Discover the power of RouterBOARDS

Self-Control

Other Features

RouterOS provides a number of interesting capabilities, such as modifying your routing tables manually. Network interfaces can be bridged the same way you would in a regular Linux system. Hardware offloading is supporting for some configurations, which means in certain circumstances you can take load off the CPUs and let the network cards do the packet switching to improve performance. The routers that have a WiFi interface can have it configured as a client, so you could, for example, connect a number of computers in a lab to a router that is not connected to a gateway and then establish a WiFi connection from this router to another router that does have Internet access, therefore making the lab able to reach the Internet without wires.

Recent versions have a so-called Kid Control (Figure 6), which is a mechanism for restricting the time per day that devices can make use of the Internet. In this way you can define which times of the day to allow certain users to connect.

Figure 6: Kid Control allows you to restrict the times of the week when children may use the Internet.

In addition to DNS and NTP servers, RouterOS includes an HTTP proxy. In fact, RouterOS can be used to implement network-level ad blocking by generating a blacklist from the EasyList [12] or StevenBlack [13] host file and loading it to the DNS server or the proxy server for your clients to use. Personally, I use a separate device for this task for performance reasons, but the option is always available.

Additionally, RouterOS can run scripts [14] and set scheduled tasks [15].

Beyond RouterOS

If you buy a router from MikroTik and discover you don't like RouterOS, you might find yourself with a not-so-cheap piece of hardware and firmware you don't really like. What do you do then? Fortunately, you can flash a different operating system on your router. For example, OpenWrt [16], a Linux distribution for routers, is a valid alternative.

Conclusion

MikroTik offers routers with an impressive set of capabilities that let you control the tiniest aspects of your network. The price of this power is knowing how computer networks operate; you don't need to be an engineer, but you do need to know more than the basics.

Infos

MikroTik: https://mikrotik.com/
MikroTik EULA: https://mikrotik.com/downloadterms.html
RouterOS firewall filters: https://help.mikrotik.com/docs/display/ROS/Filter
"Killing Ads with the LAN-Level Privoxy Web Proxy" by Rubén Llorente, Linux Magazine , issue 232, March 2020, pg. 24, https://www.linux-magazine.com/Issues/2020/232/Privoxy
ARP spoofing: https://en.wikipedia.org/wiki/ARP_spoofing
Creative Commons Attribution-Share Alike 4.0 International: https://creativecommons.org/licenses/by-sa/4.0/
"Build a VPN Tunnel with WireGuard" by Ferdinand Thommes and Christoph Langner, Linux Magazine , issue 237, August 2020, pg. 46, https://www.linux-magazine.com/Issues/2020/237/WireGuard
"Why not WireGuard" by Michael Tremer, IPFire Blog , February 18, 2020; revised June 15, 2021, https://blog.ipfire.org/post/why-not-wireguard
WireGuard: https://help.mikrotik.com/docs/display/ROS/WireGuard
Advanced traffic control: https://wiki.archlinux.org/title/Advanced_traffic_control
Simple Queues: https://wiki.mikrotik.com/wiki/Manual:Queue
EasyList: https://easylist.to/
StevenBlack lists: https://github.com/StevenBlack/hosts
Scripting: https://help.mikrotik.com/docs/display/ROS/Scripting
Scheduler: https://help.mikrotik.com/docs/display/ROS/Scheduler
OpenWrt wiki: https://openwrt.org/toh/mikrotik/common

The Author

Rubén Llorente is a mechanical engineer whose job is to ensure that the security measures of the IT infrastructure of a small clinic are both legally compliant and safe. He is also an OpenBSD enthusiast and a weapons collector.

« Previous 1 2 3