Showing posts with label Mikrotik. Show all posts
Showing posts with label Mikrotik. Show all posts

Step by Step installation Guide of a Caching Proxy

Posted by Unknown on 06:19:00
0
Winbox into the Router OS Hardware that you intend to install the webproxy onto, Click on IP \ Web proxy as apparent below


Click on Settings as apparent below


Fill in the afterward capacity as apparent in the account below
Port:-- baddest 3128 (standard Squid TCP Port) or 8080 (typically acclimated Http proxy server TCP port) about any accessible anchorage on the Router OS Appliance can be acclimated (provided that the anchorage is not already actuality acclimated by addition process)
Host name -- Baddest a host name that you admiration (it is not acute about it is advantageous for handing out a dns name such as proxy1.wirelessconnect.eu ... (Remember to amend your DNS server with the Proxy IP abode afore arising the name to clients
Transparent Proxy -- Tick this Box if the Proxy Server is to be Transparent, ie the user will not be appropriate to configure their browser (note added firewall agreement (redirect aphorism will charge to be amid to accomplish this assignment see basal of commodity for added details)
Cache Administrator-- Baddest an Administrative Email-address for accepting acknowledgment on your Proxy Appliance Performance
Maximum Object Admeasurement -- Baddest a reasonable admeasurement (It should be ample abundant for best users uses ...e.g Service Pack 2 Download ... Patch CD ISO,) about it should not beat the Admeasurement of the Caching Disk (We Recommend that the Maximum Object Accumulation be a tiny atom of the absolute accumulation admeasurement i.e. Maximum Object Admeasurement should << 1% of Caching Disk)


Select the actual Drive (secondary-master) as the Cache Drive and again bang Architecture as apparent beneath (Note that Router OS wont Let you architecture the System Drive)



When prompted to affirm the formatting as apparent below



While the accumulation drive is formatting , "formatting harddrive" will arise on the cachet bar on the basal of the chat box as apparent below




After the formatting action is complete the Cache will be created & "Creating Cache" will arise on the cachet bar at the basal of the chat box as apparent below.




Select the Maximum RAM Cache Size, this should be no greater than the aftereffect of the afterward blueprint -- (Total RAM on Proxy Appliance) - 64 MB Ram (For Router OS and Other Router OS Process) in this archetype one has an apparatus with 1GB of Memory installed and one wishes to assets 68 MB of RAM for arrangement use accordingly one should set the Maximum RAM Cache Size to 934MB as apparent in the angel below




Next Turn on the Proxy Server by beat Enable as apparent below




Once the Proxy Service is active the cachet bar will appearance "Running" on the basal of the chat box as apparent below




           
Proxy Running State will be displayed in the Status Bar


Posted in

MIKROTIK RB750GL RouterBoard

Posted by Unknown on 05:52:00
0
Product Description
Gigabit Mini-Router
MIKROTIK RB750GL RouterBoard                                                                                                   
      
  




 The RB750GL is a baby SOHO router in a white artificial case. It has bristles absolute Gigabit Ethernet ports and alternative about-face dent functionality for wire acceleration Gigabit throughput. It’s apparently the best affordable MPLS able Gigabit router on the market. With its bunched architecture and apple-pie looks, it will fit altogether into any SOHO environment.
Features Include:
CPU Atheros AR7242 400MHz
64MB DDR SDRAM onboard memory
64MB onboard NAND anamnesis chip
Five 10/100/1000 Mbit/s Gigabit Ethernet ports
Power, NAND activity, 5 ethernet LEDs
MikroTik RouterOS, Level4 license
RouterBOARD 750GL                                                               

Posted in

Mikrotik's Remote Radius Configuration

Posted by Unknown on 02:12:00
0
Here beneath a abrupt description on how to configure Mikrotik to assignment with Remote Radius by application the official apparatus Winbox.

mikrotik 1

click pics to enlarge
Mikrotik's alien ambit configuration
Under Ambit menù, bang on add button.
Hotspot
Enable / Disable hotspot service.
Address
IP abode of ambit server.
Radius Aggregate Abstruse
Radius aggregate abstruse for ambit server. The RADIUS agreement does not address passwords in cleartext amid the NAS and RADIUS server (not alike with PAP protocol). Rather, a aggregate abstruse is acclimated forth with the MD5 hashing algorithm to conceal passwords.
Authentication Anchorage
UDP anchorage cardinal to use for ambit affidavit requests. Default anchorage is 1812.
Accounting Anchorage
UDP anchorage cardinal to use for ambit accounting requests. Default anchorage is 1813.
Timeout
Timeout for alien ambit server. Set 2000ms.
Radius Admission Anchorage
Set ambit admission anchorage to 1700.

mikrotik 2

click pics to enlarge
Mikrotik's hotspot configuration
Under IP ? Hotspot menù baddest Servers tab and bang on Hotspot Setup.
Hotspot Interface
Ethernet interface to accept to. This is the arrangement interface which is aggregate amid the Clients. In a archetypal wireless agreement this should be set to radio interface.
Local Abode of Arrangement
IP arrangement abode of alien packet abstracts network. Acclimated to admeasure activating IP addresses to Clients and set up routing. Set to 10.5.50.1/24, the Clients will accept addresses starting from 10.5.50.1 to 10.5.50.254. The abode 10.5.50.255 will be the advertisement IP.
Flag Masquerade Network.
Address Basin of Arrangement
Pool of IP addresses acclimated to be assigned to Clients. By absence IP basin is affected starting from antecedent setting.
Select Certificate
Certificate acclimated for data. Set none.
IP Abode of SMTP Server
SMTP Server. Set 0.0.0.0
DNS Server
DNS IP server address. It will be appropriate to the Clients. You should set 8.8.8.8 (free Google DNS)

mikrotik 3

click pics to enlarge
Under IP ? Hotspot menù baddest Server Profiles tab.
Name
Profile's name.
Hotspot Abode
Hotspot IP address.
HTML Directory
Directory absolute the HTML book of the Captive Portal.
Login by
Type of login supported. Set HTTP PAP & CHAP.
Use RADIUS
Enable / Disable alien ambit server management. Set Enable
MAC Format
MAC Format used. Set XX:XX:XX:XX:XX:XX
NAS Port blazon
NAS Port blazon beatific to Radius. Set wireless-802.11

mikrotik 4

click pics to enlarge
Under IP ? Hotspot menù baddest Wall Garden tab.
The Wall Garden agreement allows the Users to admission at networks or alone IP addresses after authentication. It's a area area is accessible specify chargeless admission sites. The minimum agreement to alter Users to Captive Portal and abstracts to Radius Server is to acquiesce chargeless admission to both IP addresses of Radius Server and Captive Portal (if it doesn't resides on the aforementioned apparatus of Radius).
Dst. Abode
IP abode or arrangement to be accomplished after authentication.

Posted in

Mikrotik Basics

Posted by Unknown on 04:22:00
0



This is a 45 minute video that will airing you through configuring a Mikrotik for a accepted network: ip addressing, routing, dhcp server/client, DNS, basal wireless and bridging.
It additionally covers some of the basal casework and tools.

Posted in

Nanobridge mikrotik questions

Posted by Unknown on 01:42:00
1

Mikrotik questions (also a tranzeo tr6000 quest.)
Let’s say I use mikrotik to administer my wisp…
1) Can I book up pre-paid “cards” (like acceptable for, say, 10hrs…20hrs, etc., expiring 1 ages afterwards aboriginal use) for internet access?
2) If addition were to allotment their password/user ID from one of those cards, how would mikrotik acknowledge if both users were on band simultaneously?
Any acquaintance with this?
also, I anticipate I'm activity with a Tranzeo tr6000 for my admission point. Anybody use this accessories with Mikrotik?
Thanks.
I can't acknowledgment your catechism on users as I accept no acquaintance in ambience it up that way. Sounds like you charge some array of hotspot administration software. Mikrotik may be able to do this.
As far as application Mikrotik with Tranzeo, it makes no aberration what blazon of AP you use. Mikrotik is aloof a PC that all cartage is baffled thru. You don't charge annihilation adorned either for the PC. I acclimated a PII450 with 256MB and a 6.4Gig HD. 2 arrangement cards. It did bandwidth administration and additionally was a airy proxy server (web cache). The accumulation did advice on acid bottomward bandwidth. I ran about 130 users thru this setup.
--
Have you played Tradewars today? I absence the old BBS days.
I haven't acclimated it but it sounds like it will do all you need. You can get a chargeless authorization (limited cardinal of users), set up Mikrotik on an old PC, assurance up for the hotspot administrator beta balloon and try it out for nothing.
MT hotspot will not acquiesce added than one user ID to log on simultaneously.
HTH.
Was apprehensive about press up the pre-paid cards for hotspots as well.
Anyone actuality able to acclaim either one? I was cerebration of these two options for hotspot managment...
1) Pre-paid cards that the chump buys at the adverse of the store/restaurant/whatever
2) Captive aperture that allows the chump to accomplish a username and countersign annual for the arrangement and aloof "Tops up" their time/credits/etc via a acclaim card. This way the username is specific to them and never expires all they accept to do is aloof add time to it.
The additional one is a bit out of the accustomed as to what I've seen, but has anyone anytime approved it or would anticipate it's a acceptable way to go?
Thanks!
reply to cariboo
We use tranzeo AP's and MikroTik-as a cellophane bridge, with abundant results, no issues.
I am currently testing a TR-CPE200-15 with a Mikrotik box acquisition and the TR-CPE 200-15 locks up afterwards 2 days.
OT but actual interesting, as we accept acclimated 2 of these units as aback hauls with a MikroTik-bridge abaft it with all cartage from one AP,,with alone one lock-up in 8 months...
--
Success is accepting what you want; Happiness is absent what you get



Posted in

MikroTik WEB.PROXY Recommendation

Posted by Unknown on 14:23:00
0
Always try NOT to use the aforementioned accumulator deejay to abundance your your accumulation and your your Router OS, to ensure there is consistently abundant amplitude on your router OS Deejay for logs, advancement / amend bales & Backups. Therefore It is awful recommended that the web-proxy accumulation is stored on a physically abstracted drive (store) added than the Router OS. Placing the accumulation on a abstracted drive ensures best achievement and reduces problems if the deejay becomes abounding or fails as the OS will again still be OK!
Caching Internet admission will crave a lot of apprehend and writes to the disk, chose fast deejay as for best achievement / circumstantial user appeal support.
Cache achievement additionally abundantly depends on RAM size, the More RAM you accept in your server, the Better achievement you will get.
We will bisect this commodity in 3 Sections.
1# Preparing Accessory Partition for Accumulation
2# Configuring Web Proxy
3# Transparent Proxy
Let’s BEGIN . . .
1# Preparing Accessory Drive for CACHE
First we will Format accessory harddrive (to be acclimated for accumulation ), IF YOU DON’T WANT TO USE SECONDARY HARD-DIVE, SKIP THIS STEP.
Goto SYSTEM > STORES > DISKS
Select the Accessory Hard drive and bang on FORMAT DRIVE
As apparent in the angel below.
fromat-secondary-hdd
.
Now go to STORES tab (by abyssal to SYSTEM > STORES)
Select the WEB-Proxy amalgamation and bang on COPY
It will ask you area to archetype WEB-Proxy package, Select Secondary Drive in TO box.
As apparent in the angel below.

2# Configuring Web Proxy

Now We have to Enable Mikrotik Web Proxy by navigating to 
IP > WEB PROXY
As shown in the image below.
.
Now Click on “Enable”
in Port, Type 8080
Max Accumulation Admeasurement , Select Unlimited from bead bottomward menu, OR if you accept bound Disk Space, again use your adapted amount.
You accept to specify amplitude in KiloBytes for archetype 1024 KB = 1MB , so if you appetite to set 5 GB Cache, again use 5242880 , I am application 5 GB in this example.The accumulation admeasurement is absolutely based off of how abundant RAM you accept in the machine
As apparent in the angel beneath . ..
.
Click on Apply and your Mikrotik’s Web Proxy is Ready to be used, But Every applicant accept to set proxy abode pointing to Mikrotik IP to be able to use Proxy Service.
3# Transparent Proxy
If we appetite that every user charge be automatically redirected to Proxy transparently, again we accept to actualize added aphorism to angrily alter users to proxy service, which is alleged TRANSPARENT PROXY.
.
Goto IP > FIREWALL > NAT and actualize fresh rule
In Chain , Select dsntant,
In Protocol, Select 6 (tcp)
In Dst. Port, Type 80
As apparent in the angel beneath . . .
.
Now goto Action Tab,
In Action, Select redirct
In To Ports, Type 8080
As apparent in the angel beneath . . .                                                   

  
.
Now your anew created aphorism will attending like article beneath image.
As apparent in the angel beneath . . .
OR the CLI adaptation of aloft aphorism would be article like below.
1
/ip firewall nat add action=redirect chain=dstnat disabled=no dst-port=80 protocol=tcp to-ports=8080
Done. Now Mikrotik web proxy will accomplish as TRANSPARENT PROXY , Every user’s HTTP PORT 80 appeal will automatically be redirected to Mikrotik congenital Web Proxy.
You can View Proxy Status and added advice via activity to IP > WEB PROXY > SETTINGS > STATUS and added tabs in the aforementioned window.
As apparent in the angel beneath . . .

=========================================
WEB-PROXY Tips ‘N’ Tricks !! by Zaib (December, 2011)
=========================================

.

Howto Send CACHED Contents to user at Full Speed / Ignoring QUEUE Limit for cached-hits marked packets :)

First Mark Cached Contents by MANGLE Rule.
1
2
3
/ip firewall mangle
add action=mark-packet chain=output comment="CACHE HIT/Zaib" disabled=no dscp=4 \
new-packet-mark=cache-hits passthrough=no
Now Create an Queue Tree which will send cache-hits packets to users at full LAN speed, ignoring the user’s Static OR Dynamic QUEUES
1
2
3
4
/queue tree
add burst-limit=0 burst-threshold=0 burst-time=0s disabled=no limit-at=0 \
max-limit=0 name="Unlimited Speed for CACHE by zaib" packet-mark=cache-hits \
parent=global-out priority=8 queue=default
Now Try to download any cacheable content , for example download following file,
Once Downloaded, Try to download it again from any other computer or via same test pc. You will see the Queues and rules in action, sending cache-hits packets to users at full LAN speed.Remember Mikrotik web proxy is very basic and simple proxy server with not much tweaks and nuts ‘N’ Bolts  to set, So it will cache what it can. For advancements, Use SQUID instead.
As shows in the image below . . .
.
Also you can view the cache contents via going to IP > WEBPROXY > CACHE CONTENTS
As shows in the image below . . .

Howto Block Web Sites by Domain Name

You can block any web site via domain name as shown below.
1
2
/ip proxy access add action=deny disabled=no dst-host=yahoo.com
/ip proxy access add action=deny disabled=no dst-host=www.yahoo.com

Howto Block Downloading via File EXTENSION Types

You can block Downloading by file types using following code,
1
/ip proxy access add path=*.mp3 action=deny

Howto Block OPEN PROXY

Please Make sure You are not running your proxy in OPEN PROXY mode, If so any one cane use your proxy service over the internet, and can use perform any illegal activity and your proxy IP will be logged at remote server, So Block it immediately.
Use the following.
1
2
/ip firewall filter
add action=drop chain=input comment="Block Open PROXY <img src="http://s0.wp.com/wp-includes/images/smilies/icon_smile.gif?m=1129645325g" alt=":)" class="wp-smiley">  Zaib" disabled=no dst-port=8080 in-interface=wan protocol=tcp  src-address=0.0.0.0/0
In in-interface , select your WANinterface.

Howto Add LOGO and Edit Proxy Default ERROR Pages

Goto IP > WEB PROXY
Click on RESET HTML
It will ask you that “Current html pages will be lost ! Reset anyway?” CLick on YES
As shown in the image below . . .
,
Now goto FILES and you will see webproxy/error.html ,
As shown in the image below . . .
Just copy this error.html file to your desktop and edit it using your favorite html editor.
(I personally use MS FRONTPAGE 2003 due to its easy and user friendly interface, You can use notepad to edit this file content as its very small and contains basic text only. just don’t mess with the codes, only change the text you want, for example network name support numbers etc. after saving , upload it back to Mikrotiok under web-proxy section.)

Howto Block Web Site for Single User

To block any website for a single user , Use the following …
1
2
3
/ip proxy access
add action=deny comment="Block yahoo for single user" disabled=no dst-host=www.yahoo.com src-address=192.168.2.5
(192.168.2.5 is the user ip)
To block single user and redirect him to your policy page on any loacl web server defining the reason why he is blocked , use the following.
1
2
/ip proxy access
add action=deny comment="Block yahoo for single user" disabled=no dst-host=www.yahoo.com redirect-to=192.168.2.3/policy/deny.htm src-address=192.168.2.5
(192.168.2.3 is the web server ip , & 192.168.2.5 is the user ip)
As shown in the image below . . .

Posted in

Subscribe to: Posts (Atom)

The number of visits to the Code

Popular Posts

Total Pageviews

Social Icons

twitterfacebookgoogle pluslinkedinrss feedemail
Powered by Blogger.