Ipcloud two Mikrotik

Rey68 · December 16, 2018, 1:23pm

Hello:
I have two mikrotik, one like wan and wifi, and another as a repeater of the wifi (using wlan).
The first I can access remotely through xxxxx.sn.mynetname.net.
But the second one does not, I understand that it is behind NAT, as indicated by IPcloud in the second.
Try making a NAT rule to the ip of the second router 192.168.1.30 and calling xxxxx.sn.mynetname.net. with a port.
But it does not work.
How should I do it?

sebastia · December 16, 2018, 2:06pm

Hi

You should take care of following

make dst-nat rule to port-forward traffic from first MT to “repeater”
ensure that this forwarded traffic is allowed in first MT (with default config should be ok, as there all dst-nat-ed traffic is allowed)
allow the incoming connection on the “repeater” MT

Rey68 · December 16, 2018, 5:30pm

I have this rule in mikrotik 1 (wan).

action=dst-nat chain=dstnat dst-port=8292 in-interface=ether1 protocol=tcp
to-addresses=192.168.1.30.

¿is correct?

allow the incoming connection on the “repeater” MT.
I do not understand this. The second mikrotik have acces to internet

sebastia · December 17, 2018, 9:07pm

“action=dst-nat chain=dstnat dst-port=8292 in-interface=ether1 protocol=tcp to-addresses=192.168.1.30”

that’s the port forward
have you check the firewall filter table and forward chain?
and lastly does the target device (192.168.1.30) allows connection on the 8292 port in filter input?

Rey68 · January 24, 2019, 2:45pm

Solved!.
I change in second mikrotik port Winbox in Ip service, xxxx.
I create nat in 1º Mikrotik to ip with port in second mikrotik winbox
In winbox enter with xxxxx.netname.net:xxxx

erlinden · January 24, 2019, 2:49pm

Why not do it properly and run a VPN service? Are you aware that there was (and still is depending on the version of RouterOS you are running) a huge security issue?

Rey68 · January 24, 2019, 3:05pm

Is there a security problem with winbox?
So using Ipcloud is not a good idea?

AlainCasault · January 24, 2019, 3:25pm

It’s more a question of having an open port to exploit, two in your case.

And with a VPN, you can have proper routing and all your tools will work as if at home (or at the office).

anav · January 24, 2019, 3:30pm

Concur, if you want to remotely access winbox on either unit, using an open port approach is cwazee stupid.
One method used, is called port knocking however the VPN connection approach is superior.

Rey68 · January 24, 2019, 4:08pm

I understand, I will create a vpn service