MT behind MT

RouterOS General
1

I’ve read other topics but couldn’t find the answer.
I have one MT with two interfaces (wan-internet & lan) and the other one with lan and 4 wlan cards.
I want to access second MT which is in the same network as first (first - 192.168.1.254/24, second - 192.168.1.252/24)
From the Internet I can access the first one over winbox. I want to set-up a NAT on the first, so using Winbox and that other port, it connects to the other MT.

I do not want to use VPN.

I just want that running winbox and typing my_internet_ip:150 opens first MT, and my_internet_ip:160 opens second MT.

So what NAT rules must be set on first MT to allow that?

Thank you

2

So, there is no way to NAT tcp 8291 and www port to the other MT?
I tried to NAT dest. port 102 to port 8291 and dest. port 103 to port 80 to the other MT but every time I try to connect it just loads the first MT…

3

dakky21 -
As I recall you can’t ‘re-map’ winbox but that could have changed since I tried it a few years ago…

If it would work then you’d have to insert a rule in the input chain to the router in Mangle. Most likely at that point marking the new connection, marking the established connection, and marking the parkets. Then maybe you could use dst-nat with you selected port number(s) and corresponding connection or packet mark.

Input rule placement is becuase when you use the public IP of the router - it is sure you are talking to ‘it’. So you’ll have to convince it you’re not… :slight_smile:

Thom

4

Make sure you have two Internet IPs.
One for the first MT, the other for 2nd MT.
create dnat rule for tcp port 8291 goes to 2nd MT ip.

THats all :sunglasses:

5

You don’t need two internet IP’s, just one.

Simply Specify dst-address and some free port, and use dst-nat to the correct port - like 8291 for winbox.

You would then access the second router as you would like :

I just want that running winbox and typing my_internet_ip:150 opens first MT, and my_internet_ip:160 opens second MT.

So what NAT rules must be set on first MT to allow that?

so in your NAT page, specify

chain=dst-nat
dst-address=
dst-port=160
action=dst-nat
dst-address=192.168.1.252
dst-port=8291

simple.

6

GWISA, make sure you point to the method how to connect from WinBox to custom port =)

7

As far as I know, the current version of winbox still cannot be configured to use a port other than the default 8291. As a result, it is NOT
possible to manage a MT behind another MT unless you either have two public IP’s on the first MT, or, if you only have a single IP on the first
MT, you use a VPN.

The VPN solution is quite easy to implement and works perfectly. I use PPTP on the windows machine where winbox resides. I wrote a wiki
article that address this problem, which you can reference here http://wiki.mikrotik.com/wiki/Multi_node_management.

Since you mention in your original post that you prefer not to use a VPN, I realize that this solution is not what you prefer, but until the MT folks implement a way to set the destination port that winbox uses, I think we are all stuck with this VPN solution.

If your reason for avoiding VPN is difficulty of implementation, hopefully the wiki entry will make that simple. If you have a problem with VPN due to intervening routers not forwarding the needed ports, than I can’t think of any solution for you.

8

dsobin, post is correct.
There are some good news, there will be the ability to specify and disable Winbox port in the next 3.0 version.

9

Thank you for that good news! We have been waiting for that feature for a very long time!

10

I believe GWISA already have Winbox version 10 released on year 2030 ..

:laughing: :laughing: :laughing:

11

:blush:

yar… opening my mouth before engaging my brain again…