simple setup

RouterOS Beginner Basics
1

I’m looking for a guide to help with the initial config. of mT OS using winbox. (simple router 1 wan and 1 lan)

I have the board on the new accessable remotely, it is handing out private addresses with good DNS, but I cannot get any outbound traffic through the wan port .
Any help is greatly needed.

Thanks in advance.

Brad

2

There is already a good deal of help available of different sources.

http://gregsowell.com/?p=957


http://wiki.mikrotik.com/wiki/Manual:Initial_Configuration

You need the setup with NAT / masquerade.

http://www.mikrotik.com/documentation/manual_2.7/Basic/Basic.html


make a search on the board here for a minimum firewall to stay protected.

3

Min. firewall - Try this for starters.

IP firewall filter

0 chain=forward action=drop connection-state=invalid
1 chain=forward action=accept connection-state=established
2 chain=forward action=accept connection-state=related
4 chain=forward action=accept protocol=tcp dst-port=20-21 (this is for port forward of incoming FTP connection)
5 chain=forward action=accept connection-state=new src-address=192.168.0.0/24
7 chain=forward action=drop src-address=!192.168.0.0/24 dst-address=192.168.0.0/24
8 chain=input action=accept protocol=tcp src-address=192.168.0.0/24 dst-port=22
9 chain=input action=log protocol=tcp dst-port=22 log-prefix=“”
10 chain=input action=drop protocol=tcp dst-port=22

IP Firewall NAT

0 I chain=srcnat action=masquerade out-interface=
1 chain=dstnat action=dst-nat to-addresses=192.168.0.xxx to-ports=20-21 protocol=tcp in-interface=ether1 dst-port=20-21 … this is the portforwarding for my FTP server



To make the firewall in a quick way open a new terminal window in winbox and paste:
/ip firewall filter
add action=drop chain=forward comment=“” connection-state=invalid disabled=no
add action=accept chain=forward comment=“” connection-state=established disabled=no
add action=accept chain=forward comment=“” connection-state=related disabled=no
add action=accept chain=forward comment=“” disabled=no dst-port=7345-7346 protocol=tcp
add action=accept chain=forward comment=“” disabled=no dst-port=20-21 protocol=tcp
add action=accept chain=forward comment=“” connection-state=new disabled=no src-address=192.168.0.0/24
add action=log chain=forward comment=“” disabled=no dst-address=192.168.0.0/24 log-prefix=UNWANTED src-address=
!192.168.0.0/24
add action=drop chain=forward comment=“” disabled=no dst-address=192.168.0.0/24 src-address=192.168.0.0/24
add action=accept chain=input comment=“” disabled=no dst-port=22 protocol=tcp src-address=192.168.0.0/24
add action=log chain=input comment=“” disabled=no dst-port=22 log-prefix=“” protocol=tcp
add action=drop chain=input comment=“” disabled=no dst-port=22 protocol=tcp

4

Hey Guys is there no tutorial on seting this up using winbox, it seemed all I saw was info on how to use winbox.

5

The command line commands match up with the winbox commands for the most part. For example if you see /ip firewall filter. You would click ip on the left then down to firewall and then on the filter tab. It is actually quite simple.