Mikrotik How to Block User by MAC Address

How to block a user by MAC address, we will discuss about it in this article. As usually, we can apply restriction on an user by two ways. One of these is, using the user's computer's IP address and another is, using the user's computer's MAC address. But using MAC address is better than using IP address. Because, no restriction on that user is applicable when the IP address is changed. But, there is no scope to change the MAC address. So today we will discuss, how to use MIKROTIK to apply restriction on an user by using MAC address.

Afer logging in to MIKROITK, go to the "Firewall" and then add a new filter rule. Under the "Advanced" tab of the "New Firewall Rule Interface", we will get an option named "Src. MAC Address". Using this option, we can restrict an user by his computer's MAC address.

I will show the whole process through the screenshot.

After logon your MIKROTIK router go to "IP" and then "Firewall" option.

At the "Firewall" interface select "Filter Rules" tab and add a new rule.

At the "New Firewall Rule" interface go to "General" tab and choose "Forward" from "Chain" field.

Now go to "Advanced" tab and click on "Src. MAC Address" field and type your user's MAC address.

Finally, go to "Action" tab and choose  "drop" from "Action" field. Now, click on "Apply" and then click "OK". From now on, every traffic will be dropped from that MAC address.

Now we will check, weather the created rule is working. When we create a rule, that rule will be stored in the list of "Filter Rules". If the rule works, the number of the byte and the packet will be counted.

Everything is done.

No Internet Access When Connected to VPN

We know that, a secure tunnel is created through internet using "Virtual Private Network (VPN)" adapter. With this, remote user can easily connect themselves to the corporate network. Using a VPN, a user can access shared resources in the corporate network from remote location. But, sometime we face a problem with this VPN Connection. That is, when the VPN is connected, the internet access has gone. Here, we will look at the solution of this problem.

When we create a VPN adapter in the windows operating system by default, an option is selected, named "use default gateway on remote network". Because of  this option is selected, whenever our VPN connection is established, our internet connection becomes disconnected. Because, our operating system does not use its default gateway. As VPN is connected, the computer starts using VPN server's gateway as its gateway. And whenever, the computer can't contact the gateway of the VPN server, then our internet connection is disconnected. And we know that, if the connection to the default gateway can't be established, then any computer can not be connected to the internet.

So we have to deselect this option to solve the problem. And we can deselect this option from the properties of that VPN adapter. The entire process is shown below with the screenshot.

At first, go to the "Network & Sharing Center" from control panel and select "Change adapter settings" from left panel.

Now, find out your VPN connection adapter and right click on it. Select "Properties".

Now, go to "Networking" tab and select "Internet Protocol Version 4 (TCP/IPv4)" [If you use IP version-4]. Now, click on properties.

In "Properties" click on "Advanced"

Now, deselect the option "Use default gateway on remote network". And finally, press "OK".

All the work is done. From now on, if the VPN connects, the internet connection will no longer be disconnected.

Mikrotik How to Block Website Using Layer-7 Protocol Step by Step (Mikrotik Tutorial)

There are many ways to block a specific website in RouterOS. We can use content based rules, proxy servers, hotspots, or using the layer-7 protocol for denying access to a specific website. Most of the filtering rules works based on IP address. But the layer-7 protocol is a little bit different. It works on OSI layer-7 and that's why it search a specific data pattern in the data stream or TCP/UDP streams, which is originated or passthrough the router. Whenever a specific pattern is matched by the given criteria then take action based on filter rules. Today, we will discuss, how to block a website by using layer-7 protocol rules.

The layer-7 protocol uses Perl regular expression (Regex) to match any keyword. Here, we will discuss how to write this Perl regular expression.

If we want to block the "Youtube" website then, our regex value will be:-

^.+(ytstatic.l.google.com|youtube-ui.l.google.com|youtubei.googleapis.com|youtube.googleapis.com|youtube.com|www.youtube.com|m.youtube.|.m.youtube.|ytimg.com|s.ytimg.com|ytimg.l.google.com|youtube.l.google.com|i.google.com|googlevideo.com|youtu.be|youtube-nocookie.com).*$

If we want to block the "Facebook" website then our regex value will be:-

^.+(www.facebook.com|facebook.com|login.facebook.com|www.login.facebook.com|fbcdn.net|www.fbcdn.net|fbcdn.com|www.fbcdn.com|static.ak.fbcdn.net|static.ak.connect.facebook.com|connect.facebook.net|www.connect.facebook.net|apps.facebook.com|m.facebook.com|fbsbx.com).*$

If we want to block the "Tiktok" website then, our regex value will be:-

^.+(myqcloud.com|wsdvs.com|worldfcdn.com|footprint.net|byteoversea.|ibyteimg.|.ibyteimg|ibyteimg.com|musemuse.cn|muscdn.com|.byteoversea|byted.org|bytecdn.cn|byteoversea.com|.musical|musical.|musical.ly|tiktokcdn.com|tiktokv.com|tiktokcdn.com|.tiktokv|tiktokv.|tiktokcdn-com|.akamaized|akamaized.net|akamaized.|tiktok.com|www.tiktok.com|m.tiktok.com|tiktok.|tiktok|.zhiliaoapp|.musically|zhiliaoapp.|musically.).*$

If we want to block the "Snapchat" website then, our regex value will be:-

^.+(feelinsonice.appspot.com|appspot.l.google.com|data.flurry.com|appspot.com|.appspot|appspot.|feelinsonice-hrd.appspot.com|data.flurry.com|snapchat.com|snap.net|www.snapchat.com|www.feelinsonice.com|feelinsonice.com|www.snap.net|.snap.net.).*$

If we want to block the "Instagram" website then, our regex value will be:-

^.+(instagram.com|cdninstagram.com|.cdninstagram.com|.instagram.com|instagram.|.instagram|.cdninstagram|cdninstagram.).*$

If we want to block the "Netflix." website then, our regex value will be:-

^.+(netflix.com|netflix.net|nflxext.com|nflximg.com|nflximg.net|nflxso.net|nflxvideo.net|.netflix.).*$

If we want to block the "Twitter" website then, our regex value will be:-

^.+(.twitter.|ads-twitter.com|twimg.com|twitter.com|twttr.com|twimg.com.akahost.net|twitter.map.fastly.net).*$

If we want to block the "Whatsapp" website then, our regex value will be:-

^.+(whatsapp.com|whatsapp.net|.whatsapp.|.whatsapp).*$

If the pattern is matched by the layer-7 protocol, then action would be taken as that rules.

Now, the whole thing will be shown by a screenshot. We will do this using "Winbox".

At first log on your router via winbox and go to "IP" and then "Firewall".

 Now select the "Layer 7 protocol" tab and then (+) sign to add a new protocol rule.

Now give a descriptive name for the protocol rule in the "name" field and write down the Perl regexp code in the "Regexp" field. In our example, we are going to be blocked "Youtube.com". So, we write "youtube" as a name and copy-paste the code from the above location. Finally, click on "apply" and then click "OK". Just like follows:-

Finished creating our protocol rule. Now we will block this website (youtube.com) using this protocol rule.

Now go to the "Filter Rules" tab into "firewall" and add a new rule. Select "forward" from the "Chain" field and type your network address or specific host address into "Src. Address" field. If you want to block access for all the networks then leave it blank.

Now select the "Advanced" tab and select the layer-7 protocol which we have created. 

Now go to the "Action" tab and select "drop" from the "Action" field. Click apply and then click ok.

All work is done. "Youtube.com" will be blocked now.

If you have multiple firewall rules or access rules configured then please make sure you have placed this rule in the right sequence. If you are not sure about that, then place this rule at the top of all of your firewall rules. Just drag it on the up way and drop it at the first position and make sure the rule sequence number is "0". Just like below.

Thank you.

Mikrotik Content Based Rules Step by Step (Mikrotik Tutorial)

The "Mikrotik" router is very popular among affordable price routers. One of the features of this is to block a specific website. We can do this by implementing a different kind of rules in this router. For example, through content based rules, using a hotspot, through the layer-7 protocol.

Using a content-based rule, how to block a specific website, we will discuss the issue there now. If we select "drop" as an action value from any content-based rule, then everything will be drop is written into the content field. Let's imagine, we have written "youtube" into the "content" field and select "drop" as action value, then "youtube" will be blocked for that particular network or address. Not only "youtube", whatever you write everything will be dropped if the action value select as "drop".


We will use the winbox to do the whole thing.

At first logon your router via winbox. Then select "IP" and then select "Firewall". Select "Filter Rules" tab and click the (+) icon to add a new rule. Select "General" tab and write down your network address or specific IP address (for specific user) into the "Src. Field" also select "Forward" into the "Chain" field. Now click the "Advanced" tab. Write down your keyword into the "Content" Field such as "youtube". Now select "Action" tab. Now select "drop" into the "Action" field.

Now select "Apply" and then click OK.

The entire is shown through the screenshot.

First logon your router and go to "IP" and then "Firewall".

 Select "Filter Rules" tab and add a new rules by clicking (+) icon.

 Now select "General" tab. Select "Forward" from "Chain" field. Input your network address into "Src. Address" field. Network address just like 192.168.1.0/24.

Now click on "Advanced" tab and write down your keyword into the "Content" field.

 Now go to "Action" tab and select "drop" from "Action" field.

At last click on "Apply" and then click "OK".

Now "youtube" will be blocked. If you write "facebook" into the "content" field and select drop as action then facebook will be dropped.

Some Open Source Software Alternative to Paid Version

We cannot imagine the present world without computer. There are also some things in our daily life that, there is no other way than to have a computer. Whether we buy a desktop computer or laptop computer, most of the time the close source operating system is loaded. And most of the market share of "Close Source Operating System" are belongs to "Microsoft Company" means "Windows Operating System". And most of the "Close Source Software" means buy product with license from vendor. We know that, to use a computer that is not enough only have a one operating system installed. But also requires many applications. For example, we are all familiar with "Microsoft Office Applications". Microsoft office program is the most popular among all the office application in the market and their market share is also high. And like others Microsoft product, this product also "Close Source". That means, we have to buy a license to use this program. In this way, we need more software for doing daily task. In most cases, we have to buy them with a license. Because of which, many budgets are needed. There is no problem with this kind of budget for big organizations. But small and medium companies fall short of the budget. So, these companies can't use many software but want.

Today, we will discuss about some "Open Source Applications" that, we can use as an alternative to "Close Source Application". There is no need to purchase a license for "Open Source Applications".

We will start with the operating system first. Among the open source operating systems are the following:-

1:- Ubuntu
2:- Linux Lite
3:- Fedora
4:- Linux Mint
5:- Solus
6:- Xubuntu
7:- React OS

We do not have to purchase any license to use these OS. Do not require to buy any CD or DVD. These OS's can be easily downloaded from the Internet. So small or medium organizations can use these operating systems.

Now we will discuss the desktop version with open source office application. The most notable of these types of office applications are:

1:-  Apache OpenOffice
2:- LibreOffice
3:- KOffice
4:- WPS Office
5:- Calligra

These open source office applications can be used directly as an alternative to Microsoft office application.

We all use different types of compression software for our official work. Although we do not have to buy all the file compression software. Some file compression software is available free of charge.

However, WinRAR is one of the most popular software among file compression software. But it is  not freeware. However, among the file compression software, the most popular open source software are:- 

1:- 7zip

2:- PeaZip

Some open source browsers for Internet browsing are following:-

1:- Chromium

2:- Mozilla Firefox

3:- Midori

4:- SeaMonkey

However, Mozilla Firefox, Chromium is popular among these browsers.

There are more open source applications for Accounts & Finance. Among them, GnuCash, TurboCASH, xTuple are notable. Small to medium organizations can use this software to do their own work very easily.

We all know that ERP (Enterprise Resource Planning) software is usually very expensive. Because of which small organizations can not imagine using ERP.

There are several open source ERP software that can use small organizations. Some popular ERP systems are Adempiere, OFBiz, Odoo. These ERP systems can also be used as alternatives to SAP and Microsoft Dynamics.

Similarly there are several open source CRM (Customer Relationship Manager). Some popular open source CRM software is SugarCRM, OpenCRX, Fat Free CRM. Small and medium organizations can use these programs without any cost.

The communication system behind the success of any organization plays an important role. This contact can be inside the organization and may be outside. PBX hardware is usually used in every office to communicate inside. These hardware are usually very expensive. So many people use software based PBX. Which is much more affordable. 

There are some open-source software PBXs, which can be used by all organizations from small to large. These software include AsteriskNOW, Elastix.

Organizations that generally have low IT budgets, those organizations can use these open source software to keep their IT activities very easy.

Power Options Some Settings Are Managed By Your System Administrator

Sometime the power configuration options are disabled even after logon with administrative privileges in windows computer. There is a message show "Some settings are managed by your system administrator."

Power settings in a computer are usually controlled in two ways. One of them is through the "Group Policy" of that computer and another is through the "Registry" of that computer.

If any of these two locations are enabled with any power configuration, then no work can be done related power issue on that computer. So all power related configurations should be removed or disabled from these two locations.

First of all we will disable power related configuration from "Group Policy".

Open "Run" option and type the following command to open "Group Policy" editor.


                                                           gpedit.msc

Now select "Computer Configuration". Then select "Administrative Templates". Now "System" and now "Power Management". Check here to see, if any settings are configured. If it configured, then it have to "Disabled" or "Not Configured". Just the following way:-

You will get the following interface after double click the "Power Management"

Now check to see if any rules are configured. If it then just double click of that configured rules and select "Disable or Not Configured". Just like follwoing:- 

Now click "apply" and then "OK". We are done. We have finished all the work in the "Group Policy". Now we will work in the "Registry". 

To open the "Registry" editor run the following command on the "RUN" option. To open "RUN" press "windows key + r" from the keyboard. Now type the following command and press "Enter".

                                           
                                             regedit

In "Registry" editor, go to the following path:-

HKEY_LOCAL_MACHINE  ->  SOFTWARE  ->  Policies  ->  Microsoft  ->  Power  ->  PowerSettings

Now check on right side, if there is a registry key called "ActivePowerScheme". If available simply delete this key and restart your computer.

Hope you can now work with power settings.

Install GNOME/KDE Desktop Environment on Ubuntu or CentOS

The linux operating system is the most popular open source operating system. In 1991, Linux Torvalds started works on this project and later he was able to successfully create linux kernel. With this open source operating system you can configure all type of server (DHCP, DNS, Mail, Web etc). We all know linux operating system is based on the complete command prompt. That is, there will be no graphical view. Complete server configuration will be done through command prompt. This makes linux administration a bit complicated. Later, for the convenience of the linux administrator, some graphical tools were created, which would make linux administration much easier after use. The most notable of these graphical tools is the graphical desktop environment. Among these desktop environments, the GNOME desktop environment and KDE desktop environment are the most popular. Ubuntu and CentOS are the two linux distributions that you can apply in order to install GNOME and KDE desktop environment.

First we will install GNOME and KDE desktop environment in CentOS. Of course, every command execute requires root privileges. So we logged in as root user.

Let's first install the KDE desktop environment.

[root@system ~]# yum update (optional command)

[root@system ~]# yum upgrade (optional command)

[root@system ~]# yum   -y   groupinstall   “KDE desktop” “X Window System” “Fonts”

[root@system ~]# startx (to run the graphical environment)

Now, let us install the GNOME desktop environment.

[root@system ~]# yum update (optional command)

[root@system ~]# yum upgrade (optional command)

[root@system ~]# yum   -y    groupinstall     “GNOME Desktop”

[root@system ~]# yum   -y    groupinstall     “X windows System” 

[root@system ~]# yum   -y    groupinstall     “Graphical Administration Tools”

[root@system ~]# startx       (to run the graphical environment)

Now, we will install KDE and GNOME desktop environment in Ubuntu.

Let's first install the KDE desktop environment.

[root@system ~]# apt-get update (optional command)

[root@system ~]# apt-get -y upgrade (optional command)

[root@system ~]# apt-get   -y   install   kubuntu-desktop

[root@system ~]# reboot

Now let us install the GNOME desktop environment.

[root@system ~]# apt-get update (optional command)

[root@system ~]# apt-get –y upgrade (optional command)

[root@system ~]# apt-get   -y   install   ubuntu-gnome-desktop

[root@system ~]# reboot

After the installation complete, we can administrate our server graphically.