Saturday, February 23, 2013

One to One NETMAP using Mikrotik Router


If we use private ip in our server and want to access that server from internet then we need to set 1 to 1 netmap bellow are the configuration of netmap, you just need to change the public IP, Private IP and WAN interface name as per your configuration.

say we have 4 public ip address 10.10.55.171 to 10.10.55.174
and we want to netmap private IP address 192.168.123.71 to 192.168.123.74


/ip address add address=10.10.55.171/32 interface=wan 
/ip address add address=10.10.55.172/32 interface=wan 
/ip address add address=10.10.55.173/32 interface=wan 
/ip address add address=10.10.55.174/32 interface=wan 

/ip firewall nat add chain=dstnat dst-address=103.10.55.171 action=dst-nat to-addresses=192.168.123.71
/ip firewall nat add chain=dstnat dst-address=103.10.55.172 action=dst-nat to-addresses=192.168.123.72
/ip firewall nat add chain=dstnat dst-address=103.10.55.173 action=dst-nat to-addresses=192.168.123.73
/ip firewall nat add chain=dstnat dst-address=103.10.55.174 action=dst-nat to-addresses=192.168.123.74

/ip firewall nat add chain=srcnat src-address=192.168.123.71 action=src-nat to-addresses=103.10.55.171
/ip firewall nat add chain=srcnat src-address=192.168.123.72 action=src-nat to-addresses=103.10.55.172
/ip firewall nat add chain=srcnat src-address=192.168.123.73 action=src-nat to-addresses=103.10.55.173
/ip firewall nat add chain=srcnat src-address=192.168.123.74 action=src-nat to-addresses=103.10.55.174


Best Regards

Nawshad Ahmed
www.mikrotikacademybd.com
Mikrotik Router OS Training in Bangladesh
Posted by at 1 comment:
Labels:

Friday, February 15, 2013

DoS attack Protection


DoS attack Protection

  • Limit incoming connections
Address with too much connections can be added to address list for blocking.

/ip firewall filter add chain=input protocol=tcp connection-limit=LIMIT,32 action=add-src-to-address-list  address-list=blocked-addr address-list-timeout=1d 
/ip firewall filter add chain=input protocol=tcp src-address-list=blocked-addr connection-limit=3,32 action=tarpit 



where LIMIT is max. number of connection per IP. LIMIT should be 100 or higher as many services use multiple connection (HTTP, Torrent, other P2P programs).
  • Action tarpit
Instead of simply droping attackers packets(action=drop) router can capture and hold connections and with enough powerfull router is can kill the attacker.

www.mikrotikacademybd.com

Posted by at No comments:
Labels:
Subscribe to: Posts (Atom)