user interface location: IP → DHCP Server → DHCP tab
default Lease Time is 00:10:00, which is 10 hours
Factory Default Settings, revert to
- Turn off the device power.
- Hold the reset button and do not release.
- Turn on the device power and wait until the USER LED labeled with “ACT” starts flashing.
- Now release the button to clear configuration.
- Wait for a few minutes for the router to clear and restore the factory settings.
If you release the reset button after the LED stops flashing, you have to redo everything again./p>
for Interface “ether” ports
click on the “ether” port of interest (probably whichever one shows active traffic in the “Tx” and “Rx” columns) → click “Torch” → click “Start” → observe what shows up in the bottom pane
user interface location: IP → FireWall → NAT tab
first, issue command:
/ip firewall nat
this will alter the appearance of the command line to “pre-pend” the “/ip firewall nat” string to the command line
then run
add chain=srcnat action=masquerade out-interface=ether4
for Interface “ether” ports
click on the “ether” port of interest (probably whichever one shows active traffic in the “Tx” and “Rx” columns) → click “Torch” → click “Start” → observe what shows up in the “Src.” column in the bottom pane
allow from user interface location: IP → FireWall → Filter Rules tab
Chain: forward, Src. Address: your IP (local IP for some internal MikroTik port
somewhere), Protocol: 6 (tcp), Dst. Port: 110, Action: accept
In the command below, the “Src. Address” is specified as “192.168.88.252”.
I don't know (or can't remember) how this was determined but it seems to work.
Leave the following blank: Dst. Address, Src. Port — and everything after Dst. Port except
leave default “accept” choice in the pick list way down at the bottom
Same for port 587
allow - from here
ip firewall filter add chain=forward src-address=192.168.88.252/32
protocol=tcp dst-port=110 action=accept comment=Allow pop for server (out)
IP → Firewall → NAT tab → Add New
in the form that pops up, specify
- Chain: dstnat
- Protocol: 6 (tcp)
- Dst. Port: 80, 443, etc.
- In. Interface: bridge
- further down, Action: dst-nat
- To Addresses: 192.168.x.x
- To Ports: 80, 443, etc.
When I configure as above for port 80, it killed my access to the router itself because, of course, accessing the router itself requires communication to port 80. The only way I could recover was to restore to factory settings.
to restrict traffic only from a specific address, Restrict traffic to port forwarded host Mikrotik
More here, where “In. Interface: bridge” isn't even specified or filled in.
allow remote desktop - from here
first, issue command:
/ip firewall nat
this will alter the appearance of the command line to “pre-pend” the “/ip firewall nat” string to the command line
then run
add action=dst-nat chain=dstnat disabled=no dst-port=3389
in-interface=ether1 protocol=tcp to-addresses=10.0.0.2 to-ports=3389
Where 10.0.0.2 is the address of the machine you want to RDP into. But I really just want to access outside PC
255.255.224.0
this is a file the router generates that might be helpful for support
generate: go to “Make Supout.rif”
download: go to “Files”, find & download
users – system → Users
create security profile
Wireless → Security Profiles → Add New button
Give it a name
Mode: dynamic keys
Check “WPA PSK”, “WPA2 PSK” check boxes. Not really sure why or if you need both these, but..
Fill in the same password for “WPA Pre-Shared Key” and “WPA2 Pre-Shared Key” text boxes.
Click “Apply” or “OK”
apply security profile
Wireless → WiFi Interfaces → click on “wlan1”
change name in “SSID” field
select security profile from pick list
Winbox to access router from desktop