Knowledge Area: July 2021

Thursday, July 29, 2021

Cisco ASA Configure Static Route

In this tutorial, we are going to learn how to add a static route entry in the Cisco ASA firewall. How to send the specific traffic to a specific gateway.

We will add a static route entry to reach the 192.168.1.0/24 network via the 1.1.1.1 gateway. To reach the other networks, the firewall will use its default gateway. Let's start.

To add a static route, expand the "Routing" configuration tree. You can find it from the "Device Setup" option of the "Configuration" menu. Then click on the "Static Routes" option. Then click on the "Add" button to add a new static entry.

Now select the "IPv4" radio button from the "IP Address Type" section. In the "Interface" field, select your "Outside" interface from the drop-down list. Now write the destination network address that you want to reach in the "Network" field. Here, we will write 192.168.1.0/24 as the network address. Now write the gateway IP address that we want to use to reach that "192.168.1.0/24" network in the "Gateway IP" field. According to this tutorial, our gateway IP address will be 1.1.1.1. Finally, click on the "OK" button to add this route entry as well as close this window.

That's it. From now on, the firewall will use the gateway 1.1.1.1 to reach the "192.168.1.0/24" network.

Cisco ASA Configure Default Route

The default route is used to forward the traffic to a specific location that has no routing information in the routing table. Generally, it is used for internet access configuration. Because it is not possible to enter the routing entry for all the servers that are available on the internet.

In this tutorial, we will learn how to add a default route entry in the Cisco ASA firewall.

To add the "Default Route" or the "Default Gateway" expand the "Routing" configuration tree. Then click on the "Static Routes" option. Then click on the "Add" button to add a new static entry.

Now select the "IPv4" radio button from the "IP Address Type" section. In the "Interface" field, select your "Outside" interface from the drop-down list. Now write your network address in the "Network" field. Here, we will write 0.0.0.0/0 as the network address this will be our default route entry. Or you can use the "any4" value from the list. Now write your gateway IP address in the "Gateway IP" field. We will get this gateway IP address from our internet service provider. We assume that our gateway IP address will be 5.5.5.5. Finally, click on the "OK" button to add this route entry as well as close this window.

That's it. We can add multiple default routes by changing its "Metric" value.

ASA Firewall Port Forwarding

The ASA firewall is used to protect the internal network from outside threats. It scans all the traffics that is traversing through the firewall. By default, the firewall blocks all the traffic that ate intended to reach the internal network from the outside network. If we need to enable access to specific network resources from the outside network then we have to allow that traffic. And we can allow any traffic through the firewall using some features. One of them is called "Port Forwarding".

In this tutorial, we are going to learn how to configure the port forwarding feature in the ASA firewall. Using the port forwarding feature we can forward specific traffic to another IP address as well as another port number. Sometimes port forwarding is called PAT (Port Address Translation).

In this tutorial, we are going to forward the "FTP" port to my local FTP server using the ASDM tool. This will allow access to our local FTP server from the outside network. We will go through the step-by-step process.

After login into the firewall using ASDM, we will go to the "Configuration" tab and then we will click on the "Firewall" button from the left panel. After click on the "Firewall" button, we will select "NAT Rules" from the "Firewall Configuration Page".

Now click on the "Add" drop-down menu button and select "Add Network Object NAT Rule".

Now write a name for this entry into the "Name" field. We named it "FTP_Traffic_Forward". Please note that we can't use space in the name field. Now select the "Host" value from the "Type" parameter. Write the local FTP server IP address in the "IP Address" field. We assume that our FTP server IP address is 192.168.1.10.

Now we have to be sure that the "Add Automatic Address Translation Rules" button is ticked. Select the "Static" value from the drop-down menu in the "Type" field. Select your "Outside" interface in the "Translated Addr" field. Here, the outside interface is representing your WAN interface. In this example, our outside interface name is "outside".

Now click on the "Advanced" button.

In the "Advanced" settings, select your inside interface in the "Source Interface" field. Here, the inside interface is representing your LAN interface and we assume that our inside interface name is "inside". Now select your outside interface in the "Destination Interface" field. Here, the outside interface is representing your WAN interface. Make sure the "TCP" value is selected in the "Protocol" field. Now write your FTP service port number in the "Real Port" as well as in the "Mapped Port". We know that the default FTP service port number is 21.

[Note:- Here, the Real port is representing our local server FTP port number that is 21 and the Mapped port is representing the port number that is used to connect to my outside interface or our real IP address. ]

That's it. All the work is done. After click on the "OK" button and "Apply" the configuration, the new rule will ready to be worked. To apply this setting in the "Running-Config" just click on the "Apply" button.

One more thing we have to do. The traffic has to be allowed by ACL also. By default firewall drop all the traffic that is coming through the Outside interface. That's why we have to create an access control list in the "Outside" interface so that the traffic is not going to block by the firewall.

To add an ACL in the "Outside" interface click on the "Access Rules" button from the firewall configuration page.

To add an access rule click on the add button.

After opening the "Add Access Rule" window, select your outside interface from the "Interface" parameter. According to our scenario, our outside interface will be "Outside". Select the "Permit" radio button as we are going to allow the traffic through this ACL. For the "Source Criteria" and the "Destination Criteria" section, leave the default settings in the "Source" and "Destination" parameter boxes. As the default, the "Source" and "Destination" parameter values will be "any". After then click on the "Service" parameter box. Now write your service name that is "FTP" according to our scenario. During you enter the service name, you will be noticed that the list of the possible services is shown based on your keyword. Just select your desire one from that list.

After that click on the "More Options" drop-down button. Now click on the "In" radio button in the "Traffic Direction" parameter, since we are configuring the ACL to allow the traffic from outside networks that are intended to access our local network using the internet. Finally, click on "OK" to close this window.

From now on our local FTP server will be accessible from the internet. The firewall will allow all the traffic that is intended to go to the FTP server. This process is also called the "Destination NAT".

Mikrotik IP Tunnel Configuration Step by Step

In this tutorial, we are going to discuss how to configure a site-to-site IP tunnel using the Mikrotik Router. Using this IP tunnel, we can connect two sites from different locations or we can connect two routers or LANs from a different location. We can create private communication channels over a public network such as the internet. During the data transmission across this channel, the traffic will be encrypted by the IPSec Protocol. We will go through the step-by-step IP tunnel configuration process between two Mikrotik routers.

Let's assume that, we have two sites equipped with Mikrotik routers. Respectively, the sites are "Site-1" and "Site-2". The router IP address of the "Site-1" is 1.1.1.1 and the LAN network is 192.168.1.0/24. The router IP address of the "Site-2" is 2.2.2.2 and the LAN network is 172.16.1.0/24. The users of the "Site-1" can communicate with the users of the "Site-2" and vice-versa. They can share their local resource as like as they are in the same network.

At first, we will create an IP tunnel interface at the "Site-1" router. Then we will assign an IP address on that tunnel interface. Then we will provide a static route entry to reach the "Site-2" router. These are the all steps that need to be performed to create a tunnel interface at the "Site-1" router. The same configuration has to be done for the "Site-2" router also.

Let's start with the "Site-1" router. We will perform all the configurations using the "Winbox" tool. Now we will create a tunnel interface. To create a tunnel interface, click on the "Interface" from the menu and then select "IP Tunnel" from the "Interface List" window. Their click on the "+" sign to add a new tunnel.

After opening the "Add New Interface" window, navigate to the "General" tab. "In the "Name" field, we can provide a descriptive name for this tunnel. We named it "IP_Tunnel_to_Site-2". In the "Local Address" field, we will write our "Site-1" router IP address that is 1.1.1.1 and in the "Remote Address" field, we will write our "Site-2" router IP address that is 2.2.2.2. In the "IPsec Secret" field, we will provide the password to encrypt the transmitted data. Then uncheck the "Allow Fast Path" ticked button. Leave the rest of the things with the default value. Then click on the "Apply" and then "OK" button to close this window.

Now we will create the IP tunnel interface in the "Site-2" router. The tunnel interface name will be "IP_Tunnel_to_Site-1". The local address will be our "Site-2" router IP address that is 2.2.2.2. Here, the remote address will be our "Site-1" router IP address that is 1.1.1.1. Now we will provide the IPsec secret password. One important note is that the "Site-1" IPsec secret password must be matched with the "Site-2" IPsec secret password. Otherwise, the tunnel link can't be established. Clear the tick mark from the "Allow Fast Path" tick box. Then click on the "Apply" and "OK" button to close this window.

This tunnel should be up now. The tunnel status will be shown at the bottom of the tunnel interface. If the tunnel is established then the "running" text will be highlighted otherwise not. Just like the below:-

At both sites, our tunnel configuration is done. Now we have to configure an IP address on the tunnel interface.

First, I will configure the IP address in the tunnel interface of the "Site-1". To configure an IP address, go to the "IP" option from the "Winbx" menu and then click on the "Addresses" option. Their click on the (+) sign to add a new IP address.

In the "New Address" interface, we will write the IP address that we want to assign the IP tunnel interface. Since our network address is "192.168.1.0/24", that's why we will use "192.168.1.254" as our tunnel interface IP address. Here, we will write our IP address with CIDR value, that's why it will be okay to ignore the network mask information. Then we will select our tunnel interface from the "Interface" field. According to our example, this interface will be "IP_Tunnel_to_Site-2". Then click on the "Apply" and "OK" button to close this window.

Now we will configure the IP address for our "Site-2" tunnel interface. Since our network address is "172.16.1.0/24" at our "Site-2" office, that's why we will use "172.16.1.254" as our tunnel interface IP address. Here, in the same manner, we will write our IP address with CIDR value, that's why it will be okay to ignore the network mask information. Then we will select our tunnel interface from the "Interface" field. According to our example, this interface will be "IP_Tunnel_to_Site-1".

Our IP address configuration is done in the tunnel interface at both sites. Now we are going to add a static route entry. So that the users can reach each other from their office location.

Now we will configure the static route at the "Site-1" router. Go to the "IP" and then click on the "Routes" from the "Winbox" menu. After that, navigate to the "Routes" and click on the "+" sign to add a new rule.

In the "New Route" interface, write the "Site-2" network address in the "Dst. Address" field, which is "172.16.1.0/24". Now select your IP tunnel interface from the "Gateway" field, which is "IP_Tunnel_to_Site-2". Then click on the "Apply" and then "OK".

Now it is the turn of "Site-2". Write the "Site-1" network address in the "Dst. Address" field, which is 192.168.1.0/24. In the same manner, select your tunnel interface from the "Gateway" field, which is "IP_tunnel_to_Site-1". That's it. Now click on the "Apply" and then "OK".

All the work is done. Now a user from the "192.168.1.0/24" network or the "Site-1" office can communicate with a user of the "172.16.1.0/24" network or the "Site-2" office and vice-versa.

At the "Site-1" router, when it receives any request to reach the "172.16.1.0/24" network, it will check its own routing table to find out any route entry to locate that location. When its found this "172.16.1.0/24" entry, then it will forward all the requested traffic to that IP tunnel interface which is "IP_Tunnel_to_Site-2".

The same will happen in the case of the "Site-2" router. To reach the "192.168.1.0/24" network, it will forward all traffic using the IP tunnel interface which is "IP_Tunnel_to_Site-1".

This is how we connect two remote LANs over WAN. This is how we connect two remote offices over the internet.

ASA Firewall NAT Configuration Step by Step

In this tutorial, we are going to learn the step-by-step process for the NAT configuration in the Cisco ASA firewall. We can use a firewall to connect to the internet as well as protect data from outside threats. A firewall can perform NAT functions like a router that is used to connect local users to the internet.

We know that we need to use one public IP address to connect to the internet. Because private IP addresses are not routable to the internet. That's why we share one public IP address or a range of public IP addresses among the LAN users. This is because it is very costly to provide separate public IP address to each other. To share one public IP address among so many users, we have to use NAT configurations. Using NAT, we can share one public IP address or we can share a range of public IP addresses.

In the Cisco ASA firewall, when we share one public IP address among the LAN users, then it is called "Dynamic PAT (Hide)". When we share a range of IP addresses then it is called "Dynamic NAT". If we want to allow access from the outside network to the inside network then we will use the “Static” NAT Method.

When the NAT configuration is done from the “Inside” interface to the “Outside” interface then it is called “Source NAT” and when it is done for “Outside” to “Inside” interface then it is called “Destination NAT”.

In this tutorial, we are going to configure both of the NAT functions. Generally, the source NAT is used to connect to the internet. For the source NAT configuration, we are going to share one public IP address among the LAN users. That's why we will use the "Dynamic PAT (Hide)" configuration. We will perform NAT function from inside interface to outside interface. All the LAN user's traffic that is intended to reach the internet or the outside network, their source address will be replaced by the outside interface IP address.

Source NAT

Now we will go through the step-by-step configuration process to perform the source NAT configuration in the Cisco ASA firewall.

We assume that we have a local network 192.168.1.0/24. Also, we have one public IP address 1.1.1.1. Now we are going to configure the NAT function so that our private IP address is translated to the public IP address. After that, we have to create one access list entry so that the firewall can allow the internet traffic from the inside interface to the outside interface.

At first, we will create a “network object NAT rule” for our LAN network. Then we will enable the NAT function on that network object.

To create a network object NAT rule, click on the “Firewall” option and then click on the “NAT” rules from the “Firewall” configuration page. Then click on the “Add” drop-down button and select the “Add Network Object NAT” rule.

Now we will give a descriptive name for this object. We will name it "NAT_Rule_Internet". Then select the object type from the drop-down list. Here, we will select "network" as the object type. Make sure that the "IPv4" radio button is selected as the "IP Version". Write your network address in the "IP Address" field. Here, we will write "192.168.1.0" as the network address. Because we are going to NAT this local address to our public address which is 1.1.1.1. Then write your subnet mask in the "Netmask" field. You can select a mask from the drop-down list also.

Now we will configure the source NAT. Please make sure that the "Add Automatic Address Translation Rules" check box is ticked in the "NAT" section. In the "Type" field, select "Dynamic PAT (Hide)" from the drop-down list. Now write your public IP address in the "Translated Addr" field which is 1.1.1.1 or you can select your public interface from the interface list. After that click on the "Advanced" tab.

In the "Advanced" tab, we will select the source NAT interface and the destination NAT interface. The source NAT interface is that which will be translated. And the destination NAT interface is one whose address will be used to translate the source interface.

Now select your "inside" interface or the LAN interface from the "Source Interface" field. Because we are going to translate the local private IP address to the public one. Then select your "outside" interface from the "Destination Interface" field. Then click on the "OK" button to close this window.

Finally, click on the "OK" button to save this network object NAT rule. Now click on the "Apply" button to save these changes into the "Running-config".

Our source NAT configuration process is done. One final thing we have to do that create an access rule to allow the traffic from inside to outside network. By default, the firewall blocks all the traffic from inside to outside interface and outside to inside interface also. We will create an access rule that allows all the traffic coming from the inside interface and intended to go to the outside network or the internet.

To create an access rule, go to the "Firewall" option and click on the "Access Rules" from the firewall configuration page. Then click on the "Add" button to add a new rule.

Now we will select the interface from the drop-down list on which we will deploy this ACL. Here, we will select the "outside" interface because we are going to apply this ACL in the outside interface. Click on the "Permit" radio button as the "Action" field value. Keep the default value in the source and destination field. Leave the default value for the "service" field also. Then expand the "More Options" feature.

Here, make sure the "Enable Rule" tick button is ticked. Now click on the "Out" radio button as the "Traffic Direction" value. Because we create this ACL to allow the outgoing traffic from inside to the outside interface. After then click on "OK" to add this ACL into the "ACL List".

All the things are done. Now firewall will any traffic from inside to the outside interface coming from any source address. From now on all the local users can connect to the internet.

Destination NAT

Now we are going to configure the destination NAT process. Generally, the destination NAT is used to make available an internal LAN server over the internet. If we want to make accessible one of our internal servers to the internet and at the same time we don’t want to use any public IP on that server, in that case, we have to use the destination NAT function. After deploying the destination NAT, we can take access our internal LAN server from the internet using our outside interface IP address or our public IP address. We can forward a specific port number to our internal LAN server using this destination NAT process. With that port number when any traffic will come to our outside interface then that traffic will be sent to our internal LAN server using the same port number. This process is called port forwarding.

In this tutorial, we are going to forward the "FTP" port to my local FTP server using the ASDM tool. This will allow access to our local FTP server from the outside network. This is also called the destination NAT. We will go through the step-by-step process.

Now click on the "Add" drop-down menu button and select "Add Network Object NAT Rule".

Now click on the "Advanced" button.

To add an ACL in the "Outside" interface click on the "Access Rules" button from the firewall configuration page.

To add an access rule click on the add button.

Wednesday, July 28, 2021

Why Do We Need Computer Network

In this tutorial, we are going to discuss that why a computer network is required.

In a word, we can say that we need a computer network for resource sharing. For example, suppose we want to share with others some of the resources in our computer or some of the resources that are connected to our computer. In that case, the easiest and fastest way to share these resources is to build a network between the computers. We can use any wired or wireless medium to build this network. If we use a wired medium then we have the option of UTP cable, STP cable, Fiber Optic cable, etc. And if we want to use wireless medium then we have available different types of wireless media. Such as Radio waves, Micro Waves, Infrared, etc.

A computer resource can contain more than just CD-Rom, Printer, Scanner. The document that stores in a computer hard disk will also count as a resource.

Before the network invention, if data transfer is required from one computer to another computer or a document from one PC would need to be printed on another PC then a floppy disk was used.

If there are ten users in an office and each of them needs to print, so transferring documents using floppy in this way and printing them is a lot of hassle or time-consuming. Again if everyone has to provide a printer separately, it can be said to be a matter of cost or disadvantage.

So in all these cases, the only hope is a network. This allows devices with one PC to be easily accessed from another PC. A document from one PC can be easily opened from another PC. Which saves a lot of time as well as saves a lot of costs.

What is Protocol or Define Protocol

In this tutorial, we are going to learn what is protocol in networking. How the protocol works in the network?

When a device or a computer plays a role as a server then that computer or device going to the listening mode with the help of some protocol while holding a certain port number. Using some protocols the server keeps listening to whether a client is bringing a request through that port number.

Now the question is what is the protocol?

A protocol is a set of rules that allows two or more devices to communicate with each other. As I am writing this tutorial using the English language so I am following all the rules and regulations for writing in English. For example, when I finished writing such a line then I am using the full stop sign (.). The means of this full stop sign is my line is complete. Or when I talked to someone using the English language while speaking I am pronouncing the English alphabet. Now if the other person knows the English alphabet like me, only then that person will be able to talk to me. That person will understand if I stop for a while during talking then what will be the meaning, what alphabet have to use to explain something. We can call this a set of rules of speech. This kind of set of rules that I know as well as other persons know. Due to which communication between us is being established.

So this kind of set of rules we can call a protocol. We are human beings. We have also some protocols to talk to each other. Such as Engish, French, Bengali, Hindi, Urdu, etc.

We can establish communication among others as long as we both of the person can understand the same protocol or language. Otherwise, communication can't be established. If someone speaks using French and I don't understand it, we won't have a communication build.

In the same way, a computer must have the same protocol to communicate with another computer or another device. Otherwise, the communication will not be established. The protocols for computer communication are TCP/IP, IPX, AppleTalk, etc. These are also called protocol suites. Because they have been named after a combination of multiple protocols. So that is the protocol in a computer network.

The communication will be established only when these protocols match between the two devices.

What is Port Number or Define a Port Number

Some protocol suites are used to communicate with computers to computers or other devices. Such as TCP/IP, IPX, AppleTalk, etc. Each protocol contains a thing called a port number.

In this tutorial, we are going to talk about what is the port number and why it is being used.

Each protocol contains a lot of port numbers. A server is going to the listening mode using these port numbers. With this port number, the server keeps hearing whether any request is coming. A server uses different port numbers for all the services it provides. Such as port number 80 is used to provide web service, port number 1433 is used to provide database service, port number 21 is used to provide file transfer service or download service.

Now if any server wants to provide web service then that server will go to port number 80 and will be in listening mode. The server will be ready to receive any request that is coming through port number 80. If a client brings a request to reach a web page, then that client has to come with the required port number 80. It is predefined. When a request reaches the server through port 80, then the server realizes that it is bringing the request of the web page. The server then provides the data of the web page to the client.

The way a web service's port number is predefined in the same way, a dedicated port number is predefined for each service.

So this is called the port number. Protocols allow devices to communicate with each other and the port is used to identify which service the client is requesting. Using the port number, it will identify whether it came with a database request or a file download request.

Some well-known protocols such as the HTTP protocol uses port 80, FTP protocol uses port 20 and 21, HTTPS protocol uses port number 443, SMTP protocol uses port number 25, DNS uses port number 53, etc.

What is Network or Define Network

In this tutorial, we are going to learn what the network is? What kind of networks are available?

We can say that a network is a group of interconnected devices that stay connected to each other. Resources connected to one device may be used by other devices in the group. Here the interconnection between the devices can be in different ways. This interconnection can be made using the cable connection or without using the cable connection. If we give the example of using a cable, we can say that we can make cable connections with networking cable, telephone line cable, etc. And if we want to build a network without using cables we can use radio waves, satellites, microwaves, infrared light beams, etc.

This network is divided into some sections based on the coverage area of the network. Such as LAN, MAN, WAN, etc. If the cable is used to build these networks, then we can call these networks is "Wired Network". On the other hand, if these networks are built without the use of cables then we can call them "Wireless Network". Such as Wireless LAN or WLAN or Wifi or we can say Wireless WAN etc.

The two most widely used types of networks are LAN and WAN. As an example of a LAN, we can say that the network we use in our office and home is called LAN. Such as Wifi or Wireless LAN. On the other hand, as an example of WAN, we can say that the internet is a WAN network. Which is a collection of networks that are interconnected to each other.

One thing we will notice here is that in the case of LAN there will be a collection of devices that are interconnected to each other. And in the case of WAN, there will be a collection of networks that are interconnected to each other.

Define Server and Client

In this tutorial, we are going to talk about server and client systems. We will discuss what is the server in the network and also we will discuss what is the client in the network. What is the client-server architecture model?

We will discuss how does the server and client work in the network. Let's start.

We know that using the computer network, one device can communicate with another device on the network. Resources that are attached to one device can be accessed from another device over the network. Thus the sender and receiver devices have to play a different roles when sharing resources with each other through the network. Here the sender device will play the role of a server and the receiver device will play the role of a client.

So now the question is what is the server?

In a computer network, a server is a computer program or a single hardware device that provides a service or functionality to other computer programs or devices in the network.

Now, what is the client in the network?

A client is a hardware device or a software or computer program that uses the services provided by the server. In other words, a client uses all the functionalities that the server is providing.

The design or model of data sharing between two or more devices in this way is called the client-server model or client-server architecture.

So we can say that in a network the server is a separate computer that is providing some service through the network. On the other hand, the client is another separate computer that connects to the server through the network and uses the services provided by the server.

One thing we need to know is that a computer can configure as a server and at the same time it can configure as a client. Simultaneously it can play both of the roles. For example, we can configure a laptop as a server. When we share a file over the network on our laptop then this laptop will act as a file server in our network.

There is some dedicated server computer available, which usually have a lot of Storage, RAM Space, and Processor Power than a normal computer. Not only that, there are some different operating systems available for the server computers such as Windows Server 2008, Linux Server, etc.

Companies that have hundreds of clients or have to give a reply of hundreds of crores of queries in a few seconds, in that case, dedicated server computers are needed which have high memory, high processor, or high storage capacity.

What is Routing and Switching

In this tutorial, we are going to learn what is routing and switching in the network.

The term routing and switching usually mean, routing or transferring a data packet among multiple networks and switching a data packet between devices in a single network. Routing and switching are the basic things in network communication. These two things perform two different tasks in a network.

When a data packet is sent from one network to another network then it is called "Routing". On the other hand when a data packet is sent from one device to another device under a single network, then it is called "Switching".

The switching process is executed based on a single network. Its scope of action is within a network. In other words, this switching process is confined to a single network.

The switching process is the process of transferring or switching data packets between the devices with which a network has been created. Suppose for example a LAN network. The transferring of data among all the devices in this LAN network is called data switching or packet switching. And this packet switching or data switching is done by the network switch hardware. Such as Cisco Switch, Juniper Switch, etc.

This network switch keeps a note of the layer-2 address or MAC address of each device in the network. To put it more clearly, this network switch saves the MAC address of each device that is connected to its own ports. Then all the information is saved in his own memory in the form of a table. This table is called the MAC table. The MAC table looks like the following:-

Using this MAC table, a switch can easily deliver a single data packet to any device. Because in that case, the switch knows where the destination device is located or which port it is connected to.

So we can say that the term "switching" is a process that moves a data packet inside a single network.

On the other hand, we can say the "routing" term is a process of route data packets or transfer the data packets in different networks. Such as transfer data between the different LANs. The router devices are used for routing processes.

Another thing we have to know is that the switching process takes place in layer-2 of the OSI model. And the routing process works in layer-3 of the OSI model. In that case, the switch works in layer-2 of the OSI model hence it is also called a layer-2 device. The router works in a similar way to layer-3, so it is also called a layer-3 device. However, there are some advanced level switches available that work in layer-3 also. Means those advanced level switch can perform the routing functions.

Playsms Unicode Message Sending Failed

We know that the "PlaySMS" is a free SMS gateway software as well as it is "Open-Source" also. It provides a web interface to manage SMS communication. We can send bulk SMS using this system. But its failed to send the Unicode messages. Because by default the Unicode messages sending feature is disabled in this system. We have to enable it manually.

In this tutorial, we are going to learn how to enable Unicode SMS support in the Playsms software.

From your Playsms System, navigate to the below path.

/var/www/html/playsms/plugin/gateway/generic/fn.php

After opening this file navigate to the below section and mark some lines as a comment as well as unmark one line from the comment.

$unicode_query_string = '';

if ($unicode) {

if (function_exists('mb_convert_encoding')) {

// $sms_msg = mb_convert_encoding($sms_msg, "UCS-2BE", "auto");

// $sms_msg = mb_convert_encoding($sms_msg, "UCS-2", "auto");

// $sms_msg = mb_convert_encoding($sms_msg, "UTF-8", "auto");

$unicode_query_string = "&coding=8"; // added at the of query string if unicode

}

Now please make sure the below lines mark as a comment. To convert a line to the comment just use the double slash sign "//" in front of the line. Sometimes the "#" value is used to mark a line as a comment.

// $sms_msg = mb_convert_encoding($sms_msg, "UCS-2BE", "auto");

// $sms_msg = mb_convert_encoding($sms_msg, "UCS-2", "auto");

Now please uncomment the below line. In that case, just remove the double slash sign (//) or the "#" sign from the starting point of the line.

$sms_msg = mb_convert_encoding($sms_msg, "UTF-8", "auto");

In this regard, one snapshot is attached.

Now save your changes and restart the Playsms services. From now on all Unicode messages should be delivered via this SMS gateway.

Thank you.

Failed to send Unicode Messages Playsms

In this tutorial, we are going to learn how to enable Unicode SMS support in the Playsms software.

From your Playsms System, navigate to the below path.

/var/www/html/playsms/plugin/gateway/generic/fn.php

After opening this file navigate to the below section and mark some lines as a comment as well as unmark one line from the comment.

$unicode_query_string = '';

if ($unicode) {

if (function_exists('mb_convert_encoding')) {

// $sms_msg = mb_convert_encoding($sms_msg, "UCS-2BE", "auto");

// $sms_msg = mb_convert_encoding($sms_msg, "UCS-2", "auto");

// $sms_msg = mb_convert_encoding($sms_msg, "UTF-8", "auto");

$unicode_query_string = "&coding=8"; // added at the of query string if unicode

}

// $sms_msg = mb_convert_encoding($sms_msg, "UCS-2BE", "auto");

// $sms_msg = mb_convert_encoding($sms_msg, "UCS-2", "auto");

Now please uncomment the below line. In that case, just remove the double slash sign (//) or the "#" sign from the starting point of the line.

$sms_msg = mb_convert_encoding($sms_msg, "UTF-8", "auto");

In this regard, one snapshot is attached.

Now save your changes and restart the Playsms services. From now on all Unicode messages should be delivered via this SMS gateway.

Thank you.

Playsms Drop Unicode Message

In this tutorial, we are going to learn how to enable Unicode SMS support in the Playsms software.

From your Playsms System, navigate to the below path.

/var/www/html/playsms/plugin/gateway/generic/fn.php

After opening this file navigate to the below section and mark some lines as a comment as well as unmark one line from the comment.

$unicode_query_string = '';

if ($unicode) {

if (function_exists('mb_convert_encoding')) {

// $sms_msg = mb_convert_encoding($sms_msg, "UCS-2BE", "auto");

// $sms_msg = mb_convert_encoding($sms_msg, "UCS-2", "auto");

// $sms_msg = mb_convert_encoding($sms_msg, "UTF-8", "auto");

$unicode_query_string = "&coding=8"; // added at the of query string if unicode

}

// $sms_msg = mb_convert_encoding($sms_msg, "UCS-2BE", "auto");

// $sms_msg = mb_convert_encoding($sms_msg, "UCS-2", "auto");

Now please uncomment the below line. In that case, just remove the double slash sign (//) or the "#" sign from the starting point of the line.

$sms_msg = mb_convert_encoding($sms_msg, "UTF-8", "auto");

In this regard, one snapshot is attached.

Now save your changes and restart the Playsms services. From now on all Unicode messages should be delivered via this SMS gateway.

Thank you.

Playsms Enable Unicode

We know that the "PlaySMS" is a free SMS gateway software as well as it is "Open-Source" also. It provides a web interface to manage SMS communication. We can send bulk SMS using this system. In this tutorial, we are going to learn how to enable Unicode SMS support in the Playsms software.

From your Playsms System, navigate to the below path.

/var/www/html/playsms/plugin/gateway/generic/fn.php

After opening this file navigate to the below section and mark some lines as a comment as well as unmark one line from the comment.

$unicode_query_string = '';

if ($unicode) {

if (function_exists('mb_convert_encoding')) {

// $sms_msg = mb_convert_encoding($sms_msg, "UCS-2BE", "auto");

// $sms_msg = mb_convert_encoding($sms_msg, "UCS-2", "auto");

// $sms_msg = mb_convert_encoding($sms_msg, "UTF-8", "auto");

$unicode_query_string = "&coding=8"; // added at the of query string if unicode

}

// $sms_msg = mb_convert_encoding($sms_msg, "UCS-2BE", "auto");

// $sms_msg = mb_convert_encoding($sms_msg, "UCS-2", "auto");

Now please uncomment the below line. In that case, just remove the double slash sign (//) or the "#" sign from the starting point of the line.

$sms_msg = mb_convert_encoding($sms_msg, "UTF-8", "auto");

In this regard, one snapshot is attached.

Now save your changes and restart the Playsms services. From now on all Unicode messages should be delivered via this SMS gateway.

Thank you.

Saturday, July 10, 2021

Mikrotik Block DNS Request from Internet

We can configure the DNS server in the Mikrotik Router. Mikrotik can provide the DNS service to the LAN user as well as the outside user over the internet connection. It is a very common thing to provide DNS service to internal users through routers. But it is not wise to use a router to provide DNS services to outside users over the internet. So we want the Mikrotik router to provide DNS services only to internal users, not to outside users. So we have to block the DNS requests from outside.

In this tutorial, we are going to learn how to block DNS requests from the WAN interface. DNS requests that come with the WAN interface will be blocked by the router.

We will use the "Winbox" tool to configure the Mikrotik router and we will go through the step-by-process.

First of all, we have to configure the Mikrotik router to provide the DNS services. As soon as the DNS server is enabled, the router will start answering all DNS requests. No matter which interfaces the DNS request comes from, the router will reply to them.

To open the DNS configuration page, click on the "IP" and then the "DNS" button.

After opening the DNS configuration page, write your forwarder DNS address or the ISP's DNS address in the "Servers" field. We assume that our ISP's DNS address is 45.45.45.45. Then we will enable the "Allow Remote Requests" feature. Just click on the check box. The rest of the things keep the default.

After click on the "Apply" and "OK" button, our internal user or local user gets DNS service from this router. Now, we will use a firewall rule to block all DNS requests that come with a WAN interface. We assume that our WAN interface is "Ether-1". Now we will create a filter rule to drop the DNS query that is propagated from the WAN interface.

To create a new rule, open the firewall interface. Navigate to the "Filter Rules" tab and click on the add (+) sign to add a new rule.

Navigate to the "General" tab. Select "input" as the "Chain" field value. Select "UDP" as the "Protocol" field value. Write "Dst. Port" value as "53". Select "Ether-1" in the "In. Interface" field. Because we assume that our WAN interface is "Ether-1".

Now navigate to the "Action" tab and select "drop" as the "Action" field value.

That's it. From now on the Mikrotik router will reply only to the internal users, not the external users or outside users.