ADSL Modem Network Management

ADSL Modem Network Management

Quite a lot of providers that provide services Broadband / ADSL could be an option at this time is accompanied by a wide selection of convenience and promo offered is certainly interesting. However, here we will not discuss the price, let alone promo offer, but rather on the management network using Broadband / ADSL. Typically, the provider install a modem on the client side, so that the client can receive internet service provided. Service commonly used one is PPPoE, which functioned as a modem PPPoE Client. Simple topology used is Internet -> ADSL Modem -> Hub / Switch -> Client.

Usually a network administrator then adds ADSL router between the modem and the client, for example Mikrotik router. This is done because in general the simple ADSL modem does not have a function that is complete enough to perform network management. By adding a router, then the topology that we are building to be as follows.

Actually there are two options for connecting to the internet via our network ADSL Modem. First, we could dial into a modem using the default provider, so the public ip terpsang on the modem. Or the second alternative, we can dial directly from the Router Mikrotik PPPoE. So that will be installed at the Public IP Mikrotik. The second option is to make it easier when we will do a remote router from the Internet, or other rules also apply. For example, when applying port forwarding (dst-nat) or too loadbalance.

We will try the case study using the second option, ie from Mikrotik PPPoE dial directly. We're also going to try using the topology in which the second image using two ADSL connections. First, setting the ADSL modem to bridge mode. How to set differently depending on the brand and type of modem.

After setting the modem in bridge mode, create a client in Mikrotik PPPoE interface by pressing the + button in the menu interface. the interface parameters, select the ethernet interface heading to the modem.

Furthermore, in the Dial Out tab, fill in the username and password parameters according to the information given by the provider. Username and password information for each different course providers. If you are finished, click OK, then the interface will be formed PPPOE client and the router will automatically try to dial through PPPoE interface. If the PPPoE settings are correct and properly connected, the status of the Client in Mikrotik PPPOE will change to "Connected", or flag the interface into "R" or Running.

Repeat steps according to the image to another ADSL line, so there are two interface pppoe-client, because in this case study we tried to use two ADSL line.

Then add the default gateway for the router so that the router can connect to the internet. Because we use two ADSL line, we use the method of ECMP Load Balance, one of load balance method is quite simple. How to do ECMP Load Balance is to add two gateways in the routing rule.

When finished making the routing rule, then we need to lead the Router DNS settings to the DNS provider. This information should you ask your course provider, or use open DNS.

Add src-nat rule under router so the client can access the internet.

Do not forget to attach the IP address on the interface bound to the client, for example 192.168.3.1/24 interface = ether3. You can also pair the IP address on the interface of the modem and router interfaces that are connected to monitoring.

Minimizing Configuration Error In Safe Mode

Minimizing Configuration Error In Safe Mode

Having the wrong intentionally or unintentionally may have been having, and the worst effects may not even be the remote router. Would be very inconvenient when we are setting the router in the remote router is in a remote location, so we can not reset the router to restore the router. To minimize the occurrence quite disturbing as above, we can take advantage of the Safe Mode feature on Mikrotik.

Safe Mode

One of the features that work on a proxy mode "safe" which will save the router configuration while. If at the time of setting up the router on the condition safe mode router connection is lost, either due to setting errors or other technical errors, the configuration has been done in safe-mode conditions will be lost, and the router configuration before going back to the safe-mode configuration. If the configuration is in accordance with what we expect, we simply disable safe-mode to save the configuration that has been made in safe-mode. At the time of configuration in safe-mode, it does not mean then rule made not run the router. Rule still run by routers, only stored temporarily. System history routers store a maximum of 100 commands, so if the rule made in safe-mode too much (more than 100), then the router automatically right out of the safe-modes and configurations that have been made will be saved.

Safe-mode feature can be run using the console, SSH or telnet remote eg, safe-mode can be activated by pressing [CTRL] + [X]. Then to save the configuration and exit from safe-mode, press the [CTRL] + [X]. To get out of safe-mode without saving the configuration, press [CTRL] + [D].

If, while safe-mode setting error occurs resulting in the remote router can not, then the router will ignore the configuration is done in safe-mode, and back to the safe-mode configuration before in approximately 9 minutes (TCP Connection Time Out). It is rather long, but it would be better than having to location of the router if it turns out the router is in another city. In Winbox, also provide the safe-mode, but safe-mode feature on the Winbox is still in the development stage, we also find themselves alone safe mode does not work optimally when used as the console. Undo & Redo

MikroTik also features Undo & Redo, have almost the same function with Undo & Redo we often use the Word application instance. Undo function is used to cancel / delete configurations just done, if it does not work as we would like, or there is an error rule. While Redo function to restore a deleted configuration / Undo lost due process. To use the Undo & Redo konsidi not have to be in safe-mode, the usual condition of these features can also be run. Undo & Redo button position on the Winbox located under the tittle bar with turn arrows icon.

If we want to Undo or Redo while we're remotely via console, ssh for example, Undo and Redo can still run with the command console. Simply type the command:

Then to find out what configuration can Undo or Redo. Can be seen through the console with the command: / system history print

And configuration information will appear on the right flag. Flag U (undoable) meaning that the configuration can be canceled. Flag R (Redoable) meaning that the configuration can be restored after deleted by the Undo process. 

http://freakscontent.blogspot.com/ 

Creating Proxy Server Ubuntu

Creating Proxy Server Ubuntu

about proxy servers? Want to create a proxy server? Need not ask the professionals make it, just follow these references as needed later improvasi proxy sure you can walk properly. I do not discuss in-depth about the proxy server, please use other references for better understanding. I suggest you read the introduction squid diwebsite official. In theory, the proxy has the main function caching, filtering and authentication (pembasan leads to this function)

I wrote this documentation when creating a proxy server using Squid in Ubuntu 8.04-based gateway machine with 2 ethernet card is eth0 and eth1 for the internet connection to the local network. Here's how I do.
Making Ubuntu 8.04 Server Proxy with squid
1. Install ubuntu proxy package
root @ geek: ~ # apt-get install squid
Make sure there is no error during the installation process. If not connected to the Internet should use ubuntu cd repository. But remember to test the proxy goes well will still need an internet connection.

2. Configuring squid proxy
- Do not forget to backup orginal proxy configuration file
root @ geek: ~ # cp / etc / squid / squid.conf / etc / squid / squid.conf.orig
- Create a directory proxy swap
root @ geek: ~ # mkdir / data / proxy
- Set Directory Permissions
root @ geek: ~ # chown proxy.proxy-R / data / proxy
chmod 750-R / data / proxy
- The configuration file squid.conf
root @ geek: ~ # vim / etc / squid / squid.conf
http_port 8080
hierarchy_stoplist cgi-bin?
cache_effective_user proxy
cache_effective_group proxy
cache_dir ufs / data / proxy 1000 16 256
access_log / var / log / squid / access.log squid
cache_mgr gue@wevils.com
visible_hostname www.wevils.com
acl QUERY urlpath_regex cgi-bin \?
no_cache deny QUERY
acl all src all
acl manager proto cache_object
acl localhost src 127.0.0.1/32
to_localhost acl dst 127.0.0.0 / 8
acl intranet src 192.168.10.0/24
acl blokporno dstdomain "/ etc / squid / block-url.txt"
url_regex blokkeyword acl-i "/ etc / squid / block-keyword.txt"
SSL_ports acl port 443 # https
SSL_ports acl port 563 # sNews
SSL_ports acl port 873 # rsync
acl Safe_ports port 80 # http
acl Safe_ports port 21 # ftp
acl Safe_ports port 443 # https
acl Safe_ports port 70 # gopher
acl Safe_ports port 210 # wais
acl Safe_ports port 1025-65535 # unregistered ports
acl Safe_ports port 280 # http-mgmt
acl Safe_ports port 488 # GSS-http
acl Safe_ports port 591 # filemaker
acl Safe_ports port 777 # http multiling
acl Safe_ports port 631 # cups
acl Safe_ports port 873 # rsync
acl Safe_ports port 901 # SWAT
acl purge method PURGE
acl CONNECT method CONNECT
http_access allow manager localhost
http_access deny manager
http_access allow purge localhost
http_access deny purge
http_access deny! Safe_ports
http_access deny CONNECT! SSL_ports
http_access allow localhost
http_access deny blokporno
http_access deny blokkeyword
http_access allow intranet
http_access deny all
icp_access deny all
refresh_pattern ^ ftp:1440 20% 10080
refresh_pattern ^ gopher: 1440 0% 1440
refresh_pattern-i (/ cgi-bin / | \?) 0 0% 0
refresh_pattern. 0 20% 4320
acl apache rep_header Server ^ Apache
broken_vary_encoding allow apache
extension_methods REPORT MERGE MKACTIVITY CHECKOUT
hosts_file / etc / hosts
coredump_dir / var / spool / squid

Save and exit

- Create a list of sites that are blocked
root @ geek: ~ # vim / etc / squid / block-url.txt
www.yahoo.com
- Create a list of keywords that are blocked
root @ geek: ~ # vim / etc / squid / block-keyword.txt
porn
sex
- Create swap directories
root @ geek: ~ # squid-z
Attention:
- Setting up a proxy on port 8080 where the default proxy port 3128

3. Restarting service squid
root @ geek: ~ # / etc / init.d / squid restart

4. Testing in client
- Change the settings of the browser to use a proxy
Tools ~ Options ~ ~ Tab Advance Network
- Enter the proxy IP address and port to remember 8080
- Testing Browsing
www.yahoo.com
If Appears Error messeges like this means that the proxy is running well.
ERROR
The requested URL could not be retrieved
If you want more convincing check squid proxy logs while browsing on client
root @ geek: ~ # tail-f / var / log / squid / access.log
Note the running processes.

5. Transparent Proxy
Technique is to use a proxy server without the need to setup a proxy server ip and port in every browser on the client, this is because the essence of the word transparent proxy ip address and port are not visible in the browser client. This technique is very easy because the ip forwarding quite a redirect request that leads to the port 80 as the default port currently browsing process occurs. Port 80 is quite redirected to proxy port 8080 then we use that all the connections in the forced past the proxy server machine we make.
- Add transparent settings in squid.conf
http_port 8080 transparent
- Redirect port 80 (webserver) to 8080 (proxy server)
Redirect all requests that lead to port 80 to the proxy port that we created is 8080. We use iptables
root @ geek: ~ # iptables-t nat-A PREROUTING-p tcp - dport 80-j REDIRECT - to-port 8080
Make sure the ip forward on your proxy machine is already active. Make sure the value 1 in the file / proc/sys/net/ipv4/ip_forward. If not should be enabled as it will be useless ..
root @ geek: ~ # echo 1> / proc/sys/net/ipv4/ip_forward

Here are the results of a new rule that I enter
root @ geek: ~ # iptables-t nat-nL
Chain PREROUTING (policy ACCEPT)
the target prot opt source destination
REDIRECT tcp - 0.0.0.0 / 0 0.0.0.0 / 0 tcp dpt: 80 redir ports 8080
- Restart Squid
root @ geek: ~ # / etc / init.d / squid restart
- Testing
If previously in a browser client we still manual setup ipaddress and port it is now with the active proxy transparent proxy need not be bothered to setup one-on-one. Let the network settings in the browser without a proxy or select auto-detect should go well.

Up here a simple proxy functionality that is already well underway caching and filtering functions. So enjoy it ..
May be useful!

USB Tethering Android in Mikrotik

USB Tethering Android in Mikrotik

RouterOS 6.7 update, in addition to improvements to the previous feature, there is an interesting additional feature. In this v.6.7 RouterOS, MikroTik support for USB tethering Android interface. Changelog can be seen in the RouterOS version 6 here: http://www.mikrotik.com/download/CHANGELOG_6

Tethering is a way to share the internet connection from one device to another device, such as Internet connection sharing from smartphones to other devices such as laptops. Sharing media connection can use bluetooth, wireless, or USB cable. In the context of this article, we are going to do internet sharing from Android smartphones to Mikrotik router using a USB cable media.

First, we must prepare RouterBoard USB port having. In this experiment we mengguankan RB751U-2HnD. Do not forget to upgrade to first-2HnD RB751U using ROS version 6.7. After the upgrade process is complete, prepare your Android gadget. In this experiment we tried several brands of hardware with Android versions 2.3.x and 4.1.x.

As we know in advance, the RouterBoard USB port can be used for external storage or connected with modems. This time, we connect Android gadgets via USB cable to the RouterBoard. Then enable USB Tethering on Android gadgets. Here's a way to disable tethering feature in Android 4.1 version.

If you are using android with a different version, perhaps also a little different setting. The next step, we are going to do some settings in the RouterBoard. Tethering android in Mikrotik is a little different than when we use the 3G modem. If 3G modem using PPP service, while Android tethering, in Mikrotik will be read as LTE interfaces.

The LTE interfaces will automatically appear when the USB tether is activated in the Android gadgets. Here we do not need to enter a username and password to connect to the internet. Actually, when tethering is enabled, Android provides a DHCP server, including DNS information, and so on. The next step in the RouterBOARD enable DHCP Client interface with parameters leading to the Android (LTE interfaces).

If it is, wait until the status of the router DHCP client turned into a bound, meaning that the router got managed to get the IP address information of Android gadgets.

Step - a step above almost equal to the Basic Mikrotik Configuration steps using a public interface that is both dynamic (DHCP Client). If the state had successfully "bound", then check the router DNS, DNS information if it can or not. If so, check the "allow remote request".

Also check the Default Gateway Router, if it gets information gateway from the DHCP or not. If it is, checks can be done by performing ping from router to the Internet.

Up to this point, been able to internet router. We live setting for distribution in the direction of the client. Put the IP address on the interface that leads to the local network. Do not forget to also make the NAT so that the Client PCs can access the internet.

If all the above steps have been performed. Further checks on the client side by trying to ping the internet. The advantages of using this Android tethering, no special settings for the type and brand of gadgets. The main requirement, using RouterOS Mikrotik Router v.6.7 and above.