Hi, trying to solve a problem remotely (WInbox) on Caps protocol I’ve unfortunately changed a wrong parameter on firewall, not the router isn’t more available on internet but I guess it works fine if the source is located on the same LAN. I’ve access through Winbox on another Mikrotik on the same LAN, unfortunately this is not the gateway and I have only the winbox port natted on it.

Can I, using the terminal of the recheable router, open a connection on the unreachable router? For example telnet protocol, can I? or SSL, or any winbox emulation..
Thank you a lot

I’ve found telnet on istruments, unfortunately it doesn’t answer from the local IPs too (((( but it replies to pings.
I guess I have no other chance than reset it. The problem is that this place is located 3 hours by car far from me

Do you have configuration of your device? If yes, post it here without sensitive data.

Look in Neighbor Discovery, maybe it will available there…Also on locked device do you have configured mac-winbox-servrer or mac-telnet-server ?

thansk a lot of answer, I've googled and print the neighbors, the target unreachabel router is 192.68.88.3
[admin@MikroTik] /ip neighbor> find
[admin@MikroTik] /ip neighbor> print

INTERFACE ADDRESS MAC-ADDRESS

0 ether2... 192.168.88.2 2C:C8:1B:22:81:DD
bridge
1 ether2... 192.168.88.2 2C:C8:1B:22:81:DE
bridge
2 ether3... 192.168.88.3 08:55:31:37:88:00
bridge
3 ether3... 192.168.88.3 08:55:31:37:88:01
bridge

how can I access it? I've telnet it and sshe from 2 fifferent mikrotics and it doesn't answer,
no I don't have a backup of its config, provbably the wrong thing was to set the ethernet as a LAN interface instead of WAN as it was
I don't know the settings "mac-winbox-servrer or mac-telnet-server", I havent' touched them, do you mean I can telent the mac of the target router? Does it has sense?

You gave me the idea, cool! I’ve never telnet a mac address! )) it opens, I’ve dumped the config, what I should change to revive it? Thank you!

[admin@MikroTik] > export

# jan/07/1970 06:47:35 by RouterOS 6.47.10
# software id = 6W5F-6GYH
#
# model = RouterBOARD wAP 2nD r2
# serial number = 6D820D3BF0DB
/interface bridge
add name=bridge1
/interface wireless
# managed by CAPsMAN
# channel: 2447/20-eC/gn(28dBm), SSID: , CAPsMAN forwarding
set [ find default-name=wlan1 ] band=2ghz-b/g/n channel-width=20/40mhz-XX distance=indoors frequency=auto \
    installation=outdoor mode=ap-bridge ssid=MikroTik-378801 wireless-protocol=802.11
/interface list
add comment=defconf name=WAN
add comment=defconf name=LAN
/interface wireless security-profiles
set [ find default=yes ] supplicant-identity=MikroTik
/ip pool
add name=default-dhcp ranges=192.168.88.10-192.168.88.254
/ip dhcp-server
add address-pool=default-dhcp interface=wlan1 name=defconf
/interface bridge port
add bridge=bridge1 interface=ether1
add bridge=bridge1 interface=wlan1
/ip neighbor discovery-settings
set discover-interface-list=LAN
/interface list member
add comment=defconf interface=wlan1 list=LAN
add comment=defconf interface=ether1 list=LAN
/interface wireless cap
# 
set bridge=bridge1 discovery-interfaces=bridge1 enabled=yes interfaces=wlan1
/ip address
add address=192.168.88.3/24 interface=bridge1 network=192.168.88.0
/ip dhcp-client
add comment=defconf interface=ether1
/ip dhcp-server network
add address=192.168.88.0/24 comment=defconf gateway=192.168.88.1
/ip dns
set allow-remote-requests=yes
/ip dns static
add address=192.168.88.1 comment=defconf name=router.lan
/ip firewall filter
add action=accept chain=input comment="defconf: accept established,related,untracked" connection-state=\
    established,related,untracked
add action=drop chain=input comment="defconf: drop invalid" connection-state=invalid
add action=accept chain=input comment="defconf: accept ICMP" protocol=icmp
add action=accept chain=input comment="defconf: accept to local loopback (for CAPsMAN)" dst-address=127.0.0.1
add action=drop chain=input comment="defconf: drop all not coming from LAN" in-interface-list=!LAN
add action=accept chain=forward comment="defconf: accept in ipsec policy" ipsec-policy=in,ipsec
add action=accept chain=forward comment="defconf: accept out ipsec policy" ipsec-policy=out,ipsec
add action=fasttrack-connection chain=forward comment="defconf: fasttrack" connection-state=established,related
add action=accept chain=forward comment="defconf: accept established,related, untracked" connection-state=\
    established,related,untracked
add action=drop chain=forward comment="defconf: drop invalid" connection-state=invalid disabled=yes
add action=drop chain=forward comment="defconf: drop all from WAN not DSTNATed" connection-nat-state=!dstnat \
    connection-state=new disabled=yes in-interface-list=WAN
/ip firewall nat
add action=masquerade chain=srcnat comment="defconf: masquerade" ipsec-policy=out,none out-interface-list=WAN
/ip route
add distance=1 gateway=192.168.88.254
/system ntp client
set primary-ntp=193.204.114.232 secondary-ntp=132.163.97.5
/tool mac-server
set allowed-interface-list=LAN
/tool mac-server mac-winbox
set allowed-interface-list=LAN

[admin@MikroTik] >

Does this router have a static public ip address ?

You have a default configuration on you router and it accept mgmt connections only from LAN at this moment.

You need to post configuration from main router also…

IF you do not have rebooted the router do /undo , and wait some seconds, sometimes, on router terminal until go back online as before…

thank you mate, this is a precious post! :)) I've done it and I got it back, I hope the previous config is now automatically stored and if a reboot accours it will keep running