Hello! I need a remote acces to my router over Webfig. I have enabled DDNS in IP - Cloud. When I open http://XXXXXXXXXXXX.sn.mynetname.net/ in browser, it works fine, but only from my home network. From WAN it doesn’t work! I have no firewall rules which may block remote access. I have also port 80 enabled in IP - Services. What am I doing wrong? Please help!
You will need to post your config to let everyone see and help.
Config? Do you mean Supout.rif?
/export hide-sensitive file=mylatesconfig
Do not open web from outside, its a big security risk.
If you need remote access, use VPN.
If you can not use VLAN do the following.
- Limit outside access to specific IP
- Change to some random high port, do not use default port 80 (eks 34365)
- Also turn on port knocking (google it) so you need to access to or three ports before your port open.
OK, here is my config in attachment. Please, help!
mylatesconfig.rsc (7.5 KB)
I do not see any firewall rules. You will be hacked…
Do a Reset and start of with the default configuration on your router.
To access web gui from outside you could do:
/ip firewall filter
add action=accept chain=input dst-port=80 protocol=tcp
But this will make you router going down by a hacker faster than blink of your eye.
Also 6.44beta28 is a beta version, for test only, do not use in production.
Jotne, thanks, but I have already tried this and it’s not working! Firewall shows no input packets when I’m trying to connect from WAN. Only LAN connection works fine. Any ideas why?
It seems my ISP is blocking port 80. I have changed port number and now all works fine! The problem is solved! Thanks to all!
Same as in this post:
http://forum.mikrotik.com/t/solved-unable-to-dstnat-from-port-80/125044/14
But remember.
Secure your setup.
Do not use beta in production.
Actually I think you created yourself a bigger problem. Access to the router over a non-encrypted connection. You may want to reconsider your configuration, setting up VPN is both really easy to do and more secure.
OK, I’ll think about it. Thank you guys!
Hi!
I have setup pptp VPN to call my router from WAN - it works and I am able to access LAN resources… except the router itself. Winbox and Webfig are not accessible via the router’s LAN ip.
Is this a firewall problem? Could anyone, please, advise how to fix it?
Thanks!
Ros
Hello,
If you just need to obtain a remote access from WAN to your Mikrotik Routerbard with Webfig, you can try to configure your Routerboard with Cloutik, it can enable such feature
And you will forget about VPN configuration problem…
francescob
how does cloutik work?
I saw there are a couple os scripts on routerOS, but what about the server side?
It seems that you use a system like Teamviewer.
You setup a type of connection for your router to a site called Cloutik, (did not see any cost for it, but there I do guess its not free), then you connect til Cloutik for then connect to your router.
How are this more secure than you setup a link directly to your router (preferably VPN)?
It will know everything going on at your site, copy of configuration ++
What happens if Cloutik get hacked? Could some get inn to all routers Cloutik handles?
Link to company
https://www.cloutik.com/
Hi Jotne,
Thanks for your answer.
Yes, I think it is an issue. I mean, send all my traffic through an unknown server.
By the way, what I really want to accomplish is to be able to config routers behind an ISP Cable Modem or ADSL Modem IF I CAN NOT CHANGE ths ISP device configuration (no access).
Saying in a different way: how software for management remote hotspots can manage remote Routers behind ISP devices?
https://drive.google.com/file/d/1jX92SAngei5fkwGOSB6KJnlD_ch_DNT9/view
Make the router using VPN to connects to a sentral site. It does accept DNS name in the config, so its easy to setup.
Hey Ros, I have exactly the same issue with my RB4011. Where you able to solve it? It’s no problem on the older devices (RB450G) but they probably have a different default config and I cannot spot the difference.
Cheers,
Shoe