My Mikrotik Initial Setup

This is my Mikrotik initial setup configuration on every new Mikrotik device that i install. With this configuration you will secure your router, create internet connection and share it with rest of the network .

Change the admin password

First thing i do i changing the admin user password. and also add new username with full privileges.

/user set admin password=putpasshere
/user add name=<myusername> password=<mypassword> group=full disabled=no

 Disable services that you are not using

List the services on your router

/ip services print

this will return something like this

Flags: X - disabled, I - invalid 
 #    NAME          PORT ADDRESS                            CERTIFICATE 
 0 X  telnet         23
 1 X  ftp            21
 2    www            80
 3    ssh            22
 4 X  www-ssl        443                                    none 
 5 X  api            8728
 6    winbox         8291

Disable the services you don’t need

/ip service disable <name>

Setting NTP services for time synchronization

I’ve run into many hours of debugging logs to find out that my router time was wrong and logs between two routers ware not accurate because of the time. You can find the closest time server from this page.

Setup your timezone and NTP servers

/system clock set time-zone=Europe/Skopje
/system ntp client set enabled=yes primary-ntp=<Server_IP_1> secondary-ntp=<Server_IP_2> mode=unicast

 Setup firewall rules to protect your router

First thing i do i set address list of IP’s that include the local network and my static IP addresses for remote access to the router in case I need to setup something for the client.

/ ip firewall address-list 
add list=remote_access address= comment="Local Netowork" disabled=no 
add list=remote_access address= comment="My Remote IP" disabled=no

Then the firewall rules

/ ip firewall filter
add chain=input connection-state=established comment="Accept established connections" disabled=no 
add chain=input connection-state=related comment="Accept related connections" disabled=no 
add chain=input connection-state=invalid action=drop comment="Drop invalid connections" disabled=no 
add chain=input protocol=udp action=accept comment="UDP" disabled=no 
add chain=input protocol=icmp limit=50/5s,2 comment="Allow limited pings" disabled=no 
add chain=input protocol=icmp action=drop comment="Drop excess pings" disabled=no 
add chain=input src-address-list=remote_access action=accept comment="Allow access to router from known networks and remote servers" disabled=no 
add chain=input action=log log-prefix="DROP INPUT" comment="Log everything else" disabled=no 
add chain=input action=drop comment="Drop everything else" disabled=no

 Enable DNS Remote Requests

To be able to use your router as DNS server you need to enable DNS Remote Requests on your router

/ip dns set allow-remote-requests=yes

Setup Internet Connection

If your ISP is using DHCP use this command

/ip dhcp-client add interface=ether1 add-default-route=yes use-peer-dns=yes disabled=no

If your ISP is using PPPoE use this command

/interface pppoe-client add user=<pppoe_username> password=<pppoe_password> interface=ether1 add-default-route
=yes use-peer-dns=yes disabled=no

Set your masquerade rules for allowing internet traffic to your network

/ip firewall nat add chain=srcnat out-interface=ether1 action=masquerade

Setup your DHCP Server

Use the following command and follow the wizard

/ip dhcp-server setup

With this configuration you will be fully functional and sharing internet access to the connected clients.

More information on Mikrotik’s Wiki Page

Notify of
Inline Feedbacks
View all comments