The official Mikrotik router thread

Brandon

Well-Known Member
Joined
Feb 18, 2004
Messages
223
Please may I ask for your guidance I have a RB951Ui-2HnD. I have implemented a firewall rule that has locked me out of the Webconfig page, I can't seem to access via WinBox either, there is no serial connection on these devices that I know of, does anyone perhaps know if there is a way of connecting to it and deleting that rule, without a full reset?

:oops: forgot to take a backup before doing so.

https://mikrotik.com/product/RB951Ui-2HnD

I have been googling and trying different ideas for a full day now to try avoid the reset.

Some other ways to try connecting are:
  1. Telnet
  2. SSH
  3. MAC telnet with another ROS device or through Neighbor Viewer (https://mikrotik.com/download/neighbour.zip)
If the RB is not being detected in neighbor viewer, try "mac telnet to" using the mac address associated with the port number you are physically connected to. Test all 5 ports. The first and last mac addresses are listed on the label under the router, using this the other 3 ports mac addresses can be determined.
 

Looney

Expert Member
Joined
Nov 18, 2009
Messages
4,986
Just noticed I posted in the incorrect thread. Have moved.
 
Last edited:

Danieldan5152

Active Member
Joined
Jul 14, 2017
Messages
44
Please may I ask for your guidance I have a RB951Ui-2HnD. I have implemented a firewall rule that has locked me out of the Webconfig page, I can't seem to access via WinBox either, there is no serial connection on these devices that I know of, does anyone perhaps know if there is a way of connecting to it and deleting that rule, without a full reset?

:oops: forgot to take a backup before doing so.

https://mikrotik.com/product/RB951Ui-2HnD

I have been googling and trying different ideas for a full day now to try avoid the reset.
Oof, I made sure when trying these I limited them to certain ports that aren't in use allowing if something happens there is a backup. Have you tried ssh/telnet?
 

Kingskid

Active Member
Joined
Mar 2, 2011
Messages
81
Oof, I made sure when trying these I limited them to certain ports that aren't in use allowing if something happens there is a backup. Have you tried ssh/telnet?
Thanks for the suggestion, I think in my attempt to be secure I previously disabled SSH and telnet,, seems I did a really good job of locking myself out , but I had to reset and start from an older backup in the end. However it was a valuable lesson in running my home network, appreciate the response thanks
 

scoobydoo101sa

Well-Known Member
Joined
Aug 27, 2019
Messages
103
Does Mikrotik have a Device that can do adsl ( because at airport we only have that ) but also a fibre connection for when we do upgrade ?
 

PsyWulf

Honorary Master
Joined
Nov 22, 2006
Messages
11,067
Does Mikrotik have a Device that can do adsl ( because at airport we only have that ) but also a fibre connection for when we do upgrade ?
Negative,you can add a cheap modem via WAN port for ADSL,its a bit obscure tech worldwide to dedicate resources to develop for afaik (USB might work but I can't confirm it)
 

lowriderza

Expert Member
Joined
May 23, 2019
Messages
1,582
Does anybody here have an opinion on the Mikrotik MQS and Woobm's usefulness?
 

McGuywer

Executive Member
Joined
Jun 28, 2006
Messages
6,887
What would the firewall command be to allow any traffic to and from a certain IP?

I would like to open/allow incoming and outgoing traffic to a certain IP (vm in the cloud).

Thank you.
 

McGuywer

Executive Member
Joined
Jun 28, 2006
Messages
6,887
Yes, I have.

/ip firewall filter
add action=accept chain=input connection-state=established,related
add action=drop chain=input connection-state=invalid
add action=accept chain=input icmp-options=8:0-255 protocol=icmp
add action=accept chain=input dst-port=53,123 in-interface=bridge-lan protocol=udp
add action=drop chain=input
/ip firewall nat
add action=masquerade chain=srcnat out-interface=ether1-fibre
 

McGuywer

Executive Member
Joined
Jun 28, 2006
Messages
6,887
In IP Tables, I use this:


root@server:~# iptables -I INPUT -p tcp -s 1.2.3.4 -j ACCEPT
root@server:~# iptables -I OUTPUT -p tcp -s 1.2.3.4 -j ACCEPT
 

PsyWulf

Honorary Master
Joined
Nov 22, 2006
Messages
11,067
Well,its easy enough to whitelist traffic,but it might not be what you're after unless you do a blanket deny with specific allow rules

In IP Tables, I use this:


root@server:~# iptables -I INPUT -p tcp -s 1.2.3.4 -j ACCEPT
root@server:~# iptables -I OUTPUT -p tcp -s 1.2.3.4 -j ACCEPT

Firewall -> Filter
CHAIN: Forward
ACTION: Accept

SOURCE ADDRESS: IP
or
DESTINATION ADDRESS: IP
 

yogidabear

Well-Known Member
Joined
Jan 20, 2011
Messages
213
In IP Tables, I use this:


root@server:~# iptables -I INPUT -p tcp -s 1.2.3.4 -j ACCEPT
root@server:~# iptables -I OUTPUT -p tcp -s 1.2.3.4 -j ACCEPT
Mikrotik is identical:
/ip firewall filter
add action=accept chain=input protocol=tcp src-address=1.2.3.4
 
Top