Community discussions

MikroTik App
 
turkel
just joined
Topic Author
Posts: 5
Joined: Tue Dec 29, 2020 10:33 pm

Server is not accessable through mikrotik router

Tue Dec 29, 2020 10:50 pm

Hello,

I am newbie and freash, please guide me. Currently I am having course of mikrotik basics which will last 2 week but in mean time I dont want my network to be paralised.

What I have is webserver with serveral VMs static ips set up for each, ddwrt wireless AP, 2 IP camera.

I need to setup public access through my estatic external to my server VMs and CCTV also internal access.

I have followed most possible tutorials to setup pppoe, webserver, NAT forwarding, hairpin setup.

What is not working is I cant access my server ip 192.168.1.10 internally but server have internet. sure externally it is also no available. Please review my configurration and advise what is wrong there, I appreciate you help.

My CCtvs are also works also hairpin works for them.
# dec/29/2020 23:46:43 by RouterOS 6.48

# software id = L

#

# model = RB3011UiAS

# serial number =

/interface bridge

add admin-mac=C4:AD:34:2F auto-mac=no comment=defconf name=bridge

/interface pppoe-client

add add-default-route=yes disabled=no interface=ether1 name=pppoe-out1 \

    password=111111 use-peer-dns=yes user=111111

/interface list

add comment=defconf name=WAN

add comment=defconf name=LAN

/interface wireless security-profiles

set [ find default=yes ] supplicant-identity=MikroTik

/ip pool

add name=dhcp ranges=192.168.1.1-192.168.1.254

/ip dhcp-server

add address-pool=dhcp disabled=no interface=bridge name=defconf

/user group

set full policy="local,telnet,ssh,ftp,reboot,read,write,policy,test,winbox,pas\

    sword,web,sniff,sensitive,api,romon,dude,tikapp"

/interface bridge port

add bridge=bridge comment=defconf interface=ether2

add bridge=bridge comment=defconf interface=ether3

add bridge=bridge comment=defconf interface=ether4

add bridge=bridge comment=defconf interface=ether5

add bridge=bridge comment=defconf interface=ether6

add bridge=bridge comment=defconf interface=ether7

add bridge=bridge comment=defconf interface=ether8

add bridge=bridge comment=defconf interface=ether9

add bridge=bridge comment=defconf interface=ether10

add bridge=bridge comment=defconf interface=sfp1

/ip neighbor discovery-settings

set discover-interface-list=LAN

/interface detect-internet

set detect-interface-list=all

/interface list member

add comment=defconf interface=bridge list=LAN

add comment=defconf interface=ether1 list=WAN

add interface=pppoe-out1 list=WAN

/ip address

add address=192.168.1.1/24 comment=defconf interface=ether2 network=\

    192.168.1.0

add address=81.21.95.xxx interface=pppoe-out1 network=81.21.95.xxx

/ip dhcp-client

add comment=defconf interface=ether1

/ip dhcp-server network

add address=192.168.1.0/24 comment=defconf gateway=192.168.1.1 netmask=24

/ip dns

set allow-remote-requests=yes

/ip dns static

add address=192.168.1.1 name=router.lan

/ip firewall filter

add action=accept chain=input comment=\

    "defconf: accept established,related,untracked" connection-state=\

    established,related,untracked

add action=drop chain=input comment="defconf: drop invalid" connection-state=\

    invalid

add action=accept chain=input comment="defconf: accept ICMP" protocol=icmp

add action=drop chain=input comment="defconf: drop all not coming from LAN" \

    in-interface-list=!LAN

add action=accept chain=forward comment="defconf: accept in ipsec policy" \

    ipsec-policy=in,ipsec

add action=accept chain=forward comment="defconf: accept out ipsec policy" \

    ipsec-policy=out,ipsec

add action=fasttrack-connection chain=forward comment="defconf: fasttrack" \

    connection-state=established,related

add action=accept chain=forward comment=\

    "defconf: accept established,related, untracked" connection-state=\

    established,related,untracked

add action=drop chain=forward comment="defconf: drop invalid" \

    connection-state=invalid

add action=drop chain=forward comment=\

    "defconf:  drop all from WAN not DSTNATed" connection-nat-state=!dstnat \

    connection-state=new in-interface-list=WAN

/ip firewall nat

add action=masquerade chain=srcnat dst-address=192.168.1.0/24 src-address=\

    192.168.1.0/24

add action=masquerade chain=srcnat comment="defconf: masquerade" \

    ipsec-policy=out,none out-interface-list=WAN

add action=dst-nat chain=dstnat dst-address=19.238.184.93 dst-port=7071 \

    protocol=tcp to-addresses=192.168.1.71 to-ports=80

add action=dst-nat chain=dstnat dst-address=19.238.184.93 dst-port=7072 \

    protocol=tcp to-addresses=192.168.1.72 to-ports=80

add action=dst-nat chain=dstnat disabled=yes dst-address=19.238.184.93 \

    in-interface=pppoe-out1 log=yes protocol=tcp src-port="" to-addresses=\

    192.168.1.11 to-ports=80

add action=dst-nat chain=dstnat disabled=yes dst-address=19.238.184.93 \

    in-interface=pppoe-out1 log=yes protocol=tcp to-addresses=192.168.1.11 \

    to-ports=443

/tool mac-server

set allowed-interface-list=LAN

/tool mac-server mac-winbox

set allowed-interface-list=LAN


 
User avatar
BartoszP
Forum Guru
Forum Guru
Posts: 1896
Joined: Mon Jun 16, 2014 1:13 pm
Location: Poland

Re: Server is not accessable through mikrotik router

Sun Jan 03, 2021 9:25 pm

Real admins use real keyboards.
To quote or not to quote, there is the topic: viewtopic.php?f=2&t=168474
 
erkexzcx
Member Candidate
Member Candidate
Posts: 153
Joined: Mon Oct 07, 2019 11:42 pm

Re: Server is not accessable through mikrotik router

Mon Jan 04, 2021 11:42 am

What is not working is I cant access my server ip 192.168.1.10 internally but server have internet.
what?
 
User avatar
anav
Forum Guru
Forum Guru
Posts: 5947
Joined: Sun Feb 18, 2018 11:28 pm
Location: Nova Scotia, Canada
Contact:

Re: Server is not accessable through mikrotik router

Mon Jan 04, 2021 2:49 pm

/ip address

add address=192.168.1.1/24 comment=defconf interface=ether2 network=192.168.1.0
should be
add address=192.168.1.1/24 interface=bridge network=192.168.1.0

Furthermore you have no port forwardings to the server you noted................ but you have a couple to 192.168.1.71
I'd rather manage rats than software. Follow my advice at your own risk! (Sob & mkx forced me to write that!)
MTUNA Certified, by the Ascerbic Llama!

Who is online

Users browsing this forum: No registered users and 113 guests