Remotely access second router, connected to the first.

cityc · April 29, 2014, 1:38am

I have two MikroTik routers. First, connected directly to provider’s equipment (home connection) which is RB2011UAS, and the second the RB751G. I configured the first router to be accessible remotely, from the internet, by creating a new IP->Firewall->Filter rule. What i want to do now, is to access the second router remotely.. how can i achieve that?

The default IP for the first router is 192.168.88.1
The default IP for the second router is 192.168.99.1
The IP address that the first router assigned to the second router is 192.168.88.225
The external IP that i got from provider, let’s say is 1.1.1.1

To be able to access the first router remotely i did the following steps:

Went to IP → Firewall → Filter Rules
Added a new rule
Changed the Chain to input
Changed the Protocol to tcp
Changed the Dst. Port to 8291
On Action tab set the Action to accept
Clicked OK, and move the rule above in the list
This made the first router accessible by just inserting the 1.1.1.1 in the “Connect To” textBox.

I did the same for the second router, so i could access it remotely (and i can access it, by being connected to the first router and accessing the 192.168.88.225 address with winBox).

I also tried to forward some ports from the first router.. but it seems that i’m doing it wrong…

How to make the second router accessible from the internet (remotely) in this situation?
Thank you.

Rudios · April 29, 2014, 11:49am

You should create a dst-nat rule on the first router and forward a non-default port to the second router.

cityc · April 29, 2014, 4:08pm

Thank you Rudios.
I managed to set it up.
For future reference, if someone will search the details for the answer, here’s the script how I did it:

/ip firewall nat add chain=dstnat dst-address=1.1.1.1 protocol=tcp dst-port=9990 \ action=dst-nat to-addresses=192.168.88.225 to-ports=8291
Where:
1.1.1.1 is (let’s say) my external IP (the one assigned by my provider)
dst-port=9990 is the forwarded port
192.168.88.225 is the IP that i assigned to my second router
to-ports=8291 is the port that WinBox uses to connect to the router

wds11 · September 7, 2017, 9:50pm

I have tried this and wont work kindly assist

pcunite · September 7, 2017, 10:46pm

Depends on your firewall rules.

You may need a:
/ip firewall filter
add chain=input action=accept dst-port=8291 protocol=tcp
add chain=forward action=accept connection-nat-state=dstnat in-interface=ether1

and then finally a:
/ip firewall nat
add action=dst-nat chain=dstnat dst-port=123 in-interface=ether1 protocol=tcp to-addresses=1.2.3.4 to-ports=8291

wds11 · September 8, 2017, 5:26pm

I believe this configs are to go to my second router and ip 1.2.3.4 is the ip given by the primary router right?

freemannnn · September 8, 2017, 5:40pm

why dont you just use RoMON? (Tools - RoMON)
this is the way i connect to various mikrotik equipment (ap, switches etc) behind my main router of my customers.
no need for port forward. just enable it and you ready to go!!!

pcunite · September 8, 2017, 6:01pm

No, the configs I presented only affect the main firewall. No need to adjust the other units. Edit 1.2.3.4 to be 192.168.x or whatever the second router’s IP is.

wds11 · September 8, 2017, 8:13pm

By just checking the enable checkbox on all my equipments right?

freemannnn · September 9, 2017, 6:18am

yes. and you press “connect to romon” button at winbox to connect and see other romon devices.

TAD · October 14, 2017, 7:14pm

Hi i have ben tried to find out a solution to connect on my router board that is located bihind and ISP router and i dont have access to that router did someone have a solution foor me please
Schema001-1.jpg