How to Block Facebook – Youtube and Other sites using L7 (Layer7) - Mikrotik Router

Below i will show you how to block facebook and youtube sites using Mikrotik L7 Protocols (Layer 7). here i use RouterBoardOS RB1100.

STEP 1:
you have to create new Regexp rule at Layer7 Protocols by Press  , and name it as “DENIED” (withoue quote), see details below:

You can Copy & Paste the code above at below:

^.+(facebook.com|youtube).*$

STEP 2:
Now create Filter Rules, as follow:

At General Tabs for Chain, Please Choose : Foward

At Advanced tabs, select ‘DENIED’ (rule that you have create at step 1) for Layer7 Protocols

Choose Action ‘DROP’

And At last, your Filter rule to block facebook and youtube should have effected to your network.

try to access facebook & youtube, and you will see that the two sites will not able to access.

this can be see from the filter rule you have created, it will catch the bytes for denied sites in your network.

Source: http://mikrotik-learning.blogspot.com/2011/11/mikrotik-how-to-block-facebook-youtube.html

Mikrotik Port Fowarding Tutorial

Mikrotik Port Fowarding - Port Fowarding is one of the features of the mikrotik router (RB450g, RB750g, RB1100Ahx and other mikrotik router series). Port Fowarding on mikrotik router is used to redirects from destination address (external ip address/ ip WAN Public) to source address ( internal ip address / IP LAN) based on port number. This technique is most often used to make a host (such us web server, ftp server, ssh server, personal pc and other network devices)  that is on the internalnetwork can be accessed via the external network (the Internet) and protected without going through adial-up VPN or other type of vpn. 


How to settings or configure port fowarding on web server

Standart ports web server is TCP 80 (http) and 443 (https). Many network devices can be accessed via web based by using port TCP 80 and other port, for example cctv, ip camera, dvr, and other. This example will show you how to foward port web server (tcp 9000) to destination NAT. 107.18.22.12 is the example WAN IP address and 192.168.100.1 is the desired internal destination ip address.

Fowarding port using winbox 

1. Login to mikrotik router using winbox application
2. Go to IP => Firewall => NAT . Add new NAT Rule

On General Tab 

Chain = dstnat
Dst. Address = WAN IP Address Mikrotik Router
Protocol = TCP
Dst. Port = 9000 / you can change it.

On Tab Action 

Action = dst-nat
To Address = Internal destination ip address (Web Server Ip address)
To Port = default port (for example port 80)

Mikrotik Port Fowarding FTP Server, SSH Server, Mail Server, RDP (Remote Desktop Protocol), and RTSP (Real Time Streaming Protocol).

Default Port List Network Protocol

1. FTP Server = 20 & 21 TCP
2. SSH Server = 22
3. Mail Server = POP3 - port 110, IMAP - port 143, SMTP - port 25, HTTP - port 80, Secure SMTP (SSMTP) - port 465, Secure IMAP (IMAP4-SSL) - port 585, IMAP4 over SSL (IMAPS) - port 993, Secure POP3 (SSL-POP) - port 995
4. RDP (Remote Desktop) =    TCP port 3389 and UDP port 3389
5. RSTP (Real Time Streaming Protocol) = TCP port 554, UDP Port 3389

How to Setup / configure port fowarding on mikrotik router  

On To Port text field, enter default port of network protocol that will be forwarded

If the mikrotik port forwarding not working, please disable or change the  ftp port, ssh port , and wwwport on IP Service List ( IP => Services). See the capture below :

How to reset to factory default Mikrotik Router

If you messed up with the configuration on your MikroTik routers or RouterOS devices, which you cannot login to the router to manage it any more, you can reset the router to its factory default settings to gain back the access. The administrator account can also be reset with this way.

Please be informed that you will lose all the configuration and any other data on the router after you reset it, please proceed with caution.

Most MikroTik devices are fitted with a reset button. Look for the reset button labeled with “RES” on your MikroTik router.

1. Turn off the device power.
2. Hold the reset button and do not release.
3. Turn on the device power and wait until the USER LED labeled with “ACT” starts flashing.
4. Now release the button to clear configuration.
5. Wait for a few minutes for the router to clear and restore the factory settings.

If you release the reset button after the LED stops flashing, you have to redo everything again.

Other than the reset button, you can also reset the device with jumper hole. Almost all MikroTik models are fitted with a reset jumper hole. Some might need opening of enclosure, RB750/RB951/RB751 have the jumper hole under one of the rubber feet of the enclosure.

Close the jumper with a metal screwdriver, and boot the board until the configuration is cleared.