WereDoku

User Tools

Site Tools

Trace: mikrotik
mikrotik

This is an old revision of the document!

Table of Contents

MikroTik

Blokování stránek

facebook

/ip firewall address-list add comment="facebook" list="facebook" address=31.13.24.0/21
/ip firewall address-list add comment="facebook" list="facebook" address=31.13.64.0/18
/ip firewall address-list add comment="facebook" list="facebook" address=45.64.40.0/22
/ip firewall address-list add comment="facebook" list="facebook" address=66.220.144.0/20
/ip firewall address-list add comment="facebook" list="facebook" address=69.63.176.0/20
/ip firewall address-list add comment="facebook" list="facebook" address=69.171.224.0/19
/ip firewall address-list add comment="facebook" list="facebook" address=74.119.76.0/22
/ip firewall address-list add comment="facebook" list="facebook" address=103.4.96.0/22
/ip firewall address-list add comment="facebook" list="facebook" address=129.134.0.0/17
/ip firewall address-list add comment="facebook" list="facebook" address=157.240.0.0/17
/ip firewall address-list add comment="facebook" list="facebook" address=173.252.64.0/18
/ip firewall address-list add comment="facebook" list="facebook" address=179.60.192.0/22
/ip firewall address-list add comment="facebook" list="facebook" address=185.60.216.0/22
/ip firewall address-list add comment="facebook" list="facebook" address=204.15.20.0/22

/ipv6 firewall address-list add comment="facebook v6" list="facebookv6" address=2620:0:1c00::/40
/ipv6 firewall address-list add comment="facebook v6" list="facebookv6" address=2a03:2880::/32

/ip   firewall filter add chain=forward src-address=LAN-Address dst-address-list=facebook action=drop
/ipv6 firewall filter add chain=forward src-address=LAN-Address dst-address-list=facebookv6 action=drop

Zdroj: ipinfo.io

LTE

T-Mobile CZ

  1. Interfaces > Add > PPP Client
    1. Name: somepppout
    2. L2 MTU / Max MTU / Max MRU: 1500
    3. Port: usbX
    4. Data channel: 0
    5. Info channel: 1
    6. APN: internet.t-mobile.cz
  2. PPP
    1. Phone: *99#
    2. Dial command: ATDT
    3. User: gprs
    4. Password: gprs
    5. User peer DNS: Yes
    6. Add default route: Yes
    7. Allow: PAP only (CHAP, MSCHAP1, MSCHAP2 unticked)

PPP VPN

  1. PPP > Profile > Add
    1. Name: someprofile
    2. Local address: local IP of the router
    3. Remote address: pool from which the remote clients will get IP addresses
    4. DNS server: optional?
    5. Protocols > Use Encryption: Yes
  2. PPP > PPTP Server (button)
    1. Enabled
    2. Default profile: someprofile
  3. PPP > Secrets
    1. Name: someusername
    2. Password: somepassword
    3. Service: PPTP
    4. Profile: someprofile
  4. In Firewall, allow:
    1. 1752/TCP
    2. 47/IP (GRE)
  5. On LAN interface, allow:
    1. ARP: proxy-arp
    2. Note: if bridged, then do this on the bridge instead of LAN interface.

Two separate connections for two separate LANs with one RouterBoard

  1. Disconnect the bridge between etherX-*-local (Interface properties - remove the Master port).
  2. Mark the packets from LAN subnets (e.g. 192.168.10.0/24 a 192.168.20.0/24): 
    /ip firewall mangle add action=mark-routing chain=prerouting \
    new-routing-mark=routing_mark_office src-address=192.168.10.0/24
/ip firewall mangle add action=mark-routing chain=prerouting \
    new-routing-mark=routing_mark_guests src-address=192.168.20.0/24
  3. Set up routing for packets marked with mangle: 
    /ip route add gateway=ether1-wan1 routing-mark=routing_mark_office
/ip route add gateway=ether2-wan2 routing-mark=routing_mark_guests

    Note: Gateway can also be a PPPoE connection (in case of DSL).

  4. Set up masquerade for the second wan interface (assuming that masquerade was set up only for the ether1-wan1).

IPv6 firewall stub

/ipv6 firewall filter
add action=accept comment="Allow ESTABLISHED (FORWARD)" chain=forward connection-state=established disabled=no 
add action=accept comment="Allow RELATED (FORWARD)" chain=forward connection-state=related disabled=no
add action=accept comment="Allow ICMPv6 (FORWARD)" chain=forward disabled=no in-interface=pppoe-out1 protocol=icmpv6 
add action=drop comment="Drop everything else (FORWARD)" chain=forward disabled=no in-interface=pppoe-out1 
add action=accept comment="Allow ESTABLISHED (INPUT)" chain=input connection-state=established disabled=no 
add action=accept comment="Allow RELATED (INPUT)" chain=input connection-state=related disabled=no 
add action=accept comment="Allow ICMPv6 (INPUT)" chain=input disabled=no in-interface=pppoe-out1 protocol=icmpv6 
add action=accept comment="Allow DHCPv6 (INPUT)" chain=input disabled=no in-interface=pppoe-out1 protocol=udp port=546
add action=drop comment="Drop everything else (INPUT)" chain=input disabled=no in-interface=pppoe-out1
mikrotik.1534459882.txt.gz · Last modified: 2022/03/16 09:38 (external edit)

Page Tools

Except where otherwise noted, content on this wiki is licensed under the following license: CC Attribution-Share Alike 4.0 International
CC Attribution-Share Alike 4.0 International Donate Powered by PHP Valid HTML5 Valid CSS Driven by DokuWiki