hi ,
I am new to forum but not new to mikrotik.
I have mikrotik RB951G-2HnD and latest version 6.43 .
Problem that I cannot connect via winbox from outside
this is my configuration . If any one can see what am i miss please let me tell
model = 951G-2HnD
serial number =
/interface bridge
add admin-mac=CC:2D:E0:65:AE:D1 auto-mac=no comment=defconf name=bridge
/interface wireless
set [ find default-name=wlan1 ] band=2ghz-b/g/n channel-width=20/40mhz-Ce
disabled=no distance=indoors frequency=auto mode=ap-bridge ssid=
MikroTi wireless-protocol=802.11
/interface ethernet
set [ find default-name=ether4 ] full-duplex=no name=ether4-WAN
/interface list
add comment=defconf name=WAN
add comment=defconf name=LAN
/interface wireless security-profiles
set [ find default=yes ] authentication-types=wpa-psk,wpa2-psk group-ciphers=
tkip,aes-ccm mode=dynamic-keys supplicant-identity=MikroTik
unicast-ciphers=tkip,aes-ccm wpa-pre-shared-key=Krok1234
wpa2-pre-shared-key=Krok1234
/ip pool
add name=dhcp ranges=10.0.0.100-10.0.0.200
add name=dhcp_pool1 ranges=10.0.0.100-10.0.0.200
/ip dhcp-server
add address-pool=dhcp_pool2 disabled=no interface=wlan1 name=dhcp1 relay=
10.0.0.1
/interface bridge port
add bridge=bridge comment=defconf interface=ether2
add bridge=bridge comment=defconf interface=ether5
add bridge=bridge comment=defconf interface=ether3
/ip neighbor discovery-settings
set discover-interface-list=LAN
/interface detect-internet
set detect-interface-list=all internet-interface-list=all lan-interface-list=
all wan-interface-list=all
/interface list member
add comment=defconf interface=bridge list=LAN
add comment=defconf interface=ether1 list=WAN
/ip address
add address=192.168.88.1/24 comment=defconf disabled=yes interface=bridge
network=192.168.88.0
add address=2X.X.X.X/30 interface=ether4-WAN network=X.X.X.Y
add address=192.168.1.1/24 interface=bridge network=192.168.1.0
add address=10.0.0.1/24 interface=ether2 network=10.0.0.0
/ip dhcp-client
add comment=defconf dhcp-options=hostname,clientid interface=bridge
/ip dhcp-server network
add address=10.0.0.0/24 gateway=10.0.0.1 netmask=24
/ip dns
set allow-remote-requests=yes servers=8.8.8.8
/ip dns static
add address=10.0.0.1 name=router.lan
/ip firewall filter
add action=accept chain=input comment=“Acce winbox” dst-port=44344
in-interface=ether4-WAN protocol=tcp
add action=accept chain=input connection-state=established,new dst-port=8291
protocol=tcp
add action=accept chain=input connection-nat-state=srcnat connection-state=
new protocol=icmp
add action=accept chain=input comment=
“defconf: accept established,related,untracked” connection-state=
established,related,untracked
add action=drop chain=input comment=“defconf: drop invalid” connection-state=
invalid disabled=yes
add action=accept chain=input comment=“defconf: accept ICMP” protocol=icmp
add action=accept chain=forward comment=“defconf: accept in ipsec policy”
ipsec-policy=in,ipsec
add action=accept chain=forward comment=“defconf: accept out ipsec policy”
ipsec-policy=out,ipsec
add action=fasttrack-connection chain=forward comment=“defconf: fasttrack”
connection-state=established,related
add action=accept chain=forward comment=
“defconf: accept established,related, untracked” connection-state=
established,related,untracked
add action=drop chain=forward comment=“defconf: drop invalid”
connection-state=invalid disabled=yes
add action=drop chain=forward comment=
“defconf: drop all from WAN not DSTNATed” connection-nat-state=!dstnat
connection-state=new disabled=yes in-interface-list=WAN
/ip firewall nat
add action=masquerade chain=srcnat comment=“defconf: masquerade”
ipsec-policy=out,none out-interface-list=WAN
/ip route
add distance=1 gateway=10.0.0.1
/ip service
set winbox port=44344
/system clock
/system package update
set channel=bugfix
/system routerboard settings
set silent-boot=no
/tool mac-server
set allowed-interface-list=LAN
/tool mac-server mac-winbox
set allowed-interface-list=LAN