Configuring UPnP in MikroTik

UPnP (Universal Plug and Play) – universal automatic configuration of network devices, automatically opens ports for p2p applications, games, etc.

In the Winbox settings you can find the “IP” – “UPnP“.

To enable it, check Enabled.

Now you need to specify interfaces, click “Interfaces” and “Add New“.
We’ll add an external WAN port, usually ether1-gateway.
Add an internal port or bridge, such as a bridge.
This completes the configuration.

I’ll give an example of how this will look through the console:

ip upnp set enabled=yes
ip upnp interfaces add interface=ether1-gateway type=external
ip upnp interfaces add interface=bridge type=internal

How to record and watch the demo in Counter-Strike Global Offensive

To record a demo in CS:GO, you need to open the console with the ~ key during the game, it is near the Esc key.
If the console does not open, then it probably is disabled in the settings, open the game settings and select “Yes” where “Enable Developer Console (~)”.

Then, in the console window that opens, type the command (where NAME is any name of the demo):

record NAME

To stop demo recording in the console, type:

stop

The demo file will be saved to the directory with CS:GO, for example C:\Program Files\Steam\steamapps\common\Counter-Strike Global Offensive\csgo\NAME.dem, other demos should be placed in the same directory.

To view demos, you need to open the player, for this, in the console, type:

demoui

Or:

demoui2

Or press the key combination Shift + F2.
Next, in the opened player, click “Load …” and select the demo.

During viewing, you can switch between players left/right keys, CTRL – opens the map, Spacebar will switch the camera to free flight mode.

What is DHCP and how does it work?

DHCP – Dynamic Host Configuration Protocol in a TCP / IP network.

I will describe the possible types of DHCP messages:
DHCPDISCOVER — customer request for addresses.
DHCPOFFER — the server’s offer to get the address.
DHCPREQUEST — a client request for an address (suggested by the server in DHCPOFFER).
DHCPACK — server confirmation of the issuance of the address.
DHCPDECLINE — the client’s refusal to receive the proposed address (for example, when the network is already using someone the proposed IP).
DHCPNAK — failure of the server to issue the requested address.
DHCPRELEASE — notification of the client about the release of the address.
DHCPINFORM — customer request for additional parameters.

I will describe the process of successfully obtaining a DHCP client IP address from a DHCP server:
1) DHCP client from IP address 0.0.0.0 through UDP port 67 sends to network IP address 255.255.255.255 broadcast message DHCPDISCOVER “I want to get IP address”.
2) A DHCP server or several DHCP servers, if there are several of them, receive this message and reply to the client from their IP via UDP port 68 with the message DHCPOFFER “I propose an IP address”. The message is sent to the broadcast address 255.255.255.255 or the gateway address if the client is on another network.
3) The DHCP client receives this message or several messages and responds from the IP address 0.0.0.0 to only one DHCP server with the DHCPREQUEST message “Yes, I want this IP address”.
4) The DHCP server sends a DHCPACK message “I assign you this IP address” in response.
Since the IP address has a lease time after which it is released and the DHCP server can issue it for example to another client, the DHCP clients usually request the renewal with a DHCPREQUEST message and receive a DHCPACK response.

I will describe the composition of the DHCP message:
op (type of message, for example DHCPDISCOVER, size 1 byte)
htype (type of hardware address, size 1 byte)
hlen (length of hardware address, for example 6 for MAC address, size 1 byte)
hops (the number of relay agents between the server and the client, the clients set the value to 0, the size of 1 byte)
xid (Transaction ID, generated by the client at the beginning, size 4 bytes)
secs (the elapsed time in seconds from the time of requesting the receipt of the address can be 0, the size of 2 bytes)
flags (field for flags, size 2 bytes)
ciaddr (The IP address of the client, for example, if it requests a lease extension, the size is 4 bytes)
yiaddr (IP address offered by the server to the client, size 4 bytes)
siaddr (Server IP address, size 4 bytes)
giaddr (IP address of the relay agent, size 4 bytes)
chaddr (hardware client address (MAC), size 16 bytes)
sname (server name, 64 bytes)
file (the name of the boot file, can be used to boot the operating system over the network, 128 bytes)
options (additional options)

Allow insecure connections to POP3 / IMAP iRedMail

In order to be able to connect to POP3 / IMAP without STARTTLS, you need to open the Dovecot configuration file:

sudo nano /etc/dovecot/dovecot.conf

Edit the two parameters listed below:

disable_plaintext_auth=no
ssl=yes

To return the parameters of the secure connection to POP3S / IMAPS back:

disable_plaintext_auth=yes
ssl=required

After the changes in the Dovecot configuration, you need to restart it:

sudo /etc/init.d/dovecot restart

See also:
How to enable SMTP without SSL on port 25 in iRedMail / Postfix

Ubuntu IP Masquerading (NAT)

For example, I will configure IPv4 masquerading (NAT) on Ubuntu Server.
First you need to enable packet forwarding in /etc/sysctl.conf so that traffic can walk between different network interfaces.
Let’s check the current status:

sysctl net.ipv4.conf.all.forwarding
cat /proc/sys/net/ipv4/ip_forward

If it is 0, then enable it with the following command:

sysctl -w net.ipv4.conf.all.forwarding=1

To keep this after the system restart, open the file /etc/sysctl.conf for example in the nano editor (Ctrl + X to exit, y / n to save or discard changes):

nano /etc/sysctl.conf

And add the line:

net.ipv4.conf.all.forwarding=1

If necessary, you can clear existing NAT rules:

iptables -t nat --flush

Now it remains to add a rule to iptables, for example:

iptables -t nat -A POSTROUTING -s 192.168.99.0/24 -j SNAT --to-source 172.16.16.94

Where, 192.168.99.0/24 internal network, and 172.16.16.94 the address through which you need to go to the Internet, similarly prescribed other internal networks.
Let me remind the mask for private networks:

10.0.0.0/8
172.16.0.0/12
192.168.0.0/16

If the IP address on the external network interface changes (dynamic), then instead of SNAT we specify MASQUERADE:

iptables -t nat -A POSTROUTING -s 192.168.99.0/24 -j MASQUERADE

Do not forget to save the added iptables rules.
For example, you can open the network interface configuration file (its contents are loaded at system startup):

nano /etc/network/interfaces

And at the end add iptables rules, for example I will indicate the masquerading of this network at once to several IP addresses, and also with the indication of the network interface:

post-up /sbin/iptables -t nat -A POSTROUTING -s 192.168.99.0/24 -o eth3 -j SNAT --to-source 172.16.90.1-172.16.90.5 --persistent

Or add to the file:

nano /etc/rc.local
/sbin/iptables -t nat -A POSTROUTING -s 192.168.99.0/24 -o eth3 -j SNAT --to-source 172.16.90.1-172.16.90.5 --persistent

I recommend to specify the outgoing network interface, if you do not specify it, then local traffic will return to the network under NAT IP.
If there are several outgoing interfaces, let’s say the load is balanced through BGP, etc., then we indicate with two rules:

/sbin/iptables -t nat -A POSTROUTING -s 192.168.99.0/24 -o eth3 -j SNAT --to-source 172.16.90.1-172.16.90.5 --persistent
/sbin/iptables -t nat -A POSTROUTING -s 192.168.99.0/24 -o eth4 -j SNAT --to-source 172.16.90.1-172.16.90.5 --persistent

See also my articles:
Difference between MASQUERADE and SNAT
Configuring IPTables
How to fix the error “nf_conntrack: table full, dropping package”
Using Linux ISG

Kingston SSD Firmware Update

On the test, I will update the SSD firmware of the Kingston SV300S37A 120Gb drive.

1) Download the official utility Kingston SSD Manager with firmware upgrade
https://www.kingston.com/en/support/technical/downloads/90683

2) Run the downloaded utility and if there is a firmware newer, the “Update to firmware …” button will be displayed, and click it to start the update process, which will last a few seconds.

Done, watch the video as I did:

Installing ISC DHCP for ABillS

Here is an example of the installation of the ISC DHCP server for ABillS in Ubuntu Server.

Switch to the root user:

sudo su

Install package:

apt-get install isc-dhcp-server
ln -s /usr/abills/Abills/modules/Dhcphosts/leases2db.pl /usr/abills/libexec/leases2db.pl

Run:

/usr/abills/libexec/leases2db.pl -d LEASES=/var/lib/dhcp/dhcpd.leases

Change owner of a file:

chown www-data /etc/dhcp/dhcpd.conf

Open the config.pl in the Editor:

nano /usr/abills/libexec/config.pl

Add options:

$conf{DHCPHOSTS_CONFIG}='/etc/dhcp/dhcpd.conf';
$conf{DHCPHOSTS_LEASES}='/var/lib/dhcp/dhcpd.leases';
$conf{DHCPHOSTS_RECONFIGURE}='/usr/bin/sudo /etc/init.d/isc-dhcp-server restart';

Open in the Editor:

nano /etc/sudoers

Add the string making the ability to run a service system:

www-data   ALL = NOPASSWD: /etc/init.d/isc-dhcp-server

Go to the Abills Web interface, open the menu "settings"-"IP (DHCP)"-"Network IP (DHCP) Network", add the network if needed, then "Show, reconfigure the dhcp" and "Reconfigure".

See if the isc-dhcp-server command:

/etc/init.d/isc-dhcp-server status

Logs are written to the file/var/log/syslog

You can also configure the export of DHCP history to see it in the “Report” – “DHCP History” menu.
To do this, make a link:

ln -s /usr/abills/Abills/modules/Dhcphosts/dhcp_log2db.pl /usr/abills/libexec/dhcp_log2db.pl

Separating DHCP logs into a separate file as I wrote in the article below and adding to the Startup script with the command:

tail -F /var/log/dhcpd.log | /usr/abills/libexec/dhcp_log2db.pl

See also my articles:
Installing and configuring a dhcp server, isc-in Ubuntu
Packet capturing with tcpdump