GLBer Notes

GLBer Creates the RouterOS configuration commands and a RouterOS script for the g0 Load BalanER aka GLBer. Then the Mikrotik RouterOS Router with the multiple point-to-point or point-to-multipoint uplinks balances the traffic among all uplinks without using source based policy routing.

You need to copy the configuration commands and the RouterOS script that GLBer produces from a host that has bash to the RouterOS router e.g. from a bash shell in a Terminal to a winbox terminal in the RouterOS.

RouterOS flushes the routing table every 10 minutes and then there is a good chance to reset the masqueraded connections. The RouterOS script created by GLBer runs every 10 minutes and resets the equal cost multipath route raising more the chance for the masqueraded connections to reset in a 10 minutes period.

Install GLBer
# wget https://raw.githubusercontent.com/ipduh/glber/master/glber -O /usr/bin/glber && chmod 755 /usr/bin/glber

Create the RouterOS GLBer Configuration For 3 point-to-point uplinks
$ glber 

GLBer, g0 2014
Quick How-To: http://sl.ipduh.com/glber

Enter gateways: alfa beta gama
Enter interfaces: 

If all the uplink interfaces are point-to-point just enter their names when asked for gateways and just hit enter when glber asks you for interfaces.

Create the RouterOS GLBer configuration for 4 point-to-point uplinks and an uplink available in the LAN through the router's eth5 interface.
$ glber 

GLBer, g0 2014
Quick How-To: http://sl.ipduh.com/glber

Enter gateways: alfa beta gama delta
Enter interfaces: eth5 alfa beta gama delta

GLBer logs all runs in ~/glber/UTC-UNIX-EPOCH.log

To Clean a RouterOS from the GLBer configuration find the UTC-UNIX-EPOCH in the RouterOS created by GLBer e.g. for the epoch 1420624338 you would run
$ glber file ~/glber/1420624338.log
and run the GLBer RouterOS commands under
###RouterOS commands to remove the GLBer configuration###
in the RouterOS terminal.

old glber



Virtualbox or VMware vmdk to KVM qcow2

Migrate Virtualbox or VMware guest (on vmdk) to KVM

See disk image information.
# qemu-img info lwa-flat.vmdk 
image: lwa-flat.vmdk
file format: raw
virtual size: 50G (53687091200 bytes)
disk size: 50G

Convert the vmdk image to a qcow2 image.
# qemu-img convert -O qcow2 lwa-flat.vmdk lwa-flat.qcow2

Create a guest definition and start guest.
# virt-install --connect qemu:///system --import -n lwa \
--vcpus=1 --ram=2048 \
--disk path=/home/vm/fromvbox/lwa-flat.qcow2,device=disk,format=qcow2 \
--vnc --noautoconsole --os-type linux --description lwa \
--network=bridge:b0 --hvm

Migrate VMware or Virtualbox vmdk to KVM qcow2


ipduh v3

Finally! done "upgrading" ipduh to v3 ...

Some of the most noticeable changes-improvements are:

ipduh v3


dovecot imap over ssl in debian notes

IMAP over SSL with dovecot in debian

Install the Dovecot IMAP deamon
# apt-get install dovecot-imapd

For a quick (& perhaps sloppy) debian setup just append the following to /etc/dovecot/dovecot.conf
listen =
syslog_facility = mail
mail_location = maildir:~/Maildir
ssl = yes
ssl_cert = </etc/ssl/certs/imap.signed.crt
ssl_key = </etc/ssl/private/imap.private.pem
ssl_verify_client_cert = no
protocol imap {
  imap_client_workarounds = tb-extra-mailbox-sep
auth_mechanisms = plain login

The IMAP daemon listens at
and Maildir mailboxes are used by the Mail system.
The imap_client_workarounds definition is used to work around Thunderbird peculiarities and the auth_mechanisms definition to add login --work around Outlook pecularities.

For a cleaner configuration file you may do the following.
# cd /etc/dovecot
# stor dovecot.conf
# doveconf -n > dovecot.conf

Restart the imap daemon
# /etc/init.d/dovecot restart

However, it seems like it speaks up to SSLv3 and not TLS at all.

dovecot SSL IMAP

Trust the ipduh CA certificate in debian

Trust the ipduh CA certificate in debian.
# wget https://raw.githubusercontent.com/ipduh/ipduhca/master/ipduhca.crt -O /usr/local/share/ca-certificates/ipduhca.crt
# update-ca-certificates

Trust the ipduh CA


clone a KVM guest

"Clone" a KVM debian guest notes.

Shutdown or Suspend the host.

Create a clone of the host democritos.
# virt-clone -o democritos -n thales -f /home/vm/thales.qcow2 -d
Clone 'thales' created successfully.
The clone disk is at /home/vm/thales.qcow2

This is good enough if we just need a clone with a different MAC Address and a different UUID. However, if we need a host that can work simultaneously with the original host we (most likely) need a bit more variation.

Log in to the clone or mount it's image to change hostname, IP address(es), etc.

Change Hostname.
# cd /etc
# grep -ril `hostname -f` |tee hostname.file.list
# perl -i.0 -p -e 's/demokritos/thales/g;' `cat hostname.file.list`

Change IP address.
# grep -ril '' /etc |tee ip.file.list
# perl -i.old_ip -p -e 's/;' `cat ip.file.list`

Reboot Clone
# shutdown -r now

Log in to thales ( the cloned system )

Create a new RSA ssh key
# ssh-keygen -f /etc/ssh/ssh_host_rsa_key -N '' -t rsa
Generating public/private rsa key pair.
/etc/ssh/ssh_host_rsa_key already exists.
Overwrite (y/n)? y
Your identification has been saved in /etc/ssh/ssh_host_rsa_key.
Your public key has been saved in /etc/ssh/ssh_host_rsa_key.pub.
The key fingerprint is:
a6:fc:76:OF:F1:33:7C:04:77:07:ce:5a:cf:23:48:3a root@thales
The key's randomart image is:
+--[ RSA 2048]----+
|                 |
|                 |
|             .   |
|            . .  |
|        S  . ----|
|     . o   .=  o.|
|      +   o..o..=|
|       ..E....o++|
|       ....  o=++|

Overwrite the DSA SSH key with a new one.
# ssh-keygen -f /etc/ssh/ssh_host_dsa_key -N '' -t dsa

Overwrite the ECDSA SSH key with a new with the largest (practical) key-size (allowed).
# ssh-keygen -f /etc/ssh/ssh_host_ecdsa_key -N '' -t ecdsa -b 521

In a debian based system you may use dpkg to replace the SSH keys
# dpkg-reconfigure openssh-server

clone a KVM guest


move kvm guest notes

Move (not live migration) a KVM VM from a host B to a host C.

Assuming that the guest VM is bridged and that both KVM hosts are in the same ethernet segment.

Shutdown guest VM.

Copy guest VM image from host B to host C.
b# scp /vm/vm2.qcow2 root@c:/vm

Dump XML definition and copy it to the destination host.
b# virsh dumpxml vm2 > vm2.xml
b# scp vm2.xml root@c:/etc/libvirt/qemu

On host C (the destination host) define the quest xml definition.
c# virsh define /etc/libvirt/qemu/vm2.xml
Domain vm2 defined from /etc/libvirt/qemu/vm2.xml

Start VM guest on the destination system.
c# virsh start vm2
Domain vm2 started

Disable autostart for the VM guest in B (the original host).
b# virsh autostart vm2 --disable
Domain vm2 unmarked as autostarted

Enable autostart for the moved VM guest in C (the destination host).
c# virsh autostart vm2
Domain vm2 marked as autostarted

Move KVM guest to another Host


install debian-packaged awstats

Notes on installing and using debian-packaged AWStats to analyze Apache logs.

Install debian packaged awstats ( now v7.0 )
# apt-get install awstats

I would use the following setup in apache2 installations with site(s) or virtual host(s) that belong to the same person-organization and I would NOT use it in a shared hosting environment.

Get the apache configuration file.
# wget https://raw.githubusercontent.com/ipduh/apache2_awstats_conf/master/awstats.conf -O /etc/apache2/conf.d/awstats.conf

Restart Apache.
# /etc/init.d/apache2 restart

Enable ipduh_intel awstats plugin and disable PTR lookups.
# wget https://raw.githubusercontent.com/ipduh/apache2_awstats_conf/master/awstats.conf.local -O /etc/awstats/awstats.conf.local
IP numbers relay much more information than PTR names and PTR names can be (and commonly are) abused-manipulated.

Install the ipduh_intel awstats plugin.
# wget https://raw.githubusercontent.com/ipduh/awstats_plugins/master/ipduh_intel.pm -O /usr/share/awstats/plugins/ipduh_intel.pm

Create the apache password file and add the user 'user' with password 'userpass'
# htpasswd -cb /etc/awstats/A2Passwords user userpass
Add the user 'user2' with password 'user2pass' to the apache passwords file
# htpasswd -b /etc/awstats/A2Passwords user2 user2pass

Create an awstats configuration file for each (virtual) host in /etc/awstats. The configuration files should have the form awstats.host.conf e.g. for a host named example.com the configuration file would be awstats.example.com.conf and it could look like the following.
Include "/etc/awstats/awstats.conf"

Analyze for first time the access logs of one host.
# cat /logs/sites/example.com/access/* >> /logs/sites/example.com/access_all
# /usr/lib/cgi-bin/awstats.pl --configdir=/etc/awstats/ -config=example.com

View the awstats analysis with a web browser at http://example.com/awstats/awstats.pl?config=example.com

Get rid of debian package cronjob
# rm /etc/cron.d/awstats

Install debian packaged awstats