Tuesday, 6 January 2026

Mikrotik ki configration

 

یہ MikroTik RouterOS کی basic router configuration ہے جو آپ کے دئیے گئے Scenario کے مطابق ہے۔

سادہ الفاظ میں یہ کن کاموں کے لیے ہے:

  • ether1 کو WAN کے طور پر configure کرنا

  • Public IP, Subnet, Gateway اور DNS set کرنا

  • ether2 اور ether3 پر دو الگ LAN networks بنانا

  • ether2 پر DHCP server چلانا

  • ether3 کو صرف static IPs پر رکھنا یعنی وہاں DHCP نہیں چلے گا

  • Internet share کرنے کے لیے NAT masquerade لگانا

  • کچھ basic firewall rules اور services hardening کرنا



Mikrotik ki conf karden simple , router model is MikroTik RouterOS 6.49.8 (c) 1999-2023

Port 1 = WAN IP 180.178.134.198
		Subnet=255.255.255.252
		GW= 180.178.134.197
		DNS= 180.178.128.100
		DNS= 180.178.139.210


Eth 2 = LAN IP 10.10.10.0/24
Eth 3 = LAN IP 10.10.20.0/24

Eth 2 LAN say DHCP nikalna ha 
Ehh 3 LAN StatIC IP per ho 

 MikroTik RouterOS 6.49.8 (c) 1999-2023


=============================================================================================================

Scenario Summary

ether1 = WAN

IP: 180.178.134.198/30

Gateway: 180.178.134.197

DNS: 180.178.128.100, 180.178.139.210

ether2 = LAN (DHCP enable)

Network: 10.10.10.0/24

ether3 = LAN (Static IP only)

Network: 10.10.20.0/24

DHCP nahi chalay ga

===============================================================================================================

/ip address add address=180.178.134.198/30 interface=ether1

/ip route add gateway=180.178.134.197

/ip dns set servers=180.178.128.100,180.178.139.210 allow-remote-requests=yes

/ip address add address=10.10.10.1/24 interface=ether2

/ip address add address=10.10.20.1/24 interface=ether3

/ip pool add name=dhcp_pool_lan ranges=10.10.10.10-10.10.10.200

/ip dhcp-server add name=dhcp_lan interface=ether2 address-pool=dhcp_pool_lan lease-time=1d

/ip dhcp-server network add address=10.10.10.0/24 gateway=10.10.10.1 dns-server=180.178.128.100,180.178.139.210

/ip dhcp-server enable dhcp_lan

/ip firewall nat add chain=srcnat out-interface=ether1 action=masquerade

/ip dns set servers=180.178.128.100,180.178.139.210,8.8.8.8 allow-remote-requests=yes

/ip service disable telnet

/ip service set ssh address=10.10.10.0/24,10.10.20.0/24

/ip firewall filter add chain=input connection-state=invalid action=drop

/ip firewall filter add chain=input connection-state=established,related action=accept

/ip firewall filter add chain=input src-address=10.10.10.0/24 action=accept
/ip firewall filter add chain=input src-address=10.10.20.0/24 action=accept
/ip firewall filter add chain=input in-interface=ether1 action=drop
Posted by at No comments:
Subscribe to: Comments (Atom)