I am a network administrator using mikrotik 2.9.45, a beggininer.
I am experiencing a lot of network problem and my ISP said am ocupying my bandwidth when no much users on the net.
So, in trying to lay my hand on something, i wish to only allow this commom port/protocol and block others.
http, https, ftpcontrol, ftpdata, ssh, telnet. Pls help me on how to go about it. guide and step by step
Re: Network and firewall Issues
Greetings!
There is a section in the docs about the firewall filter. There are examples at the bottom. "How to protect your router" is a must. "How to protect your customers" or something like that, deals with blocking the ports that may be causing you grief.
If you are not using any type of bandwidth throttling, your customers/clients may be using it watching Google/YouTube videos. Only takes a few.
There is a section in the docs about the firewall filter. There are examples at the bottom. "How to protect your router" is a must. "How to protect your customers" or something like that, deals with blocking the ports that may be causing you grief.
If you are not using any type of bandwidth throttling, your customers/clients may be using it watching Google/YouTube videos. Only takes a few.
Re: Network and firewall Issues
I hv tried to read the doc but cant apply it. so if u can help me out with a guide and example i will appreciate. remember i am a beginer
Re: Network and firewall Issues
I will aim this at a beginner then...
I use the command line interface (CLI) through a ssh.
Do not add the last rule until you are certain all else is ok. If any rule will lock you out of your own box, that is it. If you wish to remove rules, remove that last one first!
They must be in this order! Change xxx.xxx.xxx.xxx/yy to your local network's public IP set if this is a remote unit. That way you can access it from your office/home. Otherwise you can omit that rule.
This is the same as the "Protect your router" example in the docs with the local net permission added. You add the "Protect your customer" rules the same way. The examples are way down at the bottom of the page in the docs. http://www.mikrotik.com/testdocs/ros/2.9/ip/filter.php
If you are unfamiliar with CLI, let us know. Someone familiar with Winbox may help you translate.
I use the command line interface (CLI) through a ssh.
Code: Select all
/ ip firewall filter
add chain=input connection-state=invalid action=drop
add chain=input connection-state=established action=accept
add chain=input protocol=udp action=accept
add chain=input protocol=icmp action=accept
add chain=input src-address=192.168.0.0/24 action=accept
add chain=input src-address=xxx.xxx.xxx.xxx/yy action=accept
add chain=input action=dropThey must be in this order! Change xxx.xxx.xxx.xxx/yy to your local network's public IP set if this is a remote unit. That way you can access it from your office/home. Otherwise you can omit that rule.
This is the same as the "Protect your router" example in the docs with the local net permission added. You add the "Protect your customer" rules the same way. The examples are way down at the bottom of the page in the docs. http://www.mikrotik.com/testdocs/ros/2.9/ip/filter.php
If you are unfamiliar with CLI, let us know. Someone familiar with Winbox may help you translate.
Re: Network and firewall Issues
Thnks very much. am not familiar with CLI, I use winbox. I will appreciate if u can interprete it
Re: Network and firewall Issues
if you click "new terminal" in winbox, you can type in those commands.Thnks very much. am not familiar with CLI, I use winbox. I will appreciate if u can interprete it