Re: [WISPA] Mikrotik Webbox
On Wed, 2010-11-17 at 10:04 -0600, Jeremie Chism wrote: > Does anyone here know an easy way to make the Webbox only > available internally or change the port it is accessible. > I have a range o ip addresses (one of which is 212.156.98.214) > that have been trying continuously to login. Would be nice to > block those ip's but I'm sure they would try from another one. To make it available only inside the network: If the public facing interface is called ether1, then: /ip firewall filter add chain=input in-interface=ether1 protocol=tcp \ dst-port=80 action=drop That will stop ALL access to tcp/80 from the internet. If you want to limit access just to specific IP addresses, you can do: /ip firewall address-list add list=webboxadmin address=10.10.10.10 add list=webboxadmin address=10.10.1.0/24 /ip firewall filter add chain=input protocol=tcp dst-port=80 \ src-address-list=!webboxadmin action=drop This would limit access to webbox for anyone who does not have 10.10.10.10 or 10.10.1.0/24 as an address. Give me a shout if you need a more complete firewall solution. -- * Butch Evans * Professional Network Consultation* * http://www.butchevans.com/* Network Engineering * * http://store.wispgear.net/* Wired or Wireless Networks * * http://blog.butchevans.com/ * ImageStream, Mikrotik and MORE! * WISPA Wants You! Join today! http://signup.wispa.org/ WISPA Wireless List: wireless@wispa.org Subscribe/Unsubscribe: http://lists.wispa.org/mailman/listinfo/wireless Archives: http://lists.wispa.org/pipermail/wireless/
Re: [WISPA] Mikrotik Webbox
You can make one white list range with ip services, or complicated stuff in the firewall. On Nov 17, 2010 11:08 AM, "Chuck Hogg" wrote: > IP -> Services. > > Regards, > > Chuck > > > On Wed, Nov 17, 2010 at 11:04 AM, Jeremie Chism wrote: > >> Does anyone here know an easy way to make the Webbox only available >> internally or change the port it is accessible. I have a range o ip >> addresses (one of which is 212.156.98.214) that have been trying >> continuously to login. Would be nice to block those ip's but I'm sure they >> would try from another one. >> >> Sent from my iPhone4 >> >> >> >> >> WISPA Wants You! Join today! >> http://signup.wispa.org/ >> >> >> >> WISPA Wireless List: wireless@wispa.org >> >> Subscribe/Unsubscribe: >> http://lists.wispa.org/mailman/listinfo/wireless >> >> Archives: http://lists.wispa.org/pipermail/wireless/ >> WISPA Wants You! Join today! http://signup.wispa.org/ WISPA Wireless List: wireless@wispa.org Subscribe/Unsubscribe: http://lists.wispa.org/mailman/listinfo/wireless Archives: http://lists.wispa.org/pipermail/wireless/
Re: [WISPA] Mikrotik Webbox
Thanks. Sent from my iPhone4 On Nov 17, 2010, at 10:08 AM, Chuck Hogg wrote: > IP -> Services. > > Regards, > > Chuck > > > On Wed, Nov 17, 2010 at 11:04 AM, Jeremie Chism wrote: > Does anyone here know an easy way to make the Webbox only available > internally or change the port it is accessible. I have a range o ip addresses > (one of which is 212.156.98.214) that have been trying continuously to login. > Would be nice to block those ip's but I'm sure they would try from another > one. > > Sent from my iPhone4 > > > > WISPA Wants You! Join today! > http://signup.wispa.org/ > > > WISPA Wireless List: wireless@wispa.org > > Subscribe/Unsubscribe: > http://lists.wispa.org/mailman/listinfo/wireless > > Archives: http://lists.wispa.org/pipermail/wireless/ > > > > > WISPA Wants You! Join today! > http://signup.wispa.org/ > > > WISPA Wireless List: wireless@wispa.org > > Subscribe/Unsubscribe: > http://lists.wispa.org/mailman/listinfo/wireless > > Archives: http://lists.wispa.org/pipermail/wireless/ WISPA Wants You! Join today! http://signup.wispa.org/ WISPA Wireless List: wireless@wispa.org Subscribe/Unsubscribe: http://lists.wispa.org/mailman/listinfo/wireless Archives: http://lists.wispa.org/pipermail/wireless/
Re: [WISPA] Mikrotik Webbox
IP -> Services. Regards, Chuck On Wed, Nov 17, 2010 at 11:04 AM, Jeremie Chism wrote: > Does anyone here know an easy way to make the Webbox only available > internally or change the port it is accessible. I have a range o ip > addresses (one of which is 212.156.98.214) that have been trying > continuously to login. Would be nice to block those ip's but I'm sure they > would try from another one. > > Sent from my iPhone4 > > > > > WISPA Wants You! Join today! > http://signup.wispa.org/ > > > > WISPA Wireless List: wireless@wispa.org > > Subscribe/Unsubscribe: > http://lists.wispa.org/mailman/listinfo/wireless > > Archives: http://lists.wispa.org/pipermail/wireless/ > WISPA Wants You! Join today! http://signup.wispa.org/ WISPA Wireless List: wireless@wispa.org Subscribe/Unsubscribe: http://lists.wispa.org/mailman/listinfo/wireless Archives: http://lists.wispa.org/pipermail/wireless/
Re: [WISPA] Mikrotik Webbox
Firewall :) --- Dennis Burgess, Mikrotik Certified Trainer Link Technologies, Inc -- Mikrotik & WISP Support Services Office: 314-735-0270 Website: http://www.linktechs.net LIVE On-Line Mikrotik Training - Author of "Learn RouterOS" -Original Message- From: wireless-boun...@wispa.org [mailto:wireless-boun...@wispa.org] On Behalf Of Jeremie Chism Sent: November 17, 2010 10:04 AM To: WISPA General List Subject: [WISPA] Mikrotik Webbox Does anyone here know an easy way to make the Webbox only available internally or change the port it is accessible. I have a range o ip addresses (one of which is 212.156.98.214) that have been trying continuously to login. Would be nice to block those ip's but I'm sure they would try from another one. Sent from my iPhone4 WISPA Wants You! Join today! http://signup.wispa.org/ WISPA Wireless List: wireless@wispa.org Subscribe/Unsubscribe: http://lists.wispa.org/mailman/listinfo/wireless Archives: http://lists.wispa.org/pipermail/wireless/ WISPA Wants You! Join today! http://signup.wispa.org/ WISPA Wireless List: wireless@wispa.org Subscribe/Unsubscribe: http://lists.wispa.org/mailman/listinfo/wireless Archives: http://lists.wispa.org/pipermail/wireless/
[WISPA] Mikrotik Webbox
Does anyone here know an easy way to make the Webbox only available internally or change the port it is accessible. I have a range o ip addresses (one of which is 212.156.98.214) that have been trying continuously to login. Would be nice to block those ip's but I'm sure they would try from another one. Sent from my iPhone4 WISPA Wants You! Join today! http://signup.wispa.org/ WISPA Wireless List: wireless@wispa.org Subscribe/Unsubscribe: http://lists.wispa.org/mailman/listinfo/wireless Archives: http://lists.wispa.org/pipermail/wireless/