Hi everyone,
I joined this forum because I’ve had an RB750Gr3 for about 5 years now. I stumbled my way through the setup to get the basics working.
Today through curiosity i opened a terminal i saw numerous connection attempts to ssh.
I look deeper and find ssh is open along with everything. actually it appears i have no inbound firewall rules at all. Meaning winbox is also open to the internet.
So i think its time i begin to watch some training vids, The first thing i find is this great MT tips https://www.youtube.com/watch?v=hMj80ZIVBQs&t=252s.
Is there a walkthough anywhere i can implement the same basic f/w rules as are in this vid?
PS I wanted to insert images to show you guys but was unable to.
update, ive looked at adding a f/w rule and in the in interface list under general the only options i have are [all, dynamic, none, static] no wan or lan.
I don’t know what the default configuration for that device looked like 5 years ago, but the default does include a firewall that will block inbound SSH and WinBox connections today.
Unless you completely screwed up when configuring that router the first time, there’s a pretty good chance the firewall was reset by a worm of some kind. I recommend that you back up your existing configuration in case it contains anything precious, then NetInstall that box back to some stable version of the firmware and select the closest QuickSet option to what you want the router to do on first boot. Manually apply as much of the configuration as remains relevant from there.
Be sure to set a strong password on the admin user. LAN worms can and will try default user names and passwords on routers, which is why RouterOS devices now ship with random passwords from the factory.
If I may guess from your use of SSH and your user name that you are a Linux user, you may find my NetInstall guide more useful than the official instructions.
Thank you for the speedy reply.
Dont let the name fool you, my linux is rudimentary at best
is Netinstall necessary or can i firmware update from within winbox?
You certainly can update that way, but if the device is sufficiently compromised (“pwned”), all you will have accomplished is given the bad guys some newer software to play with.
well netinstall it is then. taking a deep breath, wish me luck.
the netinstall package is clear, im doing this on windows.
but the routerOS main package has many download options. which should i take for my router?
Same packages/version as the ones which are currently on your device (or latest).
ROS6 or ROS7 ?
For both, the mipsbe version.
Do make sure as suggested above to first export your config and check using text editor the config is complete.
After netinstall, immediately change password on admin account.
Even better: make new user with full rights, proper password and remove admin. Log out and log in again using new credentials.
Then manually reapply the missing parts of config so you know what goes in.
It’s up to your decision whether you want to stay with v6 (truly stable version) or go with v7 (comes with some new functionality, such as wireguard and better support for switch chip on your device but is being pretty intensively developed meaning there are quite a few bugs and you’d have to upgrade frequently for this reason).
After you decide about ROS version, you want to get package for platform MMIPS (RB750Gr3 is a MMIPS and not MIPSBE as @holvoetn wrote)..
Thank you to people, hopefully I’ll get onto this today.
Thank you to holvoetn, tangent, and mkx for the support.
I’ll post back once done if i have internet access LOL
