I get timeout when running:
ssh admin@192.168.88.1
ssh: connect to host 192.168.88.1 port 22: Connection timed out
attached are all my configurations
I tried to force a allow firewall, still does not work
(check image attached)
Well I would never publish what ports I am using in general, for example I dont use port 22 or 8291 for my services.
All others are not secure at all and are turned off.
Please post entire config
/export hide-sensitive file=anynameyouwish
and then we can make more progress on your issues.
anav, thanks a lot for the quick answer
here is my export file:
https://file.io/kuuWKrHp
https://we.tl/t-4FUv4k7c0c
if you can´t open it, let me know please
Its better to post the file in the post here. Click the Attachments under the post and add the file, like this:
export-data_clean.rsc (3.93 KB)
Or just cut and past the code inn to the post with code tags </> like this:
# may/10/2020 21:53:59 by RouterOS 6.45.2
# software id = ZJ3M-ESHW
#
#
#
/interface ethernet
set [ find default-name=ether2 ] disabled=yes mac-address=08:00:27:D4:54:CA
/interface wireless security-profiles
set [ find default=yes ] supplicant-identity=MikroTik
/ip pool
add name=dhcp_pool0 ranges=192.168.88.2-192.168.88.254
/ip dhcp-server
add address-pool=dhcp_pool0 disabled=no interface=ether1 name=dhcp1
/port
set 0 baud-rate=9600 data-bits=8 flow-control=none name=usb2 parity=none \
stop-bits=1
set 1 baud-rate=9600 data-bits=8 flow-control=none name=usb3 parity=none \
stop-bits=1
set 2 baud-rate=9600 data-bits=8 flow-control=none name=usb5 parity=none \
stop-bits=1
/interface ppp-client
add add-default-route=no apn=xxx.com.br dial-on-demand=no name=xxx-USB3 \
phone=*99# port=usb3 user=xxx
add add-default-route=no apn=gprs.xxx.com.br data-channel=2 dial-on-demand=no \
info-channel=2 name=xxx-USB2 phone=*99***1# port=usb2 user=xxx
add apn=timebrasil.br dial-on-demand=no disabled=no name=xxxUSB3 phone=*99# \
port=usb3 user=tim
add apn=zap.xxx.com.br dial-on-demand=no name=xxx-USB5 phone=*99# port=usb5 \
user=xxx
/interface detect-internet
set detect-interface-list=all
/ip address
add address=192.168.88.1/24 interface=ether1 network=192.168.88.0
/ip cloud
set update-time=no
/ip dhcp-server network
add address=192.168.88.0/24 dns-server=8.8.8.8 gateway=192.168.88.1
/ip firewall filter
add action=accept chain=input dst-port=22 protocol=tcp src-address=\
192.168.15.13
/ip firewall mangle
add action=mark-connection chain=input disabled=yes in-interface=xxx-USB2 \
new-connection-mark=WAN2_conn passthrough=yes
add action=mark-connection chain=input disabled=yes in-interface=xxx-USB3 \
new-connection-mark=WAN1_conn passthrough=yes
add action=mark-connection chain=input disabled=yes in-interface=xxx-USB5 \
new-connection-mark=WAN3_conn passthrough=yes
add action=mark-routing chain=output connection-mark=WAN1_conn \
new-routing-mark=to_WAN1 passthrough=yes
add action=mark-routing chain=output connection-mark=WAN2_conn \
new-routing-mark=to_WAN2 passthrough=yes
add action=mark-routing chain=output connection-mark=WAN3_conn \
new-routing-mark=to_WAN3 passthrough=yes
/ip firewall nat
add action=masquerade chain=srcnat disabled=yes out-interface=xxx-USB2
add action=masquerade chain=srcnat disabled=yes out-interface=xxx-USB5
add action=masquerade chain=srcnat disabled=yes out-interface=xxx-USB3
/ip route
add distance=1 gateway=xxx-USB3 routing-mark=to_WAN1
add distance=1 gateway=xxx-USB2 routing-mark=to_WAN2
add distance=1 gateway=xxx-USB5 routing-mark=to_WAN3
add check-gateway=ping distance=1 gateway=xxx-USB2,xxx-USB5,xxx-USB3
/system logging
add topics=ppp
/system scheduler
add disabled=yes interval=15m name=3g-dongles-restart on-event=\
3g-dongles-restart policy=\
ftp,reboot,read,write,policy,test,password,sniff,sensitive,romon \
start-time=startup
add disabled=yes interval=30s name=xxxrestart on-event=xxxrestart policy=\
ftp,reboot,read,write,policy,test,password,sniff,sensitive,romon \
start-time=startup
/system script
add dont-require-permissions=no name=3g-dongles-restart owner=admin policy=\
ftp,reboot,read,write,policy,test,password,sniff,sensitive,romon source="\
\r\
\n/interface ppp-client disable xxx-USB2\r\
\n:delay 300s\r\
\n/interface ppp-client enable xxx-USB2\r\
\n:delay 10s\r\
\n/interface ppp-client disable xxx-USB5\r\
\n:delay 300s\r\
\n/interface ppp-client enable xxx-USB5\r\
\n:delay 10s\r\
\n/interface ppp-client disable xxx-USB3\r\
\n:delay 300s\r\
\n/interface ppp-client enable xxx-USB3\r\
\n:delay 10s\r\
\n"
add dont-require-permissions=no name=xxxrestart owner=admin policy=\
ftp,reboot,read,write,policy,test,password,sniff,sensitive,romon source="\
\r\
\n/interface ppp-client disable xxxUSB3\r\
\n:delay 5s\r\
\n/interface ppp-client enable xxxUSB3\r\
\n:delay 5s\r\
\n"
If you try to access router from a public IP do use VPN. IF VPN can not be used, take care and secure your router vell, some like this:
- Use another port than default.
- Use port knocking. This prevents someone from seeing open ports.
- Use a long and good password.
- Use access list to prevent any random internet from accessing your router.
- Log everything. (See my signature for example.)
- If possible setup the remote router to connect using VPN to an admin site.
7.++++
Clearly we need more info.
What is the IP address of the system (“speedio-26”) you are launching the SSH-command from ?
Because it could be caused by something in between, we have no clue.
This is a wired system ? Wireless ?
If wired, is it directly connected to the Mikrotik, switches in between ? etc,etc,etc,etc.
Everytime I see you post jvan I get hungry for belgium chocolates 
Yes, i network diagram may be helpful in this case.
Get rid of this rule it does nothing useful and causes problems.
/interface detect-internet
set detect-interface-list=all
Your router setup is confusing and crap.
Okay so you only have one lan port ether1 and you have three ports dedicated to three difference WAN connections…
Where are your firewall rules… this router is not safe facing the internet, DANGER.
The one rule you have is not correct and should not be in the input chain and is incorrect in so many ways to sunday…
/ip firewall filter
add action=accept chain=input dst-port=22 protocol=tcp src-address=
192.168.15.13
Suggest, you draw a diagram of your network.
They are indeed not bad 
Are you effectively residing in Nova Scotia Canada ?
We have excellent chocolates (and beers etc), you have some awesome outdoors & nature…
To the topic-starter : yes, draw up a little diagram too! 
I prefer Spanish beer with my tapas, but Belgium beer is not bad.
Yes Nova Scotia, although I would rather be in Espana (but not now of course).
If I had to choose Europe, I would choose Portugal at the moment, the wine, the food and astounding lack of coronavirus.
ok, let´s go:
Here is the diagram attached.
I am running Mikrotik OS (192.168.88.1) in a Oracle VirtualBox running under Ubuntu.
I am trying to connect Ubuntu (speedio-26, ip: 192.168.15.13) to Mikrotik OS via SSH. Connection via winbox works perfectly.
The system is 100% wired. Mikrotik is not exposed to the internet
I expected this somewhat …
There is some confusing aspects
-
“ether1” yet it seems connected to some Wifi WLAN adapter ?
Since you run the Mikrotik as a VM, I guess you have BRIDGED networking onto the network on which the Ubuntu (=HOST) is running ?? -
I see 2x the gateway of 192.168.15.1 using 2 different interfaces (USB WLAN “dongle” and the “ether1” which is bridged network on the Ubuntu NIC ?
Using Winbox, note that it can work without IP-addresses, it can find Mikrotik-devices using L2/MAC directly. I wonder if you are making a connecting using this method…
Did press the “discover” button or something ? You run the Winbox client on Ubuntu using Wine?
On your Ubuntu machine, can you issue a “ping 192.168.88.1” and then “arp -a”
This is definitely a help task requiring Belgium finesse and craftsmanship and not Canadian Duct Tape.
I can be many reasons why it does not work…
I advise you to start over, re-deploy the VM again with only 1 interface and make sure this interface is effectively in the LAN as your Ubuntu VM 192.168.15.x
In your config you posted I cannot find a single interface having any 192.168.15.x assigned to it.
How are you going from a jump from 192.168.15.x to 192.168.88.1 ??
In you current setup, which device has 192.168.15.1 ? (what you call “gateway” on your picture)