Community discussions

MikroTik App
 
MikroAnd
just joined
Topic Author
Posts: 2
Joined: Sat Oct 25, 2014 4:00 pm

5 questions from a new user

Sat Oct 25, 2014 4:03 pm

Hello Mikrotik forum!


I think I might have missed something while I was taking notes here and feel that

i need help to understand a few things in RouterOS.


Question #1
At many places there are boxes for exclamation marks that i can check or leave unchecked.
I don’t have found a clear explanation for the purpose of that.


Question #2
I own a RB2011 with 5 Gigabit ports and 5 Fast Ethernet ports. In the initial default setup
from Mikrotik the wan port is located on the gigabit port number 1. Many users thinks it a waste
to use a gigabit port for a 100mb connection. Me on the other side don’t need any more gig ports,
can i leave the gateway on port 1, or is there any other arguments to set the wan port on the fast ethernet chipset?


Question #3
I believe this question is the hardest to answer but i wonder if the firewall rules that is default in RouterOS
is safe enough for my network? basically i want to allow everything out and deny everything in, except if something is really needed like dhcp from my internet provider or other things i don t know about.


Question #4
Is there any need to block portscanners if no ports are exposed to the internet?

Would be happy if someone clear things out!
 
flipk12
newbie
Posts: 35
Joined: Mon Oct 06, 2014 5:49 pm
Location: Asturias/Spain

Re: 5 questions from a new user

Tue Oct 28, 2014 1:58 am

Question #1
At many places there are boxes for exclamation marks that i can check or leave unchecked.
I don’t have found a clear explanation for the purpose of that.
It means "no" for the rest of the line.
Question #2
I own a RB2011 with 5 Gigabit ports and 5 Fast Ethernet ports. In the initial default setup
from Mikrotik the wan port is located on the gigabit port number 1. Many users thinks it a waste
to use a gigabit port for a 100mb connection. Me on the other side don’t need any more gig ports,
can i leave the gateway on port 1, or is there any other arguments to set the wan port on the fast ethernet chipset?
The RB2011 has two switch chips, you can use the interfaces in their switch or alone, so, you can put the gateway wherever you want. If you don't need more gigabit ports let it on the port one, tomorrow you can have a 200Mb ISP with no changes on your cfg.
Question #3
I believe this question is the hardest to answer but i wonder if the firewall rules that is default in RouterOS
is safe enough for my network? basically i want to allow everything out and deny everything in, except if something is really needed like dhcp from my internet provider or other things i don t know about.
Yes, mabe safe enough.
Dhcp client is in the outside direction from the wan interface.
Question #4
Is there any need to block portscanners if no ports are exposed to the internet?
No. If you close the input to the wan interface with a drop rule, and there is no destination nat rules you don't have to worry about portscanners.

Who is online

Users browsing this forum: solar77 and 48 guests