Accessing a Mikrotik router through WinBox the internet
By default, Mikrotik will not allow a connection from WinBox over the WAN. Here is how you change that.
From WinBox or web:
- Click on IP, then Firewall, then Filter Rules.
- Click the + to add a new rule.
- Change Chain to input.
- Change Protocol to tcp.
- Change Dst. Port to 80 (web) or 8291.
- Click on the Action tab and make sure Action is set to accept.
- Click Comment and name it something like “winbox”.
- Click OK.
IMPORTANT:
Your new Filter Rule will be at the bottom of the list. Drag it up above the last “drop” rule from the default configuration.
Filter Rules are matched in order. They start at the top and work through each one. If your new rule is AFTER the “drop” rule, it will not work.
Through the command line, the rules will look like this:
|
1 |
/ip firewall filter add chain=input protocol=tcp dst-port=80 disabled=no action=accept |
To pick up the list, you can do this:
|
1 2 |
/ip firewall filter print /ip firewall filter move 30 destination=1 |
Or in the command itself, we indicate that you need to place the rule at the very beginning of the list:
|
1 |
/ip firewall filter add chain=input protocol=tcp dst-port=80 disabled=no action=accept place before 0 |
Also in the menuIP -> Services in the parameters of the desired service, you can add Available From the list of IP addresses from which you want to allow access. Access is restricted to both local and external addresses, so first of all you need to add the IP or subnet with which you are currently connected.
I’ll give an example of specifying IP through a terminal for example for telnet (similar to ftp, www, ssh, winbox):
|
1 |
/ip service set telnet address=192.168.1.0/24,172.16.205.50/32,192.168.3.24/32 |
