isolated wifi using a Mikrotik wireless router

Assuming a wireless interface is setup and working on the router, we can add a virtual interface, give it it’s own subnet, and isolate that subnet from the existing LAN.

  1. Using WinBox, login and click the wireless tab on the left.
  2. Click the Security Profiles tab, create a new profile for your virtual AP – I basically copied my existing profile. Click OK when done (as for all steps).
  3. Click the blue plus to create a virtual interface, give it a name, probably best to leave the wlan2 part at the start. Click the wireless tab and give it an SSID. Select the new security profile from the dropdown.
  4. Open the bridge tab on the left and create a new bridge. Click the ports tab, create a new port and select the newly created bridge and virtual interface from the drop down menus.
  5. Click the IP tab on the left and select addresses. Create a new address, I used 192.168.2.2/24, then select the new bridge for the interface.
  6. The AP will require DHCP. Click the IP tab and select Pool. Create a new pool, name it and give some addresses, I used 192.168.2.220-192.168.2.240.
  7. Click the IP tab and select DHCP Server. Create a new DHCP Server, name it and select the new bridge as the interface. Select the newly created Address Pool. OK.
  8. Click the Networks tab in the DHCP Server window. Create a new network, this is mine:
  9. If the router already has a masquerade rule for internet traffic, this isn’t needed. I have a second router on my LAN also running this config, in this case I just masquerade traffic from the guest wifi at that router.
    Click the IP tab and select Firewall, click the NAT tab, click the blue + for a new rule. Use srcnat then I used 192.168.2.0/24 for the Src. Address. Select the appropriate Out. Interface, I used my original LAN bridge, bridge-local.
  10. Test the wifi (Yay 🙂 ). You will still have access to the local LAN.
  11. Create a new firewall rule in the Filter Rules tab for the Firewall window. Chain: forward, Src. Address: 192.168.2.2/24, Dst. Address: Local Lan subnet. Click the Action tab and select reject.
  12. Yay, I think that’s it.

I used this config on two separate routers on my LAN, using the same config and security profile

Project Secure Backup. Part 6

I moved the project to some acrylic in what is possibly the final stage for the project.While I thought the software reset for the Ethernet chip would suffice for connection problems, it appears this isn’t the case. I’ll try reprogramming the chip with an interrupt reboot for the main program loop, currently the device isn’t sending info to ThingSpeak.

Once the code is running smoothly (for at least a week) I’ll add email notifications. In the future I won’t use this Ethernet chip, there is a similarly priced chip I have which is much more capable.

Continue reading “Project Secure Backup. Part 6”

Project Secure Backup. Part 5

Starting the electronics part..
Arduino
The famed Atmel 328p Arduino – ‘Pro Mini’ version

This part of the build requires sending temperature data to the internet. This requires 3 things:

  1. Thermocouples for measuring temperature.
  2. A microcontroller for processing the thermocouples values.
  3. A hardware connection to the internet.

 

The thermocouples simply have a change in electrical resistance dependant on temperature. This can be measured using an analog input on a microcontroller. To get sensor data into the micro I used a library called thermistor.h which gave me the number crunched readings in degrees C. the values I’m getting are currently accurate to around 3 degrees C, so I may need to do some work on the maths here.

I have several microcontrollers sitting in boxes waiting for a suitable project. Without making this a diatribe about buggy software libraries for TI micro controllers, I went with the trusty Atmel 328p aka the Arduino.

The Ethernet module I’m using to connect is the ENC28J60 chip, available very affordably from ebay.

Initially I was using an Arduino pro mini set to 5volts. While the board I bought claimed to be able to be set to 3.3 volts, this was outside the spec for the 16Mhz crystal it uses. Eventually I moved to a 3.3v 8Mhz Arduino which seems the most trouble free, using a 5v Arduino with a level shifter for the 3.3v ENC28J60 was completely unreliable.

Bugs

So this bug fix by chuyrg resets the ENC28J60 by pulling a normally high reset pin low for a brief period. This hard reset of the ENC28J60 solves for the temperamental connection issues the ethercard Ethernet library seems to give. Interestingly this bugfix was already in the code :/ just needed to uncomment it… placing this reset code in the right place meant I didn’t need to implement a timer interrupt reset on the whole code…

Using the example code for ThingSpeak coupled with some thermocouple code, I used is able to throw up 2 data fields to ThingSpeak with a frequency of around 60 seconds.

Since ThingSpeak doesn’t send emails, I used this method to trigger a pushingbox.com ‘scenario’ to send email. I also added ThingSpeak ‘react’ events for a ‘No Data Check’ at 1 hour and 12 hours, in case I stop receiving data to ThingSpeak.

This slideshow requires JavaScript.


So now I have a seemingly reliable 5v low power temperature sensor, with hard wired email alerts, all for around $10 worth of parts. I’m happy with this not only because of the low electrical power consumption, but also because it uses low processing power – no RPi needed.

Needing to reset the Ethernet module in code is a somewhat duct-tape style solution and if it works for extended periods of time that will be fine. After all, the internet in many ways is often referred to as a crazy Rube Goldberg machine which somehow usually works. I’m guessing the ENC28J60 is needing a reset possibly due to a buffer issue, which may have been fixed with a different Ethernet library, although I don’t feel like migrating the ThingSpeak code I’ve got over to that library.. it works, it appears solid, now I’ll field test it.

Hardware shutdown switch for RPi

Sometimes I need to power off one of my Raspberry Pis, and since I run these computers headless, going to a remote SSH terminal to issue a shutdown command can be extra work. I saw a webpage mentioning using a simple 2 pin jumper to initiate a shutdown script for the Pi. So that’s what I did (green tab on the GPIO pins), I chose python due to the wait_for_edge function.

This script will shutdown the RPi when the tab is pulled. Strangely the RPi will boot if you plug the jumper back in after it has shutdown, or if you pull it out after it has completed shut down (putting it back before it has completed shutting down). If there is no jumper in during boot, then the script will close.

#!/usr/bin/env python
#note crontab for superuser required a new PATH variable as here http://unix.stackexchange.com/questions/43392#answer-43394
import subprocess
try:
 import RPi.GPIO as GPIO
except RuntimeError:
 print("Error importing RPi.GPIO! This is probably because you need superuser privileges. You can achieve this by using 'sudo' to run your script")

#http://raspberrypi.stackexchange.com/questions/12966/what-is-the-difference-between-board-and-bcm-for-gpio-pin-numbering
GPIO.setmode(GPIO.BOARD)
GPIO.setup(5, GPIO.IN) #Hardware Pullup on this pin..

ShutdownCommand = ['shutdown', '-h', 'now', '"System halted by GPIO action"']

if GPIO.input(5) == 0:
 #run script waiting for jumper removal
 GPIO.wait_for_edge(5, GPIO.RISING)
 GPIO.remove_event_detect(5)
 KillProcess = subprocess.Popen(ShutdownCommand, stdout=subprocess.PIPE, stderr=subprocess.STDOUT)
 MountData, MountError = KillProcess.communicate()
 GPIO.cleanup() 
else:
 GPIO.cleanup()

Then I simply added this script to the bottom of my root crontab (sudo crontab -e) to run at reboot:

@reboot python /usr/local/sbin/ShutdownJumper.py