Archive

Archive for the ‘Mikrotik’ Category

MikroTik Best Rule for Firewall

October 2, 2010 Leave a comment

Good Morning all. In this Chance i want to teach you about rule of firewall on your MikroTik

First Rule:

Wan : Internet Interface
Lan : Local Interface
Local IP : 192.168.0.0/16

Second Rule:

ip firewall filter

add chain=forward in-interface=Wan out-interface=Lan dst-address=192.168.0.0/16 action=accept comment=”Allow internet connection to client” disabled=no

add chain=input in-interface=Wan protocol=tcp dst-port=8291 action=accept comment=”Allow Remote winbox from Publik” disabled=no

add chain=input in-interface=Wan protocol=udp src-port=53 action=accept comment=”Allow DNS Traffic” disabled=no

add chain=input in-interface=Wan protocol=icmp action=accept comment=”Allow Ping Traceroute Traffic” disabled=no

add chain=input in-interface=Wan connection-state=new action=add-src-to-address-list address-list=spam address-list-timeout=30m comment=”Log Denied IP” disabled=no

add chain=input in-interface=Wan action=drop comment=”Drop All Access that not allowed” disabled=no

You can check your settings here.

Advertisements

Best MikroTik settings

At the first You have to make 2 rule:

ETHER 1 = PUBLIK (Your ISP)

ETHER 2 = LOCAL

1. Make Connection Mark
WINBOX > IP > FIREWALL > MANGLE>

[+] ADD NEW
chain = Prerouting
protocol = TCP(6)
src Port = 21,80 (usually port of  download always take from this port)
in interface = ETHER 1
(Go to Advance Tab)
connection bytes = 262146-4294967295
(Go to Action Tab)
Action = mark connection
New Connection Mark = Download
Passtrough = [V] <– check mark

2. Make Packet Mark
[+] ADD NEW
chain = Prerouting
in interface = ETHER 1
Connection Mark = Download
(Go to Action Tab)
Action = mark packet
New Packet Mark = Download

3. Make Queue Type
WINBOX > QUEUES > QUEUE TYPES
[+] ADD NEW
name = shape
kind = pcq
( Go to Setting Tab )
rate = 256000 <– Limit Download speed at 256kbps or 32KBps
clasifier = src. Address [v] <– check mark

4.Buat Queue Tree

WINBOX > QUEUES > QUEUE TREE
[+] ADD NEW
name = Download
parent = global in
packet mark = Download
queue type = shape
max limit = 256000

MikroTik setting –> Unlimited Browsing, Limited Download

At the first You have to make 2 rule:

ETHER 1 = PUBLIK (Your ISP)

ETHER 2 = LOCAL

1. Make a Connection Mark
WINBOX > IP > FIREWALL > MANGLE>
[+] ADD NEW
chain = forward
protocol = TCP(6)
in interface = ETHER 1
out interface = ETHER 2
(Go to Advance Tab)
connection bytes = 262146-4294967295 (
(Go to Action Tab)
Action = mark connection
New Connection Mark = Download
Passtrough = [V] <- right sign

2. Make Packet Mark
[+] ADD NEW
chain = forward
protocol = TCP(6)
in interface = ETHER 1
out interface = ETHER 2
Connection Mark = Download
(Go to Action Tab)
Action = mark packet
New Packet Mark = Download

3. Buat Queue Type
WINBOX > QUEUES > QUEUE TYPES
[+] ADD NEW
name = shape
kind = pcq
( Go to Setting Tab)
rate = 256000 <- we make an assumption that 256kB is Download rate
clasifier = dst. Address [v] <– right sign

4. Buat Queue Tree
WINBOX > QUEUES > QUEUE TREE
[+] ADD NEW
name = Download
parent = global out
packet mark = Download
queue type = shape
max limit = 256000

5. Finished

How To Upgrade MikroTik

January 27, 2010 2 comments

1) Login to your RouterBoard via winbox. If you dont have download it here

2) Login to your IP Address of Local Interface using FTP Client like FlashXP, Filezilla, etc

3) Go to http://www.mikrotik.com/download.html

4) Select your RouterBoard type and Select Software Type you want. At least, there is version 4.5 that I think it’s stable

5) After that, there is 3 kind of choice. Choose All Packages

6) Extract all files in all_packages-mipsbe-4.5.zip

7) Upload that all files via FTP Client in “root”. Dont place it in hotspot folder!!!

8) Dont cancelling all process

9) If all process have done, now go to your RouterBoard via Winbox

10) Go to New Terminal type system reboot and type y. Wait till all process have done

11) Finished, now you can check it on System -> Packages

If you need more help about Mikrotik chat with me on anugrahlando@yahoo.com

About Mikrotik

December 27, 2009 Leave a comment

MikroTikls [the trade name MikroTik ®] was founded in 1995 aims to develop a wireless ISP systems. MikroTikls currently supported by wireless ISP systems for Internet data paths in many countries, including Iraq, Kosovo, Sri Lanka, Ghana and many other countries.

Experience in installation in Latvia we forge with similar conditions in the countries former Soviet and other developing countries. Various development has been done so far is the operating system software version 2 routers that ensure stability, control, and flexibility in a variety of media interface and routing system using a standard computer hardware. This software supports various ISP applications from RADIUS modem pool, so the DS3 backbone circuits.

MikroTik located in Riga, the capital of Latvia, with 50 employees. Mikrotik also run a small ISP, as the media attempt to routerOS software development.

Categories: Mikrotik Tags: , ,