Cómo configurar multiperfil en Mikrotik
Through the creation of firewall rules, multiple browsing profiles (multiprofiles) can be used on the same network. In this way, two or more machines connected to the same network will be able to use different filtering rules and we could more easily split data traffic. For additional information on multiprofile click here. IMPORTANT: This guide is only usable in workgroup environments, that is, without Active Directory servers. PLEASE NOTE: The following commands allow you to create rules to manage five browsing profiles. However, it is not mandatory to use all profiles; depending on your needs, it will be sufficient to delete superfluous parts of code.
»Then edit the following fields, before running the commands on the mikrotik terminal: <List_IP1>: list of IP addresses that will be assigned to profile "Profile1". <List_IP2>: list of IP addresses that will be assigned to profile "Profile2" (if any). <List_IP3>: list of IP addresses that will be assigned to profile "Profile3" (if any). <List_IP4>: list of IP addresses that will be assigned to the "Profile4" profile (if any). PLEASE NOTE: You can enter a single IP or a range of IPs using the "-" symbol, between the first and last IP in the range (e.g. 192.168.1.2-192.168.1.100). <Profile1>: name assigned to the first profile. <Profile2>: name assigned to the second profile (if any). <Profile3>: name assigned to the third profile (if any). <Profile4>: name assigned to the fourth profile (if any). <Perfil1>: nombre asignado al primer perfil. <Perfil2>: nombre asignado al segundo perfil (si existe) <Perfil3>: nombre asignado al tercer perfil (si existe) <Perfil4>: nombre asignado al cuarto perfil (si existe) /ip firewall address-list add address= <List_IP1> list=<Profile1> add address= <List_IP2> list=<Profile2> add address= <List_IP3> list=<Profile3> add address= <List_IP4> list=<Profile4> /ip firewall nat
# <Profile1> add action=dst-nat chain=dstnat comment=<Profile1> dst-port=53 protocol=udp src-address-list=<Profile1> to-addresses=185.236.104.114 to-ports=53 add action=dst-nat chain=dstnat comment=<Profile1> dst-port=53 protocol=tcp src-address-list=<Profile1> to-addresses=185.236.104.114 to-ports=53 # <Profile2> add action=dst-nat chain=dstnat comment=<Profile2> dst-port=53 protocol=udp src-address-list=<Profile2> to-addresses=185.236.104.124 to-ports=53 add action=dst-nat chain=dstnat comment=<Profile2> dst-port=53 protocol=tcp src-address-list=<Profile2> to-addresses=185.236.104.124 to-ports=53 # <Profile3> add action=dst-nat chain=dstnat comment=<Profile3> dst-port=53 protocol=udp src-address-list=<Profile3> to-addresses=185.236.104.134 to-ports=53 add action=dst-nat chain=dstnat comment=<Profile3> dst-port=53 protocol=tcp src-address-list=<Profile3> to-addresses=185.236.104.134 to-ports=53 # <Profile4> add action=dst-nat chain=dstnat comment=<Profile4> dst-port=53 protocol=udp src-address-list=<Profile4> to-addresses=185.236.104.144 to-ports=53 add action=dst-nat chain=dstnat comment=<Profile4> dst-port=53 protocol=tcp src-address-list=<Profile4> to-addresses=185.236.104.144 to-ports=53 # Profilo Default add action=dst-nat chain=dstnat comment=Default dst-port=53 protocol=udp to-addresses=185.236.104.104 to-ports=53 add action=dst-nat chain=dstnat comment=Default dst-port=53 protocol=tcp to-addresses=185.236.104.104 to-ports=53
IMPORTANT: The default profile should always have lower priority than the other rules.