Subject: Re: [44net] firewall rules at AMPR.ORG router ? From: R P ronenp@hotmail.com Date: 04/08/2016 08:50 PM

To: AMPRNet working group 44net@hamradio.ucsd.edu

Dear Rob Thank you for Brief explain Yes the Syntax of the Mikrotik is totally different then what i use to Also the mikrotik is not popular here I had hard time to find stores that sell it and i think im the only amateur who use it here The help that comes with the web interface is not so explainable do you know where i can find more explain on the commands (such as the explain you gave me about the establish and new and related) ? and if we talk on explain what is forward chain ? in and out i can understand but forward? and also there are a lot of commands in the action that i dont understand beside reject drop accept Where can i find description ?

As David also wrote: look for manuals of the Linux firewall, "iptables". What is written about iptables is directly applicable to MikroTik, but in the MikroTik you can enter the values in lots of fields on the webform whereas in iptables you enter those on the commandline. Also there is wiki.mikrotik.com for a lot of documentation, unfortunately it is oriented around the command-line interface but you generally find the same things in the web interface.

Here the MikroTik routers are available at a couple of webshops, but not in the average highstreet computer store. The reason is that they are very advanced and most users will not know how to configure them beyond the simple generic configurations available from the quick start screen. But at features-for-price they are unbeatable.

For example, at work I needed a router for a "workplace-on-the-go". I use a MikroTik router plus a 4G stick. It opens a VPN to our Cisco VPN router at the central office and routes some subnets both ways using iBGP. The box can be connected at the installation site automatically using either plain ethernet, guest WiFi, or 4G mobile internet. The routed subnet is accessible on ethernet and WiFi. We use this to connect a printer and a couple of laptops at a temporary office site, using the internet access that is available, or 4G if there is none. Total price for such a setup is about 150 euro when all hardware has to be bought, or 60 euro when the 4G stick is "free with a mobile subscription". The MikroTik is either a RB951G-2HnD or a hAP AC Lite.

Not many other cheap routers can be WiFi access point and WiFi client at the same time, and are able to do a VPN and run a routing protocol over that. (simplifies the configuration, no static routes required) A similar Cisco (not ex-Linksys) router costs 5-20 times as much, and has less features.

But, it still is not the most convenient router for AMPRnet! For that, a plain Linux box is to be preferred. We could try to install a Linux VM to bridge the gap between a standard router and the multipoint IPIP mesh plus modified RIP that we use and that is not supported in standard routers (either Cisco or MikroTik).

Rob