Hello all,
I’ve seen similar threads to mine, but couldn’t find (or was too dumb to implement) a working solution for my scenario.
My setup: Internet → ISP Modem (static public IPv4 X.X.X.a & 192.168.178.0/24) → MikroTik (static public IPv4 X.X.X.b) → LAN (192.168.100.0/24). The MikroTik router is setup on the IPS modem as an “exposed host”.
I can ping my IPS modem from within the LAN, but cannot access its web interface. I’m not sure if I need to setup a specific NAT rule for this, or what exactly needs to be done to get it working.
Here’s my current NAT config:
I forgot to mention that the ISP’s modem can be pinged from LAN via it’s local IP (ping from my PC 192.168.100.10 to 192.168.178.1 for example). At the moment I have hidden wifi running on my ISP’s modem so that I can make changes when needed. And since I can ping it via LAN, there must be a way to reach it via the browser as well. I don’t want to unnecessarily cause noise in my MikroTik wifi & use up channels just for this purpose.
Full read what someone write, not only the first line…
Must be the MAC of ether2
readed now?
You have removed (disabled) the ether1 from bridgeLocal,
but you do not have changed the admin MAC with one of ethernet presents (still active) on the bridge (ether2).
No need to get upset, I'm reading what you wrote, the problem is, it was not understandable. Okay, I see that the "ether1" is disabled in the localBridge, but I didn't do that manually, it must've happened during the initial configuration.
Should I keep it disabled? or enable it? And, if I keep it disabled, you're saying I should adjust the MAC of the "localBridge" with the MAC of "ether2". Again, what kind of effect will this have?
I can not be upset?
What happen if you have two separate interfaces (ether1 and bridgeLocal) with same address?
You not read… I have already explained because this error are present, by you or by “initial configuration” not matter.
I also suggest the fix.
You can not reach the configuration pages with 109.?0.15?.2?9 instead?
Probably the router webpage is contacted from 109.?0.15?.230 because you nat the 192.168.100.0/24 on WAN exit
and your must omit the NATting for 192.168.178.0/24 because for security probably, can reply on ping,
but web access is restricted for same range of addresses 192.168.178.0/24
So, should I enable "ether1" OR change the bridgeLocal MAC?
No I cannot, I tried multiple things before creating this forum post. Probably the router webpage is contacted from 109.?0.15?.230 because you nat the 192.168.100.0/24 on WAN exit
and your must omit the NATting for 192.168.178.0/24 because for security probably, can reply on ping,
but web access is restricted for same range of addresses 192.168.178.0/24
Maybe you didn’t provide an explanation & answer my questions? Even though I asked multiple times. I do not follow “random” suggestions without an explanation. If you can’t provide one, how can I be sure I’m not configuring nonsense. Hope you understand.
Nonsense?
I understand your dubts, but a forum member from 2014 with more than 4500 posts is writing to you, not “one” just registered since July 24th 2021 with 20 posts …
Explain yourself:
What happen if you have two separate interfaces (ether1 and bridgeLocal) with same address?
And the two changes suggested, as anyone can understand, do not cause any explosion inside your home. Maybe…
I never wrote to enable ether1 inside the bridge (at most delete it)
You are unable to read in red?
I notice you modify the export config,
so you can only understand what I have not written but I pointed this out to you…
How much time I must write it before you understand?
add NOT ! dst-address 192.168.178.0/24 on your SECOND NAT rule
your dhcp CLIENT give you one address 192.168.178.x/24 to your ether1?
if not, you ALSO put one address 192.168.178.x/24 to your ether1
