ZeroShell 3.6.0 --- How to upgrade the ZeroShell old version(3.4.0) to the latest one(3.6.0)

Thank Fulvio develop/share the ZeroShell package for everyone!
It will help me to do some testing in the simulated environment because its function is as Router role.

For security and enhanced function, sometimes we hope to install the new release as the next version and Add-on packages. So we have to require a activation key by doing some process(# 1) next to send the Feature Code to activation@zeroshell.net for receiving the related Activation Key.

I am lazy for requesting an Activation Key and just do it on virtualization Lab, I think maybe there is some method to do the upgrade process. That is the configuration is backup from the old version next to restore to the new version but need to install the newest software at first.

How to do it?
(1).Install the newest ZeroShell software by following the previous article
(2).Backup the configuration from the old ZeroShell version

(3). Restore the configuration to the newest ZeroShell version

(4). Active the imported profile

So do that we can use the newest ZeroShell version as before on Lab now!

Reference:
(# 1)   How to obtain a key       

Put a link and description about Zeroshell on your website

Post your positive/negative experiences with Zeroshell on external forum/blog

Make a small donation with PayPal by clicking the image below  

(# 2) The above procedure still is compatible with the 3.7.1 version.

MikroTik Router --- How to add user-manager package into the RouterOS 6.37

According to the MikroTik document, the User manager is a management system that can be used for:

•     HotSpot users;
•     PPP (PPtP/PPPoE) users;
•     DHCP users;
•     Wireless users;
•     RouterOS users.

Due to it is a separate package, this package is not installed in RouterOS by default if we log in the MikroTik Web Management by using the web browser next to click System --> Packages link.

MikroTik User Manager can be downloaded from the MikroTik web site download section .  To find the package version is the the same as the RouterOS one next to download Extra packages

.

and extract the compressed file to the safety path, we will find one file user-manager-xxx-xxx.npk

In the Winbox web environment, we will choose Files menu and Explore ... button

Select this package for uploading this file.

and Reboot it

So do that we will see it in the package list now.

Due to the default user 'admin' without password, we have to launch the MikroTik terminal for setting it.

Then we can change the password for the 'admin' user by using the /tool user-manager customer set admin password= command. (# 1)

So do that we can log on customer web interface by connecting the http://Router_IP_Address/userman URL.

Reference :
(# 1).    If we don't assign a new password for 'admin' user, the web interface cannot be login if use the empty password.

ZeroShell 3.4.0 ---- How to quickly install ZeroShell on VMware "vmdk" disk.

I want to build a Router device on virualization environment for message exchange and hope it is simple and easy to create/setup one. In Google search, I find out an open source software “ZeroShell” and it is comfortable for installing and managing this.
ZeroShell is Linux Router with more feature as router, firewall, Radius and so on. Although someone has already share the installation methond on Internet, I just think whether it can convert image file so that don’t need to do the steps too much.
How to do it?

Download ZeroShell Image
Go to the ZeroShell Official Web and download the latest img file.Extract xxx.img.gz file to xxx.img next to confirm whether exist a QEMU-IMG tool. (# 1)

Convert .img to .vmdk image

If there is ever install qemu-utils package on debin/ubuntu system, we can directly by using the qemu-img convert –f raw xxx.img –O vmdk xxx.vmdk command (# 2)If it is installed on windows platform, we will do the qemu-img convert –O vmdk xxx.img xxx.vmdk command

When the vmdk file is created, we will begin to create a New Virtual Machine on wmware production as wmware workstation.In the configuration wizard, we can select the following parameter:
      Guest Operation System: Linux
      Version: Other Linux 3.x kernel 64-bit
      Memory: large than default value 384 MB
      Network Connection: at least large than two interface
      Virtual Disk Type: IDE
      Disk: Use an existing virtual disk as the converted vmdk file
It is important to chose the boot mode is BIOS, not EFI mode !!!
Once the setting is completed, we can start this VM and beging to setup the IP Address and Default Gateway on console mode now.

Reference:
(# 1)   In Ubuntu/Lubuntu Trusty 14.04, we can install QEMU-IMG tool by using the sudo apt-get install qemu-utils command
          
           In Windows Platform, we can download/install QEMU binaries for Windows

(# 2)   “qemu-img” Disk Image Utility 

Ubunut/Lubuntu --- Install the current or nearby release Wireshark version on Lubuntu 14.04

What is the popular network analyzer in the 'Open Source' world? I think the Wireshark will be best choose. 
Although the Wireshark package list in the most Linux distribution repositories, the current or nearby release version almost not exist in the default repositories. This is why we need to do other choice by finding the PPA or compiling the Wireshark source.

Install Wireshark via PPA (# 1)
In a terminal, we have to add the PPA to the Lubuntu 14.04 system by using the sudo add-apt-repository ppa:pi-rho/security command.

next to update the local repository index with the latest change by using the sudo apt-get update command. 

Finally, install the Wireshark package by using the sudo apt-get install wireshark command

In the installation process, we have to do other steps for the specific user to use wireshark if we choose the non-superusers can capture packets.

                              

To create a new group 'wireshark' by using the sudo groupadd wireshark command

To add a login user to a specific group by using the sudo usermod -G wireshark -a command

To change a group ownership of a file/files by using the sudo chgrp wireshark /usr/bin/dumpcap command

To set a file/directory permission by using the sudo chmod 750 /usr/bin/dumpcap command.

To grant the use of RAW/PACKET sockets(cap_net_raw) and various network-related operation(cap_net_admin) capabilities by using the sudo setcap cap_net_raw,cap_net_admin=eip /usr/bin/dumpcap command. (# 2)

To verify this change by using the sudo getcap /usr/bin/dumpcap command.

At the moment, please log out and back in for the new group assignment to take effect and execute the wireshark command in the terminal. So do that we can see the full list of available adapters and can begin sniffing now.

Install Wireshark from Sources
Install the Wireshark required dependencies including tools/libs by using the sudo apt-get build-dep wireshark (# 3) 

and sudo apt-get install qt4-default command.

To download the Wireshark archive from Wireshark Official WebSite  or by using the wget https://2.na.dl.wireshark.org/src/wireshark-1.12.5.tar.bz2 --no-check-certificate command.

To unpack the Wireshark compressed file by using the tar -xjvf ./wireshark-1.12.5.tar.bz2 command and change directory to the extracted folder

To configure the build directory by using the ./autogen.sh script.

To compile the source for building correctly the Linux version by using the ./configure --enable-setcap-install script.
To build the sources by using the make command
To install the software by using the sudo make install command.

To run sudo ldconfig to properly update the shared library symbolic link.
Once the wireshark is installed, we can run it by using the wireshark command directly.

Reference :
(# 1).   Remove Wireshark by using the sudo apt-get remove wireshark command
(# 2).   eip indicate the capabilities list grants them in the effective, inheritable, and permitted bitmaps, respectively.
(# 3).   If we got the error message as follows:

            To resolve it by using the sudo apt-get install libjack0 command

            and sudo apt-get install libcap-dev command

Cisco Network --- Dynamic NAT for Internal users access the Internet

In this scenario we want to know the computer go through Network device as Switch/Router to access Internet.
Based on Cisco device, write down the relation learning information for the reference.
Setting an IP on the WAN/LAN interface
Step 1. Define Fast Ethernet 0/0 with an IP address as 192.168.10.171 by using the following command.So does that the configuration will be changed as follows:
AS-ISTO-BE

Step 2. Define Ethernet 2/0  with an IP address as 10.10.101.253 by using the following command.

Setting Static default Route
Step 3. Due to assign the IP address manually, we have to define a default route by using the ip route 0.0.0.0 0.0.0.0 192.168.10.254 command
Defining NAT inside and outside interfaces
Step 4. Define Fast Ethernet 0/0 as a NAT outside interface by using the following command.
Step 5. Define Ethernet 2/0 as a NAT inside interface by using the following command.

Define Inside global IP Address Range (with no-overload or overload)
Step 6. Define a NAT pool named as no-overload with a range of addresses 192.168.10.200 ~ 192.168.10.240 by using the ip nat pool <pool name> <strart ip> <end ip> prefix <prefix length> command

Define Inside local IP Address Range
Step 7. Define Access List 6 that it permit packets with source addresses ranging from 10.10.103.0 to 10.10.103.255

Define the relationship of between Inside local and Inside global
Step 8. Define “Access list 6” address can NAT to a pool “no-overload” by using the ip nat inside source list <access list number> pool <pool name> command
To verify the NAT translations in the router by using the show ip nat translations commandTo clear dynamic Network Address Translation (NAT) translations from the translation table by using the clear ip nat translations * command
Reference
(# 1)   The keyword overload used in the ip nat inside source list 103 pool ovrld overload command allows NAT to translate multiple inside devices to the single address in the pool.
(# 2)   Protocols with Access Lists Specified by Numbers

Protocol	Range
IP	1 to 99
Extended IP	100 to 199
Ethernet type code	200 to 299
Ethernet address	700 to 799
Transparent bridging (protocol type)	200 to 299
Transparent bridging (vendor code)	700 to 799
Extended transparent bridging	1100 to 1199
DECnet and extended DECnet	300 to 399
XNS	400 to 499
Extended XNS	500 to 599
AppleTalk	600 to 699
Source-route bridging (protocol type)	200 to 299
Source-route bridging (vendor code)	700 to 799
IPX	800 to 899
Extended IPX	900 to 999
IPX SAP	1000 to 1099
Standard VINES	1 to 100
Extended VINES	101 to 200
Simple VINES	201 to 300