Mikrotik basic router configuration
Posted by Md. Mahidul Hasan on 6:42 AM with No comments
Mikrotik Basic Router Configuration
Chose your require software from here and press "i". Then you will get the bellow message and press "n".
### How to use window to configure router
### Licence the router
date (text) - date in format "mm/DD/YYY"
If you want to remove a route:
[MikroTik] ip firewall dst-nat> add in-interface=ether1 protocol=tcp \
Specify cache administrator's e-mail address:
otherwise disable it:
Monitoring the Web Proxy:
Managing the Cache:
Add a static default route to the local router:
[admin@MikroTik] ip route> print
Configure DMZ server with the ip address of 10.1.0.2, network 10.1.0.1 and gateway address of 10.1.0.1. To make DMZ server accessible from the Internet at address 192.168.0.3 configure dst-nat rule like this:
[admin@gateway] ip firewall dst-nat> add action=nat \
### VLAN
Tips: when you connect with the router disable Wifi. Details info regarding installation at http://wiki.mikrotik.com/wiki/Manual:RouterOS_FAQ
### Install Mikrotik router:
Insert your Mikrotik OS and start the server. It will show the bellow message-
Welcome to MikroTik Router Software installation Move around menu using 'p' and 'n' or arrow keys, select with 'spacebar'. Select all with 'a', minimum with 'm'. Press 'i' to install locally or 'r' to install remote router or 'q' to cancel and reboot.
Do you want to keep old configuration? [y/n]:
You should choose whether you want to keep old configuration (press [Y]) or to erase the configuration permanently (press [N]) and continue without saving it.
### How to use window to configure router
Download winbox software to configure the Mikrotik router
After installation you will get message to licence your os. you can upload the key file from there. Or you can also so it from system option.
### Check System Resource
[admin@MikroTik] > /system resource
### IO Port Usage Monitor
[admin@MikroTik] > /system resource io print
### Reboot
[admin@MikroTik] > /system reboot
### Shutdown
[admin@MikroTik] > /system shutdown
### Date and Time
[admin@MikroTik] > /system clock
date (text) - date in format "mm/DD/YYY"
dst-active (read-only: yes | no; default: no) - whether the Daylight Saving Time is currently acitve
gmt-offset (read-only: text) - the current effective GMT timezone in format "+HH:MM" or "-HH:MM"
time (time) - time in format "HH:MM:SS"
time-zone-name (name; default: manual) - timezone code (for example, Europe/Riga or America/Chicago). Used for configuring time zone and DST adjustments
### Command Description
[admin@MikroTik] > /redo
[admin@MikroTik] > /system history print
[admin@MikroTik] > /undo
### username and password when logging
Username is 'admin', and there is no password (hit the 'Enter' key).
You can change the password using the '/password' command.
[admin@MikroTik] > /password
old password:
new password: ******
retype new password: ******
### Set ip address
[admin@MikroTik] > ip address
[admin@MikroTik] ip address> add address=10.0.0.1/24 interface=ether2
[admin@MikroTik] ip address> print
Flags: X - disabled, I - invalid, D - dynamic
# ADDRESS NETWORK BROADCAST INTERFACE
0 192.168.6.73/20 192.168.0.0 192.168.15.255 ether1
1 10.0.0.1/24 10.0.0.0 10.0.0.255 ether2
[admin@MikroTik] ip address> /
[admin@MikroTik] ip> route add gateway=192.168.1.1
### Add a default route (connect with internet)
[admin@MikroTik] > ip route
[admin@MikroTik] ip route> add gateway=192.168.1.1
[admin@MikroTik] ip route> print
[admin@MikroTik] ip route> /ping 202.84.32.22
If you want to remove a route:
[admin@MikroTik] > ip route remove 2 <<<<<< 2 is the deleted route number
### Upgrade firmware
[admin@MikroTik] > /system routerboard print
[admin@MikroTik] > /system routerboard upgrade
### Upgrade os version
[admin@MikroTik] > /system auto upgrade
### Enable NAT / Masquerading
[admin@MikroTik] ip firewall nat> add chain=srcnat action=masquerade out-interfa
ce=ether1
[admin@MikroTik] ip firewall nat> print
### DNS
[admin@MikroTik] > /ip dns set primary-dns=192.168.1.1
[admin@MikroTik] > /ping www.yahoo.com
106.10.170.118 64 byte ping: ttl=54 time=88 ms
[admin@MikroTik] > ip dns
[admin@MikroTik] ip dns> set primary-dns=192.168.6.73 \
\... allow-remote-requests=yes
[admin@MikroTik] ip dns> print
primary-dns: 192.168.6.73
secondary-dns: 0.0.0.0
allow-remote-requests: yes
cache-size: 2048KiB
cache-max-ttl: 1w
cache-used: 16KiB
[admin@MikroTik] ip dns static> add name=www.mahidul.com address=10.0.0.1
[admin@MikroTik] ip dns static> print
[admin@MikroTik] ip dns static> /ping www.mahidul.com
[admin@MikroTik] ip dns> cache flush
### Proxy
Enable proxy:
[admin@MikroTik] > system package print
[admin@MikroTik] > ip web-proxy ?
[admin@MikroTik] > ip dns set primary-dns=192.168.1.1
[admin@MikroTik] > ip web-proxy set port=8080
[admin@MikroTik] > ip web-proxy set enabled=yes
[admin@MikroTik] > ip web-proxy print
Transparent Mode:
[admin@MikroTik] > ip web-proxy set transparent-proxy=yes
[MikroTik] ip firewall dst-nat> add in-interface=ether1 protocol=tcp \
dst-address=!10.0.0.1/32:80 action=redirect to-dst-port=8080
[MikroTik] ip firewall dst-nat> print
[MikroTik] ip web-proxy> print
Specify cache administrator's e-mail address:
[admin@MikroTik] > ip web-proxy set cache-administrator=mahidul24@gmail.com
Specify hostname (DNS or IP address) of the web proxy:
[admin@MikroTik] > ip web-proxy set hostname=proxy.mt.lv
If this proxy has to use another proxy, specify it:
[admin@MikroTik] > ip web-proxy set parent-proxy=192.168.1.1:8080
otherwise disable it:
[admin@MikroTik] > ip web-proxy set parent-proxy=0.0.0.0:0
Monitoring the Web Proxy:
[MikroTik] ip web-proxy> print
Managing the Cache:
[MikroTik] ip web-proxy cache> print
### DMZ Configuration
The router should have 3 NIC cards:
[admin@gateway] interface> print
Add all needed ip addresses to interfaces as is shown here:
[admin@gateway] ip address> print
Flags: X - disabled, I - invalid, D - dynamic
# ADDRESS NETWORK BROADCAST INTERFACE
0 192.168.0.2/24 192.168.0.0 192.168.0.255 Public
1 10.0.0.254/24 10.0.0.0 10.0.0.255 Local
2 10.1.0.1/32 10.1.0.2 10.1.0.2 DMZ-zone
3 192.168.0.3/24 192.168.0.0 192.168.0.255 Public
[admin@gateway] ip address>
Add a static default route to the local router:
[admin@MikroTik] ip route> print
Flags: X - disabled, I - invalid, D - dynamic, J - rejected,
C - connect, S - static, r - rip, o - ospf, b - bgp
# DST-ADDRESS G GATEWAY DISTANCE INTERFACE
0 S 0.0.0.0/0 r 10.0.0.254 1 ether1
1 DC 10.0.0.0/24 r 0.0.0.0 0 ether1
[admin@MikroTik] ip route>
Configure DMZ server with the ip address of 10.1.0.2, network 10.1.0.1 and gateway address of 10.1.0.1. To make DMZ server accessible from the Internet at address 192.168.0.3 configure dst-nat rule like this:
[admin@gateway] ip firewall dst-nat> add action=nat \
\... dst-address=192.168.0.3/32 to-dst-address=10.1.0.2
[admin@gateway] ip firewall dst-nat> print
Flags: X - disabled, I - invalid, D - dynamic
0 dst-address=192.168.0.3/32 action=nat to-dst-address=10.1.0.2
### FIREWALL
http://wiki.mikrotik.com/wiki/Firewall
### OPENVPN with SSL
http://unblockvpn.com/support/how-to-set-up-openvpn-on-router-mikrotik.html
http://strongvpn.com/setup_mikrotik_pptp.shtml
### VLAN
http://wiki.mikrotik.com/wiki/Manual:Interface/VLAN
Categories: dns, How to configure Mikrotik router, installation, mikrotik router configuration, nat, proxy
0 comments:
Post a Comment