Troubleshooting and Errors in Mikrotik Configuration

The Mikrotik configuration does have a lot of features and advantages that are very much in demand by network users.

Field facts in the Mikrotik configuration sometimes an error occurs which can make Mikrotik function not optimal. Now at this time we will discuss about the Troubleshooting of the most common Mikrotik Configurations.

Access Port Not Closed

The first is the unclosed access port error on Mikrotik. Basically, the Mikrotik configuration provides a strong enough password, but if the access port is not closed, it will be very prone to Brute Force.

What is Brute Force? Brute Force is a persistent login attempt attack using the method of trying all password combinations in sequence.

Then how do I close this access port? Here are the steps:

First we create a Winbox application

Then select menu IP> Service.

In some of the service lists below, we can disable any port access that we don’t need by selecting a service then clicking the X on the menu above the window.

Konfigurasi Mikrotik

Or want to be more advanced, we can choose a port that we want to access privately via our local IP as below.

IP lokal

Unsafe Mikrotik Configuration

DNS Servers or Proxy Servers inDNS Servers or Proxy Servers that are not on this firewall are prone to being scanned by someone to find which ports are open. So that you can entrust traffic to the Mikrotik router.

This is common in middle to lower class companies, if usually in the ISP class, what is needed is already determined so that it will not happen.

Some may think that it’s okay not to take up a lot of bandwidth. Now the problem is if there is a DNS amplification attack which can eat up hundreds of MB of bandwidth.

Then how do I fix it? The trick is to simply set up the Firewall in the following way:

Go to the IP> Firewall menu.

Create a rule newon the general tab.

  • Chain: Input.
  • Protocol: udp.
  • Port: 53
  • Interface: ether1

On the Action tab:

  • Action: drop then Apply

DNS Server

Then create a rule new again.

The method is the same as before but in the protocol: tcp.

Action Drop

Action Drop

Create rules again with the TCP protocol and so on. Port: 8080

And Action: Drop.

Konfigurasi Mikrotik action drop

Load Balancers that do not use special rules

On load balancers that do not use specific rules for routing, the data packet will experience confusion.

This data packet confusion, for example, when incoming data from ISP1 can go out to ISP2 or vice versa, it can cause packets to collide.

Now the solution we have to make a special rule in the following way:

Download Firewall

Open themenu IP > Firewall > Tab Mangle > + create a rule here.

  • Fill Chain: input
  • interface: ether1

Firewall Download

On the Action tab:

  • Action: mark connection
  • New connection mark: ISP1

Tab Action

Then create a new rule again:

  • Chain: prerouting
  • interface: ether1

On the tab it is Action still the same, mark the connection then Apply.

prerouting

Firewall Upload

new rule with parameters:

  • Chain: prerouting
  • interface: ether1
  • Connection mark: ISP1

Tab Action: connection mark

New connection mark: ISP1

ISP1

Create a routing mark by creating a new rule with parameters:

  • Chain: Output
  • Connection mark: ISP1

Tab action:

  • Action: mark routing.
  • New connection mark: Routing ISP 1

Routing ISP 1

If you have, then you have 4 new rules as below:

4 rule

For ISP2, we also need to create new rules specifically for ISP2. The method is the same as creating ISP1 but in the action tab the new connection mark : ISP2.

So you will have 8 new rules as below:

8 Rule

At this point the Firewall creation is complete, now the next step is to set the Route by means of IP > Routes.

Create a new route by pressing the “+” then fill in the parameters as below:

ISP1:

Routes

ISP2:

ISP2

Until here it is finished.

That’s some troubleshooting about Mikrotik problems that often occur and how to handle them.

If you are still confused about Mikrotik problems you can ask directly on the official NetData Instagram @ NETDATA.ID or send an email to sales@nds.id. Interested in the proxy configuration service from NetData? You can contact us here.

Troubleshooting and Errors – Errors in Mikrotik Configuration | Netdata IT Tutorials

Leave a Reply

Your email address will not be published. Required fields are marked *

Semua operasional PT. Network Data Sistem akan menggunakan domain nds.id per tanggal 8 Mei 2019. Semua informasi/promosi dalam bentuk apapun selain menggunakan domain nds.id bukan tanggung jawab PT. Network Data Sistem Dismiss