How to block using address-list in MikroTik

If you have multiple destination websites (addresses) you wish to block and you may want to add more addresses sometime in the future. It is a good idea to group those addresses into a list with a name that you can then block using that name. Time to time, you just need to add to the list without the need of writing a new blocking rules.

E.g. You want to block three websites e.g. a.com (122.3.2.1), b.com (100.1.2.3) and c.com (29.9.9.1). What you need to do is to issue: nslookup a.com … Or whatever way you do to get IP address of what websites (or anything?) you want to block. Then add the translated IP addresses into a list (let say name: BlockList). Finally, apply a firewall filter rule to block them with an action: reject or drop.

Here is how to do using command lines:

/ip firewall address-list add address=122.3.2.1 list=BlockList

/ip firewall address-list add address=100.1.2.3 list=BlockList

/ip firewall address-list add address=29.9.9.1 list=BlockList

/ip firewall filter add action=reject chain=forward dst-address-list=BlockList in-interface=lan out-interface=internet

… Later you can just add more address, last rule will automatically be applied. Note that you can also use this list to apply with other things like mangle…

How to remove page number from Heading 1 in Table of Contents [MS Word]

Here is what you do and come to problem:

1- Make sure you already set all heading for your titles (heading 1, 2 or 3)

2- Now it’s time that you insert your “table of contents”, but you don’t want to show page number on heading 1 (heading 1 for Part I, Part II … as shown in the figure 2 below)

Here is the solution:

  • Insert your table of content
  • Press Alt+F9 to switch between your normal table of content and TOC mode.
  • You should see { TOC \o “1-3” \h \z \u }. 
  • Then change it to { TOC \n “0-1” \h \z \u } to remove page number from heading 1 but NOT for others. (refer to figure 1)
1

Figure 1: when pressing Alt+F9

 

2

Figure 2: your desired table of contents

3

Figure 3: How you set auto numbering different level

 

Some Basic MikroTik Commands

Here are some basic commands.

  1. To create a name for network card

/interface print

/interface set numbers=0 name=internet

/interface set numbers=1 name=lan

  1. To assign ip address to network card

/ip dhcp-client add interface=internet

/ip address add address=10.0.0.1/24 interface=lan
/ip address add address=10.0.0.1 netmask=255.255.255.0 interface=lan

  1. To create NAT rule (to allow all clients to internet)

/ip firewall nat add chain=srcnat action=masquerade out-interface=internet

  1. To assign dns (your primary dns is x.x.x.x)

/ip dns set servers=x.x.x.x,8.8.8.8 allow-remote-requests=yes

  1. To create dhcp (the easiest way)

/ip dhcp-server setup (just follow the instruction, note to select interface “lan”)

Or if you want to do it manually, follow this:

/ip pool add name=YOUR_POOL_NAME ranges=10.2.0.1-10.2.0.100

/ip dhcp-server add name=YOUR_DHCP_NAME address-pool=YOUR_POOL_NAME interface=YOUR_INTERFACE

You can find more commands from MikroTik official Wiki where you can find both GUI and CLI procedure: https://wiki.mikrotik.com/wiki/Manual:TOC

How to install and access to your Raspberry Pi (Rasbian Lite version — No GUI)

Teamviewer on rasbian lite (no GUI)

  1. make sure you have TeamViewer account
  2. Download package: $ wget https://download.teamviewer.com/download/linux/teamviewer-host_armhf.tar.xz
  3. Extract package: $ tar -xvf teamviewer-host_armhf.tar.xz
  4. Install via dpkg tool: $ dpkg -i teamviewer-host_armhf.deb
  5. Run apt to fix: $ apt install -f (then you will ask to install a lot of dependencies, by issue ‘Y’)
  6. Run this command: $ teamviewer setup -> accept agreement -> login your credential (email) -> go to your
  7. email and add trusted devices -> you should get your TeamViewer ID for your raspberry box
  8. Create password for your device corresponding to your TeamViewer ID you get from the previous step: $ teamviewer –passwd YOUR_PASSWORD

===> Now you should be able to log in to your raspberry pi via teamviewer shown as SSH console.

 

Screen Shot 2017-12-07 at 4.40.20 PM

Sample image: Raspberry Pi from TeamViewer Apps with ‘htop’ running

 

How to install Webmin in Ubuntu

Here are a couple steps to get Webmin up and running on Ubuntu box:

  1. Make sure you log in as root, otherwise issue: sudo -s
  2. Add *.list file name webmin.list: nano /etc/apt/sources.list.d/webmin.list
    #add this lines
    deb http://download.webmin.com/download/repository sarge contrib
    deb http://download.webmin.com/download/repository sarge contrib
  3. Download key file: wget http://www.webmin.com/jcameron-key.asc
  4. Add key: apt-key add jcameron-key.asc
  5. Update package list: apt-get update
  6. Install package Webmin: apt-get install webmin
  7. Finally, you can now access to your Ubuntu box: https://Ubuntu-IP-Address:10000

Cheers!!!

How to allow remote to your Raspberry box (any server) from outside via MikroTik box

Now I would like to show you all how to allow remote access to your internal server from outside (the internet) using MikroTik router – Port Forwarding.

What I have:

  • public address (internet address): 10.11.12.137 (I assume it)
  • your internal server: 10.0.0.2 (SSH server, you can use with any other service)

How to configure on your MikroTik:

I will use command lines because it’s quick and easy, if you use GUI like webfig or winbox, you can just open terminal from the menu at the left-hand side as well.

There are two things you need to do:

  1. Enable NAT rule as ‘dstnat’
  2. Enable Filter rule as ‘forward’

ip firewall nat add chain=dstnat dst-address=10.11.12.137 dst-port=22 protocol=tcp action=dst-nat to-addresses=10.0.0.2

ip firewall filter
add chain=forward connection-state=established,related action=accept

If you want to redirect port for some security purposes like you want to access to port 8022 from outside and want to still be able to access your server, let just add a little bit to  the previous rules:

ip firewall nat add chain=dstnat dst-address=10.11.12.137 dst-port=8022 protocol=tcp action=dst-nat to-addresses=10.0.0.2 to-ports=22

ip firewall filter
add chain=forward connection-state=established,related action=accept

That’s it, thanks you…