Acces router from the web

fredld · February 11, 2013, 4:55pm

Hello,

I am trying to acces to the router from the web.
I forward in my modem the port 80 to the router IP.
unfortunately I am not able to browse the web interface.
Nothing happens, no replay no error … I torch in the router the interface ip and port and I have seen my external web IP using to reach my router. There was no packet to answer.

Is there a rule to anwser for this king of request ? My parameter is basic no special change.

Thank you very much for your help or idea.

PS : I test on an other router/pc and I can acces but nothing for my mikrotik.

cbrown · February 12, 2013, 12:34pm

Post /export compact

My guess is the default firewall is blocking it.

fredld · February 12, 2013, 12:55pm

Hello,

here my configuration export :

[admin@MikroTik] /ip firewall> export
# jan/02/1970 06:31:37 by RouterOS 5.16
# software id = Z1MQ-KUJ5
#
/ip firewall connection tracking
set enabled=yes generic-timeout=10m icmp-timeout=10s tcp-close-timeout=10s \
    tcp-close-wait-timeout=10s tcp-established-timeout=1d \
    tcp-fin-wait-timeout=10s tcp-last-ack-timeout=10s \
    tcp-syn-received-timeout=5s tcp-syn-sent-timeout=5s tcp-syncookie=no \
    tcp-time-wait-timeout=10s udp-stream-timeout=3m udp-timeout=10s
/ip firewall filter
add action=accept chain=input comment="default configuration" disabled=no \
    protocol=icmp
add action=accept chain=input comment="default configuration" \
    connection-state=established disabled=no
add action=accept chain=input comment="default configuration" \
    connection-state=related disabled=no
add action=drop chain=input comment="default configuration" disabled=yes \
    in-interface=ether1-gateway
/ip firewall nat
add action=masquerade chain=srcnat comment="default configuration" disabled=\
    no out-interface=ether1-gateway to-addresses=0.0.0.0
/ip firewall service-port
set ftp disabled=no ports=21
set tftp disabled=no ports=69
set irc disabled=no ports=6667
set h323 disabled=no
set sip disabled=no ports=5060,5061 sip-direct-media=yes
set pptp disabled=no

fredld · February 12, 2013, 4:35pm

Here I can see my connection request from the Web : (In Firewall/ connections)

not assured	unreplied
Src. Address		90.83.87.xxx:47826
Dst. Address		192.168.0.155:80
Reply Src. Address		192.168.0.155:80
Reply Dst. Address		90.83.87.xxx:47826
Protocol		6 (tcp)
Connection Type		 
Connection Mark		 
P2P		 
Timeout		00:00:13
TCP State		syn sent

But nothing has been sent to 90.83.87.xxx

Is there a rule to add ?

thank you for your help.

cbrown · February 13, 2013, 1:00pm

Post your entire /export compact not just /ip firewall

fredld · February 13, 2013, 2:56pm

Hello,

here /export compact

[admin@MikroTik] > export compact
# jan/02/1970 08:06:05 by RouterOS 5.16
# software id = Z1MQ-KUJ5
#
/interface bridge
add admin-mac=D4:CA:6D:67:3F:F7 auto-mac=no l2mtu=1598 name=bridge-local \
    protocol-mode=rstp
/interface wireless
set 0 band=2ghz-b/g/n channel-width=20/40mhz-ht-above disabled=no distance=\
    indoors ht-rxchains=0,1 ht-txchains=0,1 l2mtu=2290 mode=ap-bridge \
    wireless-protocol=any
/interface ethernet
set 0 name=ether1-gateway
set 1 name=ether2-master-local
set 2 master-port=ether2-master-local name=ether3-slave-local
set 3 master-port=ether2-master-local name=ether4-slave-local
set 4 master-port=ether2-master-local name=ether5-slave-local
/interface wireless security-profiles
set [ find default=yes ] authentication-types=wpa-psk,wpa2-psk mode=\
    dynamic-keys wpa-pre-shared-key=apollineledu8 wpa2-pre-shared-key=\
    apollinexxxx
/ip hotspot user profile
set [ find default=yes ] idle-timeout=none keepalive-timeout=2m
/ip pool
add name=default-dhcp ranges=192.168.88.10-192.168.88.254
/ip dhcp-server
add address-pool=default-dhcp interface=bridge-local name=default
/interface bridge port
add bridge=bridge-local interface=ether2-master-local
add bridge=bridge-local interface=wlan1
/interface sstp-server server
set default-profile=default-encryption enabled=yes
/ip address
add address=192.168.0.155/24 comment="default configuration" interface=wlan1
/ip dhcp-client
add comment="default configuration" disabled=no interface=ether1-gateway
/ip dhcp-server network
add address=192.168.88.0/24 comment="default configuration" dns-server=\
    192.168.88.1 gateway=192.168.88.1
/ip dns
set allow-remote-requests=yes
/ip dns static
add address=192.168.88.1 name=router
/ip firewall connection tracking
set tcp-syn-received-timeout=35s tcp-syn-sent-timeout=35s
/ip firewall filter
add chain=input comment="default configuration" protocol=icmp
add chain=input comment="default configuration" connection-state=established
add chain=input comment="default configuration" connection-state=related
add action=drop chain=input comment="default configuration" in-interface=\
    ether1-gateway
/ip firewall nat
add action=masquerade chain=srcnat comment="default configuration" \
    out-interface=ether1-gateway to-addresses=0.0.0.0
/ip firewall service-port
set pptp disabled=yes
/ip neighbor discovery
set ether1-gateway disabled=yes
set wlan1 disabled=yes
/system leds
set 0 interface=wlan1
/tool mac-server
add disabled=no interface=ether2-master-local
add disabled=no interface=ether3-slave-local
add disabled=no interface=ether4-slave-local
add disabled=no interface=ether5-slave-local
add disabled=no interface=wlan1
add disabled=no interface=bridge-local
/tool mac-server mac-winbox
set [ find default=yes ] disabled=yes
add interface=ether2-master-local
add interface=ether3-slave-local
add interface=ether4-slave-local
add interface=ether5-slave-local
add interface=wlan1
add interface=bridge-local
[admin@MikroTik] >
[admin@MikroTik] >

cbrown · February 14, 2013, 12:33pm

I glanced over your config and did not see anything that would be blocking access to the router from the WAN. Double check the settings on your modem.

fredld · February 14, 2013, 1:54pm

Thank you for your time and advice.