Help with the dude

luisjoosee · October 30, 2019, 4:01pm

Good afternoon.

I have a problem with The Dude, I need to manage, monitor and even update my mikrotiks with this monitor but I can not establish connection with the device, every time I try to reject the connection throwing this error ("connection timeout (6), next attempt at 15:59:28 ") I have read several forums and also seen tutorials but still the connection is not established.

It should be noted that I am using the correct ports and my devices do not have firewall rules that interfere with the connection.

Zacharias · October 30, 2019, 5:13pm

How do you see these devices? Through VPN?
Are those devices in your local network ?
Provide more details.. It’s really easy to add a device in Dude…

luisjoosee · October 30, 2019, 8:51pm

Hello, my equipment is routed locally, I can add the equipment without any problem to the dude and consult snmp, ping among other qualities, my problem is when I try to connect the dude to an MK either to update or manipulate it.

It gives me error as in the image that I show you, it should be noted that my IP address, user and password are correct and there are no firewall rules that prevent the connection

Zacharias · October 30, 2019, 9:37pm

Go to services and tell me what service is down…

xvo · October 30, 2019, 10:24pm

Does the user you are using to login have “dude” permission?

luisjoosee · October 31, 2019, 6:59pm

Hello, thanks for your prompt responses, I don’t know how to verify if the final team has permission, where can I verify it?

Basically I want to drive the Mikrotik from The Dude? Is that possible ? How do I do it?

I have seen that it is possible to update it from The dude according to the wiki manual but I cannot establish communication at that level between the dude and the device

xvo · October 31, 2019, 7:56pm

Do

/user print

and

/user group print

on the router you are trying to connect to.
And see, if the user you are using to login from dude server have the necessary rights.

luisjoosee · November 1, 2019, 12:17pm

Good day,

If the user I am using has “full” permissions but still can’t connect, do you know any other way or steps I should follow?

because I have a lot of equipment and I would like to handle them from one place and update them at the same time instead of doing a manual job one by one

xvo · November 1, 2019, 12:25pm

Check that your device’s firewall accept connections on default winbox port 8291 from the address of your dude server.

luisjoosee · November 1, 2019, 12:29pm

I already have a rule that accepts all the protocols and ports of the server dude network

xvo · November 1, 2019, 12:38pm

Is there anything valuable in the device’s logs when dude is trying to connect?
Does winbox run on the default port?
Can you confirm with torch, that dude packets are reaching the device?

luisjoosee · November 1, 2019, 12:46pm

How to change the query port from 8291 to another?

xvo · November 1, 2019, 12:52pm

You can’t.
The only way is to perform nat from 8291 to your custom port.

luisjoosee · November 1, 2019, 1:10pm

And how can I do that?

xvo · November 1, 2019, 2:10pm

Add this on your device:

/ip firewall nat add action=dst-nat chain=dstnat dst-address=YOUR_DEVICE_IP dst-port=8291 protocol=tcp src-address=YOUR_DUDE_SERVER_IP to-p
orts=YOUR_CUSTOM_PORT

luisjoosee · November 4, 2019, 7:27pm

You can’t.
The only way is to perform nat from 8291 to your custom port.

And how can I do that?

Add this on your device:
/ip firewall nat add action=dst-nat chain=dstnat dst-address=YOUR_DEVICE_IP dst-port=8291 protocol=tcp src-address=YOUR_DUDE_SERVER_IP to-p
orts=YOUR_CUSTOM_PORT
Good afternoon, sorry for the delayed response time.

the problem is that there are more than 500 final devices that had to be set that firewal rule.

There is a way to put a rule on the “dude” server that works, try several ways dst-nat and src-nat but they didn’t work.

xvo · November 4, 2019, 8:45pm

As unfortunate as it is, for now there is no other way to do this, other than performing dst-nat.
And you can’t perform dst-nat for the packet originated from the router itself.

Instead of doing it on all 500 end devices you can place additional router between dude server and the network, to do it in one place (or use existing router, if all the traffic to end devices is routed through it).
Another possible workaround is to loop the traffic back to the dude server connecting two of it’s ports with a patchcord (of course if it is physical device, not a CHR).