Networking-Blog

My WordPress Blog

ZYXEL – Shell Script to schedule a restart …

Shell Script to schedule a restart for your zyxel router?

Follow these steps:

  • 1. Create an executable file containing this one-line command

    (sleep 8; echo mypassword; sleep 8; echo "sys reboot";
    sleep 3; echo "exit") | telnet router_ip
  • 2. get your fiel scritpt executable

    chmod 777 /home/augusto/scripts/reset_my_router.sh
  • 3. Set your crontab as per your schedule needs:

    augusto@george:~$ crontab -e

    paste this command

    0,10,20,30,40,50 * * * * /home/augusto/scripts/reset_my_router.sh

    in the example above, we will have the reset_my_router.sh script called every 10 minutes
  • 4. Wait and see

ZYXEL DISABLE NAT

Disabling NAT on the router via WAN connection will lock you out of the router.
Thus causing a hard reboot of the router is needed in order to gain access.

It is possible to disable NAT via telnet to router and copy ‘n’ pasting in below
command in one go : via WAN 

wan node index 1
wan node nat none
wan node save
sys save all
y

!
wan node nat option’s :

none = disables NAT.
sua = Share 1 NAT ip.
full = Assign multiple public ip addresses.

Zyxel Ipsec Vpn Conf File

Copyright (c) 1994 – 2007 ZyXEL Communications Corp.
P-661H-D1> sys view autoexec.net
wan atm vc webRedirDis 1
sys errctl 0
sys trcl level 5
sys trcl type 1180
sys trcp cr 64 96
sys trcl sw off
sys trcp sw off
ip tcp mss 512
ip tcp limit 2
ip tcp irtt 65000
ip tcp window 2
ip tcp ceiling 6000
ip rip activate
ip rip merge on
ipsec swSkipOverlapIp on
ipsec timer chk_conn 0

ppp ipcp compress off
sys wdog sw on
ip icmp discovery enif0 off
bridge mode 1
sys quick enable
ether driver qroute 2
wan adsl rateadap on
wan adsl targetnoise 0x06
wan adsl driver dnmaxbits 10

Netgear Dsl Snr Adjust

Details of how to over-ride the Target SNR on the DSLAM using the DG834GT


The Netgear DG834GT and DG834 v4 have a busybox shell which can be accessed using telnet.
It also allows the user to set their own Target SNR in order to try improve stability issues that
may be caused through loss of sync.

~ Enable debug via the web interface

http://192.168.0.1/setup.cgi?todo=debug

~ Then telnet the router

192.168.0.1

~ when logged in type the following command

adslctl configure –snr N

where N is the figure that you wish to change your target SNR by – (see table below)


Clarification of ‘N’

N should be between 1 and 200 with the default value being 100.
Values > 100 increase the target noise margin
Values < 100 reduce the target noise margin, and a value of 1 reduces it by about 5.5 dB.

To reduce it further you would need to use negative values of N, but the command rejects
negative values. This is where the hack comes in: internally, the value of N is stored as a
16-bit signed integer (supports values between -32768 and +32767) and we can trick the
command into accepting negative values by using high positive values.

Values between about 65400 and 65535 would be possible; this is equivalent to a range
between -136 and -1.

Examples

If your target SNR is 9dB and you wish to reduce this by 3dB to 6dB, then try 50

adslctl configure –snr 50

Your target SNR is 15dB and you wish to reduce it to approx 5.6dB, then try 65480

adslctl configure –snr 65480

All lines vary slightly, but as a rough indication the following figures may be used as a guide.

N Change in target noise margin (dB)

200 + 6dB

150 + 3dB

100 + 0dB

50 – 3dB

25 – 4.5db

1 – 5.5dB

65500 – 9 dB

65450 – 12 dB

Notes

This setting is not saved after a reboot. (Unless you are using DGTeam Firmware).
Default Target SNR on the BTw DSLAM is 6dB and go in 3dB increments, up to 15dB.

The main startup script of the router is located in target/usr/etc/rcS. You can add tweaks here

Current Config in Place :

/usr/sbin/atmctl stop
/usr/sbin/adslctl start --mod dlp2te
/usr/sbin/adslctl connection --up
/usr/sbin/atmctl start --pqs 125
/usr/sbin/adslctl start --mod dlp2tem --bitswap on --sra on --lpair i
This tweak resets to the default snr :
/usr/sbin/adslctl start --mod dlp2tem --bitswap on --sra on --lpair i

This tweak adjusts the snr by 6db & save file.

echo adslctl configure --snr 200 >> /usr/etc/rcS

Dsl operating-mode change :
adslctl configure --mod {option}

with the option being a, d, l, t, 2, p or e.

* d sets the modem mode to G.DMT - adsl1 
* l sets the modem mode to G.lite - adsl1 
* t sets the modem mode to T1.413 - adsl1 
* 2 sets the modem mode to ADSL2 
* p sets the modem mode to ADSL2+
'd' is ADSL
'2' is ADSL2
'p' is ADSL2+

adslctl info --show
adslctl info --state
adslctl info --stats
adslctl configure --bitswap on
adslctl configure --snr 65450


Display RAM Information
cat /proc/meminfo
free
Display CPU Information
cat /proc/version
Display Linux versions
cat /proc/cpuinfo

Zyxel Ipsec VPN Tweaks

Zyxel Ipsec VPN Tweaks

  • chk_conn a.k.a. output idle timer. Checks for replies after sending something to the
    remote routers. If no reply is received after the specified time, the router will verify the
    suspected tunnel and, if found dead, will drop it. Number of seconds between 120 and 3600.
    Can not disable. Default is 3600
    .
  • chk_input a.k.a. input idle timer. If no inbound traffic is received for the specified time,
    the tunnel is deemed suspected. The router will verify the vitals and, if found truly dead, drop
    the tunnel. Number of seconds between 30 and 3600. Enter 0 to disa
    ble.
  • nailed-up will renegotiate the tunnel when SA is expired and/or when above timers knock the
    tunnel down
    .
    !
    !
    Commands entered as below :

    >ipsec timer chk_conn 30
    >ipsec timer chk_input 5
    >ipsec timer nailed-up

Add commands to sys file :

 

sys edit autoexec.net
!
ipsec config keepAlive active
ipsec config keepAlive ike
ipsec updatePeerIp
!
!
ipsec timer chk_my_ip 10
ipsec timer chk_conn 30
ipsec timer update_peer 15
ipsec timer chk_input 5

ASA – Group Object

Create a Object-Group icmp-type ICMP traffic :

object-group icmp-type INBOUND
description Permit necessary inbound ICMP traffic
icmp-object echo
icmp-object echo-reply
icmp-object unreachable
icmp-object time-exceeded

Create a Object-Group service for TCP traffic :

object-group service INBOUND tcp
description Inbound Access
port-object eq 3389
port-object range 9998 9999

ADSL2 v ADSL2+

There’s a common misconception that ADSL2+ is faster than ADSL2 on any line.
That’s not really the case. In simple terms,

ADSL2+ utilises twice the frequency range available on your phone line that ADSL2 does.
This again, in simple terms means twice as fast BUT that is only seen on short low attenuation lines.

If your line is only capable of supporting 7meg on ADSL2 then it’s only capable of supporting 7meg on ADSL2+
as it can only usually allow the use of the same frequencies for both (see below).

However, if you’re lucky enough to have a line that can support higher frequencies then you get up to :
 
12meg
on ADSL2 (the maximum possible)
but up to
24meg on ADSL2+.

The cross over between ADSL2 and ADSL2+ is therefore in the 10-12 meg range (typically 35-40db if the line is relatively noise free).

It can give faster speeds but usually only on short lines as explained above.
The only time that wouldn’t be true is for a moderately short line
(that offered some higher frequencies above those usable by ADSL2)
that had induced noise at the lower frequencies and was clean at higher frequencies,
in which case ADSL2+ would possibly be better as it could use those higher frequencies.

There is also the possibility that a network uses equipment whose firmware works better in
certain conditions with specific ADSL modes hence why it is mentioned G.DMT sometimes being
better for problem lines.

Cisco: 1841 – 3G Configuration

This configuration example is for use with a 3G WIC card within a Cisco based
Router.

This was configured with a Vodafone Network.

Initialization

Place the SIM card into it, then insert the card in the router and power it on.

Create a Profile specific to your mobile ISP

  • Insert the APN told by your ISP (Vodafone UK: ‘Internet’ username: ‘web’ password: ‘web’)
  • Insert the authentication method (chap or pap) and the credentials, also supplied from your ISP

Below is an example of a Vodafone UK Cellar Profilule.
Router# cellular 0/0/0 gsm profile create 1 Internet chap web web

From the profile you’ve just created, you can review it using command

router# sh cellular 0 profile

Profile Information
====================
Profile 1 = ACTIVE
--------
PDP Type = IPv4
PDP address = 192.168.1.1
Access Point Name (APN) = Internet
Authentication = PAP
Username: web, Password: web 

* - Default profile

Configuration

You need to define a chat script first, which is used for modem setup and call
initialization. If you are familiar with IOS dial configurations, you feel at home.
Please note that the last number in the dial string (1 in the example below) refers
to the modem profile number you hopefully have defined earlier.

! your chat script
chat-script vodafone “” “ATDT*98*1#” TIMEOUT 60 CONNECT

! the bare interface config
! subcommands at the Cellular interface

interface Cellular0/0/0
ip address negotiated
ip virtual-reassembly
encapsulation ppp
dialer in-band
dialer idle-timeout 0
dialer string vodafone
dialer-group 1
async mode interactive
ppp chap hostname web
ppp chap password 0 web
ppp ipcp dns request

!

ip route 0.0.0.0 0.0.0.0 Cellular0
dialer-list 1 protocol ip permit

! this is the async line assigned to the 3G modem
you need to specify your chat script here

line 0/0/0
script dialer vodaphone
no exec
rxspeed 3600000
txspeed 384000

If cellular int does not get an ip address, might need to go into
config t and add this line
even thou we see it above :

line 0/0/0
script dialer vodaphone

!
!

show command:

Just in case you need it for troubleshooting, here are the show commands to use.

  • show cellular 0 network
  • show cellular 0 hardware
  • show cellular 0 connection
  • show cellular 0 radio
  • show cellular 0 profile
  • show cellular 0 security
  • show cellular 0 all Debug commands :
  • debug chat Rather than reloading the router to restart the module, you can
    actually using CLI to reset or reboot the module
    :

    debug chat

    router(config)# service internal
    router(config)# exit
    router# test cellular 0 modem-power-cycle ! for rebooting
    router# test cellular 0 modem-reset ! for resetting

    debug commands :

    debug chat
    debug modem
    debug dialer events
    debug ppp authentication

  • Remember to create the Cellular Profile, after tftp config to router :
    cellular 0/0/0 gsm profile create 1 Internet chap web web
  • This is the bare configuration, you will need to add NAT, firewalls etc etc.

Linux Video Driver Version Command

Video Driver Version Command

dmesg | grep NVIDIA
sudo lspci -vvnn | grep 10de

 

What I did from the command line is to find the packages for nvidia

(dpkg -l | grep nvidia)
and then
apt-get remove nvidia-173 

(or whatever package you get from the previous command).

The problem is that you will still have the nvidia modues listed in xorg.conf.
So, I also  mv /etc/X11/xorg.conf /etc/X11/xorg.conf_backup
and rebooted.

I landed in a graphical mode as usual, without the nvidia GL stuff,
but then there are graphical tools to set it up.

At this state, it’s safe to delete the xorg.conf backup you just created.

####################
Whenever I try to start my computer from kernel version 3 (it boots fine with 2.6) Kubuntu stops booting

altogether.

11.10 stops booting at “Checking battery state … [OK]”

I had to reinstall my graphics drivers.

sudo apt-get install --reinstall nvidia-173

Home Linux Ubuntu Iptables Firewall Rule

# Generated by iptables-save v1.4.4 on Wed Dec 29 15:11:27 2010
*filter
:INPUT ACCEPT [0:0]
:FORWARD ACCEPT [0:0]
:OUTPUT ACCEPT [0:0]
-A INPUT -i lo -j ACCEPT
-A INPUT -d 127.0.0.0/8 ! -i lo -j REJECT –reject-with icmp-port-unreachable
-A INPUT -m state –state RELATED,ESTABLISHED -j ACCEPT
-A INPUT -d 192.168.2.4/32 -i eth0 -p tcp -m tcp –dport 222 -j ACCEPT
-A INPUT -d 192.168.2.4/32 -i eth0 -p tcp -m tcp –dport 222 -m state –state NEW -m recent –update –seconds 60 –hitcount 8 –rttl –name SSH –rsource -j DROP
-A INPUT -d 172.16.254.3/32 -i eth0 -p tcp -m tcp –dport 8080 -j ACCEPT
-A INPUT -d 10.20.254.254/32 -i eth0 -p tcp -m tcp –dport 1723 -j ACCEPT
-A INPUT -d 172.16.254.3/32 -i eth0 -p udp -m udp –dport 7777 -j ACCEPT
-A INPUT -d 172.16.254.3/32 -i eth0 -p udp -m udp –dport 7778 -j ACCEPT
-A INPUT -d 172.16.254.3/32 -i eth0 -p udp -m udp –dport 7787 -j ACCEPT
-A INPUT -d 192.168.2.4/32 -i eth0 -p tcp -m tcp –dport 5800 -j ACCEPT
-A INPUT -d 192.168.2.4/32 -i eth0 -p tcp -m tcp –dport 5900 -j ACCEPT
-A INPUT -d 192.168.2.4/32 -i eth0 -p tcp -m tcp –dport 5901 -j ACCEPT
-A INPUT -d 192.168.2.4/32 -i eth0 -p tcp -m tcp –dport 5902 -j ACCEPT
-A INPUT -d 192.168.2.4/32 -i eth0 -p tcp -m tcp –dport 5938 -j ACCEPT
-A INPUT -s 10.20.254.249/32 -d 192.168.2.4/32 -i ppp0 -p tcp -m tcp –dport 139 -j ACCEPT
-A INPUT -s 192.168.6.0/29 -d 192.168.2.4/32 -i eth0 -p tcp -m tcp –dport 139 -j ACCEPT
-A INPUT -s 172.16.254.3/32 -d 192.168.2.4/32 -i eth0 -p tcp -m tcp –dport 139 -j ACCEPT
-A INPUT -s 172.16.254.3/32 -d 192.168.2.4/32 -i eth0 -p tcp -m tcp –dport 445 -j ACCEPT
-A INPUT -s 10.0.0.0/24 -d 192.168.2.4/32 -i eth0 -p tcp -m tcp –dport 445 -j ACCEPT
-A INPUT -s 10.0.1.0/24 -d 192.168.2.4/32 -i eth0 -p tcp -m tcp –dport 445 -j ACCEPT
-A INPUT -s 192.168.6.0/29 -d 192.168.2.4/32 -i eth0 -p tcp -m tcp –dport 445 -j ACCEPT
-A INPUT -s 10.20.254.249/32 -d 192.168.2.4/32 -i ppp0 -p tcp -m tcp –dport 445 -j ACCEPT
-A INPUT -s 192.168.3.0/29 -d 192.168.2.4/32 -i eth0 -p tcp -m tcp –dport 445 -j ACCEPT
-A INPUT -s 192.168.4.0/28 -d 192.168.2.4/32 -i eth0 -p tcp -m tcp –dport 445 -j ACCEPT
-A INPUT -s 172.16.0.2/32 -d 192.168.2.4/32 -i eth0 -p tcp -m tcp –dport 445 -j ACCEPT
-A INPUT -d 192.168.2.4/32 -i eth0 -p tcp -m tcp –dport 21 -j ACCEPT
-A INPUT -s 192.168.2.1/32 -d 192.168.2.4/32 -i eth0 -p udp -m udp –dport 514 -j ACCEPT
-A INPUT -s 192.168.2.1/32 -d 192.168.2.4/32 -i eth0 -p udp -m udp –dport 9996 -j ACCEPT
-A INPUT -d 192.168.2.4/32 -i eth0 -p udp -m udp –dport 50518 -j ACCEPT
-A INPUT -d 192.168.2.4/32 -i eth0 -p tcp -m tcp –dport 50518 -j ACCEPT
-A INPUT -d 192.168.2.4/32 -i eth0 -p udp -m udp –dport 6881 -j ACCEPT
-A INPUT -s 192.168.2.1/32 -d 10.20.254.248/29 -i eth0 -p icmp -j ACCEPT
-A INPUT -s 192.168.2.1/32 -d 172.16.254.2/32 -i eth0 -p icmp -j ACCEPT
-A INPUT -s 192.168.2.1/32 -d 172.16.254.3/32 -i eth0 -p icmp -j ACCEPT
-A INPUT -s 192.168.2.1/32 -d 172.16.254.3/32 -i eth0 -p icmp -j ACCEPT
-A INPUT -s 192.168.4.0/28 -d 192.168.2.4/32 -i eth0 -p icmp -j ACCEPT
-A INPUT -s 192.168.4.0/28 -d 172.16.254.3/32 -i eth0 -p icmp -j ACCEPT
-A INPUT -s 192.168.6.0/29 -d 192.168.2.4/32 -i eth0 -p icmp -j ACCEPT
-A INPUT -s 172.16.0.2/32 -d 192.168.2.4/32 -i eth0 -p icmp -j ACCEPT
-A INPUT -s 10.20.254.248/29 -d 10.20.254.248/29 -i ppp0 -p icmp -j ACCEPT
-A INPUT -s 10.20.254.249/32 -d 192.168.2.4/32 -i ppp0 -p icmp -j ACCEPT
-A INPUT -m limit –limit 5/min -j LOG –log-prefix “iptables denied: ” –log-level 7
-A INPUT -j DROP
-A OUTPUT -s 192.168.2.4/32 -p tcp -m tcp –dport 80 -j ACCEPT
-A OUTPUT -s 172.16.254.3/32 -p tcp -m tcp –sport 8080 -j ACCEPT
-A OUTPUT -s 192.168.2.4/32 -p tcp -m tcp –dport 443 -j ACCEPT
-A OUTPUT -s 10.20.254.254/32 -p tcp -m tcp –sport 1723 -j ACCEPT
-A OUTPUT -s 172.16.254.3/32 -p udp -m udp –sport 7777 -j ACCEPT
-A OUTPUT -s 172.16.254.3/32 -p udp -m udp –sport 7778 -j ACCEPT
-A OUTPUT -s 172.16.254.3/32 -p udp -m udp –sport 7787 -j ACCEPT
-A OUTPUT -s 10.20.254.254/32 -p gre -j ACCEPT
-A OUTPUT -s 192.168.2.4/32 -p tcp -m tcp –dport 5938 -j ACCEPT
-A OUTPUT -s 192.168.2.4/32 -p tcp -m tcp –dport 5900 -j ACCEPT
-A OUTPUT -s 192.168.2.4/32 -p tcp -m tcp –dport 21 -j ACCEPT
-A OUTPUT -s 192.168.2.4/32 -d 192.168.2.1/32 -p tcp -m tcp –dport 2222 -j ACCEPT
-A OUTPUT -s 192.168.2.4/32 -d 192.168.3.2/32 -p tcp -m tcp –dport 2223 -j ACCEPT
-A OUTPUT -s 192.168.2.4/32 -d 192.168.4.2/32 -p tcp -m tcp –dport 2223 -j ACCEPT
-A OUTPUT -s 192.168.2.4/32 -d 192.168.2.1/32 -p udp -m udp –dport 53 -j ACCEPT
-A OUTPUT -s 192.168.2.4/32 -p tcp -m tcp –dport 30000 -j ACCEPT
-A OUTPUT -s 192.168.2.4/32 -p icmp -j ACCEPT
-A OUTPUT -s 172.16.254.2/32 -d 192.168.2.1/32 -p icmp -j ACCEPT
-A OUTPUT -s 172.16.254.2/32 -d 172.16.254.1/32 -p icmp -j ACCEPT
-A OUTPUT -s 172.16.254.2/32 -d 172.16.254.3/32 -p icmp -j ACCEPT
-A OUTPUT -s 172.16.254.3/32 -d 172.16.254.1/32 -p icmp -j ACCEPT
-A OUTPUT -s 172.16.254.3/32 -d 172.16.254.2/32 -p icmp -j ACCEPT
-A OUTPUT -s 172.16.254.3/32 -d 192.168.2.4/32 -p icmp -j ACCEPT
-A OUTPUT -s 172.16.254.3/32 -d 192.168.4.0/28 -p icmp -j ACCEPT
-A OUTPUT -s 10.20.254.254/32 -d 192.168.2.1/32 -p icmp -j ACCEPT
-A OUTPUT -s 10.20.254.254/32 -d 192.168.2.4/32 -p icmp -j ACCEPT
-A OUTPUT -s 10.20.254.249/32 -d 192.168.2.4/32 -p icmp -j ACCEPT
-A OUTPUT -s 10.20.254.254/32 -d 10.20.254.249/32 -p icmp -j ACCEPT
-A OUTPUT -s 192.168.2.4/32 -p udp -m udp –dport 69 -j ACCEPT
-A OUTPUT -s 192.168.2.4/32 -p tcp -m tcp –dport 23 -j ACCEPT
-A OUTPUT -s 192.168.2.4/32 -p udp -m udp –dport 123 -j ACCEPT
-A OUTPUT -s 192.168.2.4/32 -d 81.103.221.11/32 -p tcp -m tcp –dport 25 -j ACCEPT
-A OUTPUT -s 192.168.2.4/32 -d 192.168.2.1/32 -p udp -m udp –dport 514 -j ACCEPT
-A OUTPUT -s 192.168.2.4/32 -d 192.168.2.1/32 -p udp -m udp –dport 161 -j ACCEPT
-A OUTPUT -s 192.168.2.4/32 -d 192.168.2.1/32 -p udp -m udp –dport 162 -j ACCEPT
-A OUTPUT -s 192.168.2.4/32 -p tcp -m tcp –dport 4070 -j ACCEPT
-A OUTPUT -s 192.168.2.4/32 -d 192.168.5.2/32 -p tcp -m tcp –dport 9100 -j ACCEPT
-A OUTPUT -s 192.168.2.4/32 -d 94.136.40.61/32 -p tcp -m tcp –dport 110 -j ACCEPT
-A OUTPUT -s 192.168.2.4/32 -p tcp -m tcp –dport 1024:65535 -j ACCEPT
-A OUTPUT -m limit –limit 5/min -j LOG –log-prefix “iptables denied: ” –log-level 7
-A OUTPUT -j DROP
COMMIT
# Completed on Wed Dec 29 15:11:27 2010
# Generated by iptables-save v1.4.4 on Wed Dec 29 15:11:27 2010
*nat
:PREROUTING ACCEPT [430:32842]
:POSTROUTING ACCEPT [0:0]
:OUTPUT ACCEPT [2773:170524]
COMMIT
# Completed on Wed Dec 29 15:11:27 2010
# Generated by iptables-save v1.4.4 on Wed Dec 29 15:11:27 2010
*mangle
:PREROUTING ACCEPT [1735576:104189954]
:INPUT ACCEPT [1735512:104181797]
:FORWARD ACCEPT [0:0]
:OUTPUT ACCEPT [2877496:3782379744]
:POSTROUTING ACCEPT [2874912:3782220690]
COMMIT
# Completed on Wed Dec 29 15:11:27 2010