Services, Protocols, and Ports
| Document revision: | 1.1 (February 11, 2008, 4:14 GMT) |
| Applies to: | V3.0 |
General Information
Summary
This document lists protocols and ports used by various MikroTik RouterOS services. It helps you to determine why your MikroTik router listens to certain ports, and what you need to block/allow in case you want to prevent or grant access to the certain services. Please see the relevant sections of the Manual for more explanations.
Submenu level: /ip serviceModifying Service Settings
Submenu level: /ip serviceProperty Description
address (IP address/netmask; default: 0.0.0.0/0) - IP address(-es) from which the service is accessiblecertificate (namenone; default: none) - the name of the certificate used by particular service (absent for the services that do not need certificates)name - service nameport (integer: 1..65535) - the port particular service listens onExample
To set www service to use 8081 port accesible from the 10.10.10.0/24 network:
[admin@MikroTik] ip service> print Flags: X - disabled, I - invalid # NAME PORT ADDRESS CERTIFICATE 0 telnet 23 0.0.0.0/0 1 ftp 21 0.0.0.0/0 2 www 80 0.0.0.0/0 3 ssh 22 0.0.0.0/0 4 www-ssl 443 0.0.0.0/0 none [admin@MikroTik] ip service> set www port=8081 address=10.10.10.0/24 [admin@MikroTik] ip service> print Flags: X - disabled, I - invalid # NAME PORT ADDRESS CERTIFICATE 0 telnet 23 0.0.0.0/0 1 ftp 21 0.0.0.0/0 2 www 8081 10.10.10.0/24 3 ssh 22 0.0.0.0/0 4 www-ssl 443 0.0.0.0/0 none [admin@MikroTik] ip service>
List of Services
Description
Below is the list of protocols and ports used by MikoTik RouterOS services. Some services require additional package to be installed, as well as to be enabled by administrator, exempli gratia bandwidth server.
| Port/Protocol | Description |
| 20/tcp | File Transfer Protocol FTP [Data Connection] |
| 21/tcp | File Transfer Protocol FTP [Control Connection] |
| 22/tcp | Secure Shell SSH remote Login Protocol (Only with security package) |
| 23/tcp | Telnet protocol |
| 53/tcp | Domain Name Server DNS |
| 53/udp | Domain Name Server DNS |
| 67/udp | Bootstrap Protocol or DHCP Server (only with dhcp package) |
| 68/udp | Bootstrap Protocol or DHCP Client (only with dhcp package) |
| 80/tcp | World Wide Web HTTP |
| 123/udp | Network Time Protocol NTP (Only with ntp package) |
| 161/udp | Simple Network Menagment Protocol SNMP (Only with snmp package) |
| 443/tcp | Secure Socket Layer SSL encrypted HTTP(Only with hotspot package) |
| 500/udp | Internet Key Exchange IKE protocol (Only with ipsec package) |
| 520/udp | Routing Information Protocol RIP (Only with routing package) |
| 521/udp | Routing Information Protocol RIP (Only with routing package) |
| 179/tcp | Border Gateway Protocol BGP (Only with routing package) |
| 1080/tcp | SOCKS proxy protocol |
| 1701/udp | Layer 2 Tunnel Protocol L2TP (Only with ppp package) |
| 1718/udp | H.323 Gatekeeper Discovery (Only with telephony package) |
| 1719/tcp | H.323 Gatekeeper RAS (Only with telephony package) |
| 1720/tcp | H.323 Call Setup (Only with telephony package) |
| 1723/tcp | Point-to-Point Tuneling Protocol PPTP (Only with ppp package) |
| 1731/tcp | H.323 Audio Call Control (Only with telephony package) |
| 1900/udp | Universal Plug and Play uPnP |
| 2828/tcp | Universal Plug and Play uPnP |
| 2000/tcp | Bandwidth-test server |
| 3986/tcp | Proxy for winbox |
| 3987/tcp | SSL proxy for secure winbox (Only with security package) |
| 5678/udp | MikroTik Neighbor Discovery Protocol |
| 8080/tcp | HTTP Web proxy (Only with web-proxy package) |
| 8291/tcp | Winbox |
| 20561/udp | MAC winbox |
| 5000+/udp | H.323 RTP Audio Streem (Only with telephony package) |
| /1 | ICMP - Internet Control Message Protocol |
| /4 | IP - IP in IP (encapsulation) |
| /47 | GRE - General Routing Encapsulation (Only for PPTP and EoIP) |
| /50 | ESP - Encapsulating Security Payload for IPv4 (Only with security package) |
| /51 | AH - Authentication Header for IPv4 (Only with security package) |
| /89 | OSPFIGP - OSPF Interior Gateway Protocol |
| /112 | VRRP - Virtual Router Redundancy Protocol |