Pinoy IT Share

In this post, we’ll move beyond static firewall rules and integrate CrowdSec with Mikrotik RouterOS v7 . We are shifting from a traditional "set-and-forget" firewall to an Intelligence-Driven Defense that reacts to global threats in real-time. The Goal To offload the heavy lifting of log analysis to a dedicated Debian 12 LXC and use the Mikrotik API to dynamically block malicious IPs at the edge. This setup ensures your router stays fast while benefiting from a global community of threat intelligence. Figure 1: Logical Topology of the CrowdSec Engine and Mikrotik Edge Enforcement. Why CrowdSec? Behavioral Analysis: It doesn't just look at IPs; it looks at patterns (e.g., SSH brute force). Community Powered: If an IP is banned in Europe or the US, it’s automatically added to your Mikrotik’s blacklist. Resource Efficient: The LXC does the "thinking," the Mikrotik does the "dropping." Note: This setup is p...

Case Study: Non-Invasive High Availability DNS with AdGuard Home & Keepalived Ensuring 99.9% Uptime without modifying Core Router configurations. 1. Executive Summary In any home lab or small office, DNS is a critical service. A single point of failure here means a total network-wide "internet outage." This case study explores a Non-Invasive High Availability (HA) setup using AdGuard Home and Keepalived on Proxmox LXC . The goal: Zero downtime during maintenance while keeping the core router configuration simple and untouched. 2. Key Technical Concepts Keepalived: A routing software that monitors services and manages failover automatically. VRRP (Virtual Router Redundancy Protocol): The protocol used by servers to "talk" and share a single Virtual IP (VIP) . Keep Alive: A mechanism to check if a connection or a neighbor node is still active. Non-Invasive Design: Failover logic ...

Implementing Anycast with MikroTik OSPF and AdGuard Home In high-availability infrastructure, DNS is a non-negotiable critical service. Conventional "Primary and Secondary" DNS configurations often suffer from client-side timeout issues. By leveraging Anycast via OSPF , we ensure that DNS failover is handled instantly by the router, providing a truly redundant and load-balanced experience. I. The Evolution: Before vs After Traditional Setup (Unicast) Clients have two separate IPs. If Server 1 dies, the client "hangs" waiting for a timeout before trying Server 2. This causes perceptible delays. [ CLIENT ] (DNS: .3 & .4) | (Waiting for .3...) v +----------------+ | ROUTER | +-------+--------+ | +----+----+ | | v v [ ADGUARD 1 ] [ ADGUARD 2 ] (.88.3) (.8...

​🏛️ CASE STUDY: The Lean Enterprise Micro-Datacenter ​1. Executive Summary ​This case study documents the design and deployment of a full-stack Infrastructure and Security Operations Center (SOC) on a resource-constrained Dell OptiPlex 3020 Micro (i3 CPU) . By leveraging LXC containerization, custom Python middleware, and Infrastructure as Code (IaC) , the project achieves enterprise-grade observability and zero-data-loss resilience while maintaining a remarkably low resource footprint (~10.5% average CPU usage). ​2. The Infrastructure Profile (The Constraints) ​ Hardware: Dell OptiPlex 3020 Micro (Intel Core i3, 16GB RAM, 500GB SSD). ​ Networking: MikroTik hEX r3 (Backbone). ​ Hypervisor: Proxmox VE 8.x. ​ Objective: Host 10+ critical services (Wazuh SIEM, n8n Orchestration, Zabbix Monitoring, Home Assistant, and custom AI UI) on a dual-core platform without compromising stability. ​3. The Logical Architecture (Sapper-Ranger Design) ​A. Network & Perime...

  The Strategic Architect: Bridging SWOT Analysis and Furikaeri (KPT) In the field of Technology Infrastructure, professionals are often divided into two camps: the Strategic Planners focused on high-level mapping, and the Operational Engineers focused on day-to-day execution. Many argue for a "keep it simple" approach, but in engineering, a simple plan lacking depth often results in significant Technical Debt. To build truly resilient systems, we must recognize that SWOT Analysis and Furikaeri (KPT) are not competing methodologies. They are two halves of the same coin—a unified feedback loop for Operational Excellence. 🏛️ SWOT Analysis: Pre-Deployment Intelligence SWOT (Strengths, Weaknesses, Opportunities, Threats) is far more than a corporate boardroom exercise. In an infrastructure context, it serves as a Strategic Audit before a single command is executed. Strengths & Weaknesses (Internal): This is the internal audit of the current stack. It’s about being hone...

Complete Guide to MikroTik QoS Configuration for RouterOS 7: Dual ISP Load Balancing & Advanced Traffic Shaping Published: March 20, 2026 Are you struggling with network congestion? Do you want to prioritize critical traffic on your MikroTik router? In this comprehensive guide, I'll walk you through implementing a professional-grade Quality of Service (QoS) configuration on MikroTik RouterOS 7 with dual ISP load balancing. What is QoS and Why Do You Need It? Quality of Service (QoS) is a networking technology that allows you to manage bandwidth allocation and prioritize traffic based on your business needs. Without QoS, all traffic is treated equally, which can cause: Slow internet during peak hours Lag in online gaming and video conferencing VoIP call quality issues Unfair bandwidth distribution among users With proper QoS implementation, you can ensure that critical applications (like VoIP and video calls) always have sufficient bandwidth while non-critical traff...