Page 1 of 1

Can't connect to Mikrotik from outside

Posted: Thu Sep 27, 2018 3:06 pm
by hermes101
hi there,
trying to connect to my Mikrotik RB750 from outside with winbox 3.18 with IP address or with MAC address, but no luck.
It is connecting from local area, but not from outside.
Every time: Error: could not connect to xxx.xxx.xxx.xxx
Ping to this address ok, and it is right 100%
What can be main reason?

Re: Can't connect to Mikrotik from outside

Posted: Thu Sep 27, 2018 3:14 pm
by jarda
Correctly set firewall.

Re: Can't connect to Mikrotik from outside

Posted: Thu Sep 27, 2018 6:39 pm
by solar77
accept tcp port 8291 on input chain, set in-interface to be your WAN interface, normally ether1.
However you want to limit access to this port by set source IP from which you allow only. Also make sure you are on latest firmware.

Re: Can't connect to Mikrotik from outside

Posted: Thu Sep 27, 2018 9:52 pm
by AlainCasault
Just one comment.

Make sure you know what you're doing before doing that.

You might (will) be in a word of pain opening winbox to the internet.

Regards,


Sent from Tapatalk


Re: Can't connect to Mikrotik from outside

Posted: Fri Sep 28, 2018 3:16 pm
by stoser
accept tcp port 8291 on input chain, set in-interface to be your WAN interface, normally ether1.
However you want to limit access to this port by set source IP from which you allow only. Also make sure you are on latest firmware.
1) Recommend to change the winbox port as well, as most robots look for the default port.
2) Don't forget to set the new port and activate the winbox service In IP/services
3) Look up port knocking and implement it, it will add a layer of security if you frequently log in from the outside
4) If possible, limit outside access to specific IP addresses
5) Don't forget to block ICMP requests from the outside in your firewall as well, robots often use it as a first attempt.

Re: Can't connect to Mikrotik from outside

Posted: Sat Sep 29, 2018 4:09 pm
by Sob
If you limit access to port from outside (using whitelist or port knocking), you don't need to change the number. Even if you keep default, nobody will be able to connect to it anyway.

And blocking icmp, why? If I'd be writing robot looking for winbox, I wouldn't bother with pings at all, I'd try to connect to tcp/8291 right away and see if there's any response. Pinging the address before is unnecessary extra step.

Re: Can't connect to Mikrotik from outside

Posted: Thu Oct 11, 2018 1:17 pm
by hermes101
Thank you Guys for reply, it helps. Sorry Im replying so late....
What I did:
1. Checked service Winbox is enabled.
2. Then, IP -> Firewall -> Filter rules -> Add new ->chain: input, Protocol: 6(tcp), Dst.port: 8291, In.interface:ether1, Action: Accept
And all works!!!

Jarda! this not the answer... better not answer at all with comments like this...

Re: Can't connect to Mikrotik from outside

Posted: Thu Oct 11, 2018 1:18 pm
by normis
You forgot to specify the IP address you allow connections from! Because right now, your device is open to the world (hackers)

Re: Can't connect to Mikrotik from outside

Posted: Thu Oct 11, 2018 2:24 pm
by erlinden
Can you please post your public IP address?

:lol:

Re: Can't connect to Mikrotik from outside

Posted: Fri Oct 12, 2018 8:09 am
by hermes101
Sure Normis, thank you for notice...
I just explained what I did to resolve my main issue ;-)