Can't scan Mikrotik router on Winbox (in NixOS), but it success detect & connect from Windows 10 VM

Anifyuli · July 31, 2024, 3:16pm

Hello anyone.
I have some problems with Winbox on NixOS. I install it using NixOS options like this :

  # Winbox setup.
  programs.winbox = {
    enable = true;
    openFirewall = true;
    package = pkgs.winbox;
  };
}

But I always failed to detect and connect it. But in other side, I can detect and connect it from Windows 10 on VirtualBox VM. I still confused what this be happen. I open Winbox and try to check used port with sudo netstat -tulpn and Winbox not appeared in there. How to fix it? I tried it two weeks ago (I guess) I can connect my routerOS on VM. I create issue Nixpkgs GitHub repo too. I ask on r/NixOS subreddit but my post no anyone answer it too
You can see in my screenshot.

This is Winbox from Nixpkgs

This is Winbox on Windows 10 VM

Thanks for your help. Sorry my English

mightyiam · July 31, 2024, 3:27pm

The implementation for this package is trivial. It merely adds some package to your system environment (not a service, to be clear) and optionally opens a port in the firewall.

I am not familiar with this program so I read its description here and am confused as to what you expect to connect to what exactly.

Requiem33 · July 31, 2024, 11:43pm

WinBox uses multicast to find other Mikrotik devices on the network. This is blocked by the NixOS default Firewall rules. You should be able to connect directly to other Mikrotik devices using their IP address.

If you want to enable the neighbor scanning you will have to open up the ports necessary in the firewall or disable the firewall.

Anifyuli · August 1, 2024, 12:42am

I not enable firewall on my system. You ca check my configs in here

Requiem33 · August 1, 2024, 11:28am

In your network.nix you do have the firewall enabled and you have entries to allow ports.

You can run a simple test by commenting out your existing entry and adding:

networking.firewall.enable = false;

Then ‘nixos-rebuild test’ and run winbox to see if you can see the neighbor devices.

Anifyuli · August 1, 2024, 12:00pm

Ok, I will try it. I will inform you again

Anifyuli · August 1, 2024, 12:05pm

Sometime my router can detected, but it always fail to connect

Requiem33 · August 1, 2024, 12:20pm

Now you’re trying to connect using the MAC address. Can you see the neighbor devices? A reboot may be necessary to fully unload the firewall. You’ll have to do a ‘nixos-rebuild boot’ and then reboot and have a clean ‘no firewall’ system.

Can you connect to your devices via IP? That should be working. I’m running Winbox on my workstation. The only difference I can see is that I installed the Wine packages and not the nix package for winbox.

I have not tried to do the low level MAC connection from Winbox running via Wine from any Linux system. Not sure if that will even work via Wine or not.

Anifyuli · August 3, 2024, 4:27am

Sorry Mister. I will update this issue again after full update my system. My Anytype is broken because it failed to get it AppImage

Anifyuli · August 6, 2024, 2:40pm

#solved
This is my last firewall configs, and it can run Winbox smoothly for now. Like this :

  # Firewall 
  networking.firewall = {
    allowedTCPPorts = [ 80 443 ];
    allowedUDPPortRanges = [
      {
        from = 40000;
        to = 50000;
      }
    ];
  };

I add UDP port range from 40k to 50k because wine-server run this ports, and Winbox need it for connecting to Mikrotik router. I get this problem roots after disable firewall and check listened port (in this condition Winbox successfully connected to router) and I get this :

Because its dynamic port (not static port), so I decide to define port range from 40k to 50k. Thanks for help me and sorry I late to solve this problem.

bwolf · August 13, 2025, 10:12pm

I just want to add (I know this an old topic) that as of 2025-08-14 it is no longer rquired to open the port range manually. Setting the following is enough:

programs.winbox = {
  enable = true;
  openFirewall = true;
};