RB5009 security after quick set

buz · May 10, 2022, 3:37pm

Noob question: I recently moved into an apartment which finally has fiber and got a RB5009 with SFP as router. In the rush to move in (and being clueless about routeros, want to learn), I set it up with quick set. Is that reasonably secure for the time being or do I urgently need to do something?

I tried to run nmap on the public IP (from another ISP) and it seemed that no ports are open, so at least it does not seem to expose any interface externally…

mkx · May 10, 2022, 4:28pm

Current default config is pretty good, don’t worry about it too much.

buz · May 10, 2022, 4:35pm

Thanks, reassuring.

jbl42 · May 10, 2022, 5:03pm

The RB5009 quick set config gives you the equivalent of a normal “dumb” home NAT router:

DHCP client towards WAN
DHCP server for LAN
DNS server for LAN (forwarding to DNS received by DHCP client on WAN)
srcNAT (masquerade) towards LAN
all connections LAN → WAN allowed
all connections WAN → LAN blocked
no open ports on WAN
all ports running running with PVID 1
WAN on ether1 and LAN bridged on ether2-8 (VLAN filtering disabled)

as @mkx has noted, this is pretty safe
and also a very good starting point for further customization

buz · May 10, 2022, 6:28pm

Perfect, that’s what I was hoping for.

This will just fine for now (except I use SFP for wan but thankfully there was an option for that ). So once the dust from the move settles, I’ll start poking around.

anav · May 10, 2022, 7:16pm

When you do start to dabble. Do not venture to youtube it will fill your head with bad ideas and wasted years of your life.
KISS - https://forum.mikrotik.com/viewtopic.php?t=180838