Install a classic instance using vro Routeros

Article Title: Install a classic instance using a soft route Routeros. Linux is a technology channel of the IT lab in China. Includes basic categories such as desktop applications, Linux system management, kernel research, embedded systems, and open source.

RouteOS2.7.4 can be used to convert an ordinary PC into a professional router, up to the ISP core router/authentication gateway-because of its functions

Powerful and stable, low to home gateway firewall-because it is free. It provides the following main functions:
1. Winbox graphical interface remote management
2. telnet/serial console Management
3. Advanced bandwidth management
4. Firewall provides connection monitoring
5. Ethernet 10/100/1000 Mb/s
6. wireless network Clients and AP 2.4 GHz 11 Mb/s
7. wireless network Clients and AP 5.2 GHz 54 Mb/s
8. v.35 synchronous 5 Mb/s with frame-relay
9. asynch PPP/RADIUS (up to 32 ports) supports ades with E1/T1
10. IP Phone Gateway
11. hotspot gateway)
Other functions
The following describes how to configure the gateway.
Step 1: You need to prepare a computer, which is higher than 486DX. Of course, it is better to Pentium and above, at least 32 M memory, 32 m hard disk, preferably

All are 64 MB. If possible, use DOM instead of hard disk because it has a longer service life than hard disk. One 3.5 "floppy disk drive. Two

Nic NE2000 is compatible with Nic, or RTL8XXX, which is the best for PCI. The display and keyboard are only used during installation. You can

Check whether your hardware is compatible under the mikrotik.com.cn software introduction/compatibility list.
Step 2: Download a disk installation program from the mikrotik.com.cn software. Prepare eight 3.5 disks of better quality,

Run it on a Windows computer. First, click "YES" for a license agreement. The following figure shows the disk creation interface, which is inserted

Click Contiune on the first floppy disk. After a while, it will prompt you to insert the second disk until the eighth disk.
Step 3: connect the computer display and Keyboard used by the router. To start from a floppy disk, insert the first floppy disk and start the computer,

If it is normal, a floppy disk is started. You will be prompted to insert the second floppy disk and the second one until the eighth one. When the eighth Disk

After reading it, I will prompt you to restart the computer. Do not forget to take out the disk and set it to start from the hard disk.
Step 4: After the vro is restarted, the router will prompt you what the "Software ID" is and ask you to enter the "Licensing key ". You need

For a free license, see the instructions on the download page on the website. Pay attention to the Case sensitivity and correct Licening of the input.

After the key is entered, the logon process is displayed. "Username" and "Password". The default Administrator account is admin and no Password is required.
Step 5: configure the vro. Log On As an administrator and enter the setup command as prompted. If your Nic is PCI, a prompt is displayed.

If you set ether1 (the first network card), enter ipaddress (IP address): 192.168.0.1, netmask (subnet mask ):

255.255.255.0, gateway: 192.168.0.254, network: 192.168.0.0, broadcast: 192.168.0.255. Youmo

Just press Enter. Here I will use ether1 as the LAN port and ehher2. Connect your LAN. Client

(Windows computer) IP Address: 192.168.0.10, subnet mask: 255.255.255.0, Gateway: 192.168.0.1, DNS

: 192.168.0.1. All right, try network connection. In start-run, press command to confirm, and in the DOS window, press ping.

192.168.0.1 cannot be accessed. If Reply from 192.168.0.1: bytes = 32 time <10 ms TTL = 64 appears, it will be accessed, as shown in figure

If the Request timed out occurs, you need to check whether the network cable between you and the router is connected. If the connection is established, start IE at the address location.

Enter http: // 192.168.0.1 and press Enter. On the page, click the MikroTik WinBox Console icon to download winbox (

RouteOS graphical Management Program), run the Login Dialog Box, Connect To: Enter 192.168.0.1, Login: enter admin,

Password: blank. Click Connect. A new window is displayed after logon. This is the winbox management interface. Then you need to enable

Et22. click Interface, click the gray et22. click the blue check box in the window. Enable IP spoofing, click IP, Firewa,

Source NAT: Click the plus sign to add a policy. The default value is enough. Enable DNS Cache, IP> DNS Cache Settings>

Enable: Enter the DNS server address of the ISP. > OK.
The following steps are divided into two types: bandwidth and ADSL (PPPoE.
Broadband: Click IP, DHCP Clients, Enable, Add Default Route, Interface select et22. hostname is

Client1, OK. Open DHCP Clients again and check the Status page to see if the IP address is obtained. If the IP address is obtained, the process is complete.
ADSL: Click Interface, click the plus PPPoE Client to change MTU to 1492 (most of them), and switch to the Dail Out page input.

Service: (this can be obtained from the ISP or by RASPPPoE .), Enter the user name and password, check Use peer DNS, OK, and check

Check the Status page to see if it is connected. If some webpages cannot be opened, your ISP's MTU = 1492, go to IP> Firewall> Mangle>

Click the red plus sign> Protocol select TCP> Tcp Options select sync> Actions Select accept> tcp mss: 1448.
This is not required in most cases.
The above is the process of configuring the home gateway. More network configuration methods on the terminal are similar, but you only need to purchase the License. Note that

The Free License is used. Some restrictions are as follows:
Up to PPTP server connections-4.
Up to PPPoE server connections-4.
Maximum DHCP server lease-8.
Maximum number of hotspot service customers-4.
Maximum number of queues-4.
Maximum number of NAT policies-4.
Maximum number of EoIP interfaces-4.
Web Cache disabled

1) Installation-9 disks. Note that the hard disk content will be deleted! Also, the machine memory cannot be less than 24 M
Registration is prompted during installation. Note that the registration code is case sensitive.
2) Enter
3) set the ip address of the first NIC: Enter the setup command when prompted. If your Nic is PCI, you will be prompted to set ether1 (that is

For the first Nic, enter ipaddress (IP address): 192.168.0.1, netmask (subnet mask): 255.255.255.0, gateway

: 192.168.0.254, network: 192.168.0.0, broadcast: 192.168.0.255. Press enter by default.
4) on the windows Server, set the ip address to 192.168.0.x and enter 192.168.0.1 In the ie Address Bar.
The welcome screen of routeos is displayed. Click to download winbox and save
5) Run winbox and enter 192.168.0.1 username admin password. Select connection. The routing management interface is displayed.
6. Enable NIC: Click interface, click the second card, and select the check box (the color is not virtual)
7) set the address: ip -- address, select "+", and enter the ip address of the second card (which the isp gave you)
To facilitate management, it is best to change the alias of the two cards to public and local. In addition, multiple ip addresses of one NIC are supported.

You can set
8) Add a static route: Select "ip"> "routes" + ", select" gateway ", and enter the gateway address.
Here, destination can use the default 0.0.0.0 to indicate all the addresses of the route. You can also specify

Specified ip Range route. There can be multiple static routes. For example, you can specify multiple ip segments for management purposes.
9) set NAT shared Internet access: ip --> firewall-source nat, select +, select action, and select

Masquerade. You can select the default value for the remaining options.
Now, Internet sharing is complete.
For the rest, you need to add firewall rules. Otherwise, security is not guaranteed.
Ip-> firewall-> filter fules, select "+", in interface select Intranet NIC (local), and Other Default
This route allows connections from the Intranet. If there are restrictions, you can modify the ip segment of the src address or filter the content.

Ip-> firewall-filter chains select input and select drop
This rule disables all external connections.
These two rules shield all connections from the Internet.

Some malicious websites and advertisements can also be blocked here

For other information, refer to related documents or the rules in the firewall such as Skynet.

10) If you need to enter a password to authenticate the Internet, you can enable hotspot.

Instance: The network adapter 8139C connects to the LAN, NE2000 ISA (IO300 IRQ10) connects to the ADSL Modem, And the router address 192.168.0.1,

Access to broadband ADSL (download 2 m upload 512 K), a PC address in the network 192.168.0.8 (Limit downloading K upload 64 K), enable Upnp, open

Enable the DHCP service.

After RouteOS is installed, set the 8139C address to 192.168.0.1 and use winbox.

1. Drivers --- "+" --- Select NE2000 IO = 300 IRQ = 5
2. Interfaces --- click the gray NE2000 Nic --- click "check" to enable

PPPoe:
3. Interfaces --- "+" --- PPPoe Client ---
Name = adsl mtu = 1492 MRU = 1492 Interface = NE2000 Service = ADSL User = xxxxxxxx Password = xxxxxxxx

UsePeerDns = yes
Check whether ADSL is connected on the view status page.
4. IP --- Firewall --- Source NAT --- "+"
Action = masquerade
5. IP --- Firewall --- Mangle --- "+"
Protocol = TCP TcpOptions = sync Actions accept = tcp mss = 1448

DNS cache:
6. IP---DNS cache Settings
PrimaryDnsServer = 202.96.209.6 Enabled = yes

DHCP Server:
7. IP --- pool --- "+"
Name = 123 Addresser = 192.168.0.2-192.168.0.99
8. IP --- DhcpServer --- "+"
Name = "" Interface = 8139C Addpool = 123 netmask = 24 gatway = 192.168.0.1 DnsServer = 192.168.0.1

Upnp:
9. IP --- Upnp --- "+"
Interface = 8139C Type = internal
10. IP --- Upnp --- "+"
Interface = ADSL Type = external Enabled = yes
11. Terminal --- type ip upnp interface (enter)
Enable 0, 1 (enter)
.. Set enabled = yes (enter)

Queues:
12. Download Bandwidth IP --- Simple Queues --- "+"
Name = down SrcAddress = 0.0.0.0/0 DstAddress = 192.168.0.8/32 terface = 8139C Maxlimit = 256000
13. Upload Bandwidth IP --- Firewall --- Mangle --- "+"
SrcAddress = 192.168.0.8/32 InInterface = 8139C DstAddress = 0.0.0.0/0 Protocol = all Action = accept

FlowMark = UP
14. Queues --- QueuesTree --- "+"
Name = UP Parent = ADSL Flow = UP MaxLimit = 64000

I used to focus on OSPF. Later, I focused on the route entry in the PDF document, and finally achieved little success.
For other settings, read previous articles.
Let me talk about how to make gateways with two fixed IP addresses work at the same time.
In the routing settings of WINBOX, delete all the rules that can be deleted.
Only routing rules starting with DC are left (Deleted)
Select terminal mode to enter the command line status
Type: ip route add gat = xxxxxxxxxxxxxx, xxxxxxxxxx (addresses of the two gateways)