September 14th, 2008 Mikrotik
In this article, I want to describe how to tunnel EoIP over a PPtP connection. EoIP is a Mikrotik specific method of bridging ethernet traffic over a routed network. The problem with using EoIP as a “VPN”, is that it is not encrypted. The network we will build in this article will tunnel the EoIP traffic over an encrypted PPtP tunnel. There are other methods available in later versions of Mikrotik RouterOS to accomplish this functionality (OpenVPN, for one example) and I will be adding articles on some of these at a later time. the method described in this article will work in any version of Mikrotik RouterOS. It has been tested under 2.8.28, 2.9.51 and 3.13.
Read the rest of this entry »
September 12th, 2008 Mikrotik
In “normal” routing, you have a set of routes that tell the router about how to reach certain networks. Policy routing is a way to do the same thing, but have different “paths” or routes for various types of traffic. In this article, we will explore the requirements for setting up policy routing and explain some of the concepts involved.
Read the rest of this entry »
September 11th, 2008 Mikrotik
This article is just a script that you can cut and paste (with small changes) to your router. It will set up the necessary stuff to automate backups. The script is commented well and the parts that you need to customize are highlighted, so that you know what has to be adjusted. This is based on a script posted on Mikrotik’s website, updated to work in 2.9.x and 3.x.
Read the rest of this entry »
September 11th, 2008 Mikrotik
This helpful script was given to me. It was sent to me by WISP-Router (http://www.wisp-router.com/). Casey told me it was sent to them by one of their customers. It will create a beep that changes frequency as the alignment gets better/worse. Requires (of course) a MT router with a speaker onboard.
Read the rest of this entry »
September 11th, 2008 Basic Routing
It’s a question that I get from time to time and it’s time to answer here. If you understand the fundamental principles of networking, then all the other parts of building and maintaining an ISP network (wired OR wireless) are much simpler. In this series of articles we will discuss the processes that make IP networking function by delving into the fundamentals of how subnetting works, how a router USES subnet information and the very important arp process.
This topic is an easy topic to understand, but it is difficult to organize the materials and ideas needed to easily explain. This is because there are so many pieces that are related and understanding one part is necessary to understand the next. You, as a reader, may need to read this article more than once in order to fully understand all of the parts. We will use the following “talking points” to cover this topic:
- Networking basics – what is needed to make two or more computers communicate?
- What is a router and why is it a necessary component in a network?
- Subnet masks and what they mean. What, exactly, IS a subnet address and why do I care?
- ARP – what is it and what does it do?
- Wrap up and tying up the loose ends.
Read the rest of this entry »
August 7th, 2008 Uncategorized
As many of you know, it was recently discovered that the DNS protocol has a serious flaw. I don’t have a lot to add to the conversations of some serious experts, but I wanted to post a link to some of the tools that I have found that will help you know if you are at risk.
Dan Kaminsky, a security researcher, recently discovered the flaw. While I am never one to preach “doom and gloom”, this is a really serious bug that WILL gain traction among the hackers. There is already proof of concept code available that shows how to attack this flaw, so don’t hesitate to fix it. DoxPara Research is where you will find the best information about the flaw. Also at Dan’s website (DoxPara), is a tool that will test your DNS server to see if it is vulnerable. YOU SHOULD TEST THIS NOW! Don’t hesitate and do it later. NOW! (Please)
Also, ICANN has released a tool that will test the DNS server that is providing DNS services for your domain. More information on the exploit and it’s implications can be found on ICANN’s website. Their tool is here. Again, this is very important to the security of not only YOUR website, but, also, to the security of anyone who visits your website. DON’T DELAY! DO IT NOW!
July 28th, 2008 Mikrotik
Over the course of the past several days, I have seen a significant number of folks who misunderstand the proper use for the new interface based routing option in MikroTik’s RouterOS.
First, what is interface routing anyway? In order to understand the answer to this question, we first have to understand how network communications works. More specifically, we will discuss how IP communications happens.
Read the rest of this entry »
July 6th, 2008 ImageStream, iptables
In this article, I will provide a brief tutorial for using iptables. This article applies specifically to ImageStream routers, but more generally, it applies to ALL Linux based devices that use iptables for the filtering of traffic. In another article, I will address firewalling in Mikrotik, which is, also, an iptables based firewall. Some parts of this article will apply to Mikrotik, so it may be worth reading even if you are a pure Mikrotik shop.
June 28th, 2008 ImageStream
The ImageStream router (http://www.imagestream.com) is a Linux based router that offers all the flexibility of any other Linux system with the added advantage of ImageStream’s special driver component architecture and management interface called “Inetics”. I won’t go into the details of the Inetics platform (that’ll be another article some day), but it should be sufficient to say that it is a trememdous feature in ImageStream’s router platforms.
This article will detail the steps needed to successfully configure an ImageStream router as a replacement for a consumer grade CPE device such as a Linksys, Dlink or even the higher end Cisco Pix. This article will deal only with the configuration of a router with ethernet ports. We will see all the steps needed to get the customer online and functional. Items such as VPN and firewall will also be covered at a later time.
Read the rest of this entry »