Community discussions

 
GotNet
Member
Member
Topic Author
Posts: 436
Joined: Fri May 28, 2004 7:52 pm
Reputation: 0
Location: Florida

WinBox Download

Wed Feb 01, 2006 8:29 pm

We block port 80 from our MikroTik box to prevent access to the default web page. Has anyone found a way to grab a WinBox download or update without HTTP? I see some workarounds like placing winbox.exe in the files area or using a different port but maybe there is a more practical method.

On a related note, we ran with a two year old version of winbox until several months ago. Guess I thought "downloading plugins" after a router upgrade also updated winbox.

Mike
 
cmit
Forum Guru
Forum Guru
Posts: 1552
Joined: Fri May 28, 2004 12:49 pm
Reputation: 1
Location: Germany

Thu Feb 02, 2006 12:22 pm

I suppose you mean that you block port 80 access TO your MikroTik, right?

Why not create some way for ONLY YOU to use it? So if you come from a fixed ip address, create some firewall rule to allow access from there. Or create an administrative VPN tunnel to your MikroTik (IPsec, PPTP)...

I don't think there's another (automatic) way to get the DLL files for the WinBox from your router. Apart perhaps from connecting to some system with the same software version once, and then copy over the DLLs from this system to the other one you use.
But that's a rather ugly hack, as with every update you will manually have to re-do this... :(

Best regards,
Christian Meis
 
User avatar
savage
Forum Veteran
Forum Veteran
Posts: 974
Joined: Mon Oct 18, 2004 12:07 am
Reputation: 1
Location: Cape Town, South Africa
Contact:

Thu Feb 02, 2006 3:00 pm

Cmit is right on the spot here. If multiple hosts should be allowed to access the MT via WebBox, use a access list. Winbox requires both port 80 and some other arb port, both are *required*.

The easiest way here, would be to block 80/tcp, but allow it for only certain hosts that are required to make the connection. We normally just block 80 on our external interfaces, and allow it on our internal ones (not 100% secure, but it gets the job done).
Regards,
Chris
 
User avatar
normis
MikroTik Support
MikroTik Support
Posts: 21471
Joined: Fri May 28, 2004 11:04 am
Reputation: 189
Location: Riga, Latvia

Thu Feb 02, 2006 5:17 pm

winbox doesn't need port 80 in 2.9
 
User avatar
cibernet
Long time Member
Long time Member
Posts: 610
Joined: Fri Jan 28, 2005 8:22 pm
Reputation: 0
Location: Marcos Juárez, Córdoba, Argentina
Contact:

Thu Feb 02, 2006 6:19 pm

normis wrote:
winbox doesn't need port 80 in 2.9


That´s right winbox use port 8291 for secure access...

What version of MT do you have installed?
José Ignacio Acosta
MikroTik Consultant IDAR0001
Mikronet

Movile: +54 9 3472-624722
Email/Msn: info[at]mikronet.com.ar
 
User avatar
savage
Forum Veteran
Forum Veteran
Posts: 974
Joined: Mon Oct 18, 2004 12:07 am
Reputation: 1
Location: Cape Town, South Africa
Contact:

Thu Feb 02, 2006 8:43 pm

2.9 for me. Sorry yes, I was mistaken, must have thought of the 2.8 days :D

Tested, and 80/tcp is definately not required. My appologies :)
Regards,

Chris
 
GotNet
Member
Member
Topic Author
Posts: 436
Joined: Fri May 28, 2004 7:52 pm
Reputation: 0
Location: Florida

Thu Feb 02, 2006 9:00 pm

cibernet wrote:
normis wrote:
winbox doesn't need port 80 in 2.9


That´s right winbox use port 8291 for secure access...

What version of MT do you have installed?


We are on 2.9.x. While we are aware that port 80 is not required (and thanks MT for that feature!) to run, it is to download the exe.

And yes, Cmit, "to" MT.
 
User avatar
gustkiller
Member
Member
Posts: 413
Joined: Sat Jan 07, 2006 6:15 am
Reputation: 4
Location: Brazil
Contact:

Mon Feb 06, 2006 4:16 am

just use another port for the http server
like 6980 or somehing..
 
User avatar
cibernet
Long time Member
Long time Member
Posts: 610
Joined: Fri Jan 28, 2005 8:22 pm
Reputation: 0
Location: Marcos Juárez, Córdoba, Argentina
Contact:

Mon Feb 06, 2006 5:19 am

gustkiller wrote:
just use another port for the http server
like 6980 or somehing..


Winbox doesn´t need to use the http server to log in on MT 2.9.X.

Regards
José Ignacio Acosta
MikroTik Consultant IDAR0001
Mikronet

Movile: +54 9 3472-624722
Email/Msn: info[at]mikronet.com.ar
 
GotNet
Member
Member
Topic Author
Posts: 436
Joined: Fri May 28, 2004 7:52 pm
Reputation: 0
Location: Florida

Mon Feb 06, 2006 7:55 pm

cibernet wrote:
gustkiller wrote:
just use another port for the http server
like 6980 or somehing..


Winbox doesn´t need to use the http server to log in on MT 2.9.X.

Regards


HTTP is required to download winbox.
I think the alternate port is the best clean solution. As far as upgrading winbox, a tool that would grab the latest from the router during execution would be cool...

Mike
 
User avatar
cibernet
Long time Member
Long time Member
Posts: 610
Joined: Fri Jan 28, 2005 8:22 pm
Reputation: 0
Location: Marcos Juárez, Córdoba, Argentina
Contact:

Wed Feb 08, 2006 4:29 pm

GotNet wrote:
cibernet wrote:
gustkiller wrote:
just use another port for the http server
like 6980 or somehing..


Winbox doesn´t need to use the http server to log in on MT 2.9.X.

Regards


HTTP is required to download winbox.
I think the alternate port is the best clean solution. As far as upgrading winbox, a tool that would grab the latest from the router during execution would be cool...

Mike


What's new in v2.9beta1:
*) winbox now uses only "one" TCP port to get plug-ins and send data....

You can always download winbox from http://demo.mt.lv

Regards
José Ignacio Acosta
MikroTik Consultant IDAR0001
Mikronet

Movile: +54 9 3472-624722
Email/Msn: info[at]mikronet.com.ar
 
GotNet
Member
Member
Topic Author
Posts: 436
Joined: Fri May 28, 2004 7:52 pm
Reputation: 0
Location: Florida

Mon Mar 13, 2006 9:24 pm

cibernet wrote:
GotNet wrote:
cibernet wrote:
gustkiller wrote:
just use another port for the http server
like 6980 or somehing..


Winbox doesn´t need to use the http server to log in on MT 2.9.X.

Regards


HTTP is required to download winbox.
I think the alternate port is the best clean solution. As far as upgrading winbox, a tool that would grab the latest from the router during execution would be cool...

Mike


What's new in v2.9beta1:
*) winbox now uses only "one" TCP port to get plug-ins and send data....

You can always download winbox from http://demo.mt.lv

Regards


Well poo. That link stopped working.
How do we know when we need a new version of winbox anyway? There is no changelog and the mt versions don't match.
 
User avatar
normis
MikroTik Support
MikroTik Support
Posts: 21471
Joined: Fri May 28, 2004 11:04 am
Reputation: 189
Location: Riga, Latvia

Tue Mar 14, 2006 9:34 am

well there is always http://demo2.mt.lv :)
 
GotNet
Member
Member
Topic Author
Posts: 436
Joined: Fri May 28, 2004 7:52 pm
Reputation: 0
Location: Florida

Thu Mar 16, 2006 3:52 am

Thanks, I found it with Google. Tried the MT search and got references to versions 2.7, 2.6. and 2.3.

Grrr.

Who is online

Users browsing this forum: db3l and 14 guests