IP / Services

RouterOS General
1

First time using MT RB - RB750UP running v5.22 using WebFig. Four issues:

  1. Why isn’t DNS listed as service? Doesn’t seem to be any way to limit/control which interface/address DNS available on.

  2. Why isn’t DHCP listed? Can be controlled via separate DHCP menus, but seems awkward and inconsistent.

  3. Why isn’t there an “available from” column for interfaces. Restricting to addresses seems very inflexible.

  4. I am designating addresses in “available from” fields but it does not work. For example, one interface is 192.168.1.1, another is 192.168.2.1. If I designate “192.168.1.0/24” in “available from” for www, I can still access WebFig using 192.168.2.1 as address.

Thanks!

2

welcome to the forums. Now, to the point:

Four issues:

  1. Why isn’t DNS listed as service? Doesn’t seem to be any way to limit/control which interface/address DNS available on.

it is not enabled by default and is not that much a service for the router but is a service for users that are using connection provided by the router. if you want to limit access to DNS service you will have to use ‘/ip firewall filter’ menu for that.

  1. Why isn’t DHCP listed? Can be controlled via separate DHCP menus, but seems awkward and inconsistent.

similar to DNS, it is service used by customer, so it is placed under ‘/ip’. There are 3 different things - dhcp-server, dhcp-client and dhcp-relay. About configuration of these you can check on wiki.mikrotik.com

  1. Why isn’t there an “available from” column for interfaces. Restricting to addresses seems very inflexible.

these are simple options to make it easier for users to secure their network. If you need more advanced settings you can easily head over to ‘/ip firewall filter’ and set up whatever access policy you have for whatever you can control access to.

  1. I am designating addresses in “available from” fields but it does not work. For example, one interface is 192.168.1.1, another is 192.168.2.1. If I designate “192.168.1.0/24” in “available from” for www, I can still access WebFig using 192.168.2.1 as address.

not sure about this, as my testing showed, this feature worked correctly for me (in 6.0rc8 and 5.22). Setting network or an address restricted access from all the other networks not covered by network address i set in available-from.

all that fancy ‘/ip firewall filter’ can be accompanied by ‘/ip firewall address-list’ configuration to enable even more features.

Also here in the forums and on wiki.mikrotik.com you can find samples on how to effectively secure/protect your router and network behind it.