uTalk

Official forum for Utopia Community

You are not logged in.

#1 2021-01-15 09:57:35

Makedonskiy
Member
Registered: 2020-11-20
Posts: 95

Mikrotik and Mining

Utopia has been set up, all ticks burn green, and utopia, in turn, does not want to dial in incoming connections, even in a few days of continuous operation of the client or bots. This is the picture that routerboard users expect from the mikrotik company.

Brief summary: mikrotik - router for advanced, ideally skilled network engineers, people, allows you to manage traffic as you want. Without appropriate knowledge, it is better not to take the setup.

For our joy, there will be no special tricks associated with deviating from the default configuration of the routerboard settings. But still, there are nuances, including those related to the use of UpNp:

1.    When using UpNp, it is possible to connect to you from the outside. It is crucial to configure the firewall correctly so that you do not get unwanted patients around your neck. The fact is that routerboard can be easily turned into a hacker Noda or vpn for dark cases, so hackers of different stripes just love these routers

2.    The use of some specific technologies in traffic routing dictates special configuration requirements if you want to fully contain the master node.

Protecting the router:

1.    The first thing to do is to disable unnecessary services through which you can access the router. Click IP > Services. The correct configuration should look like this: we leave only "winbox" enabled for access, from your IP range. How to do this - can be found on the Internet, unfortunately, at this stage I did not find how to upload an image to the forum.

2.    The second, very important point is to disable the definition of your router through the service "neighbors" on the WAN. Click IP > Neighbors > Discovery settings. Personally, I have the option of defining the router within the home network, as evidenced by the inscription "LAN". Again, I sincerely apologize, without images

3.    The third and most important point is the correct firewall configuration. A default configuration is quite enough. Let's not overload the manual with screenshots, let's take the rule print out of the console, with an explanation to each rule. Console in Router OS is intuitive, if desired, there will be no difficulties to recreate the rules in GUI.

0 D ;;; special dummy rule to show fasttrack counters
      chain=forward action=passthrough
Default rule for observation. If you want, you can't do anything to him.

1 ;;; defconf: accept established, related, untracked
      chain=input action=accept connection-state=established,related,untracked
      log=no log-prefix=""
A rule that allows ALL management packets on the router itself. That's what the "Input" chain says. You can find more information on the Internet.

2 ;;; defconf: drop invalid
      chain=input action=drop connection-state=invalid log=no log-prefix=".
Rule for dropping unidentified connections. We'll talk about him separately later.

3 ;;; defconf: accept ICMP
      chain=input action=accept protocol=icmp log=no log-prefix=".
Enables ICMP packets to pass directly to the router. Simply put, it allows you to use the "ping" command to get an answer.

4 ;;; defconf: accept to local loopback (for CAPsMAN)
      chain=input action=accept dst-address=127.0.0.1 log=no log-prefix=""
Default capsule rule. Doesn't affect anything.

5 ;;; defconf: drop all not coming from LAN
      chain=input action=drop in-interface-list=!LAN log=no log-prefix=""
One of the most important. Completely forbids the router to pass control commands OUTSIDE. You can see from the descriptor that all the incoming ones that didn't come from the local network are crashing.

6 ;;; defconf: accept in ipsec policy
      chain=forward action=accept log=no log-prefix="" ipsec-policy=in,ipsec
IPsecurity policy. It doesn't affect us in any way, we can keep it.
At this point, the protection setting can be considered complete. Not the most meticulous option, but for a safe start of mining on microtycles is quite suitable, especially if you do not want to get into all the details.

0 D ;;; special dummy rule to show fasttrack counters
      chain=forward action=passthrough
Default rule for observation. If you want, you can't do anything to him.

1 ;;; defconf: accept established, related, untracked
      chain=input action=accept connection-state=established,related,untracked
      log=no log-prefix=""
A rule that allows ALL management packets on the router itself. That's what the "Input" chain says. You can find more information on the Internet.

2 ;;; defconf: drop invalid
      chain=input action=drop connection-state=invalid log=no log-prefix=".
Rule for dropping unidentified connections. We'll talk about him separately later.

3 ;;; defconf: accept ICMP
      chain=input action=accept protocol=icmp log=no log-prefix=".
Enables ICMP packets to pass directly to the router. Simply put, it allows you to use the "ping" command to get an answer.

4 ;;; defconf: accept to local loopback (for CAPsMAN)
      chain=input action=accept dst-address=127.0.0.1 log=no log-prefix=""
Default capsule rule. Doesn't affect anything.

5 ;;; defconf: drop all not coming from LAN
      chain=input action=drop in-interface-list=!LAN log=no log-prefix=""
One of the most important. Completely forbids the router to pass control commands OUTSIDE. You can see from the descriptor that all the incoming ones that didn't come from the local network are crashing.

6 ;;; defconf: accept in ipsec policy
      chain=forward action=accept log=no log-prefix="" ipsec-policy=in,ipsec
IPsecurity policy. It doesn't affect us in any way, we can keep it.
At this point, the protection setting can be considered complete. Not the most meticulous option, but for a safe start of mining on microtycles is quite suitable, especially if you do not want to get into all the details. On most routers, this setting is installed "out of the box".

Configuration nuances. Drop of inactive compounds and fast-track technology.

Fast-Track is a technology for accelerating the transmission of packets through a miKrotiK, bypassing queue rules. It's hard to say how much faster. The point is, she marks the bags in a special way. According to the author's observations, while the fast track was on, the mining didn't want to start. It was worth disconnecting - after some time the incoming connections appeared. Disables in Ip >Firewall 

Rule of dropping inactive compounds. In the screenshot above, item #10, that's exactly the rule. An alleged mechanism to influence utopia: traffic at certain points stops waiting for the next packet, leaving the connection open. Accordingly, this rule closes the connection at this point ("fluttering"), which may prevent the mining. After it was turned off, the author's mining also became more active.

Turning on Upnp. It is written in detail on the Internet, it will not be difficult to enable.

After all the described manipulations the mining is fully available from the author. Remember that it doesn't start instantly, once the bot or client is started (current for version 5490) it takes time for the network to accept the master node, it can happen in an hour or a day.

Important!

After updating the network protocol, everything worked fine with the "FASTTRACK" and "drop invalid" functions enabled. Turn them on or off - at your discretion!

Thank you for your attention and successful mining!

Offline

#2 2021-01-16 21:06:52

Dr-Hack
Moderator
Registered: 2020-11-20
Posts: 59

Re: Mikrotik and Mining

This is very detailed and Informative , I am sure many will find it helpful ...

Thanks for sharing

Offline

#3 2021-09-20 15:47:24

youtube
Member
Registered: 2021-09-20
Posts: 28

Re: Mikrotik and Mining

and you can also create a virtual machine, download utopia to it, run a vpn through your server, and then you will be the most protected person on the planet

Offline

#4 2021-09-24 06:14:46

kukoro
Member
Registered: 2021-09-23
Posts: 61

Re: Mikrotik and Mining

good day ...

very detailed information, thank you for the information

Offline

#5 2021-11-03 08:31:30

migyolman
Member
Registered: 2021-11-03
Posts: 11

Re: Mikrotik and Mining

Fantastic, I am right with this topic right now, it suits me very well, thank you very much for sharing.

Thanks and best regards,

Offline

#6 2021-11-09 11:06:34

sergo77
Member
From: spain
Registered: 2021-11-09
Posts: 20

Re: Mikrotik and Mining

great information there is much to understand

Offline

Board footer

Powered by FluxBB