Pages

Thursday, November 2, 2017

Block Spammer Source IP from Juniper



If our servers connected from Juniper ge-1/1/5 unit 0  and 47.74.19.98/32 is spam source-ip, then can reject/block/deny this from Juniper-Router as bellow


## Create filter rules
set firewall family inet filter spammer-ip term 32 from source-address 47.74.19.98/32
set firewall family inet filter spammer-ip term 32 then reject
set firewall family inet filter spammer-ip term 33 then accept

## Apply to interface
set interfaces ge-1/1/5 unit 0 family inet filter output spammer-ip


######## ########################## ##################

Thursday, September 21, 2017

Reset CISCO Router Password

## Reset CISCO Router Password ##

** Connect console cable directly with router
and open Hyper Terminal or Tera Term  or Putty or any others

** Press two times "break" button to enter rommon mode

Alt + b == for TeraTerm software to break

Ctrl + Break == for Hyper terminal

Ctrl + Break == for terminal

rommon 1>

** change config register from 0x2102 to 0x2142 to bypass passowrd

rommon 1> confreg 0x2142

** type reset to restart router or poweroff-on manually
rommon 2> reset

** type "no" or Ctrl+C to skip setup procedure
and finally press enter for login

router>
router>enable
router#
router# configure memory
router# configure terminal
router(config)#
router(config)# enable secret newpassowrd
router(config)#
router(config)#config-register 0x2102
router(config)# exit
router#
router# write  or copy running-config startup-config

** if you want to erase all previous configureations then follow bellow

router#
router# write erase
Erasing the nvram filesystem will remove all configuration files! Continue? [confirm]
<Press Enter key>
router#
Router#reload
Do you want to reload the internal AP ? [yes/no]: yes
Proceed with reload? [confirm]

...
Would you like to enter the initial configuration dialog? [yes|no] no <Press Enter key>
–OR–
Do you want to save the configuration of the AP? [yes|no] no <Press Enter key>

Wednesday, September 20, 2017

Juniper FULL Backup Restore



Taking backup file to ftp server (ftp.tayabkhan.com) from Juniper Router:

Login to router as root

root@mx-10-Router> start shell
%
% df -h
% cd /config
% ls
% ftp ftp.tayabkhan.com
Connected to ftp.tayabkhan.com.
220 (vsFTPd 2.2.2)
Name (ftp.tayabkhan.com: root): ftpusername
331 Please specify the password.
Password: ftp-password
230 Login successful.
Remote system type is UNIX.
Using binary mode to transfer files.
ftp> bin
200 Switching to Binary mode.
ftp> put juniper.conf.gz juniper.conf.gz-today
local: juniper.conf.gz remote: juniper.conf.gz-today
200 PORT command successful. Consider using PASV.
150 Ok to send data.
100% |********************************|  4811       00:00 ETA 226 Transfer complete.
4811 bytes sent in 0.00 seconds (2.20 MB/s)

% ls

*** Goto FTP server and find backup config file juniper.conf.gz-today

----------------------------------------------
## Restore configuration file to Juniper Router

** root Login to desired router to restore
root@mx-10-Router> start shell
%
% df -h
% cd /var/tmp
% ls
% ftp ftp.tayabkhan.com
Connected to ftp.tayabkhan.com.
220 (vsFTPd 2.2.2)
Name (ftp.tayabkhan.com: root): ftpusername
331 Please specify the password.
Password: ftp-password
230 Login successful.
Remote system type is UNIX.
Using binary mode to transfer files.
ftp> bin
200 Switching to Binary mode.
ftp> lcd /var/tmp
Local directory now /var/tmp
ftp> get juniper.conf.gz-today
local: juniper.conf.gz-today remote: juniper.conf.gz-today
200 PORT command successful. Consider using PASV.
150 Opening BINARY mode data connection for juniper.conf.gz-today (4811 bytes).
100% |*************************************************|  4811       00:00 ETA
226 Transfer complete.
4811 bytes received in 0.00 seconds (4.09 MB/s)

ftp> exit
% cd /var/tmp
% ls
% mv 
 mv juniper.conf.gz-today /config/juniper.conf.gz
% cli
tayab@MX-10-Router> 
tayab@MX-10-Router>configure
tayab@MX-10-Router# 
** To reset all configuration (if needed) tayab@MX-10-Router# load factory-default
tayab@MX-10-Router# load replace juniper.conf.gz
tayab@MX-10-Router# commit 
*** Hard reboot needed for smooth service






Sunday, September 10, 2017

WHM cPanel multiple ip send email and multiple php version for separate website



**** WHM allow/use seperate ip for seperate domain to send email
Search -> Add a New IP Address
192.168.10.2 -> submit
Search -> Show/Edit Reserved IPs
can see added ip 192.168.10.2

Search ->  Exim Configuration Manager
   -> Basic Editor ->
Search -> mailips
ON--- Reference /etc/mailips for outgoing SMTP connections [?]

vi /etc/mailips
tayabkhan.com: 192.168.10.2

restart exim service



**** WHM multiple PHP version for multible website
Search ->   MultiPHP Manager

Select domain and select php version and apply.

Thursday, July 20, 2017

Juniper interface / traffic Monitoring and SFP details


Juniper Interface SFP details::
IF we want to SFP information for ge-1/1/9.

then fpc-slot is 1 and pic slot is 1. Then we can find the port number 9.

# run show chassis pic fpc-slot 1 pic-slot 1

** Check Link Laser and arp
#  show interfaces diagnostics optics ge-1/0/8
# show arp interface ge-1/0/8    

--------------------------------------------------------

We can monitor specific interface total traffic or different filtered ways

** Monitor interface total traffic
root# run monitor interface ge-1/0/1

** Monitor a specific Host:
root# run monitor traffic interface ge-0/0/x matching "host 10.10.10.10" no-resolve

** Monitor a specific Protocol:
root# run monitor traffic interface ge-0/0/x matching arp

** Monitor a specificPort:
root# run monitor traffic interface ge-0/0/x matching "port 25"

** Monitor a specific IP address:
root# run monitor traffic interface ge-0/0/x matching "host 10.101.10.10" no-resolve detail

** Monitor A network:
root# run monitor traffic interface ge-0/0/x matching "net 225.1.1.0/24" no-resolve detail

** Monitor TCP port 179:
root# run monitor traffic interface ge-0/0/x matching "tcp port 179"

** Monitor UDP port 646:
root# run monitor traffic interface ge-0/0/x matching "udp port 646"

** Increase the size of capture:
root# run monitor traffic interface ge-0/0/x matching arp size 1500

Save the capture to a file:
root# run monitor traffic interface ge-0/0/x matching arp write-file capture.pcap <<<<< write-file is a hidden command so type it out

** Monitor Matching "not tcp port 3128” and matching tcp port 23
root# run monitor traffic interface ge-0/0/x matching "not tcp port 3128 and tcp port 23"

** Monitor A more complicated combination but might be useful in some cases:
root# run monitor traffic interface ge-0/0/x matching "arp or (icmp and host 3.3.3.2)"

=============================================================

Wednesday, July 19, 2017

FTTH PhyHome OLT PON bandwidth check




We can check specific PON bandwidth from NMS and also from PON-VLAN Graph

Goto NMS:

Right click to device -> View RealTime Performace ->
Select required Slot/PON -> Choose Performace Parameter -> Up Speed -> Down Speed -> Add


* If we assign separate VLAN for a specific PON from MikroTik(any L3 device), then we can see PON bandwidth usage from VLAN Mrtg graph.





Wednesday, July 12, 2017

PhyHome OLT ONU Laser Check and ONU Bandwidth Configuration



PhyHome-OLT ONU Laser check and Reboot::
---------------------------------------
* Login to NMS
Right Click to Device -> Configure -> Optical Detect Switch -> Select Desired SLOT, PON and ONU -> Refresh -> Enable/Disable -> Save
Right Click to Device -> State Callbacks-> Slot Optical Module -> Click desired SLOT/PON/ONU


PhyHome ONU MAC Authorization and save configuration::
--------------------------------------------------------------------------
* Login to NMS
Right click to Device -> Click Device Details ->
Choose desired Slot and PON -> click "Unauthorized ONU List" -> refresh -> Select ONU MAC ->
Click "Batch Authorize" -> Save







PhyHome ONU Bandwidth Configuration::
------------------------------------
First See ONU Selial Number : Click (DeviceTree) OLT (maximize Tree ) Click 01 for PON-1 and
Collect serial Number based on ONU Mac Address.
Right Click to Device -> Configure -> OoS Management -> ONU Bandwidth -> Click Required PON ->
-> Select ONU as Serial Number -> Click Upstream Bandwidth (10240 for 10Mb)
-> Click Downstram Bandwidth (20480 for 20Mb) -> Save







FTTH BDCOM OLT Laser Check and New ONU Client Configure


BDCOM-OLT ONU Laser check and Reboot::
------------------------------------
New_OLT# show epon active-onu
EPON0/2:45 2057.af00.97b3 registered
New_OLT# show epon optical-transceiver-diagnosis | include EPON0/2:45
epon0/2:45   -19.4
New_OLT# epon reboot onu interface EPON0/2:45
Are you sure to reboot the ONU(y/n)?

New Client allow(activate) from Command prompt by BDCOM OLT:
-----------------------------------------------------------
If we want to add a client under PON2 with ONU MAC  ab:cd:f7:18:12:34 with our predefined valn 20 using last serial number 5 and assigned

10Mb bandwidth to ONU

FTTH#config
FTTH_config#interface EPON 0/2
epon bind-onu mac abcd.f718.1234 5
FTTH_MIRPUR_config#interface ePON 0/2:5
FTTH_MIRPUR_config_epon0/2:5#
onu-configuration
  epon onu port 1 ctc vlan mode tag 21
  epon onu port 2 ctc vlan mode tag 21
  epon onu port 3 ctc vlan mode tag 21
  epon onu port 4 ctc vlan mode tag 21
  epon onu port 1 ctc rate-limit 10240 ingress
  epon onu port 1 ctc rate-limit 10240 egress
  epon onu port 2 ctc rate-limit 10240 ingress
  epon onu port 2 ctc rate-limit 10240 egress
  epon onu port 3 ctc rate-limit 10240 ingress
  epon onu port 3 ctc rate-limit 10240 egress

FTTH_config_epon0/2:5#exit
FTTH_config#exit
FTTHR#write

FTTH BDCOM OLT Backup Restore from FTP server


Backup::
---------
FTTH#copy startup-config ftp:BDCOM-OLT-Backup-Today
ftp user name[anonymous]?ftpusername
ftp user password[anonymous]?ftppassword
Remote-server ip address[]?ftp.tayabkhan.com
###############
FTP:successfully send 80 blocks, total size=40757
FTTH#

Restore::
----------
FTTH#copy ftp startup-config ftp.tayabkhan.com
ftp user name[anonymous]?ftpusername
ftp user password[anonymous]?ftppassword
Source file name[]?BDCOM-OLT-Latest-Backup-File
startup-config has existed, do you want to cover it(y/n)?y


Monday, July 10, 2017

Phyhome OLT backup and restore from FTP server

---Phyhome OLT BACKUP to FTP server---
> en
Password: ********
# system
system# maintenance
maintenance# configure
maintenance\configure#
maintenance\configure# upload running_config 192.168.100.ftpserverip ftpusername ftppassword uttara-running-backup-10-July-2017

upload running_config ftp.tayabkhan.com khan khan123321 sec-11-pop-olt-config-10-july-2017
upload flash_image ftp.tayabkhan.com khan khan123321 sec-11-flash-image-backup


---Restore Phyhome OLT from FTP server----
Need to configure minimum with IP and Also need to connect with NMS

and then following bellow steps we can restore from FTP server.
Goto NMS ==> Right Click to device ==>> maintainence management->import Config
Give FTP server IP -> Give FTP username -> Give FTP password -> Give File name

Save and Restart Device to get new configuration
Device -> Maintenance Management -> Restart ->

##########
If you want to back Default configuration. or  You want to delete all configuration you created.

# erase                                                                                                                            
  startup-config  Erase all startup configuration information from flash.




Thursday, May 25, 2017

Facebook and Youtube Block including Mobile APP by MikroTik




We can block Facebook and YouTube from Laptop/Desktop and also from Mobile APPs

*** Blocking Facebook

Login MikroTik via Winbox: Goto "IP" -> Firewall -> Layer7 Protocol

+ Add => Name = Facebook ,
                Regexp :
^.+(facebook.com|apps.facebook.com|
www.connect.facebook.net|m.facebok.com|staticak.connect.facebook.com|login.facebook.com|fbcdn.net ).*$

** Now add Filter rules for your local network 192.168.1.0/24

IP -> Firewall -> Filter Rules-> ADD -> Forward chain -> SRC Address: 192.168.1.0/24

Advance -> Layer7 Protocl = Facebook => Action =DROP


*** Blocking YouTube

Goto: IP --> Firewall --> Filter --> Add -> Chain=Forward --> SRC Address: 192.168.1.0/24 -> advance--> Content="googlevideo",  Action= Drop


Goto: IP --> Firewall --> Filter --> Add -> Chain=Forward --> SRC Address: 192.168.1.0/24 -> advance--> Content="youtube",  Action= Drop


==================== Enjoy ######################################


Sunday, April 23, 2017

Openmeeting in CentOS


OpenMeetings is open source software which is used for presenting, online training, web conferencing, collaborative white board drawing and document editing and user desktop sharing. The product is developed a group of open source components, like (ImageMagick, GhostScript, SWFTools, JODConverter ,FFMpeg and OpenOffice or Libre Office) and main functionality on this product is OpenLaszlo RIA framework and Red5 media server.

## Install Required Packages..

yum install wget gcc-c++ unzip zlib-devel libjpeg-devel freetype-devel giflib-devel ghostscript ImageMagick sox libreoffice libreoffice-headless tomcat-native

## Install and Configure MyQL database to store data

yum install mysql-server

# mysql -u root -p
mysql> CREATE DATABASE openmeetings DEFAULT CHARACTER SET 'utf8';
mysql> CREATE USER 'openmeetings'@'localhost' IDENTIFIED BY 'openmeetings';
mysql> GRANT ALL PRIVILEGES ON openmeetings.* TO 'openmeetings'@'localhost';
mysql> FLUSH PRIVILEGES;
mysql> exit

## Install Swift Tools to support utilities for working with Adobe Flash files (SWF files)

# wget http://www.swftools.org/swftools-0.9.2.tar.gz
# tar -xzvf swftools-0.9.2.tar.gz
# cd swftools-0.9.2
# ./configure --libdir=/usr/lib --bindir=/usr/bin
# make
# make install
rm -f /usr/local/share/swftools/swfs/default_viewer.swf -o -L /usr/local/share/swftools/swfs/default_viewer.swf

## ##  Java Version checking and Update to 1.8 and also set home directory

 cd /opt
wget --no-cookies --no-check-certificate --header "Cookie: gpw_e24=http%3A%2F%2Fwww.oracle.com%2F; oraclelicense=accept-securebackup-cookie" "http://download.oracle.com/otn-pub/java/jdk/8u121-b13/e9e7ea248e2c4826b92b3f075a80e441/jdk-8u121-linux-x64.tar.gz"
tar -zxvf jdk-8u121-linux-x64.tar.gz 
alternatives --install /usr/bin/java java /opt/jdk1.8.0_121/bin/java 2
alternatives --config java
java -version
alternatives --install /usr/bin/jar jar /opt/jdk1.8.0_121/bin/jar 2
alternatives --install /usr/bin/javac javac /opt/jdk1.8.0_121/bin/javac 2
alternatives --set jar /opt/jdk1.8.0_121/bin/jar
alternatives --set javac /opt/jdk1.8.0_121/bin/javac
java -version
export JAVA_HOME=/opt/jdk1.8.0_121
export JRE_HOME=/opt/jdk1.8.0_121/jre
vi /etc/bashrc 
printenv 


 ## Java MySQL connector

wget https://dev.mysql.com/get/Downloads/Connector-J/mysql-connector-java-5.1.41.tar.gz
tar -zxvf mysql-connector-java-5.1.41.tar.gz 

## Dowload openmeeting and put JAVA jar file to specific location

mkdir /openmeetings
cd /openmeetings
wget http://apache.petsads.us/openmeetings/3.0.2/bin/apache-openmeetings-3.0.2.tar.gz
tar -xzvf apache-openmeetings-3.0.2.tar.gz

cd /opt/mysql-connector-java-5.0.8
cp mysql-connector-java-5.0.8-bin.jar /openmeetings/webapps/openmeetings/WEB-INF/lib


## Install ffmpeg for audio video stream

cd /opt
wget http://ffmpeg.org/releases/ffmpeg-1.1.1.tar.gz
./configure --libdir=/usr/lib --bindir=/usr/bin --enable-libmp3lame --disable-yasm
make
make install

##  lame Installation for “LAME Ain’t an MP3 Encoder”

cd /opt
wget http://kaz.dl.sourceforge.net/project/lame/lame/3.99/lame-3.99.5.tar.gz
tar -xzvf lame-3.99.5.tar.gz
 ./configure --libdir=/usr/lib --bindir=/usr/bin
make
make install

## Connect with MySQL database 
cd /openmeetings/webapps/openmeetings/WEB-INF/classes/META-INF
cp persistence.xml persistence.xml.bk.live
cp mysql_persistence.xml persistence.xml

Assign your mysql username and its password to configuration file. Make your you need to add your database username and password instead of us.

# vi persistence.xml
                                        , Url=jdbc:mysql://localhost:3306/openmeetings?autoReconnect=true&useUnicode=true&createDatabaseIfNotExist=true&cha$
                                        , MaxActive=100
                                        , MaxWait=10000
                                        , TestOnBorrow=true
                                        , poolPreparedStatements=true
                                        , Username=openmeetings
                                        , Password=openmeetings" />

## Start Red5 server.
cd /openmeetings
./red5.sh

### Install script to start server Automatically...

vi /etc/init.d/red5 
########################
#vi /etc/init.d/red5
#!/bin/sh -e
#
# Startup script for Red5
export RED5_HOME=/openmeetings/
start_red5="$RED5_HOME/red5.sh"
stop_red5="$RED5_HOME/red5-shutdown.sh"

start() {
echo -n "Starting Red5: " 
${start_red5} &
echo "done."
}
stop() {
echo -n "Shutting down Red5: " 
${stop_red5}
echo "done."
}
case "$1" in
start)
start
;;
stop)
stop
;;
restart)
stop
sleep 10
start
;;
*)
echo "Usage: $0 {start|stop|restart}"
esac
exit 0

##===================

chmod +x /etc/init.d/red5
service red5 stop
chkconfig red5 on
service red5 start


###### Complete installation from web browser...

 http://serverip:5080/openmeetings/install 

This is welcome page and this step Just follow the instruction carefully and click NEXT button.

Give username password email address for next time login.

Set everything default (if no specific requirement) and also no need to set application paths

 

############# Enjoy #################################################








Monday, April 17, 2017

control windows internet traffic by specific application


We can see which service/application using how much internet / intranet traffic and also can control windows those traffic by a software "NetLimiter". You can also see total report/statistics for an individual user.

Download NetLimiter https://www.netlimiter.com/releases/nl4/4-0-28-0
and install as usual way..


Open NetLimiter--

Click -> Stats -> to see total statistic

Click -> DL Limit and UL Limit -> to limit any specific applications Download and Upload Limit



Saturday, April 15, 2017

Zimbra Admin Panel Black not showing




IF zimbra Admin Panel not work/blank-page then check bellow three steps.

https://zimbra.tayabkhan.com:7071/zimbraAdmin/

1) check all services
su - zimbra
zmcontrol status

If any service stop, then up accordingly

2) Check https certificate (either date expired or not) from browser
if expired then


/opt/zimbra/bin/zmcertmgr createca -new

/opt/zimbra/bin/zmcertmgr createcrt -new -days 365

/opt/zimbra/bin/zmcertmgr deploycrt self

/opt/zimbra/bin/zmcertmgr deployca

----------------------

Also Check:
zmmailbox -z -m admin@tyabkhan.com gaf
zmprov fc all

zmprov ms `zmhostname` +zimbraServiceEnabled service
zmprov ms `zmhostname` +zimbraServiceEnabled zimbra
zmprov ms `zmhostname` +zimbraServiceEnabled zimbraAdmin
zmprov ms `zmhostname` +zimbraServiceEnabled zimlet
zmcontrol restart


3) Finally refresh /opt/zimbra/jetty/webapps/zimbraAdmin directory

Goto a new fresh same version Zimbra server and copy zimbraAdmin directory and past to faulty server.

cd /opt/zimbra/jetty/webapps/
tar -czvf zmadmin.tar.gz zimbraAdmin/
cp zmadmin.tar.gz and put faulty server and nutar by removing old directory

Saturday, April 1, 2017

MikroTik mac discovery / login disable


Go to Tools -> MAC Server
Click on the WinBox Interfaces Tab
By default this is set to all
You can add specific interfaces, and disable the all entry

OR using CLI, use the following command

/tool mac-server
add disabled=yes interface=all
/tool mac-server ping
set enabled=no

OR, can control by Firewall

/ip firewall filter
add action=drop chain=input comment="Block mikrotik discovery" disabled=no dst-port=5678 protocol=udp
add action=drop chain=input comment="DROP ALL WINBOX REQUEST By MAC Address" disabled=no dst-port=20561 protocol=udp
add action=drop chain=input comment="DROP ALL WINBOX REQUEST EXCEPT FROM MY PC" disabled=no dst-port=8291 protocol=tcp src-address=!192.168.2.6

Wednesday, February 15, 2017

EOIP Tunnel MTU size Problem



If we create EOIP tunnel by MirkoTik Router, we may face some problem like browsing/others due to MTU size.


We need set manually MTU 1500 into eoip tunnel to avoid this problem.

>> Click Interfaces -->> Click Eoip-Tunnel --> set MTU  =   1500



Wednesday, January 11, 2017

MikroTik Script to Add Multiple Queue with a Single command



We can use PCQ for Multiple queue but another method we can use to add multiple queues with a single command.

Goto-->> "New Terminal"

for i from=2 to=254 do=[queue simple add name="$i" target="192.168.1.$i" max-limit=512K/512K]


*** Here 253 queues will be create with IP address: 192.168.1.2 to 192.168.1.254 with 512K bandwith.

*** If you wants to set /24 series of IP address on one interface ether5, then

for i from=2 to=254 do={ip address add address="172.16.1.$i/24" network="172.16.1.0" interface=ether5}

*** For Older version of mikroTik use bellow scripts

:for e from 2 to 254 do={/ip address add address=("172.16.1." . $e . "/24") network=("172.16.1.0") interface=ether5} 


####################### Enjoy ####################