How to setup your IT Infrastructure for Work From Home

How to setup your IT Infrastructure for Work From Home in low cost with open source secure industry standard technologies.

Here I am going to talk about talk about small and medium size offices and companies who are not able to invest big amount to upgrade or migrate there IT infrastructure  for there workers to work from home in the COVID pandemic .

There are few things mostly you are using in the office as IT infrastructure as end user. if that IT infrastructure is available at your home then mostly people can work from home easily.

I am taking a small office example scenario with 30 employees which  you require to work from home.

Simple small office network diagram .

Continue reading How to setup your IT Infrastructure for Work From Home

MikroTik DHCP Server configuration for multiple Networks

MikroTik DHCP Server configuration for multiple Networks

If you are having multiple Network  and want to configure DHCP server for your Networks .

Follow the steps and change the  IP Address and Interface names according to your requirement.

Here I will configure two networks for my home

1-   172.16.10.0/24   for my LAB

2- 10.34.200.0/24 for my Home

My Interfaces IP address

/ip address
add address=172.16.10.1/24 interface=ether2_lab network=172.16.10.0
add address=10.34.200.1/24 interface=ether3_home network=10.34.200.0

1- Create IP Pools for your Network

/ip pool
add name=lab ranges=172.16.10.100-172.16.10.150
add name=home ranges=10.34.200.100-10.34.200.150
add name=PPTP ranges=172.16.11.100-172.16.11.150

 

2- Create DHCP Server

/ip dhcp-server
add address-pool=lab disabled=no interface=ether2_lab name=dhcp1
add address-pool=home disabled=no interface=ether3_home name=server1

3- Create DHCP-Server Network

/ip dhcp-server network
add address=10.34.200.0/24 gateway=10.34.200.1
add address=172.16.10.0/24 gateway=172.16.10.1

How to block Country in Mikrotik Firewall

How to block Country in Mikrotik Firewall.

If you want to block whole country in Mikrotik firewall  visit the website https://mikrotikconfig.com/firewall/

step 1 :-  Check the countries you want included in the address list. Scroll down for additional countries.

Step 2- Click this button to generate your stand alone address list for use with your own custom rules

it will generate the firewall command with IP address . now copy and paste in Mikrotik  CLI.

 

 

 

 

 

Mikrotik hotspot setup

Mikrotik hotspot setup

copy and paste line by line

/ip address
add address=172.16.1.1/24 comment=LAN disabled=no interface=LAN network=172.16.1.0
add address=192.168.137.100/24 comment=WAN disabled=no interface=WAN network=192.168.137.0
———————————————————————————————
/ip pool
add name=hs-pool-1 ranges=172.16.1.10-172.16.1.255
———————————————————————————————
/ip dns
set allow-remote-requests=yes cache-max-ttl=1w cache-size=10000KiB max-udp-packet-size=512 servers=192.168.137.1
———————————————————————————————
/ip dhcp-server
add address-pool=hs-pool-1 authoritative=after-2sec-delay bootp-support=static disabled=no interface=LAN lease-time=1h name=dhcp1
/ip dhcp-server config set store-leases-disk=5m
/ip dhcp-server network add address=172.16.1.0/24 comment=”hotspot network” gateway=172.16.1.1
———————————————————————————————
/ip hotspot profile
set default dns-name=”” hotspot-address=0.0.0.0 html-directory=hotspot http-cookie-lifetime=3d http-proxy=0.0.0.0:0 login-by=cookie,http-chap name=default rate-limit=”” smtp-server=0.0.0.0 split-user-domain=no use-radius=no
add dns-name=login.aacable.net hotspot-address=172.16.1.1 html-directory=hotspot http-cookie-lifetime=1d http-proxy=0.0.0.0:0 login-by=cookie,http-chap name=hsprof1 rate-limit=”” smtp-server=0.0.0.0 split-user-domain=no use-radius=no
/ip hotspot
add address-pool=hs-pool-1 addresses-per-mac=2 disabled=no idle-timeout=5m interface=LAN keepalive-timeout=none name=hotspot1 profile=hsprof1
/ip hotspot user profile
set default idle-timeout=none keepalive-timeout=2m name=default shared-users=1 status-autorefresh=1m transparent-proxy=no
add address-pool=hs-pool-1 advertise=no idle-timeout=none keepalive-timeout=2m name=”512k Limit” open-status-page=always rate-limit=512k/512k shared-users=1 status-autorefresh=1m transparent-proxy=yes
add address-pool=hs-pool-1 advertise=no idle-timeout=none keepalive-timeout=2m name=”256k Limit” open-status-page=always rate-limit=256k/256k shared-users=1 status-autorefresh=1m transparent-proxy=yes
/ip hotspot service-port set ftp disabled=yes ports=21
/ip hotspot walled-garden ip add action=accept disabled=no dst-address=172.16.1.1
/ip hotspot set numbers=hotspot1 address-pool=none
/ip firewall nat add action=masquerade chain=srcnat disabled=no
/ip hotspot user
add disabled=no name=admin password=123 profile=default
add disabled=no name=zaib password=test profile=”512k Limit” server=hotspot1
add disabled=no name=test-256k password=test profile=”256k Limit” server=hotspot1
———————————————————————————————
/ip route
add disabled=no distance=1 dst-address=0.0.0.0/0 gateway=192.168.137.1 scope=30 target-scope=10

Sorce Link click here

How to limit upload and download to all users in network using mikrotik RouterOS

How to limit upload and download to all users in network using mikrotik RouterOS

There are two ways how to make this: using mangle and queue trees, or, using simple queues.

1. Mark all packets with packet-marks upload/download: (lets constider that ether1-LAN is public interface to the Internet and ether2-LAN is local interface where clients are connected

/ip firewall mangle add chain=prerouting action=mark-packet in-interface=ether1-LAN new-packet-mark=client_upload

/ip firewall mangle add chain=prerouting action=mark-packet in-interface=ether2-WAN new-packet-mark=client_download

2. Setup two PCQ queue types – one for download and one for upload. dst-address is classifier for user’s download traffic, src-address for upload traffic:

/queue type add name=”PCQ_download” kind=pcq pcq-rate=64000 pcq-classifier=dst-address

/queue type add name=”PCQ_upload” kind=pcq pcq-rate=32000 pcq-classifier=src-address

3. Finally, two queue rules are required, one for download and one for upload:

/queue tree add parent=global-in queue=PCQ_download packet-mark=client_download

/queue tree add parent=global-out queue=PCQ_upload packet-mark=client_upload

If you don’t like using mangle and queue trees, you can skip step 1, do step 2, and step 3 would be to create one simple queue as shown here:

/queue simple add target-addresses=192.168.0.0/24 queue=PCQ_upload/PCQ_download packet-marks=client_download,client_upload

Sorce link:- Click here