Thursday, May 2, 2013

Mikrotik basic router configuration

Mikrotik Basic Router Configuration

Tips: when you connect with the router disable Wifi. Details info regarding installation at

### Install Mikrotik router:

Insert your Mikrotik OS and start the server. It will show the bellow message-

Welcome to MikroTik Router Software installation Move around menu using 'p' and 'n' or arrow keys, select with 'spacebar'. Select all with 'a', minimum with 'm'. Press 'i' to install locally or 'r' to install remote router or 'q' to cancel and reboot.

Chose your require software from here and press "i". Then you will get the bellow message and press "n". 

Do you want to keep old configuration? [y/n]:
You should choose whether you want to keep old configuration (press [Y]) or to erase the configuration permanently (press [N]) and continue without saving it.

### How to use window to configure router
Download winbox software to configure the Mikrotik router

### Licence the router
After installation you will get message to licence your os. you can upload the key file from there. Or you can also so it from system option. 

### Check System Resource
[admin@MikroTik] > /system resource

### IO Port Usage Monitor  
[admin@MikroTik] > /system resource io print

### Reboot
[admin@MikroTik] > /system reboot

### Shutdown
[admin@MikroTik] > /system shutdown

### Date and Time
[admin@MikroTik] > /system clock

date (text)     - date in format "mm/DD/YYY"
dst-active (read-only: yes | no; default: no) - whether the Daylight Saving Time is currently acitve
gmt-offset (read-only: text)     - the current effective GMT timezone in format "+HH:MM" or "-HH:MM"
time (time)     - time in format "HH:MM:SS"
time-zone-name (name; default: manual)     - timezone code (for example, Europe/Riga or America/Chicago). Used for configuring time zone and DST adjustments

### Command Description
[admin@MikroTik] > /redo    
[admin@MikroTik] > /system history print
[admin@MikroTik] > /undo     

### username and password when logging
Username is 'admin', and there is no password (hit the 'Enter' key).
You can change the password using the '/password' command.

[admin@MikroTik] > /password
old password:
new password: ******
retype new password: ******

### Set ip address
[admin@MikroTik] > ip address
[admin@MikroTik] ip address> add address= interface=ether2
[admin@MikroTik] ip address> print
Flags: X - disabled, I - invalid, D - dynamic
0  ether1   
1   ether2   
[admin@MikroTik] ip address> /
[admin@MikroTik] ip> route add gateway=

### Add a default route (connect with internet)
[admin@MikroTik] > ip route
[admin@MikroTik] ip route> add gateway=
[admin@MikroTik] ip route> print
[admin@MikroTik] ip route> /ping

If you want to remove a route:
[admin@MikroTik] > ip route remove 2   <<<<<< 2 is the deleted route number

### Upgrade firmware
[admin@MikroTik] > /system routerboard print
[admin@MikroTik] > /system routerboard upgrade

### Upgrade os version
[admin@MikroTik] > /system auto upgrade

### Enable NAT / Masquerading 
[admin@MikroTik] ip firewall nat> add chain=srcnat action=masquerade out-interfa
[admin@MikroTik] ip firewall nat> print

### DNS
[admin@MikroTik] > /ip dns set primary-dns=
[admin@MikroTik] > /ping 64 byte ping: ttl=54 time=88 ms

[admin@MikroTik] > ip dns
[admin@MikroTik] ip dns> set primary-dns= \
\... allow-remote-requests=yes
[admin@MikroTik] ip dns> print
 allow-remote-requests: yes
         cache-size: 2048KiB
      cache-max-ttl: 1w
         cache-used: 16KiB

[admin@MikroTik] ip dns static> add address=
[admin@MikroTik] ip dns static> print
[admin@MikroTik] ip dns static> /ping
[admin@MikroTik] ip dns> cache flush

### Proxy
Enable proxy:
   [admin@MikroTik] > system package print  
   [admin@MikroTik] > ip web-proxy ?
  [admin@MikroTik] > ip dns set primary-dns=
   [admin@MikroTik] > ip web-proxy set port=8080
   [admin@MikroTik] > ip web-proxy set enabled=yes
   [admin@MikroTik] > ip web-proxy print

Transparent Mode:
   [admin@MikroTik] > ip web-proxy set transparent-proxy=yes

   [MikroTik] ip firewall dst-nat> add in-interface=ether1 protocol=tcp \
dst-address=! action=redirect to-dst-port=8080
   [MikroTik] ip firewall dst-nat> print                                      
   [MikroTik] ip web-proxy> print   

Specify cache administrator's e-mail address:
   [admin@MikroTik] > ip web-proxy set

Specify hostname (DNS or IP address) of the web proxy:
   [admin@MikroTik] > ip web-proxy set

If this proxy has to use another proxy, specify it:
  [admin@MikroTik] > ip web-proxy set parent-proxy=

otherwise disable it:
  [admin@MikroTik] > ip web-proxy set parent-proxy=

Monitoring the Web Proxy:
   [MikroTik] ip web-proxy> print  

Managing the Cache:
   [MikroTik] ip web-proxy cache> print

### DMZ Configuration
The router should have 3 NIC cards:
[admin@gateway] interface> print

Add all needed ip addresses to interfaces as is shown here:
[admin@gateway] ip address> print
Flags: X - disabled, I - invalid, D - dynamic
0   Public
1   Local
2     DMZ-zone
3   Public
[admin@gateway] ip address>

Add a static default route to the local router:
[admin@MikroTik] ip route> print
Flags: X - disabled, I - invalid, D - dynamic, J - rejected,
C - connect, S - static, r - rip, o - ospf, b - bgp
0  S       r   1     ether1
1 DC     r      0     ether1
[admin@MikroTik] ip route>

Configure DMZ server with the ip address of, network and gateway address of To make DMZ server accessible from the Internet at address configure dst-nat rule like this:

[admin@gateway] ip firewall dst-nat> add action=nat \
\... dst-address= to-dst-address=

[admin@gateway] ip firewall dst-nat> print
Flags: X - disabled, I - invalid, D - dynamic
0   dst-address= action=nat to-dst-address=


### OPENVPN with SSL

### VLAN

No comments:

Post a Comment