Community discussions

MikroTik App
 
Hermanis
just joined
Topic Author
Posts: 2
Joined: Mon Feb 06, 2023 5:51 pm

Newbie question| Make RDP more secure

Mon Feb 06, 2023 6:51 pm

Hello folks.

I would like to setup avery basic RDP (windows remote desktop) security.
I need to connect to the remote PC located on the other side of my city using windows RDP.

No need for complex stuff like encryption, vpn etc...the simplier the better as there is nothing valuable on this PC.
Perhaps allowing to connect frome some specific IP address (or address range) would be enough.

By reading a manuals I finally succeeded with simple port forwarding (see picture attached) and feel proud of it :)
port_forward.png
But none of the manuals were easy enough to guide me to some "ip whitelist" solution.
Any help would be appreciated.

Thanks!
You do not have the required permissions to view the files attached to this post.
 
User avatar
anav
Forum Guru
Forum Guru
Posts: 18958
Joined: Sun Feb 18, 2018 11:28 pm
Location: Nova Scotia, Canada
Contact:

Re: Newbie question| Make RDP more secure

Tue Feb 07, 2023 6:55 pm

Your requirements are not clear and it appears you are trying to stuff a round peg into a square hole syndrome.
In other words, you assumed a solution without discussing what it is the users actually need.//////////////
 
arnoldmikro
newbie
Posts: 27
Joined: Sun Apr 14, 2013 5:12 pm
Location: miami fl usa

Re: Newbie question| Make RDP more secure  [SOLVED]

Tue Feb 07, 2023 8:48 pm

Try this
it uses address lists to restrict connections
/ip firewall filter

add action=accept chain=forward dst-address=192.168.3.4 dst-port=3389 \
in-interface=ether1-gateway protocol=tcp src-address-list=rdp

/ip firewall nat

add action=dst-nat chain=dstnat dst-port=3389 in-interface=ether1-gateway \
protocol=tcp src-address-list=rdp to-addresses=192.168.3.4 to-ports=3389

/ip firewall address-list

add address=YOUR REMOTE WAN ADDRESS comment=home list=rdp
 
Hermanis
just joined
Topic Author
Posts: 2
Joined: Mon Feb 06, 2023 5:51 pm

Re: Newbie question| Make RDP more secure

Sat Feb 11, 2023 11:18 am

To: arnoldmikro

Thanks a lot. Your scripts worked exactly like I wanted. Now I have RDP access to the remote pc only from fixed IPs.

To: anav

Each time I have to do some adjustments to my Mikrotiks I feel either dumb or lazy.
Imho Ros is just so user-unfriendly for the user who doesn't want to invest a lot of time into setup, but wants reliable hardware for reasonable price.
Sometimes I regret I've bought those two devices..and this makes me feel sorry for local manufacturer (yes, I live here :))

Thanks a lot guys!
 
ConradPino
Member
Member
Posts: 337
Joined: Sat Jan 21, 2023 12:44 pm
Contact:

Re: Newbie question| Make RDP more secure

Sat Feb 11, 2023 7:11 pm

Imho Ros is just so user-unfriendly for the user who doesn't want to invest a lot of time into setup, but wants reliable hardware for reasonable price.
Agreed, RouterOS is not consumer friendly in the same way as ASUS, D-Link, Netgear, or TP-Link consumer products.

RouterOS is enterprise function at value price. Arista, Cisco, Juniper, etc. at enterprise level are skill development challenges as well.

Who is online

Users browsing this forum: infabo and 43 guests