Stats
Displaying 1 To 19 Of 19 Comments MikroTik simple script to update ZoneEdit Dynamic DNS They could have fixed it by now. Maybe you can drop the first “/tool fetch url=\”http://dynamic.zoneedit.com/auth/dynamic.html\?host=dyndns.example.com&dnsto=127.0.0.1\” user=ZEUser password=ZEPass keep-result=no\r\n/delay 30\r\n” part. » Posted By Andryan On August 23, 2012 @ 4:54 pm Really? My Linux server at home also runs a script that checks its current IP address and sends an update ONLY if it has changed (the IP address change was so rare, I didn’t notice that the script had failed me for quite sometime until a few weeks ago), but it was also showing the same problem. The reply I got was a success code of 201 “No records need updating” when the IP address HAD changed, but ZoneEdit server didn’t do any update until I force-changed it using the dnsto parameter. I will try and update the MikroTik script to be smarter and send update only when its IP address has changed. » Posted By Andryan On April 24, 2010 @ 11:25 am Did you make clean and re-make? » Posted By Andryan On January 29, 2010 @ 9:17 pm AHA, yes.. Good point. Thanks for pointing this out. » Posted By Andryan On May 25, 2009 @ 1:50 am Because these servers are connected to an internal network which is isolated and sniffing is impossible. Anyway, that was my task at work and there is no security concern. Before you post your comment, this is my technical notes and I don’t need people telling me that telnet is insecure. The idea of this blog is to share knowledge that is probably not documented elsewhere. I know what I’m doing, people. For those who need this information, they should know what they are doing and know the risks involved by using telnet. » Posted By Andryan On May 8, 2008 @ 7:46 am MikroTik RouterOS Interface Bonding This is how I did the fiber links bonding using MikroTik RB333 + RouterOS v3.0rc13: I used 2x MikroTik RB333 to utilize both links simultaneously, one at each end. I specifically used RouterOS v3.0rc13 because there is a random disconnection issue (every few minutes/hours the bonded link will be disconnected for a few seconds and resume without any signs of symptoms anywhere else) with later versions of RouterOS v3.x (though I haven’t tried RouterOS v4.x). This configuration also doesn’t give you a fully-working auto fail-over, in case one of the links is broken in the middle — since link state doesn’t change as mentioned in the post (though if it’s physically dead, the auto fail-over will work). I used ARP detection to check if the links are both up but apparently it didn’t work as expected. So every time there is a broken link, I will disconnect the broken link from the RB333 manually. This way the RB333 will detect the link state change from the disconnected link as down and force all packets to go through the other link. If you don’t disconnect the broken link manually (disabling the ether interface of the broken link is acceptable) from the RB333, it will route 50% of the packets through the broken link (since it doesn’t know the broken link is in fact broken) and you will start seeing major packet losses. » Posted By Andryan On January 29, 2010 @ 9:47 pm Site 2 (Sunter end): /interface bridge /interface ethernet /interface eoip /interface bonding /ip address /ip dns /ip route /system identity /system ntp client » Posted By Andryan On January 29, 2010 @ 9:31 pm Site 1 (IDC end): /interface bridge /interface ethernet /interface eoip /interface bonding /interface bridge port /ip address /ip dns /ip route /system identity /system ntp client » Posted By Andryan On January 29, 2010 @ 9:23 pm RP-PPPoE server problem in Fedora Core 5, 6, Fedora 7, 8 That makes sense because the problem is in the ppp package, not the rp-pppoe (pppoe-server) package. » Posted By Andryan On July 9, 2007 @ 12:21 pm I can confirm that this issue exists in Fedora 7. » Posted By Andryan On July 3, 2007 @ 4:32 pm iptables mangle and NAT notes, etc. Oh, I forgot to mention when there are multiple upstream interfaces (different directions, e.g. IXP to/from client and transit to/from client), use the forward chain for the connection marking mangle rules and prerouting chain for the packet marking mangle rules. Since the packet marking mangle rules are in prerouting chain, global-in queue parent can be used. Can still use global-in with prerouting chain packet marking mangle rules if there is a dst-address-list to classify the different flows, because this method doesn’t require any explicit in/out-interface settings. » Posted By Andryan On June 7, 2010 @ 1:20 am Hi Arif, This is the example: 1 ;;; Advertise 61.45.224.0/20 to OpenIXP in /24s 2 ;;; Advertise only our prefixes to OpenIXP, do not redistribute transit routes to IX 3 ;;; Discard default route from OpenIXP 4 ;;; IX routes should get higher priority 5 ;;; Advertise 61.45.224.0/20 to NAP 6 ;;; Advertise 116.0.0.0/21 to NAP 7 ;;; Advertise only our prefixes to NAP, do not redistribute IX routes/other transit routes to this transit 8 X ;;; Only use default route from NAP’s BGP feed, opposite the following rule 9 ;;; Discard default route from NAP from /routing bgp network Please note that OpenIXP advertises the smaller prefixes (/24) to make sure that local IX traffic takes the OpenIXP path rather than the NAP path. I also choose to drop default route from NAP to receive full BGP feed from my NAP. If you wish to receive only the default route (make sure your NAP does provide a default route otherwise your packets will go nowhere), enable filter #8 and disable #9. Good luck! » Posted By Andryan On December 7, 2008 @ 10:17 pm ipt_account HOWTO for Fedora Core 6 You’re welcome! Actually I haven’t implemented this on my production server. Currently it’s still running IPFM. » Posted By Andryan On November 22, 2007 @ 1:11 pm If you get invalid module format, probably you are using a different kernel version’s source tree to build the modules. Remember to always check dmesg for more informative error messages. » Posted By Andryan On November 23, 2007 @ 8:43 am Hmm, have you checked dmesg for more descriptive error messages? » Posted By Andryan On September 15, 2007 @ 4:39 am Have a look at this: » Posted By Andryan On September 11, 2007 @ 2:03 pm Have you copied over the libipt_ipp2p.so file to /lib/iptables/? » Posted By Andryan On June 23, 2007 @ 6:32 am Do make scripts/kconfig/ instead of make scripts/mod/modpost. » Posted By Andryan On February 14, 2007 @ 11:56 pm Indeed, last time I tried installing Clamwin, it wasn’t an always-on virus scanner. These days it’s REALLY important to have an always-on virus scanner on Windows. » Posted By Andryan On August 25, 2006 @ 8:12 pmComments Posted By Andryan
I didn’t consider that scenario when I wrote that post.
add admin-mac=00:00:00:00:00:00 ageing-time=5m arp=enabled auto-mac=yes \
comment=”" disabled=no forward-delay=15s max-message-age=20s mtu=1500 \
name=”bridge1″ priority=0×8000 protocol-mode=none transmit-hold-count=6
set 0 arp=enabled auto-negotiation=yes comment=”" disabled=no full-duplex=yes \
mac-address=00:0C:42:1D:1E:1B mtu=1500 name=”ether1″ speed=100Mbps
set 1 arp=enabled auto-negotiation=yes comment=”" disabled=no full-duplex=yes \
mac-address=00:0C:42:1D:1E:1C mtu=1500 name=”ether2″ speed=100Mbps
set 2 arp=enabled auto-negotiation=yes comment=”" disabled=no full-duplex=yes \
mac-address=00:0C:42:1D:1E:1D mtu=1500 name=”ether3″ speed=100Mbps
add arp=enabled comment=”" disabled=yes mac-address=FE:6E:99:E5:DB:2C mtu=1500 \
name=”eoip-tunnel1″ remote-address=172.16.1.1 tunnel-id=1
add arp=enabled comment=”" disabled=yes mac-address=FE:E8:5A:6D:5B:70 mtu=1500 \
name=”eoip-tunnel2″ remote-address=172.16.2.1 tunnel-id=2
add arp=enabled arp-interval=100ms arp-ip-targets=172.16.0.1 comment=”" \
disabled=no down-delay=0s lacp-rate=30secs link-monitoring=arp \
mii-interval=100ms mode=balance-rr mtu=1500 name=”bonding1″ primary=none \
slaves=ether2,ether3 up-delay=0s
add address=10.255.255.101/24 broadcast=10.255.255.255 comment=”" disabled=no \
interface=bridge1 network=10.255.255.0
add address=172.16.0.2/24 broadcast=172.16.0.255 comment=”" disabled=no \
interface=bonding1 network=172.16.0.0
add address=172.16.1.2/24 broadcast=172.16.1.255 comment=”" disabled=yes \
interface=ether2 network=172.16.1.0
add address=172.16.2.2/24 broadcast=172.16.2.255 comment=”" disabled=yes \
interface=ether3 network=172.16.2.0
set allow-remote-requests=no cache-max-ttl=1w cache-size=2048KiB \
primary-dns=208.67.222.222 secondary-dns=208.67.220.220
add disabled=no distance=1 dst-address=0.0.0.0/0 gateway=10.255.255.254 \
scope=255 target-scope=10
set name=”RB333-Sunter”
set enabled=yes mode=unicast primary-ntp=202.169.237.2 secondary-ntp=202.169.224.16
add admin-mac=00:00:00:00:00:00 ageing-time=5m arp=enabled auto-mac=yes \
comment=”" disabled=no forward-delay=15s max-message-age=20s mtu=1500 \
name=”bridge1″ priority=0×8000 protocol-mode=none transmit-hold-count=6
set 0 arp=enabled auto-negotiation=yes comment=”" disabled=no full-duplex=yes \
mac-address=00:0C:42:1C:9B:B1 mtu=1500 name=”ether1″ speed=100Mbps
set 1 arp=enabled auto-negotiation=yes comment=”" disabled=no full-duplex=yes \
mac-address=00:0C:42:1C:9B:B2 mtu=1500 name=”ether2″ speed=100Mbps
set 2 arp=enabled auto-negotiation=yes comment=”" disabled=no full-duplex=yes \
mac-address=00:0C:42:1C:9B:B3 mtu=1500 name=”ether3″ speed=100Mbps
add arp=enabled comment=”" disabled=yes mac-address=FE:61:49:D3:D4:4A mtu=1500 \
name=”eoip-tunnel1″ remote-address=172.16.1.2 tunnel-id=1
add arp=enabled comment=”" disabled=yes mac-address=FE:F6:DF:A4:78:24 mtu=1500 \
name=”eoip-tunnel2″ remote-address=172.16.2.2 tunnel-id=2
add arp=enabled arp-interval=100ms arp-ip-targets=172.16.0.2 comment=”" \
disabled=no down-delay=0s lacp-rate=30secs link-monitoring=arp \
mii-interval=100ms mode=balance-rr mtu=1500 name=”bonding1″ primary=none \
slaves=ether2,ether3 up-delay=0s
add bridge=bridge1 comment=”" disabled=no edge=auto external-fdb=auto \
horizon=none interface=ether1 path-cost=10 point-to-point=auto \
priority=0×80
add bridge=bridge1 comment=”" disabled=no edge=auto external-fdb=auto \
horizon=none interface=bonding1 path-cost=10 point-to-point=auto \
priority=0×80
add address=10.255.255.100/24 broadcast=10.255.255.255 comment=”" disabled=no \
interface=bridge1 network=10.255.255.0
add address=172.16.0.1/24 broadcast=172.16.0.255 comment=”" disabled=no \
interface=bonding1 network=172.16.0.0
add address=172.16.1.1/24 broadcast=172.16.1.255 comment=”" disabled=yes \
interface=ether2 network=172.16.1.0
add address=172.16.2.1/24 broadcast=172.16.2.255 comment=”" disabled=yes \
interface=ether3 network=172.16.2.0
set allow-remote-requests=no cache-max-ttl=1w cache-size=2048KiB \
primary-dns=208.67.222.222 secondary-dns=208.67.220.220
add disabled=no distance=1 dst-address=0.0.0.0/0 gateway=10.255.255.254 \
scope=255 target-scope=10
set name=”RB333-IDC”
set enabled=yes mode=unicast primary-ntp=202.169.237.2 secondary-ntp=202.169.224.16
from /routing filter
0 ;;; Advertise 116.0.0.0/21 to OpenIXP in /24s
chain=to_OpenIXP prefix=116.0.0.0/21 prefix-length=24 invert-match=no action=accept
chain=to_OpenIXP prefix=61.45.224.0/20 prefix-length=24 invert-match=no action=accept
chain=to_OpenIXP invert-match=no action=discard
chain=from_OpenIXP prefix=0.0.0.0/0 invert-match=no action=discard
chain=from_OpenIXP invert-match=no action=accept set-bgp-local-pref=200
chain=to_NAP prefix=61.45.224.0/20 prefix-length=20 invert-match=no action=accept
chain=to_NAP prefix=116.0.0.0/21 prefix-length=21 invert-match=no action=accept
chain=to_NAP invert-match=no action=discard
chain=from_NAP prefix=0.0.0.0/0 invert-match=yes action=discard
chain=from_NAP prefix=0.0.0.0/0 invert-match=no action=discard
0 A 116.0.0.0/21 no
1 A 116.0.0.0/24 no
2 A 116.0.1.0/24 no
3 A 116.0.2.0/24 no
4 A 116.0.3.0/24 no
5 A 116.0.4.0/24 no
6 A 116.0.5.0/24 no
7 A 116.0.6.0/24 no
8 A 116.0.7.0/24 no
9 A 61.45.224.0/20 no
10 A 61.45.224.0/24 no
11 A 61.45.225.0/24 no
12 A 61.45.226.0/24 no
13 A 61.45.227.0/24 no
14 A 61.45.228.0/24 no
15 A 61.45.229.0/24 no
16 A 61.45.230.0/24 no
17 A 61.45.231.0/24 no
18 A 61.45.232.0/24 no
19 A 61.45.233.0/24 no
20 A 61.45.234.0/24 no
21 A 61.45.235.0/24 no
22 A 61.45.236.0/24 no
23 A 61.45.237.0/24 no
24 A 61.45.238.0/24 no
25 A 61.45.239.0/24 no
At the moment I’m looking for a tool (something like iptraf or trafshow), which taps the interface and shows real-time (may be accumulative) statistics on a specified IP address. Unfortunately trafshow and iptraf monitor per-flow instead of per-IP (total per IP address). A real-time IPFM would be nice too if there were one.
http://www.ashberg.de/hacks/ipp2p-0.8.2-kernel-2.6.21-patch.php
«« Back To Stats Page
free-av.com also provides a good free AV, but its interface is not as good as avast’s.
Unfortunately many people here in Indonesia (specifically Jakarta) still prefer to use warez version of Norton or McAfee. I don’t see how Norton is better than avast!. One thing for sure, Norton sucks because it’s getting ‘heavier’ and ‘heavier’ (bloated) to run every time they release a new version.
Recent Comments