Hi
I have a Mikrotik router whose internet connection is provided by an internet modem. The router has a public address of 40...** and a DDNS address.The router is also connected via an Ethernet cable through interface 4 of the router to the Schneider Electric Conext Combox. I would like to be able to connect to the web interface of the Conext Combox from a network other than the one to which the Conext Combox is connected for remote control. The device has the ip address : 192.168.88.254.
Here is the parameter that i tried as beginner in Mikrotik :
Chain : dst-nat
dst-address : PUBLIC addresses
dst-port : 9865 ; thinking that my ISP wouldn’t allow the connexion to port 80 but the device web port is also 80 as i couldn’t connect it with port 80 the first time
In interface : ppp-out1
In interface list : WAN
Action : dst-nat
to adress : 192.168.88.254
to port 80
But it doesn’t work too so maybe i forget something. I hope that you can help me with this problem.
I don’t understand the network setup, too many possibilities here. “The router” is used too many times, which router is connected to what router, and which one is connected to the ISP?
ISP then Schneider then Mikrotik , with PPP VPN in Mikrotik ???
192.168.88.254 suggests other way around.
Using default firewall? Make sure the standard “allow DSTNAT” is active
add action=drop chain=forward comment="defconf: drop all from WAN not DSTNATed" connection-nat-state=!dstnat connection-state=new in-interface-list=WAN
# and then have something like
/ip firewall nat
add action=masquerade chain=srcnat comment="defconf: masquerade" ipsec-policy=out,none out-interface-list=WAN
add action=dst-nat chain=dstnat comment="http" disabled=no dst-address=*public address here* dst-port=9865 in-interface=ppp-out1 protocol=tcp to-addresses=192.168.88.254 to-ports=80
You have a double condition : “in-interface=ppp-out1” and “in-interface-list=WAN”, the last one is not documented by MT??? Must both conditions be met ? (Is it AND or OR)
Needs a little test to be sure with these dynamic interfaces
Hi, thanks for replying, I would like to access a Schneider Electric Conext Combox device via the internet installed behind a Mikrotik router. But my ISP blocks all access. By using a VPN on a Mikrotik router, I could bypass this blockage. Here is a simple diagram of what I want to do: Conext Combox >--------->eth4>Mikrotik router (VPN)>PoEin>----------->LAN/WAN>Huawei box ( network 1)>—Internet<—Router or modem (network 2)< My computer. I would like to use the PPTP protocol to access it from another network via its public IP address.i think it’s more simple but i still don’t know where to put the public ip or the ddns to be able to connect to it. here is a better exemple of what i want to do : https://1drv.ms/i/s!AqqWYUq5fpJagwg80Gxh7813aghx?e=Ff8HEq
In that case how can you setup a PPTP VPN tunnel towards the Mikrotik router?
Anyway every Mikrotik router has a potential public DDNS entry as .sn.mynetname.net.
See under IP/Cloud menu, and enable DDNS.
For other DDNS options check with e.g.“dyndns.org” or “noip.com”
The Mikrotik router can be deep behind several NATting routers, and will have the public IP address of the Internet facing router. (DSTNAT rules will then be needed to forward any connection request from the internet to the VPN(eg PPTP) server). If the deep behind router is the VPN client, then no special DSTNAT is needed there, the VPN client must be able to reach the VPN server. Even if the use case is a connection from the VPN server side to the VPN client side. (A VPN tunnel is bi-directional for its uses)
In my case the VPN server is at home (just a hAP Lite, with MT DDNS enabled) , the VPN client sits very deep, behind several ISP and other NATting routers, and permanently contacts my home VPN server even over an Internet connection with failover. I log in from home in the remote network, through the established tunnel.
Sure Wireguard is Ok.
And some ROS 7 test versions (not the RC) have BTH enabled in IP/Cloud. Back To Home is an very easy setup for a Wireguard tunnel.