Mikrotik Routers (RouterBoard & RouterOS)

Lowyat.NET forums

Lowyat.NET Kopitiam Garage Sales

Lowyat.NET Rules and Regulations FAQ Help Search Members

Welcome Guest ( Log In | Register )

Lowyat.NET -> Networks and Broadband

Bump Topic Add Reply RSS Feed

Outline · [ Standard ] · Linear+

Enterprise Networking Mikrotik Routers (RouterBoard & RouterOS), User and owner discussion group

views

jomdotcom	Oct 18 2011, 05:50 PM Return to original view \| Post #1
New Member Junior Member 10 posts Joined: Oct 2011	QUOTE(cyberic @ Oct 18 2011, 12:24 AM) my 750GL router already up and running I use IP mangle for packet classification (short list though) but also decide not to use QoS yet. My port scan rule add my own PC into blocked list...maybe too strict I do not have time for it now. +++++++++++Good work, eric_tan for creating this user group. +++++++++++ ok back to firewall. As eric_tan said you start with a clean slate and no one complete rules fits all situation or user needs. Maybe we can start with the must do, for start, and we add in as we specify our requirement together. 1. as a start, make sure you change router default password, 2. make sure you close all services you are not using, so that it cannot be access, and specify ip address where it is allowed to be access. [admin@HSE.AP] /ip service> print Flags: X - disabled, I - invalid # NAME PORT ADDRESS CERTIFICATE 0 X telnet 23 1 X ftp 21 2 X www 80 3 X ssh 22 4 X www-ssl 443 none 5 X api 8728 6 winbox 8291 On firewall, I think Demitry example is a bit complicated. I think you don't need to mangle to do firewall, Just filter straight away. first thing first, you should have at least this on your first entry of firewall rules. allow router to accept only clean packet. ie ; meant for you. /ip firewall filter add chain=forward connection-state=established comment="allow established connections" add chain=forward connection-state=related comment="allow related connections" add chain=forward connection-state=invalid action=drop comment="drop invalid connections" Next what did we want to filter,objective?? Hey guys, maybe we can come out with the list together and move from here TO BE CONTINUE ........
Card PM	Report Top Like Quote Reply

jomdotcom	Oct 20 2011, 11:25 PM Return to original view \| Post #2
New Member Junior Member 10 posts Joined: Oct 2011	QUOTE(cyberic @ Oct 19 2011, 02:53 PM) I agree that NAT enough for most. I bought microtik to learn new stuff and other benefit is able to use my old D-link 655 wireless as AP. I hope the supposely upcoming Asus RT-N66 or 57U will be a good replacement later. spend some time RTFM before finalize my firewall setup. I actually like the idea of using packet classifier and filter from there . So, my firewall is based on the Dimitri's guide and modified it for my own requirement. I already secure the router and SSH and winbox only allowed from local. just that I never really test the firewall properly. Added on October 20, 2011, 4:10 pmcurious question: I notice that my router's cpu speed is 250 (not 400). I have no complain about the performance. Just want to clarify. Is the rb750gl default cpu speed set to 250? Wa, you all sifu so advance, me just starting. need to RTFM more. My RB750GL says CPU Frequency 400MHz, don't know where to set also.
Card PM	Report Top Like Quote Reply

« Next Oldest · Networks and Broadband · Next Newest »

Add Reply Options

Change to:

0.0174sec

0.35

7 queries

GZIP Disabled
Time is now: 27th November 2025 - 08:58 PM

All Rights Reserved © 2002- 2025 Vijandren Ramadass (~unite against racism~)

Removal Request

Powered by Invision Power Board © 2025 IPS, Inc.