Community discussions

 
redxblood
just joined
Topic Author
Posts: 9
Joined: Fri Sep 29, 2017 9:17 pm

Access router inside LAN via WAN with NAT?

Thu Oct 12, 2017 4:19 pm

I think this is explained easier with an image, please see attached.
Last edited by redxblood on Fri Dec 08, 2017 4:12 pm, edited 1 time in total.
 
Feklar
Forum Guru
Forum Guru
Posts: 1726
Joined: Tue Dec 01, 2009 11:46 pm

Re: Access router inside LAN via WAN with NAT?

Thu Oct 12, 2017 5:35 pm

1.) Have to change the to-port to the appropriate service, port 80 for http, 443 for https.
2.) Does your firewall filter allow connections from the outside world into the network? If not create the appropriate rule, be as specific with the rule as you can be for security reasons.
 
redxblood
just joined
Topic Author
Posts: 9
Joined: Fri Sep 29, 2017 9:17 pm

Re: Access router inside LAN via WAN with NAT?

Thu Oct 12, 2017 8:33 pm

The firewall is already acc
Last edited by redxblood on Fri Dec 08, 2017 4:12 pm, edited 1 time in total.
 
User avatar
CZFan
Member Candidate
Member Candidate
Posts: 177
Joined: Sun Oct 09, 2016 8:25 pm
Location: South Africa
Contact:

Re: Access router inside LAN via WAN with NAT?

Thu Oct 12, 2017 8:51 pm

Not knowing how the TPLink is configured / connected makes every suggestion a guess, any firewall settings on the TPLink possibly blocking?
MTCNA, MTCTCE, almost MTCRE :-)
 
Feklar
Forum Guru
Forum Guru
Posts: 1726
Joined: Tue Dec 01, 2009 11:46 pm

Re: Access router inside LAN via WAN with NAT?

Fri Oct 13, 2017 12:46 am

The firewall is already accepting all entry from port 81 and 80 - if it's working for my remote management of the main router, it should for the other one no problem.

And yes, i added the specific port but it didn't help. Still won't let me, no idea what i'm missing.
Input or forward chain for the rules? Screen shots do not really tell enough information, your best course of action would be to provide an '/ip firewall export' and paste it here. That way all relevant rules can be reviewed.
 
redxblood
just joined
Topic Author
Posts: 9
Joined: Fri Sep 29, 2017 9:17 pm

Re: Access router inside LAN via WAN with NAT?

Fri Oct 13, 2017 5:19 pm

Not a bad idea, heres the log:
Last edited by redxblood on Fri Dec 08, 2017 4:12 pm, edited 1 time in total.
 
Feklar
Forum Guru
Forum Guru
Posts: 1726
Joined: Tue Dec 01, 2009 11:46 pm

Re: Access router inside LAN via WAN with NAT?

Fri Oct 13, 2017 11:09 pm

Your forward chain is kinda OK. There is no default drop all, so basically it's permitting everything to be forwarded. That is not very secure, it would be better to lock it down, but that is outside the scope of your question.

Your last NAT rule that is doing the forwarding needs to be different:
add action=dst-nat chain=dstnat comment="Enable Remote Desktop to Router" disabled=no dst-port=81 protocol=tcp to-addresses=192.168.123.252 to-port=80
And in order to access it from the outside world you need to specify the port.
http://<public-ip>:81

Note that port 81 is a reserved port, it would be better to use a port that is higher than 1024. Your previous rule may of fired, but would forward port 81 to port 81. The modified rule will forward port 81 to port 80. HTTP is defined to run on port 80, and you also had the rule disabled. Also since I'm assuming that you have the MikroTik listening on port 80 for it's web interface, it will not forward port 80 traffic, as it is processing it for itself.

Who is online

Users browsing this forum: No registered users and 12 guests