I'm new to the routerboards and have just installed a RB450G to act as a hotspot gateway, which seems to be working fine.
My question is that I have 5 AP on the LAN side of the RB450G and I can access a PC remotly that is on the WAN side of the RB450G.
The address of the RB has been setup as follows:
WAN IP: 192.168.0.249
LAN IP: 192.168.1.254
I set the switch-all-ports=no on the RB450G and uses ether1 as the WAN and ether2,3,4,5 as the LAN ether3,4,5 are slaves to ether2
There is a PC thas has a static IP of 192.168.0.51 on the WAN side of the RB540G, and I'd like to use this to control the AP on the LAN.
The AP addresses are 192.168.1.241 to 192.168.1.245 and are on port 80 and there is also a web managed switch at IP 192.168.1.251
I'd like to use 192.168.0.249:6000x where x is the AP number (60001 - 60005)
I've tried the following commands but the browser timesout
/ip firewall nat add chain=dstnat dst-address=192.168.0.249 dst-port=60000 action=dst-nat protocol=tcp to-address=192.168.1.251 to-port=80
So far all my Firewall NAT try have failed.
What am I missing or doing wrong?
Steve
printout from the router before trying to do the above
IP address:
0 address=192.168.1.254/24 network=192.168.1.0 interface=ether2
actual-interface=ether2
1 address=192.168.0.249/24 network=192.168.0.0 interface=ether1
actual-interface=ether1
Route:
0 A S dst-address=0.0.0.0/0 gateway=192.168.0.254
gateway-status=192.168.0.254 reachable via ether1 distance=1
scope=30 target-scope=10
1 ADC dst-address=192.168.0.0/24 pref-src=192.168.0.249 gateway=ether1
gateway-status=ether1 reachable distance=0 scope=10
2 ADC dst-address=192.168.1.0/24 pref-src=192.168.1.254 gateway=ether2
gateway-status=ether2 reachable distance=0 scope=10
Interfaces:
Flags: D - dynamic, X - disabled, R - running, S - slave
NAME TYPE MTU L2MTU MAX-L2MTU
0 R ether1 ether 1500 1526 1526
1 R ether2 ether 1500 1520 1520
2 R ether3 ether 1500 1520 1520
3 ether4 ether 1500 1520 1520
4 ether5 ether 1500 1520 1520
Firewall:
may/03/2012 21:57:33 by RouterOS 5.15
/ip firewall connection tracking
set enabled=yes generic-timeout=10m icmp-timeout=10s tcp-close-timeout=10s
tcp-close-wait-timeout=10s tcp-established-timeout=1d
tcp-fin-wait-timeout=10s tcp-last-ack-timeout=10s
tcp-syn-received-timeout=5s tcp-syn-sent-timeout=5s tcp-syncookie=no
tcp-time-wait-timeout=10s udp-stream-timeout=3m udp-timeout=10s
/ip firewall filter
add action=passthrough chain=unused-hs-chain comment=
"place hotspot rules here" disabled=yes
/ip firewall nat
add action=passthrough chain=unused-hs-chain comment=
"place hotspot rules here" disabled=yes to-addresses=0.0.0.0
add action=masquerade chain=srcnat comment="masquerade hotspot network"
disabled=no src-address=192.168.1.0/24 to-addresses=0.0.0.0
/ip firewall service-port
set ftp disabled=no ports=21
set tftp disabled=no ports=69
set irc disabled=no ports=6667
set h323 disabled=no
set sip disabled=no ports=5060,5061 sip-direct-media=yes
set pptp disabled=no