Remote access from the Internet (WAN side)
If you installed RouterOS just now, and don't know where to start - ask here!

15 posts   •   Page 1 of 1
Cue
newbie
 
Posts: 38
Joined: Thu Jun 14, 2007 3:23 am

Remote access from the Internet (WAN side)

by Cue » Fri Mar 23, 2012 6:42 am

However I look I just cant seem to figure out how to enable remote access on my RG750G
I would like to open it so I can access remotely via Winbox.

If anyone could give me some pointers preferably in Winbox I would be grateful.

vik1988
Member Candidate
Member Candidate
 
Posts: 220
Joined: Sun Oct 25, 2009 3:18 pm
Location: India

Re: Remote access from the Internet (WAN side)

by vik1988 » Fri Mar 23, 2012 7:25 am

Cue wrote:However I look I just cant seem to figure out how to enable remote access on my RG750G
I would like to open it so I can access remotely via Winbox.

If anyone could give me some pointers preferably in Winbox I would be grateful.


What do you mean by Remote access. ?? Remote Desktop ??
Vikas Kumar Gupta
If you Like my post then add KARMA
skype- kumarvikas_gupta

Cue
newbie
 
Posts: 38
Joined: Thu Jun 14, 2007 3:23 am

Re: Remote access from the Internet (WAN side)

by Cue » Fri Mar 23, 2012 7:33 am

No, remote access to the RB750 with Winbox.

(to remotely control the router with Winbox).

User avatar
scampbell
Member Candidate
Member Candidate
 
Posts: 203
Joined: Thu Jun 22, 2006 5:20 am
Location: Wellington, NZ

Re: Remote access from the Internet (WAN side)

by scampbell » Fri Mar 23, 2012 7:42 am

create an Input rule to allow Port 8291 from the internet.

/ip firewall filter add action=accept chain=input disabled=no dst-port=8291 protocol=tcp

be sure to place it above any rules dropping Input.

I would also consider specifying which hosts can connect rather than leaving it wide open.

vik1988
Member Candidate
Member Candidate
 
Posts: 220
Joined: Sun Oct 25, 2009 3:18 pm
Location: India

Re: Remote access from the Internet (WAN side)

by vik1988 » Fri Mar 23, 2012 9:22 am

Cue wrote:No, remote access to the RB750 with Winbox.

(to remotely control the router with Winbox).


If you have a Live IP then just configuire that on ur WAN Interface otherwise if you are using some DSL connection then contact ur ISP to configure Port address translation on DSL modem.
Vikas Kumar Gupta
If you Like my post then add KARMA
skype- kumarvikas_gupta

Cue
newbie
 
Posts: 38
Joined: Thu Jun 14, 2007 3:23 am

Re: Remote access from the Internet (WAN side)

by Cue » Fri Mar 23, 2012 2:13 pm

scampbell wrote:create an Input rule to allow Port 8291 from the internet.

/ip firewall filter add action=accept chain=input disabled=no dst-port=8291 protocol=tcp

be sure to place it above any rules dropping Input.

I would also consider specifying which hosts can connect rather than leaving it wide open.

Thank you, this works if I disable the drop rule in filter, but I belive its not a good idea to do that. How do I move this nat rule above the filter rule to drop?

Cue
newbie
 
Posts: 38
Joined: Thu Jun 14, 2007 3:23 am

Re: Remote access from the Internet (WAN side)

by Cue » Fri Mar 23, 2012 2:17 pm

vik1988 wrote:
Cue wrote:No, remote access to the RB750 with Winbox.

(to remotely control the router with Winbox).


If you have a Live IP then just configuire that on ur WAN Interface otherwise if you are using some DSL connection then contact ur ISP to configure Port address translation on DSL modem.

Yes the Mikrotik is connected to brodband internet (optical), im useing the Mikrotik as the primary router.

If you have a Live IP then just configuire that on ur WAN Interface

That was my question, how do I do that

vik1988
Member Candidate
Member Candidate
 
Posts: 220
Joined: Sun Oct 25, 2009 3:18 pm
Location: India

Re: Remote access from the Internet (WAN side)

by vik1988 » Fri Mar 23, 2012 2:32 pm

Cue wrote:
scampbell wrote:create an Input rule to allow Port 8291 from the internet.

/ip firewall filter add action=accept chain=input disabled=no dst-port=8291 protocol=tcp

be sure to place it above any rules dropping Input.

I would also consider specifying which hosts can connect rather than leaving it wide open.

Thank you, this works if I disable the drop rule in filter, but I belive its not a good idea to do that. How do I move this nat rule above the filter rule to drop?


just drag that rule to top of the list...
Vikas Kumar Gupta
If you Like my post then add KARMA
skype- kumarvikas_gupta

vik1988
Member Candidate
Member Candidate
 
Posts: 220
Joined: Sun Oct 25, 2009 3:18 pm
Location: India

Re: Remote access from the Internet (WAN side)

by vik1988 » Fri Mar 23, 2012 2:34 pm

Cue wrote:
vik1988 wrote:
Cue wrote:No, remote access to the RB750 with Winbox.

(to remotely control the router with Winbox).


If you have a Live IP then just configuire that on ur WAN Interface otherwise if you are using some DSL connection then contact ur ISP to configure Port address translation on DSL modem.

Yes the Mikrotik is connected to brodband internet (optical), im useing the Mikrotik as the primary router.

If you have a Live IP then just configuire that on ur WAN Interface

That was my question, how do I do that


are u using some PPPOE interface for WAN ??
Vikas Kumar Gupta
If you Like my post then add KARMA
skype- kumarvikas_gupta

User avatar
scampbell
Member Candidate
Member Candidate
 
Posts: 203
Joined: Thu Jun 22, 2006 5:20 am
Location: Wellington, NZ

Remote access from the Internet (WAN side)

by scampbell » Fri Mar 23, 2012 5:07 pm

Cue wrote:
scampbell wrote:create an Input rule to allow Port 8291 from the internet.

/ip firewall filter add action=accept chain=input disabled=no dst-port=8291 protocol=tcp

be sure to place it above any rules dropping Input.

I would also consider specifying which hosts can connect rather than leaving it wide open.

Thank you, this works if I disable the drop rule in filter, but I belive its not a good idea to do that. How do I move this nat rule above the filter rule to drop?


In Winbox you can simply drag the rule with your mouse to a position above the other rules :-)
___________________
Karma - a way to say thanks to those who help :-)

Cue
newbie
 
Posts: 38
Joined: Thu Jun 14, 2007 3:23 am

Re: Remote access from the Internet (WAN side)

by Cue » Sat Mar 24, 2012 2:00 am

Nat and Filter rules are not in the same category, I cannot drag from NAT to Filter rules.

DynStatic
Frequent Visitor
Frequent Visitor
 
Posts: 82
Joined: Thu Feb 18, 2010 4:11 am

Remote access from the Internet (WAN side)

by DynStatic » Sat Mar 24, 2012 4:47 am

Cue,

I think the confusion is everyone is assuming your drop rule is in filter not nat, as that is typically where it would be.

Perhaps if you provide the rules we can clear up the confusion.

Paste the out put of these commands into a reply.
In terminal window:
/ip firewall filter export
/ip firewall nat export

Cue
newbie
 
Posts: 38
Joined: Thu Jun 14, 2007 3:23 am

Re: Remote access from the Internet (WAN side)

by Cue » Sat Mar 24, 2012 5:29 am

I just have the default rules.

I ran this command.
Code: Select all
/ip firewall filter add action=accept chain=input disabled=no dst-port=8291 protocol=tcp

That created a NAT srcnat using port 8291 TCP, nothing in "filter rules".

User avatar
perspetolis
Member Candidate
Member Candidate
 
Posts: 103
Joined: Tue Aug 02, 2011 9:08 pm
Location: Tehran

Re: Remote access from the Internet (WAN side)

by perspetolis » Sat Mar 24, 2012 10:00 am

hi
you can enable or disable winbox port from ip/service.
---------------------------------------------------
Mohsen Farahani
MTCNA-MTCWE-MTCTCE
http://www.ipsolution.ir

vik1988
Member Candidate
Member Candidate
 
Posts: 220
Joined: Sun Oct 25, 2009 3:18 pm
Location: India

Re: Remote access from the Internet (WAN side)

by vik1988 » Sat Mar 24, 2012 10:15 am

Cue wrote:I just have the default rules.

I ran this command.
Code: Select all
/ip firewall filter add action=accept chain=input disabled=no dst-port=8291 protocol=tcp

That created a NAT srcnat using port 8291 TCP, nothing in "filter rules".


Use this command...
Code: Select all
/ip firewall filter add action=accept chain=input disabled=no dst-port=8291 protocol=tcp place-before=0
Vikas Kumar Gupta
If you Like my post then add KARMA
skype- kumarvikas_gupta

15 posts   •   Page 1 of 1

Who is online

Users browsing this forum: Yahoo [Bot] and 22 guests

It is currently Thu Dec 18, 2014 6:21 pm