Here’s an example of installing isc-dhcp-server in Ubuntu Server.
Continue reading “Installing and configuring isc-dhcp-server in Ubuntu”Blocking third-party DHCP on Cisco via DHCP Snooping
On the test, I configure DHCP Snooping on the Cisco Catalyst 6509-E to block third-party DHCP servers, on the other Cisco switches, the configuration is basically the same.
After connecting to the device immediately go to the configuration mode:
enable configure
Continue reading “Blocking third-party DHCP on Cisco via DHCP Snooping”
IPTables rules for DHCP
Assume the default server INPUT DROP, now I will give an example of a simple rule permitting DHCP requests to the server, this will be enough for clients to get IP from the server (where em1 is the network interface on which the DHCP server is running):
Continue reading “IPTables rules for DHCP”How to catch broadcast flooding on MikroTik devices
It took somehow in one network to determine where the jumps of broadcast traffic are coming from, because of which the CPU usage was increasing on devices and there were interruptions with the Internet.
The network equipment was used from MikroTik.
Having connected to MikroTik with the following command, let’s look at the traffic statistics on ports, namely the broadcast traffic “Rx Broadcast” coming to the port, since this is the packet counter, then the figure should grow if the flood comes, if it does not change, then all is well:
interface ethernet print stats interval=1
Here is an example of viewing the statistics of a specific port (where ether2 is the name of the interface, it may be different depending on how it was called in the configuration):
interface ethernet print stats from ether2 interval=1
See the list of ports/interfaces with the command:
interface print
In this way, by the chain we will reach the final port from which there is a broadcast flood and, if necessary, turn it off by the command (where NUMBER is the number of the port in order in the table which can be viewed by the command above):
interface disable NUMBER
To enable the port:
interface enable NUMBER
Via WEB or Winbox, you can see the statistics by opening the Interfaces menu on the left and in the Interface tab, let’s look at each interface.
Example of resetting port statistics:
interface ethernet reset-counters ether2 interface ethernet reset-counters ether2,ether3,ether4,ether5
On CRS models MikroTik, you can enable broadcast traffic control, for example, 100 packets per second on an ether3 port (similarly for other ports):
interface ethernet switch ingress-port-policer add port=ether3 rate=100 meter-unit=packet packet-types=broadcast
In the future, you can watch the network for example through the system Zabbix, in which you can configure the display of broadcast packet schedules and if the packet counter starts to grow, the system will notify you.
Speed limit on MikroTik through Queues
It was necessary somehow on the sector antenna to limit traffic for fans to shake torrents. Point set up and described in this article – MikroTik RB912UAG-2HPnD (BaseBox 2) + Ubiquiti Sector. In my case, the speed adjusts the billing, but I wanted to limit the test for the means of MikroTik.
Continue reading “Speed limit on MikroTik through Queues”Configuring MikroTik RB912UAG-2HPnD (BaseBox 2) + Ubiquiti Sector
Recently tuned MikroTik RB912UAG-2HPnD (BaseBox 2).
The sticker says that without the antenna connected it can not be turned on :), it will be used with Ubiquiti Sector AM-2G15, I connected this sector to two contacts.
The standard IP device is 192.168.88.1, the login admin is without a password, DHCP is disabled as standard, so you need to manually register IP on the computer, for example 192.168.88.2 with a subnet mask of 255.255.255.0.
First of all we will change the password in “System” – “Users”.
Set up Wi-Fi settings in “Wireless” – “Interfaces”:
Wireless Protocol: 802.11 so that you can connect to any device
In “Wireless” – “Security Profiles”, configure:
SSID (the name of the wireless network)
Mode: dynamic keys
type of encryption WPA2 PSK AES
WPA2 Pre-Shared Key (wireless password)
Now change the device IP address, in IP – Addresses, the network where it will stand. For example, instead of 192.168.88.1 on 172.16.200.11, after that on the computer, we will manually change the IP registered on the IP from this network, for example 172.16.200.12 so that you can continue to configure.
“IP” – “Routes” add a gateway, for example Dst. Address: 0.0.0.0/0, Gateway: 172.16.200.1.
On this basic setup is completed, the device will work as an access point to the bridge, that is, it will not be issued by the IP, but by the device before it or by billing.
Repairing the Netis WF2419 Firmware via TFTP
I will describe the procedure for restoring the firmware of the Netis WF2419 router via TFTP:
1) Download the latest firmware from the official site
http://netis-systems.com/Suppory/de_details/id/1/de/44
If the firmware was downloaded in a compressed archive, then we unpack it, we need a firmware file with the extension *.bin
2) We will manually register the IP address on the computer, for example 192.168.1.100
3) Connect the computer to the router through the port LAN4.
4) Turn off the power of the router, press the reset button and hold it on, after 3 seconds, release the reset button. After that, the device will enter the recovery mode.
5) Now there will be actions with TFTP. Earlier I wrote articles about TFTP:
Starting a TFTP server in Windows
Installing and Configuring a TFTP Server in Ubuntu.
Actually, you need to send the file of the previously downloaded firmware to the router (its IP in recovery mode 192.168.1.6).
I use TFTP for example in Windows we specify the address of the client 192.168.1.6, the firmware file and press Put thereby starting transferring the file to the router, you do not need to specify anything else.
We are waiting for the completion of the process for several minutes.
Done, the firmware repair process is complete.
Jetpack error solution “Verification secrets not found”
I noticed some error when activating Jetpack:
The Jetpack server encountered the following client error: Verification secrets not found
The reason was found in restricted access over IP through .htaccess to the file wp-login.php, as it turned out that access to this file can not be blocked if Jetpack is used.
That’s why I found lines restricting access and commented them out by putting the # (before each line) symbol (the lines can be in the .htaccess file located in the root directory with WordPress and in the web server configuration files), for example:
# <files wp-login.php> # order allow,deny # allow from 127.0.0.1 192.168.2.50 # </files>
If the lines were in .htaccess, then Jetpack can already be activated, if in the configuration file of the web server, then you still need to restart it to apply the changes.
Also, an error can occur because of conflicting plugins, you can try to turn them off in turn.
How to convert a list of IP addresses to DNS names
In Linux, you can convert a list of IP addresses into DNS names, for example, by a simple script.
To do this, create an empty file with the extension .sh, make it executable and add the content to it:
#!/bin/sh
while read ip traf ; do
name=`host $ip|awk '{print $NF}'`
echo -e "$name\t$ip\t$traf"
done >name_ip_traf.lst <ip_traf.lst
Where ip_traf.lst is a file with a list of IP addresses that need to be converted to DNS names.
You can make it executable by the command:
chmod +rwx file.sh
Run the script in the directory where it is located by the command:
./file.sh
Or run by specifying the full path:
/dir/file.sh
After the startup, you must wait for a while or interrupt the execution by pressing CTRL+C.
How to configure SPF records
SPF (Sender Policy Framework) allows you to specify in the TXT DNS records domain settings addresses from which you can send mail to prevent e-mail spoofing.
Continue reading “How to configure SPF records”