Accessing Mikrotik devices

Joseph79 · Fri Apr 10, 2015 1:46 am

Hi there
Does anyone know how to access through winbox all mikrotik devices BEHIND the mikrotik router I can access it after an interface on the routerboard I have a RB2011 with wireless devices attached to it but I can only access the RB2011 itself although its sees the the rest of MT devices in neighbours and do a mac-telnet but I want to be able to access the whole network as such. Id like to access it by my wifi version of RB2011 and via VPN.

Any help is appreciated.

J

Joseph79 · Fri Apr 10, 2015 4:46 pm

anyone??

Fri Apr 10, 2015 5:35 pm

Map the ports if there is a nat used and use that ports when connecting by winbox from outside.

gotsprings · Fri Apr 10, 2015 7:14 pm

Simple portforwards in
/ip firewall nat

Forward ports to 8091 at each device.

CsXen · Fri Apr 10, 2015 9:27 pm

Hi.

For each MT Router you must choose an external port (like 8292, 8293, etc...) In the main router, simply forward these ports to the inner routers IP address, to TCP/8291 port (winbox service port).

Regards: Xen

Joseph79 · Sat Apr 11, 2015 3:41 am

Hi.

For each MT Router you must choose an external port (like 8292, 8293, etc...) In the main router, simply forward these ports to the inner routers IP address, to TCP/8291 port (winbox service port).

Regards: Xen

so locally and remotely to access all mikrotik devices from a main mikrotik router i have to map ports on each device or just from the main router itself.
Its knowing how to do this properly so when i go into winbox i can choose a device at will. do i have to go in and configure all the ports of each wireless device and port forward on main router seems a lot to do as i have 20 odd in network.

Sat Apr 11, 2015 4:34 am

You could always use a site-specific private IP address range for management, and route that network to the Mikrotik but perform no NAT translation on that prefix. You could use a filter rule to limit access based on certain trusted sources like your NOC or your home router....

So router above Mikrotik sends 10.1.1.0/24 --> mikrotik's public IP.
Mikrotik adds 10.1.1.1/24 as secondary address to LAN (bypass the range from any hotspot you may be using)
Mikrotik makes sure not to do masquerade/src-nat on 10.1.1.0/24
Mikrotik puts forward rule -> out-interface=lan, dst-address=10.1.1.0/24, src-address-list=!management_access action=drop

Even better would be to do this, but use a tagged vlan for the customer lan, and untagged = management vlan.
That way, you don't have hotspot to worry about on the management network, and no customer could just assign a management IP to their device, etc.

troffasky · Sat Apr 11, 2015 12:07 pm

access it by my wifi version of RB2011 and via VPN.

Not sure what the first bit means, but if you have a VPN to the site where all the kit is located, surely you just access it by its IP address? If you've done the work of getting a VPN working then you don't need to use port forwards.

CsXen · Fri May 01, 2015 11:41 pm

Hi.

do i have to go in and configure all the ports of each wireless device and port forward on main router seems a lot to do as i have 20 odd in network.

No. You should confgure only the main router to properly portforward incoming connections to exact routers.
(for example: 8292 to 10.0.0.2/8291, 8293 to 10.0.0.3/8291, etc... if you are on 10.0.0.0/24)

If you manage this size of network, why don't you use Dude ?

Regards: Xen

IntrusDave · Sat May 02, 2015 7:12 am

I do believe this is exactly what the new RoMon is for. You connect to the first via RoMon, then all the routers that the first unit can see are now accessible.

Accessing Mikrotik devices

Accessing Mikrotik devices

Re: Accessing Mikrotik devices

Re: Accessing Mikrotik devices

Re: Accessing Mikrotik devices

Re: Accessing Mikrotik devices

Re: Accessing Mikrotik devices

Re: Accessing Mikrotik devices

Re: Accessing Mikrotik devices

Re: Accessing Mikrotik devices

Who is online