tag:blogger.com,1999:blog-11339520892353563492024-03-16T23:19:35.567-03:00MazoliniEsse blog é pra postar dicas sobre IT. Coisas que eu estou estudando. Coisas que não devo esquecer.Eduardo Mazolinihttp://www.blogger.com/profile/00027390881892041731noreply@blogger.comBlogger58125tag:blogger.com,1999:blog-1133952089235356349.post-42859608858259233552024-03-16T23:18:00.003-03:002024-03-16T23:18:37.988-03:00UBUNTU 22.04 - Serial Console e qemu-client<h3 style="text-align: left;"> <br />QEMU AGENT</h3><p>Instala o cliente qemu lembre de ativar na options da VM</p><div style="text-align: left;"><span style="font-family: courier;">sudo apt -y install qemu-guest-agent<br />sudo systemctl enable qemu-guest-agent<br />sudo systemctl start qemu-guest-agent<br />sudo systemctl status qemu-guest-agent</span></div><p><br /></p><h3 style="text-align: left;">Ativar Serial Console</h3><h4 style="text-align: left;">Altera o grub</h4><p>Recomendo fazer um snapshot pq um erro no grub pode causar muita dor de cabeça</p><p><span style="background-color: white; color: #333333; font-family: Ubuntu, "Ubuntu Beta", "Bitstream Vera Sans", "DejaVu Sans", Tahoma, sans-serif; font-size: 13px;">vi /etc/default/grub</span></p><p><span style="background-color: white; font-size: 13px;"><span style="color: #333333; font-family: Ubuntu, Ubuntu Beta, Bitstream Vera Sans, DejaVu Sans, Tahoma, sans-serif;">GRUB_CMDLINE_LINUX="console=tty0 console=ttyS0,115200n8"</span></span></p><p>Agora a ediçõa do arquivo vai ser aplicada ao grub de fato.</p><p><span style="background-color: white; color: #333333; font-family: monospace; font-size: 13px;">update-grub</span></p><p><span style="background-color: white; color: #333333; font-family: Ubuntu, "Ubuntu Beta", "Bitstream Vera Sans", "DejaVu Sans", Tahoma, sans-serif; font-size: 13px;">fonte: </span><span style="color: #333333; font-family: Ubuntu, Ubuntu Beta, Bitstream Vera Sans, DejaVu Sans, Tahoma, sans-serif;"><span style="font-size: 13px;"><a href="https://help.ubuntu.com/community/SerialConsoleHowto">https://help.ubuntu.com/community/SerialConsoleHowto</a></span></span></p><h4 style="text-align: left;"><br />Serviço com autologin</h4><p>Se alguém chegou no seu proxmox pra colocar um disco de boot alternativo e trocar sua senha da maquina ta fácil. Execto se vc realmente criptografou o disco. Mas nesse ponto ainda sim outros tantos problemas podem ocorrer. Se a maquina for sua e o proxmox também facilita sua vida. Nerds de segurança podem deixar comentários com uma lista de motivos pra não fazer isso.</p><p>Outra forma é criar um arquivo com serviço no sistema:</p><p><span style="font-family: courier;">mkdir /etc/systemd/system/serial-getty@ttyS0.service.d</span></p><p><span style="font-family: courier;">cd /etc/systemd/system/serial-getty@ttyS0.service.d</span></p><p><span style="font-family: courier;">vi autologin.conf</span></p><div style="text-align: left;"><span style="font-family: courier;">[Service]<br />ExecStart=<br />ExecStart=/sbin/agetty -a root --noclear %I 115200 vt102</span></div><div style="text-align: left;"><p>Ative o serviço e inicie ele:</p><div style="text-align: left;"><span style="font-family: courier;">systemctl enable serial-getty@ttyS0.service<br /></span><span style="font-family: courier;">systemctl start serial-getty@ttyS0.service</span><br /></div></div><p style="text-align: left;"><br /></p><p style="text-align: left;"><b>Sudo</b></p><p style="text-align: left;">Para facilitar o acesso crie um arquivo pra cada usuário em</p><div style="text-align: left;"><span style="font-family: courier;">cd /etc/sudoers.d<br /></span><span style="font-family: courier;">vi joao<br /></span><span style="font-family: courier;">joao ALL=(ALL:ALL) ALL<br /></span><span style="font-family: courier;">vi maria<br /></span><span style="font-family: courier;">maria ALL=NOPASSWD: ALL</span></div><p style="text-align: left;">João vai precisar digitar a senha dele pra virar root</p><p style="text-align: left;">Maria nem vai precisar lembrar a senha dela pra virar root. Aqui é vacilo pq se por algum serviço bugado alguém ganhar seu shell, já ganha o do root também.</p><p style="text-align: left;"><br /></p>Eduardo Mazolinihttp://www.blogger.com/profile/00027390881892041731noreply@blogger.com0tag:blogger.com,1999:blog-1133952089235356349.post-61585857853453302072024-01-23T17:09:00.003-03:002024-01-23T17:09:50.860-03:00Proxmox - Falha backup VZDUMP<p>Sofri com isso no meu servidor pois o backup é remoto.</p><p>O log dizia:</p><p><span style="background-color: white; font-family: "Lato 2", sans-serif, system-ui, -apple-system, "Segoe UI", Roboto, Ubuntu, Cantarell, "Noto Sans", sans-serif; font-size: 14px;"></span></p><blockquote>command 'rsync --stats -h --numeric-ids -aH --delete --no-whole-file --sparse --one-file-system --relative '--exclude=/tmp/?*' '--exclude=/var/tmp/?*' '--exclude=/var/run/?*.pid' /proc/????/root//./ /mnt/pve/nfs-remoto/dump/vzdump-lxc-???-2024_01_20-01_21_54.tmp' failed: exit code 23</blockquote><p></p><p>Só falhava backup de container com disco do tipo arquivo raw.</p><p>Comprei um SSD liguei na USB do servidor, montei ela e alterei o arquivo </p><p><span style="background-color: white; color: #141618; font-family: "Open Sans", Roboto, -apple-system, BlinkMacSystemFont, "Segoe UI", Oxygen, Ubuntu, Cantarell, "Fira Sans", "Droid Sans", "Helvetica Neue", sans-serif; font-size: 14px;"></span></p><blockquote><p><span style="background-color: white; color: #141618; font-family: "Open Sans", Roboto, -apple-system, BlinkMacSystemFont, "Segoe UI", Oxygen, Ubuntu, Cantarell, "Fira Sans", "Droid Sans", "Helvetica Neue", sans-serif; font-size: 14px;">vi /etc/vzdump.conf</span><br style="background-color: white; box-sizing: border-box; color: #141618; font-family: "Open Sans", Roboto, -apple-system, BlinkMacSystemFont, "Segoe UI", Oxygen, Ubuntu, Cantarell, "Fira Sans", "Droid Sans", "Helvetica Neue", sans-serif; font-size: 14px;" /></p><p><span style="background-color: white; color: #141618; font-family: "Open Sans", Roboto, -apple-system, BlinkMacSystemFont, "Segoe UI", Oxygen, Ubuntu, Cantarell, "Fira Sans", "Droid Sans", "Helvetica Neue", sans-serif; font-size: 14px;">tmpdir: /mnt/pve/temp #caminho pro meu SSD externo</span></p></blockquote><p><span style="background-color: white; color: #141618; font-family: "Open Sans", Roboto, -apple-system, BlinkMacSystemFont, "Segoe UI", Oxygen, Ubuntu, Cantarell, "Fira Sans", "Droid Sans", "Helvetica Neue", sans-serif; font-size: 14px;"></span></p><p><br /></p><p>fonte: https://forum.proxmox.com/threads/tmpdir-setting-in-vzdump-conf-is-ignored.76689/</p>Eduardo Mazolinihttp://www.blogger.com/profile/00027390881892041731noreply@blogger.com0tag:blogger.com,1999:blog-1133952089235356349.post-87691389515726422152024-01-23T16:38:00.001-03:002024-01-23T16:38:14.378-03:00Asterisk FreePBX - Completar ligações VIVO SIP para iPhone<p>Eu não conseguia completar ligações no SIP da Vivo para celulares iPhone.</p><p>Consegui resolver para mim e fiz pull request no projeto oficial.</p><p>O problema é o maxptime fixo até o momento em 150 que tem que ser multiplo do tamanho do pacote enviado, normalmente 20ms. Uma outra solução seria reduzir para 10ms</p><p>O que sugeri foi alterar o valor para 140ms que é multiplo de 20ms e 10ms</p><p><br /></p><div style="text-align: left;"><a href="goog_2017142942">https://github.com/asterisk/testsuite/issues/15<br /></a><a href="goog_2017142942">https://github.com/asterisk/testsuite/commit/2acead229ff85003ad63cd8e2e2ed66d66ef9bd9<br /></a><a href="goog_2017142942">https://github.com/asterisk/testsuite/commits?author=eduardomazolini</a></div><div style="text-align: left;"><a href="goog_2017142942"><span style="color: black;"><br /></span></a><a href="goog_2017142942">https://github.com/asterisk/asterisk/issues/260<br /></a><a href="goog_2017142942">https://github.com/asterisk/asterisk/commit/91e368c4858bd578b07a70f98f961f3f85e41195<br /></a><a href="https://github.com/asterisk/asterisk/commits?author=eduardomazolini">https://github.com/asterisk/asterisk/commits?author=eduardomazolini</a></div><p style="text-align: left;"><br /></p><p style="text-align: left;">Mas como recompilar o asterisk atual (2023) do freePBX</p><p>yum install git</p><p><br /></p><p>cd /usr/src/</p><p>git clone --depth 1 --branch 16.30.0 https://github.com/asterisk/asterisk.git asterisk-16.30.0</p><p><br /></p><p>vi /usr/src/asterisk-16.30.0/main/codec_builtin.c</p><p>Editei todos os valores ".maximum_ms" impar para 10 a menos.</p><p>yum install bzip2</p><p>yum install openssl</p><p>yum install openssl-devel</p><p>yum install patch</p><p>yum install libedit</p><p>yum install libedit-devel</p><p>yum install uuid</p><p>yum install uuid-devel</p><p>yum install libuuid-devel</p><p>yum install jansson</p><p>yum install jansson-devel</p><p>yum install libxml2-devel</p><p>yum install libxml2</p><p>yum install sqlite</p><p>yum install libsqlite3x</p><p>yum install libsqlite3x-devel</p><p><br /></p><p>./configure</p><p><br /></p><p>make</p><div><br /></div><div>cp usr/src/asterisk-16.30.0/main/asterisk /usr/sbin/asterisk</div>Eduardo Mazolinihttp://www.blogger.com/profile/00027390881892041731noreply@blogger.com0tag:blogger.com,1999:blog-1133952089235356349.post-3796438018090951632024-01-23T16:10:00.001-03:002024-01-23T16:10:07.617-03:00POSTFIX PROXMOX 7.4.1<p>Como eu configurei meu Proxmox para enviar e-mail</p><p>O e-mail de origem é editado em:<br /></p><blockquote><p>Datacenter -> Options -> Email from address</p><p></p></blockquote><p><br /></p><p>Editar /etc/postfix/main.cf</p><p></p><blockquote><div style="text-align: left;">.<br />.<br />.<br />#relayhost =<br />.<br />.<br />.<br />#Inserido por Eduardo xx/xx/2024<br />relayhost = [smtp-server.example.com]:587<br />smtp_use_tls = yes<br />smtp_tls_security_level = encrypt<br />smtp_tls_note_starttls_offer = yes<br />smtp_tls_CAfile = /etc/ssl/certs/ca-certificates.crt<br />smtp_sasl_auth_enable = yes<br />smtp_sasl_password_maps = hash:/etc/postfix/sasl/sasl_passwd<br />smtp_sasl_security_options = noanonymous<br /># foi necessario instalar pacote: apt install libsasl2-modules</div></blockquote><p> </p><p>Instalar pacote </p><blockquote><div style="text-align: left;">apt install libsasl2-modules </div></blockquote><p> </p><p>Editar /etc/postfix/sasl/sasl_passwd</p><blockquote><p>[smtp-server.example.com]:587 userSMTP:passSMTP</p></blockquote><p><br /></p><p>Gerar hash da senha no .db</p><blockquote><div style="text-align: left;">postmap /etc/postfix/sasl/sasl_passwd</div></blockquote><p></p><blockquote><p>chmod 600 /etc/postfix/sasl/sasl_passwd /etc/postfix/sasl/sasl_passwd.db </p><p></p></blockquote><p><br /></p><p>Reiniciar postfix</p><div style="text-align: left;"><blockquote>service postfix restart</blockquote><p><br /></p><p>Testar</p><p></p><blockquote> echo "Corpo do e-mail" | mail -s "Assunto do e-mail" destino@example.com</blockquote><p></p></div><p></p><p></p>Eduardo Mazolinihttp://www.blogger.com/profile/00027390881892041731noreply@blogger.com0tag:blogger.com,1999:blog-1133952089235356349.post-2213652330901658682023-03-15T00:26:00.003-03:002023-03-15T00:26:43.682-03:00Serverless<h1 style="text-align: left;"> Altrenativas para serverless on-premise</h1><p>Antes de usar serverless precisa pensar onde rodar</p><p>- Docker - para situações mais simples</p><p>- Kuberntes </p><p>- Apache Mesos</p><p><br /></p><p>Vamos a lista por popularidade</p><p><br /></p><h3 style="text-align: left;">1) Dokku</h3><p>fonte: https://dokku.com/</p><p>An open source PAAS alternative to Heroku.</p><p>Dokku helps you build and manage the lifecycle of applications from building to scaling.</p><p>Dokku Manager Interface Dashboard on https://github.com/beydogan/dokku-man</p><p>Ledokku is a beautiful web dashboard powered by dokku. With Ledokku you will be able to deploy apps in most popular programming languages, link them to most popular databases and all that with almost zero configuration from your side. Apart from all these amazing features it will also save you money along the way. fonte: https://www.ledokku.com/</p><p><br /></p><h3 style="text-align: left;">2) OpenFaaS</h3><p>fonte: https://www.openfaas.com/</p><p>Serverless Functions, Made Simple.</p><p>OpenFaaS® makes it simple to deploy both functions and existing code to Kubernetes.</p><p><br /></p><h3 style="text-align: left;">3) CapRover</h3><p>fonte: https://caprover.com/</p><p>CapRover is an extremely easy to use app/database deployment & web server manager for your NodeJS, Python, PHP, ASP.NET, Ruby, MySQL, MongoDB, Postgres, WordPress (and etc...) applications! It's blazingly fast and very robust as it uses Docker, nginx, LetsEncrypt and NetData under the hood behind its simple-to-use interface.</p><p><br /></p><h3 style="text-align: left;">4) OpenWhisk</h3><p>fonte: https://openwhisk.apache.org/</p><p>Apache OpenWhisk is an open source, distributed Serverless platform that executes functions (fx) in response to events at any scale. OpenWhisk manages the infrastructure, servers and scaling using containers. Options include many of today's popular Container frameworks such as Kubernetes and OpenShift, and Compose.</p><p><br /></p><h3 style="text-align: left;">5) Fn Project</h3><p>fonte: https://fnproject.io/</p><p>Open Source. Container-native. Serverless platform.</p><p>Dashbord in UI - Fn Sub-projects: https://github.com/fnproject/ui</p><p><br /></p><h3 style="text-align: left;">X) Parse</h3><p>fonte: https://parseplatform.org/</p><p>The Complete Application Stack. Build applications faster with object and file storage, user authentication, push notifications, dashboard and more out of the box.</p><p>Parse-Dashborad A dashboard for managing Parse Server</p><p>Cloud Code is built into Parse Server. The default entry point for your Cloud</p><p><br /></p><h3 style="text-align: left;">X) Fission</h3><p>fonte: https://fission.io/</p><p>Open source Kubernetes-native Serverless Framework</p><p><br /></p><h3 style="text-align: left;">X) Iron.IO</h3><p>fonte: https://open.iron.io/</p><p>Functions is an open source serverless computing platform for any cloud - private, public, or hybrid.</p><p>Kubernetes, Docker Swarm and Mesosphere support</p><p><br /></p><h3 style="text-align: left;">X) Nuclio</h3><p>fonte: https://nuclio.io/</p><p>The simplest way to explore Nuclio is to run its graphical user interface (GUI) of the Nuclio dashboard. All you need to run the dashboard is Docker.</p><p><br /></p><p>https://knative.dev/docs/</p><p>https://kyma-project.io/</p>Eduardo Mazolinihttp://www.blogger.com/profile/00027390881892041731noreply@blogger.com0tag:blogger.com,1999:blog-1133952089235356349.post-73315718545744313392020-12-28T00:20:00.006-03:002020-12-28T20:33:40.612-03:00Ferramentas de test<p>Lista de ferramentas que existem mas não uso no dia a dia e por isso acabo esquecendo.</p>
<h3>social-engineer-toolkit</h3>
<p>Cria clone de sites.</p>
<p>https://github.com/trustedsec/social-engineer-toolkit</p>
<h3>Beef</h3>
<p>Faz Cross-Site Scripting (XSS), permitindo executar scripts no navegador dos clientes que estão com site aberto, ex: pop-up emulando uma janela do facebook pedindo para digitar a senha novamente.</p>
<p>https://beefproject.com/</p>
<h3>SQL Map</h3>
<p>Explora uma falha de sql injection de forma automática extraindo informações do banco.</p>
<p>http://sqlmap.org/</p>
<h3>Weevely</h3>
<p>Cria um terminal através do servidor apache, caso seja possível fazer upload de um arquivo PHP.</p>
<p>https://github.com/epinna/weevely3</p>
<p></p>
<h3>OWASP ZAP</h3>
<p>Cria um relatório de vulnerabilidades</p>
<p>https://www.zaproxy.org/</p><h3 style="text-align: left;">mitmf</h3><p>mitmf --arp --spoof --target [IP vítima] --gateway [IP roteador] -i [interface]</p><p><br /></p><p>Slowloris</p><p>nmap zenmap</p><p>netcat</p>
Eduardo Mazolinihttp://www.blogger.com/profile/00027390881892041731noreply@blogger.com0tag:blogger.com,1999:blog-1133952089235356349.post-30631316493939503342019-08-09T16:06:00.000-03:002019-08-09T16:06:03.171-03:00Virtualização VM e DockerHoje ter servidores pra cada necessidade já e claramente perda de recursos.<br />
Então qual a solução? Contratar da núvem ou virtualizar localmente (On-Premises).<br />
Passar pra nuvem realmente é uma alternativa, precisa ser feita uma avaliação financeira.<br />
Se pagar por mês, em 24x já vale o custo do PC simples desligado, sim só o Servidor simples desligado.<br />
Tem que por na conta:<br />
- energia elétrica<br />
- ar-condicionado,<br />
- profissional de DevOps,<br />
- rack,<br />
- espaço do rack no aluguel do imóvel.<br />
- depreciação<br />
<br />
Depende de quantos serviços simples já vale um servidor profissional de R$5mil, R$15mil, R$130mil. Mas comprar agora ou financiar.<br />
<br />
Virtualização tem varias opções e formas, temos as <b>VMs</b> e os <b>Containers</b>.<br />
Para ambas as formas temos opções de fazer em nossos desktops, em cima do Sistema Operacional existente seja Windows 10, Linux Desktop ou MacOS, mas isso não serve pra por em produção.<br />
<br />
VM no Desktop temos Oracle VirtualBox, VMware Play(só pra rodar), VMWare Workstation, VMWare Fusion.<br />
Container no Desktop temos Docker CE, Minikube (kubernetes), Canonical Microk8s.<br />
<br />
Pra virtualizar precisamos de softwares de virtualização (Hypervisor) em um Sistema Operacional que consuma o minimo.<br />
<br />
Abaixo algumas opções para VM:<br />
- <b>KVM</b><br />
-- Proxmox VE<br />
-- oVirt<br />
- VMWare EXSi<br />
- Microsoft Hyper-V<br />
- Citrix <b>Xen</b>Server<br />
-- Citrix Hypervisor 8.0<br />
-- XenServer 7.1 LTSR<br />
-- XenServer 7.0<br />
-- XenServer 7.6 Free Edition<br />
-- XPC-NG<br />
--- Xen Orchestra (Free - U$77 - U$550) (Free, minha escolha)<br />
<br />
Abaixo algumas opções para Container:<br />
- CoreOS<br />
-- Tectonic<br />
-- Integrado ao Xen Orchestra Unified Appliance (XOA)<br />
-- RedHat Openshift<br />
- RancherOS<br />
<div>
-- Rancher (Minha escolha)<br />
<div>
<br /></div>
</div>
<div>
Existem outras distribuições do Kubernets</div>
<div>
<br /></div>
Tanto para VM como Containers existem os <b>Orquestradores</b> e existem as interfaces gráficas web (<b>Web GUI</b>, site pra gerenciar) que são produtos adicionais opcionais.<br />
<br />
Para containers tem o mais simples <b>Swarm</b> e observei movimento de uma padronização em cima do <b>Kubernets</b>.<br />
Todas Web GUI que encontrei já tem algum recurso para orquestração dos contêineres.<br />
<br />
Algumas Web GUI para conteiners<br />
-- <a href="https://www.portainer.io/products-services/portainer-community-edition/" rel="nofollow" target="_blank">Portainer</a><br />
-- <a href="https://shipyard-project.com/automated-deployment/" rel="nofollow" target="_blank">Shipyard</a><br />
-- <a href="https://rancher.com/products/rancher" rel="nofollow" target="_blank">Rancher</a><br />
<div>
-- <a href="https://kubernetes.io/docs/tasks/access-application-cluster/web-ui-dashboard" rel="nofollow" target="_blank">Kubernets Dashboard</a></div>
<div>
<br /></div>
<div>
Eu tenho só alguns PC simples, assim que der vou comprar meu servidor, mas já preciso juntar algumas coisinhas nos PCs que tenho.</div>
<div>
<br /></div>
<div>
Eu não preciso de orquestradores pra VMs, uma Web GUI básica já me resolve, pode ser as que vem junto.<br />
Uma opção livre que promete unir os diferentes hypervisors é o OpenStack.<br />
Não achei um linux pronto com OpenStack e um Hypervisor, aceito sugestões.<br />
<br /></div>
<div>
Eu preciso de orquestração de containters, com certeza não necessito de tudo que o kubernets oferece, Swarm já me atende uso ele em desenvolvimento.<br />
<br />
Então eu escolhi o xcp-ng com xoa livre.<br />
Não consegui ativar o pluging do xoa pra gerenciar conteiners no CoreOS.<br />
Então optei pelo Rancher no RancherOS.<br />
<br />
<br /></div>
<div>
<br /></div>
<div>
<br /></div>
<div>
<br /></div>
Eduardo Mazolinihttp://www.blogger.com/profile/00027390881892041731noreply@blogger.com0tag:blogger.com,1999:blog-1133952089235356349.post-73866108954179498352018-06-04T00:15:00.000-03:002018-06-04T00:18:56.649-03:00Facebook Fake CommentsRecentemente vi algumas noticias com base em capturas de tela do Facebook e twitter. Quando fui olhar teoricamente os comentários tinham sido apagados.<br />
Criei essa extensão só pra permitir que qualquer pessoa leiga consiga também criar seus Prints de comentários do Facebook.<br />
Acredite os profissionais já sabem fazer isso, não estou ajudando eles.<br />
<br />
Código Fonte:<br />
<a href="https://github.com/eduardomazolini/FacebookFakeComment/" rel="nofollow" target="_blank">https://github.com/eduardomazolini/FacebookFakeComment/</a>Eduardo Mazolinihttp://www.blogger.com/profile/00027390881892041731noreply@blogger.com0tag:blogger.com,1999:blog-1133952089235356349.post-76127214201787577662018-04-26T21:26:00.001-03:002018-04-26T21:37:36.652-03:00ngrok torna DDNS passadoEssa semana estava testando um chatbot para skype e na documentação do exemplo sugeria o uso do ngrok pra rodar a demo, até então não conhecia o serviço.<br />
<br />
Já vi muitos modos de fazer túnel para diversos propósitos, mas a simplicidade e utilidade deste serviço é impressionante.<br />
<br />
O site oficial é <a href="https://ngrok.com/">ngrok.com</a>.<br />
Eu usei para criar um túnel publico pra a aplicação que esta rodando na minha maquina de desenvolvimento, mas não é só isso, o Skype exige que o servidor seja HTTPS, eu não precisei criar certificado, nem parei pra pensar nisso.<br />
<br />
O túnel no lado publico é HTTP ou HTTPS usa o certificado da ngrok, afinal é um subdomínio deles, e chama do meu lado aplicação HTTP.<br />
<br />
Simplesmente tinha meu servidor XAMPP exposto em um subdominio deles com certificado ou seja HTTPS. No segundo seguinte meu aplicativo em NODE.JS do bot funcionado com HTTPS recebendo os webhooks.<br />
<br />
DDNS é coisa do passado com esse serviço, quanto já apanhei:<br />
- configurando encaminhamento de porta do roteador,<br />
- fixando a reserva de IP no DHCP pra minha maquina,<br />
- gerar um certificado HTTPS quase impossível em algumas situações.<br />
<br />
<img height="398" src="https://camo.githubusercontent.com/f2d698991e6a0411680413ebcc15a6460b8beda3/68747470733a2f2f6e67726f6b2e636f6d2f7374617469632f696d672f6f766572766965772e706e67" width="640" /><br />
<br />
Como o site diz:<br />
Public URLs for <b>building webhook integrations</b>.<br />
Public URLs for <b>testing your chatbot</b>.<br />
<br />
Publique endereços para webhooks que também são usadas por chatbots.<br />
<br />
Public URLs for <b>exposing your local web server</b>.<br />
Public URLs for <b>demoing from your own machine</b>.<br />
Public URLs for <b>sending previews to clients</b>.<br />
Public URLs for <b>testing on mobile devices</b>.<br />
<br />
Publique URLs para expor seu servidor local permitindo demonstração, mostrar previas sem precisar fazer deploy, testar backend de aplicativos moveis.<br />
<br />
Public URLs for <b>SSH access to your Raspberry Pi</b>.<br />
<div>
<br /></div>
<div>
Crie túnel TCP para acessar seu servidor por SSH.</div>
<div>
<br /></div>
<div>
Éhhhh o serviço não é exclusivo pra HTTP/HTTPS é também túnel TLS e TCP.</div>
<div>
Você pode expor um banco de dados, qualquer serviço que quiser.</div>
<div>
<br /></div>
<div>
Espero que tenham achado tão util quanto eu.</div>
Eduardo Mazolinihttp://www.blogger.com/profile/00027390881892041731noreply@blogger.com0tag:blogger.com,1999:blog-1133952089235356349.post-9525253155615134162018-02-21T13:41:00.002-03:002018-02-21T13:41:18.789-03:00UBNT SSH Mudar frequência ou outro parâmetroEsses dias peguei um PTP que estava sofrendo interferência e não conseguia acessar o lado AP por HTTP. Muito lento consegui abrir SSH.<br />
Então precisei alterar a frequência pra depois continuar a configurar.<br />
Usei o comando SED que esta disponível no shell.<br />
Supondo que mudei de 5500 MHz para 5560 MHz segue o exemplo<br />
<br />
<br />
<a name='more'></a><br />
cd /tmp/<br />
sed -i "s/radio.1.freq=5500/radio.1.freq=5560/g" running.cfg<br />
sed -i "s/radio.1.freq=5500/radio.1.freq=5560/g" system.cfg<br />
save<br />
rebootEduardo Mazolinihttp://www.blogger.com/profile/00027390881892041731noreply@blogger.com0tag:blogger.com,1999:blog-1133952089235356349.post-9257489969085585382017-10-31T20:51:00.001-02:002018-02-21T13:37:11.268-03:00mAP para técnico de campo<h3>
<b>Objetivo:</b></h3>
Permitir ao técnico agilidade na instalação acessando todos os equipamentos sem ficar fixando IP.<br />
A configuração se parece com:<br />
- as Ethernet em bridge<br />
- a WLAN com NAT e servidor DHCP.<br />
<br />
<b>Sugestões adicionais não listadas aqui:</b><br />
- O mAP pode fazer para o cliente a demonstração do serviço de Hotspot do Mikrotik<br />
- O mAP pode discar uma OVPN pra um servidor da empresa.<br />
- O Suporte pode discar uma EoIP em cima da OVPN pra ajudar o técnico de campo.<br />
<br />
<h3>
<b>Pontos de atenção:</b></h3>
- Mikrotik reiniciado sem configuração default não tem IP precisa de acesso por MAC, tem que estar na mesma bridge.<br />
- O notebook ou celular do técnico precisa de um servidor DHCP,<br />
- Como é tudo uma só bridge e tem um DHCP Server ativo devemos evitar que ele conflite com o roteador do cliente ou DHCP da CPE que serve ao roteador do cliente.<br />
<br />
<h3>
<b>Solução:</b></h3>
1) Trabalhar em bridge para permitir o acesso ao mikrotik por MAC.<br />
2) Adicionar vários IPs diferentes na bridge para comunicação com cada rede que os equipamentos usam.<br />
3) Criar DHCP Server da RB que é usada no Wi-Fi.<br />
4) Fazer SRC-NAT do que vai para os equipamentos pois eles não tem gateway default.<br />
5) Filtrar DHCP Server da RB que não atrapalhe a rede do cliente.<br />
6) Configurações Básicas para acesso a RB.<br />
<br />
<br />
<h3>
<b>Passo a passo:</b></h3>
<b>1) Trabalhar em bridge para permitir o acesso ao mikrotik por MAC.</b><br />
<br />
/interface bridge<br />
add name=bridge<br />
/interface bridge port<br />
add bridge=bridge interface=wlan1<br />
add bridge=bridge interface=ether1<br />
add bridge=bridge interface=ether2<br />
<b><br /></b>
<b>2) Adicionar vários IPs diferentes na bridge para comunicação com cada rede que os equipamentos usam.</b><br />
<div>
<br /></div>
<div>
/ip address<br />
add address=192.168.1.10/24 interface=bridge comment="UBNT"<br />
add address=10.0.0.204/24 interface=bridge comment="Padrao p Cliente"<br />
/ip dhcp-client<br />
add default-route-distance=1 disabled=no interface=bridge<br />
<div>
/ip dns<br />
set servers=8.8.8.8,8.8.4.4<br />
/ip route<br />
add distance=10 gateway=10.0.0.1 comment="Padrao p Cliente distancia maior que dhcp client"</div>
<div>
<br /></div>
<b>3) Criar DHCP Server da RB que é usada no Wi-Fi.</b><br />
<div>
<br /></div>
/ip address</div>
<div>
add address=192.168.5.1/24 interface=bridge<br />
/ip pool<br />
add name=pool-wifi ranges=192.168.5.100-192.168.5.200<br />
/ip dhcp-server<br />
add address-pool=pool-wifi disabled=no interface=bridge name=server-wifi</div>
<div>
/ip dhcp-server network<br />
add address=192.168.5.0/24 dns-server=8.8.8.8,8.8.4.4 gateway=192.168.5.1</div>
<div>
<br />
/interface wireless security-profiles<br />
add authentication-types=wpa-psk,wpa2-psk mode=dynamic-keys name=wireless \<br />
wpa-pre-shared-key=02091925 wpa2-pre-shared-key=02091925<br />
/interface wireless<br />
set [ find default-name=wlan1 ] disabled=no mode=ap-bridge security-profile=wireless \<br />
ssid=WiFiTecnico</div>
<div>
<br /></div>
<div>
<b>4) Fazer SRC-NAT do que vai para os equipamentos pois eles não tem gateway default.</b></div>
<div>
</div>
<br />
/ip firewall nat<br />
add action=masquerade chain=srcnat src-address=192.168.5.0/24<br />
<div>
<br /></div>
<br />
<b>5) Filtrar DHCP Server da RB que não atrapalhe a rede do cliente.</b><br />
<div>
<br /></div>
/interface bridge filter<br />
add action=drop chain=input dst-port=67 in-interface=ether1 ip-protocol=udp \<br />
mac-protocol=ip<br />
add action=drop chain=output dst-port=68 ip-protocol=udp mac-protocol=ip \<br />
out-interface=ether1<br />
add action=drop chain=input dst-port=67 in-interface=ether2 ip-protocol=udp \<br />
mac-protocol=ip<br />
add action=drop chain=output dst-port=68 ip-protocol=udp mac-protocol=ip \<br />
out-interface=ether2<br />
add action=drop chain=forward dst-port=67 in-interface=wlan1 ip-protocol=udp \<br />
mac-protocol=ip<br />
add action=drop chain=forward dst-port=68 ip-protocol=udp mac-protocol=ip \<br />
out-interface=wlan1<br />
<br />
<b>6) Configurações Básicas para acesso a RB.</b><br />
<div>
<br /></div>
/system identity<br />
set name=mAP-Tecnico1<br />
/user group<br />
add name=null<br />
/user aaa<br />
set default-group=null<br />
<div>
/user<br />
<div>
add name=BLABLABLA password=BLABLABLA group=full<br />
set [find name=admin] group=null password=RANDOM</div>
<div>
set 0 group=null</div>
<br /></div>
Eduardo Mazolinihttp://www.blogger.com/profile/00027390881892041731noreply@blogger.com0tag:blogger.com,1999:blog-1133952089235356349.post-80688638975871813262017-10-31T20:13:00.000-02:002017-10-31T20:13:06.136-02:00Elastix não morreuInfelizmente a marca Elastix foi comprada pela 3CX e quase perdemos uma ótima distribuição Asterisk.<br />
Uma comunidade do México pretende continuar o Elastix o novo nome do projeto é Issabel.<br />
<br />
Fonte: https://www.issabel.com/continuidad-elastix-mexico/Eduardo Mazolinihttp://www.blogger.com/profile/00027390881892041731noreply@blogger.com0tag:blogger.com,1999:blog-1133952089235356349.post-23975753627142778782017-05-03T23:04:00.001-03:002017-05-03T23:04:58.096-03:00Mikrotik WebFig Skin LimitadoO pessoal acha que Mikrotik é difícil, pois pode muita coisa.<br />
Então eu limitei bastante o WebFig dele pro pessoal não se perder.<br />
Salve o conteúdo abaixo com extensão .json na pasta skin e atribua a um grupo de usuários.<br />
<br />
Como eu digo, essas são coisas que eu não devo esquecer, então talvez seja melhor criar o seu skin, basta acessar o WebFig e clicar no botão "Desing Skin".<br />
<br />
<br />
<a name='more'></a><br />
<span style="font-family: monospace;">{</span><br />
<span style="font-family: monospace;"> Terminal: 0,</span><br />
<span style="font-family: monospace;"> CAPsMAN: 0,</span><br />
<span style="font-family: monospace;"> Wireless: {</span><br />
<span style="font-family: monospace;"> 'Wireless (Atheros AR9300)': {</span><br />
<span style="font-family: monospace;"> General: { ARP: 0, 'ARP Timeout': 0 },</span><br />
<span style="font-family: monospace;"> Wireless: { 'WMM Support': 0, 'Station Roaming': 0 },</span><br />
<span style="font-family: monospace;"> 'WPS Client': 0,</span><br />
<span style="font-family: monospace;"> 'Setup Repeater': 0,</span><br />
<span style="font-family: monospace;"> 'Freq. Usage...': 0,</span><br />
<span style="font-family: monospace;"> 'Align...': 0,</span><br />
<span style="font-family: monospace;"> 'Sniff...': 0,</span><br />
<span style="font-family: monospace;"> 'Snooper...': 0</span><br />
<span style="font-family: monospace;"> }</span><br />
<span style="font-family: monospace;"> },</span><br />
<span style="font-family: monospace;"> Interfaces: {</span><br />
<span style="font-family: monospace;"> 'Interface List': 0,</span><br />
<span style="font-family: monospace;"> 'EoIP Tunnel': 0,</span><br />
<span style="font-family: monospace;"> 'IP Tunnel': 0,</span><br />
<span style="font-family: monospace;"> 'GRE Tunnel': 0,</span><br />
<span style="font-family: monospace;"> VRRP: 0,</span><br />
<span style="font-family: monospace;"> Bonding: 0,</span><br />
<span style="font-family: monospace;"> LTE: 0</span><br />
<span style="font-family: monospace;"> },</span><br />
<span style="font-family: monospace;"> Bridge: { Settings: 0, Filters: 0, NAT: 0 },</span><br />
<span style="font-family: monospace;"> Switch: 0,</span><br />
<span style="font-family: monospace;"> Mesh: 0,</span><br />
<span style="font-family: monospace;"> IP: {</span><br />
<span style="font-family: monospace;"> ARP: 0,</span><br />
<span style="font-family: monospace;"> Accounting: 0,</span><br />
<span style="font-family: monospace;"> Addresses: {</span><br />
<span style="font-family: monospace;"> Address: { Network: 0 }</span><br />
<span style="font-family: monospace;"> },</span><br />
<span style="font-family: monospace;"> Cloud: 0,</span><br />
<span style="font-family: monospace;"> 'DHCP Client': {</span><br />
<span style="font-family: monospace;"> 'DHCP Client': {</span><br />
<span style="font-family: monospace;"> Advanced: {</span><br />
<span style="font-family: monospace;"> 'DHCP Options': 0,</span><br />
<span style="font-family: monospace;"> 'Default Route Distance': 0,</span><br />
<span style="font-family: monospace;"> Script: 0,</span><br />
<span style="font-family: monospace;"> tab: 0</span><br />
<span style="font-family: monospace;"> },</span><br />
<span style="font-family: monospace;"> Status: { 'CAPS Managers': 0 }</span><br />
<span style="font-family: monospace;"> },</span><br />
<span style="font-family: monospace;"> 'DHCP Client Options': 0</span><br />
<span style="font-family: monospace;"> },</span><br />
<span style="font-family: monospace;"> 'DHCP Relay': 0,</span><br />
<span style="font-family: monospace;"> 'DHCP Server': {</span><br />
<span style="font-family: monospace;"> DHCP: {</span><br />
<span style="font-family: monospace;"> Relay: 0,</span><br />
<span style="font-family: monospace;"> 'Bootp Lease Time': 0,</span><br />
<span style="font-family: monospace;"> 'Src. Address': 0,</span><br />
<span style="font-family: monospace;"> 'Delay Threshold': 0,</span><br />
<span style="font-family: monospace;"> Authoritative: 0,</span><br />
<span style="font-family: monospace;"> 'Bootp Support': 0,</span><br />
<span style="font-family: monospace;"> 'Lease Script': 0,</span><br />
<span style="font-family: monospace;"> 'Add ARP For Leases': 0,</span><br />
<span style="font-family: monospace;"> 'Always Broadcast': 0,</span><br />
<span style="font-family: monospace;"> 'Use RADIUS': 0</span><br />
<span style="font-family: monospace;"> },</span><br />
<span style="font-family: monospace;"> 'DHCP Config': 0,</span><br />
<span style="font-family: monospace;"> 'DHCP Setup': 0,</span><br />
<span style="font-family: monospace;"> Networks: {</span><br />
<span style="font-family: monospace;"> Netmask: 0,</span><br />
<span style="font-family: monospace;"> Domain: 0,</span><br />
<span style="font-family: monospace;"> 'WINS Servers': 0,</span><br />
<span style="font-family: monospace;"> 'NTP Servers': 0,</span><br />
<span style="font-family: monospace;"> 'CAPS Managers': 0,</span><br />
<span style="font-family: monospace;"> 'Next Server': 0,</span><br />
<span style="font-family: monospace;"> 'Boot File Name': 0,</span><br />
<span style="font-family: monospace;"> 'DHCP Options': 0,</span><br />
<span style="font-family: monospace;"> 'DHCP Option Set': 0</span><br />
<span style="font-family: monospace;"> },</span><br />
<span style="font-family: monospace;"> Options: 0,</span><br />
<span style="font-family: monospace;"> 'Option Sets': 0,</span><br />
<span style="font-family: monospace;"> Alerts: 0</span><br />
<span style="font-family: monospace;"> },</span><br />
<span style="font-family: monospace;"> DNS: {</span><br />
<span style="font-family: monospace;"> Settings: {</span><br />
<span style="font-family: monospace;"> 'Max UDP Packet Size': 0,</span><br />
<span style="font-family: monospace;"> 'Query Server Timeout': 0,</span><br />
<span style="font-family: monospace;"> 'Query Total Timeout': 0,</span><br />
<span style="font-family: monospace;"> 'Max. Concurrent Queries': 0,</span><br />
<span style="font-family: monospace;"> 'Max. Concurrent TCP Sessions': 0,</span><br />
<span style="font-family: monospace;"> 'Cache Size': 0,</span><br />
<span style="font-family: monospace;"> 'Cache Max TTL': 0</span><br />
<span style="font-family: monospace;"> }</span><br />
<span style="font-family: monospace;"> },</span><br />
<span style="font-family: monospace;"> Firewall: {</span><br />
<span style="font-family: monospace;"> NAT: {</span><br />
<span style="font-family: monospace;"> Action: {</span><br />
<span style="font-family: monospace;"> Action: { limit: 'masquerade,dst-nat' },</span><br />
<span style="font-family: monospace;"> Log: 0,</span><br />
<span style="font-family: monospace;"> 'Log Prefix': 0</span><br />
<span style="font-family: monospace;"> },</span><br />
<span style="font-family: monospace;"> General: {</span><br />
<span style="font-family: monospace;"> 'Src. Address': { tab: 'indicado para srcnat/masquerad' },</span><br />
<span style="font-family: monospace;"> Protocol: { separator: 0, limit: 'tcp,udp' },</span><br />
<span style="font-family: monospace;"> 'Src. Port': 0,</span><br />
<span style="font-family: monospace;"> 'Any. Port': 0,</span><br />
<span style="font-family: monospace;"> 'In. Interface': { order: 3 },</span><br />
<span style="font-family: monospace;"> 'Out. Interface': { order: 2, tab: 'indicado para dstnat/port-forward' },</span><br />
<span style="font-family: monospace;"> 'Packet Mark': 0,</span><br />
<span style="font-family: monospace;"> 'Connection Mark': 0,</span><br />
<span style="font-family: monospace;"> 'Routing Mark': 0,</span><br />
<span style="font-family: monospace;"> 'Routing Table': 0,</span><br />
<span style="font-family: monospace;"> 'Connection Type': 0</span><br />
<span style="font-family: monospace;"> },</span><br />
<span style="font-family: monospace;"> Advanced: {</span><br />
<span style="font-family: monospace;"> 'Src. Address List': 0,</span><br />
<span style="font-family: monospace;"> 'Dst. Address List': 0,</span><br />
<span style="font-family: monospace;"> 'Layer7 Protocol': 0,</span><br />
<span style="font-family: monospace;"> Content: 0,</span><br />
<span style="font-family: monospace;"> 'Connection Bytes': 0,</span><br />
<span style="font-family: monospace;"> 'Connection Rate': 0,</span><br />
<span style="font-family: monospace;"> 'Per Connection Classifier': 0,</span><br />
<span style="font-family: monospace;"> 'Src. MAC Address': 0,</span><br />
<span style="font-family: monospace;"> 'Out. Bridge Port': 0,</span><br />
<span style="font-family: monospace;"> 'In. Bridge Port': 0,</span><br />
<span style="font-family: monospace;"> 'In. Bridge Port List': 0,</span><br />
<span style="font-family: monospace;"> 'Out. Bridge Port List': 0,</span><br />
<span style="font-family: monospace;"> 'IPsec Policy': 0,</span><br />
<span style="font-family: monospace;"> 'Ingress Priority': 0,</span><br />
<span style="font-family: monospace;"> Priority: 0,</span><br />
<span style="font-family: monospace;"> 'DSCP (TOS)': 0,</span><br />
<span style="font-family: monospace;"> 'TCP MSS': 0,</span><br />
<span style="font-family: monospace;"> 'Packet Size': 0,</span><br />
<span style="font-family: monospace;"> Random: 0,</span><br />
<span style="font-family: monospace;"> 'ICMP Options': 0,</span><br />
<span style="font-family: monospace;"> 'IPv4 Options': 0,</span><br />
<span style="font-family: monospace;"> TTL: 0,</span><br />
<span style="font-family: monospace;"> tab: 0</span><br />
<span style="font-family: monospace;"> },</span><br />
<span style="font-family: monospace;"> Extra: {</span><br />
<span style="font-family: monospace;"> 'Connection Limit': 0,</span><br />
<span style="font-family: monospace;"> Limit: 0,</span><br />
<span style="font-family: monospace;"> 'Dst. Limit': 0,</span><br />
<span style="font-family: monospace;"> Nth: 0,</span><br />
<span style="font-family: monospace;"> Time: 0,</span><br />
<span style="font-family: monospace;"> 'Src. Address Type': 0,</span><br />
<span style="font-family: monospace;"> 'Dst. Address Type': 0,</span><br />
<span style="font-family: monospace;"> PSD: 0,</span><br />
<span style="font-family: monospace;"> Hotspot: 0,</span><br />
<span style="font-family: monospace;"> 'IP Fragment': 0,</span><br />
<span style="font-family: monospace;"> tab: 0</span><br />
<span style="font-family: monospace;"> }</span><br />
<span style="font-family: monospace;"> },</span><br />
<span style="font-family: monospace;"> Mangle: 0,</span><br />
<span style="font-family: monospace;"> Raw: 0,</span><br />
<span style="font-family: monospace;"> 'Service Ports': 0,</span><br />
<span style="font-family: monospace;"> Tracking: 0</span><br />
<span style="font-family: monospace;"> },</span><br />
<span style="font-family: monospace;"> Hotspot: 0,</span><br />
<span style="font-family: monospace;"> IPsec: 0,</span><br />
<span style="font-family: monospace;"> Neighbors: { 'Discovery Interfaces': 0 },</span><br />
<span style="font-family: monospace;"> Packing: 0,</span><br />
<span style="font-family: monospace;"> Routes: { Rules: 0, VRF: 0 },</span><br />
<span style="font-family: monospace;"> Services: 0,</span><br />
<span style="font-family: monospace;"> Settings: 0,</span><br />
<span style="font-family: monospace;"> Socks: 0,</span><br />
<span style="font-family: monospace;"> TFTP: 0,</span><br />
<span style="font-family: monospace;"> 'Traffic Flow': 0,</span><br />
<span style="font-family: monospace;"> 'Web Proxy': 0</span><br />
<span style="font-family: monospace;"> },</span><br />
<span style="font-family: monospace;"> Routing: 0,</span><br />
<span style="font-family: monospace;"> System: {</span><br />
<span style="font-family: monospace;"> 'Auto Upgrade': 0,</span><br />
<span style="font-family: monospace;"> Certificates: 0,</span><br />
<span style="font-family: monospace;"> Clock: 0,</span><br />
<span style="font-family: monospace;"> Console: 0,</span><br />
<span style="font-family: monospace;"> Drivers: 0,</span><br />
<span style="font-family: monospace;"> History: 0,</span><br />
<span style="font-family: monospace;"> LEDs: 0,</span><br />
<span style="font-family: monospace;"> License: 0,</span><br />
<span style="font-family: monospace;"> Logging: 0,</span><br />
<span style="font-family: monospace;"> Ports: 0,</span><br />
<span style="font-family: monospace;"> 'Reset Configuration': {</span><br />
<span style="font-family: monospace;"> 'Reset Configuration': { 'Do Not Backup': 0, 'Run After Reset': 0 }</span><br />
<span style="font-family: monospace;"> },</span><br />
<span style="font-family: monospace;"> Routerboard: { Settings: 0 },</span><br />
<span style="font-family: monospace;"> 'SNTP Client': 0,</span><br />
<span style="font-family: monospace;"> Scheduler: 0,</span><br />
<span style="font-family: monospace;"> Scripts: 0,</span><br />
<span style="font-family: monospace;"> Shutdown: 0,</span><br />
<span style="font-family: monospace;"> 'Special Login': 0,</span><br />
<span style="font-family: monospace;"> Users: 0</span><br />
<span style="font-family: monospace;"> },</span><br />
<span style="font-family: monospace;"> Queues: 0,</span><br />
<span style="font-family: monospace;"> Tools: {</span><br />
<span style="font-family: monospace;"> 'BTest Server': 0,</span><br />
<span style="font-family: monospace;"> Email: 0,</span><br />
<span style="font-family: monospace;"> 'Flood Ping': 0,</span><br />
<span style="font-family: monospace;"> Graphing: 0,</span><br />
<span style="font-family: monospace;"> 'MAC Server': 0,</span><br />
<span style="font-family: monospace;"> Netwatch: 0,</span><br />
<span style="font-family: monospace;"> 'Packet Sniffer': 0,</span><br />
<span style="font-family: monospace;"> 'Ping Speed': 0,</span><br />
<span style="font-family: monospace;"> Profile: 0,</span><br />
<span style="font-family: monospace;"> RoMON: 0,</span><br />
<span style="font-family: monospace;"> SMS: 0,</span><br />
<span style="font-family: monospace;"> Telnet: 0,</span><br />
<span style="font-family: monospace;"> Torch: 0,</span><br />
<span style="font-family: monospace;"> 'Traffic Generator': 0,</span><br />
<span style="font-family: monospace;"> 'Traffic Monitor': 0</span><br />
<span style="font-family: monospace;"> },</span><br />
<span style="font-family: monospace;"> Files: 0,</span><br />
<span style="font-family: monospace;"> Log: 0,</span><br />
<span style="font-family: monospace;"> Radius: 0,</span><br />
<span style="font-family: monospace;"> 'Make Supout.rif': 0,</span><br />
<span style="font-family: monospace;"> Undo: 0,</span><br />
<span style="font-family: monospace;"> Redo: 0,</span><br />
<span style="font-family: monospace;"> WinBox: 0,</span><br />
<span style="font-family: monospace;"> Graphs: 0,</span><br />
<span style="font-family: monospace;"> License: 0,</span><br />
<span style="font-family: monospace;"> Status: {</span><br />
<span style="font-family: monospace;"> Status: {</span><br />
<span style="font-family: monospace;"> '0': { alias: 'Wireless:Wireless (Atheros AR9300):*5:Wireless:Radio Name', tab: 'WLAN' },</span><br />
<span style="font-family: monospace;"> '1': { alias: 'Wireless:Wireless (Atheros AR9300):*5:Wireless:SSID' },</span><br />
<span style="font-family: monospace;"> '2': { alias: 'Wireless:Wireless (Atheros AR9300):*5:Status:Tx/Rx Signal Strength' },</span><br />
<span style="font-family: monospace;"> '3': { alias: 'System:Identity:Identity:Identity', order: 0 },</span><br />
<span style="font-family: monospace;"> '4': { alias: 'Interfaces:Ethernet:*1:running', tab: 'LAN' },</span><br />
<span style="font-family: monospace;"> '5': { alias: 'Interfaces:Ethernet:*1:Status:Auto Negotiation' },</span><br />
<span style="font-family: monospace;"> '6': { alias: 'Interfaces:Ethernet:*1:Status:Rate' },</span><br />
<span style="font-family: monospace;"> '7': { alias: 'Interfaces:Ethernet:*1:Status:Full Duplex' },</span><br />
<span style="font-family: monospace;"> '8': { alias: 'Wireless:Wireless (Atheros AR9300):*5:Status:Tx/Rx CCQ', order: 6 },</span><br />
<span style="font-family: monospace;"> '9': { alias: 'Wireless:Wireless (Atheros AR9300):*5:Status:Signal To Noise', order: 4 },</span><br />
<span style="font-family: monospace;"> '10': { alias: 'Wireless:Wireless (Atheros AR9300):*5:Status:Link Downs', order: 5 },</span><br />
<span style="font-family: monospace;"> '11': { alias: 'Interfaces:Ethernet:*1:Status:Link Downs' }</span><br />
<span style="font-family: monospace;"> }</span><br />
<span style="font-family: monospace;"> }</span><br />
<span style="font-family: monospace;">}</span><br />
<div>
<br /></div>
Eduardo Mazolinihttp://www.blogger.com/profile/00027390881892041731noreply@blogger.com0tag:blogger.com,1999:blog-1133952089235356349.post-90563800813189313022017-04-25T08:59:00.004-03:002017-04-25T08:59:45.726-03:00RB Técnico Interno<h3>
<b>Objetivo:</b></h3>
Permitir ao técnico ficar na rede da empresa e ter acesso aos equipamentos resetados que esta configurando.<br />
<br />
<h3>
<b>Pontos de atenção:</b></h3>
- Mikrotik reiniciado sem configuração default não tem IP precisa de acesso por MAC, tem que estar na mesma bridge.<br />
- Alguns equipamentos ao reiniciar tem servidor DHCP que pode propagar para rede corporativa(link).<br />
- O Equipamento configurado por um técnico não pode ser visível para outro ou na rede corporativa.<br />
- Alguns equipamentos precisam de DHCP client, mas não devem se misturar a rede corporativa.<br />
<br />
<h3>
<b>Solução:</b></h3>
1) Trabalhar em bridge para permitir o acesso ao mikrotik por MAC e ao DHCP da empresa no PC do técnico.<br />
2) Adicionar vários IPs diferentes na bridge para comunicação com cada rede que os equipamentos usam.<br />
3) Fazer SRC-NAT do que vai para os equipamentos pois eles não tem gateway default.<br />
4) Fazer redirect na Bridge quando o destino são as redes dos equipamentos, assim usando RB como gateway.<br />
5) Filtrar toda comunicação entre empresa e equipamentos.<br />
6) Filtrar DHCP Server dos equipamentos para o PC do técnico.<br />
7) Criar DHCP Server da RB que é usada para alguns equipamentos.<br />
8) Filtrar DHCP Server da RB que é usada para alguns equipamentos, para não atender PC do técnico e rede corporativa.<br />
9) Configurações Básicas para acesso a RB.<br />
<br />
<br />
<h3>
<b>Passo a passo:</b></h3>
<b>1) Trabalhar em bridge para permitir o acesso ao mikrotik por MAC e ao DHCP da empresa no PC do técnico.</b><br />
/interface bridge<br />
add name=bridge1<br />
/interface ethernet<br />
set [ find default-name=ether1 ] name=ether1-Link<br />
set [ find default-name=ether2 ] name=ether2-Notebook poe-out=off<br />
set [ find default-name=ether3 ] poe-out=off<br />
set [ find default-name=ether4 ] poe-out=off<br />
/interface bridge port<br />
add bridge=bridge1 interface=ether2-Notebook<br />
add bridge=bridge1 interface=ether3<br />
add bridge=bridge1 interface=ether4<br />
add bridge=bridge1 interface=ether5<br />
add bridge=bridge1 interface=ether1-Link<br />
add bridge=bridge1<br />
<br />
<b>2) Adicionar vários IPs diferentes na bridge para comunicação com cada rede que os equipamentos usam.</b><br />
/ip address<br />
add address=10.0.0.2/24 interface=ether3 network=10.0.0.0<br />
add address=192.168.1.2/24 interface=ether3 network=192.168.1.0<br />
add address=192.168.2.2/24 interface=ether3 network=192.168.2.0<br />
add address=192.168.88.2/24 interface=ether3 network=192.168.88.0<br />
add address=192.168.100.2/24 interface=ether3 network=192.168.100.0<br />
add address=192.168.13.1/24 interface=bridge1 network=192.168.13.0<br />
<br />
<b>3) Fazer SRC-NAT do que vai para os equipamentos pois eles não tem gateway default.</b><br />
/ip firewall nat<br />
add action=masquerade chain=srcnat dst-address=10.0.0.0/24<br />
add action=masquerade chain=srcnat dst-address=192.168.1.0/24<br />
add action=masquerade chain=srcnat dst-address=192.168.2.0/24<br />
add action=masquerade chain=srcnat dst-address=192.168.88.0/24<br />
add action=masquerade chain=srcnat dst-address=192.168.100.0/24<br />
add action=masquerade chain=srcnat src-address=192.168.13.0/24<br />
<br />
<b>4) Fazer redirect na Bridge quando o destino são as redes dos equipamentos, assim usando RB como gateway.</b><br />
/interface bridge nat<br />
add action=redirect chain=dstnat dst-address=10.0.0.0/24 mac-protocol=ip<br />
add action=redirect chain=dstnat dst-address=192.168.1.0/24 mac-protocol=ip<br />
add action=redirect chain=dstnat dst-address=192.168.2.0/24 mac-protocol=ip<br />
add action=redirect chain=dstnat dst-address=192.168.88.0/24 mac-protocol=ip<br />
add action=redirect chain=dstnat dst-address=192.168.100.0/24 mac-protocol=ip<br />
add action=redirect chain=dstnat dst-address=192.168.13.0/24 mac-protocol=ip<br />
<br />
<b>5) Filtrar toda comunicação entre empresa e equipamentos.</b><br />
/interface bridge filter<br />
add action=accept chain=forward in-interface=ether2-Notebook out-interface=ether1-Link<br />
add action=accept chain=forward in-interface=ether1-Link out-interface=ether2-Notebook<br />
add action=drop chain=forward out-interface=ether1-Link<br />
add action=drop chain=forward in-interface=ether1-Link<br />
<br />
<b>6) Filtrar DHCP Server dos equipamentos para o PC do técnico.</b><br />
/interface bridge filter<br />
add action=drop chain=forward comment=\<br />
"Oferta DHCP - Colocar depois de permitir a rede da empresa" dst-port=68,67 \<br />
ip-protocol=udp mac-protocol=ip out-interface=ether2-Notebook<br />
add action=drop chain=forward comment=\<br />
"Requisi\E7\E3o DHCP - Colocar depois de permitir a rede da empresa" \<br />
dst-port=67,68 in-interface=ether2-Notebook ip-protocol=udp mac-protocol=ip<br />
<br />
<b>7) Criar DHCP Server da RB que é usada para alguns equipamentos.</b><br />
/ip pool<br />
add name=dhcp_pool1 ranges=192.168.13.2-192.168.13.254<br />
/ip dhcp-server network<br />
add address=192.168.13.0/24 gateway=192.168.13.1<br />
/ip dhcp-server<br />
add address-pool=dhcp_pool1 disabled=no interface=bridge1 name=dhcp1<br />
<br />
<b>8) Filtrar DHCP Server da RB que é usada para alguns equipamentos, para não atender PC do técnico e rede corporativa.</b><br />
/interface bridge filter<br />
add action=drop chain=output comment="Oferta DHCP" dst-port=68 ip-protocol=\<br />
udp mac-protocol=ip out-interface=ether1-Link<br />
add action=drop chain=output comment="Oferta DHCP" dst-port=68 ip-protocol=\<br />
udp mac-protocol=ip out-interface=ether2-Notebook<br />
add action=drop chain=input comment="Requisi\E7\E3o DHCP" dst-port=67 \<br />
in-interface=ether1-Link ip-protocol=udp mac-protocol=ip<br />
add action=drop chain=input comment="Requisi\E7\E3o DHCP" dst-port=67 \<br />
in-interface=ether2-Notebook ip-protocol=udp mac-protocol=ip<br />
<br />
<b>9) Configurações Básicas para acesso a RB.</b><br />
/ip dhcp-client<br />
add dhcp-options=hostname,clientid disabled=no interface=ether1-Link<br />
/system identity<br />
set name="MikroTik - Suporte1"<br />
/ip dns<br />
set servers=8.8.8.8,8.8.4.4<br />
/user set admin password=********Eduardo Mazolinihttp://www.blogger.com/profile/00027390881892041731noreply@blogger.com0tag:blogger.com,1999:blog-1133952089235356349.post-11885940245928728382017-04-23T01:51:00.002-03:002017-04-23T01:51:53.941-03:00MT Invisível pra trabalhar em clientes corporatívos<span style="color: #222222; font-family: tahoma, calibri, verdana, geneva, sans-serif;"><span style="background-color: white;">Usando uma RB com 2 portas ethernet e 1 wireless.</span></span><br />
<span style="color: #222222; font-family: tahoma, calibri, verdana, geneva, sans-serif;"><span style="background-color: white;">Consegui inserir os clientes da wireless, como se fossem o PC da rede cabeada.</span></span><br />
<span style="color: #222222; font-family: tahoma, calibri, verdana, geneva, sans-serif;"><span style="background-color: white;"><br /></span></span>
<span style="color: #222222; font-family: tahoma, calibri, verdana, geneva, sans-serif;"><span style="background-color: white;">Acho que todos são responsáveis pelo que fazem, criei isso com o objetivo de fazer a transparência, mas teria me sido útil no passado.</span></span><br />
<span style="color: #222222; font-family: tahoma, calibri, verdana, geneva, sans-serif;"><span style="background-color: white;">Isso foi inspirado em um vídeo do MUM onde o palestrante faz mil coisas com um mAP.</span></span><br />
<span style="color: #222222; font-family: tahoma, calibri, verdana, geneva, sans-serif;"><span style="background-color: white;"><br /></span></span>
<span style="color: #222222; font-family: tahoma, calibri, verdana, geneva, sans-serif;"><span style="background-color: white;">Tentativas de me achar:</span></span><br />
<span style="color: #222222; font-family: tahoma, calibri, verdana, geneva, sans-serif;"><span style="background-color: white;"><br /></span></span>
<span style="color: #222222; font-family: tahoma, calibri, verdana, geneva, sans-serif;"><span style="background-color: white;"><br /></span></span>
<span style="color: #222222; font-family: tahoma, calibri, verdana, geneva, sans-serif;"><span style="background-color: white;">1) Tamanho e uptime do cabo</span></span><br />
<span style="color: #222222; font-family: tahoma, calibri, verdana, geneva, sans-serif;"><span style="background-color: white;">Existem equipamentos que para efeito de teste medem o cabo e dizem o tamanho de cada par. Se você colocar um cabo novo ligado a esse equipamento e o administrador testar novamente e tiver o resultado antigo vai perceber.</span></span><br />
<span style="color: #222222; font-family: tahoma, calibri, verdana, geneva, sans-serif;"><span style="background-color: white;">Solução:</span></span><br />
<span style="color: #222222; font-family: tahoma, calibri, verdana, geneva, sans-serif;"><span style="background-color: white;">- Colocar a RB próxima ao lado que não deve ter esse controle, mantendo o cabo original saindo do equipamento com esse controle.</span></span><br />
<span style="color: #222222; font-family: tahoma, calibri, verdana, geneva, sans-serif;"><span style="background-color: white;">- Usar um cabo do mesmo tamanho para o outro lado (os pares podem ter diferença de tamanho o que entregaria você).</span></span><br />
<span style="color: #222222; font-family: tahoma, calibri, verdana, geneva, sans-serif;"><span style="background-color: white;">- Ligar os cabos da LAN e WAN ao mesmo tempo na RB depois de ligada.</span></span><br />
<span style="color: #222222; font-family: tahoma, calibri, verdana, geneva, sans-serif;"><span style="background-color: white;">Comentário:</span></span><br />
<span style="color: #222222; font-family: tahoma, calibri, verdana, geneva, sans-serif;"><span style="background-color: white;">Nem nos servidores do pentágono deve ter essa preocupação</span></span><br />
<span style="color: #222222; font-family: tahoma, calibri, verdana, geneva, sans-serif;"><span style="background-color: white;"><br /></span></span>
<span style="color: #222222; font-family: tahoma, calibri, verdana, geneva, sans-serif;"><span style="background-color: white;"><br /></span></span>
<span style="color: #222222; font-family: tahoma, calibri, verdana, geneva, sans-serif;"><span style="background-color: white;">2) TTL</span></span><br />
<span style="color: #222222; font-family: tahoma, calibri, verdana, geneva, sans-serif;"><span style="background-color: white;">Cada sistema operacional tem um valor de TTL na origem do pedido:</span></span><br />
<span style="color: #222222; font-family: tahoma, calibri, verdana, geneva, sans-serif;"><span style="background-color: white;">Windows 128</span></span><br />
<span style="color: #222222; font-family: tahoma, calibri, verdana, geneva, sans-serif;"><span style="background-color: white;">Linux 64</span></span><br />
<span style="color: #222222; font-family: tahoma, calibri, verdana, geneva, sans-serif;"><span style="background-color: white;">Quando passa por um roteador esse valor é reduzido em 1, por tanto você seria percebido se colocasse um roteador a mais.</span></span><br />
<span style="color: #222222; font-family: tahoma, calibri, verdana, geneva, sans-serif;"><span style="background-color: white;">Solução:</span></span><br />
<span style="color: #222222; font-family: tahoma, calibri, verdana, geneva, sans-serif;"><span style="background-color: white;">- Saber qual é o sistema de cada lado e setar novo valor para o TTL, novo pois você poderia ter equipamentos na rede Wi-Fi diferentes com os da rede LAN.</span></span><br />
<span style="color: #222222; font-family: tahoma, calibri, verdana, geneva, sans-serif;"><span style="background-color: white;">Comentário:</span></span><br />
<span style="color: #222222; font-family: tahoma, calibri, verdana, geneva, sans-serif;"><span style="background-color: white;">Diversos provedores já no passado pensaram em bloquear o usuário de adicionar roteador para ele não dividir a internet, em redes corporativas nunca vi esse controle. Vou mostrar a solução.</span></span><br />
<span style="color: #222222; font-family: tahoma, calibri, verdana, geneva, sans-serif;"><span style="background-color: white;"><br /></span></span>
<span style="color: #222222; font-family: tahoma, calibri, verdana, geneva, sans-serif;"><span style="background-color: white;"><br /></span></span>
<span style="color: #222222; font-family: tahoma, calibri, verdana, geneva, sans-serif;"><span style="background-color: white;">3) Pacote ARP</span></span><br />
<span style="color: #222222; font-family: tahoma, calibri, verdana, geneva, sans-serif;"><span style="background-color: white;">O ARP pergunta o MAC de alguém e conta o seu próprio MAC e IP para facilitar a resposta.</span></span><br />
<span style="color: #222222; font-family: tahoma, calibri, verdana, geneva, sans-serif;"><span style="background-color: white;">Dentro do protocolo ARP esta o IP e esse valor não pode ser alterado.</span></span><br />
<span style="color: #222222; font-family: tahoma, calibri, verdana, geneva, sans-serif;"><span style="background-color: white;">Mas em rede local IP não é usado pra quase nada.</span></span><br />
<span style="color: #222222; font-family: tahoma, calibri, verdana, geneva, sans-serif;"><span style="background-color: white;">Solução:</span></span><br />
<span style="color: #222222; font-family: tahoma, calibri, verdana, geneva, sans-serif;"><span style="background-color: white;">- Desabilitar o ARP e inserir na tabela ARP entradas estáticas.</span></span><br />
<span style="color: #222222; font-family: tahoma, calibri, verdana, geneva, sans-serif;"><span style="background-color: white;">Comentário:</span></span><br />
<span style="color: #222222; font-family: tahoma, calibri, verdana, geneva, sans-serif;"><span style="background-color: white;">O problema é pior que ser achado, é achar um IP que não seja de outro equipamento da rede. Vou mostrar a solução.</span></span><br />
<span style="color: #222222; font-family: tahoma, calibri, verdana, geneva, sans-serif;"><span style="background-color: white;"><br /></span></span>
<span style="color: #222222; font-family: tahoma, calibri, verdana, geneva, sans-serif;"><span style="background-color: white;"><br /></span></span>
<span style="color: #222222; font-family: tahoma, calibri, verdana, geneva, sans-serif;"><span style="background-color: white;">4) DNS</span></span><br />
<span style="color: #222222; font-family: tahoma, calibri, verdana, geneva, sans-serif;"><span style="background-color: white;">Em uma rede corporativa solicitações de site externos não costumam ser feitas ao DNS interno.</span></span><br />
<span style="color: #222222; font-family: tahoma, calibri, verdana, geneva, sans-serif;"><span style="background-color: white;">Isso em teoria poderia ser detectado ou o DNS poderia responder um site interno de bloqueio.</span></span><br />
<span style="color: #222222; font-family: tahoma, calibri, verdana, geneva, sans-serif;"><span style="background-color: white;">Não deve existir rota em redes internas para DNSs externos como 8.8.8.8, então precisa saber o DNS interno.</span></span><br />
<span style="color: #222222; font-family: tahoma, calibri, verdana, geneva, sans-serif;"><span style="background-color: white;">Solução:</span></span><br />
<span style="color: #222222; font-family: tahoma, calibri, verdana, geneva, sans-serif;"><span style="background-color: white;">- Usar um Modem 4G USB e acessar a internet e DNS pelo 4G</span></span><br />
<span style="color: #222222; font-family: tahoma, calibri, verdana, geneva, sans-serif;"><span style="background-color: white;">- Colocar um firewall dropando DNS pra rede corporativa.</span></span><br />
<span style="color: #222222; font-family: tahoma, calibri, verdana, geneva, sans-serif;"><span style="background-color: white;">- Adicionar entradas estáticas no arquivo host do PC usado na Wi-Fi. SIM o Windows também tem arquivo host, como no linux.</span></span><br />
<span style="color: #222222; font-family: tahoma, calibri, verdana, geneva, sans-serif;"><span style="background-color: white;">- Usar um Modem 4G USB e acessar a internet e DNS pelo 4G</span></span><br />
<span style="color: #222222; font-family: tahoma, calibri, verdana, geneva, sans-serif;"><span style="background-color: white;">- Cadastrar o DNS interno como segunda opção a ser usado, sabendo dos riscos.</span></span><br />
<span style="color: #222222; font-family: tahoma, calibri, verdana, geneva, sans-serif;"><span style="background-color: white;">Comentário:</span></span><br />
<span style="color: #222222; font-family: tahoma, calibri, verdana, geneva, sans-serif;"><span style="background-color: white;">Ser pego aqui é o de menos o questão é resposta errada. E a dificuldade de saber o DNS interno a usar.</span></span><br />
<span style="color: #222222; font-family: tahoma, calibri, verdana, geneva, sans-serif;"><span style="background-color: white;"><br /></span></span>
<span style="color: #222222; font-family: tahoma, calibri, verdana, geneva, sans-serif;"><span style="background-color: white;"><br /></span></span>
<span style="color: #222222; font-family: tahoma, calibri, verdana, geneva, sans-serif;"><span style="background-color: white;">5) Outros protocolos e excesso de trafego</span></span><br />
<span style="color: #222222; font-family: tahoma, calibri, verdana, geneva, sans-serif;"><span style="background-color: white;">Quando você liga um PC ou celular a rede diversos programas em background tentaram enviar e receber dados, isso pode te entregar.</span></span><br />
<span style="color: #222222; font-family: tahoma, calibri, verdana, geneva, sans-serif;"><span style="background-color: white;">Solução:</span></span><br />
<span style="color: #222222; font-family: tahoma, calibri, verdana, geneva, sans-serif;"><span style="background-color: white;">- Adicionar regras bem restritivas ao firewall, trabalhar com lista branca.</span></span><br />
<span style="color: #222222; font-family: tahoma, calibri, verdana, geneva, sans-serif;"><span style="background-color: white;">Comentário:</span></span><br />
<span style="color: #222222; font-family: tahoma, calibri, verdana, geneva, sans-serif;"><span style="background-color: white;">Como isso vai depender muito do local e lista necessária não vou abordar aqui.</span></span><br />
<span style="color: #222222; font-family: tahoma, calibri, verdana, geneva, sans-serif;"><span style="background-color: white;"><br /></span></span>
<span style="color: #222222; font-family: tahoma, calibri, verdana, geneva, sans-serif;"><span style="background-color: white;"><br /></span></span>
<span style="color: #222222; font-family: tahoma, calibri, verdana, geneva, sans-serif;"><span style="background-color: white;">6) MAC</span></span><br />
<span style="color: #222222; font-family: tahoma, calibri, verdana, geneva, sans-serif;"><span style="background-color: white;">Switchs de datacenters costumam desligar a porta se outro MAC for conectado a ela como medida de segurança.</span></span><br />
<span style="color: #222222; font-family: tahoma, calibri, verdana, geneva, sans-serif;"><span style="background-color: white;">Solução:</span></span><br />
<span style="color: #222222; font-family: tahoma, calibri, verdana, geneva, sans-serif;"><span style="background-color: white;">- Clonar o MAC do PC para o Switch.</span></span><br />
<span style="color: #222222; font-family: tahoma, calibri, verdana, geneva, sans-serif;"><span style="background-color: white;">- Clonar o MAC do Switch para o PC.</span></span><br />
<span style="color: #222222; font-family: tahoma, calibri, verdana, geneva, sans-serif;"><span style="background-color: white;">Comentário:</span></span><br />
<span style="color: #222222; font-family: tahoma, calibri, verdana, geneva, sans-serif;"><span style="background-color: white;">Eu já derrubei uma porta sem querer ao fazer o sniffer de um servidor. Isso com certeza gerou um log. Mas logs só são olhados quando um problema precisa ser analisado.</span></span><br />
<span style="color: #222222; font-family: tahoma, calibri, verdana, geneva, sans-serif;"><span style="background-color: white;">Eu desliguei e religuei o switch "por acidente" a porta dele voltou liguei o servidor novamente, ninguém foi demitido a analise do sniffer ajudou a resolver o problema e ainda teve comoração no final do dia.</span></span><br />
<span style="color: #222222; font-family: tahoma, calibri, verdana, geneva, sans-serif;"><span style="background-color: white;"><br /></span></span>
<span style="color: #222222; font-family: tahoma, calibri, verdana, geneva, sans-serif;"><span style="background-color: white;"><br /></span></span>
<span style="color: #222222; font-family: tahoma, calibri, verdana, geneva, sans-serif;"><span style="background-color: white;">7) IPSec</span></span><br />
<span style="color: #222222; font-family: tahoma, calibri, verdana, geneva, sans-serif;"><span style="background-color: white;">Se toda rede trabalhar com IPSec ai não tem como entrar ou ler nada.</span></span><br />
<span style="color: #222222; font-family: tahoma, calibri, verdana, geneva, sans-serif;"><span style="background-color: white;">Sem solução.</span></span><br />
<span style="color: #222222; font-family: tahoma, calibri, verdana, geneva, sans-serif;"><span style="background-color: white;"><br /></span></span>
<span style="color: #222222; font-family: tahoma, calibri, verdana, geneva, sans-serif;"><span style="background-color: white;"><br /></span></span>
<span style="color: #222222; font-family: tahoma, calibri, verdana, geneva, sans-serif;"><span style="background-color: white;">Eu adicionaria a essa solução um Modem 4G USB com isso:</span></span><br />
<span style="color: #222222; font-family: tahoma, calibri, verdana, geneva, sans-serif;"><span style="background-color: white;">- Colocaria o DNS público</span></span><br />
<span style="color: #222222; font-family: tahoma, calibri, verdana, geneva, sans-serif;"><span style="background-color: white;">- Host da rede no arquivo hosts</span></span><br />
<span style="color: #222222; font-family: tahoma, calibri, verdana, geneva, sans-serif;"><span style="background-color: white;">- rota default para o Modem</span></span><br />
<span style="color: #222222; font-family: tahoma, calibri, verdana, geneva, sans-serif;"><span style="background-color: white;">- rotas necessárias para a rede corporativa</span></span><br />
<span style="color: #222222; font-family: tahoma, calibri, verdana, geneva, sans-serif;"><span style="background-color: white;">Com isso você pode trabalhar do seu notebook em um cliente usando a internet e a rede dele ao mesmo tempo, como se estivesse usando o PC que lhe foi dado para trabalhar.</span></span><br />
<span style="color: #222222; font-family: tahoma, calibri, verdana, geneva, sans-serif;"><span style="background-color: white;"><br /></span></span>
<span style="color: #222222; font-family: tahoma, calibri, verdana, geneva, sans-serif;"><span style="background-color: white;"><br /></span></span>
<span style="color: #222222; font-family: tahoma, calibri, verdana, geneva, sans-serif;"><span style="background-color: white;">Bom eu vou mostrar o que fiz infelizmente tudo manual agradeceria se alguém pensasse em script pra pegar as informações e automatizar a configuração.</span></span><br />
<span style="color: #222222; font-family: tahoma, calibri, verdana, geneva, sans-serif;"><span style="background-color: white;"><br /></span></span>
<span style="color: #222222; font-family: tahoma, calibri, verdana, geneva, sans-serif;"><span style="background-color: white;"><br /></span></span>
<span style="color: #222222; font-family: tahoma, calibri, verdana, geneva, sans-serif;"><span style="background-color: white;">Cenário do Lab:</span></span><br />
<span style="color: #222222; font-family: tahoma, calibri, verdana, geneva, sans-serif;"><span style="background-color: white;">PC com IP 192.168.55.254 MAC E4:8D:8C:65:B8:A9 e TTL 128</span></span><br />
<span style="color: #222222; font-family: tahoma, calibri, verdana, geneva, sans-serif;"><span style="background-color: white;">Gateway com IP 192.168.55.1 MAC 4C:5E:0C:71:5A:67 e TTL 64</span></span><br />
<span style="color: #222222; font-family: tahoma, calibri, verdana, geneva, sans-serif;"><span style="background-color: white;">Para facilitar criei um IP fictício 10.100.100.0/24 que não deve corresponder ao da rede que vai ser usada.</span></span><br />
<span style="color: #222222; font-family: tahoma, calibri, verdana, geneva, sans-serif;"><span style="background-color: white;"><br /></span></span>
<span style="color: #222222; font-family: tahoma, calibri, verdana, geneva, sans-serif;"><span style="background-color: white;">Como funcionou a transparência</span></span><br />
<span style="color: #222222; font-family: tahoma, calibri, verdana, geneva, sans-serif;"><span style="background-color: white;">Foi mais simples que pensava</span></span><br />
<span style="color: #222222; font-family: tahoma, calibri, verdana, geneva, sans-serif;"><span style="background-color: white;">Fiz NAT na Bridge para os MACs</span></span><br />
<span style="color: #222222; font-family: tahoma, calibri, verdana, geneva, sans-serif;"><span style="background-color: white;">Fiz NAT no firewall para os IPs</span></span><br />
<span style="color: #222222; font-family: tahoma, calibri, verdana, geneva, sans-serif;"><span style="background-color: white;">Fiz o trafego da bridge passar pelo firewall para permitir recuperar os pacotes recebidos com origem em NAT de saída e também interceptar algum pacote como fiz com o Winbox.</span></span><br />
<span style="color: #222222; font-family: tahoma, calibri, verdana, geneva, sans-serif;"><span style="background-color: white;">Eu me expus colocando a interceptação de pacotes para a porta do Winbox, fazendo parecer que o PC tem a porta do Winbox aberta, também permitindo acessar a RB de fora do Wi-Fi.</span></span><br />
<span style="color: #222222; font-family: tahoma, calibri, verdana, geneva, sans-serif;"><span style="background-color: white;"><br /></span></span>
<span style="color: #222222; font-family: tahoma, calibri, verdana, geneva, sans-serif;"><span style="background-color: white;"><br /></span></span>
<span style="color: #222222; font-family: tahoma, calibri, verdana, geneva, sans-serif;"><span style="background-color: white;">A parte comum:</span></span><br />
<span style="color: #222222; font-family: tahoma, calibri, verdana, geneva, sans-serif;"><span style="background-color: white;"><code></span></span><br />
<span style="color: #222222; font-family: tahoma, calibri, verdana, geneva, sans-serif;"><span style="background-color: white;">/interface ethernet</span></span><br />
<span style="color: #222222; font-family: tahoma, calibri, verdana, geneva, sans-serif;"><span style="background-color: white;">set [ find default-name=ether1 ] name=ether-WAN</span></span><br />
<span style="color: #222222; font-family: tahoma, calibri, verdana, geneva, sans-serif;"><span style="background-color: white;">set [ find default-name=ether2 ] name=ether-LAN</span></span><br />
<span style="color: #222222; font-family: tahoma, calibri, verdana, geneva, sans-serif;"><span style="background-color: white;">/interface bridge</span></span><br />
<span style="color: #222222; font-family: tahoma, calibri, verdana, geneva, sans-serif;"><span style="background-color: white;">add arp=disabled name=bridge-Invisible</span></span><br />
<span style="color: #222222; font-family: tahoma, calibri, verdana, geneva, sans-serif;"><span style="background-color: white;">/interface bridge port</span></span><br />
<span style="color: #222222; font-family: tahoma, calibri, verdana, geneva, sans-serif;"><span style="background-color: white;">add bridge=bridge-Invisible interface=ether-LAN</span></span><br />
<span style="color: #222222; font-family: tahoma, calibri, verdana, geneva, sans-serif;"><span style="background-color: white;">add bridge=bridge-Invisible interface=ether-WAN</span></span><br />
<span style="color: #222222; font-family: tahoma, calibri, verdana, geneva, sans-serif;"><span style="background-color: white;">/interface bridge settings</span></span><br />
<span style="color: #222222; font-family: tahoma, calibri, verdana, geneva, sans-serif;"><span style="background-color: white;">set use-ip-firewall=yes</span></span><br />
<span style="color: #222222; font-family: tahoma, calibri, verdana, geneva, sans-serif;"><span style="background-color: white;">/ip neighbor discovery</span></span><br />
<span style="color: #222222; font-family: tahoma, calibri, verdana, geneva, sans-serif;"><span style="background-color: white;">set ether-LAN discover=no</span></span><br />
<span style="color: #222222; font-family: tahoma, calibri, verdana, geneva, sans-serif;"><span style="background-color: white;">set ether-WAN discover=no</span></span><br />
<span style="color: #222222; font-family: tahoma, calibri, verdana, geneva, sans-serif;"><span style="background-color: white;">set bridge-Invisible discover=no</span></span><br />
<span style="color: #222222; font-family: tahoma, calibri, verdana, geneva, sans-serif;"><span style="background-color: white;">/ip address</span></span><br />
<span style="color: #222222; font-family: tahoma, calibri, verdana, geneva, sans-serif;"><span style="background-color: white;">add address=10.100.100.2/24 interface=ether-LAN network=10.100.100.0</span></span><br />
<span style="color: #222222; font-family: tahoma, calibri, verdana, geneva, sans-serif;"><span style="background-color: white;">/ip route</span></span><br />
<span style="color: #222222; font-family: tahoma, calibri, verdana, geneva, sans-serif;"><span style="background-color: white;">add distance=1 gateway=10.100.100.1</span></span><br />
<span style="color: #222222; font-family: tahoma, calibri, verdana, geneva, sans-serif;"><span style="background-color: white;"></code></span></span><br />
<span style="color: #222222; font-family: tahoma, calibri, verdana, geneva, sans-serif;"><span style="background-color: white;"><br /></span></span>
<span style="color: #222222; font-family: tahoma, calibri, verdana, geneva, sans-serif;"><span style="background-color: white;"><br /></span></span>
<span style="color: #222222; font-family: tahoma, calibri, verdana, geneva, sans-serif;"><span style="background-color: white;">A parte onde os TTLs, MACs e IPs da rede devem ser colocados com atenção:</span></span><br />
<span style="color: #222222; font-family: tahoma, calibri, verdana, geneva, sans-serif;"><span style="background-color: white;"><code></span></span><br />
<span style="color: #222222; font-family: tahoma, calibri, verdana, geneva, sans-serif;"><span style="background-color: white;">/ip firewall mangle</span></span><br />
<span style="color: #222222; font-family: tahoma, calibri, verdana, geneva, sans-serif;"><span style="background-color: white;">add action=change-ttl chain=postrouting dst-address=192.168.55.254 new-ttl=set:64 out-interface=bridge-invisivel passthrough=yes</span></span><br />
<span style="color: #222222; font-family: tahoma, calibri, verdana, geneva, sans-serif;"><span style="background-color: white;">add action=change-ttl chain=postrouting new-ttl=set:128 out-interface=bridge-invisivel passthrough=yes</span></span><br />
<span style="color: #222222; font-family: tahoma, calibri, verdana, geneva, sans-serif;"><span style="background-color: white;"><br /></span></span>
<span style="color: #222222; font-family: tahoma, calibri, verdana, geneva, sans-serif;"><span style="background-color: white;"><br /></span></span>
<span style="color: #222222; font-family: tahoma, calibri, verdana, geneva, sans-serif;"><span style="background-color: white;">/ip arp</span></span><br />
<span style="color: #222222; font-family: tahoma, calibri, verdana, geneva, sans-serif;"><span style="background-color: white;">add address=10.100.100.1 comment=GATEWAY interface=bridge-Invisible mac-address=4C:5E:0C:71:5A:67</span></span><br />
<span style="color: #222222; font-family: tahoma, calibri, verdana, geneva, sans-serif;"><span style="background-color: white;">add address=10.100.100.254 comment=PC interface=bridge-Invisible mac-address=E4:8D:8C:65:B8:A9</span></span><br />
<span style="color: #222222; font-family: tahoma, calibri, verdana, geneva, sans-serif;"><span style="background-color: white;">/interface bridge nat</span></span><br />
<span style="color: #222222; font-family: tahoma, calibri, verdana, geneva, sans-serif;"><span style="background-color: white;">add action=src-nat chain=srcnat out-interface=ether-WAN to-src-mac-address=E4:8D:8C:65:B8:A9</span></span><br />
<span style="color: #222222; font-family: tahoma, calibri, verdana, geneva, sans-serif;"><span style="background-color: white;">add action=src-nat chain=srcnat out-interface=ether-LAN to-src-mac-address=4C:5E:0C:71:5A:67</span></span><br />
<span style="color: #222222; font-family: tahoma, calibri, verdana, geneva, sans-serif;"><span style="background-color: white;">/ip firewall nat</span></span><br />
<span style="color: #222222; font-family: tahoma, calibri, verdana, geneva, sans-serif;"><span style="background-color: white;">add action=src-nat chain=srcnat out-interface=bridge-Invisible to-addresses=192.168.55.1 dst-address=192.168.55.254</span></span><br />
<span style="color: #222222; font-family: tahoma, calibri, verdana, geneva, sans-serif;"><span style="background-color: white;">add action=src-nat chain=srcnat out-interface=bridge-Invisible to-addresses=192.168.55.254</span></span><br />
<span style="color: #222222; font-family: tahoma, calibri, verdana, geneva, sans-serif;"><span style="background-color: white;">add action=redirect chain=dstnat dst-port=8291 dst-address=192.168.55.254 in-interface=bridge-Invisible protocol=tcp</span></span><br />
<span style="color: #222222; font-family: tahoma, calibri, verdana, geneva, sans-serif;"><span style="background-color: white;">/ip route</span></span><br />
<span style="color: #222222; font-family: tahoma, calibri, verdana, geneva, sans-serif;"><span style="background-color: white;">add distance=1 gateway=10.100.100.254 dst-address=192.168.55.254/32</span></span><br />
<span style="color: #222222; font-family: tahoma, calibri, verdana, geneva, sans-serif;"><span style="background-color: white;"></code></span></span><br />
<span style="color: #222222; font-family: tahoma, calibri, verdana, geneva, sans-serif;"><span style="background-color: white;"><br /></span></span>
<span style="color: #222222; font-family: tahoma, calibri, verdana, geneva, sans-serif;"><span style="background-color: white;"><br /></span></span>
<span style="color: #222222; font-family: tahoma, calibri, verdana, geneva, sans-serif;"><span style="background-color: white;">Eu criei rapidamente uma rede pois neste local de lab a internet era liberada sem proxy.</span></span><br />
<span style="color: #222222; font-family: tahoma, calibri, verdana, geneva, sans-serif;"><span style="background-color: white;"><code></span></span><br />
<span style="color: #222222; font-family: tahoma, calibri, verdana, geneva, sans-serif;"><span style="background-color: white;">/interface wireless</span></span><br />
<span style="color: #222222; font-family: tahoma, calibri, verdana, geneva, sans-serif;"><span style="background-color: white;">set [ find default-name=wlan1 ] band=2ghz-b/g/n disabled=no mode=ap-bridge</span></span><br />
<span style="color: #222222; font-family: tahoma, calibri, verdana, geneva, sans-serif;"><span style="background-color: white;">/ip address</span></span><br />
<span style="color: #222222; font-family: tahoma, calibri, verdana, geneva, sans-serif;"><span style="background-color: white;">add address=192.168.56.1/24 interface=wlan1 network=192.168.56.0</span></span><br />
<span style="color: #222222; font-family: tahoma, calibri, verdana, geneva, sans-serif;"><span style="background-color: white;">/ip pool</span></span><br />
<span style="color: #222222; font-family: tahoma, calibri, verdana, geneva, sans-serif;"><span style="background-color: white;">add name=dhcp_pool0 ranges=192.168.56.10-192.168.56.254</span></span><br />
<span style="color: #222222; font-family: tahoma, calibri, verdana, geneva, sans-serif;"><span style="background-color: white;">/ip dhcp-server</span></span><br />
<span style="color: #222222; font-family: tahoma, calibri, verdana, geneva, sans-serif;"><span style="background-color: white;">add address-pool=dhcp_pool0 disabled=no interface=wlan1 name=dhcp1</span></span><br />
<span style="color: #222222; font-family: tahoma, calibri, verdana, geneva, sans-serif;"><span style="background-color: white;">/ip dhcp-server network</span></span><br />
<span style="color: #222222; font-family: tahoma, calibri, verdana, geneva, sans-serif;"><span style="background-color: white;">add address=192.168.56.0/24 gateway=192.168.56.1</span></span><br />
<span style="color: #222222; font-family: tahoma, calibri, verdana, geneva, sans-serif;"><span style="background-color: white;">/ip dns</span></span><br />
<span style="color: #222222; font-family: tahoma, calibri, verdana, geneva, sans-serif;"><span style="background-color: white;">set servers=8.8.8.8,8.8.4.4</span></span><br />
<span style="color: #222222; font-family: tahoma, calibri, verdana, geneva, sans-serif;"><span style="background-color: white;"></code></span></span>Eduardo Mazolinihttp://www.blogger.com/profile/00027390881892041731noreply@blogger.com0tag:blogger.com,1999:blog-1133952089235356349.post-7072445274340021652017-03-29T21:31:00.000-03:002017-06-07T12:00:45.561-03:00CGNATCom o fim dos IPv4 as operadoras precisam fazer NAT conhecido também com CGNAT (Carrier-grade NAT) ou em uma tradução livre NAT no nível do provedor.<br />
Pra isso foi designado o range de IPs 100.64.0.0/10 conforme a <a href="https://tools.ietf.org/html/rfc6598" target="_blank">RFC6598</a>.<br />
Mas vamos ser práticos, se você já entrega um IP privado comum pro cliente não tem por que você mudar para o IP do range 100.64.x.x só pra melhorar seu NAT para CGNAT.<br />
E se você é provedor e tem um cliente que vai registrar a entrega dos IPs do Hotspot de forma eficiente pode entregar um IP fixo pra ele e fazer CGNAT no roteador dele usando IP Privado entregue ao cliente.<br />
<br />
<span style="color: red;"><b>Não da pra rastrear CGNAT em cima de CGNAT. </b></span><br />
<br />
<h4>
</h4>
<h3>
Mas qual a diferença do NAT normal para o CGNAT?</h3>
<h4>
NAT</h4>
O NAT comum você coloca vários IPs privados usando o mesmo IP publico e não altera a porta de origem.<br />
EX: O Navegador do cliente exemplo 192.168.30.10 usa aleatoriamente uma porta alta exemplo 63021 e fala com o IP do site exemplo 216.58.222.9 do blogger na porta 443 se for HTTPs.<br />
Então temos uma conexão:<br />
192.168.30.10:63021 --> 216.58.222.9:443 é alterada para 192.0.2.1:63021 --> 216.58.222.9:443<br />
<br />
Um segundo cliente pode escolher a mesma porta ou uma outra porta imediatamente acima ou abaixo ou qualquer outra ficando impossível identificar qual cliente estava em que porta de origem e dizer qual cliente acessou o site.<br />
<br />
<h4>
CGNAT</h4>
Com CGNAT faz o que o NAT normalmente faz e também altera a <b>porta de origem</b>.<br />
Então especificamos por exemplo que o cliente 192.168.30.10 usa portas de 10000-a 10999 e o<br />
cliente 192.168.30.11 usa portas de 11000 a 11999.<br />
192.168.30.11:63021 --> 216.58.222.9:443 é alterada para 192.0.2.1:10021 --> 216.58.222.9:443<br />
<div>
192.168.30.10:57851 --> 216.58.222.9:443 é alterada para 192.0.2.1:11850 --> 216.58.222.9:443<br />
<br />
Assim quando precisar identificar o cliente basta saber a porta de origem pois a porta identifica o IP de origem.<br />
<br />
A grande sacada do CGNAT é controlar a <b>porta de origem</b>.<br />
<br />
<h3>
Como implantar?</h3>
</div>
<div>
Para fins didáticos eu vou dar nomes pra 2 métodos, só eu chamo assim, vou chamar de CGNAT Vertical e CGNAT Horizontal</div>
<div>
<br /></div>
<div>
<h4>
CGNAT Vertical</h4>
<div>
Aprendi sobre esse método no <a href="https://www.blogger.com/wiki.mikrotik.com/wiki/Manual:IP/Firewall/NAT#Carrier-Grade_NAT" target="_blank">WIKI da MIKROTIK</a>. Como ele exige a criação de muitas regras tem até um script pra facilitar a implantação.</div>
<div>
<br /></div>
<div>
<br /></div>
<div>
Quando e Como usar:</div>
<div>
- Casos de hotspots públicos;</div>
<div>
- Provedores sem AS com muito poucos IPs;</div>
<div>
<div>
- Para dividir as portas tem que pensar quantos IPs privados vai colocar em cada IP público.</div>
</div>
<div>
<br /></div>
<div>
Vantagem:</div>
<div>
- Colocar vários "Range de IPs Privados" em 1 único IP público;<br />
- O Range de IPs Privados ficando dentro de 1 IP público a contagem de portas não se perde. A cada Range de IPs Privado novo uso um novo IP público.</div>
<div>
<br /></div>
<div>
Desvantagem:</div>
<div>
- Muitas regras, pois são 2 (TCP, UDP) pra cada IP interno mais os jumps pra otimizar;<br />
- Como são tantas regras o ICMP com certeza você vai escolher um IP qualquer para todos os clientes usarem, mesmo que seja diferente do IP que o cliente normalmente usa.</div>
<div>
<br />
<br />
<div class="separator" style="clear: both; text-align: center;">
<a href="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEg1ZGxqW1uZwLzrVTGU-3nbn3qKyXiui5tICnjBoQvNHCYfrfa4DbQOx8dlLUGbHADo-Vwf5k9HymVnqHN2j5CYfET3CDMKFEx6IRObLjhedLBwrf4ehoDAVBgmVbXHVgxJgXoUOYL-GI74/s1600/CGNAT+Vertical.png" imageanchor="1" style="margin-left: 1em; margin-right: 1em;"><img border="0" data-original-height="302" data-original-width="643" height="150" src="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEg1ZGxqW1uZwLzrVTGU-3nbn3qKyXiui5tICnjBoQvNHCYfrfa4DbQOx8dlLUGbHADo-Vwf5k9HymVnqHN2j5CYfET3CDMKFEx6IRObLjhedLBwrf4ehoDAVBgmVbXHVgxJgXoUOYL-GI74/s320/CGNAT+Vertical.png" width="320" /></a></div>
<div class="separator" style="clear: both; text-align: center;">
</div>
<br />
<br /></div>
<div>
Exemplo de implementação com mikrotik:</div>
<div>
<code class="tr_bq">
/ip firewall nat<br />add action=jump chain=srcnat comment=CGNAT jump-target=CGNAT-192.0.2.160 out-interface=BridgeBackbone src-address=100.64.0.0/25<br />add action=jump chain=CGNAT-192.0.2.160 comment=CGNAT jump-target=CGNAT-192.0.2.160-0 src-address=100.64.0.0/28<br />add action=jump chain=CGNAT-192.0.2.160 comment=CGNAT jump-target=CGNAT-192.0.2.160-1 src-address=100.64.0.16/28<br />add action=jump chain=CGNAT-192.0.2.160 comment=CGNAT jump-target=CGNAT-192.0.2.160-2 src-address=100.64.0.32/28<br />add action=jump chain=CGNAT-192.0.2.160 comment=CGNAT jump-target=CGNAT-192.0.2.160-3 src-address=100.64.0.48/28<br />add action=jump chain=CGNAT-192.0.2.160 comment=CGNAT jump-target=CGNAT-192.0.2.160-4 src-address=100.64.0.64/28<br />add action=jump chain=CGNAT-192.0.2.160 comment=CGNAT jump-target=CGNAT-192.0.2.160-5 src-address=100.64.0.80/28<br />add action=jump chain=CGNAT-192.0.2.160 comment=CGNAT jump-target=CGNAT-192.0.2.160-6 src-address=100.64.0.96/28<br />add action=jump chain=CGNAT-192.0.2.160 comment=CGNAT jump-target=CGNAT-192.0.2.160-7 src-address=100.64.0.112/28<br />add action=src-nat chain=CGNAT-192.0.2.160-0 comment=CGNAT protocol=tcp src-address=100.64.0.0 to-addresses=192.0.2.160 to-ports=1500-1999<br />add action=src-nat chain=CGNAT-192.0.2.160-0 comment=CGNAT protocol=udp src-address=100.64.0.0 to-addresses=192.0.2.160 to-ports=1500-1999<br />add action=src-nat chain=CGNAT-192.0.2.160-0 comment=CGNAT protocol=tcp src-address=100.64.0.1 to-addresses=192.0.2.160 to-ports=2000-2499<br />add action=src-nat chain=CGNAT-192.0.2.160-0 comment=CGNAT protocol=udp src-address=100.64.0.1 to-addresses=192.0.2.160 to-ports=2000-2499<br />...<br />...<br />...<br />add action=src-nat chain=CGNAT-192.0.2.160-7 comment=CGNAT protocol=tcp src-address=100.64.0.126 to-addresses=192.0.2.160 to-ports=64500-64999<br />add action=src-nat chain=CGNAT-192.0.2.160-7 comment=CGNAT protocol=udp src-address=100.64.0.126 to-addresses=192.0.2.160 to-ports=64500-64999<br />add action=src-nat chain=CGNAT-192.0.2.160-7 comment=CGNAT protocol=tcp src-address=100.64.0.127 to-addresses=192.0.2.160 to-ports=65000-65499<br />add action=src-nat chain=CGNAT-192.0.2.160-7 comment=CGNAT protocol=udp src-address=100.64.0.127 to-addresses=192.0.2.160 to-ports=65000-65499</code>
</div>
<div>
<br /></div>
</div>
<div>
<h4>
CGNAT Horizontal</h4>
</div>
<div>
Aprendi esse método com um colega provedor. A grande sacada é diminuir o número de regras usando netmap.<br />
Como o netmap funciona? Ele altera os bits que fazem parte da rede.<br />
O ideal então é que a mascara usada para selecionar os IPs que vão usar a regra seja igual a da rede assim teremos o NAT 1:1.<br />
Vejam que no caso do ICMP que permite o cliente enviar ping pra internet eu não me preocupei com o NAT não ser 1:1 usei mascara /10 para /25.<br />
<br />
<div>
Quando e Como usar:</div>
<div>
- Provedores com AS mas menos IPs que clientes;</div>
<div>
- Para dividir os "Ranges de IPs Privados" preciso saber quantos IPs públicos posso usar;</div>
<div>
<div>
- Para dividir as portas tem que pensar quantos "Ranges de IPs Privados" vai precisar.</div>
<div>
</div>
</div>
<div>
<br /></div>
<div>
Vantagem:<br />
- Quanto mais IP públicos, maior pode ser considerado o "Range de IPs Privados";<br />
- Quanto mais IP públicos, menor o número de regras usadas; 1 regra pra 128 ou 1 pra 64<br />
<br /></div>
<div>
Desvantagem:</div>
<br />
<div>
</div>
<br />
<div style="-webkit-text-stroke-width: 0px; color: black; font-family: "Times New Roman"; font-size: medium; font-style: normal; font-variant-caps: normal; font-variant-ligatures: normal; font-weight: normal; letter-spacing: normal; orphans: 2; text-align: start; text-indent: 0px; text-transform: none; white-space: normal; widows: 2; word-spacing: 0px;">
<div style="margin: 0px;">
- Não da pra usar só 1 IP público;</div>
</div>
- Tem que manter o controle de todos os Ranges usados pois a contagem de porta não zera. Assim se for criar uma nova regra precisa iniciar na ultima porta utilizada anteriormente.<br />
<br />
<br />
<div class="separator" style="clear: both; text-align: center;">
<a href="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEh6cKS2MSMr1ATZRPz326ANAIlLSnQ2bsnAxSOCtZSb6rA5RxakX8G36PNKiD0nvZPM5pyMOo-jnqG6Fgqkrx32iNh3o4HFKBVrLAgT31taEzHyx2uq4QO3RdwHV76GnkPRMjwJlfvpLEGX/s1600/CGNAT+Horizontal.png" imageanchor="1" style="margin-left: 1em; margin-right: 1em;"><img border="0" height="129" src="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEh6cKS2MSMr1ATZRPz326ANAIlLSnQ2bsnAxSOCtZSb6rA5RxakX8G36PNKiD0nvZPM5pyMOo-jnqG6Fgqkrx32iNh3o4HFKBVrLAgT31taEzHyx2uq4QO3RdwHV76GnkPRMjwJlfvpLEGX/s320/CGNAT+Horizontal.png" width="320" /></a></div>
<br />
<br />
Exemplo:<br />
<br />
<span style="font-family: monospace;">/ip firewall nat</span></div>
<div>
<div>
<div>
<span style="font-family: monospace;">add action=jump chain=srcnat jump-target=CGNAT out-interface="ether-LINK" src-address-list=!CLIENTES_FIXOS</span></div>
<div>
<span style="font-family: monospace;">add action=netmap chain=</span><span style="font-family: monospace;">CGNAT</span><span style="font-family: monospace;"> protocol=icmp src-address=</span><span style="font-family: monospace;">100.64.0.0/10 \</span><br />
<span style="font-family: monospace;"> to-addresses=192.0.2.0/25</span></div>
<div>
<span style="font-family: monospace;">add action=jump chain=CGNAT jump-target=CGNAT_100_64 src-address=100.64.0.0/16</span></div>
<div>
<span style="font-family: monospace;">add action=jump chain=CGNAT jump-target=CGNAT_100_65 src-address=100.65.0.0/16</span></div>
<span style="font-family: monospace;"><br /></span>
<span style="font-family: monospace;">add action=jump chain=CGNAT_100_64 jump-target=CGNAT_100_64_0-7 src-address=\</span><br />
<span style="font-family: monospace;"> 100.64.0.0/21</span><br />
<span style="font-family: monospace;">add action=jump chain=CGNAT_100_64 jump-target=CGNAT_100_64_8-15 src-address=\</span><br />
<span style="font-family: monospace;"> 100.64.8.0/21</span><br />
<span style="font-family: monospace;">add action=jump chain=CGNAT_100_64 jump-target=CGNAT_100_64_16-23 src-address=\</span><br />
<span style="font-family: monospace;"> 100.64.16.0/21</span><br />
<span style="font-family: monospace;">add action=jump chain=CGNAT_100_64 jump-target=CGNAT_100_64_24-31 src-address=\</span><br />
<span style="font-family: monospace;"> 100.64.24.0/21</span><br />
<span style="font-family: monospace;">add action=jump chain=CGNAT_100_64 jump-target=CGNAT_100_64_32-39 src-address=\</span><br />
<span style="font-family: monospace;"> 100.64.32.0/21</span><br />
<span style="font-family: monospace;">add action=jump chain=CGNAT_100_64 jump-target=CGNAT_100_64_40-47 src-address=\</span><br />
<span style="font-family: monospace;"> 100.64.40.0/21</span><br />
<span style="font-family: monospace;">add action=jump chain=CGNAT_100_64 jump-target=CGNAT_100_64_48-56 src-address=\</span><br />
<span style="font-family: monospace;"> 100.64.48.0/21</span><br />
<span style="font-family: monospace;">...</span><br />
<span style="font-family: monospace;">...</span><br />
<span style="font-family: monospace;">...</span><br />
<span style="font-family: monospace;">add action=netmap chain=CGNAT_100_64_8-15 protocol=tcp src-address=\</span><br />
<span style="font-family: monospace;"> 100.64.9.0/25 to-addresses=192.0.2.0/25 to-ports=5000-5499</span><br />
<span style="font-family: monospace;">add action=netmap chain=CGNAT_100_64_8-15 protocol=udp src-address=\</span><br />
<span style="font-family: monospace;"> 100.64.9.0/25 to-addresses=192.0.2.0/25 to-ports=5000-5499</span><br />
<span style="font-family: monospace;">add action=netmap chain=CGNAT_100_64_8-15 protocol=tcp src-address=\</span><br />
<span style="font-family: monospace;"> 100.64.10.0/25 to-addresses=192.0.2.0/25 to-ports=5500-5999</span><br />
<span style="font-family: monospace;">add action=netmap chain=CGNAT_100_64_8-15 protocol=udp src-address=\</span><br />
<span style="font-family: monospace;"> 100.64.10.0/25 to-addresses=192.0.2.0/25 to-ports=5500-5999</span><br />
<span style="font-family: monospace;">...</span><br />
<span style="font-family: monospace;">...</span><br />
<span style="font-family: monospace;">...</span><br />
<span style="font-family: monospace;">add action=netmap chain=CGNAT_100_64_48-56 protocol=tcp src-address=\</span><br />
<span style="font-family: monospace;"> 100.64.53.0/25 to-addresses=192.0.2.0/25 to-ports=17500-17999</span><br />
<span style="font-family: monospace;">add action=netmap chain=CGNAT_100_64_48-56 protocol=udp src-address=\</span><br />
<span style="font-family: monospace;"> 100.64.53.0/25 to-addresses=192.0.2.0/25 to-ports=17500-17999</span><br />
<span style="font-family: monospace;">add action=netmap chain=CGNAT_100_64_48-56 protocol=tcp src-address=\</span><br />
<span style="font-family: monospace;"> 100.64.54.0/25 to-addresses=192.0.2.0/25 to-ports=18000-18499</span><br />
<span style="font-family: monospace;">add action=netmap chain=CGNAT_100_64_48-56 protocol=udp src-address=\</span><br />
<span style="font-family: monospace;"> 100.64.54.0/25 to-addresses=192.0.2.0/25 to-ports=18000-18499</span><br />
<span style="font-family: monospace;">...</span><br />
<span style="font-family: monospace;">...</span><br />
<span style="font-family: monospace;">...</span></div>
<br />
<br />
<div style="background-color: white; color: #222222; font-family: arial, sans-serif; font-size: 12.8px;">
Por que separei a questão dos "Ranges de IPs Privados", pois independente da utilização <span style="font-size: 12.8px;"> </span><span style="font-size: 12.8px;">(rotas, localização, agregações)</span><span style="font-size: 12.8px;"> IPs podem ser agrupados ou divididos pela mascara.</span></div>
<div style="background-color: white; color: #222222; font-family: arial, sans-serif; font-size: 12.8px;">
Exemplo: Se eu tenho na minha pra funcionamento 2 /25 posso dizer que tenho 1 /24 como posso dizer que tenho 64 /30</div>
<div style="background-color: white; color: #222222; font-family: arial, sans-serif; font-size: 12.8px;">
<br /></div>
<div style="background-color: white; color: #222222; font-family: arial, sans-serif; font-size: 12.8px;">
Se for usar 255 IPs públicos, posso usar ranges /24</div>
<div style="background-color: white; color: #222222; font-family: arial, sans-serif; font-size: 12.8px;">
Se for usar 128 IPs <span style="font-size: 12.8px;">públicos</span>, posso usar ranges /25</div>
<div style="background-color: white; color: #222222; font-family: arial, sans-serif; font-size: 12.8px;">
Se for usar 64 IPs <span style="font-size: 12.8px;">públicos</span>, posso usar ranges /26</div>
<div style="background-color: white; color: #222222; font-family: arial, sans-serif; font-size: 12.8px;">
Se for usar 4 IPs <span style="font-size: 12.8px;">públicos</span>, posso usar ranges /30</div>
</div>
Eduardo Mazolinihttp://www.blogger.com/profile/00027390881892041731noreply@blogger.com0tag:blogger.com,1999:blog-1133952089235356349.post-75391346631710736022017-03-07T15:16:00.000-03:002017-03-07T15:38:40.668-03:00Enviar Localização no WhasApp WebTodos os dias eu preciso enviar a latitude e longitude para os técnicos que vão abrir esta localização em seus celulares.<br />
<br />
Eu sei que enviando o link abaixo do google maps funciona, mas tinha que ficar copiando concatenando e colando.<br />
<br />
http://maps.google.com/maps?saddr=Current+Location&daddr=-22.5951525,-46.5446545<br />
<br />
Então resolvi facilitar a minha vida.<br />
<br />
Já uso inserir javascript em outras paginas, o conceito básico é:<br />
<h4>
1) escreva um código</h4>
<br />
<pre><code>message="http://maps.google.com/maps?saddr=Current+Location&daddr=";
coord = window.prompt("Entre: Lat, lon");
function sendMessage(message) {
InputEvent = Event || InputEvent;
var evt = new InputEvent('input', {
bubbles: true
});
var input = document.querySelector("div.input");
input.innerHTML = message;
input.dispatchEvent(evt);
document.querySelector(".btn-icon").click();
}
if (coord != null) {
message=message+coord
sendMessage(message);
}</code></pre>
<div>
<br />
<h4>
2) Reduza ao máximo</h4>
<br />
Como vou salvar na barra de favoritos o legal é minificar:<br />
https://jscompress.com/<br />
<br />
<h4>
3) Acione a chamada</h4>
Então coloque o código dentro do seguinte texto:<br />
javascript:(function(){blablabla})();<br />
javascript:void(blablabla)<br />
<br />
<br />
Resultado:<br />
<br />
javascript:(function(){function sendMessage(a){InputEvent=Event||InputEvent;var b=new InputEvent("input",{bubbles:!0}),c=document.querySelector("div.input");c.innerHTML=a,c.dispatchEvent(b),document.querySelector(".btn-icon").click()}message="http://maps.google.com/maps?saddr=Current+Location&daddr=",coord=window.prompt("Entre: Lat, Lon"),null!=coord&&(message+=coord,sendMessage(message));})();<br />
<br /></div>
Eduardo Mazolinihttp://www.blogger.com/profile/00027390881892041731noreply@blogger.com0tag:blogger.com,1999:blog-1133952089235356349.post-54499721823053845702015-12-17T16:21:00.000-02:002015-12-17T16:21:23.758-02:00WhatsApp bloqueado e agora?<div dir="ltr" style="background-color: white; color: #222222; font-family: arial, sans-serif; font-size: 12.8px;">
WhatsApp bloqueado e agora?</div>
<div dir="ltr" style="background-color: white; color: #222222; font-family: arial, sans-serif; font-size: 12.8px;">
Antes de continuar, vamos lembrar que isso era apenas por 48 horas (iniciando dia 17/12/2015 as 00:00), e já foi suspenso.<br /><span class="im" style="color: #500050;">A decisão judicial foi porque o WhatsApp não atendeu à solicitação de entregar informações sobre um crime de pedofilia.<br />Impossibilidade de cumprir a ordem, ou desprezo a justiça brasileira? Não sei a resposta, minha opinião pessoal, sem conhecer os fatos, é que foi desprezo.</span></div>
<div dir="ltr" style="background-color: white; color: #222222; font-family: arial, sans-serif; font-size: 12.8px;">
<span class="im" style="color: #500050;">Apesar das operadoras, realmente, estarem apavoradas com o tipo de serviço prestado pelo WhatsApp, elas não são as responsáveis.<br />Até onde li, somente a Oi entrou com pedido pra não precisar cumprir a ordem. As Operadoras não estão achando ruim o resultado da ordem judicial.</span>Mas importante é saber que não foram as operadoras, o problema é a não cooperação em resolver um crime de pedofilia.</div>
<div dir="ltr">
Aqui eu pretendo apresentar 2 soluções para nos comunicarmos, vou apresentar argumentos pra que você tome sua decisão.</div>
<div dir="ltr" style="background-color: white; color: #222222; font-family: arial, sans-serif; font-size: 12.8px;">
<span class="im" style="color: #500050;">Se você acha que ignorar a ordem judicial é errado, a solução é usar outro serviço. Vamos todos juntos escolher outro aplicativo pra usar e vamos continuar com ele depois das 48horas.<br />Eu vou sugerir o Telegram, por que eu já tenho a bandeira do software livre e o Telegram esta alinhado comigo nesta.<br />Eu vou sugerir o Telegram, por que ele oferece condições de integrar os meus sistemas com os dele, através do que é conhecido como API.<br />Empresas como a Jovem Pan tiveram de escolher outro aplicativo, devido a impossibilidade de integração e interesses comerciais.<br /></span>Hoje foi dado um passo muito perigoso, pois foi feito o bloqueio a um serviço de internet. Isto é censura, como ocorre na China, por exemplo.</div>
<div dir="ltr" style="background-color: white; color: #222222; font-family: arial, sans-serif; font-size: 12.8px;">
Por esse motivo do bloqueio, eu vou sugerir que você use um serviço de VPN.</div>
<span class="im" style="background-color: white; color: #500050; font-family: arial, sans-serif; font-size: 12.8px;"></span><br />
<div dir="ltr" style="background-color: white;">
<span class="im" style="color: #500050; font-family: arial, sans-serif; font-size: 12.8px;">O que é VPN (Virtual Private Network)? De forma simples: você pega todos os dados que saem do seu celular, entrega pra um servidor, que esta liberado e fora do país e esse servidor manda seus dados pra onde eles iriam inicialmente.<br />Ótimo, mas quem é o responsável por esse servidor? Será que ele vai cuidar do seu sigilo?<br />O que eles podem saber?</span><span style="color: #222222; font-family: arial, sans-serif;"><span style="font-size: 12.8px;">Eles conseguem saber o o volume de dados é para quem de dados foram enviados. Se não acessarmos páginas HTTPS, somente HTTP e outros serviços não protegidos, até o que foi enviado (o texto, a foto) eles podem pegar e guardar. </span></span><br /><span class="im" style="color: #500050; font-family: arial, sans-serif; font-size: 12.8px;">Mas sua invasão de privacidade não acaba aqui.</span><span style="color: #222222; font-family: arial, sans-serif;"><span style="font-size: 12.8px;">Para usar o VPN, de forma simples, você vai instalar um aplicativo no seu celular. Eu testei um que está sendo muito divulgado hoje.</span></span><br /><span style="color: #222222; font-family: arial, sans-serif;"><span style="font-size: 12.8px;">Ele pediu acesso:</span></span><br /><span style="color: #222222; font-family: arial, sans-serif;"><span style="font-size: 12.8px;">- a todos os arquivos, incluindo as fotos e videos do meu celular;</span></span><br /><span style="color: #222222; font-family: arial, sans-serif;"><span style="font-size: 12.8px;">- pediu pra saber quais outros aplicativos estão rodando no meu celular.</span></span><br /><span style="color: #222222; font-family: arial, sans-serif;"><span style="font-size: 12.8px;">Eles precisam ganhar pra manter o serviço gratuito e então também mandaram muita propaganda.</span></span><br /><br /><span style="color: #500050; font-family: arial, sans-serif; font-size: 12.8px;">OK, agora temos duas soluções e sabemos os riscos de usar uma VPN, o que você vai fazer?</span><br /><span style="color: #222222; font-family: arial, sans-serif;"><span style="font-size: 12.8px;"><a href="https://play.google.com/store/apps/details?id=org.telegram.messenger">https://play.google.com/store/apps/details?id=org.telegram.messenger</a></span></span></div>
<div dir="ltr" style="background-color: white;">
<span style="color: #222222; font-family: arial, sans-serif;"><span style="font-size: 12.8px;"><br /></span></span></div>
Eduardo Mazolinihttp://www.blogger.com/profile/00027390881892041731noreply@blogger.com0tag:blogger.com,1999:blog-1133952089235356349.post-17293855889279473962015-04-08T14:13:00.001-03:002015-04-08T14:13:37.541-03:00Mario LED v6.23Segue a versão do Mario para RouteOS v6.23 ou mais nova.<br />
<br />
<br />
<a name='more'></a><br /><br />
<br />
Script:<br />
<br />
/system leds set [find where leds="eth2-led"] type=on;<br />
:beep frequency=660 length=100ms;<br />
/system leds set [find where leds="eth2-led"] type=off;<br />
:delay 150ms;<br />
/system leds set [find where leds="eth2-led"] type=on;<br />
:beep frequency=660 length=100ms;<br />
/system leds set [find where leds="eth2-led"] type=off;<br />
:delay 300ms;<br />
/system leds set [find where leds="eth2-led"] type=on;<br />
:beep frequency=660 length=100ms;<br />
/system leds set [find where leds="eth2-led"] type=off;<br />
:delay 300ms;<br />
/system leds set [find where leds="eth3-led"] type=on;<br />
:beep frequency=510 length=100ms;<br />
/system leds set [find where leds="eth3-led"] type=off;<br />
:delay 100ms;<br />
/system leds set [find where leds="eth2-led"] type=on;<br />
:beep frequency=660 length=100ms;<br />
/system leds set [find where leds="eth2-led"] type=off;<br />
:delay 300ms;<br />
/system leds set [find where leds="eth1-led"] type=on;<br />
:beep frequency=770 length=100ms;<br />
/system leds set [find where leds="eth1-led"] type=off;<br />
:delay 550ms;<br />
/system leds set [find where leds="eth3-led"] type=on;<br />
:beep frequency=380 length=100ms;<br />
/system leds set [find where leds="eth3-led"] type=off;<br />
:delay 575ms;<br />
/system leds set [find where leds="eth3-led"] type=on;<br />
:beep frequency=510 length=100ms;<br />
/system leds set [find where leds="eth3-led"] type=off;<br />
:delay 450ms;<br />
/system leds set [find where leds="eth3-led"] type=on;<br />
:beep frequency=380 length=100ms;<br />
/system leds set [find where leds="eth3-led"] type=off;<br />
:delay 400ms;<br />
/system leds set [find where leds="eth3-led"] type=on;<br />
:beep frequency=320 length=100ms;<br />
/system leds set [find where leds="eth3-led"] type=off;<br />
:delay 500ms;<br />
/system leds set [find where leds="eth3-led"] type=on;<br />
:beep frequency=440 length=100ms;<br />
/system leds set [find where leds="eth3-led"] type=off;<br />
:delay 300ms;<br />
/system leds set [find where leds="eth3-led"] type=on;<br />
:beep frequency=480 length=80ms;<br />
/system leds set [find where leds="eth3-led"] type=off;<br />
:delay 330ms;<br />
/system leds set [find where leds="eth3-led"] type=on;<br />
:beep frequency=450 length=100ms;<br />
/system leds set [find where leds="eth3-led"] type=off;<br />
:delay 150ms;<br />
/system leds set [find where leds="eth3-led"] type=on;<br />
:beep frequency=430 length=100ms;<br />
/system leds set [find where leds="eth3-led"] type=off;<br />
:delay 300ms;<br />
/system leds set [find where leds="eth3-led"] type=on;<br />
:beep frequency=380 length=100ms;<br />
/system leds set [find where leds="eth3-led"] type=off;<br />
:delay 200ms;<br />
/system leds set [find where leds="eth2-led"] type=on;<br />
:beep frequency=660 length=80ms;<br />
/system leds set [find where leds="eth2-led"] type=off;<br />
:delay 200ms;<br />
/system leds set [find where leds="eth1-led"] type=on;<br />
:beep frequency=760 length=50ms;<br />
/system leds set [find where leds="eth1-led"] type=off;<br />
:delay 150ms;<br />
/system leds set [find where leds="eth0-led"] type=on;<br />
:beep frequency=860 length=100ms;<br />
/system leds set [find where leds="eth0-led"] type=off;<br />
:delay 300ms;<br />
/system leds set [find where leds="eth1-led"] type=on;<br />
:beep frequency=700 length=80ms;<br />
/system leds set [find where leds="eth1-led"] type=off;<br />
:delay 150ms;<br />
/system leds set [find where leds="eth1-led"] type=on;<br />
:beep frequency=760 length=50ms;<br />
/system leds set [find where leds="eth1-led"] type=off;<br />
:delay 350ms;<br />
/system leds set [find where leds="eth2-led"] type=on;<br />
:beep frequency=660 length=80ms;<br />
/system leds set [find where leds="eth2-led"] type=off;<br />
:delay 300ms;<br />
/system leds set [find where leds="eth3-led"] type=on;<br />
:beep frequency=520 length=80ms;<br />
/system leds set [find where leds="eth3-led"] type=off;<br />
:delay 150ms;<br />
/system leds set [find where leds="eth2-led"] type=on;<br />
:beep frequency=580 length=80ms;<br />
/system leds set [find where leds="eth2-led"] type=off;<br />
:delay 150ms;<br />
/system leds set [find where leds="eth3-led"] type=on;<br />
:beep frequency=480 length=80ms;<br />
/system leds set [find where leds="eth3-led"] type=off;<br />
:delay 500ms;<br />
/system leds set [find where leds="eth3-led"] type=on;<br />
:beep frequency=510 length=100ms;<br />
/system leds set [find where leds="eth3-led"] type=off;<br />
:delay 450ms;<br />
/system leds set [find where leds="eth3-led"] type=on;<br />
:beep frequency=380 length=100ms;<br />
/system leds set [find where leds="eth3-led"] type=off;<br />
:delay 400ms;<br />
/system leds set [find where leds="eth3-led"] type=on;<br />
:beep frequency=320 length=100ms;<br />
/system leds set [find where leds="eth3-led"] type=off;<br />
:delay 500ms;<br />
/system leds set [find where leds="eth3-led"] type=on;<br />
:beep frequency=440 length=100ms;<br />
/system leds set [find where leds="eth3-led"] type=off;<br />
:delay 300ms;<br />
/system leds set [find where leds="eth3-led"] type=on;<br />
:beep frequency=480 length=80ms;<br />
/system leds set [find where leds="eth3-led"] type=off;<br />
:delay 330ms;<br />
/system leds set [find where leds="eth3-led"] type=on;<br />
:beep frequency=450 length=100ms;<br />
/system leds set [find where leds="eth3-led"] type=off;<br />
:delay 150ms;<br />
/system leds set [find where leds="eth3-led"] type=on;<br />
:beep frequency=430 length=100ms;<br />
/system leds set [find where leds="eth3-led"] type=off;<br />
:delay 300ms;<br />
/system leds set [find where leds="eth3-led"] type=on;<br />
:beep frequency=380 length=100ms;<br />
/system leds set [find where leds="eth3-led"] type=off;<br />
:delay 200ms;<br />
/system leds set [find where leds="eth2-led"] type=on;<br />
:beep frequency=660 length=80ms;<br />
/system leds set [find where leds="eth2-led"] type=off;<br />
:delay 200ms;<br />
/system leds set [find where leds="eth1-led"] type=on;<br />
:beep frequency=760 length=50ms;<br />
/system leds set [find where leds="eth1-led"] type=off;<br />
:delay 150ms;<br />
/system leds set [find where leds="eth0-led"] type=on;<br />
:beep frequency=860 length=100ms;<br />
/system leds set [find where leds="eth0-led"] type=off;<br />
:delay 300ms;<br />
/system leds set [find where leds="eth1-led"] type=on;<br />
:beep frequency=700 length=80ms;<br />
/system leds set [find where leds="eth1-led"] type=off;<br />
:delay 150ms;<br />
/system leds set [find where leds="eth1-led"] type=on;<br />
:beep frequency=760 length=50ms;<br />
/system leds set [find where leds="eth1-led"] type=off;<br />
:delay 350ms;<br />
/system leds set [find where leds="eth2-led"] type=on;<br />
:beep frequency=660 length=80ms;<br />
/system leds set [find where leds="eth2-led"] type=off;<br />
:delay 300ms;<br />
/system leds set [find where leds="eth3-led"] type=on;<br />
:beep frequency=520 length=80ms;<br />
/system leds set [find where leds="eth3-led"] type=off;<br />
:delay 150ms;<br />
/system leds set [find where leds="eth2-led"] type=on;<br />
:beep frequency=580 length=80ms;<br />
/system leds set [find where leds="eth2-led"] type=off;<br />
:delay 150ms;<br />
/system leds set [find where leds="eth3-led"] type=on;<br />
:beep frequency=480 length=80ms;<br />
/system leds set [find where leds="eth3-led"] type=off;<br />
:delay 500ms;<br />
/system leds set [find where leds="eth3-led"] type=on;<br />
:beep frequency=500 length=100ms;<br />
/system leds set [find where leds="eth3-led"] type=off;<br />
:delay 300ms;<br />
/system leds set [find where leds="eth1-led"] type=on;<br />
:beep frequency=760 length=100ms;<br />
/system leds set [find where leds="eth1-led"] type=off;<br />
:delay 100ms;<br />
/system leds set [find where leds="eth1-led"] type=on;<br />
:beep frequency=720 length=100ms;<br />
/system leds set [find where leds="eth1-led"] type=off;<br />
:delay 150ms;<br />
/system leds set [find where leds="eth1-led"] type=on;<br />
:beep frequency=680 length=100ms;<br />
/system leds set [find where leds="eth1-led"] type=off;<br />
:delay 150ms;<br />
/system leds set [find where leds="eth2-led"] type=on;<br />
:beep frequency=620 length=150ms;<br />
/system leds set [find where leds="eth2-led"] type=off;<br />
:delay 300ms;<br />
/system leds set [find where leds="eth2-led"] type=on;<br />
:beep frequency=650 length=150ms;<br />
/system leds set [find where leds="eth2-led"] type=off;<br />
:delay 300ms;<br />
/system leds set [find where leds="eth3-led"] type=on;<br />
:beep frequency=380 length=100ms;<br />
/system leds set [find where leds="eth3-led"] type=off;<br />
:delay 150ms;<br />
/system leds set [find where leds="eth3-led"] type=on;<br />
:beep frequency=430 length=100ms;<br />
/system leds set [find where leds="eth3-led"] type=off;<br />
:delay 150ms;<br />
/system leds set [find where leds="eth3-led"] type=on;<br />
:beep frequency=500 length=100ms;<br />
/system leds set [find where leds="eth3-led"] type=off;<br />
:delay 300ms;<br />
/system leds set [find where leds="eth3-led"] type=on;<br />
:beep frequency=430 length=100ms;<br />
/system leds set [find where leds="eth3-led"] type=off;<br />
:delay 150ms;<br />
/system leds set [find where leds="eth3-led"] type=on;<br />
:beep frequency=500 length=100ms;<br />
/system leds set [find where leds="eth3-led"] type=off;<br />
:delay 100ms;<br />
/system leds set [find where leds="eth2-led"] type=on;<br />
:beep frequency=570 length=100ms;<br />
/system leds set [find where leds="eth2-led"] type=off;<br />
:delay 220ms;<br />
/system leds set [find where leds="eth3-led"] type=on;<br />
:beep frequency=500 length=100ms;<br />
/system leds set [find where leds="eth3-led"] type=off;<br />
:delay 300ms;<br />
/system leds set [find where leds="eth1-led"] type=on;<br />
:beep frequency=760 length=100ms;<br />
/system leds set [find where leds="eth1-led"] type=off;<br />
:delay 100ms;<br />
/system leds set [find where leds="eth1-led"] type=on;<br />
:beep frequency=720 length=100ms;<br />
/system leds set [find where leds="eth1-led"] type=off;<br />
:delay 150ms;<br />
/system leds set [find where leds="eth1-led"] type=on;<br />
:beep frequency=680 length=100ms;<br />
/system leds set [find where leds="eth1-led"] type=off;<br />
:delay 150ms;<br />
/system leds set [find where leds="eth2-led"] type=on;<br />
:beep frequency=620 length=150ms;<br />
/system leds set [find where leds="eth2-led"] type=off;<br />
:delay 300ms;<br />
/system leds set [find where leds="eth2-led"] type=on;<br />
:beep frequency=650 length=200ms;<br />
/system leds set [find where leds="eth2-led"] type=off;<br />
:delay 300ms;<br />
<br />
/system leds set [find where leds="eth0-led"] type=on;<br />
/system leds set [find where leds="eth1-led"] type=on;<br />
/system leds set [find where leds="eth2-led"] type=on;<br />
/system leds set [find where leds="eth3-led"] type=on;<br />
:beep frequency=1020 length=80ms;<br />
:delay 150ms;<br />
/system leds set [find where leds="eth0-led"] type=off;<br />
/system leds set [find where leds="eth1-led"] type=off;<br />
/system leds set [find where leds="eth2-led"] type=off;<br />
/system leds set [find where leds="eth3-led"] type=off;<br />
:delay 150ms;<br />
/system leds set [find where leds="eth0-led"] type=on;<br />
/system leds set [find where leds="eth1-led"] type=on;<br />
/system leds set [find where leds="eth2-led"] type=on;<br />
/system leds set [find where leds="eth3-led"] type=on;<br />
:beep frequency=1020 length=80ms;<br />
:delay 75ms;<br />
/system leds set [find where leds="eth0-led"] type=off;<br />
/system leds set [find where leds="eth1-led"] type=off;<br />
/system leds set [find where leds="eth2-led"] type=off;<br />
/system leds set [find where leds="eth3-led"] type=off;<br />
:delay 75ms;<br />
/system leds set [find where leds="eth0-led"] type=on;<br />
/system leds set [find where leds="eth1-led"] type=on;<br />
/system leds set [find where leds="eth2-led"] type=on;<br />
/system leds set [find where leds="eth3-led"] type=on;<br />
:beep frequency=1020 length=80ms;<br />
:delay 150ms;<br />
/system leds set [find where leds="eth0-led"] type=off;<br />
/system leds set [find where leds="eth1-led"] type=off;<br />
/system leds set [find where leds="eth2-led"] type=off;<br />
/system leds set [find where leds="eth3-led"] type=off;<br />
:delay 150ms;<br />
<br />
/system leds set [find where leds="eth3-led"] type=on;<br />
:beep frequency=380 length=100ms;<br />
/system leds set [find where leds="eth3-led"] type=off;<br />
:delay 300ms;<br />
/system leds set [find where leds="eth3-led"] type=on;<br />
:beep frequency=500 length=100ms;<br />
/system leds set [find where leds="eth3-led"] type=off;<br />
:delay 300ms;<br />
/system leds set [find where leds="eth1-led"] type=on;<br />
:beep frequency=760 length=100ms;<br />
/system leds set [find where leds="eth1-led"] type=off;<br />
:delay 100ms;<br />
/system leds set [find where leds="eth1-led"] type=on;<br />
:beep frequency=720 length=100ms;<br />
/system leds set [find where leds="eth1-led"] type=off;<br />
:delay 150ms;<br />
/system leds set [find where leds="eth1-led"] type=on;<br />
:beep frequency=680 length=100ms;<br />
/system leds set [find where leds="eth1-led"] type=off;<br />
:delay 150ms;<br />
/system leds set [find where leds="eth2-led"] type=on;<br />
:beep frequency=620 length=150ms;<br />
/system leds set [find where leds="eth2-led"] type=off;<br />
:delay 300ms;<br />
/system leds set [find where leds="eth2-led"] type=on;<br />
:beep frequency=650 length=150ms;<br />
/system leds set [find where leds="eth2-led"] type=off;<br />
:delay 300ms;<br />
/system leds set [find where leds="eth3-led"] type=on;<br />
:beep frequency=380 length=100ms;<br />
/system leds set [find where leds="eth3-led"] type=off;<br />
:delay 150ms;<br />
/system leds set [find where leds="eth3-led"] type=on;<br />
:beep frequency=430 length=100ms;<br />
/system leds set [find where leds="eth3-led"] type=off;<br />
:delay 150ms;<br />
/system leds set [find where leds="eth3-led"] type=on;<br />
:beep frequency=500 length=100ms;<br />
/system leds set [find where leds="eth3-led"] type=off;<br />
:delay 300ms;<br />
/system leds set [find where leds="eth3-led"] type=on;<br />
:beep frequency=430 length=100ms;<br />
/system leds set [find where leds="eth3-led"] type=off;<br />
:delay 150ms;<br />
/system leds set [find where leds="eth3-led"] type=on;<br />
:beep frequency=500 length=100ms;<br />
/system leds set [find where leds="eth3-led"] type=off;<br />
:delay 100ms;<br />
/system leds set [find where leds="eth2-led"] type=on;<br />
:beep frequency=570 length=100ms;<br />
/system leds set [find where leds="eth2-led"] type=off;<br />
:delay 420ms;<br />
/system leds set [find where leds="eth2-led"] type=on;<br />
:beep frequency=585 length=100ms;<br />
/system leds set [find where leds="eth2-led"] type=off;<br />
:delay 450ms;<br />
/system leds set [find where leds="eth2-led"] type=on;<br />
:beep frequency=550 length=100ms;<br />
/system leds set [find where leds="eth2-led"] type=off;<br />
:delay 420ms;<br />
/system leds set [find where leds="eth3-led"] type=on;<br />
:beep frequency=500 length=100ms;<br />
/system leds set [find where leds="eth3-led"] type=off;<br />
:delay 360ms;<br />
/system leds set [find where leds="eth3-led"] type=on;<br />
:beep frequency=380 length=100ms;<br />
/system leds set [find where leds="eth3-led"] type=off;<br />
:delay 300ms;<br />
/system leds set [find where leds="eth3-led"] type=on;<br />
:beep frequency=500 length=100ms;<br />
/system leds set [find where leds="eth3-led"] type=off;<br />
:delay 300ms;<br />
/system leds set [find where leds="eth3-led"] type=on;<br />
:beep frequency=500 length=100ms;<br />
/system leds set [find where leds="eth3-led"] type=off;<br />
:delay 150ms;<br />
/system leds set [find where leds="eth3-led"] type=on;<br />
:beep frequency=500 length=100ms;<br />
/system leds set [find where leds="eth3-led"] type=off;<br />
:delay 300ms;<br />
/system leds set [find where leds="eth3-led"] type=on;<br />
:beep frequency=500 length=100ms;<br />
/system leds set [find where leds="eth3-led"] type=off;<br />
:delay 300ms;<br />
/system leds set [find where leds="eth1-led"] type=on;<br />
:beep frequency=760 length=100ms;<br />
/system leds set [find where leds="eth1-led"] type=off;<br />
:delay 100ms;<br />
/system leds set [find where leds="eth1-led"] type=on;<br />
:beep frequency=720 length=100ms;<br />
/system leds set [find where leds="eth1-led"] type=off;<br />
:delay 150ms;<br />
/system leds set [find where leds="eth1-led"] type=on;<br />
:beep frequency=680 length=100ms;<br />
/system leds set [find where leds="eth1-led"] type=off;<br />
:delay 150ms;<br />
/system leds set [find where leds="eth2-led"] type=on;<br />
:beep frequency=620 length=150ms;<br />
/system leds set [find where leds="eth2-led"] type=off;<br />
:delay 300ms;<br />
/system leds set [find where leds="eth2-led"] type=on;<br />
:beep frequency=650 length=150ms;<br />
/system leds set [find where leds="eth2-led"] type=off;<br />
:delay 300ms;<br />
/system leds set [find where leds="eth3-led"] type=on;<br />
:beep frequency=380 length=100ms;<br />
/system leds set [find where leds="eth3-led"] type=off;<br />
:delay 150ms;<br />
/system leds set [find where leds="eth3-led"] type=on;<br />
:beep frequency=430 length=100ms;<br />
/system leds set [find where leds="eth3-led"] type=off;<br />
:delay 150ms;<br />
/system leds set [find where leds="eth3-led"] type=on;<br />
:beep frequency=500 length=100ms;<br />
/system leds set [find where leds="eth3-led"] type=off;<br />
:delay 300ms;<br />
/system leds set [find where leds="eth3-led"] type=on;<br />
:beep frequency=430 length=100ms;<br />
/system leds set [find where leds="eth3-led"] type=off;<br />
:delay 150ms;<br />
/system leds set [find where leds="eth3-led"] type=on;<br />
:beep frequency=500 length=100ms;<br />
/system leds set [find where leds="eth3-led"] type=off;<br />
:delay 100ms;<br />
/system leds set [find where leds="eth2-led"] type=on;<br />
:beep frequency=570 length=100ms;<br />
/system leds set [find where leds="eth2-led"] type=off;<br />
:delay 220ms;<br />
/system leds set [find where leds="eth3-led"] type=on;<br />
:beep frequency=500 length=100ms;<br />
/system leds set [find where leds="eth3-led"] type=off;<br />
:delay 300ms;<br />
/system leds set [find where leds="eth1-led"] type=on;<br />
:beep frequency=760 length=100ms;<br />
/system leds set [find where leds="eth1-led"] type=off;<br />
:delay 100ms;<br />
/system leds set [find where leds="eth1-led"] type=on;<br />
:beep frequency=720 length=100ms;<br />
/system leds set [find where leds="eth1-led"] type=off;<br />
:delay 150ms;<br />
/system leds set [find where leds="eth1-led"] type=on;<br />
:beep frequency=680 length=100ms;<br />
/system leds set [find where leds="eth1-led"] type=off;<br />
:delay 150ms;<br />
/system leds set [find where leds="eth2-led"] type=on;<br />
:beep frequency=620 length=150ms;<br />
/system leds set [find where leds="eth2-led"] type=off;<br />
:delay 300ms;<br />
/system leds set [find where leds="eth2-led"] type=on;<br />
:beep frequency=650 length=200ms;<br />
/system leds set [find where leds="eth2-led"] type=off;<br />
:delay 300ms;<br />
/system leds set [find where leds="eth0-led"] type=on;<br />
/system leds set [find where leds="eth1-led"] type=on;<br />
/system leds set [find where leds="eth2-led"] type=on;<br />
/system leds set [find where leds="eth3-led"] type=on;<br />
:beep frequency=1020 length=80ms;<br />
:delay 150ms;<br />
/system leds set [find where leds="eth0-led"] type=off;<br />
/system leds set [find where leds="eth1-led"] type=off;<br />
/system leds set [find where leds="eth2-led"] type=off;<br />
/system leds set [find where leds="eth3-led"] type=off;<br />
:delay 150ms;<br />
/system leds set [find where leds="eth0-led"] type=on;<br />
/system leds set [find where leds="eth1-led"] type=on;<br />
/system leds set [find where leds="eth2-led"] type=on;<br />
/system leds set [find where leds="eth3-led"] type=on;<br />
:beep frequency=1020 length=80ms;<br />
:delay 75ms;<br />
/system leds set [find where leds="eth0-led"] type=off;<br />
/system leds set [find where leds="eth1-led"] type=off;<br />
/system leds set [find where leds="eth2-led"] type=off;<br />
/system leds set [find where leds="eth3-led"] type=off;<br />
:delay 75ms;<br />
/system leds set [find where leds="eth0-led"] type=on;<br />
/system leds set [find where leds="eth1-led"] type=on;<br />
/system leds set [find where leds="eth2-led"] type=on;<br />
/system leds set [find where leds="eth3-led"] type=on;<br />
:beep frequency=1020 length=80ms;<br />
:delay 150ms;<br />
/system leds set [find where leds="eth0-led"] type=off;<br />
/system leds set [find where leds="eth1-led"] type=off;<br />
/system leds set [find where leds="eth2-led"] type=off;<br />
/system leds set [find where leds="eth3-led"] type=off;<br />
:delay 150ms;<br />
<br />
<br />
/system leds set [find where leds="eth3-led"] type=on;<br />
:beep frequency=380 length=100ms;<br />
/system leds set [find where leds="eth3-led"] type=off;<br />
:delay 300ms;<br />
/system leds set [find where leds="eth3-led"] type=on;<br />
:beep frequency=500 length=100ms;<br />
/system leds set [find where leds="eth3-led"] type=off;<br />
:delay 300ms;<br />
/system leds set [find where leds="eth1-led"] type=on;<br />
:beep frequency=760 length=100ms;<br />
/system leds set [find where leds="eth1-led"] type=off;<br />
:delay 100ms;<br />
/system leds set [find where leds="eth1-led"] type=on;<br />
:beep frequency=720 length=100ms;<br />
/system leds set [find where leds="eth1-led"] type=off;<br />
:delay 150ms;<br />
/system leds set [find where leds="eth1-led"] type=on;<br />
:beep frequency=680 length=100ms;<br />
/system leds set [find where leds="eth1-led"] type=off;<br />
:delay 150ms;<br />
/system leds set [find where leds="eth2-led"] type=on;<br />
:beep frequency=620 length=150ms;<br />
/system leds set [find where leds="eth2-led"] type=off;<br />
:delay 300ms;<br />
/system leds set [find where leds="eth2-led"] type=on;<br />
:beep frequency=650 length=150ms;<br />
/system leds set [find where leds="eth2-led"] type=off;<br />
:delay 300ms;<br />
/system leds set [find where leds="eth3-led"] type=on;<br />
:beep frequency=380 length=100ms;<br />
/system leds set [find where leds="eth3-led"] type=off;<br />
:delay 150ms;<br />
/system leds set [find where leds="eth3-led"] type=on;<br />
:beep frequency=430 length=100ms;<br />
/system leds set [find where leds="eth3-led"] type=off;<br />
:delay 150ms;<br />
/system leds set [find where leds="eth3-led"] type=on;<br />
:beep frequency=500 length=100ms;<br />
/system leds set [find where leds="eth3-led"] type=off;<br />
:delay 300ms;<br />
/system leds set [find where leds="eth3-led"] type=on;<br />
:beep frequency=430 length=100ms;<br />
/system leds set [find where leds="eth3-led"] type=off;<br />
:delay 150ms;<br />
/system leds set [find where leds="eth3-led"] type=on;<br />
:beep frequency=500 length=100ms;<br />
/system leds set [find where leds="eth3-led"] type=off;<br />
:delay 100ms;<br />
/system leds set [find where leds="eth2-led"] type=on;<br />
:beep frequency=570 length=100ms;<br />
/system leds set [find where leds="eth2-led"] type=off;<br />
:delay 420ms;<br />
/system leds set [find where leds="eth2-led"] type=on;<br />
:beep frequency=585 length=100ms;<br />
/system leds set [find where leds="eth2-led"] type=off;<br />
:delay 450ms;<br />
/system leds set [find where leds="eth2-led"] type=on;<br />
:beep frequency=550 length=100ms;<br />
/system leds set [find where leds="eth2-led"] type=off;<br />
:delay 420ms;<br />
/system leds set [find where leds="eth3-led"] type=on;<br />
:beep frequency=500 length=100ms;<br />
/system leds set [find where leds="eth3-led"] type=off;<br />
:delay 360ms;<br />
/system leds set [find where leds="eth3-led"] type=on;<br />
:beep frequency=380 length=100ms;<br />
/system leds set [find where leds="eth3-led"] type=off;<br />
:delay 300ms;<br />
/system leds set [find where leds="eth3-led"] type=on;<br />
:beep frequency=500 length=100ms;<br />
/system leds set [find where leds="eth3-led"] type=off;<br />
:delay 300ms;<br />
/system leds set [find where leds="eth3-led"] type=on;<br />
:beep frequency=500 length=100ms;<br />
/system leds set [find where leds="eth3-led"] type=off;<br />
:delay 150ms;<br />
/system leds set [find where leds="eth3-led"] type=on;<br />
:beep frequency=500 length=100ms;<br />
/system leds set [find where leds="eth3-led"] type=off;<br />
:delay 300ms;<br />
/system leds set [find where leds="eth3-led"] type=on;<br />
:beep frequency=500 length=60ms;<br />
/system leds set [find where leds="eth3-led"] type=off;<br />
:delay 150ms;<br />
/system leds set [find where leds="eth3-led"] type=on;<br />
:beep frequency=500 length=80ms;<br />
/system leds set [find where leds="eth3-led"] type=off;<br />
:delay 300ms;<br />
/system leds set [find where leds="eth3-led"] type=on;<br />
:beep frequency=500 length=60ms;<br />
/system leds set [find where leds="eth3-led"] type=off;<br />
:delay 350ms;<br />
/system leds set [find where leds="eth3-led"] type=on;<br />
:beep frequency=500 length=80ms;<br />
/system leds set [find where leds="eth3-led"] type=off;<br />
:delay 150ms;<br />
/system leds set [find where leds="eth2-led"] type=on;<br />
:beep frequency=580 length=80ms;<br />
/system leds set [find where leds="eth2-led"] type=off;<br />
:delay 350ms;<br />
/system leds set [find where leds="eth2-led"] type=on;<br />
:beep frequency=660 length=80ms;<br />
/system leds set [find where leds="eth2-led"] type=off;<br />
:delay 150ms;<br />
/system leds set [find where leds="eth3-led"] type=on;<br />
:beep frequency=500 length=80ms;<br />
/system leds set [find where leds="eth3-led"] type=off;<br />
:delay 300ms;<br />
/system leds set [find where leds="eth3-led"] type=on;<br />
:beep frequency=430 length=80ms;<br />
/system leds set [find where leds="eth3-led"] type=off;<br />
:delay 150ms;<br />
/system leds set [find where leds="eth3-led"] type=on;<br />
:beep frequency=380 length=80ms;<br />
/system leds set [find where leds="eth3-led"] type=off;<br />
:delay 600ms;<br />
/system leds set [find where leds="eth3-led"] type=on;<br />
:beep frequency=500 length=60ms;<br />
/system leds set [find where leds="eth3-led"] type=off;<br />
:delay 150ms;<br />
/system leds set [find where leds="eth3-led"] type=on;<br />
:beep frequency=500 length=80ms;<br />
/system leds set [find where leds="eth3-led"] type=off;<br />
:delay 300ms;<br />
/system leds set [find where leds="eth3-led"] type=on;<br />
:beep frequency=500 length=60ms;<br />
/system leds set [find where leds="eth3-led"] type=off;<br />
:delay 350ms;<br />
/system leds set [find where leds="eth3-led"] type=on;<br />
:beep frequency=500 length=80ms;<br />
/system leds set [find where leds="eth3-led"] type=off;<br />
:delay 150ms;<br />
/system leds set [find where leds="eth2-led"] type=on;<br />
:beep frequency=580 length=80ms;<br />
/system leds set [find where leds="eth2-led"] type=off;<br />
:delay 150ms;<br />
/system leds set [find where leds="eth2-led"] type=on;<br />
:beep frequency=660 length=80ms;<br />
/system leds set [find where leds="eth2-led"] type=off;<br />
:delay 550ms;<br />
/system leds set [find where leds="eth0-led"] type=on;<br />
:beep frequency=870 length=80ms;<br />
/system leds set [find where leds="eth0-led"] type=off;<br />
:delay 325ms;<br />
/system leds set [find where leds="eth1-led"] type=on;<br />
:beep frequency=760 length=80ms;<br />
/system leds set [find where leds="eth1-led"] type=off;<br />
:delay 600ms;<br />
/system leds set [find where leds="eth3-led"] type=on;<br />
:beep frequency=500 length=60ms;<br />
/system leds set [find where leds="eth3-led"] type=off;<br />
:delay 150ms;<br />
/system leds set [find where leds="eth3-led"] type=on;<br />
:beep frequency=500 length=80ms;<br />
/system leds set [find where leds="eth3-led"] type=off;<br />
:delay 300ms;<br />
/system leds set [find where leds="eth3-led"] type=on;<br />
:beep frequency=500 length=60ms;<br />
/system leds set [find where leds="eth3-led"] type=off;<br />
:delay 350ms;<br />
/system leds set [find where leds="eth3-led"] type=on;<br />
:beep frequency=500 length=80ms;<br />
/system leds set [find where leds="eth3-led"] type=off;<br />
:delay 150ms;<br />
/system leds set [find where leds="eth2-led"] type=on;<br />
:beep frequency=580 length=80ms;<br />
/system leds set [find where leds="eth2-led"] type=off;<br />
:delay 350ms;<br />
/system leds set [find where leds="eth2-led"] type=on;<br />
:beep frequency=660 length=80ms;<br />
/system leds set [find where leds="eth2-led"] type=off;<br />
:delay 150ms;<br />
/system leds set [find where leds="eth3-led"] type=on;<br />
:beep frequency=500 length=80ms;<br />
/system leds set [find where leds="eth3-led"] type=off;<br />
:delay 300ms;<br />
/system leds set [find where leds="eth3-led"] type=on;<br />
:beep frequency=430 length=80ms;<br />
/system leds set [find where leds="eth3-led"] type=off;<br />
:delay 150ms;<br />
/system leds set [find where leds="eth3-led"] type=on;<br />
:beep frequency=380 length=80ms;<br />
/system leds set [find where leds="eth3-led"] type=off;<br />
:delay 600ms;<br />
/system leds set [find where leds="eth2-led"] type=on;<br />
:beep frequency=660 length=100ms;<br />
/system leds set [find where leds="eth2-led"] type=off;<br />
:delay 150ms;<br />
/system leds set [find where leds="eth2-led"] type=on;<br />
:beep frequency=660 length=100ms;<br />
/system leds set [find where leds="eth2-led"] type=off;<br />
:delay 300ms;<br />
/system leds set [find where leds="eth2-led"] type=on;<br />
:beep frequency=660 length=100ms;<br />
/system leds set [find where leds="eth2-led"] type=off;<br />
:delay 300ms;<br />
/system leds set [find where leds="eth3-led"] type=on;<br />
:beep frequency=510 length=100ms;<br />
/system leds set [find where leds="eth3-led"] type=off;<br />
:delay 100ms;<br />
/system leds set [find where leds="eth2-led"] type=on;<br />
:beep frequency=660 length=100ms;<br />
/system leds set [find where leds="eth2-led"] type=off;<br />
:delay 300ms;<br />
/system leds set [find where leds="eth1-led"] type=on;<br />
:beep frequency=770 length=100ms;<br />
/system leds set [find where leds="eth1-led"] type=off;<br />
:delay 550ms;<br />
/system leds set [find where leds="eth0-led"] type=on;<br />
/system leds set [find where leds="eth1-led"] type=on;<br />
/system leds set [find where leds="eth2-led"] type=on;<br />
/system leds set [find where leds="eth3-led"] type=on;<br />
:beep frequency=380 length=100ms;<br />
:delay 150ms;<br />
/system leds set [find where leds="eth0-led"] type=off;<br />
/system leds set [find where leds="eth1-led"] type=off;<br />
/system leds set [find where leds="eth2-led"] type=off;<br />
/system leds set [find where leds="eth3-led"] type=off;Eduardo Mazolinihttp://www.blogger.com/profile/00027390881892041731noreply@blogger.com0tag:blogger.com,1999:blog-1133952089235356349.post-40358582903659521622014-09-05T22:24:00.003-03:002014-09-05T22:24:38.877-03:00Zycoo com rota de menor custoO PABX Zycoo especialmente o ZX20 possui um shell (ash) muito limitado.<br />
Então para fazer a consulta tive que fazer todo o AGI.<br />
<br />
O que eu fiz está no GitHub:<br />
https://github.com/eduardomazolini/Zycoo-TeleIn<br />
<br />
O arquivo extension_general.conf que não é alterado automaticamente portanto é um bom ponto para efetuar alterações.<br />
Na macro macro-trunkdial-failover faço o seguinte:<br />
- verifico se a rota a primeira rota (variável ARG1) é o meu tronco MAGICO.<br />
- ajusto o telefone para colocar o DDD sem o 0<br />
- Aciono o TeleIn.agi.<br />
- Substituo a variável Substituo o ARG1 usando a variavél Operadora, retornada pela AGI, que propositadamente é igual as constantes de troncos criadas pelo Zycoo.<br />
<br />
Bom proveito!<br />
Eduardo Mazolinihttp://www.blogger.com/profile/00027390881892041731noreply@blogger.com0tag:blogger.com,1999:blog-1133952089235356349.post-76722183707025401562014-03-11T07:25:00.002-03:002014-05-26T21:25:18.354-03:00QR Call - Direto no OperadorPessoal, to feliz de dizer que publiquei o meu primeiro app o <a href="https://play.google.com/store/apps/details?id=br.com.mazolini.qrcall" target="_blank">QR Call</a>.<br />
A versão gratuita vai sair em breve só preciso finalizar a exibição de propagandas, você não paga o anunciante paga.<br />
O preço atual é o menor permitido U$0,99 é que não é possível alterar de gratuito pra pago.<br />
Esse é o primeiro de pelo menos 3 que estou elaborando.<br />
<br />
<a name='more'></a><br />
<br />
<ul>
<li>Opção 9 - Direto no Operador</li>
</ul>
<br />
Na verdade o QR Call é um pedacinho do <b>Opção 9 - Direto no Operador.</b><br />
A idéia básica é entregar a ligação onde você quer sem a ficar ouvindo a voz eletrônica.<br />
No final da ligação compartilhar nas redes sócias a sua avaliação e comentários de como foi sua experiência. Vamos fazer essas empresas melhorarem o atendimento.<br />
<br />
<ul>
<li>Bina - Seu celular como um ramal da empresa.</li>
<li>Android-CTI - Você no controle dos gastos e informações de sua empresa.</li>
</ul>
Mais pra frente eu mudo os nomes e comento mais sobre essas idéias.<br />
<br />
<br />
<br />
<br />Eduardo Mazolinihttp://www.blogger.com/profile/00027390881892041731noreply@blogger.com0tag:blogger.com,1999:blog-1133952089235356349.post-45160280024926946072014-02-14T11:25:00.001-02:002014-02-14T11:25:33.369-02:00ls -RDiversas vezes quis gerar uma lista de arquivos com o caminho completo.<br />
Gostei muito da resposta que encontrei no <a href="http://stackoverflow.com/" target="_blank">Stackoverflow</a> em http://stackoverflow.com/a/1767559/3310382.<br />
<br />
<pre class="lang-bsh prettyprint prettyprinted" style="background-color: #eeeeee; border: 0px; font-family: Consolas, Menlo, Monaco, 'Lucida Console', 'Liberation Mono', 'DejaVu Sans Mono', 'Bitstream Vera Sans Mono', 'Courier New', monospace, serif; font-size: 14px; line-height: 17.804800033569336px; margin-bottom: 10px; max-height: 600px; overflow: auto; padding: 5px; vertical-align: baseline; width: auto; word-wrap: normal;"><code style="border: 0px; font-family: Consolas, Menlo, Monaco, 'Lucida Console', 'Liberation Mono', 'DejaVu Sans Mono', 'Bitstream Vera Sans Mono', 'Courier New', monospace, serif; margin: 0px; padding: 0px; vertical-align: baseline;"><span class="pln" style="background-color: transparent; border: 0px; margin: 0px; padding: 0px; vertical-align: baseline;">ls </span><span class="pun" style="background-color: transparent; border: 0px; margin: 0px; padding: 0px; vertical-align: baseline;">-</span><span class="pln" style="background-color: transparent; border: 0px; margin: 0px; padding: 0px; vertical-align: baseline;">R </span><span class="pun" style="background-color: transparent; border: 0px; margin: 0px; padding: 0px; vertical-align: baseline;">/</span><span class="pln" style="background-color: transparent; border: 0px; margin: 0px; padding: 0px; vertical-align: baseline;">path </span><span class="pun" style="background-color: transparent; border: 0px; margin: 0px; padding: 0px; vertical-align: baseline;">|</span><span class="pln" style="background-color: transparent; border: 0px; margin: 0px; padding: 0px; vertical-align: baseline;"> awk </span><span class="str" style="background-color: transparent; border: 0px; color: maroon; margin: 0px; padding: 0px; vertical-align: baseline;">'
/:$/&&f{s=$0;f=0}
/:$/&&!f{sub(/:$/,"");s=$0;f=1;next}
NF&&f{ print s"/"$0 }'</span></code></pre>
Autor: <a href="http://stackoverflow.com/users/131527/ghostdog74" style="background-color: white; border: 0px; color: #4a6b82; cursor: pointer; font-family: Arial, 'Liberation Sans', 'DejaVu Sans', sans-serif; font-size: 13px; line-height: 17px; margin: 0px; padding: 0px; text-decoration: none; vertical-align: baseline; white-space: nowrap;">ghostdog74</a><br />
<br />Eduardo Mazolinihttp://www.blogger.com/profile/00027390881892041731noreply@blogger.com0tag:blogger.com,1999:blog-1133952089235356349.post-73710824764113539352014-02-02T23:12:00.001-02:002014-02-02T23:12:49.142-02:00Mikrotik - Lease Script para adicionar DNS e QueueNo mikrotik o DHCP Server não adiciona o hostname no DNS, melhor dizendo o DNS não tem reconhece a solicitação para publicar um nome.<br />
Bom eu em casa tenho alguns equipamentos com ip fixo, uns fixo no servidor outros por amarração de mac, seja como for eu precisei adicionar os hostnames manualmente no DNS.<br />
Hoje precisei acessar um PC sem ip fixo, pelo nome <b>dns</b> e ai surgiu esse post.<br />
Em uma empresa também surgiu a necessidade de criar uns gráficos de consumo de banda e a função de gráficos de <b>queue</b> me serve perfeitamente, até pela restrição de acesso a informação, já que pode restringir somente ao target visualizar o gráfico.<br />
<br />
Para solucionar isso o melhor foi usar a opção de script dentro da configuração do DHCP Server, o campo "lease script".<br />
Quando é registrado um novo host adiciona o hostname com domínio no DNS e cria uma fila.<br />
Quando o registro é removido do lease remove a entrada do DNS e desativa a fila.<br />
Por que desativar a fila? Para não perder o histórico da maquina. Quando o pc volta com outro ip só é atualizado o target.<br />
Se mudar o ip do host vai ter target duplicado? Sim, mas a fila vai estar inativa.<br />
Se o hostname for nulo? Eu checo isso(x<hostname>x=xx), no caso optei não fazer nada.</hostname><br />
<br />
O Script está abaixo:<br />
<br />
<br />
<br />
<a name='more'></a><span style="font-family: Courier New, Courier, monospace; font-size: xx-small;"><br /></span><br />
<blockquote class="tr_bq">
<blockquote class="tr_bq">
<span style="font-family: Courier New, Courier, monospace; font-size: xx-small;">:local custDomain "dhcp.seudominio.com.br";</span></blockquote>
<blockquote class="tr_bq">
<span style="font-family: Courier New, Courier, monospace; font-size: xx-small;">:local custLease [/ip dhcp-server get value-name=lease-time [/ip dhcp-server find name=$leaseServerName]];</span></blockquote>
<blockquote class="tr_bq">
<span style="font-family: Courier New, Courier, monospace; font-size: xx-small;">:local custLeaseHost;</span></blockquote>
<blockquote class="tr_bq">
<span style="font-family: Courier New, Courier, monospace; font-size: xx-small;">:if ([/ip dhcp-server lease find active-address="$leaseActIP"]!="") do={</span></blockquote>
<blockquote class="tr_bq">
<span style="font-family: Courier New, Courier, monospace; font-size: xx-small;">:set custLeaseHost [/ip dhcp-server lease get value-name=host-name [/ip dhcp-server lease find active-address="$leaseActIP"]];</span></blockquote>
<blockquote class="tr_bq">
<span style="font-family: Courier New, Courier, monospace; font-size: xx-small;">} else={</span></blockquote>
<blockquote class="tr_bq">
<span style="font-family: Courier New, Courier, monospace; font-size: xx-small;">:set custLeaseHost "";</span></blockquote>
<blockquote class="tr_bq">
<span style="font-family: Courier New, Courier, monospace; font-size: xx-small;">};</span></blockquote>
<blockquote class="tr_bq">
<span style="font-family: Courier New, Courier, monospace; font-size: xx-small;"><br /></span></blockquote>
<blockquote class="tr_bq">
<span style="font-family: Courier New, Courier, monospace; font-size: xx-small;">:if ([/ip dhcp-server lease find active-address="$leaseActIP"]!="") do={</span></blockquote>
<blockquote class="tr_bq">
<span style="font-family: Courier New, Courier, monospace; font-size: xx-small;">:if ("X".$custLeaseHost."X"!="XX") do={</span></blockquote>
<blockquote class="tr_bq">
<span style="font-family: Courier New, Courier, monospace; font-size: xx-small;">:log info message=("DHCP LEASE: ".$leaseServerName." ".$leaseActIP." ".$leaseActMAC." ".$leaseBound." ".$custLeaseHost);</span></blockquote>
<blockquote class="tr_bq">
<span style="font-family: Courier New, Courier, monospace; font-size: xx-small;">/ip dns static add address=$leaseActIP name=($custLeaseHost.".".$custDomain) comment="lease" ttl=$custLease;</span></blockquote>
<blockquote class="tr_bq">
<span style="font-family: Courier New, Courier, monospace; font-size: xx-small;">:if ([/queue simple find name=($custLeaseHost.".".$custDomain)]="") do={</span></blockquote>
<blockquote class="tr_bq">
<span style="font-family: Courier New, Courier, monospace; font-size: xx-small;">/queue simple add name=($custLeaseHost.".".$custDomain) target=$leaseActIP total-max-limit=10M;</span></blockquote>
<blockquote class="tr_bq">
<span style="font-family: Courier New, Courier, monospace; font-size: xx-small;">} else={</span></blockquote>
<blockquote class="tr_bq">
<span style="font-family: Courier New, Courier, monospace; font-size: xx-small;">/queue simple set [/queue simple find name=($custLeaseHost.".".$custDomain)] target=$leaseActIP;</span></blockquote>
<blockquote class="tr_bq">
<span style="font-family: Courier New, Courier, monospace; font-size: xx-small;">/queue simple enable [/queue simple find name=($custLeaseHost.".".$custDomain)];</span></blockquote>
<blockquote class="tr_bq">
<span style="font-family: Courier New, Courier, monospace; font-size: xx-small;">}</span></blockquote>
<blockquote class="tr_bq">
<span style="font-family: Courier New, Courier, monospace; font-size: xx-small;"><br /></span></blockquote>
<blockquote class="tr_bq">
<span style="font-family: Courier New, Courier, monospace; font-size: xx-small;">} else={</span></blockquote>
<blockquote class="tr_bq">
<span style="font-family: Courier New, Courier, monospace; font-size: xx-small;">:log info message=("DHCP LEASE: ".$leaseServerName." ".$leaseActIP." ".$leaseActMAC." ".$leaseBound." "."NULO");</span></blockquote>
<blockquote class="tr_bq">
<span style="font-family: Courier New, Courier, monospace; font-size: xx-small;">};</span></blockquote>
<blockquote class="tr_bq">
<span style="font-family: Courier New, Courier, monospace; font-size: xx-small;">} else={</span></blockquote>
<blockquote class="tr_bq">
<span style="font-family: Courier New, Courier, monospace; font-size: xx-small;">/ip dns static remove [/ip dns static find comment="lease" address=$leaseActIP];</span></blockquote>
<blockquote class="tr_bq">
<span style="font-family: Courier New, Courier, monospace; font-size: xx-small;">:log info message=("DHCP LEASE: ".$leaseServerName." ".$leaseActIP." ".$leaseActMAC." ".$leaseBound." ");</span></blockquote>
<blockquote class="tr_bq">
<span style="font-family: Courier New, Courier, monospace; font-size: xx-small;">/queue simple disable [/queue simple find target=$leaseActIP."/32" disabled=no];</span></blockquote>
<blockquote class="tr_bq">
<span style="font-family: Courier New, Courier, monospace; font-size: xx-small;">};</span></blockquote>
<div>
<br /></div>
</blockquote>
Eduardo Mazolinihttp://www.blogger.com/profile/00027390881892041731noreply@blogger.com2tag:blogger.com,1999:blog-1133952089235356349.post-60342178744939990092013-12-31T19:53:00.000-02:002014-01-02T05:10:12.021-02:00Lembretes sobre BAT@echo off<br />
TITLE NAO FECHAR EXECUTANDO<br />
cd /d %~dp0<br />
SETLOCAL ENABLEEXTENSIONS<br />
SETLOCAL ENABLEDELAYEDEXPANSION<br />
start /w notepad.exe<br />
:: Comentario<br />
rem Comentario<br />
timeout /t 10 /nobreak<br />
goto label<br />
echo nao vai executar<br />
:label<br />
call :wait 5<br />
exit /b 0<br />
:wait<br />
ping 127.0.0.1 -n %1<br />
goto :EOFEduardo Mazolinihttp://www.blogger.com/profile/00027390881892041731noreply@blogger.com0tag:blogger.com,1999:blog-1133952089235356349.post-51042079557129819652013-12-31T00:18:00.003-02:002013-12-31T10:26:59.729-02:00Gravando prompt com a RaquelHoje precisei gravar alguns prompt para um Asterisk e lembrei que o os-x possui a voz da Raquel.<br />
A Raquel é uma das vozes para TTS em português mais antigas, nativa no mac.<br />
<br />
Basta abrir um terminal e digitar:<br />
<br />
echo 'Um dois três testando' | say -o teste<br />
sox teste.aiff --encoding signed-integer --endian little --bits 16 --channels 1 --rate 8k teste-pcm.wav<br />
<br />
Eu sei que o say pode formatar direto, mas não funciona com Asterisk.<br />
O pcm tem que ter 128kbps e neste caso fica com 150kbps, já alaw e ulaw tem que ser raw não wav.<br />
Tem um outro produto que trabalho que precisa do ulaw... ou melhor no Brasil precisa do alaw como wav, neste caso deve funcionar bem não testei.<br />
<br />
echo 'Um dois três testando' | say --data-format=ulaw@8000 -o teste-ulaw.wav<br />
echo 'Um dois três testando' | say --data-format=alaw@8000 -o teste-alaw.wav<br />
echo 'Um dois três testando' | say --data-format=I16@8000 -o teste-pcm.wav<br />
<br />
<br />Eduardo Mazolinihttp://www.blogger.com/profile/00027390881892041731noreply@blogger.com0