Mikrotik Web Access Port Change

The "Web access" is a feature for the Mikrotik router that can be used to access the Mikrotik RouterOS. Mikrotik can be configured via its Web interfaces. Mikrotik has a built-in web server that can be used for web access. This web server uses a well-known TCP port 80. Since this is a well-known TCP port then anyone can try to access the Mikrotik router by using this web server.

That's why it is the best practice to change its default web port with another TCP port number. In this tutorial, we will discuss that.

To change its default web access port, connect your Mikrotik router via winbox. Then go to IP -> Services.

Here you will find an entry for the web access port. Just like the below:-

To change its default port number just double click on it and write your desire number.

After the click on the "Apply" button, your "WWW" port or Web access port will be changed to 8080.

That's all. 

Mikrotik Disable Winbox Access

Mikrotik has one proprietory tool called "Winbox" to manage its configurations. Winbox provides us a user-friendly interface to easily manage the router configurations. Winbox uses one TCP port to access the Mikrotik router. The Winbox default port number is 8291. 

If we are concern about our router security, then we have to change this default Winbox port number or permanently disable the "Winbox" service.. Using this port, an attacker can try to break our router credential by conducting a brute-force attack. That's why it is the best practice to change the Winbox default port number or disable the service for security reasons.

In this tutorial, we are going to learn, how to disable the "Winbox" service.

From the below path we can disable the Winbox service.

IP -> Services

Below is discussing the whole process graphically.

Just login to your router using Winbox and click on "IP" and then click on "Services".

Here you will find an entry for the "Winbox" service. Just select this service and click on the disable button. 

From now on, the "Winbox" access will be disabled for this Mikrotik router.

That's all.

Mikrotik WWW port change

The "WWW" access or "Web access" is a feature for the Mikrotik router that can be used to access the Mikrotik RouterOS. Mikrotik can be configured via its WWW interface or Web interface. Mikrotik has a built-in web server that can be used for web access. This web server uses a well-known TCP port 80. Since this is a well-known TCP port then anyone can try to access the Mikrotik router by using this web server.

That's why it is the best practice to change its default web port with another TCP port number. In this tutorial, we will discuss that.

To change its default web access port, connect your Mikrotik router via winbox. Then go to IP -> Services.

Here you will find an entry for the web access port or WWW port. Just like the below:-

To change its default port number just double click on it and write your desire number.

After the click on the "Apply" button, your "WWW" port or Web access port will be changed to 8080.

That's all. 

Mikrotik Disable Web Access

The Mikrotik router can be configured via its web interfaces. Mikrotik has a built-in web server that can be used for web access. This web server uses a well-known TCP port 80. Since this is a well-known TCP port then anyone can try to access the Mikrotik router using this web interface. That's why it is the best practice to change its default port number or disable this web access or web server. In this tutorial, we will discuss that.

We will use the "Winbox" tool to disable our Mikrotik web access. First of all, connect your Mikrotik router using "Winbox" and then go to IP -> Services.

Here you will get an entry for the "www" service. Simply select this service and click on the "Disable" button.

From now on, the "Web Access" method will be disabled for this Mikrotik router.

Mikrotik Webfig Port Change

The "Webfig" or "Web access" is a feature for the Mikrotik router that can be used to access the Mikrotik RouterOS. Mikrotik can be configured via its Webfig interface or Web interface. Mikrotik has a built-in web server that can be used for web access. This web server uses a well-known TCP port 80. Since this is a well-known TCP port then anyone can try to access the Mikrotik router by using this web server.

That's why it is the best practice to change its default web port with another TCP port number. In this tutorial, we will discuss that.

To change its default web access port, connect your Mikrotik router via winbox. Then go to IP -> Services.

Here you will find an entry for the web access port. Just like the below:-

To change its default port number just double click on it and write your desire number.

After the click on the "Apply" button, your "Webfig" port or Web access port will be changed to 8080.

That's all. 

Vmware View Admin Login Failed

VMware horizon or VMware View is used to create a virtual desktop infrastructure. We can access this virtual desktop via a web browser or using the VMware Horizon client program.

VMware Horizon or VMware View server has to be configured via web access. We can take access to the "Connection Server" web portal using the "Horizon Administrator Console" shortcut key that is available on the "Connection server" itself on its desktop.

If we want to take access to the "Connection Server" web portal from another computer of the LAN or the outside of the LAN other than the "Connection Server" itself, then we can't take access. The below error message has appeared. 

It's because the URL that we are using to take access to the "Connection Server" Web portal, which is mismatched with the "HTTPS External URL" address that is configured on the "Connection Server" settings. We have to use the exact external URL address that is configured on the connection server. Otherwise, the login will be failed.

That's why we have to confirm we are using the right external URL address.

If you are using the FQDN address other than the IP address in this "External URL" field, then you have to use that FQDN address to login to the server web portal. Otherwise, the error message will be displayed.

Suppose the external URL is written as "https://myserver.com:443". Then we have to use this "https://myserver.com:443" in our browser. If you use that server IP address instead of this FQDN address then that error message will be displayed. If you want to use the IP address instead of FQDN address then the IP address has to be written in this field. Then you can use IP address instead of FQDN address.

To configure the HTTPS External URL, login to your connection server web portal from the "Connection Server" itself using its shortcut icon. Then go to the "Settings" menu from the left panel and then click on the "Server" setting.

Now click on the "Connection Servers" tab from the right panel. And then select your connection server from the list. Then click on "Edit".

Now click on the "General" tab and you will get the HTTPS External URL information.

That's it. Configure your external URL as you want. But make sure your DNS is working.

Vmware Horizon Admin Login Failed

VMware horizon or VMware View is used to create a virtual desktop infrastructure. We can access this virtual desktop via a web browser or using the VMware Horizon client program.

VMware Horizon or VMware View server has to be configured via web access. We can take access to the "Connection Server" web portal using the "Horizon Administrator Console" shortcut key that is available on the "Connection server" itself on its desktop.

If we want to take access to the "Connection Server" web portal from another computer of the LAN or the outside of the LAN other than the "Connection Server" itself, then we can't take access. The below error message has appeared. 

It's because the URL that we are using to take access to the "Connection Server" Web portal, which is mismatched with the "HTTPS External URL" address that is configured on the "Connection Server" settings. We have to use the exact external URL address that is configured on the connection server. Otherwise, the login will be failed.

That's why we have to confirm we are using the right external URL address.

If you are using the FQDN address other than the IP address in this "External URL" field, then you have to use that FQDN address to login to the server web portal. Otherwise, the error message will be displayed.

Suppose the external URL is written as "https://myserver.com:443". Then we have to use this "https://myserver.com:443" in our browser. If you use that server IP address instead of this FQDN address then that error message will be displayed. If you want to use the IP address instead of FQDN address then the IP address has to be written in this field. Then you can use IP address instead of FQDN address.

To configure the HTTPS External URL, login to your connection server web portal from the "Connection Server" itself using its shortcut icon. Then go to the "Settings" menu from the left panel and then click on the "Server" setting.

Now click on the "Connection Servers" tab from the right panel. And then select your connection server from the list. Then click on "Edit".

Now click on the "General" tab and you will get the URL information.

That's it. Configure your external URL as you want. But make sure your DNS is working.

Prosody no PID file option

When we are trying to start prosody service using "prosodyctl" command, then this service is failed to start with displaying an error message. The error message is "There is no pidfile option in the configuration file". Just like the below:-

Although we have confirmed that our pidfile option is available in our prosody configuration file. In spite of that this error message is saying that the pidfile is not available. If we have configured any virtual host into our prosody configuration file and that virtual host entry is located on top of the pid file location then this error message will have appeared.

To resolve this issue just move the virtual host entry under the pid file location entry. Just open the prosody configuration file from the below location:-

/etc/prosody/prosody.cfg.lua

Then locate the "pid" configuration option. Just looks like the below entry:-

Just move your "virtual host" settings under this "pidfile" option. Now run the prosody service. Hopefully this time the service will run without any error.

Prosody Configuration no PID file

When we are trying to start prosody service using "prosodyctl" command, then this service is failed to start with displaying an error message. The error message is "There is no pidfile option in the configuration file". Just like the below:-

Although we have confirmed that our pidfile option is available in our prosody configuration file. In spite of that this error message is saying that the pidfile is not available. If we have configured any virtual host into our prosody configuration file and that virtual host entry is located on top of the pid file location then this error message will have appeared.

To resolve this issue just move the virtual host entry under the pid file location entry. Just open the prosody configuration file from the below location:-

/etc/prosody/prosody.cfg.lua

Then locate the "pid" configuration option. Just looks like the below entry:-

Just move your "virtual host" settings under this "pidfile" option. Now run the prosody service. Hopefully this time the service will run without any error.

There is no pidfile option in the configuration file

When we are trying to start prosody service using "prosodyctl" command, then this service is failed to start with displaying an error message. The error message is "There is no pidfile option in the configuration file". Just like the below:-

Although we have confirmed that our pidfile option is available in our prosody configuration file. In spite of that this error message is saying that the pidfile is not available. If we have configured any virtual host into our prosody configuration file and that virtual host entry is located on top of the pid file location then this error message will have appeared.

To resolve this issue just move the virtual host entry under the pid file location entry. Just open the prosody configuration file from the below location:-

/etc/prosody/prosody.cfg.lua

Then locate the "pid" configuration option. Just looks like the below entry:-

Just move your "virtual host" settings under this "pidfile" option. Now run the prosody service. Hopefully this time the service will run without any error.

Prosody there is no pidfile option in the configuration file

When we are trying to start prosody service using "prosodyctl" command, then this service is failed to start with displaying an error message. The error message is "There is no pidfile option in the configuration file". Just like the below:-

Although we have confirmed that our pidfile option is available in our prosody configuration file. In spite of that this error message is saying that the pidfile is not available. If we have configured any virtual host into our prosody configuration file and that virtual host entry is located on top of the pid file location then this error message will have appeared.

To resolve this issue just move the virtual host entry under the pid file location entry. Just open the prosody configuration file from the below location:-

/etc/prosody/prosody.cfg.lua

Then locate the "pid" configuration option. Just looks like the below entry:-

Just move your "virtual host" settings under this "pidfile" option. Now run the prosody service. Hopefully this time the service will run without any error.

Mikrotik Discovery Off

There is a feature available in the Mikrotik router to discover its neighbor router automatically. All the connected interface of the router is participating in this discovery process. The router sends its own information to other routers that are connected with its interfaces. In the same way, it receives information from other routers that are connected with its interfaces. Sometimes it's useful when we don't know the IP address of our neighbor router. Or maybe we want to take the layer-2 access into the router. 

To take the advantage of this feature we have to use the Mikrotik Winbox tool. In the Winbox, there is an option available called "Neighbor". Here we can see the list of our neighbor router.

This feature also has one drawback. It's about router security. During the neighbor router discovery process, our router interface sends some sensitive information to other routers. Such as router MAC address, router OS-Version, router IP address, router identity, and router up-time information. These pieces of information are enough for an attacker to attack a system. That's why it is the best practice to disable the router interface from being participating in the neighbor discovery process.

In this tutorial, we are going to discuss how to disable the router interface from being participating in the neighbor discovery process.

Login to your Mikrotik router and click on "IP" and then "Neighbor".

You will be appeared by the below interface. Just click on "Discovery Settings".

Now "Discovery Settings" will appear. Just click on the "drop-down" menu and select the "none" from the list.

That's it. From now on the Mikrotik router neither sends nor receives any data from its neighbor router. 

Mikrotik Neighbor Discovery

There is a feature available in the Mikrotik router to discover its neighbor router automatically. All the connected interface of the router is participating in this discovery process. The router sends its own information to other routers that are connected with its interfaces. In the same way, it receives information from other routers that are connected with its interfaces. Sometimes it's useful when we don't know the IP address of our neighbor router. Or maybe we want to take the layer-2 access into the router. 

To take the advantage of this feature we have to use the Mikrotik Winbox tool. In the Winbox, there is an option available called "Neighbor". Here we can see the list of our neighbor router.

This feature also has one drawback. It's about router security. During the neighbor router discovery process, our router interface sends some sensitive information to other routers. Such as router MAC address, router OS-Version, router IP address, router identity, and router up-time information. These pieces of information are enough for an attacker to attack a system. That's why it is the best practice to disable the router interface from being participating in the neighbor discovery process.

In this tutorial, we are going to discuss how to disable the router interface from being participating in the neighbor discovery process.

Login to your Mikrotik router and click on "IP" and then "Neighbor".

You will be appeared by the below interface. Just click on "Discovery Settings".

Now "Discovery Settings" will appear. Just click on the "drop-down" menu and select the "none" from the list.

That's it. From now on the Mikrotik router neither sends nor receives any data from its neighbor router. 

Mikrotik Winbox Port Forwarding

First of all, we are going to discuss what port forwarding is and why it is being used. Then we move on to the details of how to configure port forwarding or how to configure destination NAT for an FTP server in Mikrotik Router using winbox.

To access a service from the internet which is running behind on our router, in that case, port forwarding is required. Port forwarding is the process of forwarding traffic to a specific destination which is originated from the internet or outside of the local network.

Suppose you have a service that is running on your local network is accessible only for your local user. Now you want to publish that service on the internet so that any internet user can access this service from anywhere in the world. Internet users will submit a request on the router to reach a specific service using that service's port number. Then the router will check its forwarding table if any entry is available for that port number. Every router maintains a port forwarding table where every service (port number) should be listed that are intended to access from the internet. Not only the service name, which computer is providing that service also be listed. And that's why a router can redirect the traffic to a specific destination what is an internet user searching for. This process is working like "Destination NAT" or "PAT (Port Address Translator)".

Assume that, we have an FTP server running on our local network. Only our LAN user can access this FTP site. No internet users can't access because this site is not published on the internet. Now we want to make available this FTP server on the internet. We have two options to accomplish this task. The first one is, we can use one public IP address directly in our FTP server and that's why it will automatically available on the internet. And the other one is, we can forward the FTP service request to our internal FTP server from our router, which is called port forwarding. 

In this tutorial, we are going to learn how to perform port forwarding on the Mikrotik router.  

In the Mikrotik router, we can achieve this task by configuring one destination NAT entry. By this entry, we are telling our router that if any request has come from the internet to reach an FTP server then forward that traffic to our internal FTP server.

 

Step by step the whole process is shown graphically below.

First of all, we will go to the "NAT" option from the "Firewall" menu and there we will create a destination NAT rule.

Now go to the "General" tab and select "dstnat" as "Chain" value. Write your public IP address at the "Dst. Address" field. Select "TCP" from the "Protocol" field. And finally, write the destination port number at the "Dst. Port" field.  

Now we will navigate to the "Action" tab. Ant there we select "dst-nat" as "Action" value. At the "To Address" field, we will write our server IP address where the FTP service is running on. At the "To Port" field, we will write the service's port number, that our FTP server is using for that service.

Finally, click on apply and then "OK". A destination NAT entry will be added as follows.

From now on if any request has come to the router from the internet which is intended to go to the FTP server, then our router will redirect it to our internal FTP server means 10.168.1.247 IP address.

This is the whole process for Mikrotik Port Forwarding. We can call this Mikroitk Destination NAT.

Mikrotik Disable Discovery Interface

There is a feature available in the Mikrotik router to discover its neighbor router automatically. All the connected interface of the router is participating in this discovery process. The router sends its own information to other routers that are connected with its interfaces. In the same way, it receives information from other routers that are connected with its interfaces. Sometimes it's useful when we don't know the IP address of our neighbor router. Or maybe we want to take the layer-2 access into the router. 

To take the advantage of this feature we have to use the Mikrotik Winbox tool. In the Winbox, there is an option available called "Neighbor". Here we can see the list of our neighbor router.

This feature also has one drawback. It's about router security. During the neighbor router discovery process, our router interface sends some sensitive information to other routers. Such as router MAC address, router OS-Version, router IP address, router identity, and router up-time information. These pieces of information are enough for an attacker to attack a system. That's why it is the best practice to disable the router interface from being participating in the neighbor discovery process.

In this tutorial, we are going to discuss how to disable the router interface from being participating in the neighbor discovery process.

Login to your Mikrotik router and click on "IP" and then "Neighbor".

You will be appeared by the below interface. Just click on "Discovery Settings".

Now "Discovery Settings" will appear. Just click on the "drop-down" menu and select the "none" from the list.

That's it. From now on the Mikrotik router neither sends nor receives any data from its neighbor router. 

Disable Neighbor Mikrotik

There is a feature available in the Mikrotik router to discover its neighbor router automatically. All the connected interface of the router is participating in this discovery process. The router sends its own information to other routers that are connected with its interfaces. In the same way, it receives information from other routers that are connected with its interfaces. Sometimes it's useful when we don't know the IP address of our neighbor router. Or maybe we want to take the layer-2 access into the router. 

To take the advantage of this feature we have to use the Mikrotik Winbox tool. In the Winbox, there is an option available called "Neighbor". Here we can see the list of our neighbor router.

This feature also has one drawback. It's about router security. During the neighbor router discovery process, our router interface sends some sensitive information to other routers. Such as router MAC address, router OS-Version, router IP address, router identity, and router up-time information. These pieces of information are enough for an attacker to attack a system. That's why it is the best practice to disable the router interface from being participating in the neighbor discovery process.

In this tutorial, we are going to discuss how to disable the router interface from being participating in the neighbor discovery process.

Login to your Mikrotik router and click on "IP" and then "Neighbor".

You will be appeared by the below interface. Just click on "Discovery Settings".

Now "Discovery Settings" will appear. Just click on the "drop-down" menu and select the "none" from the list.

That's it. From now on the Mikrotik router neither sends nor receive any data from its neighbor router. 

Winbox NAT Rule

One of the most important tasks among others that are performed by the router is NAT function. Using this NAT feature, we can share one public IP address among so many users.

In this tutorial, we are going to talk about the Mikrotik router. How to configure NAT in this router? How to configure source NAT or src-nat using the Mikrotik Winbox tool.

We will go through the step by step process. First of all, open your Winbox tool and go to the IP-Firewall-Nat section. In there, create a new rule.

Now go to the "General" tab. Select "src-net" from the chain field. Write the local network address for which you are going to configure the NAT function. in this tutorial, we are using 192.168.1.0/24 as our local network address.

Now we will go to the "Action" tab. From there we can select "src-nat" or "masquerade" as our action value to perform the NAT function for our local network. If we select "src-nat" as our action value, then we have to specify the public IP address into the "To Addresses" field. We assume that our public IP address is 1.1.1.1.

If we select "masquerade" as our action value, then there is nothing left we have to do. Just select the "masquerade" as an action value and click on the "apply" button.

If we have more than one local address as well as public IP address then we will use the "src-nat" as an action value. Because by using this way, we can manipulate the NAT process as our requirements or for any advanced functions. For any home uses or a single local network, there are no extra requirements other then internet connection, we can use "masquerade" as an action value. 

That's it. After click on the "Apply" and "OK" button, our NAT rule will be added to our NAT list.