Friday, June 30, 2017

Site-to-Site GRE Tunnel (MikroTik to MikroTik)

2 comments

Router-1
/interface gre
add !keepalive local-address=41.165.17.158 name=gre-tunnel1 remote-address=95.142.143.17
/ip address
add address=172.16.1.1/30 interface=gre-tunnel1 network=172.16.1.0
/ip route 
  add dst-address=192.168.5.0/24 gateway=172.16.1.2
/
Router-2
/interface gre
add !keepalive local-address=95.142.143.17 name=gre-tunnel1 remote-address=\
    41.165.17.158
/ip address
add address=172.16.1.2/30 interface=gre-tunnel1 network=172.16.1.0
/ip route 
  add dst-address=192.168.2.0/24 gateway=172.16.1.1
/

Friday, June 23, 2017

High Priority For Speed Test 8Mb Per User (speedtest.net)

35 comments


/ip firewall layer7-protocol
add name=SpeedTest regexp="^.+(speedtest).*\\\$"
/ip firewall mangle
add action=mark-connection chain=forward comment="Speed Test Server" \
    layer7-protocol=SpeedTest new-connection-mark=SpeedTest_Con passthrough=yes
add action=mark-connection chain=prerouting new-connection-mark=SpeedTest_Con \
    passthrough=yes protocol=tcp src-port=8080
add action=mark-packet chain=prerouting connection-mark=SpeedTest_Con \
    new-packet-mark=SpeedTest_Packets passthrough=no
add action=mark-connection chain=postrouting dst-port=8080 new-connection-mark=\
    SpeedTest_Con passthrough=yes protocol=tcp
add action=mark-packet chain=postrouting connection-mark=SpeedTest_Con \
    new-packet-mark=SpeedTest_Packets passthrough=no
/queue type
add kind=pcq name=Dow8MB pcq-classifier=dst-address pcq-dst-address6-mask=64 \
    pcq-rate=8192k pcq-src-address6-mask=64
add kind=pcq name=Up8MB pcq-classifier=src-address pcq-dst-address6-mask=64 \
    pcq-rate=8192k pcq-src-address6-mask=64
/queue simple
add comment="Speed Test 8Mb Per User" name="Speed Test" packet-marks=\
    SpeedTest_Packets queue=Up8MB/Dow8MB target=192.168.2.0/24
/

Thursday, June 1, 2017

Secure MikroTik and Limited Access (Winbox, SSH, FTP, Telnet)

2 comments

/tool mac-server
add disabled=yes interface=all
/tool mac-server ping
set enabled=no

/ip firewall filter
add action=drop chain=input comment="Block Mikrotik Discovery" disabled=no dst-port=5678 protocol=udp
add action=drop chain=input comment="Drop All WINBOX Request By MAC Address" disabled=no dst-port=20561 protocol=udp
add action=drop chain=input comment="WINBOX Just Allow On My PC" disabled=no dst-port=8291 protocol=tcp src-address=!##Your IP Address
add action=drop chain=input comment="FTP Just Allow On My PC" disabled=no dst-port=21 protocol=tcp src-address=!##Your IP Address##
add action=drop chain=input comment="SSH Just Allow On My PC" disabled=no dst-port=22 protocol=tcp src-address=!##Your IP Address##
add action=drop chain=input comment="FTP Just Allow On My PC" disabled=no dst-port=23 protocol=tcp src-address=!##Your IP Address##