Correct process for accesing Winbox from Public IP by 8291 p

antony · April 10, 2007, 7:10am

Hello guys … I’m new at this of working with MikroTik RouterOS and I have to access one from a Public IP. I’ve been ready the docs and the forums about this cuestion and tried some of the things you say … but it didn’t work.

Could you please tell me the correct and complet process for accesing the router with the Winbox from a Public IP using 8291 port.

Thnx for all

Regards

cmit · April 10, 2007, 7:38am

Ehm… Just enter the public ip address of the router in the WinBox startup dialog and connect.
Or did I miss something in your question?

Best regards,
Christian Meis

antony · April 10, 2007, 8:02am

jeje … sorry if my didn’t explain ok (poor english)

What I need is the router config for accessing from the internet

What I did was

0 chain=dstnat dst-address=213.x.x.x protocol=tcp dst-port=23
action=dst-nat to-addresses=192.168.101.1 to-ports=23

1 chain=srcnat src-address=192.168.101.1 protocol=tcp action=src-nat
to-addresses=213.x.x.x to-ports=0-65535

2 chain=dstnat dst-address=213.x.x.x protocol=tcp dst-port=80
action=dst-nat to-addresses=192.168.101.1 to-ports=80

3 chain=dstnat dst-address=213.x.x.x protocol=tcp dst-port=8291
action=dst-nat to-addresses=192.168.101.1 to-ports=8291

192.168.101.1 is the router private IP as you can supose … and if I access the public IP through an explorer it downloads the configuration page … if I login a see on the logs of the router that xxx user has logged with the public IP from were I navigate. So that parts seems to work. But the 8291 port non

antony · April 10, 2007, 8:43am

antony:

cmit:

Ehm… Just enter the public ip address of the router in the WinBox startup dialog and connect.
Or did I miss something in your question?

Best regards,
Christian Meis

jeje … sorry if my didn’t explain ok (poor english)

What I need is the router config for accessing from the internet

What I did was

0 chain=dstnat dst-address=213.x.x.x protocol=tcp dst-port=23
action=dst-nat to-addresses=192.168.101.1 to-ports=23

1 chain=srcnat src-address=192.168.101.1 protocol=tcp action=src-nat
to-addresses=213.x.x.x to-ports=0-65535

2 chain=dstnat dst-address=213.x.x.x protocol=tcp dst-port=80
action=dst-nat to-addresses=192.168.101.1 to-ports=80

3 chain=dstnat dst-address=213.x.x.x protocol=tcp dst-port=8291
action=dst-nat to-addresses=192.168.101.1 to-ports=8291

192.168.101.1 is the router private IP as you can supose … and if I access the public IP through an explorer it downloads the configuration page … if I login a see on the logs of the router that xxx user has logged with the public IP from were I navigate. So that parts seems to work. But the 8291 port non

I know why the web works … www service active

cmit · April 10, 2007, 9:04am

Does your RouterOS router have the public ip address 213.x.x.x itself? Or is it sitting behind the router with the public ip address?
I would check possible firewall rules for ones that deny logging in from external addresses?

Best regards,
Christian Meis

antony · April 10, 2007, 9:27am

The RouterOS router has the public IP … and there are no firewall rules. The only one i’m try is

0 ;;; winbox
chain=input protocol=tcp dst-port=8291 action=accept

cmit · April 10, 2007, 9:43am

If it directly HAS the public ip address, just remove all those dst-nat and firewall rules, then you can just connect to the public ip address…

Best regards,
Christian Meis

PS: Putting your router on the internet that way without securing it further might (and should ) be considered bad practice. At least shut down the telnet service (/ip service) etc. There are examples in the Wiki how to secure your router…

antony · April 10, 2007, 1:08pm

OK … I disabled all de dst-nat and firewall rules … it seems to do something … it downloaded something … but it didn’t connect. All the next time … it doesn’t connect.