mikrotik 951 setup problem
刚刚从大陆回香港老家, 把刚买的mikrotik 做设定,好不容易连到网络及设定了WiFi, 再跟网上教程设置PPTP及L2TP的VPN。 但到现在仍未能成功,不知道是script file 设置 dyndns 的问题还是 还有其他问题, 希望师兄能指教一下。另外,当我检视我的log file 是,发觉它不停地跳动,有很多的error message, 不知那里出现问题,希望师兄帮我看看改正。
谢谢![attach]3809[/attach] 上面两个IP地址是你的吗? [b]回復 [url=http://www.telecom-cafe.com/forum/redirect.php?goto=findpost&pid=43415&ptid=6993]2#[/url] [i]角色[/i] [/b]
你是指 114.35.181.135 和 189.34.125.240 ?
两个都不是我的地址!! 不知道那里来的! 是不是有很多黑客入侵?请问如何挡住? 情况越来越严重!
[attach]3810[/attach] 你的秘密够长就可以,不能用普通的符号。 为什么我的router会有这么多黑客企图入侵?能否改login的admin名字,而用其它login name? [i=s] 本帖最後由 Qnewbie 於 2017-1-4 21:20 編輯 [/i]
1. As a basic firewall rull, allow login with "admin" only from your local network, Allowed address from [color=Red]0.0.0.0/0[/color] to something like [color=Red]192.168.88.0/24[/color].
System => user, double click admin.
[attach]3811[/attach]
2. You can change your login name.
Add your own username to your router with same rights as admin(full) with winbox.
System => user => +
[attach]3812[/attach] One more thing, you can block brute force attacks after you change your username:[code] /ip firewall filter
add chain=input protocol=tcp dst-port=8291 src-address-list=winbox_blacklist action=drop \
comment="drop winbox brute forcers" disabled=no
add chain=input protocol=tcp dst-port=8291 connection-state=new \
src-address-list=winbox_stage3 action=add-src-to-address-list address-list=winbox_blacklist \
address-list-timeout=10d comment="" disabled=no
add chain=input protocol=tcp dst-port=8291 connection-state=new \
src-address-list=winbox_stage2 action=add-src-to-address-list address-list=winbox_stage3 \
address-list-timeout=1m comment="" disabled=no
add chain=input protocol=tcp dst-port=8291 connection-state=new src-address-list=winbox_stage1 \
action=add-src-to-address-list address-list=winbox_stage2 address-list-timeout=1m comment="" disabled=no
add chain=input protocol=tcp dst-port=8291 connection-state=new action=add-src-to-address-list \
address-list=winbox_stage1 address-list-timeout=1m comment="" disabled=no[/code]Source: [url]http://wiki.mikrotik.com/wiki/Bruteforce_login_prevention[/url] with modification for winbox. [b]回復 [url=http://www.telecom-cafe.com/forum/redirect.php?goto=findpost&pid=43421&ptid=6993]8#[/url] [i]Qnewbie[/i] [/b]
Thanks 师兄! [i=s] 本帖最後由 Qnewbie 於 2017-1-4 22:00 編輯 [/i]
Other basic firewall scripts might help you:
[url]http://wiki.mikrotik.com/wiki/Manual:IP/Firewall/Filter[/url]
Scripts with following link might be modified after your need(be carefull!):
[url]http://wiki.mikrotik.com/wiki/Basic_universal_firewall_script[/url] [b]回復 [url=http://www.telecom-cafe.com/forum/redirect.php?goto=findpost&pid=43421&ptid=6993]8#[/url] [i]Qnewbie[/i] [/b]
请教师兄 [attach]3813[/attach]
图中 语法 disable=no 是什么意思? 我在winbox 里是否按住 <ok> 键 就可以呢? 还是要按 《disable》键?
但是如果我按《disable》 键, 我之前输入的东西就没有了?
[attach]3814[/attach] Just click OK, it is alright.:lol "disabled=no" seems to be indicator to the packet processing for the firewall. I cannot find information from [url]http://wiki.mikrotik.com/wiki/Manual:IP/Firewall/Filter.[/url] [b]回復 [url=http://www.telecom-cafe.com/forum/redirect.php?goto=findpost&pid=43421&ptid=6993]8#[/url] [i]Qnewbie[/i] [/b]
sorry 师兄, 请不要怪我问些傻问题。[attach]3815[/attach]
图中的文字是否其实是一个 Firewalls 的 script, 只要在 system > scripts 增加 一个 script 项目, 把图中的text 复制上去就可以了?
而不用在 winbox 里逐条逐条指令去输入?
因为我在winbox 里有时都找不到一些 位置/项目/command等输入的地方。
谢谢! [b]回復 [url=http://www.telecom-cafe.com/forum/redirect.php?goto=findpost&pid=43427&ptid=6993]14#[/url] [i]vpn-learner[/i] [/b]
In winbox, you simply click "New terminal", a terminal pops up and you can use copy&paste these codes in #8 to build you firewall rules. Firewall works according to these rules. Script is saved in a file(winbox: system =>script) and executed by schedular or by hand. More info, see [url]http://wiki.mikrotik.com/wiki/Manual:Console[/url] 你开port 用 telnet 非常吸引人来攻击,用 SSH 加数码证书,安全好多
頁:
[1]