Scribd
Upload
94 views3 pages

Mikrotik Setup for Network Admins

Uploaded by

anchapurir24
Copyright
© © All Rights Reserved
We take content rights seriously. If you suspect this is your content, claim it here.
Available Formats
Download as TXT, PDF, TXT or read online on Scribd
94 views3 pages

Mikrotik Setup for Network Admins

Uploaded by

anchapurir24
Copyright
© © All Rights Reserved
We take content rights seriously. If you suspect this is your content, claim it here.
Available Formats
Download as TXT, PDF, TXT or read online on Scribd
You are on page 1/ 3

-------------Resetear Mikotrik-----------------

System->Reset Configuration
Marcar Opciones
No Default Configuration
Do Not Backup
-------------------------------------------------------
IP
Services-> Deshabilitar
winbox: 5000
www: 8050
---------------------------------------------------------
--------------------IP----------
---Proveedor Principal--- Puerta de Enlace del StarLink
Routes
Nuevo -> General
Dst. Address: 0.0.0.0/0
Gateway: 192.168.1.1

---Puerta de Enlace del Mikotrik---


Address -> Address List
Nuevo ->
Address: 192.168.1.2/24
Interface: ether1

----Address-----
Address -> Address List
Nuevo ->
Address: 192.168.88.1/24
Interface: ether2

Address -> Address List


Nuevo ->
Address: 192.168.88.1/24
Interface: ether3

---DNS----
Server :192.168.1.1
8.8.8.8
Allow Remote Requests
Cache Size: 20000

---FIREWALL-----
--Filter Rules
Nuevo
Chain: forward
Action: accept

--NAT
Nuevo -> General:
Chain: srcnat
Action: masquerade

--------------------------------------------------------------------------------

chain: imput
connection state: new
action: accept

imput
conectionstate estableshid,related,untracked
action: accept

imput invalid drop`

imput icmp accept

accept to local loopback(for CAPsMAN)


imput
dst address 127.0.01
action acept

drop all nocoming frpn LAN


General Chain: Imput
In Interface List: !LAN(brige)
Action: drop

special dummy rule to show fasttrack counters


forward passthrough

forward
conectionstate estableshid,related,untracked
action: accept

forwad
conectionstate inalid
action: drop

drop all from WAM not DSTNATed


forward
in interface list: wan
conctetion state: new
conctetion NAT state: !dstnat
drop

forward
conection state estableshed related
action fastrack conection

accept in ipsec policy


forwad
Advanced
IPsec Policy: in ipsec
accept

accept out ipsec policy


forward
Advanced
IPsec Policy: out ipsec
accept

NAT---------
Mangle---------------------------
prerouting passtrough
forward passtrough
postrouting passtough

RAW---------
prerouting passtrough
--------------------------------------------------------
BLOQUEO DE PAGINAS
Layer7Protocol:

^.+(facebook.com|fbcdn.com|twitter.com|instagram.com|youtube.com|tiktok.com|
kwai.com).+$

--------------AMARRE DE IP Y MAC ESTATICA------------


CON TTL EVITAR REVENDER

Tenemos que tener en cuneta quenodebemos tener el dhcp server


habilitado en el puertoque se va conectar el cliente

Damos una direccion IP Estatica a cada cliente


En DNS
colocar el primer dns: la puerta de enlace del mikrotik

En IP-ARP vamos a ver las direcciones IP Y MAC que nosotros


brindamos

Doble click a la IP y le damos en MAKE STATIC aplicamos y Ok

Ahora nos dirigimos a INTERFACES y selecionamos elpuerto


en elque se conectan los clientes estaticos
Doble click y en ARP:reply-only aplicamos y OK

Ahora aplicaremos TTL a nuestro cliente


FIREWALL----MANGLE
Nuevo chain:postrouting
Dst. Address: ponemos la ip estatica
Action: change TTL
TTL ACTION: change y aplicamos el TTL a Max 10

You might also like