Diddy1
join:2003-07-19
Sidney, NE
1 edit | Mikrotik Winbox Access Can someone with MT experience give me an idea how to prevent access via Winbox from any other Ip other than one authorized address? I've disabled discovery on all interfaces so no MAC discovery. But, if someone on our private subnet were to learn the address of the router, how would one prevent access attempts via winbox? I can turn off all other access methods, to my knowledge. I do know that winbox uses Port 8291 and I have made a firewall to drop, or reject, anything attempting to login via that port on TCP that is not the address of the authorized machine. But unfortunately this doesn't work.
Any suggestions?
Aaron |
|
|
|
Diddy1
join:2003-07-19
Sidney, NE
3 edits | Well, after 2.5 hours of messing around, it would appear that there is no way to prevent someone using winbox to log-in to a MT router if they are on same subnet with MAC or Ip. I'm not saying I've explored every option, but I think I have tried every combination of firewall settings that are possible?
Interesting to say the least. Anyone know of a way I haven't figured out? This is more of curious "computer science" question I guess 
Aaron |
|
| reply to Diddy1
Can you not just set a secure user name and password to prevent unauthorized access.  |
|
1 edit | reply to Diddy1
Greetings,
You can set the authorized IP address for each username using winbox as follows :
1. Click Users menu.
2. Then on the userlist that appears next, click the user which you'd like to restrict access
3. A window with the settings for that username will appear. Notice there is a field named Allowed Address. Enter the authorized address into that field. IP addresses other than the one listed will not be able to log onto the usename.
Iam sure there is console command for those steps I just discussed, but I cant seem to find it.
Hope that helps. |
|
| reply to Diddy1
The Mikrotik manual has a section on securing your router.
»www.mikrotik.com/testdocs/ros/2.···lter.php |
|
