How to Configure OSPF on Mikrotik

  OSPF on Mikrotik  OSPF(Open Standard Shortest Path) is a Link Stat Routing Protocol. its use Djikstra algorithm for find shortest Path. OSPF use Protocol Number 89 and AD value 110. OSPF use two multicast address 224.0.0.5 and 224.0.0.6.  OSPF is a classless protocol and its Support VLSM. OSPF support both IPV4 and IPV6. OSPF Support only IP Routing and there is no hop-count limit.OSPF uses areas and OSPF Area 0 is known as the Backbone Area and its help  maintain a loop free topology. in this tutorial we configure OSPF on Mikrotik.…

Read More

How to give Separate Bandwidth for ICMP/PING on Mikrotik

 Separate Bandwidth for ICMP/PING on Mikrotik /ip firewall mangle add chain=prerouting action=mark-connection new-connection-mark=ICMP-CONN passthrough=yes protocol=icmp add chain=prerouting action=mark-packet new-packet-mark=ICMP_PKT passthrough=no protocol=icmp connection-mark=ICMP-CONN /queue simple add name=”ICMP” target-addresses=0.0.0.0/0 interface=all parent=Total packet-marks=ICMP_PKT direction=both priority=1 queue=default/default limit-at=0/0 max-limit=2M/2M burst-limit=0/0 burst-threshold=0/0 burst-time=0s/0s total-queue=default

Read More

How to Block BOGON IP on Mikrotik

  Block BOGON IP on Mikrotik /ip firewall address-listadd list=BOTNET_IP address=0.0.0.0/8 /ip firewall address-list> add list=BOTNET_IP address=100.64.0.0/64 /ip firewall address-list> add list=BOTNET_IP address=127.0.0.0/8 /ip firewall address-list> add list=BOTNET_IP address=169.254.0.0/16 /ip firewall address-list> add list=BOTNET_IP address=172.16.0.0/12 /ip firewall address-list> add list=BOTNET_IP address=192.168.0.0/16 /ip firewall address-list> add list=BOTNET_IP address=192.0.0.0/24 /ip firewall address-list> add list=BOTNET_IP address=198.18.0.0/15 /ip firewall address-list> add list=BOTNET_IP address=192.168.51.100.0/24 /ip firewall address-list> add list=BOTNET_IP address=203.0.112.0/24 /ip firewall address-list> add list=BOTNET_IP address=224.0.0.0/3 if we using any routing protocol such as OSPF,RIP etc then don’t drop  224.0.0.0/3 . ip firewall filter add…

Read More

How to Block Torrent on Mikrotik

  Block Torrent on Mikrotik if you want to block torrent & p2p traffic on 192.168.1.0/24 replace ip according to your need   /ip firewall layer7-protocol add name=torrentsites regexp=”^.*(get|GET).+(torrent|thepiratebay|isohunt|ente\ rtane|demonoid|btjunkie|mininova|flixflux|torrentz|vertor|h33t|btscene|bit\ unity|bittoxic|thunderbytes|entertane|zoozle|vcdq|bitnova|bitsoup|meganova\ |fulldls|btbot|flixflux|seedpeer|fenopy|gpirate|commonbits).*\$”     /ip firewall filter add action=drop chain=forward comment=torrentsites layer7-protocol=\ torrentsites src-address=192.168.1.0/24 add action=drop chain=forward comment=dropDNS dst-port=53 layer7-protocol=\ torrentsites protocol=udp src-address=192.168.1.0/24 add action=drop chain=forward comment=keyword_drop content=torrent \ src-address=192.168.1.0/24 add action=drop chain=forward comment=trackers_drop content=tracker \ src-address=192.168.1.0/24 add action=drop chain=forward comment=get_peers_drop content=getpeers \ src-address=192.168.1.0/24 add action=drop chain=forward comment=info_hash_drop content=info_hash \ src-address=192.168.1.0/24 add action=drop chain=forward comment=announce_peers_drop content=\ announce_peers src-address=192.168.1.0/24 add action=drop…

Read More

How to Configure PPPOE Server on Mikrotik

PPPOE Server on Mikrotik Point to Point Protocol over Ethernet (PPPOE). PPPoE protocol was published by the IETF in 1999. PPPOE use standard method encryption, authentication, and compression specified by PPP. in this tutorial we share how to configure PPPOE Server on Mikrotik Task 1 IP Pool Configure Task 2 PPPOE Server Configure Task 3 PPPOE Profile Configure Task  4 PPPOE User Create Task 4 IP blocks for different bandwidth packages   Task 1 Configure [admin@XYZ] /ip pool> add name=512KB ranges=192.168.1.2-192.168.1.254 [admin@XYZ] /ip pool> add name=1M ranges=192.168.2.2-192.168.2.254 [admin@XYZ] /ip pool>…

Read More

How to Block port scanner in Mikrotik

  Block port scanner in MIkrotik   To protect the Router from port scanners, we can record the IPs of hackers who try to scan your box. Using this address list we can drop connection from those IP. /ip firewall filter   add   chain=input action=add-src-to-address-list protocol=tcp psd=21,3s,3,1       address-list=port_block address-list-timeout=2w TCP flags can also indicate port scanner activity. add chain=input protocol=tcp tcp-flags=fin,!syn,!rst,!psh,!ack,!urg action=add-src-to-address-list address-list=”port scanners” address-list-timeout=2w comment=”NMAP FIN Stealth scan” add chain=input protocol=tcp tcp-flags=fin,syn action=add-src-to-address-list address-list=”port scanners” address-list-timeout=2w comment=”SYN/FIN scan” add chain=input protocol=tcp tcp-flags=syn,rst action=add-src-to-address-list address-list=”port scanners” address-list-timeout=2w…

Read More

How to Configure GRE tunnel on Mikrotik

  GRE Tunnel Configuration on Mikrotik : Generic Routing Encapsulation (GRE) is tunneling protocol.GRE is a Cisco proprietary standard for encapsulating layer 3 packets over an IP network, it is simile to IPIP and EOIP which originally built up as stateless tunnels.GRE create a virtual point-to-point protocol link. Site1: /interface gre add name=site1 remote-address=10.10.10.2 local-address=172.16.32.2 /ip address add address=192.168.1.1/30 interface=site1 /ip route add dst-address=172.10.11.0/24 gateway=192.168.1.2 Site2: /interface gre add name=site2 remote-address=172.16.32.2 local-address=10.10.10.2 /ip address add address=192.168.1.2/30 interface=site2 /ip route add dst-address=172.16.10.0/24 gateway=192.168.1.1       POsted By: Techguru

Read More

How to Configure Mikrotik hotspot default queue

When you configure a hotspot with Mikrotik, routerOS always creates a default queue called hs-<hotspot1> allowing unlimited speed both directions. You can delete the queue, but it will come up again after restart. The problem is that this queue will override simple queue which are below it and speed limitation of hotspot users will not work properly. This can be easily avoided by the script : :foreach i in=[/queue simple find name=”hs-<server1>”] do {/queue simple remove $i;}; Setup scheduler to run the script every 5-10 minutes and you will be…

Read More