Mikrotik – block access between two networks

We have two local networks on Mikrotik router, for example:
Network1: 192.168.1.0/24 on ether1 interface
Network2: 192.168.2.0/24 on ether2 interface

Let’s prevent access between devices of this two networks.

In Mikrotik terminal go to Firewall Filter:

/ip firewall filter

And create this two rules:

add chain=forward action=drop src-address=192.168.2.0/24 dst-address=192.168.1.0/24
add chain=forward action=drop src-address=192.168.1.0/24 dst-address=192.168.2.0/24

That’s all, now Mikrotik will block all traffic from computers in Network1 to computers in Network2 and from Network2 to Network1.

All other traffic to Internet will be working normally.

If You want to block traffic only from Network2 to Network1 – write only one rule:

add chain=forward action=drop src-address=192.168.2.0/24 dst-address=192.168.1.0/24

Mikrotik firewall DNS attach prevent

If You have white IP on Your mikrotik You can watch high transmit traffic on the WAN interface.

To prevent this – block DNS traffic to 53 port on Your WAN interface (IP > Firewall > Filter):

On graph we can see that after blocking 53 port transmit traffic fell from 25 Mbit/s to 5 Mbit/s:

How To Set Up Apache Virtual Hosts on Ubuntu Linux

You will need to have Apache installed in order to work through these steps. If you haven’t already done so, you can get Apache installed on your server through apt-get:

sudo apt-get update
sudo apt-get install apache2

For example let’s create virtual Apache host test.host. Create host directory:

sudo mkdir -p /var/www/test.host/public_html

Now we have the directory structure for our files, but they are owned by our root user. If we want our regular user to be able to modify files in our web directories, we can change the ownership by doing this:

sudo chown -R $USER:$USER /var/www/test.host/public_html

We should also modify our permissions a little bit to ensure that read access is permitted to the general web directory and all of the files and folders it contains so that pages can be served correctly:

sudo chmod -R 755 /var/www

Virtual host files are the files that specify the actual configuration of our virtual hosts and dictate how the Apache web server will respond to various domain requests.

Apache comes with a default virtual host file called 000-default.conf that we can use as a jumping off point. We are going to copy it over to create a virtual host file for each of our domains.

We will start with one domain, configure it, copy it for our second domain, and then make the few further adjustments needed. The default Ubuntu configuration requires that each virtual host file end in .conf. Start by copying the file for the first domain:

sudo cp /etc/apache2/sites-available/000-default.conf /etc/apache2/sites-available/test.host.conf

Open the new file in your editor with root privileges:

sudo nano /etc/apache2/sites-available/test.host.conf

Change this file look something like this:

<VirtualHost *:80>
    ServerAdmin [email protected]
    ServerName test.host
    ServerAlias www.test.host
    DocumentRoot /var/www/test.host/public_html

    <Directory /var/www/test.host/public_html>
        Require all granted
    </Directory>

    ErrorLog ${APACHE_LOG_DIR}/error.log
    CustomLog ${APACHE_LOG_DIR}/access.log combined
</VirtualHost>

Now that we have created our virtual host files, we must enable them. Apache includes some tools that allow us to do this.

sudo a2ensite test.host.conf

Next, disable the default site defined in 000-default.conf:

sudo a2dissite 000-default.conf

When you are finished, you need to restart Apache to make these changes take effect:

sudo service apache2 restart

Mikrotik create SSTP server

1. Create CA certificate on Mikrotik:

On tab “Key Usage” leave only crl sign and key cert. sign

2. Create server certificate:

On tab “Key Usage” uncheck all options:

3. Open certificate CA and Sign it:

CA CRL Host – host where your certificate will be checked, write there IP address or domain name of Your Mikrotik.

Field CA need to be empty.

4. Now we signed root certificate, let’s sign Server certificate: open Server certificate, click Sign, in field CA select certificate CA.

That’s all we created our certificates, now let’s create SSTP Server on Mikrotik

5. Creating SSTP Server on Mikrotik.

And now create Your user profile: go to PPP > Secrets, click Add (+) and write user name, password, service, IP address like on screenshot:

Configure SSTP client in Windows 10

First go to the System > Certificates and Export CA certificate:

Download certificate from Mikrotik > Files to Your PC and install it:

Now create new VPN connection:

Also You can use this SSTP connection in Linux – How to install SSTP Client in Linux read in this article: Connect to SSTP server from Linux

Connect to SSTP server from Linux

SSTP is Microsofts Remote Access Solution (RAS) for PPP over SSL. It can be used instead of PPTP or L2TP, and is only available with Windows Vista/7 connecting to a Windows 2008 Server. The advantage of SSTP compared to PPTP and L2TP is that it cannot be easily blocked by firewalls since the traffic is transmitted over HTTPS on port 443.

In Ubuntu Linux we can connect to SSTP by using SSTP-Client project on SourceForge.

To install SSTP-Client on Ubuntu add PPA repository:

sudo add-apt-repository ppa:eivnaes/network-manager-sstp

Then update package list and install packages sstp-client, network-manager-sstp by commands:

sudo apt update
sudo apt install sstp-client network-manager-sstp

Package network-manager-sstp is used only on Linux with graphic interface, on console Linux You don’t need to install this package.

To convert .CRT certificate to .PEM certificate use command:

openssl x509 -in mycert.crt -out mycert.pem -outform PEM

Hov to change user agent in Firefox without any plugins

Sometimes we need to visit any website from mobile phone or other device, but we haven’t this devise. Or if we want to hide from website real name of browser and operating system. In this case we can change default User agent record in browser PC.

Lets watch how to change User agent in Firefox browser. Open new tab and write there next code:

about:config

In search line write next code:

general.useragent.override

Then check “New line”, press button + (Create) and write User agent in text field. For example if we want that our Firefox browser looks like Internet Explore 9 – write next code:

Mozilla/5.0 (compatible; MSIE 9.0; Windows NT 6.1; Trident/5.0)

Here is some examples of user agents for popular browsers:

Desktop browsers:

  • Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0
  • Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/110.0.0.0 Safari/537.36
  • Mozilla/5.0 (X11; Linux x86_64; rv:134.0) Gecko/20100101 Firefox/134.0
  • Mozilla Firefox 64 (Win 10 x64): Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:64.0)
  • Mozilla Firefox 36 (Win 8.1 x64): Mozilla/5.0 (Windows NT 6.3; WOW64; rv:36.0) Gecko/20100101 Firefox/36.0
  • Google Chrome 53 (Win 10 x64): Mozilla/5.0 (Windows NT 10.0; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/53.0.2785.116 Safari/537.36
  • Google Chrome 40 (Win 8.1 x64): Mozilla/5.0 (Windows NT 6.3; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/40.0.2214.115 Safari/537.36
  • Opera 40 (Win 10 x64): Mozilla/5.0 (Windows NT 10.0; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/53.0.2785.101 Safari/537.36 OPR/40.0.2308.62
  • Opera 12.17 (Win 8 x64): Opera/9.80 (Windows NT 6.2; WOW64) Presto/2.12.388 Version/12.17
  • Apple Safari 5.1 (Win 8 x64): Mozilla/5.0 (Windows NT 6.2; WOW64) AppleWebKit/534.57.2 (KHTML, like Gecko) Version/5.1.7 Safari/534.57.2
  • Internet Explorer 11 (Win 10 x64): Mozilla/5.0 (Windows NT 10.0; WOW64; Trident/7.0; .NET4.0C; .NET4.0E; rv:11.0) like Gecko
  • Internet Explorer 11 (Win 8.1 x64): Mozilla/5.0 (Windows NT 6.3; WOW64; Trident/7.0; ASU2JS; rv:11.0) like Gecko
  • Microsoft Edge (Win 10 x64): Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/46.0.2486.0 Safari/537.36 Edge/13.10586

Mobile browsers:

  • iPhone:
    Mozilla/5.0 (iPhone; CPU iPhone OS 6_0 like Mac OS X) AppleWebKit/536.26
    (KHTML, like Gecko) Version/6.0 Mobile/10A5376e Safari/8536.25
  • Android
    2.3.5 (Philips W632): Mozilla/5.0 (Linux; U; Android 2.3.5; ru-ru; Philips W632
    Build/GRJ90) AppleWebKit/533.1 (KHTML, like Gecko) Version/4.0 Mobile
    Safari/533.1

Laptops:

iPad: Mozilla/5.0 (iPad; CPU OS 6_0 like Mac OS X) AppleWebKit/536.26 (KHTML, like Gecko) Version/6.0 Mobile/10A5376e Safari/8536.25

Search engines:

  • Яндекс: Mozilla/5.0 (compatible; YandexBot/3.0; +http://yandex.com/bots)
  • Google:
    Mozilla/5.0 (compatible; Googlebot/2.1; +http://www.google.com/bot.html)
  • Bing:
    Mozilla/5.0 (compatible; bingbot/2.0; +http://www.bing.com/bingbot.htm)
  • Yahoo!
    Slurp: Mozilla/5.0 (compatible; Yahoo! Slurp;
    http://help.yahoo.com/help/us/ysearch/slurp)
  • Mail.ru:
    Mozilla/5.0 (compatible; Linux x86_64; Mail.RU_Bot/Fast/2.0;
    +http://go.mail.ru/help/robots)
  • Sputnik:
    Mozilla/5.0 (compatible; SputnikBot/2.3; +http://corp.sputnik.ru/webmaster)

Robots, bots, analyzers:

  • Ahrefs:
    Mozilla/5.0 (compatible; AhrefsBot/5.0; +http://ahrefs.com/robot/)
  • Majestic:
    Mozilla/5.0 (compatible; MJ12bot/v1.4.5; http://www.majestic12.co.uk/bot.php?+)
  • SMTBot:
    Mozilla/5.0 (compatible; SMTBot/1.0; +http://www.similartech.com/smtbot)
  • linkdex:
    Mozilla/5.0 (compatible; linkdexbot/2.2; +http://www.linkdex.com/bots/)
  • Exabot:
    Mozilla/5.0 (compatible; Exabot/3.0; +http://www.exabot.com/go/robot)
  • StatOnline.ru:
    Mozilla/5.0 (compatible; StatOnlineRuBot/1.0)

How to check SSD life in Linux

To check SSD Smart information install program: Smartmontools:

sudo apt-get intall smartmontools

To view information about SSD drive use command:

sudo smartctl -i /dev/sda

To view all Smart information about SSD use command:

sudo smartctl -a /dev/sda

To view only SSD health in percent use command:

sudo smartctl -a /dev/sda | grep Media_Wearout_Indicator

Install Nextcloud on Ubuntu server

To install Nextcloud on Ubuntu or other Linux use command:

sudo snap install nextcloud

After installation snap package check installation status

sudo snap changes nextcloud

To change default http and https ports use commands:

sudo snap set nextcloud ports.http=81
sudo snap set nextcloud ports.https=444

In Nginx proxy server configuration file change proxy_pass default port to 81:

Nextcloud’s automatic hostname detection can fail when behind a proxy; you might notice it redirecting incorrectly. If this happens, override the automatic detection (including the port if necessary), e.g.:

sudo nextcloud.occ config:system:set overwritehost --value="example.com:81"

Nextcloud and Nginx https proxy

If You use Nginx as https frontend and nextcloud as http backend – You neet co change /var/snap/nextcloud/20498/nextcloud/config.php insert the foloving lines:

  'overwrite.cli.url' => 'https://example.host',
  'overwriteprotocol' => 'https',

In Nginx http config file insert 301 redirect to https:

return 301 https://example.host$request_uri;

By default, PHP will use 128M as the memory limit. If you notice images not getting previews generated, or errors about memory exhaustion in your Nextcloud log, you may need to set this to a higher value.

If you’d like to set the memory limit to a higher value (say, 512M), run:

sudo snap set nextcloud php.memory-limit=512M

To set it to be unlimited (not recommended), use -1:

sudo snap set nextcloud php.memory-limit=-1

By default the cronjob interval is 15 minutes. To adjust it (say, 10 minutes) simply run:

sudo snap set nextcloud nextcloud.cron-interval=10m

Rescan all files for all users with occ console command:

sudo -u username php occ files:scan --all