Scribd
Upload
170 views

Mikrotik Note

The document describes how to configure internet access, DHCP server, content filtering, firewall rules, QoS, MAC filtering, and PPTP VPN on a Mikrotik router. It includes steps to configure NAT and DNS, set up a DHCP server with address pools, block websites using regex for layer 7 protocol and firewall rules, create separate queues with bandwidth limits for different users, allow/deny MAC addresses, and establish a PPTP VPN by configuring server and client settings.

Uploaded by

Min Min Zaw
Copyright
© © All Rights Reserved
Available Formats
Download as PPTX, PDF, TXT or read online on Scribd
170 views

Mikrotik Note

The document describes how to configure internet access, DHCP server, content filtering, firewall rules, QoS, MAC filtering, and PPTP VPN on a Mikrotik router. It includes steps to configure NAT and DNS, set up a DHCP server with address pools, block websites using regex for layer 7 protocol and firewall rules, create separate queues with bandwidth limits for different users, allow/deny MAC addresses, and establish a PPTP VPN by configuring server and client settings.

Uploaded by

Min Min Zaw
Copyright
© © All Rights Reserved
Available Formats
Download as PPTX, PDF, TXT or read online on Scribd
You are on page 1/ 24

1

Internet Access

2
LAB: Internet Access

WAN Firewall (NAT)


IP  DHCP Client  Add IP  Firewall  NAT  Add
Interface = ether1 Chain = srcnat
LAN Src.Address = 192.168.1.0/24
IP  Address  Add Out.Interface = ether1
Address = 192.168.1.1/24 Action = Masquerade
Interface = ether2
DNS
IP  DNS
Server = 8.8.8.8 , 8.8.4.4

Connectivity Test
Ping 192.168.1.1
Ping 8.8.8.8
Ping www.google.com 3
DHCP Server

4
LAB : DHCP Server

Wizard Manual
IP  DHCP Server Setup IP  Pool
Interface = ether2 Name= Pool1
Address Space = 192.168.1.0/24 Range = 192.168.1.2-192.168.1.254
Gateway = 192.168.1.1 IP  DHCP Server  Add
Range = 192.168.1.2-192.168.1.254 Name = DHCP Server
DNS = 8.8.8.8 , 8.8.4.4 Interface = ether2
Lease Time = 3d 00:00:00 Lease time = 3d 00:00:00
Address pool = Pool1 [Pool name]
[ ]Add ARP Leases
Network (Tab)  Add
Address = 192.168.1.0/24
Gateway = 192.168.1.1
DNS = 8.8.8.8 , 8.8.4.4
5
Content Filtering

Block with Content

6
content=youtube ,facebook, google 7
Blocking website using Regular Expression
(Layer 7 Protocol)

8
Layer 7 Protocol regex
Name = Youtube

^..+\.(youtube.com|googlevideo.com|akamaihd.net).*$

Mangle Rule
Chain = forward
Advanced
Layer 7 Protocol =Youtube

Action
Action = mark connection
new Connection Mark = youtube _conn
Checked = Passthrough

9
Firewall
Chain = Forward
Protocol = udp | tcp
Connection Mark = youtube_conn

Action
Action = drop

10
Layer 7 Protocol (Regular Expression)

^.+(youtube.com|facebook.com).*$

1 ^..+\.(facebook.com|facebook.net|fbcdn.com|fbsbx.com|fbcdn.net|fb.com|tfbn
w.net).*$

1 ^.+(youtube.com|www.youtube.com|m.youtube.com|ytimg.com|s.ytimg.com|
ytimg.l.google.com|youtube.l.google.com|i.google.com|googlevideo.com|youtu.be
).*$

11
QoS
Separate simple queues for each user

12
13
Parent User1, User2, User3, User4, User5, User6

Simple Queue: General Simple Queue: General

Name: All Bandwidth Name: User1


Target: 192.168.1.0/24 Target: 192.168.1.2

Upload: 512k Upload: 256k


Download: 6M Download: 2M

Simple Queue: Advanced Simple Queue: Advanced

Queue Type: Queue Type:


Upload :pcq-upload-default Upload : pcq-upload-default
Download:pcq-download-default Download:pcq-download-default

14
Security

15
MAC Filtering

1. Interface  LAN
ARP = Reply Only

2. IP  ARP  Add
IP Address = Client IP (you want to use)
MAC Address = PC MAC (you want to use)
Interface = LAN

16
VPN
PPTP (Remote VPN)

17
18
Login to the Mikrotik RouterOS via
Winbox and go to the IP —> Pool:

Click on the “Plus Symbol” to add


new pool, Name it whatever you
want (like I named it pptp-pool),
add the address range
(192.168.10.10-192.168.10.20, in
my case), then hit OK:

19
Now go to the PPP Section. Click
“PPTP Server” and check the
Enabled:

While still on the PPP window,


switch to the “Profiles” tab. Click
on the plus sign to create new
profile, Name it whatever you
want (like I use pptp-profile), set
the pool that we have created
earlier for “Local Address” AND
“Remote address“, then press
OK.

20
Now switch to the “Secrets” tab of
the PPP window. Click on the plus
sign to create new user, add the
name(which act as username),
password and profile that we have
created in the previous step:

Click on the IP —> Firewall:

21
From the “Filter Rules” tab, add
the new rule. Set the chain to
input, protocol to tcp and Dst.
port to 1723:

Switch to the Action tab and


set it to accept, then Click OK:

Add another new rule. Set the


chain to input and protocol to
gre:

Switch to the Action tab and set


it to accept, then Click OK:

22
PPTP Client Setup on Windows 7:
From “Control Panel“, select the “Network and Sharing Center” and then choose “Set up a
new connection or network“:

23
Verify the pptp logs on Mikrotik by hitting Log:

24

You might also like