OK,
I have 2 RB750G's each connected to a switch each with it's own Public IP on the WAN of each. And connected to cable modem.
The simple problem is I can't access one IP or domain of one of the routers Remotely.
I've been leaning towards the ISP needing a route to discern which IP to get to through the Gateway.
Any suggestions how to fix this simple problem.
Re: can't access 2nd rb750g via winbox
It almost sounds like your ISP isn't routing to the 2nd address properly.
Have you tried a traceroute to see where the packets are going?
Have you tried a traceroute to see where the packets are going?
Re: can't access 2nd rb750g via winbox
I think you may have a point.It almost sounds like your ISP isn't routing to the 2nd address properly.
Have you tried a traceroute to see where the packets are going?
I didn't mention I'm using one of the routers as the "remote" Usermanager, even though it's behind the same modem.
I'm not sure that's an issue.
Users login to both "hotspots" but one is the "usermanager". I've got the router with usermanger named with the public IP as compared to 127.0.0.1.
From router 1 with IP *.*.*.29. I point it to router2 (usermanager) at *.*.*.30.
Everything works fine if I'm on router 1 domain. yet, once I leave it I can't get to it from outside it's domain.
I did a tracert.
And yes, something strange occurs.
when I do a tracert from inside router1 domain it hops to the router 2 domain then out to the proper public IP.
hmmmm.
OK, disregard the above (hop). I was testing with a PPTP connection and was connected to the other router via PPTP. Thus the "strange hop".
Duh.
So, it's something I've got screwed up. Now I'm grasping, thinking because I didn't do a"netinstall" upgrade from 5.6 to 5.7 I'm screwed up there. Any issues with installing 5.7 without doing a "netinstall". Possibly bad install.
Ok, now I'm changing the IP on the "remote" usermanager to 127.0.0.1 instead of it's own public IP.
Everything works as far as authentication from either hotspot. But yet to try accessing from outside.
Re: can't access 2nd rb750g via winbox
Anybody please have any suggestions.
How does one access 2 different routers on different IP's behind same modem from outside either domain.
Can't be that difficult.
I just need a suggestion, possibly a port changed or firewall rule.
I can get to one of the routers but not the other.
This has worked in the past.
5.7 issue?
Each one has the basic automatic setup as far as hostpost and IP's
One is .88.1 the other .0.1
Each has it's on static IP.
PLEASE. HELP.
Here's my firewall
How does one access 2 different routers on different IP's behind same modem from outside either domain.
Can't be that difficult.
I just need a suggestion, possibly a port changed or firewall rule.
I can get to one of the routers but not the other.
This has worked in the past.
5.7 issue?
Each one has the basic automatic setup as far as hostpost and IP's
One is .88.1 the other .0.1
Each has it's on static IP.
PLEASE. HELP.
Here's my firewall
/ip firewall connection tracking
set enabled=yes generic-timeout=10m icmp-timeout=10s \
tcp-close-timeout=10s tcp-close-wait-timeout=10s \
tcp-established-timeout=1d tcp-fin-wait-timeout=10s \
tcp-last-ack-timeout=10s tcp-syn-received-timeout=5s \
tcp-syn-sent-timeout=5s tcp-syncookie=no tcp-time-wait-timeout=10s \
udp-stream-timeout=3m udp-timeout=10s
/ip firewall filter
add action=passthrough chain=unused-hs-chain comment=\
"place hotspot rules here" disabled=yes
add action=accept chain=input comment="default configuration" \
disabled=no protocol=icmp
add action=accept chain=input comment="default configuration" \
connection-state=established disabled=no
add action=accept chain=input comment="default configuration" \
connection-state=related disabled=no
add action=drop chain=input comment="default configuration" disabled=\
no in-interface=ether1-gateway
/ip firewall nat
add action=passthrough chain=unused-hs-chain comment=\
"place hotspot rules here" disabled=yes
add action=masquerade chain=srcnat comment="default configuration" \
disabled=no out-interface=ether1-gateway
add action=masquerade chain=srcnat comment=\
"masquerade hotspot network" disabled=no src-address=\
192.168.88.0/24
/ip firewall service-port
set ftp disabled=no ports=21
set tftp disabled=no ports=69
set irc disabled=no ports=6667
set h323 disabled=no
set sip disabled=no ports=5060,5061 sip-direct-media=yes
set pptp disabled=no
[admin@&&&&&&] > interface print detail
Flags: D - dynamic, X - disabled, R - running, S - slave
0 R name="ether1-gateway" type="ether" mtu=1500 l2mtu=1520 max-l2mtu=1520
1 R name="ether2-master-local" type="ether" mtu=1500 l2mtu=1520 max-l2mtu=1520
2 name="ether3-slave-local" type="ether" mtu=1500 l2mtu=1520 max-l2mtu=1520
3 name="ether4-slave-local" type="ether" mtu=1500 l2mtu=1520 max-l2mtu=1520
4 name="ether5-slave-local" type="ether" mtu=1500 l2mtu=1520 max-l2mtu=1520
ip route print detail
Flags: X - disabled, A - active, D - dynamic,
C - connect, S - static, r - rip, b - bgp, o - ospf, m - mme,
B - blackhole, U - unreachable, P - prohibit
0 A S dst-address=0.0.0.0/0 gateway=98.173.40.17
gateway-status=98.*.*.17 reachable ether1-gateway distance=1 scope=30
target-scope=10
1 ADC dst-address=98.*.*.16/28 pref-src=98.*.*.30 gateway=ether1-gateway
gateway-status=ether1-gateway reachable distance=0 scope=10
2 ADC dst-address=192.168.88.0/24 pref-src=192.168.88.1 gateway=ether2-master-local
gateway-status=ether2-master-local reachable distance=0 scope=10
/ip address> print detail
Flags: X - disabled, I - invalid, D - dynamic
0 ;;; default configuration
address=192.168.88.1/24 network=192.168.88.0 interface=ether2-master-local actual-interface=ether2-master-local
1 address=98.*.*.30/28 network=98.*.*.16 interface=ether1-gateway actual-interface=ether1-gateway
Re: can't access 2nd rb750g via winbox
i can't help more
how about you see my Post in here
http://forum.mikrotik.com/viewtopic.php?f=13&t=55525
Let Me said your 1st Mikrotik is x.x.88.0/24 and the 2nd is x.x.0.0/24
so, you remote from x.x.0.0/24 connect o x.x.88.0/24 and the connection is timeout. right ???
My config at that post working fine. and from x.x.88.0/24 remote to x.x.0.0/24 working fine too
The problem is at NAT from both mikrotik. look my NAT config. i do the same thing at both mikrotik. maybe that can help you. and i not expert at this mikrotik. just, knowing a little
how about you see my Post in here
http://forum.mikrotik.com/viewtopic.php?f=13&t=55525
Let Me said your 1st Mikrotik is x.x.88.0/24 and the 2nd is x.x.0.0/24
so, you remote from x.x.0.0/24 connect o x.x.88.0/24 and the connection is timeout. right ???
My config at that post working fine. and from x.x.88.0/24 remote to x.x.0.0/24 working fine too
The problem is at NAT from both mikrotik. look my NAT config. i do the same thing at both mikrotik. maybe that can help you. and i not expert at this mikrotik. just, knowing a little
Re: can't access 2nd rb750g via winbox
Hi thanks for the reply.
I can ping anything from anywhere. I just can't get into the second router. Of course that's the private sub.
I can't even get to the Public IP I have on the router.
I shouldn't have to port forward anything should I? 2 routers behind one modem? I guess one would think a port forward would be needed.
I changed the www port on the accessible router to 81 to see if that would make the inaccessible router accesible on the default www (80) port . But no luck.
What's the firewall rule I need to change?
HELP!!!!! ?SOMEONE?
I can ping anything from anywhere. I just can't get into the second router. Of course that's the private sub.
I can't even get to the Public IP I have on the router.
I shouldn't have to port forward anything should I? 2 routers behind one modem? I guess one would think a port forward would be needed.
I changed the www port on the accessible router to 81 to see if that would make the inaccessible router accesible on the default www (80) port . But no luck.
What's the firewall rule I need to change?
HELP!!!!! ?SOMEONE?
Re: can't access 2nd rb750g via winbox
i don't if this can help you. you can't remote to 2nd RB, and you should set on the 2nd RB src-nat at Firewall NatHi thanks for the reply.
I can ping anything from anywhere. I just can't get into the second router. Of course that's the private sub.
I can't even get to the Public IP I have on the router.
I shouldn't have to port forward anything should I? 2 routers behind one modem? I guess one would think a port forward would be needed.
I changed the www port on the accessible router to 81 to see if that would make the inaccessible router accesible on the default www (80) port . But no luck.
What's the firewall rule I need to change?
HELP!!!!! ?SOMEONE?
Code: Select all
/ip firewall nat
add chain=srcnat action=src-nat to-addresses=192.168.88.1 dst-address=192.168.88.0/24 comment="accept nat to 1st RB"
/ip firewall filter
add chain=input action=accept protocol=tcp dst-port=8291 comment="accept winbox"
add chain=input action=accept protocol=icmp comment="accept icmp"
C M I I W
Re: can't access 2nd rb750g via winbox
thanks for the suggestions.
I'm outside of that routers domain, so I can't get to it yet.
When I'm in it's local domain I'll change the src nat rule.
I'm outside of that routers domain, so I can't get to it yet.
When I'm in it's local domain I'll change the src nat rule.
Re: can't access 2nd rb750g via winbox
I tried both rules you suggested. Still nothing.
I can't even get to the Public IP of the router.
I can ping it, etc...
But can't access it, even less access winbox.
Baffled.
ISP pings it so that's not the problem.
I can't even get to the Public IP of the router.
I can ping it, etc...
But can't access it, even less access winbox.
Baffled.
ISP pings it so that's not the problem.
Re: can't access 2nd rb750g via winbox
you mean is, you want remote to the 2nd Mikrotik using another IP Public ??? (not from 1st Mikrotik connection)I tried both rules you suggested. Still nothing.
I can't even get to the Public IP of the router.
I can ping it, etc...
But can't access it, even less access winbox.
Baffled.
ISP pings it so that's not the problem.
am i wrong ???
Re: can't access 2nd rb750g via winbox
Sorry, late reply. But, thanks yes that's what I meant: Couldn't see the router from outside it's domain or couldn't see the Public IP.
BUT... I figured it out.
If you default a router/hostpost and let it use the default setup. It disallows you access to it remotely.
The "Drop Access" rule in firewall is in place.
This was extremely frustrating and not that obvious to a semi-beginner.
The "documentation" on these is....mysterious.
BUT... I figured it out.
If you default a router/hostpost and let it use the default setup. It disallows you access to it remotely.
The "Drop Access" rule in firewall is in place.
This was extremely frustrating and not that obvious to a semi-beginner.
The "documentation" on these is....mysterious.
Re: can't access 2nd rb750g via winbox
Sorry, late reply. But, thanks yes that's what I meant: Couldn't see the router from outside it's domain or couldn't see the Public IP.
BUT... I figured it out.
If you default a router/hostpost and let it use the default setup. It disallows you access to it remotely.
The "Drop Access" rule in firewall is in place.
This was extremely frustrating and not that obvious to a semi-beginner.
The "documentation" on these is....mysterious.
if you from outside of your server, so you here the conifg
Code: Select all
/ip firewall nat
add chain=dstnat action=dst-nat to-addresses=(ip gateway 2nd RB) protocol=tcp dst-address=(IP Public) dst-port=8291,8080
Who is online
Users browsing this forum: No registered users and 54 guests