Sunday, October 1, 2017

Mikrotik Users Base Routing (PPPoE Users)

Posted by at 8:36 AM 8 comments
/ip address
add address=192.168.1.10/24 interface=ether1 network=192.168.1.0
add address=192.168.2.10/24 interface=ether2 network=192.168.2.0
add address=10.10.0.1/24 interface=ether5 network=10.10.0.0
/ip dns
set servers=8.8.8.8,8.8.8.4.4

 /ip pool
add name=ISP-1 ranges=172.16.1.1-172.16.1.254
add name=ISP-2 ranges=172.16.2.1-172.16.2.254

 /ip firewall address-list
add address=172.16.1.0/24 list=ISP-1
add address=172.16.2.0/24 list=ISP-2
/ip firewall mangle
add action=mark-routing chain=prerouting new-routing-mark=isp1routing \
    passthrough=no src-address-list=ISP-1
add action=mark-routing chain=prerouting new-routing-mark=isp2routing \
    passthrough=no src-address-list=ISP-2

/ip route
add comment="ISP-1 Routing" distance=1 gateway=192.168.1.1 routing-mark=\
    isp1routing
add comment="ISP-2 Routing" distance=1 gateway=192.168.2.1 routing-mark=\
    isp2routing

 /interface pppoe-server server
add authentication=pap,chap disabled=no interface=ether5 one-session-per-host=\
    yes service-name=service1

 /ppp profile
add local-address=10.10.0.1 name=2/2MbISP-2 only-one=yes rate-limit=2M/2M \
    remote-address=ISP-2
add local-address=10.10.0.1 name=2/2MbISP-1 only-one=yes rate-limit=2M/2M \
    remote-address=ISP-1

Read full post »
Labels:

Sunday, August 27, 2017

Dude Email Notification

Posted by at 12:26 AM 1 comments

Read full post »
Labels:

Sunday, August 20, 2017

Payment Reminder For PPPoE

Posted by at 9:25 AM 19 comments

/ip pool
add name=block ranges=172.16.202.1-172.16.202.254
/ppp profile
add change-tcp-mss=no local-address=10.10.0.1 name=Block rate-limit=100K/100K remote-address=block
/ip firewall nat
add action=redirect chain=dstnat comment="Payment redirect" dst-port=80 protocol=tcp src-address=\
    172.16.202.0/24 to-ports=8080
/ip firewall filter
add action=accept chain=forward comment=Reminder dst-port=53 protocol=tcp src-address=172.16.202.0/24
add action=accept chain=forward dst-port=53 protocol=udp src-address=172.16.202.0/24
add action=drop chain=forward src-address=172.16.202.0/24
/ip proxy
set cache-administrator=AfriCloud enabled=yes max-cache-size=none src-address=0.0.0.0
/ip proxy access
add dst-host=www.paymentreminder.weebly.com
add action=deny redirect-to=www.paymentreminder.weebly.com
Read full post »
Labels:

Sunday, July 16, 2017

Secondary Link For Backup

Posted by at 2:25 AM 10 comments



/interface bonding
add mode=active-backup name=Wan-bonding1 slaves=ether1,ether2
/ip address
add address=98.140.10.54/30 comment="Wan Network" interface=Wan-bonding1 network=\

    98.140.10.52
Read full post »
Labels: ,

Sunday, July 9, 2017

Block Daily Motion

Posted by at 1:40 AM 1 comments

/ip firewall address-listadd address=198.54.201.0/24 list=DailyMotionadd address=198.54.200.0/24 list=DailyMotionadd address=195.8.214.0/24 list=DailyMotionadd address=195.8.214.0/23 list=DailyMotionadd address=188.65.126.0/24 list=DailyMotionadd address=188.65.125.0/24 list=DailyMotionadd address=188.65.124.0/24 list=DailyMotionadd address=188.65.121.0/24 list=DailyMotionadd address=188.65.120.0/24 list=DailyMotion/ip firewall filteradd action=drop chain=forward comment="Block DailyMotion" dst-address-list=\DailyMotion/
Read full post »
Labels:

Sunday, July 2, 2017

VLANs with UBNT AP

Posted by at 1:09 PM 6 comments






Read full post »
Labels:

Friday, June 30, 2017

Site-to-Site GRE Tunnel (MikroTik to MikroTik)

Posted by at 12:12 PM 2 comments

Router-1
/interface gre
add !keepalive local-address=41.165.17.158 name=gre-tunnel1 remote-address=95.142.143.17
/ip address
add address=172.16.1.1/30 interface=gre-tunnel1 network=172.16.1.0
/ip route 
  add dst-address=192.168.5.0/24 gateway=172.16.1.2
/
Router-2
/interface gre
add !keepalive local-address=95.142.143.17 name=gre-tunnel1 remote-address=\
    41.165.17.158
/ip address
add address=172.16.1.2/30 interface=gre-tunnel1 network=172.16.1.0
/ip route 
  add dst-address=192.168.2.0/24 gateway=172.16.1.1
/

Read full post »
Labels: , ,

Friday, June 23, 2017

High Priority For Speed Test 8Mb Per User (speedtest.net)

Posted by at 9:31 AM 35 comments


/ip firewall layer7-protocol
add name=SpeedTest regexp="^.+(speedtest).*\\\$"
/ip firewall mangle
add action=mark-connection chain=forward comment="Speed Test Server" \
    layer7-protocol=SpeedTest new-connection-mark=SpeedTest_Con passthrough=yes
add action=mark-connection chain=prerouting new-connection-mark=SpeedTest_Con \
    passthrough=yes protocol=tcp src-port=8080
add action=mark-packet chain=prerouting connection-mark=SpeedTest_Con \
    new-packet-mark=SpeedTest_Packets passthrough=no
add action=mark-connection chain=postrouting dst-port=8080 new-connection-mark=\
    SpeedTest_Con passthrough=yes protocol=tcp
add action=mark-packet chain=postrouting connection-mark=SpeedTest_Con \
    new-packet-mark=SpeedTest_Packets passthrough=no
/queue type
add kind=pcq name=Dow8MB pcq-classifier=dst-address pcq-dst-address6-mask=64 \
    pcq-rate=8192k pcq-src-address6-mask=64
add kind=pcq name=Up8MB pcq-classifier=src-address pcq-dst-address6-mask=64 \
    pcq-rate=8192k pcq-src-address6-mask=64
/queue simple
add comment="Speed Test 8Mb Per User" name="Speed Test" packet-marks=\
    SpeedTest_Packets queue=Up8MB/Dow8MB target=192.168.2.0/24
/
Read full post »
Labels: , ,

Thursday, June 1, 2017

Secure MikroTik and Limited Access (Winbox, SSH, FTP, Telnet)

Posted by at 10:29 PM 2 comments

/tool mac-server
add disabled=yes interface=all
/tool mac-server ping
set enabled=no

 /ip firewall filter
add action=drop chain=input comment="Block Mikrotik Discovery" disabled=no dst-port=5678 protocol=udp
add action=drop chain=input comment="Drop All WINBOX Request By MAC Address" disabled=no dst-port=20561 protocol=udp
add action=drop chain=input comment="WINBOX Just Allow On My PC" disabled=no dst-port=8291 protocol=tcp src-address=!##Your IP Address
add action=drop chain=input comment="FTP Just Allow On My PC" disabled=no dst-port=21 protocol=tcp src-address=!##Your IP Address##
add action=drop chain=input comment="SSH Just Allow On My PC" disabled=no dst-port=22 protocol=tcp src-address=!##Your IP Address##
add action=drop chain=input comment="FTP Just Allow On My PC" disabled=no dst-port=23 protocol=tcp src-address=!##Your IP Address##
Read full post »
Labels:

Tuesday, May 9, 2017

IPIP Tunnel

Posted by at 11:40 AM 0 comments

The IPIP tunneling implementation on the MikroTik RouterOS is RFC 2003 compliant. IPIP tunnel is a simple protocol that encapsulates IP packets in IP to make a tunnel between two routers. The IPIP tunnel interface appears as an interface under the interface list. Many routers, including Cisco and Linux, support this protocol. This protocol makes multiple network schemes possible. for more details

IP tunnelling protocol adds the following possibilities to a network setups:
  • to tunnel Intranets over the Internet
  • to use it instead of source routing

##Router-1
##Ether1- WAN IP 42.166.17.158/28
##Ether5- LAN IP 192.168.1.1/24

/interface ethernet
set [ find default-name=ether1 ] name=ether1
set [ find default-name=ether5 ] name=ether5
/interface ipip
add !keepalive name=42.166.17.160 remote-address=42.166.17.160
/ip address
add address=42.166.17.158/28 interface=ether1 network=42.166.17.144
add address=192.168.1.1/24 interface=ether5 network=192.168.1.0
add address=172.16.10.1/30 interface=42.166.17.60 network=172.16.10.0
/ip firewall nat
add action=masquerade chain=srcnat out-interface=ether1
/ip route
add distance=2 dst-address=192.168.2.0/24 gateway=172.16.10.2


##Router-2
##Ether1- WAN IP 42.166.17.160/28
##Ether5- LAN IP 192.168.2.1/24
/interface ethernet
set [ find default-name=ether1 ] name=ether1
set [ find default-name=ether5 ] name=ether5
/interface ipip
add !keepalive name=42.166.17.158 remote-address=42.166.17.158
/ip address
add address=42.166.17.160/28 interface=ether1 network=42.166.17.144
add address=192.168.2.1/24 interface=ether5 network=192.168.2.0
add address=172.16.10.2/30 interface=42.166.17.158 network=172.16.10.0
/ip firewall nat
add action=masquerade chain=srcnat out-interface=ether1
/ip route
add distance=2 dst-address=192.168.1.0/24 gateway=172.16.10.1


Read full post »
Labels: ,

Sunday, February 19, 2017

IP Cloud (for DSL users)

Posted by at 7:33 AM 0 comments

What is IP Cloud ?  

IP Cloud is starting with RouterOS v6.14 MikroTik offers a Dynamic DNS name service for RouterBOARD devices.This means that your device can automatically get a working domain name, this is useful if your IP address changes often, and you want to always know how to connect to your router.
for more details






Read full post »
Labels:

Sunday, February 5, 2017

Send Mikrotik User Manger Backup File Every Day Via E-mail

Posted by at 4:56 AM 0 comments


/system script
add name=UserManger policy=\
   ftp,reboot,read,write,policy,test,password,sniff,sensitive,romon source=":gl\
   obal SenderId #SENDER@gmail.com\r\
   \n:global SenderUser  #USER\r\
   \n:global GmailPwd #SENDER-PWD\r\
   \n:global RecMail #Receive@gmail.com\r\
   \n:local gmailip \"smtp.gmail.com\"\r\
   \n:global sub1 ([/system identity get name])\r\
   \n:global sub2 ([/system clock get time])\r\
   \n:global sub3 ([/system clock get date])\r\
   \n:global UserMangerFile usermanger\r\
   \n:log warning \"Mikrotik Sending UserManger Backup File.....BY >>>>WWW.ITLE\
   ARNWEB.COM<<<<\"\r\
   \n:log warning \"Creating new backup files\"\r\
   \n/tool user-manager database save name=\$UserMangerFile\r\
   \n:delay 10s\r\
   \n/tool e-mail set address=\$gmailip from=\$SenderId password=\$GmailPwd por\
   t=587 start-tls=yes user=\$SenderUser\r\
   \n:log info \"Sending Backup File.....BY >>>>WWW.ITLEARNWEB.COM<<<<\"\r\
   \n/tool e-mail send to=\$RecMail password=\$GmailPwd subject=\"UserManger Ba\
   ckup File (\$sub1 \$sub2 \$sub3) \" from=\$SenderId file=\$UserMangerFile se\
   rver=\$gmailip start-tls=yes\r\
   \n:log warning \"Please Wait....System is Busy\"\r\
   \n:delay 30s\r\
   \n/file remove \$UserMangerFile\r\
   \n:delay 05s\r\
   \n:log warning \"Finished\"\r\
   \n"
/system scheduler
add interval=1d name=UserManger on-event=UserManger policy=ftp,reboot,read,write,policy,test,password,sniff,sensitive,romon start-date=feb/05/2017 start-time=12:00:00

/

Dowload Scripts

Read full post »
Labels:

Saturday, January 21, 2017

How to change MikroTik login Banner

Posted by at 10:59 PM 5 comments






Download SYS-NOTE-FILE

SCRIPT

/system note
set show-at-login=yes
/set note="\t*************************************************************\r\
    \n\t    WARNING - PRIVATE NETWORK DOMAIN - ACCESS PROHIBITED\r\
    \n\r\
    \n       This device is a private network device. Access to this device is\r\
    \n\r\
    \n      not authorized. Any attempt for unauthorized access is being logged\r\
    \n\r\
    \n\t\t and appropriate legal action will be taken.\r\
    \n\t*************************************************************\r\
    \n\r\
    \n\t\t  ############################################# \r\
    \n\t\t  ###########Server Configuration By########### \r\
    \n\t\t  ###############<HAMZA KHALIL>################\r\
    \n\t\t  ############(www.itlearnweb.com)#############\r\
    \n\t\t  #############################################"
Read full post »
Labels: