20140802

raspbian watchdog



Install the watchdog daemon on raspberry pi raspbian

update `firmware`
$ sudo -s
# rpi-update


install the watchdog deamon
# apt-get install watchdog


load the watchdog module
# modprobe bcm2708_wdog
# echo "bcm2708_wdog" >> /etc/modules  


set /etc/watchdog.conf ...
this is what I ended up enabling
# cat /etc/watchdog.conf |egrep -v "^#.*"

max-load-1  = 24
max-load-5  = 18
max-load-15  = 12



watchdog-device = /dev/watchdog



realtime  = yes
priority  = 1

I just need to watch for system hangs ... the ping and the user commands seem nice though.

# shutdown -r now


raspberry pi software watchdog

keep raspberry pi images small



remove the GUI if you don 't need it

delete downloaded .deb packages
# df -h
Filesystem      Size  Used Avail Use% Mounted on
rootfs          3.6G  1.2G  2.3G  34% /
...

# ls /var/cache/apt/archives/
autoconf_2.69-1_all.deb      libldap2-dev_2.4.31-1+nmu2_armhf.deb     lockfile-progs_0.1.17_armhf.deb
automake_1%3a1.11.6-1_all.deb     liblockfile1_1.09-5_armhf.deb      m4_1.4.16-3_armhf.deb
autotools-dev_20120608.1_all.deb    liblockfile-bin_1.09-5_armhf.deb

...



# apt-get clean
# ls /var/cache/apt/archives/ 
lock  partial



# df -h
Filesystem      Size  Used Avail Use% Mounted on
rootfs          3.6G  1.1G  2.4G  32% /
...




keep raspberry pi images small

20140619

drut default route manager

Drut --Default RoUTe manager-- is a simple script that manages default routes.



I use Drut in systems that need Internet connectivity in LANs with multiple Routers routing through different uplinks. Drut is not a replacement for VRRP and VRRP is not a replacement for Drut, the same goes for tables ... blah ... blah ... it is easier to read what it does ...



#!/bin/bash 
#g0 2014 , http://ipduh.com/contact
#drut.sh , Default RoUTe manager

#Default Gateways
MYGWS=("10.21.241.120" "10.21.241.121" "10.21.241.122" "10.21.241.123")
#IP addresses to ping
PONG=("8.8.8.8" "8.8.4.4")

PING_COUNT=3
FAIL=0
ALTGW=0
SET_GW=`route -n |grep "^0.0.0" |awk '{print $2}'`

for PIP in ${!PONG[*]};do
 if ! ping -c ${PING_COUNT} ${PONG[$PIP]} 1>/dev/null 2>/dev/null; then
  FAIL=`expr ${FAIL} + 1`
 fi
done

if [ ${FAIL} -eq 0 ]; then
 exit 0
else
 for GW in ${!MYGWS[*]}; do
  if [ " ${MYGWS[$GW]}" != "${SET_GW}" ]; then
   FAIL=0
   route add default gw ${MYGWS[$GW]}
   route del -net 0/0 gw ${SET_GW}
   
    for PIP in ${!PONG[*]};do
           if ! ping -c ${PING_COUNT} ${PONG[$PIP]} 1>/dev/null 2>/dev/null; then
                   FAIL=`expr ${FAIL} + 1`
           fi
    done

    [ ${FAIL} -eq 0 ] && exit 0
  fi
 done
 
 exit 3
fi









Drut --Default RoUTe manager

20140618

raspberry pi set keyboard to a US keyboard and get rid off the british keyboard and the # madness



Install locales and set default locale with
$ sudo -s
# raspi-config


To set the keyboard layout to "us" in /etc/default/keyboard
$ cat /etc/default/keyboard 
# KEYBOARD CONFIGURATION FILE

# Consult the keyboard(5) manual page.

XKBMODEL="pc105"
XKBLAYOUT="gb"
XKBVARIANT=""
XKBOPTIONS=""

BACKSPACE="guess"



do it ... save a copy of the original keybord in keyboard.0 and reboot the system
# cd /etc/default/
# perl -i.0 -p -e 's/gb/us/g;' ./keyboard
# shutdown -r now




Raspberry Pi set keyboard layout to US

20140605

raspberrypi get rid off GUI



Notes on getting rid of the desktop environment on raspbian --the arm debian optimized for raspberry pi put together by the raspberry pi foundation.



Set boot on CLI
$ sudo -s
# raspi-config
Choose 3)
3 Enable Boot to Desktop/Scratch Choose whether to boot into a desktop environment, Scratch, or the command-line


Check file system usage
# df
Filesystem     1K-blocks    Used Available Use% Mounted on
rootfs           3731208 2085704   1448600  60% /
/dev/root        3731208 2085704   1448600  60% /
devtmpfs          215824       0    215824   0% /dev
tmpfs              44820     200     44620   1% /run
tmpfs               5120       0      5120   0% /run/lock
tmpfs              89620       0     89620   0% /run/shm
/dev/mmcblk0p1     57288   19064     38224  34% /boot


Purge everyging that depends on-requires X --the following packgages
ii  libx11-6:armhf                        2:1.5.0-1+deb7u1+wheezy                armhf        X11 client-side library
ii  libx11-data                           2:1.5.0-1+deb7u1+wheezy                all          X11 client-side library
ii  libx11-xcb1:armhf                     2:1.5.0-1+deb7u1+wheezy                armhf        Xlib/XCB interface library


with
# apt-get remove --auto-remove --purge libx11*


Check filesystem usage again
# df 
Filesystem     1K-blocks    Used Available Use% Mounted on
rootfs           3731208 1011460   2522844  29% /
/dev/root        3731208 1011460   2522844  29% /
devtmpfs          215824       0    215824   0% /dev
tmpfs              44820     200     44620   1% /run
tmpfs               5120       0      5120   0% /run/lock
tmpfs              89620       0     89620   0% /run/shm
/dev/mmcblk0p1     57288   19064     38224  34% /boot



# df -h
Filesystem      Size  Used Avail Use% Mounted on
rootfs          3.6G  988M  2.5G  29% /
/dev/root       3.6G  988M  2.5G  29% /
devtmpfs        211M     0  211M   0% /dev
tmpfs            44M  200K   44M   1% /run
tmpfs           5.0M     0  5.0M   0% /run/lock
tmpfs            88M     0   88M   0% /run/shm
/dev/mmcblk0p1   56M   19M   38M  34% /boot


that 's over one GiB in savings , 1/4 of the SD in this pi!



remove the desktop environment from raspberry pi raspbian

20140601

RouterOS gheto Load Balancer

GLBer is a program that creates the configuration for a Mikrotik RouterOS Load Balancer.

The confiuration is suitable for a router with many uplinks that serves many end users
eg: a workplace with many adsl lines

glber.sh takes as input the names of the point-to-point named interfaces and creates the RouterOS configuration commands and a RouterOS script that runs every 10 minutes.

glber.sh
#!/bin/bash
#Creates the configuration commands and a RouterOS script used to put together a Ghetto Load BalanER --GLBer
#GLBer balances traffic among n named interfaces 
#GLBer NATs and masquerades 
#GLBer watches if the interfaces have Internet Access every 10 minutes and adjusts
#g0 2014 , there is a post about GLBer at http://alog.ipduh.com

GATEWAYS="${1}"
ECMP=""
MIKAR=""
GW_COUNT=0

for GW in ${GATEWAYS}; do
 ((GW_COUNT+=1))
done

echo "glber.sh:hola , I will create the configuration for ${GW_COUNT} named interfaces" 

POS=0
for GW in ${GATEWAYS}; do
 ((POS+=1))

 if [ ${POS} -eq ${GW_COUNT} ] 
 then
  ECMP+="${GW}"
  MIKAR+="\"${GW}\""
 else
  ECMP+="${GW},"
  MIKAR+="\"${GW}\";"
 fi 
done

echo ""
echo "###commands###"
echo ""

echo "/ip route"
echo "add dst-address=0.0.0.0/0 gateway=$ECMP check-gateway=ping comment=lbercur ;"

echo "/ip firewall nat"
for GW in ${GATEWAYS}; do
 echo "add chain=srcnat out-interface=${GW} action=masquerade comment=GLBer_${GW}_nat ;"
done

echo "/ip firewall mangle"
for GW in ${GATEWAYS}; do
 echo "add chain=input in-interface=${GW} action=mark-connection new-connection-mark=${GW}_c comment=GLBer_mangle ;"
 echo "add chain=output connection-mark=${GW}_c action=mark-routing new-routing-mark=to_${GW} comment=GLBer_mangle ;"
done

echo "/ip route"
for GW in ${GATEWAYS}; do
 echo "add dst-address=0.0.0.0/0 gateway=${GW} routing-mark=to_${GW} comment=GLBER ;"
done 

echo ""
echo "###script###"
echo "###add the following script to the router 'script-repository' and name it glber###"
echo ""

read -r -d '' SCR <<- 'SCRIPTT'
:local goodgates " "
:local gcount 0
:local coma ""
:local lbercur "lbercur"
:local lbertmp "lbertmp"
:local pong "8.8.8.8"

:foreach g in=$gateways do={
:if ( $gcount > 0 ) do={ :set coma (",") }
:if ([/ping $pong interface="$g" count=3] = 0) do={  }  else={ 
:set $goodgates ( "$goodgates" . "$coma" . "$g" ) ;
:set gcount ($gcount+1) 
}
};

/ip route set [find comment=$lbercur] distance=2  
/ip route add dst-address=0.0.0.0/0 gateway=$goodgates check-gateway=ping comment="$lbertmp"
/ip route remove [find comment=$lbercur] 
/ip route add dst-address=0.0.0.0/0 gateway=$goodgates check-gateway=ping comment="$lbercur"
/ip route remove [find comment=$lbertmp] 

}
SCRIPTT
echo "{ "
echo "#GLBer -- g0 2014 -- alog.ipduh.com"
echo ":local gateways { ${MIKAR} };"
echo "${SCR}"
echo ""
echo "###schedule script###"
echo "/system scheduler add name=glber policy=read,write,test interval=10m ;"




I think that the easiest way to use glber.sh is to ssh to the RouterOS system from a system that runs bash. Or ssh to a system that has bash and the RouterOS system from the same machine ... whatever .... The good thing is that RouterOS understands the line endings used in all the popular operating systems.

Example Usage

Assume we want to create an uplink balancer for the interfaces alpha, beta , gama , delta ,epsilon

These interfaces may be VPNs, PPoE Tunnels, etc
$ wget kod.ipduh.com/lib/glber.sh
$ chmod 755 glber.sh
$ ./glber.sh "alpha beta gama delta epsilon"


You need to ssh or winbox to the mikrotik RouterOS system and copy the configuration that the glber.sh outputs.

The configuration for the alpha beta gama delta epsilon balancing
 ./glber.sh "alpha beta gama delta epsilon"
glber.sh:hola , I will create the configuration for 5 named interfaces

###commands###

/ip route
add dst-address=0.0.0.0/0 gateway=alpha,beta,gama,delta,epsilon check-gateway=ping comment=lbercur ;
/ip firewall nat
add chain=srcnat out-interface=alpha action=masquerade comment=GLBer_alpha_nat ;
add chain=srcnat out-interface=beta action=masquerade comment=GLBer_beta_nat ;
add chain=srcnat out-interface=gama action=masquerade comment=GLBer_gama_nat ;
add chain=srcnat out-interface=delta action=masquerade comment=GLBer_delta_nat ;
add chain=srcnat out-interface=epsilon action=masquerade comment=GLBer_epsilon_nat ;
/ip firewall mangle
add chain=input in-interface=alpha action=mark-connection new-connection-mark=alpha_c comment=GLBer_mangle ;
add chain=output connection-mark=alpha_c action=mark-routing new-routing-mark=to_alpha comment=GLBer_mangle ;
add chain=input in-interface=beta action=mark-connection new-connection-mark=beta_c comment=GLBer_mangle ;
add chain=output connection-mark=beta_c action=mark-routing new-routing-mark=to_beta comment=GLBer_mangle ;
add chain=input in-interface=gama action=mark-connection new-connection-mark=gama_c comment=GLBer_mangle ;
add chain=output connection-mark=gama_c action=mark-routing new-routing-mark=to_gama comment=GLBer_mangle ;
add chain=input in-interface=delta action=mark-connection new-connection-mark=delta_c comment=GLBer_mangle ;
add chain=output connection-mark=delta_c action=mark-routing new-routing-mark=to_delta comment=GLBer_mangle ;
add chain=input in-interface=epsilon action=mark-connection new-connection-mark=epsilon_c comment=GLBer_mangle ;
add chain=output connection-mark=epsilon_c action=mark-routing new-routing-mark=to_epsilon comment=GLBer_mangle ;
/ip route
add dst-address=0.0.0.0/0 gateway=alpha routing-mark=to_alpha comment=GLBER ;
add dst-address=0.0.0.0/0 gateway=beta routing-mark=to_beta comment=GLBER ;
add dst-address=0.0.0.0/0 gateway=gama routing-mark=to_gama comment=GLBER ;
add dst-address=0.0.0.0/0 gateway=delta routing-mark=to_delta comment=GLBER ;
add dst-address=0.0.0.0/0 gateway=epsilon routing-mark=to_epsilon comment=GLBER ;

###script###
###add the following script to the router 'script-repository' and name it glber###

{ 
#GLBer -- g0 2014 -- alog.ipduh.com
:local gateways { "alpha";"beta";"gama";"delta";"epsilon" };
:local goodgates " "
:local gcount 0
:local coma ""
:local lbercur "lbercur"
:local lbertmp "lbertmp"
:local pong "8.8.8.8"

:foreach g in=$gateways do={
:if ( $gcount > 0 ) do={ :set coma (",") }
:if ([/ping $pong interface="$g" count=3] = 0) do={  }  else={ 
:set $goodgates ( "$goodgates" . "$coma" . "$g" ) ;
:set gcount ($gcount+1) 
}
};

/ip route set [find comment=$lbercur] distance=2  
/ip route add dst-address=0.0.0.0/0 gateway=$goodgates check-gateway=ping comment="$lbertmp"
/ip route remove [find comment=$lbercur] 
/ip route add dst-address=0.0.0.0/0 gateway=$goodgates check-gateway=ping comment="$lbercur"
/ip route remove [find comment=$lbertmp] 

}

###schedule script###
/system scheduler add name=glber policy=read,write,test interval=10m ;





In RouterOS the routing table is flushed every 10 minutes and then there is a good chance ( depending on the number of the uplinks ) to reset the masqueraded connections.

The RouterOS glber script runs every 10 minutes and resets the equal cost multipath route therefore I think that it raises the chance for the masqueraded connections to reset in a 10 minutes period.

In a 5 uplinks setup the chance for a connection to not reset should fall to 4% ( I did not have the patience to verify it yet ). Adding three lines of code to glber should raise the probability that a connection does not reset every 10 minutes up to 1/uplinks. I did not need it in my setup. I wanted outgoing connections to reset often. The thing needed a session was in the internal network and resetting facebook connections was considered a feature.

It is possible ( though not-tested enough) to balance differently per uplink.
eg: 25% of connections from alpha , 25% of connections from beta and 50% of connections from gama would be
$ ./glber.sh "alpha beta gama gama"
and 75% of the connections from alpha and 25% of the connections from beta would be
$ ./glber.sh "alpha alpha alpha beta"




Mikrotik RouterOS Uplink Balancer



20140531

Torrent Search

I added a few more russian friends to the torrent search.

There is a torrent search mozilla plugin that submits requests over HTTP and the Torrent SLL plugin. You may have to trust the ipduh CA to make the Torrent SSL plugin work.

Apparently, the google checks do not find all the `bad` dudes since I still find funny executables and scripts served instead of torrents from some of the web interfaces to the torrent trackers while not listed as `bad` by the google safe browsing.

I am not sure if it is due to rogue tracker operators, compromised trackers, or Man In The Middle attacks to the trackers ' users from third parties. So just be a little careful when using the torrent search.



Torrent Search



20140529

spectrum ~ 5 GHz - 6 GHz - Byron Athens



The Spectrum from 4,91 GHz - 6,1 GHz in Byron, Athens ~280m altitude.

280m is pretty high for Athens.
Athens is at sea level and most buildings are around 4 floors tall.


I used a 10 dBi omni antenna with 10 degree Vertical and 360 degree Horizontal Beamwidths and best for 5400 - 5850 MHz according the the manufacturer.

The antenna Radiation E and H Planes





Spectrum Usage around 5GHz - 6GHz

It was made with a RouterOS powered machine using the command
/interface wireless spectral-history 5GHz-AP-KAREAS range=4910-6110
where 5GHz-AP-KAREAS is the name of the wireless interface connected to the omni antenna.
The wireless interface is the one coming with the 912 mikrotik boards.



A few pictures from the location --the ipduh AWMN node

You can see Acropolis in this picture




Spectrum Usage 5GHz Athens Byron

20140528

winbox on 64b linux debian


"Install" winbox to a 64 bit debian linux using wine.

It should work just fine ( even though I did not try ) in 64b Ubuntu Systems if you replace 'su' with 'sudo -s' in the commands below.

Winbox is a GUI administration Tool for RouterOS routers made by Mikrotik

Wine is a piece of software that enables Windows executables to run on a Linux GNU system.

Install wine and download winbox
$ su
# dpkg --add-architecture i386
# apt-get install wine-bin:i386
# cd /usr/local/bin/
# wget http://download2.mikrotik.com/winbox.exe




Add wined winbox on the Gnome Menus using alacarte --a Gnome menus editor
# apt-get install alacarte
# exit
exit
$ alacarte
add a new item
of Type Application
with a command like the following:
wine /usr/local/bin/winbox.exe
Close --save



winbox 64b debian linux