Community discussions

MikroTik App
 
GotNet
Member
Member
Topic Author
Posts: 434
Joined: Fri May 28, 2004 7:52 pm
Location: Florida

WinBox Download

Wed Feb 01, 2006 7:29 pm

We block port 80 from our MikroTik box to prevent access to the default web page. Has anyone found a way to grab a WinBox download or update without HTTP? I see some workarounds like placing winbox.exe in the files area or using a different port but maybe there is a more practical method.

On a related note, we ran with a two year old version of winbox until several months ago. Guess I thought "downloading plugins" after a router upgrade also updated winbox.

Mike
 
cmit
Forum Guru
Forum Guru
Posts: 1547
Joined: Fri May 28, 2004 12:49 pm
Location: Germany

Thu Feb 02, 2006 11:22 am

I suppose you mean that you block port 80 access TO your MikroTik, right?

Why not create some way for ONLY YOU to use it? So if you come from a fixed ip address, create some firewall rule to allow access from there. Or create an administrative VPN tunnel to your MikroTik (IPsec, PPTP)...

I don't think there's another (automatic) way to get the DLL files for the WinBox from your router. Apart perhaps from connecting to some system with the same software version once, and then copy over the DLLs from this system to the other one you use.
But that's a rather ugly hack, as with every update you will manually have to re-do this... :(

Best regards,
Christian Meis
 
savage
Forum Guru
Forum Guru
Posts: 1263
Joined: Mon Oct 18, 2004 12:07 am
Location: Cape Town, South Africa
Contact:

Thu Feb 02, 2006 2:00 pm

Cmit is right on the spot here. If multiple hosts should be allowed to access the MT via WebBox, use a access list. Winbox requires both port 80 and some other arb port, both are *required*.

The easiest way here, would be to block 80/tcp, but allow it for only certain hosts that are required to make the connection. We normally just block 80 on our external interfaces, and allow it on our internal ones (not 100% secure, but it gets the job done).
 
User avatar
normis
MikroTik Support
MikroTik Support
Posts: 26322
Joined: Fri May 28, 2004 11:04 am
Location: Riga, Latvia

Thu Feb 02, 2006 4:17 pm

winbox doesn't need port 80 in 2.9
 
cibernet
Long time Member
Long time Member
Posts: 610
Joined: Fri Jan 28, 2005 7:22 pm
Location: Marcos Juárez, Córdoba, Argentina
Contact:

Thu Feb 02, 2006 5:19 pm

winbox doesn't need port 80 in 2.9
That´s right winbox use port 8291 for secure access...

What version of MT do you have installed?
 
savage
Forum Guru
Forum Guru
Posts: 1263
Joined: Mon Oct 18, 2004 12:07 am
Location: Cape Town, South Africa
Contact:

Thu Feb 02, 2006 7:43 pm

2.9 for me. Sorry yes, I was mistaken, must have thought of the 2.8 days :D

Tested, and 80/tcp is definately not required. My appologies :)
 
GotNet
Member
Member
Topic Author
Posts: 434
Joined: Fri May 28, 2004 7:52 pm
Location: Florida

Thu Feb 02, 2006 8:00 pm

winbox doesn't need port 80 in 2.9
That´s right winbox use port 8291 for secure access...

What version of MT do you have installed?
We are on 2.9.x. While we are aware that port 80 is not required (and thanks MT for that feature!) to run, it is to download the exe.

And yes, Cmit, "to" MT.
 
User avatar
gustkiller
Member
Member
Posts: 419
Joined: Sat Jan 07, 2006 5:15 am
Location: Brazil
Contact:

Mon Feb 06, 2006 3:16 am

just use another port for the http server
like 6980 or somehing..
 
cibernet
Long time Member
Long time Member
Posts: 610
Joined: Fri Jan 28, 2005 7:22 pm
Location: Marcos Juárez, Córdoba, Argentina
Contact:

Mon Feb 06, 2006 4:19 am

just use another port for the http server
like 6980 or somehing..
Winbox doesn´t need to use the http server to log in on MT 2.9.X.

Regards
 
GotNet
Member
Member
Topic Author
Posts: 434
Joined: Fri May 28, 2004 7:52 pm
Location: Florida

Mon Feb 06, 2006 6:55 pm

just use another port for the http server
like 6980 or somehing..
Winbox doesn´t need to use the http server to log in on MT 2.9.X.

Regards
HTTP is required to download winbox.
I think the alternate port is the best clean solution. As far as upgrading winbox, a tool that would grab the latest from the router during execution would be cool...

Mike
 
cibernet
Long time Member
Long time Member
Posts: 610
Joined: Fri Jan 28, 2005 7:22 pm
Location: Marcos Juárez, Córdoba, Argentina
Contact:

Wed Feb 08, 2006 3:29 pm

just use another port for the http server
like 6980 or somehing..
Winbox doesn´t need to use the http server to log in on MT 2.9.X.

Regards
HTTP is required to download winbox.
I think the alternate port is the best clean solution. As far as upgrading winbox, a tool that would grab the latest from the router during execution would be cool...

Mike
What's new in v2.9beta1:
*) winbox now uses only "one" TCP port to get plug-ins and send data....

You can always download winbox from http://demo.mt.lv

Regards
 
GotNet
Member
Member
Topic Author
Posts: 434
Joined: Fri May 28, 2004 7:52 pm
Location: Florida

Mon Mar 13, 2006 8:24 pm

just use another port for the http server
like 6980 or somehing..
Winbox doesn´t need to use the http server to log in on MT 2.9.X.

Regards
HTTP is required to download winbox.
I think the alternate port is the best clean solution. As far as upgrading winbox, a tool that would grab the latest from the router during execution would be cool...

Mike
What's new in v2.9beta1:
*) winbox now uses only "one" TCP port to get plug-ins and send data....

You can always download winbox from http://demo.mt.lv

Regards
Well poo. That link stopped working.
How do we know when we need a new version of winbox anyway? There is no changelog and the mt versions don't match.
 
User avatar
normis
MikroTik Support
MikroTik Support
Posts: 26322
Joined: Fri May 28, 2004 11:04 am
Location: Riga, Latvia

Tue Mar 14, 2006 8:34 am

well there is always http://demo2.mt.lv :)
 
GotNet
Member
Member
Topic Author
Posts: 434
Joined: Fri May 28, 2004 7:52 pm
Location: Florida

Thu Mar 16, 2006 2:52 am

Thanks, I found it with Google. Tried the MT search and got references to versions 2.7, 2.6. and 2.3.

Grrr.

Who is online

Users browsing this forum: Ahrefs [Bot], jamesperks, johnson73, patrikg and 72 guests