Tillered Docs

Appearance

Mikrotik Firewall

Mikrotik is a popular brand of networking hardware known for its powerful and flexible routing capabilities. Configuring Mikrotik with Tillered Nodes allows you to control network traffic more efficiently and securely by directing specific traffic through designated exit nodes. This setup enhances network performance and provides better management of network resources.

Prerequisites

  1. Network Setup: Connect the Tillered Node to an interface separate from the LAN.
  2. DHCP Configuration: Ensure the DHCP server on the router is configured to assign reserved DHCP leases for Tillered IP addresses.

Configuring Exit Nodes

For each exit node on the Tillered network, you need to set up a routing table. This can be done via the CLI. It is recommended to name the routing table after the exit node for consistency.

Example Command:

shell
/routing table
add disabled=no fib name=SYD_EXIT

Next, create a default route for the network. For example, set a default gateway for the "SYD_EXIT" node. You can find the IP address needed to route via the Tillered portal under the exit node's interface configuration.

Tillered Hub Interface View

Example Command:

shell
/ip route
add disabled=no dst-address=0.0.0.0/0 gateway=192.168.89.253 routing-table=SYD_EXIT

Mikrotik Add Route

Firewall Mangle Rule

Create a firewall mangle rule to mark the traffic and place it in the SYD_EXIT routing table. You can adjust the destination address as needed, but 0.0.0.0/0 is typically preferred. Set the source address to either any or specific LAN IP addresses and the incoming interface to your LAN. Example Command:

shell
/ip firewall mangle
add action=mark-routing chain=prerouting in-interface="ether2 - LAN" new-routing-mark=SYD_EXIT passthrough=no

Mikrotik Add Mangle Rule

Mikrotik Add Mangle Rule Action

DNS Configuration

If you intend to route all traffic through an exit node and not use the local internet, set the DNS server on your PCs to that of the Tillered device. This can be found in the node configuration on the entry node. This ensures a DNS view of the internet from your exit node, significantly enhancing performance.

Tillered Exit Node Private IP Example

By following these steps, you can ensure that your Tillered and Mikrotik setup is efficient, organised, and optimised for performance, maintaining a professional and robust network environment.