Community discussions

MikroTik App
 
User avatar
Kentzo
Long time Member
Long time Member
Topic Author
Posts: 512
Joined: Mon Jan 27, 2014 3:35 pm
Location: California

Why does in-Winbox Terminal via RoMON requires a whitelisted IP?

Tue Jun 06, 2023 5:55 am

My network is set up such that you can connect to other routers only via Gateway Router, either via SSH-forwarding or via RoMON. On routers only the SSH IP service is enabled, and the /user is only allowed from the Gateway Router IP that belongs to a dedicated VLAN subnet.

Despite the Winbox IP service being disabled and user being disallowed by source address, you can still use the app and pretty much everything: /user/active report that the connection is "by-romon". But when you press the Terminal button, the login will be refused unless the /user record is modified to allow PC's address.

What confuses me is that while both Winbox and in-Winbox Terminal session appear to be carried by RoMON, i.e. complete IP firewall bypass, the latter attempts to enforce IP address restriction while simultaneously disregarding IP services restriction.

I did not use RoMON before, was it always like this?
Terminal.PNG
You do not have the required permissions to view the files attached to this post.

Who is online

Users browsing this forum: adimihaix, coreshock, GoogleOther [Bot], Qalderu, Railander and 64 guests