Routeros

Deploy containers on your MikroTik router in minutes using the new Apps catalog. Automatic firewall rules, NAT, and veth interfaces — no manual Docker setup required.

Configure MikroTik RouterOS 7 routing filters for BGP, OSPF, and policy-based routing. Real CLI examples for route maps, mangle rules, routing marks, and traffic steering.

RouterOS 7.23 stable is out with HTTPS-default upgrades, improved MLAG bridge MAC synchronization, WiFi VLAN fixes, and DHCP snooping message-type recognition. This guide covers the changelog, key fixes, and step-by-step upgrade steps for your MikroTik devices.

Practical RouterOS 7 best practices for homelab and small-business deployments — security hardening, firewall design, VLAN segmentation, FastTrack performance tuning, DoH configuration, and backup automation with real commands.

Configure a production-ready MikroTik RouterOS 7 firewall — understand filter, NAT, mangle, and raw tables, enable FastTrack for wire-speed forwarding, implement connection tracking state rules, and build brute force protection with dynamic address lists.

Run Docker containers directly on MikroTik RouterOS 7 — enable container mode, configure veth bridges, pull images from Docker Hub, and deploy Pi-hole or AdGuard Home without extra hardware.

Consumer routers give you one flat LAN. Everything talks to everything. That’s fine for five devices. Not fine for a homelab with IoT toasters, security cameras, a NAS with your whole life on it, and a gaming PC that absolutely does not need to see the Frigate NVR’s admin interface. MikroTik’s RouterOS handles VLANs natively — bridge VLAN filtering, inter-VLAN routing, per-VLAN DHCP, and firewall rules to control traffic between segments. All from the CLI. No third-party tools, no extra switches, no license fees. ...

If you have fiber-to-the-home (FTTH), your ISP almost certainly gave you a combo ONT/router. It’s a locked-down all-in-one box that does GPON optical termination, routing, Wi-Fi, and often double NAT. For a homelab with VLAN segmentation and a proper router like MikroTik, that box is a bottleneck — and you can bypass it entirely. This post covers replacing the ISP ONT/router with a MikroTik router using an SFP GPON stick, covering the hardware, VLAN configurations, PPPoE quirks, and the gotchas that aren’t in the marketing material. This is specifically from my experience with Dominican Republic FTTH providers, but the patterns apply to most GPON deployments globally. ...

Cloudflare Tunnel gives you a secure outbound-only connection from your homelab to Cloudflare’s edge, proxying public traffic without opening any firewall ports. No pinholes, no DMZ, no exposing your home IP. The usual deployment is a Docker container or a systemd service on a Linux box. But if you have a MikroTik router running RouterOS 7.6+ with container support, you can run cloudflared directly on the router — zero extra hardware, zero extra VMs. ...

WireGuard on MikroTik RouterOS is production-ready as of RouterOS 7.x, and it’s dramatically simpler than IPsec or OpenVPN for homelab use. No certificate authorities, no confusing phase 1/phase 2 settings, no userspace daemon eating CPU — just a kernel module, a private key, and a peer config. This post covers two WireGuard topologies running on the same MikroTik router (R1 from the previous deployment post): Road Warrior — remote devices (phone, laptop) connect to the homelab Site-to-Site — two MikroTik routers connected across the internet Both share the same base config and coexist on the same router. ...