As a few people have requested here is a how-to for setting up a Mikrotik RB951G-2HnD for use with UFB (in my case, Spark UFB) and a DNS unblocking service. The Mikrotik RB951G-2HnD is simply put, a very good router with tonnes of features and best of all is available for sub $150.
First of all I am going to assume you know how to set up your computer with a static IP (192.168.88.5) and have Winbox already (available by browsing to your router) and have connected to your router by entering it's IP (192.168.88.1) and logging in. If you're using OSX or Linux then either use WINE to run the Winbox application or try and follow along with the web interface.
First - a little bit of housekeeping:
When you pull your router out of its box and plug it in it will not have the latest firmware - lets upgrade this at the very start to avoid any problems. Head over to http://mikrotik.com/downloads and download the latest mipsbe package.
Next, in Winbox go to Files and drag / drop the file into the file manager, you can simply reboot your Mikrotik now by going to System > Reboot. Once it is all loaded up again (indicated by 2 beeps) login and go to System > Routerboard and press Upgrade to upgrade the Mikrotik's bootloader, do another reboot and you're set for the next step.
Next - getting to the basics:
I am not going to fully reset my Mikrotik whilst my partner is watching "Short of talant" street via the Chromecast as I've found out she gets rather angry when I do that, instead the below screenshots serve more as examples to what you're trying to achieve.
When you first login to Winbox for the first time you'll get greeted by the Quick Start screen- it looks like this. To make things simple we'll use this to set up the initial configuration, fill it in as shown:
Green Area: Set up your Wireless Network specifics.
Red Area: Set your providers PPPoE settings here.
Orange Area: You don't need to worry about this too much unless if you really wanted to set your network away from the 192.168.88.1 range, lets just leave it for now for ease of setup but tick NAT and DHCP because you might want this.
Below this is somewhere you can change your default password - do this, do this now otherwise your router will get owned.
Once you've hit Apply the rest is pretty straight forward to do.
I've noticed that due to a bug in Winbox this pretty-much breaks the Quick Setup screen, so make sure you've completed the basic configuration of your router first. Go across to Interfaces on the left and you'll be greeted with a screen that looks like this:
If you go to VLAN you'll be presented with an empty screen, hit the + button and copy what you see in the image below:
Once you hit OK you should actually have internet once you set up your computer with DHCP, but lets not stop there... Gotta secure this thing.
Security - Firewall:
I really hope you changed the default password!
Right, you've got internet but by default all your ports will be open - a very suboptimal situation!
Fix this by going to IP > Firewall, the default rules are sufficient for your basic setup but you might want to assign some interfaces to them! Nevermind, by double-clicking on the rules you're greeted by a page that allows you to set the IN and OUT interfaces for that rule to work off - just follow what I have set up here:
Now if your rules match my image lets test this! Go across to GRC SheildsUP here: https://www.grc.com/shieldsup and run a port scan on your IP, you should get all green across the board.
Free Dynamic DNS baked right in:
All you need to do to enable this is click on IP > Cloud from the left menu. Click on Enabled and Update Time. Your DNS name is what you're able to use as Dynamic DNS for providers like dns4me or UnoTelly to keep your IP always updated with them.
Time Zone and Clock:
Assuming you hit Update Time above you might want to set your time zone, to do so go to System > Clock and change the Time Zone to your zone of choice.
Yeah, you want to use your content unblockers services right? Easy, first of all you'll need to go to Interfaces from the left panel and double-click on PPPoE-Out to edit the rule - the rule we need to change here is under Dial Out and is called "Use Peer DNS" - unticking this box ensures your Mikrotik won't use your ISP's automatically assigned DNS servers.
Once you've done this go to IP > DNS and press the up arrow (^) on any DNS servers there, then fill in the top 2 DNS servers from your provider of choice and hit Apply:
I've found setting your cache to 1mb is not too bad but some people like to set this as greater to speed up DNS responses - up-to 10mb is fine for your home network.
Now, go to Cache and Flush Cache to clear anything off that isn't supposed to be there.
If you own a Chromecast or anything that gets angry due to Google DNS not unblocking Netflix this simple thing could save you a little of time - in the Firewall screen go across to NAT and add 2 new rules (since Android has been logged to use TCP):
DST PORT: 53
DST PORT: 53
Then click on Action and drop down Action to Redirect. This will ensure no matter what DNS devices on your network use your router will capture and forward these requests to the unblocking service of your choice.
If you own an Xbox or PS4 or do online gaming and / or torrent downloading you might want to enable UPnP so your devices can automatically forward ports but bare in mind this can pose as a risk since your devices can now port-forward on demand.
To enable this go into IP > UPnP and click on Enabled and de-select "Show Dummy Rule" and "Allow to Disable external interface" - go into Interfaces and set your Bridge interface as internal, and your PPPoE interface as External as shown:
With some Apple devices you might run into some difficulties with connecting to WiFi - it is a simple fix here involved by going into Wireless (from the left), double-clicking on wlan1, hit Advanced Mode on the right of the box that pops up, go to the Advanced tab and change Preamble Mode to either Long or Both.
There is a heap of information on http://wiki.mikrotik.com - look up, use Google and if you can't find what you're looking for then post on Geekzone for help and I am sure somebody can help you out.
If people are interested I can post other things here (like setting up traffic queues), but if you've just bought a Mikrotik give this guide a go and let me know how you get on. By following this guide you're going to get your Mikrotik working as your main router with full service unblocking support.