Winbox alternate port

ke6hpz · April 2, 2010, 12:06am

I am trying to map winbox through a gateway device. It only allows me to port map devices to its address, to ports 60000-60050. I can go into ip/services and set the winbox port to another port. But when I try to point winbox to the mikrotik, by opening winbox, and doing an 192.168.1.56:60020. it doesn’t response to that new port. Any idea what I am doing wrong.
Thanks
Glenn Allen

fewi · April 2, 2010, 12:20am

Are you trying to hit that new port without anything else in the way? Does it work then? If not, do you have firewall filters that would block that traffic in the ‘input’ chain?

ke6hpz · April 2, 2010, 12:40am

I have been trying to do this without the gateway box in the way yet, and I have no firewall rules put in yet. So all I have done is changed the winbox port, and try to connect to it right in front of it. Winbox says, connect to 192.168.1.55 (port 8291) for a 1/2 a second, then it says connecting to 192.168.1.55(port 60020) and it just hangs there forever.

Glenn Allen

fewi · April 2, 2010, 1:28am

Can you post the output of “/ip services print”? And, just to humor me, “/ip firewall filter print” and “/ip firewall nat print”?

You’re referring to IP 192.168.1.55 in one post, and .56 in another - is that a typo?

You can also implement a firewall rule that accepts the port you’re listening for WinBox on, and then watch counters to see if traffic hits the rule - or use torch or the sniffer to check the same.

changeip · April 2, 2010, 2:43am

winbox alternate ports only work in 3 and 4 ros. are you using 2.9.x ?

ke6hpz · April 2, 2010, 4:05am

That was a typo about the address.

Here is what I have
/ip service> print
Flags: X - disabled, I - invalid

NAME PORT ADDRESS CERTIFICATE

0 telnet 23 0.0.0.0/0
1 X ftp 21 0.0.0.0/0
2 www 2048 0.0.0.0/0
3 ssh 65432 0.0.0.0/0
4 X www-ssl 443 0.0.0.0/0 none
5 X api 8728 0.0.0.0/0
6 winbox 60020 0.0.0.0/0

/ip firewall filter> print
Flags: X - disabled, I - invalid, D - dynamic

/ip firewall nat> print
Flags: X - disabled, I - invalid, D - dynamic

as I said, nothing in Firewall

Glenn Allen

ke6hpz · April 2, 2010, 4:07am

I am running v4.6

Glenn Allen

fewi · April 2, 2010, 4:20am

That should work, I’m out of ideas.

changeip · April 2, 2010, 4:59pm

maybe they broke that “feature”. he he. Try using 8291, but using a dst-nat on the router in front to change the port from 6xxxx to 8291. i know that works here at least.

changeip · April 2, 2010, 5:00pm

also make sure you have a new winbox loader.

ke6hpz · April 2, 2010, 11:34pm

Well that was it. I was using an older Winbox loader.

I went and downloaded a new one, and it worked.

Thanks