Connecting to a switch behind a router from the Internet

Shefartech · October 20, 2018, 6:39am

I have the following setup:

Internet ---->hEX PoE (with a static Public IP) —>RB260G (with a static local IP)

I am able to connect remotely via the Internet to the hEX PoE via Winbox.
I also want to be able to connect to the RB260G from remotely via the Internet.

Any solutions/suggestions will be highly appreciated

xvo · October 20, 2018, 8:34am

You can:

(worse) Open a port on hEX and forward it to web interface of the switch.
(better) Run a VPN server on hEX, so that you can connect to the whole your internal network from outside in a secure way.

Shefartech · October 22, 2018, 7:03am

XVO, much appreciate you reply.
I will go with the “worse” option.
Please excuse my ignorance, could you advise how I could do that?
I cannot see the option to forward the port on the hEX router.
Port 5 on the hEX is connected to Port 1 of the switch.

kamillo · October 22, 2018, 7:30am

Start with Wiki: https://wiki.mikrotik.com/wiki/Manual:IP/Firewall/NAT#Port_mapping.2Fforwarding

Have a look at this article as well: https://wiki.mikrotik.com/wiki/Manual:Securing_Your_Router

xvo · October 22, 2018, 2:02pm

You need:

A dst-nat rule in your IP → Firewall → NAT that will forward requests from WAN on some port (chose it yourself) to 80 port on the local address of your switch.
A rule in forward chain of your IP → Firewall → Filter that will allow these dst-nat’ed connections (connection-state=new connection-nat-state=dstnat) - if you use default firewall rule, you probably already have one, but you need to check it.