accessing wireless network from public intenrnet

illuder · August 14, 2010, 8:17pm

Hi

I need to access my wireless network from the public internet. I also want to connect the dude software from my laptop via pubic internet.

I have one linux based server.
ETH0 is connected to the public internet (IP 41.XXX.5.6X)
ETH1 is connected to my wireless network with an RB433 as the AP receiving all the info. (IP 10.0.1.254)

I can connect to ETH0 remotely.

How do I access my wireless network remotely?

sup5 · August 16, 2010, 6:29am

Just apply some port forwarding rules to make your dude accessible on eth-0.
Or set up a PPTP based VPN on eth-0.

illuder · August 16, 2010, 8:04am

hi
tx for the prompt response,

i am not too familiar with this process. Could you be as so kind to give me some guidelines?

the DUDE asks me for Server IP, port 2210, username and pwd…

sup5 · August 17, 2010, 6:33am

you need to setup masquerading (NAT) as well as a PPTP (VPN)-Server.
Please check Mikrotik’s Guidelines for these tasks.

I think that they explain it pretty well.

illuder · August 18, 2010, 4:10am

ok, i thought i’ll share my findings here:

the IP connect to me ETH1 on the server was 10.0.1.254

a mistake i made: the ip of the Routerboard is 10.0.1.253 !

So i amended the command line entered via SSH in my linux box. I forwarded the ETH0 (public IP) port 8291 to the IP of the routerboard.
The I entered the public IP into my server and voila! i am in winbox.!

so I forwarded the IP using this:

echo “1” > /proc/sys/net/ipv4/ip_forward
iptables -A PREROUTING -t nat -i eth0 -p tcp --dport 8291 -j DNAT --to 10.0.1.253:8291
iptables -A FORWARD -p tcp --dport 8291 -d 10.0.1.253 -j ACCEPT
iptables -A FORWARD -p tcp --sport 8291 -d 10.0.1.253 -j ACCEPT

echo “1” > /proc/sys/net/ipv4/ip_forward
iptables -A PREROUTING -t nat -i eth0 -p tcp --dport 2210 -j DNAT --to 10.0.1.253:2210
iptables -A FORWARD -p tcp --dport 2210 -d 10.0.1.253 -j ACCEPT
iptables -A FORWARD -p tcp --sport 2210 -d 10.0.1.253 -j ACCEPT

the 2210 port is for the DUDE.

I can successfully log into Winbox, but not through the DUDE. I am working on that…

If anyone can suggest to me why I’m not managing to log into the DUDE, please let me know.

illuder · August 21, 2010, 5:40am

Hi

I have a linux VOIP server in a Datacentre. It has 2 ETHernet ports.
ETH0= connects to the public internet (41.xxx.x.74)
ETH1= (10.0.1.254) Connects to Mikrotik RB433 (10.0.0.42/10.0.1.253) which links to a highsite (10.0.0.67) which in turn links to other CPEs (10.0.0.x)
Mikrotik Router links to a highsite which in turns links to other CPE’s (10.0.1.253)

In order to get access to that CPE’s (10.0.1.253) winbox from my internet at office/home, I forwarded port 8291 from ETH0 to ETH1 with these commands:

port forward to wireless
echo “1” > /proc/sys/net/ipv4/ip_forward
iptables -A PREROUTING -t nat -i eth0 -p tcp --dport 8291 -j DNAT --to 10.0.1.253:8291
iptables -A FORWARD -p tcp --dport 8291 -d 10.0.1.253 -j ACCEPT
iptables -A FORWARD -p tcp --sport 8291 -d 10.0.1.253 -j ACCEPT

echo “1” > /proc/sys/net/ipv4/ip_forward
iptables -A PREROUTING -t nat -i eth0 -p tcp --dport 2210 -j DNAT --to 10.0.1.253:2210
iptables -A FORWARD -p tcp --dport 2210 -d 10.0.1.253 -j ACCEPT
iptables -A FORWARD -p tcp --sport 2210 -d 10.0.1.253 -j ACCEPT

Now, if I enter in Winbox on my desktop the 41.xxx.x.74 address, and the CPE’s username and pwd, I can login to the winbox, no problem 

However, when I enter same in THE DUDE, it give me error
• No connection could be made because the target machine actively refuse

I need to access the DUDE from anywhere with internet so that I can control, monitor and adjust frequencies etc of ALL CPE’s on my network.

I must mention that in order for my VOIP incoming packets from the wireless to go to the VOIP server, I have entered the following routes below:
iptables -F
iptables -t nat -F
iptables -t mangle -F
iptables -X
iptables -A INPUT -i lo -j ACCEPT
iptables -A INPUT -m state --state ESTABLISHED,RELATED -j ACCEPT
iptables -A INPUT -m state --state NEW -i ! eth0 -j ACCEPT
iptables -A FORWARD -i eth1 -o eth0 -m state --state ESTABLISHED,RELATED -j ACCEPT
iptables -A FORWARD -i eth1 -o eth0 -j ACCEPT
iptables -t nat -A POSTROUTING -o eth0 -j MASQUERADE
iptables -A FORWARD -i eth0 -o eth1 -j ACCEPT
echo 1 > /proc/sys/net/ipv4/ip_forward

Hence, my iptables look like this:
[root@sip01 ~]# iptables -nvL
Chain INPUT (policy ACCEPT 16M packets, 1354M bytes)
pkts bytes target prot opt in out source destination
36M 4514M ACCEPT all – lo * 0.0.0.0/0 0.0.0.0/0
88M 6559M ACCEPT all – * * 0.0.0.0/0 0.0.0.0/0 state RELATED,ESTABLISHED
20117 1942K ACCEPT all – !eth0 * 0.0.0.0/0 0.0.0.0/0 state NEW

Chain FORWARD (policy ACCEPT 433K packets, 26M bytes)
pkts bytes target prot opt in out source destination
132K 28M ACCEPT all – eth1 eth0 0.0.0.0/0 0.0.0.0/0 state RELATED,ESTABLISHED
105K 6233K ACCEPT all – eth1 eth0 0.0.0.0/0 0.0.0.0/0
158K 12M ACCEPT all – eth0 eth1 0.0.0.0/0 0.0.0.0/0
0 0 ACCEPT tcp – * * 0.0.0.0/0 10.0.1.253 tcp dpt:8291
0 0 ACCEPT tcp – * * 0.0.0.0/0 10.0.1.253 tcp spt:8291
0 0 ACCEPT tcp – * * 0.0.0.0/0 10.0.1.253 tcp dpt:2210
0 0 ACCEPT tcp – * * 0.0.0.0/0 10.0.1.253 tcp spt:2210

Chain OUTPUT (policy ACCEPT 620M packets, 59G bytes)
pkts bytes target prot opt in out source destination
[root@sip01 ~]#

How do I get my DUDE to connect please?