Mikrotik Routers Configuration

Basic Setup {key performance and security tweaks}

PPPOE setup:

Under Internet change address acquistion to PPPoe and fill in the PPPoe Username and Password. Then press reconnect and it should show you the IP address for the connection. 

Local Network setup:

Fill in the Local IP address you would like and the DHCP range required, ensure you select NAT or it will not route to the local IP addresses.

Security

Password: set the password for the router to your chosen password

Set WIFI security to WPA2 with both aes ccm and tkip checked, and then enter a WIFI password.

Finally click check updates at the bottom to update the firmware

OPEN DNS RESOLVER

Go to IP/Firewall/Filter Rules

add chain=input action=drop protocol=tcp in-interface=pppoe-out1 dst-port=53
 add chain=input action=drop protocol=udp in-interface=pppoe-out1 dst-port=53

Limit remote access

Under IP/services/www in the available from enter the below

xxx.xxx.xxx.xxx/32 This is any external IP you want to be able to access the router from. 

DHCP IP range: xxx.xxx.xxx.xxx/24

Make sure you click Apply config at the bottom!


How To Port Forward

  1. Log into the web interface of the Microtik
  2. Navigate to IP -> Firewall
  3. Click the NAT tab
  4. Set Chain to dstnat
  5. Enter the routers public IP address into Dst. Address
  6. Set Protocol to the relevant setting
  7. Set Dst. Port to the required port
  8. Set Action to dst-nat
  9. Enter the required internal IP address into To Addresses
  10. Set To Ports as the required port(s)
  11. Click OK

Stopping Open DNS

A DNS server is not running by default, but can be configured under /ip dns (or the "IP / DNS" GUI menu), in which case therouter will act as an open DNS resolver.

A firewall filter rule can prevent incoming DNS traffic on the WAN interface:

 /ip firewall filter
 add chain=input action=drop protocol=tcp in-interface=pppoe-out1 dst-port=53
 add chain=input action=drop protocol=udp in-interface=pppoe-out1 dst-port=53

(replace ppoe-out1 with your external interface name obtained from /interface print).


Disabling SIP ALG

You can also configure this in the GUI under "IP / Firewall / Filter Rules"

Mikrotik SIP ALG is called a SIP Helper and is located under /IP>Firewall>Service ports

To disable, run this command from the terminal:

/ip firewall service-port disable sip

Or from winbox just navigate to IP>Firewall and then click on the Service Ports tab and disable it through the GUI.

Videos

Call Encryption - TLS/SRTP walkthrough
Embedded thumbnail for Call Encryption - TLS/SRTP walkthrough
Hosted Directory LDAP - Lightweight Directory Access Protocol
Embedded thumbnail for Hosted Directory LDAP - Lightweight Directory Access Protocol
Cloud PBX Explainer
Embedded thumbnail for Cloud PBX Explainer
Zoiper Softphone Configuration
Embedded thumbnail for Zoiper Softphone Configuration
Call Conferencing
Embedded thumbnail for Call Conferencing
Receptionist Console
Embedded thumbnail for Receptionist Console

Search Help Portal

Get in touch

VoiceHost Limited
Norfolk Tower
Surrey Street
Norwich
NR1 3PA

UK Freephone 0800 2 545454

International +44 1603904090

support [at] voicehost.co.uk

Connect With Us

Download the iOS App from the Apple App Store

Get the Android app from the Google Play store