Mikrotik RouterOS – Change SSH Default Port Number

From the RouterOS command line move to /ip service and issue the print command this will display port numbers for various services and which of those services are currently enabled. I will also cover how to disable the services if you wish, the output below is from a recent RouterOS install.

[admin@MikroTik] /ip service> print
Flags: X - disabled, I - invalid
 #   NAME                                PORT ADDRESS                                                                  CERTIFICATE
 0   telnet                                23
 1   ftp                                   21
 2   www                                   80
 3   ssh                                 22
 4 XI www-ssl                              443                                                                          none
 5   api                                 8728
 6   winbox                              8291
 7   api-ssl                             8729  

From /ip service set the new SSH port number. Pick a number you like or you can use the following list https://en.wikipedia.org/wiki/List_of_TCP_and_UDP_port_numbers.

[admin@MikroTik] /ip service> set ssh port=2987

The change takes effectively immediately.

Disable a Service

Disabling a service is equally easy just type disable followed by the service name. It’s always a good idea to disable unused services. Below I’ve disable three different services.

[admin@MikroTik] /ip service> disable telnet

[admin@MikroTik] /ip service> disable ftp

[admin@MikroTik] /ip service> disable winbox

Issue the print command to verify the port change, note that certain services have a X in front of them indicating the service has been disabled.

[admin@MikroTik] /ip service> print
Flags: X - disabled, I - invalid
 #   NAME                  PORT ADDRESS                                                     CERTIFICATE
 0 XI telnet                  23
 1 XI ftp                     21
 2   www                     80
 3   ssh                   2484
 4 XI www-ssl                443                                                             none
 5   api                   8728
 6 XI winbox                8291
 7   api-ssl               8729                                                             none

Raspberry Pi – Dump1090-Mutability and PiAware

I’ve been running a PiAware installation for the last couple of months but after a reinstall I notice some problems specifically with dump1090 provided by the PiAware installation instructions. After searching on various forums I decided to give dump1090-mutability a fork of dump1090 a try and can report great success which is why I decided to list the steps needed to configure dump1090-mutability in a Raspbian install.

Current set-up: Raspbian Jessie Lite on a Raspberry Pi 2 + RTL2832U.

Prepare Raspbian

sudo apt-get update
sudo apt-get upgrade

Dump1090 Mutability Install

Download the necessary .deb from GitHub.

wget https://github.com/mutability/mutability-repo/releases/download/v0.1.0/mutability-repo_0.1.0_armhf.deb

Install the downloaded .deb. Notice the version number.

sudo dpkg -i mutability-repo_0.1.0_armhf.deb

Once again update the installation.

sudo apt-get update

The GPG key provided with mutability-repo_0.1.0_armhf.deb expired which will result in an error every time you run apt-get we can fix the source for the error.

W: GPG error: http://repo.mutability.co.uk wheezy InRelease: The following signatures were invalid: KEYEXPIRED 1451307476 KEYEXPIRED 1451307476 KEYEXPIRED 1451307476

Now re-install mutability-repo this will pull the latest version with a valid signature.

sudo apt-get install mutability-repo

Install dump1090-mutability the version from the repository at the time of this writing was dump1090-mutability v1.14.

sudo apt-get install dump1090-mutability

Install the web server.

sudo apt-get install lighttpd  

Enable module.

sudo lighty-enable-mod dump1090

Reload web server for changes to take effect.

sudo service lighttpd force-reload

Or you can reboot the entire installation which is why I recommend.

sudo reboot

On a web browser and enter the IP address for your Raspberry Pi followed by /dump1090.

http://your_ip_address/dump1090/

dump1090

PiAware Install

For the latest version of PiAware check the FlightAware page. At the time of this writing the current version was piaware_2.1-5.

wget http://flightaware.com/adsb/piaware/files/piaware_2.1-5_armhf.deb

Install the downloaded package.

sudo dpkg -i piaware_2.1-5_armhf.deb

You will receive multiple errors regarding missing dependencies let apt-get install the missing dependencies.

sudo apt-get install -fy

Auto-update the PiAware Software.

sudo piaware-config -autoUpdate 1 -manualUpdate 1

Connect To FlightAware

Connect the PiAware install to flightAware by providing user credentials.

sudo piaware-config -user your_username -password

Restart PiAware.

sudo /etc/init.d/piaware restart

View the status of the install.

lventura@raspberrypi:~ $ sudo piaware-status
dump1090 is not running.
faup1090 is running.
piaware is running.
dump1090-mutabi is listening for connections on port 30005.
faup1090 is connected to port 30005.
piaware is connected to FlightAware.
dump1090-mutabi is producing data on port 30005.

The new install should start feeding data back to FlightAware.

Raspbian – Dump1090 Not Running

I came across a problem that only seems happen on PiAwawre self installs where Dump1090 will not run.

pi@raspberrypi:~ $ sudo piaware-status
dump1090 is not running.
faup1090 is not running.
piaware is running.
no program appears to be listening for connections on port 30005.
faup1090 is NOT connected to port 30005.
piaware is connected to FlightAware.
got 'couldn't open socket: connection refused'
maybe dump1090 is NOT producing data on port 30005.

Troubleshooting steps included the following:

I tried adding the password again maybe I made a mistake but it didn’t fix the problem.

sudo piaware-config -user username -password

I know the my RTL is recognized by Raspbian.

lsusb
Bus 001 Device 011: ID 0cf3:9271 Atheros Communications, Inc. AR9271 802.11n
Bus 001 Device 010: ID 0bda:2832 Realtek Semiconductor Corp. RTL2832U DVB-T
Bus 001 Device 009: ID 05dc:a762 Lexar Media, Inc.
Bus 001 Device 013: ID 0a12:0001 Cambridge Silicon Radio, Ltd Bluetooth Dongle (HCI mode)
Bus 001 Device 003: ID 0424:ec00 Standard Microsystems Corp. SMSC9512/9514 Fast Ethernet Adapter
Bus 001 Device 002: ID 0424:9514 Standard Microsystems Corp.
Bus 001 Device 001: ID 1d6b:0002 Linux Foundation 2.0 root hub

Tried to Restart PiAware.

sudo /etc/init.d/piaware restart

And looked for any helpful output.

cat /tmp/piaware.out

On a forum there was a suggestion about blacklisting a module.

sudo nano /etc/modprobe.d/rtlsdr.conf 

Add the line below to .conf.

blacklist dvb_usb_rtl28xxu

After making the changes reboot abd run the piaware-status command hopefully your output will change.

pi@raspberrypi:~ $ sudo piaware-status
dump1090 is running.
faup1090 is running.
piaware is running.
dump1090 is listening for connections on port 30005.
faup1090 is connected to port 30005.
piaware is connected to FlightAware.
dump1090 is producing data on port 30005.

Links

https://opendesignengine.net/news/53
http://discussions.flightaware.com/ads-b-flight-tracking-f21/help-no-ads-b-data-program-is-serving-port-30005-t35812.html

Mikrotik – RouterOS Disable FastTrack To Limit Bandwidth

You can read more about FastTrack from the Mikrotik Wiki on FastTrack. The function has it’s advantages by increasing throughout and reducing CPU load. However I wanted to limit bandwidth to clients and FastTrack had to be disabled in order to limit.

From the RouterOS command line move to /ip firewall filter and issue the print command to view all available rules. Rule 4 has what we are looking for which is fasttrack depending on previous changes made to your rules the placement maybe different resulting in a completely different number.

[admin@HM-R] /ip firewall filter> print
Flags: X - disabled, I - invalid, D - dynamic
 0  D ;;; special dummy rule to show fasttrack counters
      chain=forward

 1    ;;; default configuration
      chain=input action=accept protocol=icmp log=no log-prefix=""

 2    ;;; default configuration
      chain=input action=accept connection-state=established,related log=no log-prefix=""

 3    ;;; default configuration
      chain=input action=drop in-interface=ether1-gateway log=no log-prefix=""

 4    ;;; default configuration
      chain=forward action=fasttrack-connection connection-state=established,related log=no log-prefix=""

 5    ;;; default configuration
      chain=forward action=accept connection-state=established,related log=no log-prefix=""

 6    ;;; default configuration
      chain=forward action=drop connection-state=invalid log=no log-prefix=""

 7    ;;; default configuration
      chain=forward action=drop connection-state=new connection-nat-state=!dstnat in-interface=ether1-gateway log=no
      log-prefix=""

Now issue the disable command along with the rule number you wish to disable. Alternatively the rule can be removed completely with the command remove but I rather preserve it in case I needed at a later time.

[admin@HM-R] /ip firewall filter> disable numbers=4

Rule 4 is now disabled as indicated by the capital XI in front of the rule.

[admin@HM-R] /ip firewall filter> print
Flags: X - disabled, I - invalid, D - dynamic
 0  D ;;; special dummy rule to show fasttrack counters
      chain=forward

 1    ;;; default configuration
      chain=input action=accept protocol=icmp log=no log-prefix=""

 2    ;;; default configuration
      chain=input action=accept connection-state=established,related log=no log-prefix=""

 3    ;;; default configuration
      chain=input action=drop in-interface=ether1-gateway log=no log-prefix=""

 4 XI  ;;; default configuration
      chain=forward action=fasttrack-connection connection-state=established,related log=no log-prefix=""

 5    ;;; default configuration
      chain=forward action=accept connection-state=established,related log=no log-prefix=""

 6    ;;; default configuration
      chain=forward action=drop connection-state=invalid log=no log-prefix=""

 7    ;;; default configuration
      chain=forward action=drop connection-state=new connection-nat-state=!dstnat in-interface=ether1-gateway log=no
      log-prefix=""

With Fasttrack disabled I can add my 20/20 Megabit symmetrical limit.

[admin@HM-R] /queue simple> add max-limit=20M/20M name=client-arq target=192.168.200.2/32

Mikrotik – Upgrade RouterOS from the Command Line

My Mikrotik router was running version 6.30 which I needed to update to version 6.31 in order to support RSA keys. I found updating the router from the command line to be quite easy an straight forward. it only requires a few commands and requires little user input.

I know of two ways to view the current running firmware. My hAP at the time it arrived was running RouterOS version 6.30.4.

[admin@HM-GW] /system resource> print
                   uptime: 14h43m39s
                  version: 6.30.4
               build-time: Aug/25/2015 12:59:46
              free-memory: 41.0MiB
             total-memory: 64.0MiB
                      cpu: MIPS 24Kc V7.4
                cpu-count: 1
            cpu-frequency: 650MHz
                 cpu-load: 3%
           free-hdd-space: 4.8MiB
          total-hdd-space: 16.0MiB
  write-sect-since-reboot: 691
         write-sect-total: 5566
               bad-blocks: 0%
        architecture-name: mipsbe
               board-name: hAP ac lite
                 platform: MikroTik

Making use of the /system package update check-for-updates we can also view the running version and latest available version of RouterOS for download.

[admin@HM-GW] /system package update> check-for-updates
   current-version: 6.30.4
   latest-version: 6.34.3

Now that we know there is an available update we tell the router to download and install. The router will reboot.

[admin@HM-GW] /system package update> download
          channel: current
  current-version: 6.34.3
   latest-version: 6.34.4
           status: Downloaded, please reboot router to upgrade it

Reboot for the changes to take effect.

[admin@HM-GW] /system package update> /system reboot

You will be asked for confirmation prior to rebooting.

Reboot, yes? [y/N]:
y
system will reboot shortly

Installing the new firmware took less than a minute. Let’s check again and see what version of RouterOS is currently running.

[admin@HM-GW] /system package update> check-for-updates
          channel: current
  current-version: 6.34.3
   latest-version: 6.34.3
           status: System is already up to date

We are done and the system is now updated to the latest available firmware. Fairly easy and painless to update RouterOS.

4/8/2016 – Corrected grammatical error. Thank you for pointing it out.

Adding a Serial Port to the Raspberry Pi Zero

The Raspberry Pi Zero lacks a USB hub and only comes with a single Micro USB port which means you have to be careful with the limited available port. Adding a USB to serial converter is a good way of accessing the Pi Zero without having to plug a keyboard and HDMI connector and it frees the Micro USB port.

There are many flavors of USB to RS232 adapters and one of them is CH340 eBay which is affordable. Another adapter I like is the CP2102 you can find them on eBay. This are just recommendations in the end it’s your choice as to the one you choose.

How I wire my Pi Zero

  • The Raspberry Pi can be powered from the same 5V pin coming from the USB to RS232 adapter, I rather have the Zero use a dedicated PSU for stable power.

Wiring the Pi Zero

https://pinout.xyz/

Use the MicroSD slot as a reference point. On the Pi Zero you will make use of the following pins:

  • pin 6 is ground(GND)
  • pin 8 is transmit(TXD)
  • pin 10 is receive(RXD)

image

Wiring the USB to RS232

There might be a slight difference with your USB to RS232 adapter but I am certain it will be the same as below. Make sure to match wiring with those of the Pi Zero.

image

On the terminal client of your choice use the COM port assigned to the USB adapter and baud rate of 115200.

Troubleshooting

If you don’t see any output in the console make sure the TXD and RXD pins are in the correct position, otherwise swap them.

Update the Firmware on a Raspberry Pi

Updating the Raspberry Pi firmware is easy thanks to a nice utility called rpi-update included by default in Raspbian but I’ve also included an extra step for those of us who use other distributions for the Raspberry Pi like Minibian(my favorite), Kali Linux, etc… Understand that rpi-update is automated and once executed it will download and install the firmware without any user input. Upgrading the firmware takes less than a minute, however the install might take longer depending on your Internet connection.

The three steps below are included because rpi-update is not included by default in other distributions. Update and upgrade the system. First update and upgrade the OS.

sudo apt-get update
sudo apt-get upgrade

Install rpi-config from the repository.

sudo apt-get install rpi-update

Update the Firmware

Rpi-update is automated and once executed it will download and install the firmware without any user input. Upgrading the firmware takes less than a minute, however the install might take longer depending on your Internet connection. Sit back and watch the process.

root@raspberrypi:~# sudo rpi-update

*** Raspberry Pi firmware updater by Hexxeh, enhanced by AndrewS and Dom
*** Performing self-update
% Total % Received % Xferd Average Speed Time Time Time Current
Dload Upload Total Spent Left Speed
100 9823 100 9823 0 0 1837 0 0:00:05 0:00:05 --:--:-- 34346
*** Relaunching after update
*** Raspberry Pi firmware updater by Hexxeh, enhanced by AndrewS and Dom
*** We're running for the first time
*** Backing up files (this will take a few minutes)
*** Backing up firmware
*** Backing up modules 3.18.7-v7+
*** Downloading specific firmware revision (this will take a few minutes)
% Total % Received % Xferd Average Speed Time Time Time Current
Dload Upload Total Spent Left Speed
100 168 0 168 0 0 419 0 --:--:-- --:--:-- --:--:-- 585
100 46.1M 100 46.1M 0 0 448k 0 0:01:45 0:01:45 --:--:-- 565k
*** Updating firmware
*** Updating kernel modules
*** depmod 3.18.11+
*** depmod 3.18.11-v7+
*** Updating VideoCore libraries
*** Using HardFP libraries
*** Updating SDK
*** Running ldconfig
*** Storing current firmware revision
*** Deleting downloaded files
*** Syncing changes to disk
*** If no errors appeared, your firmware was successfully updated to 5b0cbedacf45e111f02d925fa5b1cec9041fb279
*** A reboot is needed to activate the new firmware

Reboot the Raspberry Pi for the new firmware to take effect.

root@raspberrypi:~# sudo reboot

Let’s check again to see what the Raspberry Pi has to say about the new firmware.

root@raspberrypi:~# sudo rpi-update

*** Raspberry Pi firmware updater by Hexxeh, enhanced by AndrewS and Dom
*** Performing self-update
% Total % Received % Xferd Average Speed Time Time Time Current
Dload Upload Total Spent Left Speed
100 9823 100 9823 0 0 54727 0 --:--:-- --:--:-- --:--:-- 79861
*** Relaunching after update
*** Raspberry Pi firmware updater by Hexxeh, enhanced by AndrewS and Dom
*** Your firmware is already up to date

Your Raspberry Pi is now running the latest available firmware.