MikroTik

Dear all

have a beginners question i want to forward a wan ip address F.E 62.1.1.14/29 to a internal SDH Ethernet port 192.168.1.30 in order to use telnet to remotely configure the equipment the router is mikrotik 2011rb router OS 6.4. Up until now i have tried to do so using dstnat but i still get a message that my session is timed out .

Thank you

Hi, try changing the external port your connecting on and refering to in DST_NAT as the source port. Also check that ip services has port 23 disabled.

I would highly recommend not using Telnet over the internet without using some sort of encrypted tunnel like IPsec. Anyone could read your credentials in plain text and compromise the system you expose to the internet.

I would suggest either setting up a VPN server on the MikroTik you are trying to port forward on (L2TP/IPsec, SSTP, IPsec XAuth) and using Telnet through the tunnel or if you can securely open Winbox to the remote router, you can use the telnet tool on the MikroTik to telnet to any device behind that network.

You should take a few things into consideration though, if you take this approach you will be connecting over the internet via Telnet. Telnet has no encryption mechanism so all data will be plain text. This means that anyone in the middle of that connection can see your login credentials and compromise the device.

I would strongly recommend using a VPN technology with IPsec such as L2TP/IPsec or even IPsec XAuth to securely connect to the gateway device, then you can Telnet directly to the device using the local address 192.168.1.30 since you would be tunneled inside of the local network. If you already have Winbox access to the gateway router, you can also go to Tools > Telnet click the Telnet radio button and insert 192.168.1.30 into the address field. This will allow you to Telnet into the device from the MikroTik on site.