Install Mikrotik router:
Insert your Mikrotik OS and start the server. It will show the bellow message :
Welcome to MikroTik Router Software installation Move around menu using 'p' and 'n' or arrow keys, select with 'spacebar'. Select all with 'a', minimum with 'm'. Press 'i' to install locally or 'r' to install remote router or 'q' to cancel and reboot.
You should choose whether you want to keep old configuration (press [Y]) or to erase the configuration permanently (press [N]) and continue without saving it.
How to use window to configure router
Licence the router
date (text) - date in format "mm/DD/YYY"
If you want to remove a route:
[MikroTik] ip firewall dst-nat> add in-interface=ether1 protocol=tcp \
Specify cache administrator's e-mail address:
otherwise disable it:
Monitoring the Web Proxy:
Managing the Cache:
Add a static default route to the local router:
[admin@MikroTik] ip route> print
Configure DMZ server with the ip address of 10.1.0.2, network 10.1.0.1 and gateway address of 10.1.0.1. To make DMZ server accessible from the Internet at address 192.168.0.3 configure dst-nat rule like this:
[admin@gateway] ip firewall dst-nat> add action=nat \
Source : http://mahidulsblog.blogspot.com
Download winbox software to configure the Mikrotik router
After installation you will get message to licence your os. you can upload the key file from there. Or you can also so it from system option.
Check System Resource
[admin@MikroTik] > /system resource
IO Port Usage Monitor
[admin@MikroTik] > /system resource io print
Reboot
[admin@MikroTik] > /system reboot
Shutdown
[admin@MikroTik] > /system shutdown
Date and Time
[admin@MikroTik] > /system clock
date (text) - date in format "mm/DD/YYY"
dst-active (read-only: yes | no; default: no) - whether the Daylight Saving Time is currently acitve
gmt-offset (read-only: text) - the current effective GMT timezone in format "+HH:MM" or "-HH:MM"
time (time) - time in format "HH:MM:SS"
time-zone-name
(name; default: manual) - timezone code (for example, Europe/Riga
or America/Chicago). Used for configuring time zone and DST adjustments
Command Description
[admin@MikroTik] > /redo
[admin@MikroTik] > /system history print
[admin@MikroTik] > /undo
Username and password when logging
Username is 'admin', and there is no password (hit the 'Enter' key).
You can change the password using the '/password' command.
[admin@MikroTik] > /password
old password:
new password: ******
retype new password: ******
Set ip address
[admin@MikroTik] > ip address
[admin@MikroTik] ip address> add address=10.0.0.1/24 interface=ether2
[admin@MikroTik] ip address> print
Flags: X - disabled, I - invalid, D - dynamic
# ADDRESS NETWORK BROADCAST INTERFACE
0 192.168.6.73/20 192.168.0.0 192.168.15.255 ether1
1 10.0.0.1/24 10.0.0.0 10.0.0.255 ether2
[admin@MikroTik] ip address> /
[admin@MikroTik] ip> route add gateway=192.168.1.1
Add a default route (connect with internet)
[admin@MikroTik] > ip route
[admin@MikroTik] ip route> add gateway=192.168.1.1
[admin@MikroTik] ip route> print
[admin@MikroTik] ip route> /ping 202.84.32.22
If you want to remove a route:
[admin@MikroTik] > ip route remove 2 <<<<<< 2 is the deleted route number
Upgrade firmware
[admin@MikroTik] > /system routerboard print
[admin@MikroTik] > /system routerboard upgrade
Upgrade os version
[admin@MikroTik] > /system auto upgrade
Enable NAT / Masquerading
ce=ether1
[admin@MikroTik] ip firewall nat> add chain=srcnat action=masquerade out-interfa
[admin@MikroTik] ip firewall nat> print
DNS
[admin@MikroTik] > /ip dns set primary-dns=192.168.1.1
[admin@MikroTik] > /ping www.yahoo.com
106.10.170.118 64 byte ping: ttl=54 time=88 ms
[admin@MikroTik] > ip dns
[admin@MikroTik] ip dns> set primary-dns=192.168.6.73 \
\... allow-remote-requests=yes
[admin@MikroTik] ip dns> print
primary-dns: 192.168.6.73
secondary-dns: 0.0.0.0
allow-remote-requests: yes
cache-size: 2048KiB
cache-max-ttl: 1w
cache-used: 16KiB
[admin@MikroTik] ip dns static> add name=www.mahidul.com address=10.0.0.1
[admin@MikroTik] ip dns static> print
[admin@MikroTik] ip dns static> /ping www.mahidul.com
[admin@MikroTik] ip dns> cache flush
Proxy
Enable proxy:
[admin@MikroTik] > system package print
[admin@MikroTik] > ip web-proxy ?
[admin@MikroTik] > ip dns set primary-dns=192.168.1.1
[admin@MikroTik] > ip web-proxy set port=8080
[admin@MikroTik] > ip web-proxy set enabled=yes
[admin@MikroTik] > ip web-proxy print
Transparent Mode:
[admin@MikroTik] > ip web-proxy set transparent-proxy=yes
[MikroTik] ip firewall dst-nat> add in-interface=ether1 protocol=tcp \
dst-address=!10.0.0.1/32:80 action=redirect to-dst-port=8080
[MikroTik] ip firewall dst-nat> print
[MikroTik] ip web-proxy> print
Specify cache administrator's e-mail address:
[admin@MikroTik] > ip web-proxy set cache-administrator=mahidul24@gmail.com
Specify hostname (DNS or IP address) of the web proxy:
[admin@MikroTik] > ip web-proxy set hostname=proxy.mt.lv
If this proxy has to use another proxy, specify it:
[admin@MikroTik] > ip web-proxy set parent-proxy=192.168.1.1:8080
otherwise disable it:
[admin@MikroTik] > ip web-proxy set parent-proxy=0.0.0.0:0
Monitoring the Web Proxy:
[MikroTik] ip web-proxy> print
Managing the Cache:
[MikroTik] ip web-proxy cache> print
DMZ Configuration
The router should have 3 NIC cards:
[admin@gateway] interface> print
Add all needed ip addresses to interfaces as is shown here:
[admin@gateway] ip address> print
Flags: X - disabled, I - invalid, D - dynamic
# ADDRESS NETWORK BROADCAST INTERFACE
0 192.168.0.2/24 192.168.0.0 192.168.0.255 Public
1 10.0.0.254/24 10.0.0.0 10.0.0.255 Local
2 10.1.0.1/32 10.1.0.2 10.1.0.2 DMZ-zone
3 192.168.0.3/24 192.168.0.0 192.168.0.255 Public
[admin@gateway] ip address>
Add a static default route to the local router:
[admin@MikroTik] ip route> print
Flags: X - disabled, I - invalid, D - dynamic, J - rejected,
C - connect, S - static, r - rip, o - ospf, b - bgp
# DST-ADDRESS G GATEWAY DISTANCE INTERFACE
0 S 0.0.0.0/0 r 10.0.0.254 1 ether1
1 DC 10.0.0.0/24 r 0.0.0.0 0 ether1
[admin@MikroTik] ip route>
Configure DMZ server with the ip address of 10.1.0.2, network 10.1.0.1 and gateway address of 10.1.0.1. To make DMZ server accessible from the Internet at address 192.168.0.3 configure dst-nat rule like this:
[admin@gateway] ip firewall dst-nat> add action=nat \
\... dst-address=192.168.0.3/32 to-dst-address=10.1.0.2
[admin@gateway] ip firewall dst-nat> print
Flags: X - disabled, I - invalid, D - dynamic
0 dst-address=192.168.0.3/32 action=nat to-dst-address=10.1.0.2
Source : http://mahidulsblog.blogspot.com
No comments:
Post a Comment