Dear all,
I am running GNU/Linux, so I am using only serial console and https admin.
Currently, I am testing the RB5009UG+S+IN and I locked it with a wrong IP firewall rule.
Is there a way to unlock it?
I am quite surprised there is no unlocking rule (like under OpenWRT),.
I am thinking about allowing TCP port 22 on an ethernet port to allow unconditional SSH access.
What would be your recommendation?
Kind regards,
FF
For starters get winbox … although it’s windows executable, it runs just fine under wine on linux.
Winbox allows MAC connectivity and that one is not subject to IP (or IPv6) firewall. Blocking this access is done under /tool mac-server sub-tree.
Another solution is hardware (involves wireless): WOOBM.
Next time you perform potentially dangerous configuration, enable safe-mode (available in both GUIs and CLI). If management connection breaks (due to any reason, but most often that’s due to new configuration), device will revert configuration to state at point safe-mode was enabled - so make sure you exit safe mode when you’re done before manually closing management connection.
Instead of Winbox, you may also use mac-telnet on another Mikrotik device if you happen to have one. This includes a CHR.
Many thanks for the information.
Next question: how to disable Woobm-USB on a Mikrotik device?
i.e. how to disable USB completely.