Port forwarding to User-Manager

SweetSunday · March 25, 2008, 6:52am

I’m running User-Manager on a router on an intranet.

How (if possible) do I set up port-forwarding to the U-M router’s customer web-page (/router-IP/userman) through the gateway (an RB532) from OUTSIDE the network? dst-natting to /router-IP:80 just brings up the Mikrotik web-box login?

I know I could port-forward to /router-IP:23 and use >tool user-manager over telnet but the web interface is a lot friendlier.

Thanks.

sergejs · March 28, 2008, 12:38pm

User-Manager is using standard RADIUS ports,
1812 for authentication and 1813 for accounting.
However you need to consider about choosing public routable IP address for User-Manager[RADIUS] router.

SweetSunday · April 21, 2008, 11:00pm

Yes, but it’s not the standard RADIUS ports I want to forward. It’s the port User-Manager listens to.

Exempli gratia: using the set-up on my DSL modem (but not, it seems, with RouterOS) I can forward PublicIP:1234 to any internal IP address and port I want, ditto PublicIP:1235, PublicIP:1236. So simply by using PublicIP:port I can Winbox through to any MT router on the internal network from outside.

But, obviously, PublicIP/userman doesn’t get me anywhere.

krigevr · May 2, 2008, 6:42pm

What I’ve done is to forward a Non-standard port.

Let me explain my setup:

Internet → DSL Router → Mikrotik RB150(A) → a network → Mikrotik RB150(B) → Client PC

My client wants Web access to his home server. But I’m already using Port 80 for my own purposes - So I gave him port 90. Sounds strange on first glance.

My DSL router I simply set to forward Port 90 to the first RB150. Let’s call it RB(A).
So now I tell RB(A) to forward that to the Second RB150. Let’s call it RB(B).

In RB(A) I inserted the following under “/ip firewall nat”

add chain=dstnat action=dst-nat to-address=aa.bb.cc.dd to-ports=90   ../..
dst-address=ee.ff.gg.hh dst-port=90 protocol=tcp

aa.bb.cc.dd is the WAN IP address of RB(B).
In other words, the interface that connects RB(B) to RB(A).

ee.ff.gg.hh is the WAN IP address of RB(A).
In other words, the interface that connects RB(A) to the DSL Router.

But in your case, the device you want to access does not listen on port 90.
All you need to do, is to set to-ports=80 instead of 90.
This will make the router automatically flip the incoming port 90 data to port 80 before forwarding it to the upstream router or AP. You can try using it with additional syntax like subdirectories as well - Works beautifully.

So you can type: http://router.yourdomain.com:90/userman
See how that works for you.

-Krige