Community discussions

MikroTik App
 
Adel95
just joined
Topic Author
Posts: 2
Joined: Sun Dec 06, 2020 12:58 pm

Blocking non-developers

Mon May 10, 2021 1:46 pm

I have a web service that is used by developers and can be accessed from the internet via a global IP
Image
This service is connected to a mobile application that is used by normal users. I don't want users to write 185.x.x.x:x and be able to access the web service.
How can I only restrict access to developers and the mobile application only?
here's a link to the image I'm trying, but failing to view here
https://drive.google.com/file/d/1KfwVCS ... sp=sharing
 
User avatar
anav
Forum Guru
Forum Guru
Posts: 18958
Joined: Sun Feb 18, 2018 11:28 pm
Location: Nova Scotia, Canada
Contact:

Re: Blocking non-developers

Tue May 11, 2021 2:21 pm

Create a firewall address list of the WANIPs from your developers.
IF they dont have a static IP then tell them to get a free dyndns account (easily available).

add address=PublicIP1 list=developers comment=developerGeorge
add address=PublicIP2 list=developers comment=developerAlice
add address=PublicIP3 list=developers comment=developer Tony

Where public IP can be an IP address or dyndns domain name.

The firewall address list will be used in a destination nat rule to be used in the port forwarding rule for the server.
add chain=dstnat action=dst-nat protocol=tcp dst-port=xxxx in-interface-list=WAN \
src-address-list=developers to-addresses=IPofServer to-ports=yyyyy ( to ports only required if dst port is translated to a different internal port)
 
User avatar
rextended
Forum Guru
Forum Guru
Posts: 11967
Joined: Tue Feb 25, 2014 12:49 pm
Location: Italy
Contact:

Re: Blocking non-developers

Tue May 11, 2021 3:18 pm

Where is the MikroTik device?
 
Adel95
just joined
Topic Author
Posts: 2
Joined: Sun Dec 06, 2020 12:58 pm

Re: Blocking non-developers

Sat May 22, 2021 10:44 am

Anav
This will make users unable to use the mobile app that is connected to web service
I guess there's no way to do my requirement
 
User avatar
rextended
Forum Guru
Forum Guru
Posts: 11967
Joined: Tue Feb 25, 2014 12:49 pm
Location: Italy
Contact:

Re: Blocking non-developers

Sat May 22, 2021 10:55 am

Anav
This will make users unable to use the mobile app that is connected to web service
I guess there's no way to do my requirement

Where is the MikroTik device?
 
User avatar
jvanhambelgium
Forum Veteran
Forum Veteran
Posts: 985
Joined: Thu Jul 14, 2016 9:29 pm
Location: Belgium

Re: Blocking non-developers

Sat May 22, 2021 11:14 am

Anav
This will make users unable to use the mobile app that is connected to web service
I guess there's no way to do my requirement
Well, if you manage / wrote the mobile app yourself, there is always the option to introduce some form of "port-knocking"

1) Developers should, before they start they work, issue a port-knock sequence to your device to "open up". There are "port-knock" apps for Android no problem.
2) Ordinary users, not using your mobile app, will face a public IP that is completely closed, no backend web-service acessible
3) App-users : the app first launches the port-knock sequence in correct order, the ACL is dynamicly adjusted and their public-IP is added to the list. Then the app can use the DNAT and reach the backend webservice.

The only drawback -> offcourse traffic could be sniffed, so advanced users can figure out the knock-sequence you issue to open up. But let's be real, 99.999999% is not going to investigate your app to see what traffic it emits etc,etc.

I know, this is seriously far fetched and there are probably better ways, but just giving you some ideas.
 
User avatar
rextended
Forum Guru
Forum Guru
Posts: 11967
Joined: Tue Feb 25, 2014 12:49 pm
Location: Italy
Contact:

Re: Blocking non-developers

Sat May 22, 2021 11:21 am

"unzipping" the app often reveal API keys...

Please check if you app is "compiled" in so stupid way...
 
User avatar
alexlama
just joined
Posts: 2
Joined: Thu Sep 09, 2021 11:58 pm

Re: Blocking non-developers

Tue Oct 12, 2021 1:50 pm

You have to take into consideration the fact that you have to modify the settings in order for anyone to be able to access this. Things related to programming and developing can be pretty difficult. I've recently started freelancing and I've had some interesting customers. I'm used to working on Windows, but I've had clients that were asking different things for iOS. After this, I had to contact someone from https://ithire.com/category/ios-developers because I didn't know how to solve everything. Fortunately, I've managed to solve every issue and I'm proud of that!

Who is online

Users browsing this forum: unhuzpt and 32 guests