Community discussions

MikroTik App
 
ignoranceisbliss
just joined
Topic Author
Posts: 15
Joined: Sun Feb 19, 2023 12:24 am

how to add services / services ports

Mon Feb 20, 2023 9:02 pm

Created a new WiFi interface to isolate devices on the network (printers, scanners).
Devices get connected but I cannot locate their IP. They also cannot be probed since their ports are not in the services or service ports.

1. How do I add new services in IP / Services?
2. How do I add new service ports in IP / Firewall?
3. how do I see connected devices in the network?
Tried to see USED in pool, IPs are not reported there at all.
Tried IP / Firewall Connections, connected devices to the newly created WiFi interface do not show.
Devices are not seen by an IP scanner either.
 
User avatar
anav
Forum Guru
Forum Guru
Posts: 19099
Joined: Sun Feb 18, 2018 11:28 pm
Location: Nova Scotia, Canada
Contact:

Re: how to add services / services ports

Mon Feb 20, 2023 9:05 pm

If you continue to ask for help without showing your config, then not much is possible.
Also a network diagram.
Why do you think a printer has anything to do with Mikrotik services??
 
ignoranceisbliss
just joined
Topic Author
Posts: 15
Joined: Sun Feb 19, 2023 12:24 am

Re: how to add services / services ports

Mon Feb 20, 2023 9:11 pm

Some printers use port 9100 which is not listed under Services / Service ports.
Also, cannot find the printer in the network to install it although it gets an IP - I see it connected to the new WiFi.
 
ignoranceisbliss
just joined
Topic Author
Posts: 15
Joined: Sun Feb 19, 2023 12:24 am

Re: how to add services / services ports

Mon Feb 20, 2023 9:13 pm

Also in IP service ports, there are other common ports such as SIP, ftp.
 
Sob
Forum Guru
Forum Guru
Posts: 9119
Joined: Mon Apr 20, 2009 9:11 pm

Re: how to add services / services ports

Mon Feb 20, 2023 9:58 pm

There are two things:

- IP->Services - services that run on router
- IP->Firewall->Service Ports - protocol helpers for firewall, for services that need extra care (e.g. FTP has one main connection that this helper watches and automatically recognizes related connections, so that they could be allowed through firewall or handled by NAT)

If you have printer, it's definitely not connected to router (meaning as service running on it), and since it uses only single connection, it doesn't need any special handling => no need to do anything with either services config. If you want to control access to it, that would be done using firewall filter.

Btw, it's probably good idea to stick to one thread, instead of splitting different problems in different threads. It's all related anyway.
 
User avatar
mkx
Forum Guru
Forum Guru
Posts: 11433
Joined: Thu Mar 03, 2016 10:23 pm

Re: how to add services / services ports

Tue Feb 21, 2023 9:03 am

Also, cannot find the printer in the network to install it although it gets an IP - I see it connected to the new WiFi.

Autodiscovery works using broadcast traffic. And that doesn't work accross IP subnet boundaries. So having printers contained in separate (wireless) LAN segment you broke autodiscovery. You can verify that is you manually configure IP address of a printer and try to print test page ... I'm betting it'll work (but means lots of manual work).
You can try to get around this "limitation" by running a mDNS service somewhere. ROS doesn't support it natively. And IMO separating printers from PCs using them is stupid in the first place, why bother separating devices if next step is to try to bypass the separation? Preventing printers from talking to internet can be done using different means (e.g. set printers static IP via static DHCP lease and construct IP firewall rules blocking those IP addresses from accessing WAN interface).
 
holvoetn
Forum Guru
Forum Guru
Posts: 5403
Joined: Tue Apr 13, 2021 2:14 am
Location: Belgium

Re: how to add services / services ports

Tue Feb 21, 2023 9:06 am

Putting all those separate threads together I have some doubts about this statement from the thread with issue 1...
Thank you for your reply and your help.
I totally agree about the configuration being a learning process. This is not the first mikrotik router we configured, ...
 
UpRunTech
Member Candidate
Member Candidate
Posts: 209
Joined: Fri Jul 27, 2012 12:11 pm

Re: how to add services / services ports

Tue Feb 21, 2023 9:07 am

You can do mDNS relaying on Mikrotik with a leaky bridge. See viewtopic.php?p=985190&hilit=mdns#p985190 .
 
ignoranceisbliss
just joined
Topic Author
Posts: 15
Joined: Sun Feb 19, 2023 12:24 am

Re: how to add services / services ports

Tue Feb 21, 2023 9:41 am

I am not sure how you use "LAN segment". To avoid confusion, I am connecting the printers/scanners to the same subnet however using a different WiFi interface piggybacking on existing WiFi interfaces. The added interface has different authentication types and a different password. This way if someone tries to hack the WiFi due to, say, a weak WPA scheme and leaks, they see a scanner. By the same token, I can have the main WiFi Interface use only the newest auth types.

I assign static IP to these machines hence probably not shown in the USED pool.

Re. configuring other mikrotik devices, yes, there is no need to brag. Why, are you offering prizes? I am not doing this for a living, once the device is setup correctly, I forget about it only check logs on a constant basis. I hope that a configured mikrotik is probably better than a cisco in terms of configuration.

What I do not like is the cloud time feature. I do not want it activated, and even though it was not active (supposedly) the router still connected to some IP.
This is not kosher.

How can I make the router in any interface to report the MAC linked to the assigned IP if dynamic? I can see that if I use the tool IP scan on the router but I would like to see it directly without switching between multiple app interfaces.
 
ignoranceisbliss
just joined
Topic Author
Posts: 15
Joined: Sun Feb 19, 2023 12:24 am

Re: how to add services / services ports

Tue Feb 21, 2023 9:46 am

And I separate topics, thinking about future searches of other users. If I dump everything in one topic, it might be difficult for the search feature of the forum app to find exact keywords. If I name topics specifically (except issue 1 where I was pissed with the lack of response from mikrotik), I increase the chances of a certain issue and resolution to be found easily. I try to do things for a logical reason. Well, sometimes, impulses get the best of me. This is why I put hammers under lock and key. :shock:
 
holvoetn
Forum Guru
Forum Guru
Posts: 5403
Joined: Tue Apr 13, 2021 2:14 am
Location: Belgium

Re: how to add services / services ports

Tue Feb 21, 2023 10:53 am

Re. configuring other mikrotik devices, yes, there is no need to brag. Why, are you offering prizes? I am not doing this for a living, once the device is setup correctly, I forget about it only check logs on a constant basis. I hope that a configured mikrotik is probably better than a cisco in terms of configuration.
I am not doing this for a living either.
And like you, I am also still learning (on an almost daily basis).
As I mentioned in your "issue 1" thread, Mikrotik has a VERY steep learning curve (and I fully agree with you that lack of proper documentation does not help to speed up that process).
It does facilitate the ones willing to help you (in my view and as asked by Anav) if you would clarify what your ultimate goal is when setting up this device. Bits and pieces and each time new struggles, is not efficient for anyone.
 
User avatar
anav
Forum Guru
Forum Guru
Posts: 19099
Joined: Sun Feb 18, 2018 11:28 pm
Location: Nova Scotia, Canada
Contact:

Re: how to add services / services ports

Tue Feb 21, 2023 3:52 pm

Concur, you may like hitting your head against the wall but we dont.
Have a plan, which means taking the time to construct a network diagram.
Then detail all the user requirements including the admin.
Crosscheck the requirements vs the network diagram to ensure one has captured all the traffic required.
Then one can approach a config holistically with logic and efficiency.
The dribs and drabs approach is dumb.

Who is online

Users browsing this forum: Amazon [Bot], GoogleOther [Bot] and 53 guests