Community discussions

MikroTik App
 
techspec90
just joined
Topic Author
Posts: 6
Joined: Fri Sep 05, 2014 8:05 am

Public ip access control

Sat Sep 06, 2014 6:49 am

Hi Experts...!!!

I want suggestions on how to restrict a set of static public ip address e.g(216.154.70.44,91.56.65.7) only to access the router interface.

Can anybody tell me how to do this via CLI or GUI interface.

The router version I am running is 6.17.
 
User avatar
rextended
Forum Guru
Forum Guru
Posts: 11982
Joined: Tue Feb 25, 2014 12:49 pm
Location: Italy
Contact:

Re: Public ip access control

Sun Sep 07, 2014 10:32 am

Hi Experts...!!!

I want suggestions on how to restrict a set of static public ip address e.g(216.154.70.44,91.56.65.7) only to access the router interface.

Can anybody tell me how to do this via CLI or GUI interface.

The router version I am running is 6.17.
On winbox / webfig / cli go to ip/services and for each service specify one or more "available from" address/ip pool
 
techspec90
just joined
Topic Author
Posts: 6
Joined: Fri Sep 05, 2014 8:05 am

Re: Public ip access control

Sun Sep 07, 2014 3:24 pm

Thank You so much for your reply.....

Can you tell me if I want to define pool what would be its syntax its showing 0.0.0.0/0 by defualt.

Thanks...
 
User avatar
rextended
Forum Guru
Forum Guru
Posts: 11982
Joined: Tue Feb 25, 2014 12:49 pm
Location: Italy
Contact:

Re: Public ip access control

Mon Sep 08, 2014 10:14 am

If you have one pool of IP from where you want access, use sytax like 80.80.80.0/23 (80.80.80.0 -> 80.80.81.255)

If you have multiple pool or multiple single IP or both of them, you can use syntax like:

80.80.80.0/23,90.90.90.90,70.70.70.127/25,50.50.50.50
 
RouteRite
just joined
Posts: 19
Joined: Fri Oct 18, 2013 4:30 am

Re: Public ip access control

Fri Sep 12, 2014 12:05 am

Great suggestion.

Does anyone know of a script available that would populate the "available from" field with an ip address fetched from dyndns or similar service?

I have several remote Mikrotik boxes that I maintain from a router that has a dynamic IP address. It would be great if I could limit the remote login attempts to just my admin machines.

Thanks.

Who is online

Users browsing this forum: uxertxo and 89 guests