8 Apr
2016
8 Apr
'16
2:35 p.m.
Subject:
Re: [44net] firewall rules at AMPR.ORG router ?
From:
R P <ronenp(a)hotmail.com>
Date:
04/08/2016 08:50 PM
To:
AMPRNet working group <44net(a)hamradio.ucsd.edu>
Dear Rob
Thank you for Brief explain
Yes the Syntax of the Mikrotik is totally different then what i use to
Also the mikrotik is not popular here I had hard time to find stores that sell it and
i think im the only amateur who use it here
The help that comes with the web interface is not so explainable do you know where i
can find more explain on the commands (such as the explain you gave me about the
establish and new and related) ?
and if we talk on explain what is forward chain ? in and out i can understand but
forward?
and also there are a lot of commands in the action that i dont understand beside reject
drop accept
Where can i find description ?
As David also wrote: look for manuals of the Linux firewall, "iptables".
What is written about iptables is directly applicable to MikroTik, but in the MikroTik you
can enter the values in lots
of fields on the webform whereas in iptables you enter those on the commandline.
Also there is wiki.mikrotik.com for a lot of documentation, unfortunately it is oriented
around the command-line
interface but you generally find the same things in the web interface.
Here the MikroTik routers are available at a couple of webshops, but not in the average
highstreet computer store.
The reason is that they are very advanced and most users will not know how to configure
them beyond the simple
generic configurations available from the quick start screen.
But at features-for-price they are unbeatable.
For example, at work I needed a router for a "workplace-on-the-go". I use a
MikroTik router plus a 4G stick.
It opens a VPN to our Cisco VPN router at the central office and routes some subnets both
ways using iBGP.
The box can be connected at the installation site automatically using either plain
ethernet, guest WiFi, or 4G mobile internet.
The routed subnet is accessible on ethernet and WiFi.
We use this to connect a printer and a couple of laptops at a temporary office site, using
the internet access
that is available, or 4G if there is none. Total price for such a setup is about 150
euro when all hardware has
to be bought, or 60 euro when the 4G stick is "free with a mobile
subscription".
The MikroTik is either a RB951G-2HnD or a hAP AC Lite.
Not many other cheap routers can be WiFi access point and WiFi client at the same time,
and are able to do a VPN and
run a routing protocol over that. (simplifies the configuration, no static routes
required)
A similar Cisco (not ex-Linksys) router costs 5-20 times as much, and has less features.
But, it still is not the most convenient router for AMPRnet!
For that, a plain Linux box is to be preferred. We could try to install a Linux VM to
bridge the gap between a
standard router and the multipoint IPIP mesh plus modified RIP that we use and that is not
supported in standard
routers (either Cisco or MikroTik).
Rob