Page 1 of 1
MikroTik Graphing-Restrict LAN users from viewing!!!
Posted: Fri Feb 19, 2016 2:14 pm
by n4yeem
Hi
I have two mikrotik in my network. one work as a core router to maintaining the connectivity with my provider. another router is managing the clients. all customers are connected via PPPoe and Hotspot
Router1:
Eth1- WAN (connected to my provider)
ETH5- LAN (192.168.10.254/24)
Router2:
Eth1-WAN-192.168.10.1 (Wan)
Eth5--LAN- PPPoe -172.16.0.1//24,Hotspot 10.0.0.1/24
I do not want my lan users to see the graphs. is there any way to to restrict it. I can allow the ip's on graphing settings but i would like to monitor it from my home where i will be connected as a local lan user. Can i change the port number so that i can only access the graphs by typing x.x.x.x:portnumber/graphs .Not sure if its possible as I am not a expert mikrotik user. Customer can see the Gateway IP when they do a trace route (192.168.10.254). People who have knowledge about graphs can see my core routers graphs easily.
Expert advice will be highly appreciated.
Re: MikroTik Graphing-Restrict LAN users from viewing!!!
Posted: Fri Feb 19, 2016 2:41 pm
by kiaunel
There are two options.
1. change www server port in ip--> services , from winbox
2. drop from firewall access subnet to ip of mikrotik on port 80 but allow your ip
Re: MikroTik Graphing-Restrict LAN users from viewing!!!
Posted: Fri Feb 19, 2016 2:57 pm
by n4yeem
There are two options.
1. change www server port in ip--> services , from winbox
2. drop from firewall access subnet to ip of mikrotik on port 80 but allow your ip
Thanks for your advice. But my issue is I myself is a LAN user at home connected via PPPoE to my network. How can i view the graphs at home when connected via PPPoE (Dynamic IP). Cannot allow my ip as the IP keep changing . I do not want other users to view the graphs. any thoughts on how to do it? Thanks in advance.
Re: MikroTik Graphing-Restrict LAN users from viewing!!!
Posted: Fri Feb 19, 2016 3:16 pm
by kiaunel
In this situation only option 1 is for you.
But, there is a way also, : configure a vpn server on mikrotik, give vpn client an address space diferent from your users and allow only that subnet to view graphs.
Posted: Fri Feb 19, 2016 3:20 pm
by Arcee
Yup. That's the way I do it.... VPN in and give the VPN pool access to the graphs.
Sent from my SM-G920I using Tapatalk
Re: MikroTik Graphing-Restrict LAN users from viewing!!!
Posted: Fri Feb 19, 2016 3:24 pm
by n4yeem
In this situation only option 1 is for you.
But, there is a way also, : configure a vpn server on mikrotik, give vpn client an address space diferent from your users and allow only that subnet to view graphs.
Thanks. I have changed the port number from ip--> services. Now i have to view the graphs by typing x.x.x.x:portnumber/graphs. this should be enough to restrict the clients from viewing the graphs as no one apart from me knows the port number.
![Laughing :lol:](./images/smilies/icon_lol.gif)
Re: MikroTik Graphing-Restrict LAN users from viewing!!!
Posted: Fri Feb 19, 2016 3:40 pm
by kiaunel
In this situation only option 1 is for you.
But, there is a way also, : configure a vpn server on mikrotik, give vpn client an address space diferent from your users and allow only that subnet to view graphs.
Thanks. I have changed the port number from ip--> services. Now i have to view the graphs by typing x.x.x.x:portnumber/graphs. this should be enough to restrict the clients from viewing the graphs as no one apart from me knows the port number.
![Laughing :lol:](./images/smilies/icon_lol.gif)
Also, keep in mind you changed the whole webserver configuration port, so if you are outside your network and use webpage, not winbox, input port after ip to get on the webfig.
Re: MikroTik Graphing-Restrict LAN users from viewing!!!
Posted: Fri Feb 19, 2016 3:46 pm
by n4yeem
In this situation only option 1 is for you.
But, there is a way also, : configure a vpn server on mikrotik, give vpn client an address space diferent from your users and allow only that subnet to view graphs.
Thanks. I have changed the port number from ip--> services. Now i have to view the graphs by typing x.x.x.x:portnumber/graphs. this should be enough to restrict the clients from viewing the graphs as no one apart from me knows the port number.
![Laughing :lol:](./images/smilies/icon_lol.gif)
Also, keep in mind you changed the whole webserver configuration port, so if you are outside your network and use webpage, not winbox, input port after ip to get on the webfig.
Thanks. I will. Thanks for your suggestion.
Re: MikroTik Graphing-Restrict LAN users from viewing!!!
Posted: Fri Feb 19, 2016 4:59 pm
by grusu
There are two options.
1. change www server port in ip--> services , from winbox
2. drop from firewall access subnet to ip of mikrotik on port 80 but allow your ip
Thanks for your advice. But my issue is I myself is a LAN user at home connected via PPPoE to my network. How can i view the graphs at home when connected via PPPoE (Dynamic IP). Cannot allow my ip as the IP keep changing . I do not want other users to view the graphs. any thoughts on how to do it? Thanks in advance.
You can set an "Address list" with your home IP in firewall and resolve this IP with a script on every x minutes.
I have such a configuration on routers that I manage.
I allow access to router for administration only from this address and the stationary adresses that I manage.
Re: MikroTik Graphing-Restrict LAN users from viewing!!!
Posted: Fri Feb 19, 2016 7:29 pm
by ZeroByte
You should really consider giving yourself a "privileged" IP address - i.e. one that's not part of the general users' pools.