Community discussions

MikroTik App
  4. RouterOS
  5. Beginner Basics

CHECK MY CONFIGURATION

Post Reply
 
evanivans
just joined
Topic Author
Posts: 14
Joined: Thu Nov 28, 2024 8:22 am

CHECK MY CONFIGURATION

Sat Nov 30, 2024 7:28 pm

Please correct me if ive done something bad or if i need to change something, im only newbie.
Code: Select all
# 2024-11-30 19:49:17 by RouterOS 7.17rc2
#
# model = E50UG
/interface ethernet
set [ find default-name=ether1 ] name=ether1-ISP
set [ find default-name=ether2 ] name=ether2-Client1-Peypey
set [ find default-name=ether3 ] name=ether3-Client2-Andy
set [ find default-name=ether4 ] name=ether4-Home
set [ find default-name=ether5 ] name=ether5-Voucher-AP
/ip pool
add name=dhcp_pool1 ranges=192.168.69.1,192.168.69.3-192.168.69.254
/ip dhcp-server
add address-pool=dhcp_pool1 interface=ether5-Voucher-AP lease-time=1d name=\
    dhcp1
/ppp profile
add local-address=10.10.10.1 name=Andy-100Mbps only-one=yes rate-limit=\
    100M/100M remote-address=10.10.10.3 use-compression=no use-encryption=no
add local-address=10.10.10.1 name=Peypey-20Mbps only-one=yes rate-limit=\
    20M/20M remote-address=10.10.10.2 use-compression=no use-encryption=yes
add local-address=10.10.10.1 name=ivan only-one=yes rate-limit=130M/130M \
Last edited by holvoetn on Sun Dec 01, 2024 2:19 pm, edited 1 time in total.
Reason: added code quotes for readability
Top
 
User avatar
vingjfg
Member
Member
Posts: 417
Joined: Fri Oct 20, 2023 1:45 pm

Re: CHECK MY CONFIGURATION

Sun Dec 01, 2024 1:38 pm

Hi!

First, please have a look at the
Code: Select all
code
tag. That makes it easier to read configs.

Second, I will go with this being a test configuration.

ip firewall filter

Incomplete at best, for example it permits DNS requests on the WAN interface, which means anyone can query your device for DNS which is not recommended.

You block ping from all interfaces, including the local ones, which is counterproductive.

You are not blocking winbox (enabled as a service) from any source, it is reachable on the WAN interface, which is a big no-no. Similarly, you are not blocking ssh.

I don't see any forward rules, likely you are not filtering anything either way.

ip service

You should restrict the allowed sources for whatever is needed. For example winbox is permitted but not restricted.

time

No ntp server set. Consider adding one to make sure your device is time synced.

Other than that, either you amputated the configuration or it is missing a ton of things, for example there is no interface list, where the default has WAN and LAN.
Top
 
jaclaz
Forum Guru
Forum Guru
Posts: 2071
Joined: Tue Oct 03, 2023 4:21 pm

Re: CHECK MY CONFIGURATION

Sun Dec 01, 2024 2:14 pm

It seems to me like you have no (sensible) firewall filter rules. This can be very dangerous, your router (and network) is essentially open from the outside.
On the other hand you have some not-so-common more advanced settings (ovpn. queues, etc.).
It seems like it was configured by someone familiar with Ros and then "mutilated" by someone else (I cannot believe that a knowledgeable user would leave a router open like yours).
Check the advice given here:
viewtopic.php?t=212937
for some needed firewall rules settings.
Top
 
holvoetn
Forum Guru
Forum Guru
Posts: 6825
Joined: Tue Apr 13, 2021 2:14 am
Location: Belgium

Re: CHECK MY CONFIGURATION

Sun Dec 01, 2024 2:20 pm

First, please have a look at the
Code: Select all
code
tag. That makes it easier to read configs.
Fixed.
Top
Post Reply

Who is online

Users browsing this forum: thenetworks and 28 guests
  4. RouterOS
  5. Beginner Basics