Hello,
my network setup is the following:
Internet - Modem -RB951G - Server with port 80 website
I have one public IP-Adress and do NAT in the RB951, so that i can reach the server behind on port 80.
Is it possible to secure the access with username/passwort just for that rule in NAT/Firewall? Just a little webpage saved on the RB951 with a basic authentication? I can’t secure the webserver, because it’s an embedded electronical device.
Thank you,
patsuhiko
I don’t think that can be done.
However, what you can do is a “port knocking” protection.
E.g. you first try to connect to port 8181 and then to port 80 within some limited time.
When doing that, a rule is put in the firewall to allow port 80 from your external address for some time.
This way, the users who do not know this and try only port 80 will get no connection.
It is not as strong as a username/password but it offers some protection.
I do this with HAProxy.
Internet — Mikrotik—HAProxy
. … |–Server
Port 80 is forward to haproxy using nat on MikroTik router.
The HAProxy adds basic username authentication.
HAProxy also rederect based on url to the Server.
This way I can mix many servers in on various host using redirects and get some security.
HAProxy is free software.
But that requires a computer. The above mentioned method is done only on the router.
Seach for port knocking on the forum.
Thank you for your help! If there is no other way to do this with the RouterOS direct, then i must use a VPN connection.
Greetings,
patsuhiko
That is another way of doing it, sure.