I have two mikrotik in my network. one work as a core router to maintaining the connectivity with my provider. another router is managing the clients. all customers are connected via PPPoe and Hotspot
Router1:
Eth1- WAN (connected to my provider)
ETH5- LAN (192.168.10.254/24)
I do not want my lan users to see the graphs. is there any way to to restrict it. I can allow the ip’s on graphing settings but i would like to monitor it from my home where i will be connected as a local lan user. Can i change the port number so that i can only access the graphs by typing x.x.x.x:portnumber/graphs .Not sure if its possible as I am not a expert mikrotik user. Customer can see the Gateway IP when they do a trace route (192.168.10.254). People who have knowledge about graphs can see my core routers graphs easily.
Thanks for your advice. But my issue is I myself is a LAN user at home connected via PPPoE to my network. How can i view the graphs at home when connected via PPPoE (Dynamic IP). Cannot allow my ip as the IP keep changing . I do not want other users to view the graphs. any thoughts on how to do it? Thanks in advance.
In this situation only option 1 is for you.
But, there is a way also, : configure a vpn server on mikrotik, give vpn client an address space diferent from your users and allow only that subnet to view graphs.
Thanks. I have changed the port number from ip–> services. Now i have to view the graphs by typing x.x.x.x:portnumber/graphs. this should be enough to restrict the clients from viewing the graphs as no one apart from me knows the port number.
Also, keep in mind you changed the whole webserver configuration port, so if you are outside your network and use webpage, not winbox, input port after ip to get on the webfig.
You can set an “Address list” with your home IP in firewall and resolve this IP with a script on every x minutes.
I have such a configuration on routers that I manage.
I allow access to router for administration only from this address and the stationary adresses that I manage.
