IP Access, Services & NAT

By, Sajib Nandi

CCNA,CCNP, MTCNA, MTCRE, JNCIA
 MikroTik Basic configuration (Only 4 steps)
 IP SETUP in MikroTik Router with command mode
 Briefly describe NAT , How to do work NAT
 DNS configuration and How does this work
 Default route and what is the importance of default route
 Default Route Vs Default Gateway
 How to make Router is secure, IP service details
 NTP and Clock configuration
 Winbox and WebFig introduction
 Winbox Features
 IP addressing study
 LAB Work
Let, You get following IP from your ISP
IP :103.40.226.114
Mask :255.255.255.252
Gateway :103.40.226.113
DNS1 :113.21.228.1
DNS2 :8.8.8.8

And Your local LAN IP block : 10.10.10.0/24

So you need 2(two) mikrotik interface, let,
ether1 for WAN
ether2 for LAN
[admin@MikroTik] > ip address
[admin@MikroTik] /ip address> add address=103.40.226.114/30 interface=ether1-WAN
[admin@MikroTik] /ip address> add address=10.10.10.1/24 interface=ether2-LAN

NOTE: Please lookup figure and learn mikrotik command

[admin@MikroTik] > ip dns
[admin@MikroTik] /ip dns> set servers=113.21.228.1,8.8.8.8

NOTE: Please lookup figure and learn mikrotik command

[admin@MikroTik] > ip firewall nat
[admin@MikroTik] /ip firewall nat> add chain=srcnat src-address=0.0.0.0/0 action=masquerade
[admin@MikroTik] > ip route
[admin@MikroTik] /ip route> add dst-address=0.0.0.0/0 gateway=103.40.226.113
MikroTik Basic configuration (4 steps)
1. IP setup
2. DNS setup
3. NAT
4. Default route

Now, we do above configuration by winbox

Winbox? Configuration tool for RouterOS

 Yes !!! Basic configuration Done by winbox
 "Default Route" usually means "ip route 0.0.0.0 0.0.0.0 x.x.x.x“ And
means, if you don't have a route in the routing table, then send it to x.x.x.x,
and that router will take care of it.

 IPv4, the default route is specified by 0.0.0.0/0

 IPv6, the default route is specified by ::/0
 Default gateway is usually used on switches that are not L3 switches/routers
or on "hosts". It just points to a router that "knows" how to get out.

 The device to which the default route points is often called the default gateway.
 Just as a PC has a default gateway to get to its local router — and therefore to the Internet —
many routers and switches also have default routes to access networks that aren't local.
Default routes are a special type of route — and an important part of IP routing.
Understanding how and when to use default routes is imperative to proper network setup.

 Think of a default route as a "gateway of last resort." This special route tells computers or
other routers to contact the next hop of the default router if they don't have a more specific
route. Without a default route, a router will drop a request for a network that isn't in its
routing table and send ICMP Destination Unreachable to the source of the traffic.

 Here's a simple example: Our PC has an IP address of 192.168.1.100 and a subnet mask of
255.255.255.0. Let's say we want to talk to a server on the LAN, which has an IP address of
192.168.1.200.
For this, we actually don't need a default route or default gateway configured on the PC.
However, as soon as we want to talk to any other device not on the 192.168.1.0 network, we'll
need to go to the default gateway/route
• DNS is a client-server application
• Requests and responses are normally sent in UDP packets, port 53
• Occasionally uses TCP, port 53
Root Servers:
 The top of the DNS hierarchy
There are 13 root name servers operated around the world
[a-m].root-servers.net

How does this work

 Require Open DNS Recursive resolver
Recursive resolver, will go out and find what the answer is, add the answer to its cache
and then return the result to the client
Non-authoritative answer – it gives an answer when its actually not the server
responsible.

 When you check the “allow remote request” in IP  DNS in RouterOS, without any rules,
that creates a open DNS recursive resolver. i.e any public IP on this router will respond
to any DNS request.
IP>Service

Figure: login attack

NOTE: Follow the class instruction

Network Time Protocol is a protocol designed to synchronize the clocks of computer over the network.
NTP, which was developed by David Mills at the University of Delaware in 1981, is designed to be
highly fault-tolerant and scalable. Using the UDP and Port number:123
An Internet Protocol address (IP address) is a network layer protocol address for a host in a TCP/IP
network. IP address is a numerical label assigned to each device connected to a computer network
that uses the Internet Protocol for communication. IP address uniquely identifies each host in a
network.
 (IPv4) defines an IP address as a 32-bit number
 (IPv6) defines an IP address as a 128-bit number
There are two common notations to show an IP address: Binary notation and dotted notation.
In binary notation, the IP address is displayed as 32 bits.
The following example of an IP address:
In binary notation: 1100000: 10101000:0000000: 0000011
In decimal notation: 192.168.0.3

IP address Classes:
Class A: used for a network for large number of hosts
Class B: used for a network for medium number of hosts
Class C: used for a network for less number of hosts
Class D: used for a multicasting
Class E: reserved for experimental purpose
Class First byte Second byte Third byte Fourth byte
Class A 0
Class B 10
Class C 110
Class D 1110
Class E 1111
Class First byte Second byte Third byte Fourth byte
Class A 0 to 127
Class B 128 to 191
Class C 192 to 223
Class D 224 to 239
Class E 240 to 255
IP Class Possible range of IP address
Class A 0.0.0.0 through 127.255.255.255
Class B 128.0.0.0 through 191.255.255.255
Class C 192.0.0.0 through 223.255.255.255
Class D 224.0.0.0 through 239.255.255.255
Class E 240.0.0.0 through 247.255.255.255
IP Address Class Maximum Number of Maximum Number of
Networks hosts per network
Class A 126 (27 -2) 16777214 (224 -2)
Class B 16384 (214) 65534 (216 -2)
Class C 2097152 (221) 254 (28 -2)
Class D -- --
Class E -- --
Range Total
10.0.0.0 to 10.255.255.255 224
172.16.0.0 to 172.31.255.255 220
192.168.0.0 to 192.168.255.255 216