Scribd
Upload
2K views39 pages

Mikrotik Firewall Training PDF

The document outlines an agenda for a 7-part training on MikroTik RouterOS. The topics covered include basics of RouterOS and configuration, firewall and web proxy setup, bandwidth limiting, local network management, routing for VPNs, and troubleshooting. The training will cover requirements such as network basics, firewalling, QoS, and VPN technologies.

Uploaded by

Vichet Heng
Copyright
© © All Rights Reserved
We take content rights seriously. If you suspect this is your content, claim it here.
Available Formats
Download as PDF, TXT or read online on Scribd
2K views39 pages

Mikrotik Firewall Training PDF

The document outlines an agenda for a 7-part training on MikroTik RouterOS. The topics covered include basics of RouterOS and configuration, firewall and web proxy setup, bandwidth limiting, local network management, routing for VPNs, and troubleshooting. The training will cover requirements such as network basics, firewalling, QoS, and VPN technologies.

Uploaded by

Vichet Heng
Copyright
© © All Rights Reserved
We take content rights seriously. If you suspect this is your content, claim it here.
Available Formats
Download as PDF, TXT or read online on Scribd
You are on page 1/ 39

IndirectManager:

DirectManager:
Supervisor:
TeamMember:

Trainer:

4/12/2012

Mr.GlennMiller
Mr.ChhannSokob
Mr.ImSomara
Mr.HengVichet
Mr.SousVichea
Mrs.YunSophearum
Mr.VaVandy

Content

1. MikroTikRouterOSBasics
2. MikroTikRouterOSBasicConfiguration
3. MikroTikRouterOSFirewallandWebProxy
4. MikroTikRouterOSBandwidthLimit
5. MikroTikRouterOSLocalNetworkManagement
6. MikroTikRouterOSRoutingforVPN
7. MikroTikRouterOSTroubleshooting

4/12/2012
2

Requirements&Objective
Requirements

1.

Networkbasics
TCP/IPBasics
Internet&VPNtechnologies

2. Objectiveoftraining

4/12/2012

Fundamentals/Basics
Firewalling
QualityofService
VirtualPrivateNetworks

MikroTikrouterOSBasic
AdvanceofRouter
Networkingdevicethatforwardsthedatapackets.
RoutingoccursatNetworklayer.
Actsasajunctionbetweentwoormorenetworks.
DifferentfromaSwitchandaHub.
2. RouterOSanditsFeatures
ItisarouteroperatingsystemandsoftwarewhichturnsaregularPC
intoadedicatedrouter
Router
BandwidthControl
Firewall
HotSpotGateway
VPNServer/Client
WirelessAP/Router
Allinonebox

1.

4/12/2012

MikroTikrouterOSBasic
3. Routermaybemanagedthroughthefollowing

interfaces:
Localterminalconsole
Serialconsole
Telnet
SSHSSH(secureshell)
MACTelnet
Winbox(Popular)

4/12/2012

MikroTikrouterOSBasic
WinBoxremotetoMKT

4/12/2012

MikroTikrouterOSBasic
WinBoxInterface

4/12/2012

MikroTikrouterOSBasicStructure
InternetStructurewithP3oEClient/IPBase

Connection

4/12/2012

MikroTikRouterOSBasicConfiguration
1.
2.
3.
4.
5.
6.
7.
8.

InterfaceDescription(Name)
CreateVirtualInterface(Bridge&Switchport)
RouterconfigurationsetipaddressesWAN(P3oEor
IPBase)andLAN
DNS&DHCPserverconfiguration
SetupofIPMasquerading
NetworkTimeProtocol(NTP)tosynchronizeclock
Configurationbackupandexportofselectedsettings
MikroTiklicenses

4/12/2012

MikroTikRouterOSBasicConfiguration
InterfaceDescription(Name)

1.

ClickInterfacesGeneralTabNameApplyOK

4/12/2012

10

MikroTikRouterOSBasicConfiguration
2. CreateVirtualInterface(Bridge&Switchport)
CreateBridge

a)

4/12/2012

ClickBridgeBridgeTabAddGeneralTabName(Input
BridgeName)ApplyOK

11

MikroTikRouterOSBasicConfiguration
2. CreateVirtualInterface(Bridge&Switchport)

4/12/2012

ClickBridgeBridgeTabAddGeneralTabName
(InputBridgeName)ApplyOK

12

MikroTikRouterOSBasicConfiguration
2. CreateVirtualInterface(Bridge&Switchport)
Addinterfacetobridge

b)

ClickBridgePortTabAddGeneralTabInterface(Num)
SelectBridgeNameApplyOK

4/12/2012

13

MikroTikRouterOSBasicConfiguration
3. RouterconfigurationsetipaddressesWAN(P3oEor

IPBase)andLAN
SetupWAN(IPBaseIPAddress)

ClickIPSelectAddressAddAddress
(110.74.204.40/27)SelectInterfaceApplyOK

4/12/2012

14

MikroTikRouterOSBasicConfiguration
3. RouterconfigurationsetipaddressesWAN(P3oEor

IPBase)andLAN
SetupWAN(IPBaseGateways)

ClickIPSelectRoutesAddDst.Address
(0.0.0.0/0)Gateways(110.74.204.62)ApplyOK

4/12/2012

15

MikroTikRouterOSBasicConfiguration
3. RouterconfigurationsetipaddressesWAN(P3oEor

IPBase)andLAN
SetupWAN(PPPoEClient)

ClickPPPInterfaceTabAddPPPoEClient
GeneralTabSelectInterfaceName(EzecomConn)
MaxMTU(1454)SelectInterfaceDialOutTabUser
andpassword(SIPAccount)OtherOption
(Default)ApplyOK

4/12/2012

16

MikroTikRouterOSBasicConfiguration
3. RouterconfigurationsetipaddressesWAN(P3oEor

IPBase)andLAN
SetupWAN(PPPoEClient)

4/12/2012

17

MikroTikRouterOSBasicConfiguration
4. DNS&DHCPserverconfiguration
a) DSNServer

ClickIPSelectDNSSettingtypeserveripTick
AllowRemoteRequestApplyOK

4/12/2012

18

MikroTikRouterOSBasicConfiguration
4. DNS&DHCPserverconfiguration
a) DHCPProcess

4/12/2012

19

MikroTikRouterOSBasicConfiguration
4. DNS&DHCPserverconfiguration
a) DHCPServer

ClickIPSelectDHCPDHCPSetupSelectDHCP
Serverinterface(LAN)NextDHCPAddressSpace
(192.168.1.0/24)NextGatewayforDHCP(LANip)
NextAddresstoGiveOutNextDNSServerNext
Leasetime(3d:00:00:00)NextOK

4/12/2012

20

MikroTikRouterOSBasicConfiguration
5. SetupofIPMasquerading

4/12/2012

ClickIPFirewallTabNATAddGeneralTab
Chain(Scrnat)InterfaceOut(EtherWANorP3oE
ClientName)ActionTabApplyOK

21

MikroTikRouterOSBasicConfiguration
6. NetworkTimeProtocol(NTP)tosynchronizeclock
NTPClient

ClickSystemSelectSNTPClientTickEnableMode
(Unicast)PrimaryNTP&SecondaryofISPApplyOK

4/12/2012

22

MikroTikRouterOSBasicConfiguration
6. NetworkTimeProtocol(NTP)tosynchronizeclock
Clock/Timezone

ClickSystemClockTimeTabTimezonename
(Asia/PhnomPenh)ManualTimeZoneTime
Zone(+07:00)ApplyOK

4/12/2012

23

MikroTikRouterOSBasicConfiguration
7. Configurationbackupandexportofselectedsettings
a) BackupConfiguration

ClickFilesClickBackup

b) RestoreConfiguration

ClickFilesSelectonBackupfileClickonRestore

4/12/2012

24

MikroTikRouterOSBasicConfiguration
9. MikroTiklicenses

ClickSystemLicenses:SoftwareID,UpgradealbeTo,Level

4/12/2012

25

MikroTikRouterOSFirewallandWebProxy
1.

Enableproxyserver
GotoNewTerminal

4/12/2012

26

MikroTikRouterOSFirewallandWebProxy
1.

CreateFilterRuleandNATforproxyserver
FirewallRULEDrop

4/12/2012

ClickIPFirewallFilterRulesTabAdd
Chain(input)Protocol(tcp)Dst.Port(8080)
In.Interface(WAN)ActionTabAction(Drop)Apply
Ok

27

MikroTikRouterOSFirewallandWebProxy
1.

CreateFilterRuleandNATforproxyserver
NATRULE

ClickIPFirewallNATTabAddChain(dsnat)
Protocol(tcp)Dst.Port(80)ActionTabAction(dst
nat)ToAddress(192.168.20.1)Toport(8080)Apply
Ok

4/12/2012

28

MikroTikRouterOSFirewallandWebProxy
1.

CreateFilterRuleandNATforproxyserver
BlockWebSite

ClickIPGeneralTabClickAccessAddDst.
Host(websitewww.facebook.com)Action(Deny)Apply
OK

4/12/2012

29

MikroTikRouterOSBandwidthLimit
1. SimpleQueues

ClickQueuesSimpleQueuesTabAddName(IP
19)TargetAddress(192.168.20.19)Max.
Limit(Up/Down)ApplyOK

4/12/2012

30

MikroTikRouterOSLocalNetworkManagement
1.

AddressResolutionProtocol(ARP)
a) TheARPprotocolprovidestwobasicfunctions:

ResolvingIPv4addressestoMACaddresses
Maintainingacacheofmappings

ARPProcess

b)

ARPrequest(Broadcast)
ARPreply(unicast)

4/12/2012

31

MikroTikRouterOSLocalNetworkManagement
2. DHCPserverwithdynamicandstaticIPaddress

allocation
LeaseTime(DHCPclient)

4/12/2012

32

MikroTikRouterOSRoutingforVPN
1. VPNSample

4/12/2012

33

MikroTikRouterOSRoutingforVPN
2. Routing(StaticRoute):Weconfigureroutedepend

oncustomersrequirementoractualsituation.
3. Verifystaticinroutingtable

4/12/2012

34

MikroTikRouterOSRoutingforVPN
3. AddStaticrouteinMKT

ClickIPRoutesAddDst.Address
(192.168.2.0/24)&Gateways(10.82.253.194)ApplyOK

4. AddDefaultrouteinMKT

ClickIPRoutesAddDst.Address(0.0.0.0/0)&
Gateways(10.82.253.200)ApplyOK

4/12/2012

35

MikroTikRouterOSTroubleshooting
1. CheckPhysicalNetwork
a) Cable,Connector,RouterandModem
2. Logical(Configuration)
a) RouterResource

CPU
Member
Disk

RouterInterface&Queue

b)

P3oEinterface
Queuelimitation

3. MorePractice

4/12/2012

36

MikroTikRouterOSTroubleshooting
1. Suggestion(exceptcustomerhaveITguy)
a) Usernameandpasswordrouter

PowerUser(Full)

Username:admin
Password:net@admin

PrivilegeUser(Write)

Username:ezecom
Password:ezecomit

4/12/2012

37

MikroTikRouterOSReferences
1.
2.
3.
4.
5.

http://www.mikrotik.com/
http://wiki.mikrotik.com/wiki/Manual:TOC
http://www.ispsupplies.com/mikrotiklicense
levels.html
http://gregsowell.com/?p=680
https://powercode.fogbugz.com/default.asp?W37

4/12/2012

38

Thankforyourattention

4/12/2012

39

You might also like

pFad - Phonifier reborn

Pfad - The Proxy pFad of © 2024 Garber Painting. All rights reserved.

Note: This service is not intended for secure transactions such as banking, social media, email, or purchasing. Use at your own risk. We assume no liability whatsoever for broken pages.


Alternative Proxies:

Alternative Proxy

pFad Proxy

pFad v3 Proxy

pFad v4 Proxy