Community discussions

MUM Europe 2020
 
n4yeem
newbie
Topic Author
Posts: 25
Joined: Wed Dec 18, 2013 8:26 pm

MikroTik Graphing-Restrict LAN users from viewing!!!

Fri Feb 19, 2016 2:14 pm

Hi

I have two mikrotik in my network. one work as a core router to maintaining the connectivity with my provider. another router is managing the clients. all customers are connected via PPPoe and Hotspot

Router1:

Eth1- WAN (connected to my provider)
ETH5- LAN (192.168.10.254/24)

Router2:

Eth1-WAN-192.168.10.1 (Wan)
Eth5--LAN- PPPoe -172.16.0.1//24,Hotspot 10.0.0.1/24

I do not want my lan users to see the graphs. is there any way to to restrict it. I can allow the ip's on graphing settings but i would like to monitor it from my home where i will be connected as a local lan user. Can i change the port number so that i can only access the graphs by typing x.x.x.x:portnumber/graphs .Not sure if its possible as I am not a expert mikrotik user. Customer can see the Gateway IP when they do a trace route (192.168.10.254). People who have knowledge about graphs can see my core routers graphs easily.

Expert advice will be highly appreciated.
 
kiaunel
Member Candidate
Member Candidate
Posts: 211
Joined: Mon Jul 21, 2014 7:59 pm
Location: Romania

Re: MikroTik Graphing-Restrict LAN users from viewing!!!

Fri Feb 19, 2016 2:41 pm

There are two options.
1. change www server port in ip--> services , from winbox
2. drop from firewall access subnet to ip of mikrotik on port 80 but allow your ip
 
n4yeem
newbie
Topic Author
Posts: 25
Joined: Wed Dec 18, 2013 8:26 pm

Re: MikroTik Graphing-Restrict LAN users from viewing!!!

Fri Feb 19, 2016 2:57 pm

There are two options.
1. change www server port in ip--> services , from winbox
2. drop from firewall access subnet to ip of mikrotik on port 80 but allow your ip


Thanks for your advice. But my issue is I myself is a LAN user at home connected via PPPoE to my network. How can i view the graphs at home when connected via PPPoE (Dynamic IP). Cannot allow my ip as the IP keep changing . I do not want other users to view the graphs. any thoughts on how to do it? Thanks in advance.
 
kiaunel
Member Candidate
Member Candidate
Posts: 211
Joined: Mon Jul 21, 2014 7:59 pm
Location: Romania

Re: MikroTik Graphing-Restrict LAN users from viewing!!!

Fri Feb 19, 2016 3:16 pm

In this situation only option 1 is for you.
But, there is a way also, : configure a vpn server on mikrotik, give vpn client an address space diferent from your users and allow only that subnet to view graphs.
 
Arcee
Member Candidate
Member Candidate
Posts: 267
Joined: Fri Jun 27, 2014 2:33 pm

Fri Feb 19, 2016 3:20 pm

Yup. That's the way I do it.... VPN in and give the VPN pool access to the graphs.

Sent from my SM-G920I using Tapatalk
 
n4yeem
newbie
Topic Author
Posts: 25
Joined: Wed Dec 18, 2013 8:26 pm

Re: MikroTik Graphing-Restrict LAN users from viewing!!!

Fri Feb 19, 2016 3:24 pm

In this situation only option 1 is for you.
But, there is a way also, : configure a vpn server on mikrotik, give vpn client an address space diferent from your users and allow only that subnet to view graphs.

Thanks. I have changed the port number from ip--> services. Now i have to view the graphs by typing x.x.x.x:portnumber/graphs. this should be enough to restrict the clients from viewing the graphs as no one apart from me knows the port number. :D :lol: :lol:
 
kiaunel
Member Candidate
Member Candidate
Posts: 211
Joined: Mon Jul 21, 2014 7:59 pm
Location: Romania

Re: MikroTik Graphing-Restrict LAN users from viewing!!!

Fri Feb 19, 2016 3:40 pm

In this situation only option 1 is for you.
But, there is a way also, : configure a vpn server on mikrotik, give vpn client an address space diferent from your users and allow only that subnet to view graphs.

Thanks. I have changed the port number from ip--> services. Now i have to view the graphs by typing x.x.x.x:portnumber/graphs. this should be enough to restrict the clients from viewing the graphs as no one apart from me knows the port number. :D :lol: :lol:
Also, keep in mind you changed the whole webserver configuration port, so if you are outside your network and use webpage, not winbox, input port after ip to get on the webfig.
 
n4yeem
newbie
Topic Author
Posts: 25
Joined: Wed Dec 18, 2013 8:26 pm

Re: MikroTik Graphing-Restrict LAN users from viewing!!!

Fri Feb 19, 2016 3:46 pm

In this situation only option 1 is for you.
But, there is a way also, : configure a vpn server on mikrotik, give vpn client an address space diferent from your users and allow only that subnet to view graphs.

Thanks. I have changed the port number from ip--> services. Now i have to view the graphs by typing x.x.x.x:portnumber/graphs. this should be enough to restrict the clients from viewing the graphs as no one apart from me knows the port number. :D :lol: :lol:
Also, keep in mind you changed the whole webserver configuration port, so if you are outside your network and use webpage, not winbox, input port after ip to get on the webfig.
Thanks. I will. Thanks for your suggestion.
 
User avatar
grusu
Member Candidate
Member Candidate
Posts: 105
Joined: Tue Aug 13, 2013 7:35 am
Location: Bucharest, Romania

Re: MikroTik Graphing-Restrict LAN users from viewing!!!

Fri Feb 19, 2016 4:59 pm

There are two options.
1. change www server port in ip--> services , from winbox
2. drop from firewall access subnet to ip of mikrotik on port 80 but allow your ip


Thanks for your advice. But my issue is I myself is a LAN user at home connected via PPPoE to my network. How can i view the graphs at home when connected via PPPoE (Dynamic IP). Cannot allow my ip as the IP keep changing . I do not want other users to view the graphs. any thoughts on how to do it? Thanks in advance.

You can set an "Address list" with your home IP in firewall and resolve this IP with a script on every x minutes.
I have such a configuration on routers that I manage.
I allow access to router for administration only from this address and the stationary adresses that I manage.
 
User avatar
ZeroByte
Forum Guru
Forum Guru
Posts: 4051
Joined: Wed May 11, 2011 6:08 pm

Re: MikroTik Graphing-Restrict LAN users from viewing!!!

Fri Feb 19, 2016 7:29 pm

You should really consider giving yourself a "privileged" IP address - i.e. one that's not part of the general users' pools.
When given a spoon,
you should not cling to your fork.
The soup will get cold.

Who is online

Users browsing this forum: No registered users and 28 guests