Posted on Leave a comment

Mikrotik configuration

After plugging in Mikrotik router it is almost ready to do internet routing. With default configuration it will give internet to computers, but to fully functioning we need to configure it.

Access configuration of router we can through internet browser or Winbox program. As Winbox runs on Windows OS, I will configure it on internet browser. For easier access, plug in computer to Mikrotik by LAN cable. Defaul Mikrotik IP address is 192.168.88.1. Default username: admin password: admin. As we enter this ip address in browser, we can see welcome screen with “Quick set” configuration:

We need to change:

IP Address
DHCP Server range
Router identity
Password

After configuring basic settings, it is mandatory to upgrade firmware to newest version available. For this we need to navigate to System -> Packages -> Check for Updates -> Download & Install

Next, I want to configure IPTV, from my ISP. For this I need to configure VLAN and add it to bridge. The IPTV device is connected to ether4 port. To do vLAN configuration is easiest using Mikrotiks Teminal.

Gala TV through Mikrotik configuration:

/interface vlan add name=vlan-gala vlan-id=6 interface=ether1
/interface bridge add name=“GataTV” disabled=no
/interface bridge port add interface=vlan-gala bridge=GalaTV
/interface bridge port remove [find interface=ether4]
/interface bridge port add interface=ether4 bridge=GalaTV

Next, I want to allow access to my access from outside of my network, from specific ip address (src-address=):

/ip firewall filter add action=accept chain=input dst-port=8291 protocol=tcp src-address=xxx.xxx.xxx.xxx

When at home I can see CCTV cameras on phone program by connecting to each cameras IP address and default port 8000. For be able to see cameras from outside of my network I need to configure port forward on router. For each CCTV camera we need to use different port number and to forward it to 8000 port. Again, it is easiest to do this on Terminal by executing these commands (replace xxx.xxx.xxx.xxx with IP address of each camera):

/ip firewall nat add action=dst-nat chain=dstnat comment=”Camera Front” dst-address=xxx.xxx.xxx.xxx dst-port=8001 protocol=tcp to-addresses=192.168.88.51 to-ports=8000
/ip firewall nat add action=dst-nat chain=dstnat comment=”Camera Back” dst-address=xxx.xxx.xxx.xxx dst-port=8002 protocol=tcp to-addresses=192.168.88.52 to-ports=8000
/ip firewall nat add action=dst-nat chain=dstnat comment=”Camera Garage” dst-address=xxx.xxx.xxx.xxx dst-port=8003 port=”” protocol=tcp to-addresses=192.168.88.53 to-ports=8000

After the port forward is done, which is enough with other routers, i noticed that i can see cameras on 3G network, but while connected to home wireless network i can‘t see them. For this we need to configure Hairpin NAT function:

/ip firewall nat add chain=srcnat src-address=192.168.88.0/24 dst-address=192.168.88.51 protocol=tcp dst-port=8000 out-interface=LAN action=masquerade
/ip firewall nat add chain=srcnat src-address=192.168.88.0/24 dst-address=192.168.88.52 protocol=tcp dst-port=8000 out-interface=LAN action=masquerade
/ip firewall nat add chain=srcnat src-address=192.168.88.0/24 dst-address=192.168.88.53 protocol=tcp dst-port=8000 out-interface=LAN action=masquerade

My Mikrotik has LCD screen, on which it can display various statistics. By default, LCD displays turned off after 30 minutes. To change this, we can execute in terminal:

/lcd backlight state=on
/lcd set backlight-timeout=never

And for this time this it. Router is ready and i have internet. Only one problem, the internet works by cable, so i need reliable wireless network. But about this in next post.

Leave a Reply

Your email address will not be published. Required fields are marked *