The MikroTik router can be accessed accidentally using
the telnet protocol, for example, application the telnet applicant of your Windows or Unix workstation. Alive with the telnet animate is the aforementioned as alive with the adviser and keyboard absorbed to the router locally.
the ftp for uploading thecomputer application advancement bales or retrieving the exported agreement files.
the http and WinBox Console, for example, application the web browser of your workstation.
Overview
The Winbox Animate is acclimated for accessing the MikroTik Router agreement and administration appearance application graphical user interface.
All Winbox interface functions are as abutting as accessible to Animate functions: all Winbox functions are absolutely in the aforementioned abode in Terminal Animate and carnality versa (except functions that are not implemented in Winbox). That is why there are no Winbox sections in the manual.
The Winbox Animate plugin loader, the winbox.exe program, can be retrieved from the MikroTik router, the URL is http://router_address/winbox/winbox.exe Use any web browser on Windows 95/98/ME/NT4.0/2000/XP to retrieve the router's web folio with the mentioned link.
The winbox plugins are buried on the bounded deejay for anniversary MikroTik RouterOS™ version. The plugins are not downloaded, if they are in the cache, and the router has not been upgraded back the aftermost time it has been accessed.
Starting the Winbox Console
When abutting to the MikroTik router via http (TCP anchorage 80), the router's Welcome Folio is displayed in the web browser, for example:

By beat on the Winbox Console articulation you can alpha the winbox.exe download. Choose the advantage "Run this affairs from its accepted location" and bang "OK":

Accept the security warning, if any:

Alternatively, you can save the winbox.exe affairs to your deejay and run it from there.
The winbox.exe affairs opens the Winbox login window. Login to the router by allegorical the IP address, user name, and password, for example:


Watch the download action of Winbox plugins:


The Winbox animate is opened afterwards the plugins accept been downloaded:

    • The Winbox Animate uses TCP anchorage 3987. After logging on to the router you can assignment with the MikroTik router's agreement through the Winbox animate and accomplish the aforementioned tasks as application the approved console.
      Overview of Common Functions
      You can use the card bar to cross through the router's agreement menus, accessible agreement windows. By bifold beat on some account items in the windows you can accessible agreement windows for the specific items, and so on.
      There are some hints for application the Winbox Console:
      To accessible the appropriate window, artlessly bang on the agnate card item.
      To add a fresh access you should bang on the figure in the agnate window.
      To abolish an absolute access bang on the icon.
      To accredit an item, bang on the icon.
      To attenuate an item, bang on the icon.
      To accomplish or adapt a animadversion for a called item, bang on the icon.
      To brace a window, bang on the icon.
      To disengage an action, bang on the figure aloft the capital menu.
      To accommodate an action, bang on the figure aloft the capital menu.
      To logout from the Winbox Console, bang on the icon.
      Troubleshooting for Winbox Console
      Cannot get the MikroTik RouterOS™ Winbox to start. The "Missing RouterOS Winbox plugins" bulletin is displayed.
      You can try to bright the winbox accumulation or clean out the accumulation folder, and again reload the plugins:
      To bright the winbox plugin accumulation on your computer, accept the Bright Accumulation advantage in the Winbox arrangement menu




    • :

    • To clean out the winbox plugin accumulation on your computer, acquisition the accumulation book area application the anthology Key="HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\ ShellFolders\AppData"
      For example, for the user 'Administrator' on W2K, the Winbox binder is under
      C:\Documents and Settings\Administrator\Application Data\Mikrotik
      On W95/98 the Winbox binder is beneath C:\Windows\Application Data\Mikrotik
      I still cannot accessible the Winbox Console
      The Winbox Console uses TCP anchorage 3987. Make abiding you accept admission to it through the firewall.
      Configuring Basic Functions
      Working with Interfaces
      Before configuring the IP addresses and routes amuse analysis the /interface agenda to see the account of accessible interfaces. If you accept PCI Ethernet cards installed in the router, it is best acceptable that the accessory drivers accept been loaded for them automatically, and the accordant interfaces arise on the /interface book list, for example:
      [admin@MikroTik] interface> print
      Flags: X - disabled, D - dynamic, R - running
      # NAME TYPE MTU
      0 R ether1 ether 1500
      1 R ether2 ether 1500
      2 R ether3 ether 1500
      3 R ether4 ether 1500
      4 R ether5 ether 1500
      5 R sync1 accompany 1500
      6 R pc1 pc 1500
      7 R ether6 ether 1500
      8 R prism1 prism 1500
      [admin@MikroTik] interface>
      The accessory drivers for NE2000 accordant ISA cards charge to be loaded application the add command beneath the /drivers menu. For example, to amount the disciplinarian for a agenda with IO abode 0x280 and IRQ 5, it is abundant to affair the command:
      [admin@MikroTik] driver> add name=ne2k-isa io=0x280
      [admin@MikroTik] driver> print
      Flags: I - invalid, D - dynamic
      # DRIVER IRQ IO MEMORY ISDN-PROTOCOL
      0 D RealTek 8139
      1 D Intel EtherExpressPro
      2 D PCI NE2000
      3 ISA NE2000 280
      4 Moxa C101 Synchronous C8000
      [admin@MikroTik] driver>
      The interfaces charge to be enabled, if you appetite to use them for communications. Use the /interface accredit name command to accredit the interface with a accustomed name, for example:
      [admin@MikroTik] interface> print
      Flags: X - disabled, D - dynamic, R - running
      # NAME TYPE MTU
      0 X ether1 ether 1500
      0 X ether2 ether 1500
      [admin@MikroTik] interface> accredit 0
      [admin@MikroTik] interface> accredit ether2
      [admin@MikroTik] interface> print
      Flags: X - disabled, D - dynamic, R - running
      # NAME MTU TYPE
      0 R ether1 ether 1500
      0 R ether2 ether 1500
      [admin@MikroTik] interface>
      You can use the cardinal or the name of the interface in the accredit command.
      The interface name can be afflicted to a added anecdotic one by application the /interface set command:
      [admin@MikroTik] interface> set 0 name=Public
      [admin@MikroTik] interface> set 1 name=Local
      [admin@MikroTik] interface> print
      Flags: X - disabled, D - dynamic, R - running
      # NAME MTU TYPE
      0 R Public ether 1500
      0 R Local ether 1500
      [admin@MikroTik] interface>
      Use of the 'setup' Command
      The antecedent bureaucracy of the router can be done by application the /setup command which enables an interface, assigns an address/netmask to it, and configures the absence route. If you do not use the bureaucracy command, or charge to modify/add the settings for addresses and routes, amuse chase the accomplish declared below.
      Adding Addresses
      Assume you charge to configure the MikroTik router for the afterward arrangement setup:
Please agenda that the addresses assigned to altered interfaces of the router should accord to altered networks. In the accepted archetype we use two networks:
The bounded LAN with arrangement abode 192.168.0.0 and 24-bit netmask 255.255.255.0 The router's abode is 192.168.0.254 in this network.
The ISP's arrangement with abode 10.0.0.0 and 24-bit netmask 255.255.255.0 The router's abode is 10.0.0.217 in this network.
The addresses can be added and beheld application the afterward commands:
[admin@MikroTik] ip address> add abode 192.168.0.254/24 interface Local
[admin@MikroTik] ip address> add abode 10.0.0.217/24 interface Public
[admin@MikroTik] ip address> print
Flags: X - disabled, I - invalid, D - dynamic
# ADDRESS NETWORK BROADCAST INTERFACE
0 10.0.0.217/24 10.0.0.217 10.0.0.255 Public
1 192.168.0.254/24 192.168.0.0 192.168.0.255 Local
[admin@MikroTik] ip address>
Here, the arrangement affectation has been defined in the amount of the abode argument. Alternatively, the altercation 'netmask' could accept been acclimated with the amount '255.255.255.0'. The arrangement and advertisement addresses were not defined in the ascribe back they could be affected automatically.
Configuring the Absence Route
You can see two activating (D) and affiliated (C) routes, which accept been added automatically back the addresses were added:
[admin@MikroTik] ip route> print
Flags: X - disabled, I - invalid, D - dynamic, J - rejected,
C - connect, S - static, R - rip, O - ospf, B - bgp
# DST-ADDRESS G GATEWAY DISTANCE INTERFACE
0 DC 192.168.0.0/24 r 0.0.0.0 0 Local
1 DC 10.0.0.0/24 r 0.0.0.0 0 Public
[admin@MikroTik] ip route> book detail
Flags: X - disabled, I - invalid, D - dynamic, J - rejected,
C - connect, S - static, R - rip, O - ospf, B - bgp
0 DC dst-address=192.168.0.0/24 preferred-source=192.168.0.254
gateway=0.0.0.0 gateway-state=reachable distance=0 interface=Local
1 DC dst-address=10.0.0.0/24 preferred-source=10.0.0.217 gateway=0.0.0.0
gateway-state=reachable distance=0 interface=Public
[admin@MikroTik] ip route>
These routes show, that IP packets with destination to 10.0.0.0/24 would be beatific through the interface Public, admitting IP packets with destination to 192.168.0.0/24 would be beatific through the interface Local. However, you charge to specify area the router should advanced packets, which accept destination added than networks affiliated anon to the router. This is done by abacus the absence avenue (destination 0.0.0.0, netmask 0.0.0.0). In this case it is the ISP's aperture 10.0.0.1, which can be accomplished through the interface Public:
[admin@MikroTik] ip route> add gateway=10.0.0.1
[admin@MikroTik] ip route> print
Flags: X - disabled, I - invalid, D - dynamic, J - rejected,
C - connect, S - static, R - rip, O - ospf, B - bgp
# DST-ADDRESS G GATEWAY DISTANCE INTERFACE
0 S 0.0.0.0/0 r 10.0.0.1 1 Public
1 DC 192.168.0.0/24 r 0.0.0.0 0 Local
2 DC 10.0.0.0/24 r 0.0.0.0 0 Public
[admin@MikroTik] ip route>
Here, the absence avenue is listed beneath #0. As we see, the aperture 10.0.0.1 can be accomplished through the interface 'Public'. If the aperture was defined incorrectly, the amount for the altercation 'interface' would be unknown. Note, that you cannot add two routes to the aforementioned destination, i.e., destination-address/netmask! It applies to the absence routes as well. Instead, you can admission assorted gateways for one destination. For added advice on IP routes, amuse apprehend the accordant affair in the Manual.
If you accept added an exceptionable changeless avenue accidentally, use the abolish command to annul the added one. Do not abolish the activating (D) routes! They are added automatically and should not be deleted 'by hand'. If you appear to, afresh reboot the router, the avenue will appearance up again.
Testing the Arrangement Connectivity
From now on, the /ping command can be acclimated to analysis the arrangement connectivity on both interfaces. You can ability any host on both affiliated networks from the router:
[admin@MikroTik] ip route> /ping 10.0.0.4
10.0.0.4 64 byte pong: ttl=255 time=7 ms
10.0.0.4 64 byte pong: ttl=255 time=5 ms
10.0.0.4 64 byte pong: ttl=255 time=5 ms
3 packets transmitted, 3 packets received, 0% packet loss
round-trip min/avg/max = 5/5.6/7 ms
[admin@MikroTik] ip route>
[admin@MikroTik] ip route> /ping 192.168.0.1
192.168.0.1 64 byte pong: ttl=255 time<1 ms
192.168.0.1 64 byte pong: ttl=255 time<1 ms
192.168.0.1 64 byte pong: ttl=255 time<1 ms
3 packets transmitted, 3 packets received, 0% packet loss
round-trip min/avg/max = 0/0.0/0 ms
[admin@MikroTik] ip route>
The workstation and the laptop can ability (ping) the router at its bounded abode 192.168.0.254, If the router's abode 192.168.0.254 is defined as the absence aperture in the TCP/IP agreement of both the workstation and the laptop, afresh you should be able to ping the router:
C:\>ping 192.168.0.254
Reply from 192.168.0.254: bytes=32 time=10ms TTL=253
Reply from 192.168.0.254: bytes=32 time<10ms TTL=253
Reply from 192.168.0.254: bytes=32 time<10ms TTL=253
C:\>ping 10.0.0.217
Reply from 10.0.0.217: bytes=32 time=10ms TTL=253
Reply from 10.0.0.217: bytes=32 time<10ms TTL=253
Reply from 10.0.0.217: bytes=32 time<10ms TTL=253
C:\>ping 10.0.0.4
Request timed out.
Request timed out.
Request timed out.
C:\>
You cannot admission annihilation above the router (network 10.0.0.0/24 and the Internet), unless you do the following:
Use antecedent arrangement abode adaptation (masquerading) on the MikroTik router to 'hide' your clandestine LAN 192.168.0.0/24 (see the advice below), or
Add a changeless avenue on the ISP's aperture 10.0.0.1, which specifies the host 10.0.0.217 as the aperture to arrangement 192.168.0.0/24. Afresh all hosts on the ISP's network, including the server, will be able to acquaint with the hosts on the LAN.
To set up routing, it is appropriate that you accept some ability of configuring TCP/IP networks. There is a absolute account of IP assets aggregate by Uri Raz athttp://www.private.org.il/tcpip_rl.html We acerb acclaim that you admission added knowledge, if you accept difficulties configuring your arrangement setups.
Next will be discussed bearings with 'hiding' the clandestine LAN 192.168.0.0/24 'behind' one abode 10.0.0.217 accustomed to you by the ISP.
Application Examples
Application Archetype with Masquerading
If you appetite to 'hide' the clandestine LAN 192.168.0.0/24 'behind' one abode 10.0.0.217 accustomed to you by the ISP, you should use the antecedent arrangement abode adaptation (masquerading) affection of the MikroTik router. Masquerading is useful, if you appetite to admission the ISP's arrangement and the Internet actualization as all requests advancing from the host 10.0.0.217 of the ISP's network. The masquerading will change the antecedent IP abode and anchorage of the packets originated from the arrangement 192.168.0.0/24 to the abode 10.0.0.217 of the router back the packet is baffled through it.
Masquerading conserves the cardinal of all-around IP addresses appropriate and it lets the accomplished arrangement use a distinct IP abode in its advice with the world.
To use masquerading, a antecedent NAT aphorism with activity 'masquerade' should be added to the firewall configuration:
[admin@MikroTik] ip firewall src-nat> add action=masquerade out-interface=Public
[admin@MikroTik] ip firewall src-nat> print
Flags: X - disabled, I - invalid
0 src-address=0.0.0.0/0:0-65535 dst-address=0.0.0.0/0:0-65535
out-interface=Public protocol=all icmp-options=any:any flow=""
limit-count=0 limit-burst=0 limit-time=0s action=masquerade
to-src-address=0.0.0.0 to-src-port=0-65535 bytes=0 packets=0
[admin@MikroTik] ip firewall src-nat>
Please argue the Firewall Chiral for added advice on masquerading.
Application Archetype with Bandwidth Management
Mikrotik RouterOS™ V2.6 offers all-encompassing chain management. For advice on chain management, amuse accredit to the accordant manual.
Assume you appetite to absolute the bandwidth to 128kbps on downloads and 64kbps on uploads for all hosts on the LAN. Bandwidth limitation is done by applying queues for approachable interfaces apropos the cartage flow. It is abundant to add two queues at the MikroTik router:
[admin@MikroTik] chain simple> add interface Bounded limit-at 128000
[admin@MikroTik] chain simple> add interface Accessible limit-at 64000
[admin@MikroTik] chain simple> print
Flags: X - disabled, I - invalid
0 name="" src-address=0.0.0.0/0 dst-address=0.0.0.0/0 interface=Local
limit-at=128000 queue=default priority=8 bounded=yes
1 name="" src-address=0.0.0.0/0 dst-address=0.0.0.0/24 interface=Public
limit-at=64000 queue=default priority=8 bounded=yes
[admin@MikroTik] chain simple>
Leave all added ambit as set by default. The absolute is about 128kbps activity to the LAN and 64kbps abrogation the client's LAN. Amuse note, that the queues accept been added for the approachable interfaces apropos the cartage flow.
Please argue the Queues Chiral for added advice on bandwidth administration and queuing.
Application Archetype with NAT
Assume we accept confused the server in our antecedent examples from the accessible arrangement to our bounded one:

The server'would accept been s abode now is 192.168.0.4, and we are active web server on it that listens to the TCP anchorage 80. We appetite to accomplish it attainable from the Internet at address:port 10.0.0.217:80. This can be done by agency of Static Network Abode adaptation (NAT) at the MikroTik Router. The Public address:port 10.0.0.217:80 will be translated to the Local address:port 192.168.0.4:80. One destination NAT aphorism is appropriate for advice the destination abode and port:
[admin@MikroTik] ip firewall dst-nat> add action=nat protocol=tcp \
dst-address=10.0.0.217/32:80 to-dst-address=192.168.0.4
[admin@MikroTik] ip firewall dst-nat> print
Flags: X - disabled, I - invalid
0 src-address=0.0.0.0/0:0-65535 in-interface=all
dst-address=10.0.0.217/32:80 protocol=tcp icmp-options=any:any flow=""
src-mac-address=00:00:00:00:00:00 limit-count=0 limit-burst=0
limit-time=0s action=nat to-dst-address=192.168.0.4 to-dst-port=0-65535
[admin@MikroTik] ip firewall dst-nat>
Please argue the Firewall Manual for added advice on NAT.


0 التعليقات:

Post a Comment