Winbox on WINE: network namespaces for MAC-Telnet
Winbox, the MikroTik RouterOS management application, uses a proprietary link-layer protocol to discover and connect to RouterOS appliances. It’s useful when you have a router with a bad/unknown network configuration.
Let’s see how we can use it on Linux and WINE.
Winbox and WINE
Winbox is a self-contained executable with little to no dependencies, and it can be executed using wine
without additional configuration:
$ wine winbox.exe
However, given that it was not built to run in a Linux environment, the link-layer auto-discovery and (MAC-)Telnet may not work as expected. This is especially true if you have multiple network interfaces (Wi-Fi, Ethernet, maybe some virtual NIC, VPNs, etc.).
A simple solution is to shut down all interfaces except lo
and the “target” interface (e.g., wired ethernet), add an IPv4 address and a default route path via that interface (even via a non-existing router). However, there may be better options, especially if you need external connectivity on your PC.
Linux network namespaces may help!
Linux Network Namespaces
Linux network namespaces are virtual network stacks within the kernel. They isolate network-related resources, such as network interfaces, IP addresses, firewall rules, and routing tables, so they can be used independently by different network namespaces. Each namespace will have its isolated network configuration.
Network namespaces are useful for virtualization, containerization, and other network-related tasks requiring network resource isolation. They are heavily used in Docker and related technologies.
You can execute applications in a network stack via ip netns
. Once an application runs in a namespace, it sees only NICs in its namespace.
Also, networks can be assigned/moved to a network namespace. However, suppose we assign the physical network interface to a namespace. In that case, we will lose it from the main namespace (e.g., your Firefox will only be able to use it if executed in the same namespace).
So, we will execute Winbox in a dedicated namespace with a macvlan
NIC, so we can avoid messing with our network configuration and keep all current NICs up and running.
macvlan
in Linux
macvlan
is a type of virtual network interface in Linux. It provides the ability to create virtual network interfaces (with their own MAC address) that shares the same physical network interface.
We can create macvlan
interfaces for any physical network interface and assign each virtual interface to a different namespace. In this way, a physical NIC is shared between different namespaces (each has its own MAC and, optionally, its IPv4, IPv6, etc.).
Winbox and netns
I built a script around these commands. For simplicity, I’m explaining them step-by-step (the script stuff has been removed).
# First, create a new macvlan link using the physical link eth0
sudo -E ip link add link eth0 winbox0 type macvlan
# Create a new namespace:
sudo -E ip netns add winbox
# Assign the winbox0 interface to the winbox net namespace
sudo -E ip link set winbox0 netns winbox
# Bring the interface UP
sudo -E ip -n winbox link set up dev winbox0
# Add a default route to the directly attached interface
# This step is needed to allow winbox to send broadcast messages
# for auto-discovery and MAC-Telnet features
# 2024-01-07 update: read the notice at the
# end of the post
sudo -E ip -n winbox route add default dev winbox0
Now the namespace is ready. Execute this command to launch Winbox (see below for an explanation):
sudo -E ip netns exec winbox sudo -E -u \#$(id -u) -g \#$(id -g) wine winbox.exe
Rationale:
sudo -E
will pass env variables aroundip netns
can be executed only byroot
, sosudo -E
is used again afterexec winbox
to drop privileges to the current user (using-u
and-g
flags)
This setup allows Winbox to discover other routers and use the MAC-Telnet feature to connect to them. However, it does not make IP connections possible. If you want to enable them, you need to add an IP address to the winbox0
interface in the winbox
namespace, either statically:
sudo ip -n winbox addr add 192.168.88.10/24 dev winbox0
or dynamically:
sudo ip netns exec winbox dhclient -v winbox0
2024-01-07 update: after some updates (Winbox? Debian?), Winbox started crashing. Upon further investigation, I discovered that the reason is the default route. It seems that Winbox is not accepting a default route that points to a NIC anymore. It is easy fixed by specifying a (dummy) router:
sudo -E ip -n winbox route add default via 192.168.88.1