uTalk

Official forum for Utopia Community

You are not logged in.

#1 2021-01-15 09:57:35

Makedonskiy
Member
Registered: 2020-11-20
Posts: 108

Mikrotik and Mining

Utopia has been set up, all ticks burn green, and utopia, in turn, does not want to dial in incoming connections, even in a few days of continuous operation of the client or bots. This is the picture that routerboard users expect from the mikrotik company.

Brief summary: mikrotik - router for advanced, ideally skilled network engineers, people, allows you to manage traffic as you want. Without appropriate knowledge, it is better not to take the setup.

For our joy, there will be no special tricks associated with deviating from the default configuration of the routerboard settings. But still, there are nuances, including those related to the use of UpNp:

1.    When using UpNp, it is possible to connect to you from the outside. It is crucial to configure the firewall correctly so that you do not get unwanted patients around your neck. The fact is that routerboard can be easily turned into a hacker Noda or vpn for dark cases, so hackers of different stripes just love these routers

2.    The use of some specific technologies in traffic routing dictates special configuration requirements if you want to fully contain the master node.

Protecting the router:

1.    The first thing to do is to disable unnecessary services through which you can access the router. Click IP > Services. The correct configuration should look like this: we leave only "winbox" enabled for access, from your IP range. How to do this - can be found on the Internet, unfortunately, at this stage I did not find how to upload an image to the forum.

2.    The second, very important point is to disable the definition of your router through the service "neighbors" on the WAN. Click IP > Neighbors > Discovery settings. Personally, I have the option of defining the router within the home network, as evidenced by the inscription "LAN". Again, I sincerely apologize, without images

3.    The third and most important point is the correct firewall configuration. A default configuration is quite enough. Let's not overload the manual with screenshots, let's take the rule print out of the console, with an explanation to each rule. Console in Router OS is intuitive, if desired, there will be no difficulties to recreate the rules in GUI.

0 D ;;; special dummy rule to show fasttrack counters
      chain=forward action=passthrough
Default rule for observation. If you want, you can't do anything to him.

1 ;;; defconf: accept established, related, untracked
      chain=input action=accept connection-state=established,related,untracked
      log=no log-prefix=""
A rule that allows ALL management packets on the router itself. That's what the "Input" chain says. You can find more information on the Internet.

2 ;;; defconf: drop invalid
      chain=input action=drop connection-state=invalid log=no log-prefix=".
Rule for dropping unidentified connections. We'll talk about him separately later.

3 ;;; defconf: accept ICMP
      chain=input action=accept protocol=icmp log=no log-prefix=".
Enables ICMP packets to pass directly to the router. Simply put, it allows you to use the "ping" command to get an answer.

4 ;;; defconf: accept to local loopback (for CAPsMAN)
      chain=input action=accept dst-address=127.0.0.1 log=no log-prefix=""
Default capsule rule. Doesn't affect anything.

5 ;;; defconf: drop all not coming from LAN
      chain=input action=drop in-interface-list=!LAN log=no log-prefix=""
One of the most important. Completely forbids the router to pass control commands OUTSIDE. You can see from the descriptor that all the incoming ones that didn't come from the local network are crashing.

6 ;;; defconf: accept in ipsec policy
      chain=forward action=accept log=no log-prefix="" ipsec-policy=in,ipsec
IPsecurity policy. It doesn't affect us in any way, we can keep it.
At this point, the protection setting can be considered complete. Not the most meticulous option, but for a safe start of mining on microtycles is quite suitable, especially if you do not want to get into all the details.

0 D ;;; special dummy rule to show fasttrack counters
      chain=forward action=passthrough
Default rule for observation. If you want, you can't do anything to him.

1 ;;; defconf: accept established, related, untracked
      chain=input action=accept connection-state=established,related,untracked
      log=no log-prefix=""
A rule that allows ALL management packets on the router itself. That's what the "Input" chain says. You can find more information on the Internet.

2 ;;; defconf: drop invalid
      chain=input action=drop connection-state=invalid log=no log-prefix=".
Rule for dropping unidentified connections. We'll talk about him separately later.

3 ;;; defconf: accept ICMP
      chain=input action=accept protocol=icmp log=no log-prefix=".
Enables ICMP packets to pass directly to the router. Simply put, it allows you to use the "ping" command to get an answer.

4 ;;; defconf: accept to local loopback (for CAPsMAN)
      chain=input action=accept dst-address=127.0.0.1 log=no log-prefix=""
Default capsule rule. Doesn't affect anything.

5 ;;; defconf: drop all not coming from LAN
      chain=input action=drop in-interface-list=!LAN log=no log-prefix=""
One of the most important. Completely forbids the router to pass control commands OUTSIDE. You can see from the descriptor that all the incoming ones that didn't come from the local network are crashing.

6 ;;; defconf: accept in ipsec policy
      chain=forward action=accept log=no log-prefix="" ipsec-policy=in,ipsec
IPsecurity policy. It doesn't affect us in any way, we can keep it.
At this point, the protection setting can be considered complete. Not the most meticulous option, but for a safe start of mining on microtycles is quite suitable, especially if you do not want to get into all the details. On most routers, this setting is installed "out of the box".

Configuration nuances. Drop of inactive compounds and fast-track technology.

Fast-Track is a technology for accelerating the transmission of packets through a miKrotiK, bypassing queue rules. It's hard to say how much faster. The point is, she marks the bags in a special way. According to the author's observations, while the fast track was on, the mining didn't want to start. It was worth disconnecting - after some time the incoming connections appeared. Disables in Ip >Firewall 

Rule of dropping inactive compounds. In the screenshot above, item #10, that's exactly the rule. An alleged mechanism to influence utopia: traffic at certain points stops waiting for the next packet, leaving the connection open. Accordingly, this rule closes the connection at this point ("fluttering"), which may prevent the mining. After it was turned off, the author's mining also became more active.

Turning on Upnp. It is written in detail on the Internet, it will not be difficult to enable.

After all the described manipulations the mining is fully available from the author. Remember that it doesn't start instantly, once the bot or client is started (current for version 5490) it takes time for the network to accept the master node, it can happen in an hour or a day.

Important!

After updating the network protocol, everything worked fine with the "FASTTRACK" and "drop invalid" functions enabled. Turn them on or off - at your discretion!

Thank you for your attention and successful mining!

Offline

#2 2021-01-16 21:06:52

Dr-Hack
Moderator
Registered: 2020-11-20
Posts: 70

Re: Mikrotik and Mining

This is very detailed and Informative , I am sure many will find it helpful ...

Thanks for sharing

Offline

#3 2021-09-20 15:47:24

youtube
Member
Registered: 2021-09-20
Posts: 30

Re: Mikrotik and Mining

and you can also create a virtual machine, download utopia to it, run a vpn through your server, and then you will be the most protected person on the planet

Offline

#4 2021-09-24 06:14:46

kukoro
Member
Registered: 2021-09-23
Posts: 61

Re: Mikrotik and Mining

good day ...

very detailed information, thank you for the information

Offline

#5 2021-11-03 08:31:30

migyolman
Member
Registered: 2021-11-03
Posts: 11

Re: Mikrotik and Mining

Fantastic, I am right with this topic right now, it suits me very well, thank you very much for sharing.

Thanks and best regards,

Offline

#6 2021-11-09 11:06:34

sergo77
Member
From: spain
Registered: 2021-11-09
Posts: 20

Re: Mikrotik and Mining

great information there is much to understand

Offline

#7 2022-01-04 17:35:59

Cromanes
Member
Registered: 2021-12-10
Posts: 316

Re: Mikrotik and Mining

Makedonskiy;146 wrote:

Utopia has been set up, all ticks burn green, and utopia, in turn, does not want to dial in incoming connections, even in a few days of continuous operation of the client or bots. This is the picture that routerboard users expect from the mikrotik company.

Brief summary: mikrotik - router for advanced, ideally skilled network engineers, people, allows you to manage traffic as you want. Without appropriate knowledge, it is better not to take the setup.

For our joy, there will be no special tricks associated with deviating from the default configuration of the routerboard settings. But still, there are nuances, including those related to the use of UpNp:

1.    When using UpNp, it is possible to connect to you from the outside. It is crucial to configure the firewall correctly so that you do not get unwanted patients around your neck. The fact is that routerboard can be easily turned into a hacker Noda or vpn for dark cases, so hackers of different stripes just love these routers

2.    The use of some specific technologies in traffic routing dictates special configuration requirements if you want to fully contain the master node.

Protecting the router:

1.    The first thing to do is to disable unnecessary services through which you can access the router. Click IP > Services. The correct configuration should look like this: we leave only "winbox" enabled for access, from your IP range. How to do this - can be found on the Internet, unfortunately, at this stage I did not find how to upload an image to the forum.

2.    The second, very important point is to disable the definition of your router through the service "neighbors" on the WAN. Click IP > Neighbors > Discovery settings. Personally, I have the option of defining the router within the home network, as evidenced by the inscription "LAN". Again, I sincerely apologize, without images

3.    The third and most important point is the correct firewall configuration. A default configuration is quite enough. Let's not overload the manual with screenshots, let's take the rule print out of the console, with an explanation to each rule. Console in Router OS is intuitive, if desired, there will be no difficulties to recreate the rules in GUI.

0 D ;;; special dummy rule to show fasttrack counters
      chain=forward action=passthrough
Default rule for observation. If you want, you can't do anything to him.

1 ;;; defconf: accept established, related, untracked
      chain=input action=accept connection-state=established,related,untracked
      log=no log-prefix=""
A rule that allows ALL management packets on the router itself. That's what the "Input" chain says. You can find more information on the Internet.

2 ;;; defconf: drop invalid
      chain=input action=drop connection-state=invalid log=no log-prefix=".
Rule for dropping unidentified connections. We'll talk about him separately later.

3 ;;; defconf: accept ICMP
      chain=input action=accept protocol=icmp log=no log-prefix=".
Enables ICMP packets to pass directly to the router. Simply put, it allows you to use the "ping" command to get an answer.

4 ;;; defconf: accept to local loopback (for CAPsMAN)
      chain=input action=accept dst-address=127.0.0.1 log=no log-prefix=""
Default capsule rule. Doesn't affect anything.

5 ;;; defconf: drop all not coming from LAN
      chain=input action=drop in-interface-list=!LAN log=no log-prefix=""
One of the most important. Completely forbids the router to pass control commands OUTSIDE. You can see from the descriptor that all the incoming ones that didn't come from the local network are crashing.

6 ;;; defconf: accept in ipsec policy
      chain=forward action=accept log=no log-prefix="" ipsec-policy=in,ipsec
IPsecurity policy. It doesn't affect us in any way, we can keep it.
At this point, the protection setting can be considered complete. Not the most meticulous option, but for a safe start of mining on microtycles is quite suitable, especially if you do not want to get into all the details.

0 D ;;; special dummy rule to show fasttrack counters
      chain=forward action=passthrough
Default rule for observation. If you want, you can't do anything to him.

1 ;;; defconf: accept established, related, untracked
      chain=input action=accept connection-state=established,related,untracked
      log=no log-prefix=""
A rule that allows ALL management packets on the router itself. That's what the "Input" chain says. You can find more information on the Internet.

2 ;;; defconf: drop invalid
      chain=input action=drop connection-state=invalid log=no log-prefix=".
Rule for dropping unidentified connections. We'll talk about him separately later.

3 ;;; defconf: accept ICMP
      chain=input action=accept protocol=icmp log=no log-prefix=".
Enables ICMP packets to pass directly to the router. Simply put, it allows you to use the "ping" command to get an answer.

4 ;;; defconf: accept to local loopback (for CAPsMAN)
      chain=input action=accept dst-address=127.0.0.1 log=no log-prefix=""
Default capsule rule. Doesn't affect anything.

5 ;;; defconf: drop all not coming from LAN
      chain=input action=drop in-interface-list=!LAN log=no log-prefix=""
One of the most important. Completely forbids the router to pass control commands OUTSIDE. You can see from the descriptor that all the incoming ones that didn't come from the local network are crashing.

6 ;;; defconf: accept in ipsec policy
      chain=forward action=accept log=no log-prefix="" ipsec-policy=in,ipsec
IPsecurity policy. It doesn't affect us in any way, we can keep it.
At this point, the protection setting can be considered complete. Not the most meticulous option, but for a safe start of mining on microtycles is quite suitable, especially if you do not want to get into all the details. On most routers, this setting is installed "out of the box".

Configuration nuances. Drop of inactive compounds and fast-track technology.

Fast-Track is a technology for accelerating the transmission of packets through a miKrotiK, bypassing queue rules. It's hard to say how much faster. The point is, she marks the bags in a special way. According to the author's observations, while the fast track was on, the mining didn't want to start. It was worth disconnecting - after some time the incoming connections appeared. Disables in Ip >Firewall 

Rule of dropping inactive compounds. In the screenshot above, item #10, that's exactly the rule. An alleged mechanism to influence utopia: traffic at certain points stops waiting for the next packet, leaving the connection open. Accordingly, this rule closes the connection at this point ("fluttering"), which may prevent the mining. After it was turned off, the author's mining also became more active.

Turning on Upnp. It is written in detail on the Internet, it will not be difficult to enable.

After all the described manipulations the mining is fully available from the author. Remember that it doesn't start instantly, once the bot or client is started (current for version 5490) it takes time for the network to accept the master node, it can happen in an hour or a day.

Important!

After updating the network protocol, everything worked fine with the "FASTTRACK" and "drop invalid" functions enabled. Turn them on or off - at your discretion!

Thank you for your attention and successful mining!

Hmm. It seems to me that this breakdown should be implemented in the intuitive new messenger interface "Utopia" so that the new blood does not torture the community with its typical questions. Or make the implementation visual for general and easy understanding.

Offline

#8 2022-01-10 22:55:06

SGL
Member
From: Infospace
Registered: 2021-12-05
Posts: 70

Re: Mikrotik and Mining

Cromanes;1303 wrote:
Makedonskiy;146 wrote:

Utopia has been set up, all ticks burn green, and utopia, in turn, does not want to dial in incoming connections, even in a few days of continuous operation of the client or bots. This is the picture that routerboard users expect from the mikrotik company.

After updating the network protocol, everything worked fine with the "FASTTRACK" and "drop invalid" functions enabled. Turn them on or off - at your discretion!

Thank you for your attention and successful mining!

Hmm. It seems to me that this breakdown should be implemented in the intuitive new messenger interface "Utopia" so that the new blood does not torture the community with its typical questions. Or make the implementation visual for general and easy understanding.

You can abbreviate the text in "quote" so that it is not all copied.

But the launch on the microtik, interesting


Crypton/UUSD donation for new developments: F50AF5410B1F3F4297043F0E046F205BCBAA76BEC70E936EB0F3AB94BF316804

Offline

#9 2022-02-14 15:04:08

Cromanes
Member
Registered: 2021-12-10
Posts: 316

Re: Mikrotik and Mining

SGL;1425 wrote:

You can abbreviate the text in "quote" so that it is not all copied.

But the launch on the microtik, interesting

Why try to do this if you can just write a scheme that would shorten the chain.

Offline

#10 2023-03-14 16:57:55

Cat
Member
Registered: 2023-03-11
Posts: 153

Re: Mikrotik and Mining

Thank you, I wish there were more articles like this.

Offline

#11 2023-03-14 16:58:55

Cat
Member
Registered: 2023-03-11
Posts: 153

Re: Mikrotik and Mining

Cromanes;1570 wrote:

Why try to do this if you can just write a scheme that would shorten the chain.

is it really a good idea? After all, as the saying goes, if it works, don't touch it.

Offline

#12 2023-03-14 23:08:50

IyaJJJ
Member
Registered: 2023-01-25
Posts: 1,521

Re: Mikrotik and Mining

Cat;5452 wrote:

Thank you, I wish there were more articles like this.

There are a lot of articles about the UtopiaP2P ecosystem with the inclusion of the mining aspect of the Crypton coin you just need to search online and there are also some independent websites created by the UtopiaP2P enthusiast where you can also information on there.

Offline

Board footer

Powered by FluxBB