![]() ![]() This to make sure you can configure the Mikrotik router prior to exposing it to the internet. The best way is to make sure your existing router is still in place. In order to configure you Mikrotik router you first need to connect it to your PC. This brings many benefits in terms of security as problems and bugs that introduce security issues will be resolved quickly. RouterOs is regularly updated to provide new features and fix issues in the software. Mikrotik routers run the custom Linux OS called RouterOS developed by Mikrotik. How to install the Mikrotik routerīy default the Mikrotik router can be accessed via the webbrowser, ssh or Winbox. It helps to investigate which ports and services are still exposed to the outside world that might require hardening or even blocking connections. It enables to do a full port scan on any device within your network. If you would like to check which ports and services are running on your Mikrotik router, the nmap application is a must-have. Still, some hardening steps must be taken to increase the security of your Mikrotik server by following the below steps. However, the basic configuration is set to fit the needs of most users. This does by the way not mean that the default configuration is bad. In this article I will explain how you can secure your Mikrotik router in such a way to reduce the likelyhood of being hacked by simply hardening the weak spots of the default configuration. Once your router is exposed to the “wild” someone will sooner or later try to hack your Mikrotik router by exploiting the weak spots. I will be happy to get your opinions regarding this article.In this article I will be explaining the simple steps you need to take to secure your Mikrotik router prior to exposing it to the public internet. I hope you have enjoyed this post and you find it useful. In this way, you successfully change the port and you can type the below command to see the rules inside the firewall: print ip firewall filter add chain=input protocol=tcp dst-port=25 action=drop Then type the below command one by one and press Enter. Like the last time log in to the Winbox and open the new terminal. We use the terminal inside the Winbox but if still, you do not have access to the Winbox, you can use the below commands to add rules to the router. As a result, we will have to add our rules through the command line in Console or VNC. Sometimes we do not have access to the Mikrotik Server remotely. Now in the IP > Firewall and in the Filter Rules tab, you can see that the port is blocked. Click Apply and OK to complete the process.Ĭongratulation, now you have successfully blocked the port. Now in the Action tab, choose drop to drop the incoming packages. Note: Instead of 25, you should put your own port number that you wish to block. And the closed source and destination addresses are not any of the router board addresses.Īfter setting the chain as Input, Choose the Protocol which can be TCP or UDP. Like when the router only routes packets. Like the NTP package that the router sends to the Internet to set its clock.įorward Chain: It means packages that intend to cross the router. In fact, packages whose source address is the router itself. Output Chain: It means packets that come out of the router. Like when you use MikroTik as a DNS server, DNS packets are in the input chain. ![]() In fact, when the destination of a packet is the router itself, the packet is in the input chain. Input Chain: It means incoming packets to routers. Definition Of Chains In MikroTik Firewall On the General tab, choose the Chain as Input. In this section, there are some tabs and we will use the Filter Rules tab to block the SMTP port 25 on our MikroTik VPS server.Ĭlick on the blue plus + sign. From the left panel choose IP and then Firewall. Now you have successfully logged in to the Winbox. Once you downloaded it, enter your login details such as server IP, username, and password. You can download Winbox through the MikroTik website. In this tutorial, we will check how to block port 25 which is the port of SMTP to stop users spamming.īlock MikroTik Port Using The User Interface Step1: Login To Winboxįirst, try to login to your MikroTik VPS through Winbox. They first get enough information from your MikroTik VPS to select the type of attack. Hackers use DDOS and Brutus Force attacks to infiltrate your MikroTik. ![]() To prevent hackers to hack your MikroTik or stop your users to illegally use some services, it is important to close some ports in your MikroTik server. which we will check both of the methods on this post to prevent unexpected login attempts. The first is to block it through IP > Firewall inside Winbox and the second one is to block a port in Winbox through the terminal line. There are two ways to block a port in MikroTik Winbox. ![]()
0 Comments
Leave a Reply. |