MikroTik Tips

Reading time ~1 minute

Some tips about the configuration of a MikroTik router.

1 Starting the graphical configuration application

sudo apt-get install wine
wine winbox.exe

2 How to backup the configuration

ssh admin@
/system backup save name=cit-mikrotik-20120130

lftp admin@
get cit-mikrotik-20120130.backup

See also: http://wiki.mikrotik.com/wiki/Manual:Configuration_Management

3 How to correct the date and time

/system clock print
/system clock set date=jan/30/2012 time=9:45:00 time-zone-name=Europe/Tirane

/system ntp client print
/system ntp client set enabled=yes mode=unicast \
	primary-ntp= secondary-ntp=


4 How to add DNAT rules

Forward ports 80 and 443 (HTTP and HTTPS) to the local webserver

/ip firewall nat add chain=dstnat \
    dst-address= protocol=tcp dst-port=80 \
    action=dst-nat to-addresses= to-ports=80
/ip firewall nat add chain=dstnat \
    dst-address= protocol=tcp dst-port=443 \
    action=dst-nat to-addresses= to-ports=443

5 Set up packet filtering

/ ip firewall filter
add chain=input connection-state=established comment="Accept established connections"
add chain=input connection-state=related comment="Accept related connections"
add chain=input connection-state=invalid action=drop comment="Drop invalid connections" 
add chain=input protocol=udp action=accept comment="UDP" disabled=no 
add chain=input protocol=icmp limit=50/5s,2 comment="Allow limited pings" 
add chain=input protocol=icmp action=drop comment="Drop excess pings" 
add chain=input src-address= comment="From our private LAN"
add chain=input protocol=tcp dst-port=22 src-address= comment="SSH for secure shell"
add chain=input protocol=tcp dst-port=8291 src-address= comment="winbox" 
add chain=input action=log log-prefix="DROP INPUT" comment="Log everything else"
add chain=input action=drop comment="Drop everything else"

add chain=forward protocol=udp dst-port=69 action=drop comment="Blocking UDP Packets"                   
add chain=forward protocol=udp dst-port=111 action=drop                                 
add chain=forward protocol=udp dst-port=135 action=drop      
add chain=forward protocol=udp dst-port=137-139 action=drop 
add chain=forward protocol=udp dst-port=2049 action=drop       
add chain=forward protocol=udp dst-port=3133 action=drop    
add chain=forward protocol=tcp dst-port=69 action=drop comment="Blocking TCP Packets"      
add chain=forward protocol=tcp dst-port=111 action=drop                                  
add chain=forward protocol=tcp dst-port=119 action=drop 
add chain=forward protocol=tcp dst-port=135 action=drop  
add chain=forward protocol=tcp dst-port=137-139 action=drop 
add chain=forward protocol=tcp dst-port=445 action=drop       
add chain=forward protocol=tcp dst-port=2049 action=drop   
add chain=forward protocol=tcp dst-port=12345-12346 action=drop     
add chain=forward protocol=tcp dst-port=20034 action=drop           
add chain=forward protocol=tcp dst-port=3133 action=drop     
add chain=forward protocol=tcp dst-port=67-68 action=drop    

/ip firewall filter print stats
/ip firewall filter reset-counters-all
/log print
/log print follow

Easy GnuPG

Easy GnuPGEasy GnuPGTable of Contents1. What is GnuPG2. What is EasyGnuPG3. EasyGnuPG is opinionated4. EGPG integrates seamlessly with GP...… Continue reading

Moodle For Every School

Published on September 15, 2017