Category: Uncategorized

Mikrotik – RouterOS Disable FastTrack To Limit Bandwidth

You can read more about FastTrack from the Mikrotik Wiki on FastTrack. The function has it’s advantages by increasing throughout and reducing CPU load. However I wanted to limit bandwidth to clients and FastTrack had to be disabled in order to limit.

From the RouterOS command line move to /ip firewall filter and issue the print command to view all available rules. Rule 4 has what we are looking for which is fasttrack depending on previous changes made to your rules the placement maybe different resulting in a completely different number.

[admin@HM-R] /ip firewall filter> print
Flags: X - disabled, I - invalid, D - dynamic
 0  D ;;; special dummy rule to show fasttrack counters
      chain=forward

 1    ;;; default configuration
      chain=input action=accept protocol=icmp log=no log-prefix=""

 2    ;;; default configuration
      chain=input action=accept connection-state=established,related log=no log-prefix=""

 3    ;;; default configuration
      chain=input action=drop in-interface=ether1-gateway log=no log-prefix=""

 4    ;;; default configuration
      chain=forward action=fasttrack-connection connection-state=established,related log=no log-prefix=""

 5    ;;; default configuration
      chain=forward action=accept connection-state=established,related log=no log-prefix=""

 6    ;;; default configuration
      chain=forward action=drop connection-state=invalid log=no log-prefix=""

 7    ;;; default configuration
      chain=forward action=drop connection-state=new connection-nat-state=!dstnat in-interface=ether1-gateway log=no
      log-prefix=""

Now issue the disable command along with the rule number you wish to disable. Alternatively the rule can be removed completely with the command remove but I rather preserve it in case I needed at a later time.

[admin@HM-R] /ip firewall filter> disable numbers=4

Rule 4 is now disabled as indicated by the capital XI in front of the rule.

[admin@HM-R] /ip firewall filter> print
Flags: X - disabled, I - invalid, D - dynamic
 0  D ;;; special dummy rule to show fasttrack counters
      chain=forward

 1    ;;; default configuration
      chain=input action=accept protocol=icmp log=no log-prefix=""

 2    ;;; default configuration
      chain=input action=accept connection-state=established,related log=no log-prefix=""

 3    ;;; default configuration
      chain=input action=drop in-interface=ether1-gateway log=no log-prefix=""

 4 XI  ;;; default configuration
      chain=forward action=fasttrack-connection connection-state=established,related log=no log-prefix=""

 5    ;;; default configuration
      chain=forward action=accept connection-state=established,related log=no log-prefix=""

 6    ;;; default configuration
      chain=forward action=drop connection-state=invalid log=no log-prefix=""

 7    ;;; default configuration
      chain=forward action=drop connection-state=new connection-nat-state=!dstnat in-interface=ether1-gateway log=no
      log-prefix=""

With Fasttrack disabled I can add my 20/20 Megabit symmetrical limit.

[admin@HM-R] /queue simple> add max-limit=20M/20M name=client-arq target=192.168.200.2/32

Mikrotik – RouterOS SSH Public Key Authentication

If you intent to make use of a RSA key make sure you are running RouterOS 6.31 version or above, otherwise you may receive an error like this one unable to load key file (incorrect passphrase?) !. If the installation needs to be update then refer to this post on How to Upgrade RouterOS from the Command Line. NOte: you need access to a Linux system to generate the private and public key pair.

Key Generation

Use the ssh-keygen command to generate an RSA key pair. This step is almost automated for you just wait.

lventura@SF-DEV:~$ ssh-keygen -t rsa

You can view the key pair in their respective directory. Remember: id_rsa.pub is meant to be public and will be the file we upload to the remote system.

lventura@HM-R:~/scripts $ ls ~/.ssh
authorized_keys  id_rsa  id_rsa.pub  known_hosts

The key pair will reside in the ~/.ssh found in the users home directory. Use SCP to copy the public key pair from the Linux system over to the Mikrotik RouterOS system just change the IP address to that of your router.

lventura@SF-DEV:~$ scp ~/.ssh/id_rsa.pub admin@192.168.100.1:id_rsa.pub

Now log-in to RouterOS and import id_rsa.pub key we just uploaded. I’m importing a key for the user admin you can change this to the of any other user.

RouterOS Key Import

[admin@HM-GW] > /user ssh-keys import public-key-file=id_rsa.pub user=admin

Let’s view the user new SSH key.

[admin@HM-GW] > /user ssh-keys print
Flags: R - RSA, D - DSA
 #   USER                       BITS KEY-OWNER
 0 R admin                      2048

New Key Test

Using an SSH client with the new private SSH key attempt to log-in to RouterOS, if successful you shouldn’t be prompted for a password.

ssh-login

Mikrotik – Upgrade RouterOS from the Command Line

My Mikrotik router was running version 6.30 which I needed to update to version 6.31 in order to support RSA keys. I found updating the router from the command line to be quite easy an straight forward. it only requires a few commands and requires little user input.

I know of two ways to view the current running firmware. My hAP at the time it arrived was running RouterOS version 6.30.4.

[admin@HM-GW] /system resource> print
                   uptime: 14h43m39s
                  version: 6.30.4
               build-time: Aug/25/2015 12:59:46
              free-memory: 41.0MiB
             total-memory: 64.0MiB
                      cpu: MIPS 24Kc V7.4
                cpu-count: 1
            cpu-frequency: 650MHz
                 cpu-load: 3%
           free-hdd-space: 4.8MiB
          total-hdd-space: 16.0MiB
  write-sect-since-reboot: 691
         write-sect-total: 5566
               bad-blocks: 0%
        architecture-name: mipsbe
               board-name: hAP ac lite
                 platform: MikroTik

Making use of the /system package update check-for-updates we can also view the running version and latest available version of RouterOS for download.

[admin@HM-GW] /system package update> check-for-updates
   current-version: 6.30.4
   latest-version: 6.34.3

Now that we know there is an available update we tell the router to download and install. The router will reboot.

[admin@HM-GW] /system package update> download
          channel: current
  current-version: 6.34.3
   latest-version: 6.34.4
           status: Downloaded, please reboot router to upgrade it

Reboot for the changes to take effect.

[admin@HM-GW] /system package update> /system reboot

You will be asked for confirmation prior to rebooting.

Reboot, yes? [y/N]:
y
system will reboot shortly

Installing the new firmware took less than a minute. Let’s check again and see what version of RouterOS is currently running.

[admin@HM-GW] /system package update> check-for-updates
          channel: current
  current-version: 6.34.3
   latest-version: 6.34.3
           status: System is already up to date

We are done and the system is now updated to the latest available firmware. Fairly easy and painless to update RouterOS.

4/8/2016 – Corrected grammatical error. Thank you for pointing it out.

Xiaomi USB Type C Adapter – Convert Micro USB to Type-C

Just a heads up if you are looking for a certified Micro USB to Type C adapter then I would recommend looking at the Xiaomi USB Type C Adapter they are a great way of converting the Micro USB cables you already have to Type C. The adapter works just fine with the Nexus 6P I have yet to see any problem after almost two months of use. I bought mine from Geekbuying for under $2.oo USD.

wp-1456790651766.jpg

wp-1456790705443.jpg

wp-1456790715172.jpg

wp-1456790724740.jpg

Adding a Serial Port to the Raspberry Pi Zero

The Raspberry Pi Zero lacks a USB hub and only comes with a single Micro USB port which means you have to be careful with the limited available port. Adding a USB to serial converter is a good way of accessing the Pi Zero without having to plug a keyboard and HDMI connector and it frees the Micro USB port.

There are many flavors of USB to RS232 adapters and one of them is CH340 eBay which is affordable. Another adapter I like is the CP2102 you can find them on eBay. This are just recommendations in the end it’s your choice as to the one you choose.

How I wire my Pi Zero

  • The Raspberry Pi can be powered from the same 5V pin coming from the USB to RS232 adapter, I rather have the Zero use a dedicated PSU for stable power.

Wiring the Pi Zero

https://pinout.xyz/

Use the MicroSD slot as a reference point. On the Pi Zero you will make use of the following pins:

  • pin 6 is ground(GND)
  • pin 8 is transmit(TXD)
  • pin 10 is receive(RXD)

image

Wiring the USB to RS232

There might be a slight difference with your USB to RS232 adapter but I am certain it will be the same as below. Make sure to match wiring with those of the Pi Zero.

image

On the terminal client of your choice use the COM port assigned to the USB adapter and baud rate of 115200.

Troubleshooting

If you don’t see any output in the console make sure the TXD and RXD pins are in the correct position, otherwise swap them.

Update the Firmware on a Raspberry Pi

Updating the Raspberry Pi firmware is easy thanks to a nice utility called rpi-update included by default in Raspbian but I’ve also included an extra step for those of us who use other distributions for the Raspberry Pi like Minibian(my favorite), Kali Linux, etc… Understand that rpi-update is automated and once executed it will download and install the firmware without any user input. Upgrading the firmware takes less than a minute, however the install might take longer depending on your Internet connection.

The three steps below are included because rpi-update is not included by default in other distributions. Update and upgrade the system. First update and upgrade the OS.

sudo apt-get update
sudo apt-get upgrade

Install rpi-config from the repository.

sudo apt-get install rpi-update

Update the Firmware

Rpi-update is automated and once executed it will download and install the firmware without any user input. Upgrading the firmware takes less than a minute, however the install might take longer depending on your Internet connection. Sit back and watch the process.

root@raspberrypi:~# sudo rpi-update

*** Raspberry Pi firmware updater by Hexxeh, enhanced by AndrewS and Dom
*** Performing self-update
% Total % Received % Xferd Average Speed Time Time Time Current
Dload Upload Total Spent Left Speed
100 9823 100 9823 0 0 1837 0 0:00:05 0:00:05 --:--:-- 34346
*** Relaunching after update
*** Raspberry Pi firmware updater by Hexxeh, enhanced by AndrewS and Dom
*** We're running for the first time
*** Backing up files (this will take a few minutes)
*** Backing up firmware
*** Backing up modules 3.18.7-v7+
*** Downloading specific firmware revision (this will take a few minutes)
% Total % Received % Xferd Average Speed Time Time Time Current
Dload Upload Total Spent Left Speed
100 168 0 168 0 0 419 0 --:--:-- --:--:-- --:--:-- 585
100 46.1M 100 46.1M 0 0 448k 0 0:01:45 0:01:45 --:--:-- 565k
*** Updating firmware
*** Updating kernel modules
*** depmod 3.18.11+
*** depmod 3.18.11-v7+
*** Updating VideoCore libraries
*** Using HardFP libraries
*** Updating SDK
*** Running ldconfig
*** Storing current firmware revision
*** Deleting downloaded files
*** Syncing changes to disk
*** If no errors appeared, your firmware was successfully updated to 5b0cbedacf45e111f02d925fa5b1cec9041fb279
*** A reboot is needed to activate the new firmware

Reboot the Raspberry Pi for the new firmware to take effect.

root@raspberrypi:~# sudo reboot

Let’s check again to see what the Raspberry Pi has to say about the new firmware.

root@raspberrypi:~# sudo rpi-update

*** Raspberry Pi firmware updater by Hexxeh, enhanced by AndrewS and Dom
*** Performing self-update
% Total % Received % Xferd Average Speed Time Time Time Current
Dload Upload Total Spent Left Speed
100 9823 100 9823 0 0 54727 0 --:--:-- --:--:-- --:--:-- 79861
*** Relaunching after update
*** Raspberry Pi firmware updater by Hexxeh, enhanced by AndrewS and Dom
*** Your firmware is already up to date

Your Raspberry Pi is now running the latest available firmware.

Expand the Root Partition in Kali Linux for the Raspberry Pi

By default when Kali Linux for the Rapsberry Pi is installed the file system will only expand to occupy 3GB of storage, in my case I have a 16GB Micro SD card in my Raspberry Pi 2 with most of its capacity unused. One can easily expand the file system by making use of a script that automatically does the job for you.

File system after install.

root@kali:~# df -h

Filesystem      Size  Used Avail Use% Mounted on
rootfs          2.9G  1.5G  1.2G  56% /
/dev/root       2.9G  1.5G  1.2G  56% /
devtmpfs        460M     0  460M   0% /dev
tmpfs            93M  468K   93M   1% /run
tmpfs           5.0M     0  5.0M   0% /run/lock
tmpfs           186M     0  186M   0% /run/shm

I should note I did not create the script and found it at the following address http://www.raspberryvi.org/wiki/doku.php/raspi-expand-rootfs but it has proven useful.

Download the script into the boot directory. Locally hosted.

root@kali:~# wget -O /boot/raspi-expand-rootfs.sh http://dl.linhost.info/file1/raspi-expand-rootfs.sh

Now we make the script executable.

root@kali:~# chmod +x /boot/raspi-expand-rootfs.sh

And execute the script. Don’t be scared by the output.

root@kali:~# sh /boot/raspi-expand-rootfs.sh
Command (m for help):
Disk /dev/mmcblk0: 15.9 GB, 15931539456 bytes
4 heads, 16 sectors/track, 486192 cylinders, total 31116288 sectors
Units = sectors of 1 * 512 = 512 bytes
Sector size (logical/physical): 512 bytes / 512 bytes
I/O size (minimum/optimal): 512 bytes / 512 bytes
Disk identifier: 0x000697c0

        Device Boot      Start         End      Blocks   Id  System
/dev/mmcblk0p1               1      125000       62500    c  W95 FAT32 (LBA)
/dev/mmcblk0p2          125001     6143999     3009499+  83  Linux

Command (m for help): Partition number (1-4):
Command (m for help): Partition type:
   p   primary (1 primary, 0 extended, 3 free)
   e   extended
Select (default p): Partition number (1-4, default 2): First sector (125001-31116287, default 125001): Last sector, +sectors or +size{K,M,G} (125001-31116287, default 31116287): Using default value 31116287

Command (m for help):
Disk /dev/mmcblk0: 15.9 GB, 15931539456 bytes
4 heads, 16 sectors/track, 486192 cylinders, total 31116288 sectors
Units = sectors of 1 * 512 = 512 bytes
Sector size (logical/physical): 512 bytes / 512 bytes
I/O size (minimum/optimal): 512 bytes / 512 bytes
Disk identifier: 0x000697c0

        Device Boot      Start         End      Blocks   Id  System
/dev/mmcblk0p1               1      125000       62500    c  W95 FAT32 (LBA)
/dev/mmcblk0p2          125001    31116287    15495643+  83  Linux

Command (m for help): The partition table has been altered!

Calling ioctl() to re-read partition table.

WARNING: Re-reading the partition table failed with error 16: Device or resource busy.
The kernel still uses the old table. The new table will be used at
the next reboot or after you run partprobe(8) or kpartx(8)
Syncing disks.
update-rc.d: using dependency based boot sequencing
update-rc.d: warning: default start runlevel arguments (2 3 4 5) do not match resize2fs_once Default-Start values (2 3 4 5 S)
update-rc.d: warning: default stop runlevel arguments (0 1 6) do not match resize2fs_once Default-Stop values (none)
Root partition has been resized. The filesystem will be enlarged upon the next reboot

It is necessary to reboot the OS for the changes to take effect.

root@kali:~# reboot

Once again us the df command to verify the file system successfully expanded.

root@kali:~# df -h

Filesystem      Size  Used Avail Use% Mounted on
rootfs           15G  1.5G   13G  11% /
/dev/root        15G  1.5G   13G  11% /
devtmpfs        460M     0  460M   0% /dev
tmpfs            93M  468K   93M   1% /run
tmpfs           5.0M  4.0K  5.0M   1% /run/lock
tmpfs           186M     0  186M   0% /run/shm

If you like you can remove the script from the /boot directory.

root@kali:~# rm /boot/raspi-expand-rootfs.sh

Auto Mount USB Drives in Raspbian

Update and upgrade the Raspbian installation.

sudo apt-get update && sudo apt-get upgrade

Install the package necessary to automatically mount USB drives.

sudo apt-get install usbmount

Now plug a USB drive and issue the df command to view all volumes. My USB drive was recognized /dev/sdb and mounted as /media/usb0 by the system.

df -hT
pi@raspberrypi ~ $ df -hT
Filesystem     Type      Size  Used Avail Use% Mounted on
rootfs         rootfs    2.9G  2.6G  215M  93% /
/dev/root      ext4      2.9G  2.6G  215M  93% /
devtmpfs       devtmpfs  460M     0  460M   0% /dev
tmpfs          tmpfs      93M  256K   93M   1% /run
tmpfs          tmpfs     5.0M     0  5.0M   0% /run/lock
tmpfs          tmpfs     186M     0  186M   0% /run/shm
/dev/mmcblk0p1 vfat       56M   15M   42M  26% /boot
/dev/sdb1      vfat      2.0G  200M  1.8G  11% /media/usb0

To un-mount a volume make use of the df command above to discover the USB drive mount point and issue the unmount command as follows.

sudo umount /media/usb0

Upgrade Ubuntu 14.10 to 15.04

You can view your version of Ubuntu with the following command.

lsb_release -a
user@ubuntu:~$ lsb_release -a
No LSB modules are available.
Distributor ID: Ubuntu
Description:    Ubuntu 14.10
Release:        14.10
Codename:       utopic

Update and upgrade the system.

sudo apt-get update
sudo apt-get upgrade

If not already installed, then install the update-manager-core package from the repository.

sudo apt-get install update-manager-core

Start the upgrade tool.

sudo do-release-upgrade

Now follow the prompts to complete the upgrade to Ubuntu 15.04. Read the instructions carefully.

Verify the upgrade was successful with the help of the lsb_release command.

lsb_release -a
user@ubuntu:~$ lsb_release -a
No LSB modules are available.
Distributor ID: Ubuntu
Description:    Ubuntu 15.04
Release:        15.04
Codename:       vivid