Hi, sounds like a silly question, but I have never used Mikrotik and my employer just had a unit installed and I can no longer access the server using Remote Desktop. I need to get my work done and can’t figure the thing out. How do I open the port on the firewall using winbox? Any advice please?
you dont’ open ports, you close them. by default there is no firewall. maybe your boss has made some firewall for remote desktop? check what is going on in the firewall rules, are there any?
example:
ip firewall filter add chain=input protocol=tcp dst-port=90 action=accept
this open tcp 90 and accept the packets from outside world in that port… check the manual and seach the forums you will find a lot of examples…
Regarda
Sounds like you haven’t mapped the port through to the server:
chain=dstnat in-interface=Internet protocol=tcp dst-port=3389
action=dst-nat to-addresses=x.x.x.x to-ports=3389
where x.x.x.x is the internal address of your server.
Regards
Andrew
Guys … thanks for your advice but you must forgive me. I know nothing about this firewall and do not have the time to ‘learn’ it as yet. I just need to access the server asap. I have Winbox and might be able to configure it from there … can you please help me that way?
Open Winbox
Select new terminal from the Left hand side.
Type /ip firewall nat
Type the command I gave you substituting your server address for x.x.x.x. If your public facing interface is named differently you’ll need to change that as well.
You’re done.
Regards
Andrew
Thanks for the advice andrewluck, I appreciate it greatly. I am still not clear on some things. The server address you mentioned, is that the address on the local network at the office? And what do you mean by public facing interface? Excuse my ignorance on this subject, networking is not my thing. If I mess up, how do I go back?
Server address is the local server address on the LAN.
Public facing interface is the one that’s connected to the Internet. Mine’s called ‘Internet’, you may have named yours differently. Typing /interface print at the terminal will remind you of the names.
The worst that’s going to happen with this rule is that it won’t work. If you have problems, open Winbox and delete it from the IP - Firewall pages.
Regards
Andrew
Andrew … sorry to bother you again, but I have tried to do as you advised me last time and I get the following error:
no such command or directory (chain)
I have entered what I beleive to be the correct name and also the ip of the server. Can you please help me.
Well, you just have to complete the command like this:
/ip firewall nat add chain=dstnat in-interface=Internet protocol=tcp dst-port=3389 action=dst-nat to-addresses=x.x.x.x to-ports=3389
Best regards,
Christian Meis
That’s cool, but how to achieve the same on a 2.9 hotspot network? I wan’t to forward a port from wan interface to a host which is on a hotspot interface. Host has a fixed IP address.
Thanks.
Using the 2.9 hotspot “ip-binding” feature you can bypass the required hotspot logon for that machine. Depending on your network config you have to add a firewall rule or a dst-nat to this…
Best regards,
Christian Meis