Hi..
I have a Mikrotik RB that is connected directly through a fiber optic modem and I set the RB to dial my ISP with PPPoE.
My Mikrotik Board always have a public IP and I can set port forwarding for any port I want (standard port forwarding with IP/Firewall - NAT)
The problem is I can’t access my webfig from internet somehow.
Here’s what I had try so far:
Change the IP/Services for www from 80 to another port, like: 8181
Put a port forward rule to my RB’s IP at port 8181
Nothing works, even though I can access another server on another port from internet.
If you’re accessing service on router itself, you only need to open port on router (using accept rule in input chain). Port forwarding rule won’t do anything useful.
Also, HIGHLY recommend putting some additional security on it. There are several things that can be done if you really insist on having a WebFig port directly accessed from the internet. For example, if able, restrict the source IPs that can access it to only the IPs that you want to have access. For example if you want to access from a static IP at work, put that IP into an access list. Obviously if you need access from anywhere, that does not work. You are already using a non-standard port, but that is not much security by itself. Port knocking also helps.
Better would be to not use www access at all. WinBox is better. A VPN would be even better
.
Do NOT put WebFig directly into Internet. Instead, set up IPSec/L2TP VPN and enable access to WebFig through it. QuickSet can set it up for you, just enable VPN network from IP/Services. IPSec/L2TP is built into Win10/Android/iOS so no additional software is needed.
OK. So i decide not to access webfig through internet, but I can’t enable the winbox access too.
I enabled the ip/cloud services from Quickset (see the attached screenshot) and I can access any service port from that address.
So I know that the cloud service works.
But still unable to access the RB from winbox from outside (internet)
Can someone tell me what I need to do ?
If you use VPN, then you shouldn’t be connecting to xxx.sn.mynetname.net in WinBox, that address is only for VPN client. In WinBox you should use whatever private address the server uses in tunnel (I don’t know what Quick Set configures), after you connect to VPN.
