Community discussions

 
scolak
just joined
Topic Author
Posts: 5
Joined: Wed May 24, 2017 2:46 pm

Mikrotik to Mikrotik winbox port forwarding

Wed May 24, 2017 3:02 pm

Hi,
I am having a problem with port forwarding from mikrotik to mikrotik to open winbox interface.
I have my public IP and when I enter <publicip>:8291 it enters my main mikrotik router, but when I enter <public ip>:8295 with nat rule to forward it to my <mikrotik internal ip>:8291 it cannot connect. I've done telnet to that port and it is opened and it works. The problem is only when I try to access it through winbox.
Thanks for your help :D

nat rule:
add chain=dstnat dst-address=myIP dst-port=8295 protocol=tcp action=dst-nat to-addresses=myInternalIP to-ports=8291
 
User avatar
BartoszP
Forum Guru
Forum Guru
Posts: 1717
Joined: Mon Jun 16, 2014 1:13 pm
Location: Poland

Re: Mikrotik to Mikrotik winbox port forwarding

Wed May 24, 2017 3:06 pm

Is the router with DST rule the gateway for the internal router ?
If not then the packet incoming to the internal router has source IP from WAN so this router sends the answer to it's GW and the traffic coming back to the Winbox is not coherent with outgoing one.

BTW: Look at RoMON https://wiki.mikrotik.com/wiki/Manual:RoMON
Real admins use real keyboards.
 
scolak
just joined
Topic Author
Posts: 5
Joined: Wed May 24, 2017 2:46 pm

Re: Mikrotik to Mikrotik winbox port forwarding

Wed May 24, 2017 3:33 pm

Is the router with DST rule the gateway for the internal router ?
If not then the packet incoming to the internal router has source IP from WAN so this router sends the answer to it's GW and the traffic coming back to the Winbox is not coherent with outgoing one.

BTW: Look at RoMON https://wiki.mikrotik.com/wiki/Manual:RoMON
Yes the main router is internet gateway for all other routers in the network. I am using them as wifi access points right now. I can telnet the port but i cannot open it with winbox.
 
scolak
just joined
Topic Author
Posts: 5
Joined: Wed May 24, 2017 2:46 pm

Re: Mikrotik to Mikrotik winbox port forwarding

Wed May 24, 2017 5:08 pm

I've done telnet from my main router <publicIP>:8296 and I got
telnet: Unable to connect to remote host: Connection refused
, but when I do the same thing from my mikrotik router i get inside the console of my router.
 
chuky0
newbie
Posts: 27
Joined: Thu Apr 20, 2017 7:49 pm

Re: Mikrotik to Mikrotik winbox port forwarding

Thu Jun 01, 2017 7:54 pm

please look at my post where I had the same problem you describe.

viewtopic.php?t=121331

In short I used this article titled Access "hidden" mikrotik device by Winbox https://shop.duxtel.com.au/article_info ... icles_id=6 as a guideline.
 
Shadeofspirit
Member Candidate
Member Candidate
Posts: 204
Joined: Fri May 27, 2016 12:15 am
Location: Minsk
Contact:

Re: Mikrotik to Mikrotik winbox port forwarding

Thu Jun 01, 2017 11:31 pm

why you don't use RoMON? it is made for that. With it you can access any RB behind your RB gateway without port forwarding
MTCNA, MTCWE
 
jarda
Forum Guru
Forum Guru
Posts: 7604
Joined: Mon Oct 22, 2012 4:46 pm

Re: Mikrotik to Mikrotik winbox port forwarding

Sat Jun 03, 2017 7:49 pm

Someone can consider romon as blackbox opening unknown holes into the network. Therefore the dst natting can be much more clear and manageable.
 
User avatar
k6ccc
Member
Member
Posts: 480
Joined: Fri May 13, 2016 12:01 am
Location: Glendora, CA, USA (near Los Angeles)

Re: Mikrotik to Mikrotik winbox port forwarding

Tue Jun 06, 2017 2:22 am

Hi,
I am having a problem with port forwarding from mikrotik to mikrotik to open winbox interface.
I have my public IP and when I enter <publicip>:8291 it enters my main mikrotik router, but when I enter <public ip>:8295 with nat rule to forward it to my <mikrotik internal ip>:8291 it cannot connect. I've done telnet to that port and it is opened and it works. The problem is only when I try to access it through winbox.
Thanks for your help :D

nat rule:
add chain=dstnat dst-address=myIP dst-port=8295 protocol=tcp action=dst-nat to-addresses=myInternalIP to-ports=8291
I'm assuming you are attempting this from the internet? Is there any firewall rule that would be blocking it?

BTW, my opinion is to not use the standard ports for WinBox. I use non-standard ports for all the services on the router that are accessible from the internet. I have a firewall rule that specifically drops attempts to access the router on the "standard" ports - solely for the purpose of seeing the number of packets attempting to access them. The WinBox port does not get as many attempts as FTP, SSH, and Telnet, but it gets quite a few. I also have other security in place to prevent access.
RB750Gr3, RB750r2, CRS326-24G-2S (in SwitchOS), CSS326-24G-2S, CSS106-5G-1S, RB260GS
Not sure if I beat them in submission, or they beat me into submission


Jim

Who is online

Users browsing this forum: Majestic-12 [Bot] and 47 guests