Mikrotik Winbox Access - dslreports.com

Author	All Replies
Diddy1 join:2003-07-19 Sidney, NE 1 edit	Mikrotik Winbox Access Can someone with MT experience give me an idea how to prevent access via Winbox from any other Ip other than one authorized address? I've disabled discovery on all interfaces so no MAC discovery. But, if someone on our private subnet were to learn the address of the router, how would one prevent access attempts via winbox? I can turn off all other access methods, to my knowledge. I do know that winbox uses Port 8291 and I have made a firewall to drop, or reject, anything attempting to login via that port on TCP that is not the address of the authorized machine. But unfortunately this doesn't work. Any suggestions? Aaron
Diddy1 join:2003-07-19 Sidney, NE 1 edit	to forum · permalink · · 2007-03-03 04:32:13 ·
Diddy1 join:2003-07-19 Sidney, NE 3 edits	Well, after 2.5 hours of messing around, it would appear that there is no way to prevent someone using winbox to log-in to a MT router if they are on same subnet with MAC or Ip. I'm not saying I've explored every option, but I think I have tried every combination of firewall settings that are possible? Interesting to say the least. Anyone know of a way I haven't figured out? This is more of curious "computer science" question I guess Aaron
Diddy1 join:2003-07-19 Sidney, NE 3 edits	to forum · permalink · · 2007-03-03 05:03:39 ·
slipstream1 Premium join:2005-11-15 Jacksonville, TX	reply to Diddy1 Can you not just set a secure user name and password to prevent unauthorized access.
slipstream1 Premium join:2005-11-15 Jacksonville, TX	to forum · permalink · · 2007-03-03 07:00:17 ·
ibliz join:2007-01-24 1 edit	reply to Diddy1 Greetings, You can set the authorized IP address for each username using winbox as follows : 1. Click Users menu. 2. Then on the userlist that appears next, click the user which you'd like to restrict access 3. A window with the settings for that username will appear. Notice there is a field named Allowed Address. Enter the authorized address into that field. IP addresses other than the one listed will not be able to log onto the usename. Iam sure there is console command for those steps I just discussed, but I cant seem to find it. Hope that helps.
ibliz join:2007-01-24 1 edit	to forum · permalink · · 2007-03-03 11:23:31 ·
khoaled join:2002-11-08 Geneseo, IL	reply to Diddy1 The Mikrotik manual has a section on securing your router. »www.mikrotik.com/testdocs/ros/2.···lter.php
khoaled join:2002-11-08 Geneseo, IL	to forum · permalink · · 2007-03-04 07:29:24 ·


Wednesday, 02-Dec 18:42:09	Terms of Use \| Privacy Policy \| Hosting by www.nac.net - DSL,Hosting & Co-lo \| feedback \| contact over 10 years online! © 1999-2009 dslreports.com. page compression OFF