAILPASSWD subject=([/system clock get date] . \" Mikrotik UM Backup by zaib") from=YourGMAIL-ID@gmail.com file=$umbackup server=173.194.69.109 tls=yes:delay 40s:log info "Backup Finished":log info "Deleting Backup File. All Done. Allah Hafiz"/file remove $backupfile/file remove $mikrotikexport/file remove $umbackup |
Click on OK to save the script.
You can remove user manager backup from the list, if its not required.
Adding (GMAIL) Email Server in tools/e-mail
Open Terminal & paste the following config
/tool e-mail set address=74.125.45.108 from=gmailid@gmail.com password=mypassword port=587 starttls=no user=gmailid
Testing the Script . . .
First we will enable script logging, so we can see its result / errors etc.
First we will enable script logging, so we can see its result / errors etc.
/system logging
add action=echo disabled=no prefix=”" topics=scrip
add action=echo disabled=no prefix=”" topics=scrip
Now Test the script by using following command at terminal. (Also open the log window so you can see the script results or any error)
/tool e-mail send server=173.194.69.109 port=587 tls=yes user=yourgmailid@gmail.com password=yourgmailpass t
o=aacable@hotmail.com subject=test body=test
o=aacable@hotmail.com subject=test body=test
Now execute the script.
/sys script run backup-script
You may see the following screens if every thing is setup correctly. Also open the LOG window.
(Screenshot Posting Pending)
.
.
.
Adding Scheduler to run the script on daily basis
Open Terminal & paste the following command
1
2
3
| /system scheduleradd comment="Execute Backup Script Daily at 1am" disabled=no interval=1d name=BackupnMail on-event=backup-script policy=\ftp,reboot,read,write,policy,test,winbox,password,sniff,sensitive start-date=nov/05/2012 start-time=01:00:00 |
.
GMAIL Configuration on Mikrotik: [Short Reference]
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
| [admin@MikroTik] > /tool e-mail praddress: 74.125.45.108port: 587starttls: nofrom: gmailid@gmail.comuser: gmailidpassword: mypassword[admin@MikroTik] > /tool e-mail ex# dec/12/2012 10:45:57 by RouterOS 5.20#/tool e-mailset address=74.125.45.108 from=gmailid@gmail.com password=mypassword port=587 starttls=no user=gmailid[admin@MikroTik] >/tool e-mail> send server=74.125.45.108 port=587 tls=yes user=gmailid@gmail.com password=xxxxxx to=aacable@hotmail.com subject=test body=test |
.
.
.
Subscribe to:
Posts (Atom)