Blog.gowifi

Blog.gowifi

logos (other)

Logos

Go Wireless NZ

Follow by Email

Tuesday, August 28, 2012

Configuring a MikroTik Router for Home or Business



Scenario:
Configure a MikroTik RouterBoard as a basic Router. The following guide is based on using a MikroTik RB/751U-2HnD. This guide however can be used for any MikroTik Router with minor adjustments (i.e. You may have more or less ethernet and or wireless interfaces on other Routers and therefore your configuration will be slightly different when adding interfaces to the bridge).



Ensure you are connected to an ethernet port other than ether1 as this is in most cases configured as a WAN port with the default RouterOS configuration and prevents Winbox access until the configuration is removed.

Login to the Router via Winbox and remove the RouterOS Default Configuration.


Setting up the WAN port:

Option 1:
Configure a WAN port that will receive a DHCP address from an uplink Router or ADSL Modem.


[[email protected]] > /ip dhcp-client add interface=ether1 add-default-route=yes use-peer-dns=yes use-peer-ntp=yes comment=wan-ip-address disabled=no

Option 2:
Configure a WAN port with a PPPoE client (great for connecting to an uplink Draytek ADSL modem that is in bridge mode).
Note: You will need your ISP Username and Password to continue.

Create a PPP Profile for the PPPoE Client Interface:

[[email protected]] > /ppp profile add name=ppp-wan change-tcp-mss=yes

Create the PPPoE Client Interface:


[[email protected]] > /interface pppoe-client add name=pppoe-wan interface=ether1 [email protected] password=my_password add-default-route=yes use-peer-dns=yes profile=ppp-wan allow=pap disabled=no


Setup DNS:

[[email protected]] > /ip dns set allow-remote-requests=yes


Create a bridge and add all the remaining ports / interfaces into it:


[[email protected]] > /interface bridge add name=bridge-local comment="Internal Network" disabled=no

[[email protected]] > /interface bridge port add bridge=bridge-local interface=ether2
[[email protected]] > /interface bridge port add bridge=bridge-local interface=ether3
[[email protected]] > /interface bridge port add bridge=bridge-local interface=ether4
[[email protected]] > /interface bridge port add bridge=bridge-local interface=ether5
[[email protected]] > /interface bridge port add bridge=bridge-local interface=wlan1



Assign an IP Address to the bridge we created in the previous step:

[[email protected]] > /ip address add address=192.168.2.1/24 interface=bridge-local


Configure a DHCP Server for your network:


[[email protected]] > /ip dhcp-server setup 
Select interface to run DHCP server on 

dhcp server interface:
bridge-local

Select network for DHCP addresses 

dhcp address space: 192.168.2.0/24

Select gateway for given network 

gateway for dhcp network: 192.168.2.1

Select pool of ip addresses given out by DHCP server 

addresses to give out: 192.168.2.2-192.168.2.254

Select DNS servers 

dns servers: 192.168.2.1

Select lease time 

lease time: 3d



Configuring NAT for Internet Access:


Option 1:
NAT rule for masquerading traffic out ether1 (Use this rule if you have configured your router using WAN Port Configuration Option 1).


[[email protected]] > /ip firewall nat add chain=srcnat out-interface=ether1 action=masquerade comment=nat-internet-access disabled=no

Option 2:
NAT rule for masquerading traffic out the ppp-wan Interface (Use this rule if you have configured your WAN port as a PPPoE Client interface Option 2).

[[email protected]] > /ip firewall nat add chain=srcnat out-interface=pppoe-wan action=masquerade comment=nat-internet-access disabled=no


Configure the Wireless Interface (if any):
Note: This wireless configuration is based on 2.4GHz b/g/n.

Create a Wireless Security Profile:


[[email protected]] > /interface wireless security-profiles add name=wifi_security mode=dynamic-keys authentication-types=wpa2-psk unicast-ciphers=aes-ccm group-ciphers=aes-ccm wpa2-pre-shared-key=wifipassword123 management-protection=allowed


Configure Wireless Interface:


[[email protected]] > /interface wireless set wlan1 mode=ap-bridge band=2ghz-b/g/n channel-width=20/40mhz-ht-above frequency=2412 ssid="My MikroTik" wireless-protocol=802.11 security-profile=wifi_security default-authentication=yes ht-txchains=0,1 ht-rxchains=0,1 disabled=no


Basic MikroTik Firewall Configuration:

At this point your MikroTik router does not have the Firewall configured. This means you will be open to threats and attacks from the Internet. For more information on configuring your Routers firewall please visit "Secure your MikroTik Firewall"



6 comments:

  1. Awesome... see more http://mikrotikroutersetup.blogspot.com

    ReplyDelete
  2. thank you great work.
    how to set the firewall for option 2 and for the IP address used above.?

    ReplyDelete
    Replies
    1. you can set the src. address or dst. address when configuring NAT rule. i haven't used dst. address before but for the src address you can enter your internal ip subnet that will match this rule. for example if the src. address field is set to 192.168.2.0/24 then any traffic originating from this subnet will use this NAT masquerade rule which can be handy if you have multiple subnets using multiple gateways.

      Delete
  3. I personally recommend to have business firewall for your system as you know with latest tech hackers are also became strong so to minimize the risk you must have business security.

    ReplyDelete