Remotely access second router, connected to the first.

I have two MikroTik routers. First, connected directly to provider’s equipment (home connection) which is RB2011UAS, and the second the RB751G. I configured the first router to be accessible remotely, from the internet, by creating a new IP->Firewall->Filter rule. What i want to do now, is to access the second router remotely.. how can i achieve that?

The default IP for the first router is 192.168.88.1
The default IP for the second router is 192.168.99.1
The IP address that the first router assigned to the second router is 192.168.88.225
The external IP that i got from provider, let’s say is 1.1.1.1

To be able to access the first router remotely i did the following steps:

  1. Went to IP → Firewall → Filter Rules
  2. Added a new rule
  3. Changed the Chain to input
  4. Changed the Protocol to tcp
  5. Changed the Dst. Port to 8291
  6. On Action tab set the Action to accept
  7. Clicked OK, and move the rule above in the list
    This made the first router accessible by just inserting the 1.1.1.1 in the “Connect To” textBox.

I did the same for the second router, so i could access it remotely (and i can access it, by being connected to the first router and accessing the 192.168.88.225 address with winBox).

I also tried to forward some ports from the first router.. but it seems that i’m doing it wrong…

How to make the second router accessible from the internet (remotely) in this situation?
Thank you.

You should create a dst-nat rule on the first router and forward a non-default port to the second router.

Thank you Rudios.
I managed to set it up.
For future reference, if someone will search the details for the answer, here’s the script how I did it:

/ip firewall nat add chain=dstnat dst-address=1.1.1.1 protocol=tcp dst-port=9990 \ action=dst-nat to-addresses=192.168.88.225 to-ports=8291
Where:
1.1.1.1 is (let’s say) my external IP (the one assigned by my provider)
dst-port=9990 is the forwarded port
192.168.88.225 is the IP that i assigned to my second router
to-ports=8291 is the port that WinBox uses to connect to the router

I have tried this and wont work kindly assist

Depends on your firewall rules.

You may need a:
/ip firewall filter
add chain=input action=accept dst-port=8291 protocol=tcp
add chain=forward action=accept connection-nat-state=dstnat in-interface=ether1

and then finally a:
/ip firewall nat
add action=dst-nat chain=dstnat dst-port=123 in-interface=ether1 protocol=tcp to-addresses=1.2.3.4 to-ports=8291

I believe this configs are to go to my second router and ip 1.2.3.4 is the ip given by the primary router right?

why dont you just use RoMON? (Tools - RoMON)
this is the way i connect to various mikrotik equipment (ap, switches etc) behind my main router of my customers.
no need for port forward. just enable it and you ready to go!!!

No, the configs I presented only affect the main firewall. No need to adjust the other units. Edit 1.2.3.4 to be 192.168.x or whatever the second router’s IP is.

By just checking the enable checkbox on all my equipments right?

yes. and you press “connect to romon” button at winbox to connect and see other romon devices.

Hi i have ben tried to find out a solution to connect on my router board that is located bihind and ISP router and i dont have access to that router did someone have a solution foor me please
Schema001-1.jpg