I have many MTs in deployment in which the customer has some sort of server, almost always HTTP, on port 80 and needs it access it from the WAN. That being said, I can no longer visit the MT HTTP server to grab the winbox from it, use the webbox but most importantly visit the graphs directory!
Does anyone have a solution for this? Any port is fine with me. I tried dst-nat’ing 8080 to the LANIP:80 but no such long. It’s never something simple =)
Thanks in advance!
Change the port that the www service is running on.
For example, if I wanted to change it to port 81
/ip service set www port=81
Then I would do something like this in my web browser
http://PUBLICIP:81
Does that effect use of the Winbox by any means?
I have a secondary question slightly relates to this problem. I would like to know if I have a LAN in another network and I can not port forward anything and all I have access to is an SSH server on some Linux box, can I tunnel ports to connect to the MT on that LAN?
It does not affect the use of winbox. This is because winbox uses TCP port 8291.
I have never tunneled ports through SSH but if you can forward the aforementioned port to the router, I would expect it to work.
I did try tunneling 8291 (SSH tunneling only does TCP ports AFAIK) and it didn’t work. I do know that I have always used the TLS connecting method, which may have been my problem. I’ll have to find another network where I can test this once again without the use of TLS.
Thanks for the information - much appreciated! Is there a way to change the Winbox from listening on 8291/tcp?
Currently you can not change port. Check here for more information.
http://forum.mikrotik.com/t/winbox-on-non-standard-port/10996/1
Great! Thanks a lot for the information!