Community discussions

MikroTik App
 
obiwan
just joined
Topic Author
Posts: 2
Joined: Mon Feb 06, 2017 8:39 am

Remote access to 750gl

Mon Feb 06, 2017 8:56 am

I am new to the 750gl and need to access the router from the web. I have looked around and found a post that suggested
using winbox and load this filter rule.
/ip firewall filter add action=accept chain=input disabled=no dst-port=8291 protocol=tcp place-before=0
I am using Winbox and have tried mypublicIP and mypublicIP:8291.

Any suggestions??

Thanks
 
p3rad0x
Long time Member
Long time Member
Posts: 637
Joined: Fri Sep 18, 2015 5:42 pm
Location: South Africa
Contact:

Re: Remote access to 750gl

Mon Feb 06, 2017 11:42 am

Hi, Try and disable all firewall rules.

Then goto ip services and check if winbox access is allowed from 0.0.0.0/0.

Also is the 750 directly connected to the internet with a public ip setup on the interface or is it behind a different router?
 
obiwan
just joined
Topic Author
Posts: 2
Joined: Mon Feb 06, 2017 8:39 am

Re: Remote access to 750gl

Mon Feb 06, 2017 7:03 pm

Thanks for the post!!

Yes, it is hooked directly to a public IP.

Adding " access is allowed from 0.0.0.0/0" to winbox IP services did the trick!!

I have seen multiple posts in different places and this was never mentioned. I did not have to "disable all firewall rules"
 
User avatar
k6ccc
Forum Guru
Forum Guru
Posts: 1490
Joined: Fri May 13, 2016 12:01 am
Location: Glendora, CA, USA (near Los Angeles)
Contact:

Re: Remote access to 750gl

Tue Feb 07, 2017 6:31 pm

Glad you got it working, but from a security standpoint, that scares me. If you are going to allow all addresses on the internet to access the router, at the very least, change the services port to a non-standard port. WinBox will happily connect to non-standard ports - and ALWAYS use secure mode. A couple more steps would be either a VPN of one sort or another, or port knocking. Add a set of rules to detect and drop port scanners too.
I am using a non-standard port, and port knocking, and I log attempts to access the router on the standard WinBox port. It's entertaining to see how many attempts there are on the standard WinBox port. Of course they are dropped since they are the wrong port. I also log attempts on the relocated ports that are not allowed because they did not correctly set up the port knocking. I've never seen a hit there EXCEPT when I messed up the port knock procedure.

Who is online

Users browsing this forum: cmmike and 60 guests