MikroTik | Web Proxy Log Configuration

RouterOS is capable of logging various system events and status information. Logs can be saved in routers memory (RAM), disk, file, sent by email or even sent to remote syslog server.

UP Link IP Address: 10.10.10.2/30
Local IP Address: 192.168.0.1/24
Log Configuration: Web Proxy Log
Platform: Mikrotik Router

Step 1: Connect your Mikrotik router with your pc with a utp cable. Collect winbox software (or download it from www.mikrotik.com), click on refresh tab for MAC scan, select the mac which has shown, login with admin user, no password.

Step 2: Add wan side IP address, subnet mask and select port.

Step 3: Then add LAN Side IP address, subnet mask and select port.

Step 4: Add routes.
 

Step 5: Add DNS address.

Step 6: Add NAT rules.

Step 7: Add NAT rules.

Step 8: Add NAT rules.

Step 9: Enable web proxy.

Step 10: Create log rules.

Step 11: Create log rules.

Step 12: Redirect log rules.

Step 13: Redirect log rules.

Step 14: Download "Web Proxy Log" application software from http://webproxy-log.software.informer.com/1.5/ and installed the application software. And also following screenshot.

Note: 192.168.0.3 is remote log storage host
 

Step 15: Import logs from write to log folder.

 

Step 16: IP wise user add from import log file.

Step 17: For check log report to select created user and select date. And then need to be click Generate.

Explanation: First we give a code snippet and then explain what it actually does.

/ip address
add address=192.168.0.1/24 comment=Local interface=ether3 network=192.168.0.0
add address=10.10.10.2/30 comment=UP_Link interface=ether1 network=10.10.10.0

/ip route
add check-gateway=ping distance=1 gateway=10.10.10.1

/ip dns
set servers=8.8.8.8, 4.2.2.2

/ip firewall nat
add action=masquerade chain=srcnat src-address=192.168.0.0/24

System log:

/system logging action
add bsd-syslog=yes name=syslog remote=192.168.0.3 target=remote
/system logging
add action=syslog topics=web-proxy,!debug
 
Web Proxy Redirect Rule:

/ip firewall nat

add action=redirect chain=dstnat dst-port=80 protocol=tcp src-address=\
192.168.0.0/24 to-ports=8080

END

MikroTik | Kiwi Syslog Configuration

RouterOS is capable of logging various system events and status information. Logs can be saved in routers memory (RAM), disk, file, sent by email or even sent to remote syslog server.

UP Link IP Address: 10.10.10.2/30
Local IP Address: 192.168.0.1/24
Log Configuration: KiWi Syslog
Platform: Mikrotik Router

Step 1: Connect your Mikrotik router with your pc with a utp cable. Collect winbox software (or download it from www.mikrotik.com), click on refresh tab for MAC scan, select the mac which has shown, login with admin user, no password.

Step 2: Add wan side IP address, subnet mask and select port.

Step 3: Then add local side IP address, subnet mask and select port.

Step 4: Add routes.

Step 5: Add DNS address.

Step 6: Add NAT rules.

Step 7: Add NAT rules.

Step 8: Add NAT rules.

Step 9: Enable web proxy.

Step 10: Create log rules.

Step 11: Create log rules.

Step 12: Redirect log rules for remote PC.

Step 13: Redirect log rules for remote PC.

Step 14: Browsing log is received  at remote PC.

Step 15: Make sure kiwi syslog is running from computer management.

Explanation: First we give a code snippet and then explain what it actually does.

/ip address
add address=192.168.0.1/24 comment=Local interface=ether3 network=192.168.0.0
add address=10.10.10.2/30 comment=UP_Link interface=ether1 network=10.10.10.0

/ip route
add check-gateway=ping distance=1 gateway=10.10.10.1

/ip dns
set servers=8.8.8.8, 4.2.2.2

/ip firewall nat
add action=masquerade chain=srcnat src-address=192.168.0.0/24
 
System log:

/system logging action
add bsd-syslog=yes name=syslog remote=192.168.0.3 target=remote
/system logging
add action=syslog topics=web-proxy,!debug

Web Proxy Redirect Rule:

/ip firewall nat
add action=redirect chain=dstnat dst-port=80 protocol=tcp src-address=\
192.168.0.0/24 to-ports=8080

Ki-Wi Syslog download link: KiWi Syslog

END

MikroTik | HTTP Filtering (Layer7 Protocol)

Layer7-protocol is a method of searching for patterns in ICMP/TCP/UDP streams. The L7 matcher is very resource intensive. Use this feature only for very specific traffic. It is not recommended to use L7 matcher for generic traffic, such as for blocking webpages. This will almost never work correctly and your device will exhaust it's resources, trying to catch all the traffic. Use other features to block webpages by URL.

In some cases when layer 7 regular expression cannot be performed, RotuerOS will log topic=firewall, warning with an error message stating the problem in the message. Layer 7 matcher is case insensitive.

UP Link IP Address: 10.10.10.2/30
Local IP Address: 192.168.0.1/24
Drop Site: Facebook and Youtube
Platform: Mikrotik Router

Step 1: Connect your Mikrotik router with your pc with a utp cable. Collect winbox software (or download it from www.mikrotik.com), click on refresh tab for MAC scan, select the mac which has shown, login with admin user, no password.

Step 2: Add wan side IP address, subnet mask and select port.

Step 3: Then add LAN Side IP address, subnet mask and select port.

Step 4: Add routes.

Step 5: Add DNS address.

Step 6: Add NAT rules.

Step 7: Add NAT rules.

Step 8: Add NAT rules. 

Step 9: Go to filter rules then go layer7 protocols and create layer7 regexp rule.

Step 10: Go to filter rules and create filter rule for drop site.

Step 11: Create filter rule for drop site and set chain, scr. address, protocol, dst.port etc.

Step 12: Then go advanced tab and select layer7 protocol.

Step 13: Then go to action tab and set action drop. And finally the configured has been done.

Explanation: First we give a code snippet and then explain what it actually does.

/ip address
add address=192.168.0.1/24 comment=Local interface=ether3 network=192.168.0.0
add address=10.10.10.2/30 comment=UP_Link interface=ether1 network=10.10.10.0

/ip route
add check-gateway=ping distance=1 gateway=10.10.10.1

/ip dns
set servers=8.8.8.8, 4.2.2.2

/ip firewall nat
add action=masquerade chain=srcnat src-address=192.168.0.0/24

Layer7-protocol regexp rule:

/ip firewall layer7-protocol
add name="Block Site" regexp="^.+(facebook|youtube).*$"

Facebook and Youtube drop rule:

/ip firewall filter
add action=drop chain=forward disabled=yes dst-port=80,443 layer7-protocol=\
"Block Site" protocol=tcp src-address=192.168.0.0/24

END

MikroTik | Hotspot Solution

The MikroTik HotSpot Gateway provides authentication for clients before access to public networks .

HotSpot Gateway features:
• Different authentication methods of clients using local client database on the router, or remote RADIUS server;
• Users accounting in local database on the router, or on remote RADIUS server;
• Walled-garden system, access to some web pages without authorization;
• Login page modification, where you can put information about the company;
• Automatic and transparent change any IP address of a client to a valid address;

UP Link IP Address: 10.10.10.2/30
Local IP Address: 192.168.0.1/24
Platform: Mikrotik Router

Step 1: Connect your Mikrotik router with your pc with a utp cable. Collect winbox software (or download it from www.mikrotik.com), click on refresh tab for MAC scan, select the mac which has shown, login with admin user, no password.

Step 2: Add wan side IP address, subnet mask and select port.

Step 3: Then add LAN Side IP address, subnet mask and select port. 
 

Step 4: Add routes.

Step 5: Add DNS address.

Step 6: Add NAT rules.

Step 7: Add NAT rules.

Step 8: Add NAT rules.

Step 9: DHCP Server configuration.

Step 10: DHCP Server configuration.

Step 11: DHCP Server configuration.

Step 12: DHCP Server configuration

Step 13: DHCP Server configuration.

Step 14: DHCP Server configuration.

  
Step 15: Let's start to configure hotspot solution.

Step 16: Hotspot server profiles configuration.

Step 17: Hotspot user profiles configuration with bandwidth limit.

Step 18: Hotspot users configuration.

Step 19: Hotspot customized login page.

Step 20: Put user name & password for login.

Step 21: Successfully login hotspot user and showing ip address, mac address, time etc.

Step 22: Successfully login hotspot user login. It's checking from mikrotik router.




Explanation: First we give a code snippet and then explain what it actually does.


/ip address
add address=192.168.0.1/24 comment=Local interface=ether3 network=192.168.0.0
add address=10.10.10.2/30 comment=UP_Link interface=ether1 network=10.10.10.0

/ip route
add check-gateway=ping distance=1 gateway=10.10.10.1

/ip dns
set servers=8.8.8.8, 4.2.2.2

/ip firewall nat
add action=masquerade chain=srcnat src-address=192.168.0.0/24


DHCP server configuration:

/ip dhcp-server
add address-pool=dhcp_pool1 disabled=no interface=ether3 lease-time=1d name=\
dhcp1 relay=8.8.8.8
/ip dhcp-server network
add address=192.168.0.0/24 gateway=192.168.0.1

Hotspot profile create:

/ip hotspot profile
add hotspot-address=192.168.0.1 html-directory=bray/bray/bray login-by=\
cookie,http-chap,https name=hsprof

Hotspot pool:

/ip hotspot
add address-pool=dhcp_pool1 disabled=no idle-timeout=none interface=ether3 \
name=Hotspot profile=hsprof

Hotspot user profile and bandwidth limite:

/ip hotspot user profile
add address-pool=dhcp_pool1 name=512k/512k rate-limit=512k/512k \
transparent-proxy=yes
add address-pool=dhcp_pool1 name=1000k/1000k rate-limit=1000k/1000k \
transparent-proxy=yes
add address-pool=dhcp_pool1 name=2000k/2000k rate-limit=2000k/2000k \
transparent-proxy=yes
add address-pool=dhcp_pool1 name=3000k/3000k rate-limit=3000k/3000k \
transparent-proxy=yes

Hotspot user create:

/ip hotspot user
add name=test1 password=1 profile=3000k/3000k server=Hotspot

Hotspot Customized Login Page: Customized Page

Thank You