Hey guys,
I have a cell modem that uses a sim card to provide a WAN connection for remote locations. The modems have a web client that can be reached by going to the device’s IP and adding a port.
I am trying to get onto this web client using my desktop computer, but I can’t seem to get it to go through.
Our office runs on a 192.168.30.0/24
My computer 192.168.30.220
Mikrotik ac lite @ 192.168.30.221
Cell router runs on a 192.168.0.0/24
webclient is found @ 192.168.0.1:10000
I am able to connect to the cell modem directly, change my desktop’s IP to 192.168.0.4 and then am able to connect to the web client. But I would like to have the cell router plugged into my mikrotik that sits at my desk and have that route the traffic to my computer’s subnet.
I am not able to ping the cell modem from my PC.
When I try to ping from Mikrotek, it looks like it is pinging ether1? I don’t know. I am lost.
I have looked through these forums and cannot for the life of me figure this out. I need to be able to access that web client. Any Advice?
This is my current configuration. It does not work.
[admin@Logan’s Router] > /export
I was able to ping the device off of RouterOS but I am still not able to reach it from my PC.
My firewall is completely off in all zones.
Someone in the office mentioned that I just need to create a NAT rule, but I have tried creating masquerade rules from the one subnet to the other but with no luck.
As far as gateways, my PC and Mikrotik have a default gateway of 192.168.30.1, which is where our main router is.
The cell modem has a gateway of 192.168.0.1
You added 192.168.0.1 (you wrote it’s the cell modem’s address) also to RB as its own address. That’s wrong, you need to assign RB another address from the same address change.
The way you do it (giving RB addresses from both IP segments and adding appropriate routes) you shouldn’t need any NAT to access cell modem from your office PC. After you fix the addressing that is.
It seems that RB has two IP addresses assigned: 192.168.30.221 and 192.168.0.1 … and for the later you wrote that should be the cell modem’s address. Check the RB’s addresses and if it really is that way, change the later to some other, unused, address from range 192.168.0.x
I changed the 192.168.0.1 in the address list to 192.168.0.221. This didn’t change anything.
Is that what you meant? I can still ping the cell modem from RouterOS as well as ping my desktop, but I can’t ping from my desktop to the cell modem
I’m such a beginner at this, so I’m sorry. Thank you for your help.
The whole LAN architecture is not clear to me … is your RB used as default GW for your office PCs, while cell modem knows nothing about it? If that’s the case, you need the second srcnat rule… so that your wole office lan will appear to the cell modem as if originating from your RB’s address 192.168.0.x . In this case connecting to cell modem from office LAN should work unless you have some special FW rules on RB.
Actually your masquerade config is not right either. You need to masq whole subnet, not only RB’s own address:
Sorry, here is a picture of my setup. I hope this helps. I am trying to go from my desktop to the cellular modem through the routerboard, which is separate from our main router.
As I suggested earlier: the AC lite RB needs two IP addresses, e.g. 192.168.30.221 and 192.168.0.221. Then it needs to do srcnat as I wrote in my previous post. That’s the third rule in your export while the first two just create mess. Ah, it’s the fourth (the last), the first one is an empty rule…
If you don’t want to allow the whole 192.168.30.x to access the cell router through this RB, then you can either adapt the srcnat src-address to something more stringent or you can add some firewall rule which would prevent routing packets from not allowed src addresses.
If you don’t have anything about 192.168.0.0/24 configured on main router (indicating your AC lite being gateway between the two IP segments), then you need to add specific route also on your desktop PC. Normally PCs will have set-up two routes: one atomatic to own IP segment (e.g. 192.168.30.0/24 via NIC) and one default route (e.g. 0.0.0.0/0 via gw 192.168.30.1). To make connection between PC and cell router, either main router or PC itself needs to have set-up explicit route to 192.168.0.0/24 via gw 192.168.30.221.
I can’t find anything wrong in the router setup. Those two routes seem funny but I guess they are fine though. The funny part comes from the fact that both addresses (and hence routes) are bound to same logical interface (bridge in your case) while more common setup is to have split logical interfaces for different addresses … at least different VLAN interfaces if not even different physical interfaces. Again, I guess this should be fine though.
Regarding route on your desktop PC: the line you showed here doesn’t seem right. Under linux, the command to define the needed route would look something like
so: netmask has to be correct (24 bits) and gw address needs to be otherwise accessible by the PC and that’s the AC lite’s address from the office LAN side, not the other one.
I couldn’t get it to work in that configuration, so I went and switched over to using two bridges. One for the Cell and one for the office lan. I was able to ping after that, which is awesome.
Because I set it up that way, I won’t be able to plug the cell modem into just any port, which is kind of a bummer, but at least this way I don’t have to go in and change my subnet on my desktop.