hi there,
trying to connect to my Mikrotik RB750 from outside with winbox 3.18 with IP address or with MAC address, but no luck.
It is connecting from local area, but not from outside.
Every time: Error: could not connect to xxx.xxx.xxx.xxx
Ping to this address ok, and it is right 100%
What can be main reason?
Re: Can't connect to Mikrotik from outside
Correctly set firewall.
Re: Can't connect to Mikrotik from outside
accept tcp port 8291 on input chain, set in-interface to be your WAN interface, normally ether1.
However you want to limit access to this port by set source IP from which you allow only. Also make sure you are on latest firmware.
However you want to limit access to this port by set source IP from which you allow only. Also make sure you are on latest firmware.
-
-
AlainCasault
Trainer
- Posts: 632
- Joined:
- Location: Prévost, QC, Canada
- Contact:
Re: Can't connect to Mikrotik from outside
Just one comment.
Make sure you know what you're doing before doing that.
You might (will) be in a word of pain opening winbox to the internet.
Regards,
Sent from Tapatalk
Make sure you know what you're doing before doing that.
You might (will) be in a word of pain opening winbox to the internet.
Regards,
Sent from Tapatalk
Re: Can't connect to Mikrotik from outside
1) Recommend to change the winbox port as well, as most robots look for the default port.accept tcp port 8291 on input chain, set in-interface to be your WAN interface, normally ether1.
However you want to limit access to this port by set source IP from which you allow only. Also make sure you are on latest firmware.
2) Don't forget to set the new port and activate the winbox service In IP/services
3) Look up port knocking and implement it, it will add a layer of security if you frequently log in from the outside
4) If possible, limit outside access to specific IP addresses
5) Don't forget to block ICMP requests from the outside in your firewall as well, robots often use it as a first attempt.
Re: Can't connect to Mikrotik from outside
If you limit access to port from outside (using whitelist or port knocking), you don't need to change the number. Even if you keep default, nobody will be able to connect to it anyway.
And blocking icmp, why? If I'd be writing robot looking for winbox, I wouldn't bother with pings at all, I'd try to connect to tcp/8291 right away and see if there's any response. Pinging the address before is unnecessary extra step.
And blocking icmp, why? If I'd be writing robot looking for winbox, I wouldn't bother with pings at all, I'd try to connect to tcp/8291 right away and see if there's any response. Pinging the address before is unnecessary extra step.
Re: Can't connect to Mikrotik from outside
Thank you Guys for reply, it helps. Sorry Im replying so late....
What I did:
1. Checked service Winbox is enabled.
2. Then, IP -> Firewall -> Filter rules -> Add new ->chain: input, Protocol: 6(tcp), Dst.port: 8291, In.interface:ether1, Action: Accept
And all works!!!
Jarda! this not the answer... better not answer at all with comments like this...
What I did:
1. Checked service Winbox is enabled.
2. Then, IP -> Firewall -> Filter rules -> Add new ->chain: input, Protocol: 6(tcp), Dst.port: 8291, In.interface:ether1, Action: Accept
And all works!!!
Jarda! this not the answer... better not answer at all with comments like this...
Re: Can't connect to Mikrotik from outside
You forgot to specify the IP address you allow connections from! Because right now, your device is open to the world (hackers)
Re: Can't connect to Mikrotik from outside
Can you please post your public IP address?
Re: Can't connect to Mikrotik from outside
Sure Normis, thank you for notice...
I just explained what I did to resolve my main issue
I just explained what I did to resolve my main issue
Who is online
Users browsing this forum: No registered users and 56 guests