Community discussions

MikroTik App
 
franco
Member Candidate
Member Candidate
Topic Author
Posts: 142
Joined: Fri Feb 25, 2005 6:26 pm
Location: Germany

make the MT invisibly??

Mon Apr 25, 2005 3:34 pm

Hello,

sorry for my english, ist not the best.

I have a question about the MT.
I have the version 2.8.26. When the clients, which have the ip addresse 192.168.1.xxx, open the Internet explorer and tap the IP from the Router (192.168.0.254) they can see the Mikrotik info page.
The same one is over Internet. When anybody tab the IP from the Mikrotik router, they can see the info page, too.

Can I avoid this??

thank.
 
User avatar
Eugene
Forum Veteran
Forum Veteran
Posts: 986
Joined: Mon May 31, 2004 5:06 pm
Location: Cranfield, UK

Mon Apr 25, 2005 3:48 pm

Disable www service.
http://www.mikrotik.com/docs/ros/2.8/ip/service

or add drop rules to the input chain.
 
franco
Member Candidate
Member Candidate
Topic Author
Posts: 142
Joined: Fri Feb 25, 2005 6:26 pm
Location: Germany

Mon Apr 25, 2005 5:02 pm

thank you for your answer.

I use winbox from my office to the MT over internet.
If I disable the service, i can't access to the MT. It`s wrong?

I use a VPN connection with a static IP.
If I add my IP in the Firewall, cann I access than??

sorry, but I'm a beginner.
 
yancho
Member Candidate
Member Candidate
Posts: 207
Joined: Tue Jun 01, 2004 3:04 pm
Location: LV

Mon Apr 25, 2005 7:16 pm

Or change www service port, or add your computer ip in "available from"
 
franco
Member Candidate
Member Candidate
Topic Author
Posts: 142
Joined: Fri Feb 25, 2005 6:26 pm
Location: Germany

Mon Apr 25, 2005 7:56 pm

i have resolve the problem with firewall rules.
But now i can't access to MT.
Can I use a trick to log in??
I have permitted only Network with IP 192.168.3.0/24.
I had made a backup before i change the setting.
My last possibility is to install the MT new, if it gives no trick.
 
User avatar
andrewluck
Forum Veteran
Forum Veteran
Posts: 700
Joined: Fri May 28, 2004 9:05 pm
Location: Norfolk, UK

Mon Apr 25, 2005 8:47 pm

Login via the serial port.

Regards

Andrew
 
franco
Member Candidate
Member Candidate
Topic Author
Posts: 142
Joined: Fri Feb 25, 2005 6:26 pm
Location: Germany

Mon Apr 25, 2005 9:31 pm

about Telnet?
and how??
 
User avatar
Hugh Hartman
Frequent Visitor
Frequent Visitor
Posts: 92
Joined: Fri May 28, 2004 2:01 pm
Location: Fort Kent, Maine

Mon Apr 25, 2005 11:08 pm

download neighbor viewer from: http://www.mikrotik.com/download.html
it's at the bottom of the page,,,then you can MAC telnet into the MT,,as it bypassess firewall rules.
 
franco
Member Candidate
Member Candidate
Topic Author
Posts: 142
Joined: Fri Feb 25, 2005 6:26 pm
Location: Germany

Wed Apr 27, 2005 8:04 am

I have done this.
no problem, i can access again.

i had written this in the Firewall rle.

/ip firewall rule input add connection-state=invalid action=drop \
comment="Drop invalid connections"
/ip firewall rule input add connection-state=established \
comment="Allow established connections"
/ip firewall rule input add connection-state=related \
comment="Allow related connections"
/ip firewall rule input add protocol=udp comment="Allow UDP"
/ip firewall rule input add protocol=icmp comment="Allow ICMP Ping"
/ip firewall rule input add src-address=10.0.0.0/24 \
comment="Allow access from our local network. Edit this!"
/ip firewall rule input add src-address=192.168.0.0/24 protocol=tcp dst-port=8080 \
comment="This is web proxy service for our customers. Edit this!"
/ip firewall rule input add action=drop log=yes \
comment="Log and drop everything else"

My config is:
Internet Interface 62.**.**.**
Clients Interface 192.168.1.1
Clients IP static 192.168.2.1 - 192.168.2.254
my VPN connection 192.168.1.99

how i must config the command above, so that i can access from internet with Winbox over VPN and over the clients Interface.
i hope your can understand my question.

I write a bad english :-)
 
cmit
Forum Guru
Forum Guru
Posts: 1547
Joined: Fri May 28, 2004 12:49 pm
Location: Germany

Wed Apr 27, 2005 10:15 am

As you don't state action=accept in your accept-rules: What is the default policy of your firewall chain(s)?
 
franco
Member Candidate
Member Candidate
Topic Author
Posts: 142
Joined: Fri Feb 25, 2005 6:26 pm
Location: Germany

Wed Apr 27, 2005 10:58 am

Can we talk in German?
I have many problems with the english language.
 
User avatar
Hugh Hartman
Frequent Visitor
Frequent Visitor
Posts: 92
Joined: Fri May 28, 2004 2:01 pm
Location: Fort Kent, Maine

Wed Apr 27, 2005 1:30 pm

Try This

change this :
ip firewall rule input add src-address=10.0.0.0/24 \
comment="Allow access from our local network. Edit this!"

to this:
ip firewall rule input add src-address=192.168.2.0/24 \
comment="Allow access from our Clienst IPs. "

this will give you winbox from your clients IP's

add this rule after above:
ip firewall rule input add src-address=192.168.1.0/24 \
comment="Allow access from Clients interface/VPN. "

this will allow acces from VPN and clients interface

you do not want to allow acces from the net--that is the purpose of protecting the routers access,,,however I would delete your first rule as you drop and log everything else in the last rule.
 
franco
Member Candidate
Member Candidate
Topic Author
Posts: 142
Joined: Fri Feb 25, 2005 6:26 pm
Location: Germany

Wed Apr 27, 2005 2:15 pm

thank you for your answer.

It's OK.
I would access from Internet, too over VPN.
At the moment i can this.
But when anyone ping the Router IP over internet, can see the Mikrotik default Page.
Can i make it, that only i can access from Internet over VPN.
Home ----------------Internet----------------MT

At home i have dsl line with dynamic IP.
 
User avatar
Hugh Hartman
Frequent Visitor
Frequent Visitor
Posts: 92
Joined: Fri May 28, 2004 2:01 pm
Location: Fort Kent, Maine

Wed Apr 27, 2005 2:21 pm

change the www service from port 80 to another port in the MT.
 
franco
Member Candidate
Member Candidate
Topic Author
Posts: 142
Joined: Fri Feb 25, 2005 6:26 pm
Location: Germany

Wed Apr 27, 2005 5:10 pm

thank.
work fine.
I have an other question.
Can i use the MT and a Radius Server in the same PC and at the same time?

I would like use the Radius Server for Accounting pppoe Clients.
So i can see the traffic for each individual client.
 
cmit
Forum Guru
Forum Guru
Posts: 1547
Joined: Fri May 28, 2004 12:49 pm
Location: Germany

Wed Apr 27, 2005 5:41 pm

No, you can't add any custom software to a system running MikroTik RouterOS. You have to use a separate machine for a RADIUS server.

Who is online

Users browsing this forum: adrianmartin16, Bing [Bot] and 79 guests