Winbox, the MikroTik RouterOS management application, uses a proprietary link-layer protocol to discover and connect to RouterOS appliances. It’s useful when you have a router with a bad/unknown network configuration.
Let’s see how we can use it on Linux and WINE.
Winbox and WINE
Winbox is a self-contained executable with little to no dependencies, and it can be executed using
wine without additional configuration:
However, given that it was not built to run in a Linux environment, the link-layer auto-discovery and (MAC-)Telnet may not work as expected. This is especially true if you have multiple network interfaces (Wi-Fi, Ethernet, maybe some virtual NIC, VPNs, etc.).
A simple solution is to shut down all interfaces except
lo and the “target” interface (e.g., wired ethernet), add an IPv4 address and a default route path via that interface (even via a non-existing router). However, there may be better options, especially if you need external connectivity on your PC.
Linux network namespaces may help!
Linux Network Namespaces
Linux network namespaces are virtual network stacks within the kernel. They isolate network-related resources, such as network interfaces, IP addresses, firewall rules, and routing tables, so they can be used independently by different network namespaces. Each namespace will have its isolated network configuration.
Network namespaces are useful for virtualization, containerization, and other network-related tasks requiring network resource isolation. They are heavily used in Docker and related technologies.
You can execute applications in a network stack via
ip netns. Once an application runs in a namespace, it sees only NICs in its namespace.
Also, networks can be assigned/moved to a network namespace. However, suppose we assign the physical network interface to a namespace. In that case, we will lose it from the main namespace (e.g., your Firefox will only be able to use it if executed in the same namespace).
So, we will execute Winbox in a dedicated namespace with a
macvlan NIC, so we can avoid messing with our network configuration and keep all current NICs up and running.
macvlan in Linux
macvlan is a type of virtual network interface in Linux. It provides the ability to create virtual network interfaces (with their own MAC address) that shares the same physical network interface.
We can create
macvlan interfaces for any physical network interface and assign each virtual interface to a different namespace. In this way, a physical NIC is shared between different namespaces (each has its own MAC and, optionally, its IPv4, IPv6, etc.).
I built a script around these commands. For simplicity, I’m explaining them step-by-step (the script stuff has been removed).
# First, create a new macvlan link using the physical link eth0
sudo -E ip link add link eth0 winbox0 type macvlan
# Create a new namespace:
sudo -E ip netns add winbox
# Assign the winbox0 interface to the winbox net namespace
sudo -E ip link set winbox0 netns winbox
# Bring the interface UP
sudo -E ip -n winbox link set up dev winbox0
# Add a default route to the directly attached interface
# This step is needed to allow winbox to send broadcast messages
# for auto-discovery and MAC-Telnet features
sudo -E ip -n winbox route add default dev winbox0
Now the namespace is ready. Execute this command to launch Winbox (see below for an explanation):
sudo -E ip netns exec winbox sudo -E -u \#$(id -u) -g \#$(id -g) wine winbox.exe
sudo -Ewill pass env variables around
ip netnscan be executed only by
sudo -Eis used again after
exec winboxto drop privileges to the current user (using
This setup allows Winbox to discover other routers and use the MAC-Telnet feature to connect to them. However, it does not make IP connections possible. If you want to enable them, you need to add an IP address to the
winbox0 interface in the
winbox namespace, either statically:
sudo ip -n winbox addr add 192.168.88.10/24 dev winbox0
sudo ip netns exec winbox dhclient -v winbox0