Category Archives: Networking

OSPF routing between Ubuntu and CentOS using Quagga

Topology:

Scenario:

  • Routers: 1 Ubuntu Linux with 2 nics, 1 Centos Linux with 2 nics.
  • Clients: 2 Windows 7 with 1 nic.

IP Details:

All the Routers in this scenario have a default password of “zebra“.

UbuntuRouter:

  • eth0: 192.168.10.1/24
  • eth1: 10.10.10.1/24

CentOSRouter:

  • eth0: 192.168.10.2/24
  • eth1: 172.16.10.1/24

Clients:

  • Dektop: 172.16.10.50/24
  • Laptop: 10.10.10.50/24

Read more of this post

Advertisements

How to block facebook in Mikrotik using L7 Protocols (Layer 7)

In Some Scenarios , We May need to Block Facebook Social Website or some others …In this tutorial, I will show you, how to achieve this goal using L7 (Layer7).

This tutorial consists of two parts:

1- Block facebook website for everyone on local network.

2- Allow facebook for specific host(s) and block for others on local network.

1- Block facebook website for everyone on local network.

First we check that Facebook is currently working on our local network or not?

Check the IP address of our client?

We need to create new Regexp rule at Layer7 Protocols, in order to block the facebook for our local network.

To achieve this goal, please follow these steps:

^.+(facebook.com).*$

Now, we need to create Filter Rule, using these steps:

Now test the rule, that we just created:

Try also on 2nd client (172.16.10.199/24):

Check that it only block facebook or other websites also?

Oh yes, our rule is working perfectly 🙂

2- Allow facebook for specific host(s) and block for others on local network.

Now, we want to allow facebook for 2nd client (172.16.10.199/24) but still want to block it for other host(s).

To accomplish this goal, we need to create a second Filter rule, to do this, please follow these steps:

Move this rule at the top:

Test this rule on 2nd client (172.16.10.199/24):

Verify the rule on Mikrotik:

Verify that, facebook is still blocked for other host(s) on the local network:

Verify the rule(s) on Mikrotik:

Drop packets rate are incremented!

We can do the same for youtube or any other website!

Hope this will help you!

Please Remember me in your prayers!

Enjoy 🙂

How to hard reset the Linksys Router!

Today, when i try to access the Linksys WRT120N wireless router  by using it’s default ip http://192.168.1.1,  it took me to the recovery console. It was doing so because the firmware in the router had developed some error & it was asking to replace the firmware for it.

Please follow these steps to fix this problem:

1. Let’s start pressing the RESET button with the power cable connected to the device.

2. After 30 seconds to Step 1, disconnect the power cable without releasing the reset button.

3. After 30 seconds to Step 2, reconnect the power cable without releasing the reset button.

4. After 30 seconds to Step 3, release the reset button.

5. Disconnect the power cable from the unit & reconnect it after another 30 seconds.

Hope this will help you!

Please Remember me in your prayers!

Configure Mikrotik DHCP to assign ip address to only authorized client(s)

Scenario:

Mikrotik is working as dhcp, dns, and default gateway for local network.

Extra Requirement:

Mikrotik only assign ip address(es) to authorized client(s) in our local network!

Here are the steps to achieve this requirement:

Connect to the Mikrotik router using it’s ip address through web browser:

Click on the button, select the ip address of Mikrotik, enter username and password, then click Connect:

IP —>DHCP Server

From the Leases tab, select the client(s), which are authorized to take ip address from Mikrotik router (in future) and then click Make Static:

Move to the DHCP tab and double-click on the DHCP Server and select the static-only from Address Pool drop down menu:

After that, only authorized client(s) will get ip address from Mikrotik. If you want that new client get an ip address from Mikrotik, then you can select the dhcp_pool1 from Address Pool drop down menu. After that Mikrotik will assign an ip address to new client, make this ip address to static (as described above) and select static-only again in order to disallow ip address assignment to unknown client(s).

Hope this will help you!

Please Remember me in your prayers!

Mikrotik as Gateway

Note: This is not the best tutorial on Mikrotik, but it is one of easiest tutorial to configure Mikrotik as gateway 🙂

Scenario:

In this scenario, Mikrotik will work as dhcp, dns, and default gateway for local network.

Local Network : 172.16.10.0/24

Public: 192.168.1.0/24 (In this scenario)

I assume that you already install the fresh copy of mikrotik  on any low end (P III, P IV or whatever) machine. Default username is “admin” and there is no password , by default.

Login to the Mikrotik router:

After login, you will see the screen something like this:

After login, first thing we need to do is to change password:

password

Check the interface(s) Setting by using this command:

interface print

Change the interface(s )name by using these commands:

interface set 0 name=WAN
interface set 1 name=LAN

Now, check the interface(s) again:

interface print

Assign the ip address to LAN interface:

ip address add address=172.16.10.1/24 interface=LAN

Assign the ip address to WAN interface:

ip address add address=192.168.1.169/24 interface=WAN

Now, check the ip address setting:

ip address print

Add the default route using this command:

ip route add gateway=192.168.1.1

Check the routing table:

ip route print

DNS setup on Mikrotik:

ip dns set primary-dns=8.8.8.8 secondary-dns=4.2.2.2
ip dns set allow-remote-requests=yes 

DNS settings check:

ip dns print

DHCP Configuration:

ip dhcp-server setup

Configuration of NAT on Mikrotik:

ip firewall nat add chain=srcnat action=masquerade out-interface=WAN

Testing from one of the Local Network’s Client:

Hope this will help you!

Please Remember me in your prayers!

Increase bandwidth by disabling QoS in Windows 7

Open Group Policy Management Console:

gpedit.msc

Navigate to Local Computer Policy > Administrative Templates > Network > QOS Packet Scheduler , then on the right window, click the Limit reservable bandwidth setting and select the Edit:

On the setting tab, check the enabled setting, and Where it says “Bandwidth limit %“, change it to 0:

Now, Open up the Network Connections:

ncpa.cpl

Right-click on the connection and select Properties :

Make sure QOS Packet Scheduler is enabled:

Hope this will help you!

Please Remember me in your prayers!

How to Enable Telnet Client on Windows 7

Telnet Client allows a computer to connect to a remote Telnet server and run applications on that server. Once logged on, a user is given a command prompt that can be used as if it had been opened locally on the Telnet server’s console. Commands that you type at the Telnet client command prompt are sent to the Telnet Server and executed there, as though you were locally logged on to a command prompt session at the server. Output from the commands that you run are sent back to the Telnet client where they are displayed for you to view.

When you first try to run a telnet command, Windows will informs you that telnet is not recognized as a command:

To enable Telnet Client on Windows 7, just follow these simple steps :

To confirm that Telnet  Client is installed Successfully: 

Real Life Test: I will connect to my DSL Modem to confirm that it is working properly!

Hope this will help you!

Please Remember me in your prayers!

How to Configure Cisco Router with DSL (PTCL)!

In this tutorial, we will configure the cisco(3640) router as a gateway for our LAN. It takes IP setting from DSL (PTCL) Modem through dhcp, in order to access the Internet. This router also act as the DHCP and DNS Server for LAN!

In first step, we will configure fa0/0 interface to take the ip address from DSL Modem:

interface fa0/0
ip address dhcp
no shut

Next, we configure the ip address on fa1/0 interface:

interface fa1/0
ip address 10.10.10.1 255.255.255.0
no shut

Verify the ip address and interface(s) status:

show ip int brief

Now, we will configure this router as dhcp server in order to serve ip address settings to our LAN, we will use the 10.10.10.0/24 network, in which 10.10.10.1 will be the default gateway and dns:

service dhcp
ip dhcp excluded-address 10.10.10.1 10.10.10.20
ip dhcp pool LAN-Pool
 network 10.10.10.0 255.255.255.0
 default-router 10.10.10.1
 dns-server 10.10.10.1
 domain-name home.lan
 import all

Verify that our dhcp server, serves the ip address to LAN:

show ip dhcp binding

Now, we will configure the DNS setting on our router in order to provide DNS services to our network, and make all clients use it as a DNS server:

ip dns server
ip name-server 192.168.1.1
ip domain-lookup

Next step is to configure the NAT on our router, for this, we need to define  the inside and outside interfaces, fa0/0 is connected to the Internet, so it is outside while fa1/0 is connected to the internal network, so it is  inside!

interface FastEthernet0/0
ip nat outside
interface FastEthernet1/0
ip nat inside

Now,we need to create an ACL that will include local network(10.10.10.0/24)!

Next, we need to enable NAT overload and bind it to the outside interface:

Test from one of the LAN’s client:

Verify the NAT status on our cisco router:
show ip nat translations 

Hope this will help you!

Please Remember me in your prayers!

Configure SSH on Cisco router

This short tutorial will show you, how to configure the ssh on Cisco router!

First make sure that at least your router has hostname, to assign the hostname, use this command:

hostname tendoRouter

where tendoRouter, is my router name, you can assign whatever you like!

To check that ssh is enabled or not, use this command:

show ip ssh

SSH is disabled on this router!

Next, we need to configure the domain name on our router:

ip domain-name homelab.lan

where homelab.lan is my domain name, you can use according to your requirement/environment!

Now,generate a 2048 bit RSA key (it will take sometime, depend on the processing power of the router):

crypto key generate rsa general-keys modulus 2048 

Now, configure the router to accept the ssh logins:

line vty 0 4
login local
transport input ssh

Next step is to create an account on local router’s database in order to use it for authenticating to the device:

username arbab privilege 15 secret cisco

where “arbab” is a username and “cisco” is a password, you need to change it according to your need’s!

Verify that ssh is enabled now?

show ip ssh

Yes, it is enabled 🙂

Connect to router with ssh using PuTTY!

Enter the ip address of your router:

Accept the Security Certificate!

Enter the username and password:

Hurry, we are login to the router with ssh 🙂

Hope this will help you!

Please Remember me in your prayers!

InterVLAN Routing using CentOS with 1 Interface

Scenario:
  • Router: CentOS Server with 1 network card.
  • Clients: 2 WindowsXP in VLAN10,1 Ubuntu and 1 CentOS in VLAN20.
  • Switch: Cisco 2960
Cisco 2960 Switch Configuration:
interface FastEthernet0/1
description CONNECTED TO CentOS ROUTER
switchport mode trunk
!
!
!
interface FastEthernet0/5
description WINXP-1
switchport access vlan 10
switchport mode access
!
interface FastEthernet0/6
description WINXP-2
switchport access vlan 10
switchport mode access
!
!
!
interface FastEthernet0/15
description UBUNTU CLIENT
switchport access vlan 20
switchport mode access
!
interface FastEthernet0/16
description CentOS CLIENT
switchport access vlan 20
switchport mode access
CentOS Router Configuration:

First, we need to disable the SELinux:

sudo nano /etc/selinux/config

Change SELINUX from enforcing to disabled:

To configure the base interface(in my case, eth0):

sudo nano /etc/sysconfig/network-scripts/ifcfg-eth0

It should have at least the following elements:

DEVICE=eth0 
BOOTPROTO=none   #if it didn’t work then use static
ONBOOT=yes 
TYPE=Ethernet

To setup a VLAN10, on eth0, then we should create a file ifcfg-vlan10 inside /etc/sysconfig/network-scripts/:

ifcfg-vlan10 should have following elements:

Again to setup a VLAN20, on eth0, then we should create a file ifcfg-vlan20 inside /etc/sysconfig/network-scripts/:

ifcfg-vlan20 should have following elements:

To enable ip forwarding, edit /etc/sysctl.conf file:

sudo nano /etc/sysctl.conf

Change net.ipv4.ip_forward from 0 to 1:

Restart the Networking service:

sudo service network restart

Use the ifconfig command to check the newly created vlan interfaces:

ifconfig

To forward the traffic between the vlans, we should configure the iptables:

sudo nano /etc/sysconfig/iptables

Add these two lines (place them according to your iptables file configuration):

-A FORWARD -i vlan10 -o vlan20 -m state --state NEW,RELATED,ESTABLISHED -j ACCEPT
-A FORWARD -i vlan20 -o vlan10 -m state --state NEW,RELATED,ESTABLISHED -j ACCEPT

Test from WinXP-1:

Test from WinXP-2:

Test from Ubuntu Client:

Test from CentOS Client:

 

Hope this will help you!

 

Please Remember me in your prayers!


%d bloggers like this: