Mikrotik: How do I set up the multi-profile?
Through the creation of firewall rules, it is possible to use more navigation profiles (multi-profile) on the same network.
In this way, two or more devices connected to the same network will be able to use different filtering rules and it will be possible to divide the data traffic more easily. For further information about the multi-profile click here.
IMPORTANT: This guide can be used only in workgroup environments, hence without an Active Directory server. NOTE: the following commands allow you to create the rules needed to manage five navigation profiles. You are not however obliged to use all of the profiles: depending on your needs, you may just delete the unnecessary parts of the code. Modify the following fields before executing the commands on the mikrotik terminal:
<List_IP1>: list of IP addresses that will be assigned to “Profile1”. <List_IP2>: list of IP addresses that will be assigned to “Profile2” (if present). <List_IP3>: list of IP addresses that will be assigned to “Profile3” (if present). <List_IP4>: list of IP addresses that will be assigned to “Profile4” (if present). NOTE: It is possible to add a single IP or also a range of IPs using the “-” symbol between the first and the last IP in the range (e.g.: 192.168.1.2-192.168.1.100). <Profile1>: name assigned to the first profile. <Profile2>: name assigned to the second profile (if present). <Profile3>: name assigned to the third profile (if present). <Profile4>: name assigned to the fourth profile (if present).
/ip firewall address-list add address=<List_IP1> list=<Profile1> add address=<List_IP2> list=<Profile2> add address=<List_IP3> list=<Profile3> add address=<List_IP4> list=<Profile4> /ip firewall nat # <Profile1> add action=dst-nat chain=dstnat comment=<Profile1> dst-port=53 protocol=udp \ src-address-list=<Profile1> to-addresses=185.236.104.114 to-ports=53 add action=dst-nat chain=dstnat comment=<Profile1> dst-port=53 protocol=tcp \ src-address-list=<Profile1> to-addresses=185.236.104.114 to-ports=53 # <Profile2> add action=dst-nat chain=dstnat comment=<Profile2> dst-port=53 protocol=udp \ src-address-list=<Profile2> to-addresses=185.236.104.124 to-ports=53 add action=dst-nat chain=dstnat comment=<Profile2> dst-port=53 protocol=tcp \ src-address-list=<Profile2> to-addresses=185.236.104.124 to-ports=53 # <Profile3> add action=dst-nat chain=dstnat comment=<Profile3> dst-port=53 protocol=udp \ src-address-list=<Profile3> to-addresses=185.236.104.134 to-ports=53 add action=dst-nat chain=dstnat comment=<Profile3> dst-port=53 protocol=tcp \ src-address-list=<Profile3> to-addresses=185.236.104.134 to-ports=53 # <Profile4> add action=dst-nat chain=dstnat comment=<Profile4> dst-port=53 protocol=udp \ src-address-list=<Profile4> to-addresses=185.236.104.144 to-ports=53 add action=dst-nat chain=dstnat comment=<Profile4> dst-port=53 protocol=tcp \ src-address-list=<Profile4> to-addresses=185.236.104.144 to-ports=53 # Profilo Default add action=dst-nat chain=dstnat comment=Default dst-port=53 protocol=udp \ to-addresses=185.236.104.104 to-ports=53 add action=dst-nat chain=dstnat comment=Default dst-port=53 protocol=tcp \ to-addresses=185.236.104.104 to-ports=53 |
|---|
IMPORTANT:
The default profile must always have lower priority compared to the other rules.
