Hi,
How do you control WEBfig? I want to move it from port 80 to another non-standard port and have the interface accessible from the WAN public IP?
Thanks
Re: question on configuring WEBfig
Configure the port in "/ip service". Access is controlled by the address parameter in that configuration section, as well as the firewall filter input chain.
Re: question on configuring WEBfig
thanks ill try that, also, is there a standard firewall list I can simply copy and start from there?
Re: question on configuring WEBfig
I enabled www-ssl in ip service list and no address, and I cannot access the webfig using https...
Re: question on configuring WEBfig
You have to give it a certificate for it to work.
As for a "standard" firewall there are a number described in the documentation on the wiki. http://wiki.mikrotik.com/wiki/Category:Firewall
A minimal one allows establish and related connection and drops anything else from the outside (WAN) interface.
These are some more complicated ones:
http://wiki.mikrotik.com/wiki/Securing_ ... rOs_Router
http://wiki.mikrotik.com/wiki/Dmitry_on_firewalling
As for a "standard" firewall there are a number described in the documentation on the wiki. http://wiki.mikrotik.com/wiki/Category:Firewall
A minimal one allows establish and related connection and drops anything else from the outside (WAN) interface.
Code: Select all
/ip firewall connection tracking
set enabled=yes generic-timeout=10m icmp-timeout=10s tcp-close-timeout=10s \
tcp-close-wait-timeout=10s tcp-established-timeout=1d \
tcp-fin-wait-timeout=10s tcp-last-ack-timeout=10s \
tcp-syn-received-timeout=5s tcp-syn-sent-timeout=5s tcp-syncookie=no \
tcp-time-wait-timeout=10s udp-stream-timeout=3m udp-timeout=10s
/ip firewall filter
add chain=input action=accept protocol=icmp comment="Allow ping and the like"
add chain=input action=accept connection-state=established comment="Allow established connections"
add chain=input action=accept connection-state=related comment="Allow related connections"
add chain=input action=drop connection-state=invalid comment="Drop invalid connections"
add chain=input action=drop in-interface=ether1-gateway comment="Drop anything else aimed at the router from outside"
# Implicitly accept anything else from inside
add chain=forward action=accept connection-state=established comment="Allow established connections"
add chain=forward action=accept connection-state=related comment="Allow related connections"
add chain=forward action=drop connection-state=invalid comment="Drop invalid connections"
add chain=forward action=drop in-interface=ether1-gateway comment="Drop anything else forwarded from outside"
# Implicitly accept anything else from inside
/ip firewall nat
add chain=srcnat action=masquerade out-interface=ether1-gateway comment="NAT from LAN to WAN"
http://wiki.mikrotik.com/wiki/Securing_ ... rOs_Router
http://wiki.mikrotik.com/wiki/Dmitry_on_firewalling
Re: question on configuring WEBfig
thanks for the firewall stuff...
what do you mean a certificate? how is this done?
what do you mean a certificate? how is this done?
Re: question on configuring WEBfig
http://tldp.org/HOWTO/SSL-Certificates-HOWTO/x64.htmlwhat do you mean a certificate? how is this done?
For private admin purposes a self signed certificate is probably sufficient.
Who is online
Users browsing this forum: Majestic-12 [Bot], tangent and 73 guests