Wednesday, November 20, 2013

# No-IP automatic Dynamic DNS update
#--------------- Change Values in this section to match your setup ------------------
# No-IP User account info
:local noipuser "username/email"
:local noippass "password"
# Set the hostname or label of network to be updated.
# Hostnames with spaces are unsupported. Replace the value in the quotations below with your host names.
# To specify multiple hosts, separate them with commas.
:local noiphost "thamada.no-ip.biz"
# Change to the name of interface that gets the dynamic IP address
:local inetinterface "fttx"
#------------------------------------------------------------------------------------
# No more changes need
:global previousIP
:if ([/interface get $inetinterface value-name=running]) do={
# Get the current IP on the interface
   :local currentIP [/ip address get [find interface="$inetinterface" disabled=no] address]
# Strip the net mask off the IP address
   :for i from=( [:len $currentIP] - 1) to=0 do={
       :if ( [:pick $currentIP $i] = "/") do={
           :set currentIP [:pick $currentIP 0 $i]
       }
   }
   :if ($currentIP != $previousIP) do={
       :log info "No-IP: Current IP $currentIP is not equal to previous IP, update needed"
       :set previousIP $currentIP
# The update URL. Note the "\3F" is hex for question mark (?). Required since ? is a special character in commands.
       :local url "http://dynupdate.no-ip.com/nic/update\3Fmyip=$currentIP"
       :local noiphostarray
       :set noiphostarray [:toarray $noiphost]
       :foreach host in=$noiphostarray do={
           :log info "No-IP: Sending update for $host"
           /tool fetch url=($url . "&hostname=$host") user=$noipuser password=$noippass mode=http dst-path=("no-ip_ddns_update-" . $host . ".txt")
           :log info "No-IP: Host $host updated on No-IP with IP $currentIP"
       }
   }  else={
       :log info "No-IP: Previous IP $previousIP is equal to current IP, no update needed"
   }
} else={
   :log info "No-IP: $inetinterface is not currently running, so therefore will not update."
}
Posted by at No comments:

Monday, November 18, 2013

Create two simple queues for the same network with different Bandwidth Limit.

Limit Different Bandwidth In Day and Night.
There are lot many ways to limit bandwidth for day and Night, but personally I found this is the easiest way, Here it is.
I have used Simple Queue, Script and Scheduler.
Suppose we have one network 192.168.1.0/24 and want to limit Bandwidth for day and Night Time. 
Network 192.168.1.0/24
Bandwidth = 06:00am – 18:00pm – 1Mbps. <Max-Limit>
Bandwidth = 18:00pm – 06:00am – 2Mbps. <Max-Limit>
Create two simple queues for the same network with different Bandwidth Limit. 
/queue simple
#name=”Day” target-addresses=192.168.1.0/24 dst-address=0.0.0.0/0
interface=<ether-x> parent=none direction=both priority=8 
queue=default-small/default-small limit-at=512k/512k 
max-limit=1M/1M total-queue=default-small

#name=”Night” target-addresses=192.168.1.0/24 dst-address=0.0.0.0/0
interface=<ether-x> parent=none direction=both priority=8
queue=default-small/default-small limit-at=1M/1M 
max-limit=2M/2M total-queue=default-small
Now, write scripts 
/system script
#name=”Day” source=/queue simple enable Day; /queue simple disable Night

#name=”Night” source=/queue simple enable Night; /queue simple disable Day
Finally, Schedule it 
/system scheduler
#name=”Day” on-event=Day policy=read,write start-date=oct/13/2007 start-time=06:00:00 interval=1d

#name=”Night” on-event=Night policy=read,write start-date=oct/13/2007 start-time=18:00:00 interval=1d
Posted by at No comments:

Sunday, November 17, 2013

Pfsense Voucher Code 

[2.0.1-RELEASE][admin@pfsense.example.org]/root(32): time openssl genrsa 31 > key.private
Generating RSA private key, 31 bit long modulus
.+++++++++++++++++++++++++++
.+++++++++++++++++++++++++++
e is 65537 (0x10001)
0.052u 0.015s 0:00.09 66.6% 552+628k 0+2io 0pf+0w
[2.0.1-RELEASE][admin@pfsense.example.org]/root(33): time openssl rsa -pubout < key.private > key.public
writing RSA key
0.021u 0.021s 0:00.04 100.0% 552+570k 0+1io 0pf+0w
[2.0.1-RELEASE][admin@pfsense.example.org]/root(34): cat key.private
-----BEGIN RSA PRIVATE KEY-----
MCwCAQACBQCDnyRNAgMBAAECBAF3ThkCAwDwawIDAIwnAgMAmOMCAkxrAgJ5fg==
-----END RSA PRIVATE KEY-----
[2.0.1-RELEASE][admin@pfsense.example.org]/root(36): cat key.public 
-----BEGIN PUBLIC KEY-----
MCAwDQYJKoZIhvcNAQEBBQADDwAwDAIFAIOfJE0CAwEAAQ==
-----END PUBLIC KEY-----
Posted by at No comments:

Wednesday, November 13, 2013

Mikrotik Scripts

Block Website except

/ip proxy access
add dst-host=www.yahoo.com action=allow
add dst-host=yahoo.com action=allow
add dst-address=0.0.0.0/0 action deny

Transparent Proxy Setting
ip firewall nat add in-interface=ether1 dst-port=80 protocol=tcp action=redirect to-ports=8080 chain=dstnat 
ip proxy set enabled=yes port=8080
Posted by at No comments:

Wednesday, May 22, 2013

Setup Mail Server using Postfix, Dovecot and SquirrelMail in CentOS/RHEL/Scientific Linux 6.3 step by step

This blog is copy from http://ostechnix.wordpress.com

Before install postfix, remove sendmail from the server. Because sendmail is the default MTA in Redhat/CentOS.
[root@server ~]# yum remove sendmail

Prerequisites:

  • The mail server should contain a valid MX record in the DNS server. Navigate to this link how to setup DNS server.
  • Firewall and SELinux should be disabled.
[root@server ~]# service iptables stop
[root@server ~]# service ip6tables stop
[root@server ~]# chkconfig iptables off
[root@server ~]# chkconfig ip6tables off
[root@server ~]# vi /etc/selinux/config
# This file controls the state of SELinux on the system.
# SELINUX= can take one of these three values:
#     enforcing - SELinux security policy is enforced.
#     permissive - SELinux prints warnings instead of enforcing.
#     disabled - No SELinux policy is loaded.
SELINUX=disabled# SELINUXTYPE= can take one of these two values:
#     targeted - Targeted processes are protected,
#     mls - Multi Level Security protection.
SELINUXTYPE=targeted
Reboot the server.

Scenario

In this tutorial my test box
Hostname     = server.ostechnix.com
IP Address    = 192.168.1.200/24
And my server is configured with proper MX record in DNS server.

Installation

Postfix is installed by default. If it is not installed, use the below command to install postfix.
[root@server ~]# yum install postfix

Configuration

Open the postfix config file /etc/postfix/main.cf. Find the below lines and edit them as shown below.
[root@server ~]# vi /etc/postfix/main.cf
myhostname = server.ostechnix.com ##line no 75 - uncomment and enter your host name
mydomain = ostechnix.com  ##line no 83 - uncomment and enter your domain name 
myorigin = $mydomain  ##line no 99 - uncomment
inet_interfaces = all  ##line no 116 - change to all
mydestination = $myhostname, localhost.$mydomain, localhost, $mydomain  ##line no 164 - add $domain at the end
mynetworks = 192.168.1.0/24, 127.0.0.0/8  ##line no 264 - uncomment and add your network range
home_mailbox = Maildir/  ##line no 419 - uncomment
Start the postfix service.
[root@server ~]# service postfix start
Starting postfix:                                          [  OK  ]
[root@server ~]# chkconfig postfix on

Test Postfix

The commands shown in bold letters should be entered by the user. 
Note: The dot after the test command is important.
[root@server ~]# telnet localhost smtp
Trying ::1...
Connected to localhost.
Escape character is '^]'.
220 server.ostechnix.com ESMTP Postfix
ehlo localhost
250-server.ostechnix.com
250-PIPELINING
250-SIZE 10240000
250-VRFY
250-ETRN
250-ENHANCEDSTATUSCODES
250-8BITMIME
250 DSN
mail from:<user1>
250 2.1.0 Ok
rcpt to:<user1>
250 2.1.5 Ok
data
354 End data with <CR><LF>.<CR><LF>
test
.
250 2.0.0 Ok: queued as 117113FF18
quit
221 2.0.0 Bye
Connection closed by foreign host.

Check Mail

Navigate to the user mail directory and check for the new mail.
[root@server ~]# cd /home/user1/Maildir/new/[root@server new]# ls
1360236956.Vfd00I35afM181256.server.ostechnix.com
[root@server new]# cat 1360236956.Vfd00I35afM181256.server.ostechnix.com Return-Path: <user1@ostechnix.com>
X-Original-To: user1
Delivered-To: user1@ostechnix.com
Received: from localhost (localhost [IPv6:::1])
 by server.ostechnix.com (Postfix) with ESMTP id 117113FF18
 for <user1>; Thu,  7 Feb 2013 17:05:32 +0530 (IST)
Message-Id: <20130207113547.117113FF18@server.ostechnix.com>
Date: Thu,  7 Feb 2013 17:05:32 +0530 (IST)
From: user1@ostechnix.com
To: undisclosed-recipients:;
test
Thats it. Postfix working now.

Install Dovecot

[root@server ~]# yum install dovecot

Configure Dovecot

Open the dovecot config file /etc/dovecot/dovecot.conf. Find and uncomment the line as shown below.
[root@server ~]# vi /etc/dovecot/dovecot.conf
protocols = imap pop3 lmtp
Open the file /etc/dovecot/conf.d/10-mail.conf and uncomment the line as shown below.
[root@server ~]# vi /etc/dovecot/conf.d/10-mail.conf
mail_location = maildir:~/Maildir  ##line no 24 - uncomment
Open the /etc/dovecot/conf.d/10-auth.conf and edit as shown below.
[root@server ~]# vi /etc/dovecot/conf.d/10-auth.conf
disable_plaintext_auth = no  ##line no 9 - uncomment and change from yes to no.
auth_mechanisms = plain login  ##line no 97 - add the text "login"
Open the /etc/dovecot/conf.d/10-master.conf and edit as shown below.
unix_listener auth-userdb {
    #mode = 0600
    user = postfix  ##line no 83 - uncomment and enter postfix
    group = postfix  ##line no 84 - uncomment and enter postfix
Start the dovecot service.
[root@server ~]# service dovecot start
Starting Dovecot Imap:                                     [  OK  ]
[root@server ~]# chkconfig dovecot on

Test Dovecot

The commands shown in bold should be entered by the user.
[root@server ~]# telnet localhost pop3
Trying ::1...
Connected to localhost.
Escape character is '^]'.
+OK Dovecot ready.
user user1
+OK
pass user1
+OK Logged in.
list
+OK 1 messages:
1 428
.
retr 1
+OK 428 octets
Return-Path: <user1@ostechnix.com>
X-Original-To: user1
Delivered-To: user1@ostechnix.com
Received: from localhost (localhost [IPv6:::1])
 by server.ostechnix.com (Postfix) with ESMTP id 117113FF18
 for <user1>; Thu,  7 Feb 2013 17:05:32 +0530 (IST)
Message-Id: <20130207113547.117113FF18@server.ostechnix.com>
Date: Thu,  7 Feb 2013 17:05:32 +0530 (IST)
From: user1@ostechnix.com
To: undisclosed-recipients:;
test
.
quit 
+OK Logging out.
Connection closed by foreign host.
[root@server ~]# 
Dovecot is working now.

Install Squirrelmail

Install EPEL repository first. And install SquirrelMail package from EPEL repository.
[root@server ~]# wget http://dl.fedoraproject.org/pub/epel/6/i386/epel-release-6-8.noarch.rpm
[root@server ~]# rpm -ivh epel-release-6-8.noarch.rpm 
[root@server ~]# yum install squirrelmail
[root@server ~]# service httpd start
Starting httpd:                                            [  OK  ]
[root@server ~]# chkconfig httpd on
[root@server ~]# 

Configure Squirrelmail

Go to the squirrelmail config directory and use the command ./conf.pl to start configure as shown below.
[root@server ~]# cd /usr/share/squirrelmail/config/
[root@server config]# ./conf.pl 
SquirrelMail Configuration : Read: config.php (1.4.0)
---------------------------------------------------------
Main Menu --
1.  Organization Preferences
2.  Server Settings
3.  Folder Defaults
4.  General Options
5.  Themes
6.  Address Books
7.  Message of the Day (MOTD)
8.  Plugins
9.  Database
10. Languages
D.  Set pre-defined settings for specific IMAP servers
C   Turn color off
S   Save data
Q   Quit
Command >>1 
Select option 1 and set organization details. 
SquirrelMail Configuration : Read: config.php (1.4.0)
---------------------------------------------------------
Organization Preferences
1.  Organization Name      : Ostechnix
2.  Organization Logo      : ../images/sm_logo.png
3.  Org. Logo Width/Height : (308/111)
4.  Organization Title     : Welcome to Ostechnix webmail
5.  Signout Page           : 
6.  Top Frame              : _top
7.  Provider link          : http://ostechnix.com
8.  Provider name          : Ostechnix
R   Return to Main Menu
C   Turn color off
S   Save data
Q   Quit
Command >>R 
Press R to return main menu and select option 2. Enter your domain name and select dovecot in the Sendmail or SMTP parameter. 
SquirrelMail Configuration : Read: config.php (1.4.0)
---------------------------------------------------------
Server Settings
General
-------
1.  Domain                 : ostechnix.com
2.  Invert Time            : false
3.  Sendmail or SMTP       : SMTP
A.  Update IMAP Settings   : localhost:143 (uw)
B.  Update SMTP Settings   : localhost:25
R   Return to Main Menu
C   Turn color off
S   Save data
Q   Quit
Command >> S
Once you done, press S to save datas and press Q to exit.
Add the following lines in the httpd.conf file at the end.
[root@server ~]# vi /etc/httpd/conf/httpd.conf
Alias /squirrelmail /usr/share/squirrelmail
<Directory /usr/share/squirrelmail>
    Options Indexes FollowSymLinks
    RewriteEngine On
    AllowOverride All
    DirectoryIndex index.php
    Order allow,deny
    Allow from all
</Directory>
Restart the httpd service. 
[root@server ~]# service httpd restart
Stopping httpd:                                            [  OK  ]
Starting httpd:                                            [  OK  ]
[root@server ~]# 

Create Users

[root@server ~]# useradd user1
[root@server ~]# useradd user2
[root@server ~]# passwd user1
[root@server ~]# passwd user2
Open the browser from any clients. Type the following in the address bar.
http://serveripaddress/webmail
or
http://yourdomainname/webmail
Now let us compose a mail from user1 to user2. Refer a below screenshot.
Then sign-out and sign-in back from user2. 
Thats it. We have got a mail from user1. If you have any issues in the configuration, post them in the comment section.
Have a good day.
Posted by at No comments:

Monday, May 6, 2013

Can't Login Shared Folder

Local Security Policy - secpol.msc
Local Policy --> Security Option -->Network Security : Lan Manager Authen....


Posted by at No comments:

Mikrotik Dual WAN

/ip firewall mangle
add chain=input in-interface=WAN1 action=mark-connection new-connection-mark=WAN1_conn
add chain=input in-interface=WAN2 action=mark-connection new-connection-mark=WAN2_conn

add chain=output connection-mark=WAN1_conn action=mark-routing new-routing-mark=to_WAN1
add chain=output connection-mark=WAN2_conn action=mark-routing new-routing-mark=to_WAN2

add chain=prerouting dst-address=192.168.1.0/24 action=accept in-interface=Local
add chain=prerouting dst-address=10.50.30.208/29 action=accept in-interface=Local

add chain=prerouting dst-address-type=!local in-interface=Local per-connection-classifier=both-addresses-and-ports:2/0 action=mark-connection new-connection-mark=WAN1_conn passthrough=yes
add chain=prerouting dst-address-type=!local in-interface=Local per-connection-classifier=both-addresses-and-ports:2/1 action=mark-connection new-connection-mark=WAN2_conn passthrough=yes

add chain=prerouting connection-mark=WAN1_conn in-interface=Local action=mark-routing new-routing-mark=to_WAN1
add chain=prerouting connection-mark=WAN2_conn in-interface=Local action=mark-routing new-routing-mark=to_WAN2

/ip route
add dst-address=0.0.0.0/0 gateway=192.168.1.1 routing-mark=to_WAN1 check-gateway=ping
add dst-address=0.0.0.0/0 gateway=10.50.30.209 routing-mark=to_WAN2 check-gateway=ping

add dst-address=0.0.0.0/0 gateway=192.168.1.1 distance=1 check-gateway=ping
add dst-address=0.0.0.0/0 gateway=10.50.30.209 distance=2 check-gateway=ping

/ip firewall nat
add chain=srcnat out-interface=WAN1 action=masquerade
add chain=srcnat out-interface=WAN2 action=masquerade
Posted by at No comments:
Subscribe to: Posts (Atom)