Discover the power of RouterBOARDS

Self-Control

Other Features

RouterOS provides a number of interesting capabilities, such as modifying your routing tables manually. Network interfaces can be bridged the same way you would in a regular Linux system. Hardware offloading is supporting for some configurations, which means in certain circumstances you can take load off the CPUs and let the network cards do the packet switching to improve performance. The routers that have a WiFi interface can have it configured as a client, so you could, for example, connect a number of computers in a lab to a router that is not connected to a gateway and then establish a WiFi connection from this router to another router that does have Internet access, therefore making the lab able to reach the Internet without wires.

Recent versions have a so-called Kid Control (Figure 6), which is a mechanism for restricting the time per day that devices can make use of the Internet. In this way you can define which times of the day to allow certain users to connect.

Figure 6: Kid Control allows you to restrict the times of the week when children may use the Internet.

In addition to DNS and NTP servers, RouterOS includes an HTTP proxy. In fact, RouterOS can be used to implement network-level ad blocking by generating a blacklist from the EasyList [12] or StevenBlack [13] host file and loading it to the DNS server or the proxy server for your clients to use. Personally, I use a separate device for this task for performance reasons, but the option is always available.

Additionally, RouterOS can run scripts [14] and set scheduled tasks [15].

Beyond RouterOS

If you buy a router from MikroTik and discover you don't like RouterOS, you might find yourself with a not-so-cheap piece of hardware and firmware you don't really like. What do you do then? Fortunately, you can flash a different operating system on your router. For example, OpenWrt [16], a Linux distribution for routers, is a valid alternative.

Conclusion

MikroTik offers routers with an impressive set of capabilities that let you control the tiniest aspects of your network. The price of this power is knowing how computer networks operate; you don't need to be an engineer, but you do need to know more than the basics.

Infos

  1. MikroTik: https://mikrotik.com/
  2. MikroTik EULA: https://mikrotik.com/downloadterms.html
  3. RouterOS firewall filters: https://help.mikrotik.com/docs/display/ROS/Filter
  4. "Killing Ads with the LAN-Level Privoxy Web Proxy" by Rubén Llorente, Linux Magazine , issue 232, March 2020, pg. 24, https://www.linux-magazine.com/Issues/2020/232/Privoxy
  5. ARP spoofing: https://en.wikipedia.org/wiki/ARP_spoofing
  6. Creative Commons Attribution-Share Alike 4.0 International: https://creativecommons.org/licenses/by-sa/4.0/
  7. "Build a VPN Tunnel with WireGuard" by Ferdinand Thommes and Christoph Langner, Linux Magazine , issue 237, August 2020, pg. 46, https://www.linux-magazine.com/Issues/2020/237/WireGuard
  8. "Why not WireGuard" by Michael Tremer, IPFire Blog , February 18, 2020; revised June 15, 2021, https://blog.ipfire.org/post/why-not-wireguard
  9. WireGuard: https://help.mikrotik.com/docs/display/ROS/WireGuard
  10. Advanced traffic control: https://wiki.archlinux.org/title/Advanced_traffic_control
  11. Simple Queues: https://wiki.mikrotik.com/wiki/Manual:Queue
  12. EasyList: https://easylist.to/
  13. StevenBlack lists: https://github.com/StevenBlack/hosts
  14. Scripting: https://help.mikrotik.com/docs/display/ROS/Scripting
  15. Scheduler: https://help.mikrotik.com/docs/display/ROS/Scheduler
  16. OpenWrt wiki: https://openwrt.org/toh/mikrotik/common

The Author

Rubén Llorente is a mechanical engineer whose job is to ensure that the security measures of the IT infrastructure of a small clinic are both legally compliant and safe. He is also an OpenBSD enthusiast and a weapons collector.

Buy this article as PDF

Express-Checkout as PDF
Price $2.95
(incl. VAT)

Buy ADMIN Magazine

SINGLE ISSUES
 
SUBSCRIPTIONS
 
TABLET & SMARTPHONE APPS
Get it on Google Play

US / Canada

Get it on Google Play

UK / Australia

Related content

  • Creating a redundant array of inexpensive links
    The Fault Tolerant Router daemon uses multipath routing among multiple Internet connections to keep you connected, even when some connections go down.
  • IPv6 security on IPv4-only networks
    Even though corporations are looking to move to IPv6, in some situations networks still rely exclusively on IPv4. We discuss ways to minimize delays and unsatisfactory behavior in mixed IPv4/IPv6 IT environments.
  • Routing with Quagga

    Cisco and Juniper have implemented routing protocols to help your router find the optimum path. On Linux, you can use software like Quagga, with its Zebra daemon, to help automate this process.

  • Neglected IPv6 Features

    IPv6 is establishing itself in everyday IT life, and all modern operating systems from Windows, through Mac OS X, to Linux have it on board; but if you let IPv6 introduce itself into your environment, you could be in for some unpleasant surprises.

  • Kubernetes networking in the kernel
    Cilium and eBPF put Kubernetes networking down in the kernel where it belongs.
comments powered by Disqus