Mikrotik Firewall Training Router (Computing) PDF

Indirect Manager: Mr.
Glenn Miller
Direct Manager: Mr. Chhann Sokob
Supervisor: Mr. Im Somara
Team Member: Mr. Heng Vichet
Mr. Sous Vichea
Mrs. Yun Sophearum
Trainer: Mr. Va Vandy

4/12/2012 1
Content

1. MikroTik RouterOS ‐ Basics
2. MikroTik RouterOS ‐ Basic Configuration
3. MikroTik RouterOS ‐ Firewall and Web‐Proxy
4. MikroTik RouterOS ‐ Bandwidth Limit
5. MikroTik RouterOS ‐ Local Network Management
6. MikroTik RouterOS – Routing for VPN
7. MikroTik RouterOS ‐ Troubleshooting

4/12/2012 2

Requirements & Objective
1. Requirements
 Network basics
 TCP/IP Basics
 Internet & VPN technologies
2. Objective of training
 Fundamentals / Basics
 Firewalling
 Quality of Service
 Virtual Private Networks

4/12/2012 3
MikroTik‐routerOS‐Basic
1. Advance of Router
 Networking device that forwards the data packets.
 Routing occurs at Network layer.
 Acts as a junction between two or more networks.
 Different from a Switch and a Hub.
2. RouterOS and its Features
 It is a router operating system and software which turns a regular PC
into a dedicated router
 Router
 Bandwidth Control
 Firewall
 Hot‐Spot Gateway
 VPN Server/Client
 Wireless AP/Router
 All in one box
4/12/2012 4
3. Router may be managed through the following
interfaces:
 Local terminal console
 Serial console
 Telnet
 SSH ‐ SSH (secure shell)
 MAC Telnet
 Winbox (Popular)
4/12/2012 5
 WinBox remote to MKT

4/12/2012 6
 WinBox Interface

4/12/2012 7
MikroTik‐routerOS‐Basic Structure
 Internet Structure with P3oE Client/IPBase
Connection

4/12/2012 8
MikroTik RouterOS ‐ Basic Configuration
1. Interface Description (Name)
2. Create Virtual Interface (Bridge & Switch port)
3. Router configuration ‐ set ip addresses WAN(P3oE or
IPBase) and LAN
4. DNS & DHCP server configuration
5. Setup of IP Masquerading
6. Network Time Protocol (NTP) to synchronize clock
7. Configuration backup and export of selected settings
8. MikroTik licenses

4/12/2012 9
1. Interface Description (Name)
 Click Interfaces  General Tab  Name  Apply OK

4/12/2012 10
a) Create Bridge
 Click Bridge  Bridge Tab  Add  General Tab  Name (Input
Bridge Name)  Apply  OK
4/12/2012 11
 Click Bridge  Bridge Tab  Add  General Tab  Name
(Input Bridge Name)  Apply  OK
4/12/2012 12
b) Add interface to bridge
 Click Bridge  Port Tab  Add  General Tab  Interface(Num)
 Select Bridge Name  Apply  OK

4/12/2012 13
IPBase) and LAN
 Set up WAN (IPBase‐IP Address)
 Click IP Select Address  Add  Address
(110.74.204.40/27)  Select Interface  Apply  OK

4/12/2012 14
IPBase) and LAN
 Set up WAN (IPBase‐Gateways)
 Click IP Select Routes  Add  Dst. Address
(0.0.0.0/0)  Gateways (110.74.204.62)  Apply  OK

4/12/2012 15
IPBase) and LAN
 Set up WAN (PPPoE Client)
 Click PPP Interface Tab  Add PPPoE Client 
General Tab  Select Interface Name(Ezecom‐Conn)
Max MTU (1454)  Select Interface  Dial Out Tab User
and password (SIP Account)  Other Option
(Default)Apply  OK

4/12/2012 16
IPBase) and LAN
 Set up WAN (PPPoE Client)

4/12/2012 17
a) DSN Server
 Click IP  Select DNS  Setting  type server ip  Tick
Allow Remote Request Apply  OK

4/12/2012 18
a) DHCP Process

4/12/2012 19
a) DHCP Server
 Click IP  Select DHCP  DHCP Setup  Select DHCP
Server interface(LAN)  Next DHCP Address Space
(192.168.1.0/24) Next  Gateway for DHCP(LAN ip)
Next  Address to Give Out  Next  DNS Server  Next
 Lease time(3d:00:00:00)  Next  OK

4/12/2012 20
5. Setup of IP Masquerading
 Click IP  Firewall  Tab NAT  Add  General Tab
 Chain (Scrnat)  Interface Out(Ether‐WAN or P3oE
Client Name)  Action Tab  Apply  OK

4/12/2012 21
 NTP Client
 Click System  Select SNTP Client  Tick Enable  Mode
(Unicast)  Primary NTP & Secondary of ISP Apply  OK

4/12/2012 22
 Clock/ Time zone
 Click System  Clock  Time Tab  Time zone name
(Asia/Phnom Penh)  Manual Time Zone Time
Zone(+07:00)Apply  OK

4/12/2012 23
7. Configuration backup and export of selected settings
a) Backup Configuration
 Click Files  Click Backup

b) Restore Configuration
 Click Files  Select on Backup file  Click on Restore

4/12/2012 24
9. MikroTik licenses
 Click System  Licenses: Software ID, Upgradealbe To, Level

4/12/2012 25
MikroTik RouterOS ‐ Firewall and Web Proxy
1. Enable proxy server
 Go to New Terminal

4/12/2012 26
1. Create Filter Rule and NAT for proxy server
 Firewall RULE Drop
 Click IP  Firewall  Filter Rules Tab Add 
Chain(input)  Protocol(tcp)  Dst.Port (8080) 
In.Interface (WAN)  Action Tab Action (Drop)  Apply 
Ok
4/12/2012 27
 NAT RULE
 Click IP  Firewall  NAT Tab  Add  Chain(dsnat) 
Protocol(tcp)  Dst.Port (80)  Action Tab  Action(dst‐
nat)  To Address (192.168.20.1) To port (8080) Apply 
Ok

4/12/2012 28
 Block Web Site
 Click IP  General Tab  Click Access  Add  Dst.
Host (web site www.facebook.com)  Action (Deny)  Apply
 OK

4/12/2012 29
MikroTik RouterOS ‐ Bandwidth Limit
1. Simple Queues
 Click Queues  Simple Queues Tab Add  Name(IP‐
19)  Target Address (192.168.20.19)  Max.
Limit(Up/Down)  Apply  OK

4/12/2012 30
MikroTik RouterOS ‐ Local Network Management
1. Address Resolution Protocol (ARP)
a) The ARP protocol provides two basic functions:
 Resolving IPv4 addresses to MAC addresses
 Maintaining a cache of mappings
b) ARP Process
 ARP request(Broadcast)
 ARP reply(unicast)

4/12/2012 31
MikroTik RouterOS ‐ Local Network Management
2. DHCP server with dynamic and static IP address
allocation
 Lease Time (DHCP client)

4/12/2012 32
MikroTik RouterOS – Routing for VPN
1. VPN Sample

4/12/2012 33
2. Routing (Static Route): We configure route depend
on customer’s requirement or actual situation.
3. Verify static in routing table

4/12/2012 34
3. Add Static route in MKT
 Click IP  Routes  Add  Dst. Address
(192.168.2.0/24) & Gateways (10.82.253.194)  Apply OK

4. Add Default route in MKT
 Click IP  Routes  Add  Dst. Address (0.0.0.0/0) &
Gateways (10.82.253.200)  Apply OK

4/12/2012 35
MikroTik RouterOS ‐ Troubleshooting
1. Check Physical Network
a) Cable, Connector, Router and Modem
2. Logical (Configuration)
a) Router Resource
 CPU
 Member
 Disk
b) Router Interface & Queue
 P3oE interface
 Queue limitation
3. More Practice

4/12/2012 36

MikroTik RouterOS ‐ Troubleshooting
1. Suggestion (except customer have IT guy)
a) Username and password router
 Power User(Full)
• Username: admin
• Password: net@admin
 Privilege User(Write)
• Username: ezecom
• Password: ezecomit

4/12/2012 37

MikroTik RouterOS ‐ References
1. http://www.mikrotik.com/
2. http://wiki.mikrotik.com/wiki/Manual:TOC
3. http://www.ispsupplies.com/mikrotik‐license‐
levels.html
4. http://gregsowell.com/?p=680
5. https://powercode.fogbugz.com/default.asp?W37

4/12/2012 38

Thank for your attention

4/12/2012 39

Mikrotik Firewall Training Router (Computing) PDF

Uploaded by

Document Information

Original Title

Copyright

Available Formats

Share this document

Share or Embed Document

Sharing Options

Did you find this document useful?

Is this content inappropriate?

Copyright:

Available Formats

Mikrotik Firewall Training Router (Computing) PDF

Uploaded by

Copyright:

Available Formats

Indirect Manager: Mr.

You might also like