Sub-menu: /ip service
This document lists protocols and ports used by various MikroTik
RouterOS services. It helps you to determine why your MikroTik router
listens to certain ports, and what you need to block/allow in case you
want to prevent or grant access to the certain services. Please see the
relevant sections of the Manual for more explanations.
Properties
Note that it is not possible to add new services, only existing service modifications are allowed.
Property |
Description |
address (IP address/netmask | IPv6/0..128; Default: ) |
List of IP/IPv6 prefixes from which the service is accessible. |
certificate (name; Default: none) |
The name of the certificate used by particular service. Applicable only for services that depends on certificates (www-ssl, api-ssl) |
name (name; Default: none) |
Service name |
port (integer: 1..65535; Default: ) |
The port particular service listens on |
Example
For example allow telnet only from specific IPv6 address range
[admin@dzeltenais_burkaans] /ip service> set api address=10.5.101.0/24,2001:db8:fade::/64
[admin@dzeltenais_burkaans] /ip service> print
Flags: X - disabled, I - invalid
# NAME PORT ADDRESS CERTIFICATE
0 telnet 23
1 ftp 21
2 www 80
3 ssh 22
4 X www-ssl 443 none
5 api 8728 10.5.101.0/24
2001:db8:fade::/64
6 winbox 8291
Service Ports
Sub-menu: /ip firewall service-port
Hosts behind a NAT-enabled router do not have true end-to-end
connectivity. Therefore some Internet protocols might not work in
scenarios with NAT.
To overcome these limitations RouterOS includes a number of
NAT helpers, that enable NAT traversal for various protocols.
Note: If connection tracking is not enabled then firewall service ports will be shown as inactive
Helper |
Description |
FTP |
FTP service helper |
h323 |
H323 service helper |
irc |
|
PPTP |
PPTP tunneling helper. |
SIP |
|
tftp |
|
Protocols and ports
Table below shows the list of protocols and ports used by RouterOS.
Proto/Port |
Description |
20/tcp |
FTP data connection |
21/tcp |
FTP control connection |
22/tcp |
Secure Shell (SSH) remote Login protocol |
23/tcp |
Telnet protocol |
53/tcp 53/udp |
DNS |
67/udp |
Bootstrap protocol or DHCP Server |
68/udp |
Bootstrap protocol or DHCP Client |
80/tcp |
World Wide Web HTTP |
123/udp |
Network Time Protocol ( NTP) |
161/udp |
Simple Network Management Protocol (SNMP) |
179/tcp |
Border Gateway Protocol ( BGP) |
443/tcp |
Secure Socket Layer (SSL) encrypted HTTP |
500/udp |
Internet Key Exchange (IKE) protocol |
520/udp 521/udp |
RIP routing protocol |
646/tcp |
LDP transport session |
646/udp |
LDP hello protocol |
1080/tcp |
SOCKS proxy protocol |
1698/udp 1699/udp |
RSVP TE Tunnels |
1701/udp |
Layer 2 Tunnel Protocol ( L2TP) |
1723/tcp |
Point-To-Point Tunneling Protocol ( PPTP) |
1900/udp 2828/tcp |
Universal Plug and Play ( uPnP) |
1966/udp |
MME originator message traffic |
1966/tcp |
MME gateway protocol |
2000/tcp |
Bandwidth test server |
5678/udp |
Mikrotik Neighbor Discovery Protocol |
6343/tcp |
Default OpenFlow port |
8080/tcp |
HTTP Web Proxy |
8291/tcp |
Winbox |
8728/tcp |
API |
8729/tcp |
API-SSL |
20561/udp |
MAC winbox |
/1 |
ICMP |
/2 |
Multicast | IGMP |
/4 |
IPIP encapsulation |
/41 |
IPv6 (encapsulation) |
/46 |
RSVP TE tunnels |
/47 |
General Routing Encapsulation (GRE) - used for PPTP and EoIP tunnels |
/50 |
Encapsulating Security Payload for IPv4 (ESP) |
/51 |
Authentication Header for IPv4 (AH) |
/89 |
OSPF routing protocol |
/103 |
Multicast | PIM |
/112 |
VRRP |
|
No comments:
Post a Comment