Differences

This shows you the differences between two versions of the page.

--- networking:router:mikrotik [2013/05/12 13:51]
gcooper
+++ networking:router:mikrotik [2022/02/24 14:23] (current)
gcooper
@@ Line 1: / Line 1: @@
 ====== MikroTik ======
-See also **[[sonora:sonora_mikrotik|Sonora Comm Default MikroTik Configuration Script]]**
+See also **[[https://www.sonoracomm.com/wiki/doku.php?do=search&id=mikrotik|other Mikrotik pages in this wiki]]**
+See also **[[sonora:sc_mikrotik_script|Sonora Comm Default MikroTik Configuration Script]]**
 See also **[[networking:router:mikrotik_failover|Mikrotik Failover to a Second Internet Connection]]**
@@ Line 11: / Line 13: @@
 http://routerboard.com/
-Mikrotik offers:
+**Mikrotik offers a lot of value**:
   * Inexpensive router hardware
@@ Line 22: / Line 24: @@
     * Winbox for Windows (don't need to know IP address)
     * Webfig web interface
+===== Configurators =====
+**Firewall Configurator**: QoS Configurator: http://mikrotikconfig.com/firewall/
+**QoS Configurator**: http://mikrotikconfig.com/qos/
+**Load Balance Configurator**: http://mikrotikconfig.com/loadBalance2WANs/
+**Load Balance Configurator**: http://mikrotikconfig.com/loadBalance3WANs/
 ===== Third Party Products =====
@@ Line 32: / Line 45: @@
 ===== Upgrading =====
+http://wiki.mikrotik.com/wiki/Manual:Upgrading_RouterOS
 http://wiki.mikrotik.com/wiki/Bootloader_upgrade
@@ Line 40: / Line 55: @@
 http://www.mikrotik.com/download
+===== Safe Mode =====
+http://wiki.mikrotik.com/wiki/Console#Safe_Mode
+**Enter Safe Mode:** ''[CTRL]+[X]''
+**Save Changes and Exit:** ''[CTRL]+[X]'' again
+**Exit Without Saving:** ''[CTRL]+[D]''
+Safe mode can be used to minimize the risk of losing contact with the router while performing configuration changes.
+  * Safe mode is entered by pressing [CTRL]+[X]
+  * To save changes and quit safe mode, press [CTRL]+[X] again
+  * To exit without saving the made changes, hit [CTRL]+[D]
+  * All configuration changes that are made in safe mode are automatically undone if safe mode session terminates abnormally
 ===== Backup and Restore =====
@@ Line 66: / Line 98: @@
 ===== Configuration =====
+:!: Winbox runs well under Wine on Linux.
 http://wiki.mikrotik.com/wiki/Manual:Initial_Configuration
@@ Line 77: / Line 111: @@
 http://wiki.mikrotik.com/wiki/Manual:Default_Configurations
-==== Safe Mode ====
+==== Reset to Defaults ====
-Safe mode can be used to minimize the risk of losing contact with the router while performing configuration changes.
+=== CLI ===
-  * Safe mode is entered by pressing [CTRL]+[X]
+<file>
-  * To save changes and quit safe mode, press [CTRL]+[X] again
+/system reset-configuration
-  * To exit without saving the made changes, hit [CTRL]+[D]
+</file>
-  * All configuration changes that are made in safe mode are automatically undone if safe mode session terminates abnormally
-==== Reset to Defaults ====
+or
 <file>
-/system reset
+/system reset-configuration no-defaults=yes
 </file>
+=== Reset Button ===
+The reset button has three functions.
+Hold the button, then apply power.
+Depending on when you release the button, it will do these things:
+  * release immediately (0-5 seconds) after starting the device to load backup bootloader
+  * release when user LED starts to flash to reset RouterOS (5-10 seconds)
+  * release after user LED stops flashing to start Etherboot (Netinstall) mode (10+ seconds)
+Link how to use Netinstall: http://wiki.mikrotik.com/wiki/Netinstall
 ==== First Login ====
@@ Line 103: / Line 150: @@
 ==== Set Password ====
-//System -> Users -> Double-Click 'admin' -> Password//
+**System -> Users -> Double-Click 'admin' -> Password**
 ==== WAN Interface ====
@@ Line 109: / Line 156: @@
 === Dynamic Address ===
-//IP -> DHCP Client -> Add New -> ether1//
+**IP -> DHCP Client -> Add New -> ether1**
 === Static Address ===
-//IP -> DHCP Client -> Delete if exists
+**IP -> DHCP Client -> Delete if exists
-IP -> Addresses -> Add New//
+IP -> Addresses -> Add New**
 ==== NAT ====
-//IP -> Firewall -> NAT -> Add New//
+**IP -> Firewall -> NAT -> Add New**
   * Enabled
@@ Line 124: / Line 171: @@
   * Out. Interface should be set to WAN interface (ether1)
   * Action should be set to ''masquerade''
+=== DMZ ===
+This is like the DMZ feature of other router/firewall devices:
+<file>
+/ip firewall nat add chain=dstnat dst-address=<external-IP> action=dst-nat to-addresses=<internal-IP>
+</file>
 ==== Default Gateway ====
-//IP -> Routes -> Add New//
+**IP -> Routes -> Add New**
   * Enabled
@@ Line 136: / Line 191: @@
 ==== Name Resolution ====
-//IP -> DNS -> Add New//
+**IP -> DNS -> Add New**
 ==== Time ====
-//SNTP Client -> Primary -> 199.102.46.73
+**SNTP Client -> Primary -> 199.102.46.73
-SNTP Client -> Secondary -> 64.16.214.60//
+SNTP Client -> Secondary -> 64.16.214.60**
-//Clock -> Time Zone Name -> America/Phoenix//
+**Clock -> Time Zone Name -> America/Phoenix**
 ==== Interfaces ====
@@ Line 155: / Line 210: @@
 === WAN Interfaces ===
-//IP -> Addresses -> Add New -> Use Ether1 as WAN
+**IP -> Addresses -> Add New -> Use Ether1 as WAN
-IP -> Addresses -> Add New -> Use Ether2 if WAN2 is needed//
+IP -> Addresses -> Add New -> Use Ether2 if WAN2 is needed**
 === LAN Interfaces ===
@@ Line 165: / Line 220: @@
   * Only single or master (switch) ports can be added to a bridge; slaved ports cannot
-//IP -> Addresses -> Add New -> Use others as LAN//
+**IP -> Addresses -> Add New -> Use others as LAN**
 ==== Wireless ====
@@ Line 194: / Line 249: @@
 === Wireless Security ===
-//Wireless -> Security Profiles -> Add New//
+**Wireless -> Security Profiles -> Add New**
   * Mode
@@ Line 209: / Line 264: @@
 :!: If you have any problems with the DHCP server (maybe it didn't hand out a gateway address?), try deleting all existing pools and all existing DHCP servers, then run the **DHCP Setup Wizard**.  In fact, this is probably the fastest, easiest way to configure the DHCP server in most all cases.
-//IP -> DHCP Server -> DHCP -> DHCP Setup//
+**IP -> DHCP Server -> DHCP -> DHCP Setup**
 <file>
@@ Line 221: / Line 276: @@
 Create the address pool first:
-//IP -> Pool -> Add New//
+**IP -> Pool -> Add New**
   * Addresses: ''192.168.1.65-192.168.1.199''
@@ Line 227: / Line 282: @@
 Add the DHCP server:
-//IP -> DHCP Server -> Add New//
+**IP -> DHCP Server -> Add New**
   * Use mostly defaults
@@ Line 236: / Line 291: @@
 This will also create a caching DNS server for use by DHCP clients:
-//IP -> DNS -> Settings -> Click (+) twice then enter two DNS servers
+**IP -> DNS -> Settings -> Click (+) twice then enter two DNS server
-IP -> DNS -> Settings -> Allow Remote Requests//
+IPs -> DNS -> Settings -> Allow Remote Requests**
 ==== Port Forwarding (Destination NAT) ====
@@ Line 246: / Line 301: @@
   * UPnP is available if dynamic port forwarding is desired
-//IP -> Firewall -> NAT -> Add New//
+**IP -> Firewall -> NAT -> Add New**
 <file>
@@ Line 257: / Line 312: @@
 http://aacable.wordpress.com/2011/08/15/mikrotik-howto-prevent-mt-host-from-invalid-login-attempts-from-lanwan-users/
-//IP -> Services -> www//
+**IP -> Services -> www**
   * Port: 81
@@ Line 276: / Line 331: @@
 add chain=input connection-state=invalid action=drop comment="Drop invalid connections"
 add chain=input protocol=udp action=accept comment="Allow all UDP" disabled=no
-add chain=input protocol=icmp limit=50/5s,2 comment="Allow limited pings"
+add chain=input protocol=icmp limit=50/5s,2 comment="Allow limited ICMP"
-add chain=input protocol=icmp action=drop comment="Drop excess pings"
+add chain=input protocol=icmp action=drop comment="Drop excess ICMP"
 add chain=input in-interface=ether2 src-address=192.168.1.0/24 comment="From our LAN" action=accept
 add chain=input action=log log-prefix="DROP INPUT" comment="Log everything else"
@@ Line 316: / Line 371: @@
 http://www.chiark.greenend.org.uk/~sgtatham/putty/download.html
-//System -> Console
+**System -> Console
-System -> Ports//
+System -> Ports**
 <file>

Virtual Architects Support Wiki

User Tools

Site Tools

Differences

Page Tools