Howto mikrotik: Difference between revisions
Mandulete1 (talk | contribs) |
Mandulete1 (talk | contribs) |
||
Line 70: | Line 70: | ||
configure your linux eth0 with networkmanager: | configure your linux eth0 with networkmanager: | ||
nmcli con add con-name eth0-mikrotik ifname eth0 type ethernet ipv4.method manual ipv4.address 192.168.35.100/24 autoconnect no | nmcli con add con-name eth0-mikrotik ifname eth0 type ethernet ipv4.method manual ipv4.address 192.168.35.100/24 autoconnect no | ||
start the new interface: | |||
nmcli con up eth0-mikrotik | nmcli con up eth0-mikrotik | ||
share your wireless internet to mikrotik anthena: | share your wireless internet to mikrotik anthena: |
Revision as of 16:47, 25 September 2024
initial setup
default ip address for router:
192.168.88.1
update user admin password:
/user set admin password=mypassword
add admin username:
/user add name=pedroadm group=full password="mypassword"
set timezone:
/system clock set time-zone-name=America/Puerto_Rico
update clock with ntp:
/system ntp client set enable=yes servers=us.pool.ntp.org
configure ip address:
/ip address add address=192.168.75.93/24 interface="ether1"
configure gateway:
/ip route add gateway=192.168.75.1
check routeros version:
/system resource print
update router os:
/system package update download
update router firmware:
/system routerboard upgrade
configure dns:
/ip dns set servers=4.2.2.1,4.2.2.2 allow-remote-requests=no
configure dhcp server:
/ip address add address=172.16.77.244/24 interface=ether2 /ip pool add name=dhcp-pool ranges=172.16.77.50-172.16.7.100 /ip dhcp-server add name=dhcp interface=ether2 address-pool=dhcp-pool /ip dhcp-server network add address=172.16.77.0/24 gateway=172.16.77.244 dns-server=4.2.2.1,4.2.2.2
configure firewall:
/ip firewall nat add action=masquerade chain=srcnat src-address=172.16.77.0/24 comment="nat rule for internet on 172.16.77.0 subnet" disabled=no out-interface=ether1
other commands
search for file on routeros:
/file print where name~".npk"
monitor interface ether1 using torch:
/tool torch ip-protocol=any port=any src-address=0.0.0.0/0 interface=ether1
show user history log:
/log print
secure router
change ssh port:
/ip service set ssh port=5000
disable services:
/ip services disable telnet,winbox,ftp,api,api-ssl,www
specify static allowed address for winbox:
/ip service set winbox address=192.168.75.2/24
disable bandwith server:
/tool bandwidth-server set enabled=no
disable proxy server:
/ip proxy set enabled=no /ip socks set enabled=no
disable upnp service:
/ip upnp set enabled=no
disable dynamic ip service or ip cloud:
/ip cloud set ddns-enabled=no update-time=no
more secure ssh encryption:
/ip ssh set strong-crypto=yes
disable ipv6:
/ipv6 nd set [find] disabled=yes
lhg 60g anthenas
download latest winbox:
https://download.mikrotik.com/routeros/winbox/3.41/winbox64.exe
load winbox with wine:
wine winbox64.exe
when winbox loads on application top menu enable legacy mode:
tools / legacy mode
set ip address to anthena 1:
/ip address add address=192.168.35.1/24 comment=defconf interface=ether1 network=192.168.35.0
configure your linux eth0 with networkmanager:
nmcli con add con-name eth0-mikrotik ifname eth0 type ethernet ipv4.method manual ipv4.address 192.168.35.100/24 autoconnect no
start the new interface:
nmcli con up eth0-mikrotik
share your wireless internet to mikrotik anthena:
cat > /usr/local/bin/sharenetwlan << EOF #!/bin/bash echo "1" > /proc/sys/net/ipv4/ip_forward iptables -I INPUT -m state --state RELATED,ESTABLISHED -j ACCEPT iptables -I FORWARD -m state --state RELATED,ESTABLISHED -j ACCEPT iptables -t nat -I POSTROUTING -s 192.168.35.0/24 -o wlan0 -j MASQUERADE EOF
change iptables script permissions and execute:
chmod +x /usr/local/bin/sharenetwlan && /usr/local/bin/sharenetwlan
connect to mikrotik using ssh:
ssh -oHostKeyAlgorithms=+ssh-rsa admin@192.168.35.1
configure gateway on mikrotik anthena 1:
/ip route add gateway=192.168.35.100
configure nameservers on mikrotik anthena 1:
/ip dns set servers=4.2.2.1,4.2.2.2
list interfaces mac addresses:
/interface print
create bridge interface:
/interface bridge add admin-mac=CHANGEME auto-mac=no comment=defconf name=bridge
configure w60g interface:
/interface w60g set [ find ] disabled=no frequency=58320 mode=bridge name=wlan60-1 password=CHANGEME put-stations-in-bridge=bridge region=usa ssid=CHANGEME
configure wg60g station:
/interface w60g station name=wlan60-station-1 parent=wlan60-1
wireguard
for wireguard support we need to switch to development channel:
/system package update set channel=development
then download the latest update:
/system package update download
reboot the router:
/system reboot
add wireguard interface:
/interface/wireguard add name=wg0 mtu=1420
add wireguard peer using server information:
/interface/wireguard/peers add endpoint=12.34.56.78:51820 persistent-keepalive=61 public-key="75VNV7HqFh+3QIT5OHZkcjWfbjx8tc6Ck62gZJT/KRA=" allowed-address="10.10.10.0/24" interface=wg0
add ip address to interface:
/ip/address add address=10.10.10.3/24 network=10.10.10.0 interface=wg0
add the following on the server configuration:
[Peer] PublicKey=pEU+xV6YeWOKT34iECYDPRW99oLZKYodkUtjdIV8CwI= AllowedIPs=10.10.10.3/32
restart wireguard on server:
systemctl restart wg-quick@wg0.service