Wednesday, 19 March 2014

MIKROTIK Services Port

Sub-menu: /ip service

This document lists protocols and ports used by various MikroTik RouterOS services. It helps you to determine why your MikroTik router listens to certain ports, and what you need to block/allow in case you want to prevent or grant access to the certain services. Please see the relevant sections of the Manual for more explanations.

Properties

Note that it is not possible to add new services, only existing service modifications are allowed.


Property Description
address (IP address/netmask | IPv6/0..128; Default: ) List of IP/IPv6 prefixes from which the service is accessible.
certificate (name; Default: none) The name of the certificate used by particular service. Applicable only for services that depends on certificates (www-ssl, api-ssl)
name (name; Default: none) Service name
port (integer: 1..65535; Default: ) The port particular service listens on

Example

For example allow telnet only from specific IPv6 address range

[admin@dzeltenais_burkaans] /ip service> set api address=10.5.101.0/24,2001:db8:fade::/64
[admin@dzeltenais_burkaans] /ip service> print 
Flags: X - disabled, I - invalid 
 #   NAME     PORT  ADDRESS                                       CERTIFICATE  
 0   telnet   23   
 1   ftp      21   
 2   www      80   
 3   ssh      22   
 4 X www-ssl  443                                                 none         
 5   api      8728  10.5.101.0/24                                
                    2001:db8:fade::/64                           
 6   winbox   8291 


Service Ports

Sub-menu: /ip firewall service-port

Hosts behind a NAT-enabled router do not have true end-to-end connectivity. Therefore some Internet protocols might not work in scenarios with NAT.
To overcome these limitations RouterOS includes a number of NAT helpers, that enable NAT traversal for various protocols.

Note: If connection tracking is not enabled then firewall service ports will be shown as inactive

Helper Description
FTP FTP service helper
h323 H323 service helper
irc
PPTP PPTP tunneling helper.
SIP
tftp






Protocols and ports

Table below shows the list of protocols and ports used by RouterOS.

Proto/Port Description
20/tcp FTP data connection
21/tcp FTP control connection
22/tcp Secure Shell (SSH) remote Login protocol
23/tcp Telnet protocol
53/tcp
53/udp
DNS
67/udp Bootstrap protocol or DHCP Server
68/udp Bootstrap protocol or DHCP Client
80/tcp World Wide Web HTTP
123/udp Network Time Protocol ( NTP)
161/udp Simple Network Management Protocol (SNMP)
179/tcp Border Gateway Protocol ( BGP)
443/tcp Secure Socket Layer (SSL) encrypted HTTP
500/udp Internet Key Exchange (IKE) protocol
520/udp
521/udp
RIP routing protocol
646/tcp LDP transport session
646/udp LDP hello protocol
1080/tcp SOCKS proxy protocol
1698/udp 1699/udp RSVP TE Tunnels
1701/udp Layer 2 Tunnel Protocol ( L2TP)
1723/tcp Point-To-Point Tunneling Protocol ( PPTP)
1900/udp
2828/tcp
Universal Plug and Play ( uPnP)
1966/udp MME originator message traffic
1966/tcp MME gateway protocol
2000/tcp Bandwidth test server
5678/udp Mikrotik Neighbor Discovery Protocol
6343/tcp Default OpenFlow port
8080/tcp HTTP Web Proxy
8291/tcp Winbox
8728/tcp API
8729/tcp API-SSL
20561/udp MAC winbox
/1 ICMP
/2 Multicast | IGMP
/4 IPIP encapsulation
/41 IPv6 (encapsulation)
/46 RSVP TE tunnels
/47 General Routing Encapsulation (GRE) - used for PPTP and EoIP tunnels
/50 Encapsulating Security Payload for IPv4 (ESP)
/51 Authentication Header for IPv4 (AH)
/89 OSPF routing protocol
/103 Multicast | PIM
/112 VRRP


Source : Wiki Mikrotik












































No comments:

Post a Comment