access webbox fm outside network/ internet

hao · June 4, 2010, 9:40am

Hello

How can I access webbox from outside network/ internet?

config Mikrotik as router with hotspot with x86 ver3.30 even fail tried with RB750 v3.29 too
its running default config setup/ installation for hotspot service
and its hotspot running well, user used login page before using internet

from same subnet/ in local network access
-to router via winbox by IPgateway/local(192.168.0.1)/ MAC(ether2_lan/ether1_wan) is working
-webbox, user can be access on browser by url IP public/ http://125.175.73.66/
its mean has IP public(on ether1_wan) so I can remote via winbox
-user typing on browser http://192.168.0.1/ will redirect to login page
if user donot login they will be redirect to loginpage

from outside network/ internet access to router
-to router, via winbox to ip public(ip: 125.175.73.66)...working
[u]-WEBBOX, that I can not access http://125.175.73.66/[/u]

so how can I access my webbox from internet
also I can not access ftp://ip_public/ or ftp://125.175.73.66/

the only winbox can be access via its IP_public
++++++++++++++++++++++++++
here my config...
[mikrotik] > in pr
Flags: D - dynamic, X - disabled, R - running, S - slave

NAME TYPE MTU L2MTU

0 R ether1_wan ether 1500
1 R ether2_lan ether 1500

[mikrotik] > ip add pr
Flags: X - disabled, I - invalid, D - dynamic

ADDRESS NETWORK BROADCAST INTERFACE

0 ;;; hotspot network
192.168.0.1/24 192.168.0.0 192.168.0.255 ether2_lan
1 D 125.175.73.66/24 125.175.73.0 125.175.73.255 ether1_wan

[mikrotik] > ip ro pr
Flags: X - disabled, A - active, D - dynamic, C - connect, S - static, r - rip, b - bgp, o - ospf, m - mme,
B - blackhole, U - unreachable, P - prohibit

DST-ADDRESS PREF-SRC GATEWAY-STATE GATEWAY DISTANCE INTERFACE

0 ADS 0.0.0.0/0 reachable 125.175.73.1 0 ether1_wan
1 ADC 125.175.73.0/24 125.175.73.223 0 ether1_wan
2 ADC 192.168.0.0/24 192.168.0.1 0 ether2_lan

[mikrotik] > ip dns pr
primary-dns: 202.73.99.4
secondary-dns: 61.247.0.4
allow-remote-requests: yes
max-udp-packet-size: 512
cache-size: 2048KiB
cache-max-ttl: 1w
cache-used: 496KiB

[mikrotik] /ip fi fil pr
Flags: X - disabled, I - invalid, D - dynamic
0 ;;; place hotspot rules here
chain=unused-hs-chain action=passthrough

[mikrotik] > ip fi nat pr
Flags: X - disabled, I - invalid, D - dynamic
0 X ;;; place hotspot rules here
chain=unused-hs-chain action=passthrough

1 ;;; masquerade hotspot network
chain=srcnat action=masquerade src-address=192.168.0.0/24

2 chain=dstnat action=redirect to-ports=8080 protocol=tcp in-interface=ether2_lan dst-port=80

[mikrotik] > ip ser pr
Flags: X - disabled, I - invalid

NAME PORT ADDRESS CERTIFICATE

0 telnet 23 0.0.0.0/0
1 ftp 21 0.0.0.0/0
2 www 80 0.0.0.0/0
3 ssh 22 0.0.0.0/0
4 X www-ssl 443 0.0.0.0/0 none
5 X api 8728 0.0.0.0/0
6 winbox 8291 0.0.0.0/0

[mikrotik] /ip proxy> pr
enabled: yes
src-address: 0.0.0.0
port: 8080
parent-proxy: 0.0.0.0
parent-proxy-port: 0
cache-administrator: "error"
max-cache-size: unlimited
cache-on-disk: yes
max-client-connections: 600
max-server-connections: 600
max-fresh-time: 43w2d
serialize-connections: no
always-from-cache: yes
cache-hit-dscp: 4
cache-drive: secondary-master

[mikrotik] /ip hotspot act pr
Flags: R - radius, B - blocked

USER ADDRESS UPTIME SESSION-TIME-LEFT IDLE-TIMEOUT

0 andi1 192.168.0.26 20h48m17s

[mikrotik] /ip hotspot> host pr
Flags: S - static, H - DHCP, D - dynamic, A - authorized, P - bypassed

MAC-ADDRESS ADDRESS TO-ADDRESS SERVER IDLE-TIMEOUT

0 D 00:0C:42:3C:EE:FF 192.168.0.12 192.168.0.12 hotspot1 15m
1 DA 00:19:E0:6D:AA:CC 192.168.0.14 192.168.0.26 hotspot1
[mikrotik] /ip hotspot> servi pr
Flags: X - disabled

NAME PORTS

0 ftp 21
++++++++++++++++++++++++++

ping from outside/ internet to router...is works ok

C:\Documents and Settings\lama>ping barukeren.changeip.org

Pinging barukeren.changeip.org [125.175.73.66] with 32 bytes of data:

Reply from 125.175.73.66: bytes=32 time=19ms TTL=57
Reply from 125.175.73.66: bytes=32 time=17ms TTL=57
Reply from 125.175.73.66: bytes=32 time=17ms TTL=57
Reply from 125.175.73.66: bytes=32 time=16ms TTL=57

Ping statistics for 125.175.73.66:
Packets: Sent = 4, Received = 4, Lost = 0 (0% loss),
Approximate round trip times in milli-seconds:
Minimum = 16ms, Maximum = 19ms, Average = 17ms

or

C:\Documents and Settings\lama>ping 125.175.73.66

Pinging 125.175.73.66 with 32 bytes of data:

Reply from 125.175.73.66: bytes=32 time=18ms TTL=57
Reply from 125.175.73.66: bytes=32 time=17ms TTL=57
Reply from 125.175.73.66: bytes=32 time=17ms TTL=57
Reply from 125.175.73.66: bytes=32 time=16ms TTL=57

Ping statistics for 125.175.73.66:
Packets: Sent = 4, Received = 4, Lost = 0 (0% loss),
Approximate round trip times in milli-seconds:
Minimum = 16ms, Maximum = 18ms, Average = 17ms
++++++++++++++++++++++++++

any think to help please?

Thank you

SurferTim · June 4, 2010, 9:51am

Since your ip is showing dynamic, and if winbox works and webbox doesn’t, I will guess your ISP has port 80 blocked. My ISP allows port 80 only for commercial accounts. I would try using another port besides 80 for http and see if that works.

hao · June 4, 2010, 9:55am

I had changed
[mikrotik] > ip ser pr
Flags: X - disabled, I - invalid

NAME PORT ADDRESS CERTIFICATE

0 telnet 23 0.0.0.0/0
1 ftp 21 0.0.0.0/0
2 www 88 0.0.0.0/0
3 ssh 22 0.0.0.0/0
4 X www-ssl 443 0.0.0.0/0 none
5 X api 8728 0.0.0.0/0
6 winbox 8291 0.0.0.0/0

thus I will call http://125.175.73.66:88/ buts its not working!

any help?

SurferTim · June 4, 2010, 9:58am

I would try one of the higher ports, like 8088. Reboot the router to insure the change takes effect.

ADD: Try webbox from the localnet address to insure the 8088 port is working ok before trying it from the internet.

hao · June 4, 2010, 10:26am

Thank you for the advice..... I will trying..... but 88 is not working for the webbox

I am not sure if the my ISP blocking port 80 nor 21

does a change in www port other than 80, ie port 808 or 8088 as www services, effect to mikrotik hotspot login service ??? as its hotspot login page used port 80 too

[mikrotik] > ip ser pr
Flags: X - disabled, I - invalid

NAME PORT ADDRESS CERTIFICATE

0 telnet 23 0.0.0.0/0
1 ftp 21 0.0.0.0/0
2 www 80 0.0.0.0/0
3 ssh 22 0.0.0.0/0
4 X www-ssl 443 0.0.0.0/0 none
5 X api 8728 0.0.0.0/0
6 winbox 8291 0.0.0.0/0

thank you very much

SurferTim · June 4, 2010, 10:35am

This will tell you what is blocked. If it is open on your firewall, but shows blocked or stealthed on the ShieldsUp check, then your ISP is the challenge.
https://www.grc.com/x/ne.dll?bh0bkyd2

hao · June 4, 2010, 11:59am

hello…

by changing its www 8088 0.0.0.0/0 dan reboot its work!
that mean my ISP blocking port 80! and 21 too!

but its shows
“Traffic and system resource graphing” only no interface

I could NOT see interfaces

what wrong with it?

note: its understand should read something like
Traffic and system resource graphically, they have 2interfaces
You have access to 2 interfaces:
ether1_wan and ether2_lan

normis · June 4, 2010, 12:02pm

you have not enabled graphing, that’s why no interfaces

hao · June 4, 2010, 12:29pm

YES… finally its works!

BRAVO to Normis n SurferTim!