30-01-2024
Кто юзает (или мечтает, но боится) MikroTik, для вас сделали
Кто юзает (или мечтает, но боится) MikroTik, для вас сделали AI бота, отвечающего на вопросы по настройке роутеров.
Бот живёт тут (с VPN) https://www.coze.com/explore/7301625854197727234
В примере ниже я спросил его как отделить NDI сетку от интернета, но у меня нет роутера чтобы попробовать, поэтому не могу проверить 😩
Here is a step-by-step process to segregate the NDI network (Network Device Interface) from the internet using MikroTik RouterOS:
1. Define the address range/subnets for the NDI network:
```
/ip address
add address=192.168.88.1/24 interface=ether1 network=192.168.88.0
```
Here, 192.168.88.1/24 is the defined address range.
2. Next, create a DHCP server and bind it to the interface connected to the NDI devices:
```
/ip dhcp-server setup
DHCP server setup [ether1]
Select interface to run DHCP server on [ether1]
Select network for DHCP addresses [192.168.88.0/24]
Select gateway for given network [192.168.88.1]
Select pool of ip addresses given out by DHCP server addresses to give out [192.168.88.2-192.168.88.254]
Select DNS servers
Select lease time [10m]
```
The DHCP server will allocate IP addresses for the NDI network on the specified interface.
3. Finally, set up Firewall rules to block internet access:
```
/ip firewall filter
add action=drop chain=forward dst-address-list=!LAN
```
Here, the action=drop rule will block all traffic that is not destined for the address list specified as LAN (Local Area Network). If your LAN is another address, change it accordingly.
4. Verify if the NDI network is segregated from the internet. This can be done by trying to ping any site from the NDI device.
This configuration has the effect of creating a separate network that is not accessible from the internet, which therefore provides a degree of security. However, note that this is a basic configuration and advanced configurations might be necessary for complete security.
Please adapt these steps to your specific setup and requirements. If you have further questions, feel free to ask!
Бот живёт тут (с VPN) https://www.coze.com/explore/7301625854197727234
В примере ниже я спросил его как отделить NDI сетку от интернета, но у меня нет роутера чтобы попробовать, поэтому не могу проверить 😩
Here is a step-by-step process to segregate the NDI network (Network Device Interface) from the internet using MikroTik RouterOS:
1. Define the address range/subnets for the NDI network:
```
/ip address
add address=192.168.88.1/24 interface=ether1 network=192.168.88.0
```
Here, 192.168.88.1/24 is the defined address range.
2. Next, create a DHCP server and bind it to the interface connected to the NDI devices:
```
/ip dhcp-server setup
DHCP server setup [ether1]
Select interface to run DHCP server on [ether1]
Select network for DHCP addresses [192.168.88.0/24]
Select gateway for given network [192.168.88.1]
Select pool of ip addresses given out by DHCP server addresses to give out [192.168.88.2-192.168.88.254]
Select DNS servers
Select lease time [10m]
```
The DHCP server will allocate IP addresses for the NDI network on the specified interface.
3. Finally, set up Firewall rules to block internet access:
```
/ip firewall filter
add action=drop chain=forward dst-address-list=!LAN
```
Here, the action=drop rule will block all traffic that is not destined for the address list specified as LAN (Local Area Network). If your LAN is another address, change it accordingly.
4. Verify if the NDI network is segregated from the internet. This can be done by trying to ping any site from the NDI device.
This configuration has the effect of creating a separate network that is not accessible from the internet, which therefore provides a degree of security. However, note that this is a basic configuration and advanced configurations might be necessary for complete security.
Please adapt these steps to your specific setup and requirements. If you have further questions, feel free to ask!