RouterOS default configuration

Beelze · May 27, 2014, 7:30am

I got the PHP API working yesterday after changing

4   ;;; default configuration
     chain=input action=drop in-interface=ether1-gateway

to

4   ;;; default configuration
     chain=input action=accept in-interface=ether1-gateway

I was hoping I could load configuration files into the router with the API without having to change the firewall filter options.
After changing the that firewall rule I was finally able to connect with API port 8728. Is there a way around this, DHCP maybe?

scotthammersley · May 27, 2014, 3:52pm

You really need to add a rule that specifically allows your API server to talk to the MT, not the whole world.

Place this before the default configuration of the firewall.

/ip firewall filter
add chain=input action=accept in-interface=ether1-gateway src-address=“YOUR_API_SERVER_IP”

Beelze · May 28, 2014, 8:19am

Oh sure, I will do that then. Ideally I was looking for a way to configure the router with just the use of the dhcp client on ether1 and the API server without going into the CLI.

But I guess there is no other way to communicate with the API server then to add a firewall filter rule.

janisk · May 28, 2014, 8:44am

if you are connecting to ether1-gateway - no there is no other way, there is no way on how to connect to presumably external interface. Also, while examples here and examples on wiki are for CLI, same applies to winbox or webfig.

Also, if router comes in new, usually it is set up to boot with flashfig enabled. That might help you a bit.

Beelze · May 28, 2014, 9:06am

Hmm, this could be something I can use. I see that you need a windows computer with Netinstall/Flashfig installed. I don’t use anything that is windows based.

My current setup is that I have a linux server that will be on the same broadcast domain as the CPE. The CPE gets an IP-address from a DHCP server (there is a DHCP-relay in between) on the standard dhcp-client interface (ether1-gateway).
The linux server has configuration files stored for RouterOS clients. Is there a way I can make flashfig work with this setup? Or do I need to prepare the CPE before placing it at a customer’s premises?

janisk · May 28, 2014, 9:52am

you can use wine to run netinstall tool.

Beelze · May 28, 2014, 10:06am

I can use wine on the Linux server (ubuntu server 12.04 LTS)?

janisk · May 28, 2014, 10:13am

netinstall will require GUI to configure it. Temporary KVM guest linux running wine could solve the issue.

Beelze · May 28, 2014, 10:46am

janisk, thanks a lot for replying to my posts. This will help me a lot in my project