drut default route manager

Drut --Default RoUTe manager-- is a simple script that manages default routes.

I use Drut in systems that need Internet connectivity in LANs with multiple Routers routing through different uplinks. Drut is not a replacement for VRRP and VRRP is not a replacement for Drut, the same goes for tables ... blah ... blah ... it is easier to read what it does ...

#g0 2014 , http://ipduh.com/contact
#drut.sh , Default RoUTe manager

#Default Gateways
MYGWS=("" "" "" "")
#IP addresses to ping
PONG=("" "")

SET_GW=`route -n |grep "^0.0.0" |awk '{print $2}'`

for PIP in ${!PONG[*]};do
 if ! ping -c ${PING_COUNT} ${PONG[$PIP]} 1>/dev/null 2>/dev/null; then
  FAIL=`expr ${FAIL} + 1`

if [ ${FAIL} -eq 0 ]; then
 exit 0
 for GW in ${!MYGWS[*]}; do
  if [ " ${MYGWS[$GW]}" != "${SET_GW}" ]; then
   route add default gw ${MYGWS[$GW]}
   route del -net 0/0 gw ${SET_GW}
    for PIP in ${!PONG[*]};do
           if ! ping -c ${PING_COUNT} ${PONG[$PIP]} 1>/dev/null 2>/dev/null; then
                   FAIL=`expr ${FAIL} + 1`

    [ ${FAIL} -eq 0 ] && exit 0
 exit 3

Drut --Default RoUTe manager


raspberry pi set keyboard to a US keyboard and get rid off the british keyboard and the # madness

Install locales and set default locale with
$ sudo -s
# raspi-config

To set the keyboard layout to "us" in /etc/default/keyboard
$ cat /etc/default/keyboard 

# Consult the keyboard(5) manual page.



do it ... save a copy of the original keybord in keyboard.0 and reboot the system
# cd /etc/default/
# perl -i.0 -p -e 's/gb/us/g;' ./keyboard
# shutdown -r now

Raspberry Pi set keyboard layout to US


raspberrypi get rid off GUI

Notes on getting rid of the desktop environment on raspbian --the arm debian optimized for raspberry pi put together by the raspberry pi foundation.

Set boot on CLI
$ sudo -s
# raspi-config
Choose 3)
3 Enable Boot to Desktop/Scratch Choose whether to boot into a desktop environment, Scratch, or the command-line

Check file system usage
# df
Filesystem     1K-blocks    Used Available Use% Mounted on
rootfs           3731208 2085704   1448600  60% /
/dev/root        3731208 2085704   1448600  60% /
devtmpfs          215824       0    215824   0% /dev
tmpfs              44820     200     44620   1% /run
tmpfs               5120       0      5120   0% /run/lock
tmpfs              89620       0     89620   0% /run/shm
/dev/mmcblk0p1     57288   19064     38224  34% /boot

Purge everyging that depends on-requires X --the following packgages
ii  libx11-6:armhf                        2:1.5.0-1+deb7u1+wheezy                armhf        X11 client-side library
ii  libx11-data                           2:1.5.0-1+deb7u1+wheezy                all          X11 client-side library
ii  libx11-xcb1:armhf                     2:1.5.0-1+deb7u1+wheezy                armhf        Xlib/XCB interface library

# apt-get remove --auto-remove --purge libx11*

Check filesystem usage again
# df 
Filesystem     1K-blocks    Used Available Use% Mounted on
rootfs           3731208 1011460   2522844  29% /
/dev/root        3731208 1011460   2522844  29% /
devtmpfs          215824       0    215824   0% /dev
tmpfs              44820     200     44620   1% /run
tmpfs               5120       0      5120   0% /run/lock
tmpfs              89620       0     89620   0% /run/shm
/dev/mmcblk0p1     57288   19064     38224  34% /boot

# df -h
Filesystem      Size  Used Avail Use% Mounted on
rootfs          3.6G  988M  2.5G  29% /
/dev/root       3.6G  988M  2.5G  29% /
devtmpfs        211M     0  211M   0% /dev
tmpfs            44M  200K   44M   1% /run
tmpfs           5.0M     0  5.0M   0% /run/lock
tmpfs            88M     0   88M   0% /run/shm
/dev/mmcblk0p1   56M   19M   38M  34% /boot

that 's over one GiB in savings , 1/4 of the SD in this pi!

remove the desktop environment from raspberry pi raspbian


RouterOS gheto Load Balancer

GLBer is a program that creates the configuration for a Mikrotik RouterOS Load Balancer.

The confiuration is suitable for a router with many uplinks that serves many end users
eg: a workplace with many adsl lines

glber.sh takes as input the names of the point-to-point named interfaces and creates the RouterOS configuration commands and a RouterOS script that runs every 10 minutes.

#Creates the configuration commands and a RouterOS script used to put together a Ghetto Load BalanER --GLBer
#GLBer balances traffic among n named interfaces 
#GLBer NATs and masquerades 
#GLBer watches if the interfaces have Internet Access every 10 minutes and adjusts
#g0 2014 , there is a post about GLBer at http://alog.ipduh.com


for GW in ${GATEWAYS}; do

echo "glber.sh:hola , I will create the configuration for ${GW_COUNT} named interfaces" 

for GW in ${GATEWAYS}; do

 if [ ${POS} -eq ${GW_COUNT} ] 

echo ""
echo "###commands###"
echo ""

echo "/ip route"
echo "add dst-address= gateway=$ECMP check-gateway=ping comment=lbercur ;"

echo "/ip firewall nat"
for GW in ${GATEWAYS}; do
 echo "add chain=srcnat out-interface=${GW} action=masquerade comment=GLBer_${GW}_nat ;"

echo "/ip firewall mangle"
for GW in ${GATEWAYS}; do
 echo "add chain=input in-interface=${GW} action=mark-connection new-connection-mark=${GW}_c comment=GLBer_mangle ;"
 echo "add chain=output connection-mark=${GW}_c action=mark-routing new-routing-mark=to_${GW} comment=GLBer_mangle ;"

echo "/ip route"
for GW in ${GATEWAYS}; do
 echo "add dst-address= gateway=${GW} routing-mark=to_${GW} comment=GLBER ;"

echo ""
echo "###script###"
echo "###add the following script to the router 'script-repository' and name it glber###"
echo ""

read -r -d '' SCR <<- 'SCRIPTT'
:local goodgates " "
:local gcount 0
:local coma ""
:local lbercur "lbercur"
:local lbertmp "lbertmp"
:local pong ""

:foreach g in=$gateways do={
:if ( $gcount > 0 ) do={ :set coma (",") }
:if ([/ping $pong interface="$g" count=3] = 0) do={  }  else={ 
:set $goodgates ( "$goodgates" . "$coma" . "$g" ) ;
:set gcount ($gcount+1) 

/ip route set [find comment=$lbercur] distance=2  
/ip route add dst-address= gateway=$goodgates check-gateway=ping comment="$lbertmp"
/ip route remove [find comment=$lbercur] 
/ip route add dst-address= gateway=$goodgates check-gateway=ping comment="$lbercur"
/ip route remove [find comment=$lbertmp] 

echo "{ "
echo "#GLBer -- g0 2014 -- alog.ipduh.com"
echo ":local gateways { ${MIKAR} };"
echo "${SCR}"
echo ""
echo "###schedule script###"
echo "/system scheduler add name=glber policy=read,write,test interval=10m ;"

I think that the easiest way to use glber.sh is to ssh to the RouterOS system from a system that runs bash. Or ssh to a system that has bash and the RouterOS system from the same machine ... whatever .... The good thing is that RouterOS understands the line endings used in all the popular operating systems.

Example Usage

Assume we want to create an uplink balancer for the interfaces alpha, beta , gama , delta ,epsilon

These interfaces may be VPNs, PPoE Tunnels, etc
$ wget kod.ipduh.com/lib/glber.sh
$ chmod 755 glber.sh
$ ./glber.sh "alpha beta gama delta epsilon"

You need to ssh or winbox to the mikrotik RouterOS system and copy the configuration that the glber.sh outputs.

The configuration for the alpha beta gama delta epsilon balancing
 ./glber.sh "alpha beta gama delta epsilon"
glber.sh:hola , I will create the configuration for 5 named interfaces


/ip route
add dst-address= gateway=alpha,beta,gama,delta,epsilon check-gateway=ping comment=lbercur ;
/ip firewall nat
add chain=srcnat out-interface=alpha action=masquerade comment=GLBer_alpha_nat ;
add chain=srcnat out-interface=beta action=masquerade comment=GLBer_beta_nat ;
add chain=srcnat out-interface=gama action=masquerade comment=GLBer_gama_nat ;
add chain=srcnat out-interface=delta action=masquerade comment=GLBer_delta_nat ;
add chain=srcnat out-interface=epsilon action=masquerade comment=GLBer_epsilon_nat ;
/ip firewall mangle
add chain=input in-interface=alpha action=mark-connection new-connection-mark=alpha_c comment=GLBer_mangle ;
add chain=output connection-mark=alpha_c action=mark-routing new-routing-mark=to_alpha comment=GLBer_mangle ;
add chain=input in-interface=beta action=mark-connection new-connection-mark=beta_c comment=GLBer_mangle ;
add chain=output connection-mark=beta_c action=mark-routing new-routing-mark=to_beta comment=GLBer_mangle ;
add chain=input in-interface=gama action=mark-connection new-connection-mark=gama_c comment=GLBer_mangle ;
add chain=output connection-mark=gama_c action=mark-routing new-routing-mark=to_gama comment=GLBer_mangle ;
add chain=input in-interface=delta action=mark-connection new-connection-mark=delta_c comment=GLBer_mangle ;
add chain=output connection-mark=delta_c action=mark-routing new-routing-mark=to_delta comment=GLBer_mangle ;
add chain=input in-interface=epsilon action=mark-connection new-connection-mark=epsilon_c comment=GLBer_mangle ;
add chain=output connection-mark=epsilon_c action=mark-routing new-routing-mark=to_epsilon comment=GLBer_mangle ;
/ip route
add dst-address= gateway=alpha routing-mark=to_alpha comment=GLBER ;
add dst-address= gateway=beta routing-mark=to_beta comment=GLBER ;
add dst-address= gateway=gama routing-mark=to_gama comment=GLBER ;
add dst-address= gateway=delta routing-mark=to_delta comment=GLBER ;
add dst-address= gateway=epsilon routing-mark=to_epsilon comment=GLBER ;

###add the following script to the router 'script-repository' and name it glber###

#GLBer -- g0 2014 -- alog.ipduh.com
:local gateways { "alpha";"beta";"gama";"delta";"epsilon" };
:local goodgates " "
:local gcount 0
:local coma ""
:local lbercur "lbercur"
:local lbertmp "lbertmp"
:local pong ""

:foreach g in=$gateways do={
:if ( $gcount > 0 ) do={ :set coma (",") }
:if ([/ping $pong interface="$g" count=3] = 0) do={  }  else={ 
:set $goodgates ( "$goodgates" . "$coma" . "$g" ) ;
:set gcount ($gcount+1) 

/ip route set [find comment=$lbercur] distance=2  
/ip route add dst-address= gateway=$goodgates check-gateway=ping comment="$lbertmp"
/ip route remove [find comment=$lbercur] 
/ip route add dst-address= gateway=$goodgates check-gateway=ping comment="$lbercur"
/ip route remove [find comment=$lbertmp] 


###schedule script###
/system scheduler add name=glber policy=read,write,test interval=10m ;

In RouterOS the routing table is flushed every 10 minutes and then there is a good chance ( depending on the number of the uplinks ) to reset the masqueraded connections.

The RouterOS glber script runs every 10 minutes and resets the equal cost multipath route therefore I think that it raises the chance for the masqueraded connections to reset in a 10 minutes period.

In a 5 uplinks setup the chance for a connection to not reset should fall to 4% ( I did not have the patience to verify it yet ). Adding three lines of code to glber should raise the probability that a connection does not reset every 10 minutes up to 1/uplinks. I did not need it in my setup. I wanted outgoing connections to reset often. The thing needed a session was in the internal network and resetting facebook connections was considered a feature.

It is possible ( though not-tested enough) to balance differently per uplink.
eg: 25% of connections from alpha , 25% of connections from beta and 50% of connections from gama would be
$ ./glber.sh "alpha beta gama gama"
and 75% of the connections from alpha and 25% of the connections from beta would be
$ ./glber.sh "alpha alpha alpha beta"

Mikrotik RouterOS Uplink Balancer


Torrent Search

I added a few more russian friends to the torrent search.

There is a torrent search mozilla plugin that submits requests over HTTP and the Torrent SLL plugin. You may have to trust the ipduh CA to make the Torrent SSL plugin work.

Apparently, the google checks do not find all the `bad` dudes since I still find funny executables and scripts served instead of torrents from some of the web interfaces to the torrent trackers while not listed as `bad` by the google safe browsing.

I am not sure if it is due to rogue tracker operators, compromised trackers, or Man In The Middle attacks to the trackers ' users from third parties. So just be a little careful when using the torrent search.

Torrent Search


spectrum ~ 5 GHz - 6 GHz - Byron Athens

The Spectrum from 4,91 GHz - 6,1 GHz in Byron, Athens ~280m altitude.

280m is pretty high for Athens.
Athens is at sea level and most buildings are around 4 floors tall.

I used a 10 dBi omni antenna with 10 degree Vertical and 360 degree Horizontal Beamwidths and best for 5400 - 5850 MHz according the the manufacturer.

The antenna Radiation E and H Planes

Spectrum Usage around 5GHz - 6GHz

It was made with a RouterOS powered machine using the command
/interface wireless spectral-history 5GHz-AP-KAREAS range=4910-6110
where 5GHz-AP-KAREAS is the name of the wireless interface connected to the omni antenna.
The wireless interface is the one coming with the 912 mikrotik boards.

A few pictures from the location --the ipduh AWMN node

You can see Acropolis in this picture

Spectrum Usage 5GHz Athens Byron


winbox on 64b linux debian

"Install" winbox to a 64 bit debian linux using wine.

It should work just fine ( even though I did not try ) in 64b Ubuntu Systems if you replace 'su' with 'sudo -s' in the commands below.

Winbox is a GUI administration Tool for RouterOS routers made by Mikrotik

Wine is a piece of software that enables Windows executables to run on a Linux GNU system.

Install wine and download winbox
$ su
# dpkg --add-architecture i386
# apt-get install wine-bin:i386
# cd /usr/local/bin/
# wget http://download2.mikrotik.com/winbox.exe

Add wined winbox on the Gnome Menus using alacarte --a Gnome menus editor
# apt-get install alacarte
# exit
$ alacarte
add a new item
of Type Application
with a command like the following:
wine /usr/local/bin/winbox.exe
Close --save

winbox 64b debian linux


net-tools vs iproute2

Examples of using net-tools vs using iproute2

The tools are not equivalent and even though many times they appear to achieve the same result do not always arrive there the same way.

2 - Link Layer

Show ARP cache
# arp -an

# ip n

Add a permanent entry in the ARP cache
# arp -s -i eth0 -D eth0 pub

# ip n add lladdr 00:ab:cd:12:34:56 dev eth0 nud permanent

Delete an ARP entry
# arp -i eth0 -d

# ip n del dev eth0

Show MAC addresses
# ip m

# vconfig add eth0 3
# ifconfig eth0.3

# ip link add link eth0 name eth0.3 type vlan id 
# ip a add dev eth0.3

Delete VLAN
# vconfig rem eth0.3

# ip link del eth0.3

3 - IP

Show Information up to Layer 3
# ifconfig

# ip a

Set an IP address
# ifconfig eth0:8

# ip a add dev eth0 label eth0:8

Show default routing table
# route -n

# ip r

Add a default route
# route add default gw

# ip route add default via

Remove the default gateway
# route del -net 0/0 gw

# ip route del default via

Add and Remove a route
# route add -net netmask gw
# route del -net netmask gw

# ip route add 10/8 via
# ip route del 10/8 via

Take down an interface
# ifdown eth0:1

# ip link set eth0:1 down

Bring up an interface
# ifup eth0:1

# ip link set eth0:1 up

If statistics
# netstat -i eth0

# ip -s link

# netstat -putano

# ss -patu

Watch for netlink messages.
# ip monitor all

net-tools and iproute2

debian vlan

Debian VLAN notes

# apt-get install vlan

Load the kernel module 8021q
# modprobe 8021q

Load 8021q in every boot
# echo 8021q >> /etc/modules

Add VLAN 40 to eth0 and configure eth0.40
# vconfig add eth0 40
Added VLAN with VID == 40 to IF -:eth0:-
# ifconfig eth0.40

Show eth0.40 configuration
# ifconfig eth0.4
eth0.40    Link encap:Ethernet  HWaddr 08:00:28:a8:b8:a7  
          inet addr:  Bcast:  Mask:
          inet6 addr: fe80::a00:27ff:fea8:b8a7/64 Scope:Link
          RX packets:0 errors:0 dropped:0 overruns:0 frame:0
          TX packets:48 errors:0 dropped:0 overruns:0 carrier:0
          collisions:0 txqueuelen:0 
          RX bytes:0 (0.0 B)  TX bytes:8642 (8.4 KiB)

# cat /proc/net/vlan/config 
VLAN Dev name  | VLAN ID
eth0.40         | 40 | eth0

#cat /proc/net/vlan/eth0.40
eth0.40  VID: 40   REORDER_HDR: 1  dev->priv_flags: 1
         total frames received         7570
          total bytes received      1553436
      Broadcast/Multicast Rcvd            0

      total frames transmitted         7732
       total bytes transmitted      7692798
Device: eth0
INGRESS priority mappings: 0:0  1:0  2:0  3:0  4:0  5:0  6:0 7:0

Remove VLAN
# vconfig rem eth0.40
Removed VLAN -:eth0.40:-

Permanent Setups
Set VLAN at boot
Stub in /etc/network/interfaces

auto eth0.40
iface eth0.40 inet static

Add VLAN to Bridged Interface
auto br0.3
iface br0.3 inet static
        pre-up vconfig add br0 3
        post-down vconfig rem br0.3

linux vlan