CHECK MY CONFIGURATION

RouterOS Beginner Basics
1

Please correct me if ive done something bad or if i need to change something, im only newbie.

# 2024-11-30 19:49:17 by RouterOS 7.17rc2
#
# model = E50UG
/interface ethernet
set [ find default-name=ether1 ] name=ether1-ISP
set [ find default-name=ether2 ] name=ether2-Client1-Peypey
set [ find default-name=ether3 ] name=ether3-Client2-Andy
set [ find default-name=ether4 ] name=ether4-Home
set [ find default-name=ether5 ] name=ether5-Voucher-AP
/ip pool
add name=dhcp_pool1 ranges=192.168.69.1,192.168.69.3-192.168.69.254
/ip dhcp-server
add address-pool=dhcp_pool1 interface=ether5-Voucher-AP lease-time=1d name=\
    dhcp1
/ppp profile
add local-address=10.10.10.1 name=Andy-100Mbps only-one=yes rate-limit=\
    100M/100M remote-address=10.10.10.3 use-compression=no use-encryption=no
add local-address=10.10.10.1 name=Peypey-20Mbps only-one=yes rate-limit=\
    20M/20M remote-address=10.10.10.2 use-compression=no use-encryption=yes
add local-address=10.10.10.1 name=ivan only-one=yes rate-limit=130M/130M \
2

Hi!

First, please have a look at the

code

tag. That makes it easier to read configs.

Second, I will go with this being a test configuration.

ip firewall filter

Incomplete at best, for example it permits DNS requests on the WAN interface, which means anyone can query your device for DNS which is not recommended.

You block ping from all interfaces, including the local ones, which is counterproductive.

You are not blocking winbox (enabled as a service) from any source, it is reachable on the WAN interface, which is a big no-no. Similarly, you are not blocking ssh.

I don’t see any forward rules, likely you are not filtering anything either way.

ip service

You should restrict the allowed sources for whatever is needed. For example winbox is permitted but not restricted.

time

No ntp server set. Consider adding one to make sure your device is time synced.

Other than that, either you amputated the configuration or it is missing a ton of things, for example there is no interface list, where the default has WAN and LAN.

3

It seems to me like you have no (sensible) firewall filter rules. This can be very dangerous, your router (and network) is essentially open from the outside.
On the other hand you have some not-so-common more advanced settings (ovpn. queues, etc.).
It seems like it was configured by someone familiar with Ros and then “mutilated” by someone else (I cannot believe that a knowledgeable user would leave a router open like yours).
Check the advice given here:
http://forum.mikrotik.com/t/am-i-using-soho-firewall-or-not/180401/1
for some needed firewall rules settings.

4

Fixed.