Page 1 of 1

How to enable Webfig access from internet?

Posted: Wed Sep 11, 2019 2:29 pm
by mdennyh
Hi..
I have a Mikrotik RB that is connected directly through a fiber optic modem and I set the RB to dial my ISP with PPPoE.
My Mikrotik Board always have a public IP and I can set port forwarding for any port I want (standard port forwarding with IP/Firewall - NAT)
The problem is I can't access my webfig from internet somehow.
Here's what I had try so far:
  • Change the IP/Services for www from 80 to another port, like: 8181
  • Put a port forward rule to my RB's IP at port 8181
Nothing works, even though I can access another server on another port from internet.

Can someone help ?
Thank you in advance.

Re: How to enable Webfig access from internet?

Posted: Wed Sep 11, 2019 4:28 pm
by Sob
If you're accessing service on router itself, you only need to open port on router (using accept rule in input chain). Port forwarding rule won't do anything useful.

Re: How to enable Webfig access from internet?

Posted: Wed Sep 11, 2019 6:02 pm
by k6ccc
Also, HIGHLY recommend putting some additional security on it. There are several things that can be done if you really insist on having a WebFig port directly accessed from the internet. For example, if able, restrict the source IPs that can access it to only the IPs that you want to have access. For example if you want to access from a static IP at work, put that IP into an access list. Obviously if you need access from anywhere, that does not work. You are already using a non-standard port, but that is not much security by itself. Port knocking also helps.
Better would be to not use www access at all. WinBox is better. A VPN would be even better
.

Re: How to enable Webfig access from internet?

Posted: Wed Sep 11, 2019 6:21 pm
by kalamaja
Do NOT put WebFig directly into Internet. Instead, set up IPSec/L2TP VPN and enable access to WebFig through it. QuickSet can set it up for you, just enable VPN network from IP/Services. IPSec/L2TP is built into Win10/Android/iOS so no additional software is needed.

Re: How to enable Webfig access from internet?

Posted: Thu Sep 12, 2019 1:01 pm
by mdennyh
OK. So i decide not to access webfig through internet, but I can't enable the winbox access too.
I enabled the ip/cloud services from Quickset (see the attached screenshot) and I can access any service port from that address.
So I know that the cloud service works.
But still unable to access the RB from winbox from outside (internet)
Can someone tell me what I need to do ?

Re: How to enable Webfig access from internet?

Posted: Thu Sep 12, 2019 1:03 pm
by normis
so if you enabled VPN access in there, you can connect from a remote location with L2TP/IPsec VPN tunnel, with the credentials you provided

Re: How to enable Webfig access from internet?

Posted: Thu Sep 12, 2019 1:07 pm
by mdennyh
so if you enabled VPN access in there, you can connect from a remote location with L2TP/IPsec VPN tunnel, with the credentials you provided
unfortunately I can't :(
I try to change the username/password, disable/enable the cloud service, nothing works so far

Re: How to enable Webfig access from internet?

Posted: Thu Sep 12, 2019 3:02 pm
by Sob
If you use VPN, then you shouldn't be connecting to xxx.sn.mynetname.net in WinBox, that address is only for VPN client. In WinBox you should use whatever private address the server uses in tunnel (I don't know what Quick Set configures), after you connect to VPN.