Category Archives: Networking

Mikrotik Dyndns update IP address

:global ddnsuser “dyndnsuser”
:global ddnspass “dyndnspass”
:global ddnshost “mycam.dvrdns.org”
:global theinterface strongvpn-germany

:global ipddns [:resolve $ddnshost];
:global ipfresh [ /ip address get [/ip address find interface=$theinterface ] address ]
:if ([ :typeof $ipfresh ] = nil ) do={
:log info (“DynDNS: No ip address on $theinterface .”)
} else={
:for i from=( [:len $ipfresh] – 1) to=0 do={
:if ( [:pick $ipfresh $i] = “/”) do={
:set ipfresh [:pick $ipfresh 0 $i];
}
}

:if ($ipddns != $ipfresh) do={
:log info (“DynDNS: IP-DynDNS = $ipddns”)
:log info (“DynDNS: IP-Fresh = $ipfresh”)
:log info “DynDNS: Update IP needed, Sending UPDATE…!”
:global str “/nic/update\?hostname=$ddnshost&myip=$ipfresh&wildcard=NOCHG&mx=NOCHG&backmx=NOCHG”
/tool fetch address=members.dyndns.org src-path=$str mode=http user=$ddnsuser \
password=$ddnspass dst-path=(“/DynDNS.”.$ddnshost)
:delay 1
:global str [/file find name=”DynDNS.$ddnshost”];
/file remove $str
:global ipddns $ipfresh
:log info “DynDNS: IP updated to $ipfresh!”
} else={
:log info “DynDNS: dont need changes”;
}
}

Mktik Failover Script

# ——————- header ——————-
# Script by Tomas Kirnak, version 1.0.7
# If you use this script, or edit and
# re-use it, please keep the header intact.
#
# For more information and details about
# this script please visit the wiki page at
# http://wiki.mikrotik.com/wiki/Failover_Scripting
# ——————- header ——————-

# ————- Modification ——————-
# Modified by Andrés López
# Failover using Firewall Mangle Rules
# ———————————————-

# Please fill the WAN interface names
:local canal_a ether1
:local canal_b ether2
:local canal_c ether3

# routing net marks
:local redadmin 0
:local redinvitados 1

# check gateways
:local PingTarget 8.8.8.8
:local FailTreshold 10

# Declare the global variables
:global PingFailCountISP1
:global PingFailCountISP2

# Status
:global canal_a_estado
:global canal_b_estado

# This inicializes the PingFailCount variables, in case this is the 1st time the script has ran
:if ([:typeof $PingFailCountISP1]=”nothing”) do={:set PingFailCountISP1 0}
:if ([:typeof $PingFailCountISP2]=”nothing”) do={:set PingFailCountISP2 0}

# This variable will be used to keep results of individual ping attempts
:local PingResult

# Check ISP1
:set PingResult [ping $PingTarget count=1 interface=$canal_a]
:put $PingResult

:if ($PingResult = 0) do={
:if ($PingFailCountISP1 < ($FailTreshold+2)) do={
:set PingFailCountISP1 ($PingFailCountISP1 + 1)

:if ($PingFailCountISP1 = $FailTreshold) do={
:log warning “Canal a is offline”
:set canal_a_estado 1
}
}
}

:if ($PingResult = 1) do={
:if ($PingFailCountISP1 > 0) do={
:set PingFailCountISP1 ($PingFailCountISP1-1)

:if ($PingFailCountISP1 = ($FailTreshold – 1)) do={
:log warning “Canal a is back”
:set canal_a_estado 0
}
}
}

# Check ISP2
:set PingResult [ping $PingTarget count=1 interface=$canal_b]
:put $PingResult

:if ($PingResult = 0) do={
:if ($PingFailCountISP2 < ($FailTreshold+2)) do={
:set PingFailCountISP2 ($PingFailCountISP2 + 1)

:if ($PingFailCountISP2 = $FailTreshold) do={
:log warning “Canal b is offline”
:set canal_b_estado 1
}
}
}

:if ($PingResult = 1) do={
:if ($PingFailCountISP2 > 0) do={
:set PingFailCountISP2 ($PingFailCountISP2-1)

:if ($PingFailCountISP2 = ($FailTreshold – 1)) do={
:log warning “Canal b is back”
:set canal_b_estado 0
}
}
}

# Indication flags
:put $canal_a_estado
:put $canal_b_estado

# Failover actions
:if ($canal_b_estado=1) do={
:log warning “Enviando redinvitados por canal c”
ip firewall mangle set new-routing-mark=canal_c $redinvitados
}

:if ($canal_a_estado=1) do={
:log warning “Enviando redadmin por canal c”
ip firewall mangle set new-routing-mark=canal_c $redadmin
}

:if ($canal_b_estado=0) do={
:log warning “Canal b estable”
ip firewall mangle set new-routing-mark=canal_b $redinvitados
}

:if ($canal_a_estado=0) do={
:log warning “Canal a estable”
ip firewall mangle set new-routing-mark=canal_a $redadmin
}

Mikrotik Dual Wan

ip firewall mangle add src-address=192.168.57.0/24 action=mark-routing new-routing-mark=net1 chain=prerouting

ip firewall mangle add src-address=192.168.56.2 action=mark-routing new-routing-mark=wan1 chain=output
ip route add gateway=192.168.56.1 routing-mark=wan1

ip firewall mangle add src-address=192.168.58.2 action=mark-routing new-routing-mark=wan2 chain=output
ip route add gateway=192.168.58.1 routing-mark=wan2

-----

NAT
ip firewall nat add chain=src-nat out-interface=ether1 action masquerade
ip firewall nat add chain=src-nat out-interface=ether2 action masquerade
ip firewall nat add chain=src-nat out-interface=ether3 action masquerade

MANGLE
ip firewall mangle add src-address=192.168.59.0/24 action=mark-routing new-routing-mark=admin chain=prerouting
ip firewall mangle add src-address=192.168.56.2 action=mark-routing new-routing-mark=canal_primario chain=output
ip route add gateway=192.168.56.1 routing-mark=canal_primario
ip firewall mangle add src-address=192.168.57.2 action=mark-routing new-routing-mark=canal_secundario chain=output
ip route add gateway=192.168.57.1 routing-mark=canal_secundario
ip firewall mangle add src-address=192.168.58.2 action=mark-routing new-routing-mark=canal_terciario chain=output
ip route add gateway=192.168.58.1 routing-mark=canal_terciario

ROUTE
ip route rule add dst-address=0.0.0.0/0 routing-mark=admin table=canal_primario action=lookup
ip route rule add dst-address=0.0.0.0/0 routing-mark=admin2 table=canal_secundario action=lookup
ip route rule add dst-address=0.0.0.0/0 routing-mark=admin3 table=canal_primario action=lookup

Cisco Wireless Controller – WPA PSK passphrase change Script and HTTP Publish

change_wlc_ssid_passphrase.pl

#!/usr/bin/perl

use Net::SSH::Expect;

my $ssh = Net::SSH::Expect->new (
 host => "192.168.10.3",
 raw_pty => 1
);

my $pass = generatePassword(10);
print ("Generating new WPA passphrase: ".$pass."\n");
print ("Getting into WLC...\n");
$ssh->run_ssh() or die "SSH process couldn't start: $!";
$ssh->waitfor('User:', 10) or die "prompt 'User' not found after 10 second";
$ssh->send("user");
$ssh->waitfor('Password:', 3) or die "prompt 'Password' not found after 3 second";
$ssh->send("password");
$ssh->waitfor('(Cisco Controller)', 3) or die "prompt 'Cisco Controller' not found";
print ("Disabling SSID Wlan\n");
$ssh->exec("config wlan disable 7");
print ("Setting passphrase to SSID Wlan\n");
$ssh->exec("config wlan security wpa akm psk set-key ascii $pass 7");
print ("Enabling SSID Wlan\n");
$ssh->exec("config wlan enable 7");
$ssh->exec("logout");
$ssh->send("y");

open (MYFILE, '>temp.txt');
my $html_prefix = '<strong><font size="12">';
my $html_suffix = '</font></strong>';
print MYFILE ($html_prefix.$pass.$html_suffix."\n");
close (MYFILE);
system("cp -rf temp.txt /var/www/html/wireless/index.html");
print ("Job done!\n");

sub generatePassword {
$length = shift;
$possible = 'abcdefghijkmnpqrstuvwxyz23456789ABCDEFGHJKLMNPQRSTUVWXYZ';
while (length($password) < $length)
 { $password .= substr($possible, (int(rand(length($possible)))), 1);
}
return $password
}

Ping Multiple Host

#!/bin/bash

HOSTS=(192.168.3.241 192.168.3.240 192.168.3.21 192.168.3.216 192.168.3.100 192.168.3.213 192.168.2.239 192.168.2.229 192.168.2.230 192.168.2.218 192.168.2.241 192.168.2.206 192.168.3.219)

count=${#HOSTS[@]}
index=0
while [ "$index" -lt "$count" ]; do
 echo -e "-----------------------------------\n"
 echo -e "Haciendo ping ${HOSTS[$index]} ... \n"
 ping -c 3 ${HOSTS[$index]}
 let "index++"
done