Hello everyone.
I just installed MT on virtual machine and it has only two NICs as the following:
1- MY-WAN which connect to internet with IP 192.168.1.100/24.
2- MY-LAN which connect to internal network with IP 10.1.1.1/24
I was able to access MT from internal computers (virtual machines )in lan, and also from physical computer (192.168.1.200/24) which host the MT virtual machine.
My question is how to connect MT using winbox from external ( over internet ) computer.??
Hello,
1- for connectivity as starting point both connect through internet and they are up.
2- when i went from winbox to IP>services i can see (ftp, ssh, telnet and www) all are green and available from 0.0.0.0/0 and www-ssl the same but not green it is dimt.
3- IP > firewall > filter , I cannot see anything related to winbox or to port 8291
Then remote access should be working.
If it is not, post the output of the commands listed in my signature and wrap them in
tags.
Hello,
0 ;;; added by setup
address=192.168.1.133/24 network=192.168.1.0 broadcast=192.168.1.255
interface=MY-WAN1 actual-interface=MY-WAN1
1 address=10.10.10.1/24 network=10.10.10.0 broadcast=10.10.10.255
interface=MY-LAN1 actual-interface=MY-LAN1
2 address=10.10.20.1/30 network=10.10.20.0 broadcast=10.10.20.3
interface=MY-LAN1 actual-interface=MY-LAN1
[admin@MT1-Router] > ip route print detail
Flags: X - disabled, A - active, D - dynamic,
C - connect, S - static, r - rip, b - bgp, o - ospf
0 ADC dst-address=10.10.10.0/24 pref-src=10.10.10.1 interface=MY-LAN1 scope=10
target-scope=0
1 ADC dst-address=10.10.20.0/30 pref-src=10.10.20.1 interface=MY-LAN1 scope=10
target-scope=0
2 ADC dst-address=192.168.1.0/24 pref-src=192.168.1.133 interface=MY-WAN1
scope=10 target-scope=0
3 A S ;;; added by setup
dst-address=0.0.0.0/0 gateway=192.168.1.1 interface=MY-WAN1
gateway-state=reachable scope=255 target-scope=10
[admin@MT1-Router] > interface print
Flags: X - disabled, D - dynamic, R - running
0 R MY-WAN1 ether 0 0 1500
1 R MY-LAN1 ether 0 0 1500
/ ip firewall nat
add chain=dstnat protocol=tcp dst-port=80 action=redirect to-ports=8080
comment="" disabled=no
add chain=srcnat out-interface=MY-WAN1 action=masquerade comment=""
disabled=no
add chain=srcnat src-address=10.10.10.0/24 action=masquerade
comment="masquerade hotspot network" disabled=no
add chain=srcnat src-address=10.10.10.0/24 action=masquerade
comment="masquerade hotspot network" disabled=no
add chain=srcnat src-address=10.10.10.0/24 action=masquerade
comment="masquerade hotspot network" disabled=no
add chain=srcnat src-address=10.10.10.0/24 action=masquerade
comment="masquerade hotspot network" disabled=no
add chain=srcnat src-address=10.10.10.0/24 action=masquerade
comment="masquerade hotspot network" disabled=no
add chain=srcnat src-address=10.10.10.0/24 action=masquerade
comment="masquerade hotspot network" disabled=no
add chain=srcnat src-address=10.10.10.0/24 action=masquerade
comment="masquerade hotspot network" disabled=no
/ ip firewall connection tracking
set enabled=yes tcp-syn-sent-timeout=5s tcp-syn-received-timeout=5s
tcp-established-timeout=1d tcp-fin-wait-timeout=10s
tcp-close-wait-timeout=10s tcp-last-ack-timeout=10s
tcp-time-wait-timeout=10s tcp-close-timeout=10s udp-timeout=10s
udp-stream-timeout=3m icmp-timeout=10s generic-timeout=10m
tcp-syncookie=no
/ ip firewall filter
add chain=forward action=jump jump-target=customer comment="" disabled=no
add chain=customer connection-state=invalid action=drop comment="Drop invalid
connection packets" disabled=no
add chain=customer connection-state=established action=accept comment="Allow
established connections" disabled=no
add chain=customer connection-state=related action=accept comment="Allow
related connections" disabled=no
add chain=customer action=log log-prefix="customer_drop" comment="Log dropped
connections" disabled=no
add chain=customer action=drop comment="Drop and log everything else"
disabled=no
/ ip firewall service-port
set ftp ports=21 disabled=no
set tftp ports=69 disabled=no
set irc ports=6667 disabled=no
set h323 disabled=yes
set quake3 disabled=no
set gre disabled=yes
set pptp disabled=yes
[admin@MT1-Router] >
There is nothing wrong with that configuration, and remote access should be working. I guess you could post the output of “/ip service print detail” even though you already visually inspected it.
By the way, it really helps readability a great deal if you wrap CLI output in
tags.
About network diagram,
1- MY ADSL router get dynamic public IP from ISP using DHCP. router lan is 192.168.1.1 / 24
2- Physical computer 192.168.1.101 / 24 , DG: 192.168.1.1 , DNS of ISP servers.
3- running vmware 7.x.x.
4- MT installed on VM, that VM has two NICs, MY-WAN (bridged) and its IP 192.168.1.133/24 , MY-LAN (host only) is 10.10.10.1/24. , MT DG: 192.168.1.1 , DNS 208.67.222.222
5- MT and any VM in host only with IP of 10.10.10.x / 24 and DG 10.10.10.1 can access internet.
6- I can access MT from physical machine normal with winbox , and cannot access it from any machine in host only - normal cause i configured DHCP /30 - to prvent arp attacks as netcut.
7- my router real IP is 41.x.x.x and when i connect to remote network (via RDP) and try use winbox to connect to MT on 41.x.x.x , it cannot work.
8- I tried to forward all traffic on adsl router to 192.168.1.133 , via making it DMZ IP. and also I tried with forwarding 8291 TCP and 80 TCP to 192.168.1.133 , and it did not work in both.
Hello,
Terminal vt102 detected, using multiline input mode
[admin@MT1-Router] > /ip service print detail
Flags: X - disabled, I - invalid
0 name=“telnet” port=23 address=0.0.0.0/0
1 name=“ftp” port=21 address=0.0.0.0/0
2 name=“www” port=80 address=0.0.0.0/0
3 name=“ssh” port=22 address=0.0.0.0/0
4 X name=“www-ssl” port=443 address=0.0.0.0/0 certificate=none
Hello,
problem was using IP-Sec on physical computer NIC. thanks for help
But still want to know, if my MT external IP is 192.168.1.X and want to pubnlish server (portx) running on internal IP 10.10.10.Y , what is the exact command to do so.