Community discussions

MikroTik App
 
grmihel2
newbie
Topic Author
Posts: 30
Joined: Tue Jul 06, 2010 5:55 pm

Access to modem behind Mikrotik router

Sat Aug 02, 2014 1:45 am

Hi guys,

I think this is very basic, yet I'm stucked to figure out how to get it work.
I'm having an DSL modem in front of my mikrotik, and a bunch of computers behind my mikrotik of cause.
Since my shitty modem doesn't allow me to make it into bridge mode, I have to bind a static IP for my MT on the modem, and place that IP in DMZ to get past the modem without any blocks on that.
My modem is running wih (just an example) 10.0.0.1/24 as DHCP scope, and assigned to my MT is 10.0.0.10 placed in DMZ. The gateway of the modem's DHCP is 10.0.0.1.

Now, how does I create access to the modem on 10.0.0.1, from a computer connected to my MT router?? I want my computer to be able to access the modem interface, by connection to 10.0.0.1 via a browser.

Any help is appriciated :)
 
sonny
Member Candidate
Member Candidate
Posts: 208
Joined: Fri Jan 28, 2005 5:14 pm
Location: Germany
Contact:

Re: AW: Access to modem behind Mikrotik router

Sat Aug 02, 2014 9:10 am

On the modem you have to set a route to your local net behind your tik.



Gesendet von meinem HTC Flyer P510e mit Tapatalk 2
Karl Sonnleitner
Senior Wireless-Expert
Restlesspowerbox - managed powersupply for Routerboards
 
Rudios
Forum Veteran
Forum Veteran
Posts: 966
Joined: Mon Mar 11, 2013 12:58 pm
Location: The Netherlands

Re: Access to modem behind Mikrotik router

Sat Aug 02, 2014 11:46 pm

Or masquerade Nat on the outgoing interface of your mikrotik.
Testing setup with: 2 x RB750UP | 2 x RB750GL | 1 x RB951G-2HnD | 1 x RB2011UiAS-IN
 
grmihel2
newbie
Topic Author
Posts: 30
Joined: Tue Jul 06, 2010 5:55 pm

Re: Access to modem behind Mikrotik router

Sun Aug 03, 2014 11:08 pm

Sine the suggestion that Sonny made, can't be done, sine I don't have access to that feature on the modem, the suggestion that Rudios creamene Mighty be the Way.
Rudios, could you please pass an example of that masq. code?
 
Rudios
Forum Veteran
Forum Veteran
Posts: 966
Joined: Mon Mar 11, 2013 12:58 pm
Location: The Netherlands

Re: Access to modem behind Mikrotik router

Mon Aug 04, 2014 4:13 pm

/ip firewall nat
add chain=srcnat action=masquerade out-interface=<interface to modem>
Testing setup with: 2 x RB750UP | 2 x RB750GL | 1 x RB951G-2HnD | 1 x RB2011UiAS-IN
 
kgninfos
Member
Member
Posts: 387
Joined: Thu Jun 21, 2012 7:34 pm
Location: Earth
Contact:

Re: Access to modem behind Mikrotik router

Mon Aug 04, 2014 4:25 pm

/ip firewall nat
add chain=srcnat action=masquerade out-interface=<interface to modem>
This rule is correct but i guess it should be there already as without this users after the mikrotik should not be able to access the internet

so the page at 10.0.0.1 should load without any extra config
 
User avatar
spippan
Member Candidate
Member Candidate
Posts: 100
Joined: Wed Nov 12, 2014 1:00 pm

Re: Access to modem behind Mikrotik router

Wed Nov 12, 2014 1:16 pm

i got the same issue on two RB951Ui-2HnD

both modems before the Tik are in "single user" or "bridge" mode
one is a Technicolor TG788A1vn (single user mode), the ohter is a ComTrend Vi3223u Multi IAD
internet and LAN is all working fine ... i just can't reach the HTTP interface of either modem on the setups

TG: 10.0.0.138 (setup A)
Comtrend: 192.168.1.1 (setup B)
note that these are 2 seperate networks (logically and geographically), i just mention it, because i got same issue on both setups

Setup A:
DSL -> TG788A1vn (bridge mode) -> (ether1)RB951(bridge_local) -> LAN (and stuff :p )
PPTP Session on RB951 for internet access working fine and NAT and routing are working also fine (even L2TP+IPsec VPN)

ros code

[usr@RB951] > ip address print 
Flags: X - disabled, I - invalid, D - dynamic 
 #   ADDRESS            NETWORK         INTERFACE                                                                                         
 0   ;;; default configuration
     192.168.88.1/24    192.168.88.0    bridge-local                                                                                      
 1   10.0.0.140/24      10.0.0.0        ether1-gateway                                                                                    
 2   ;;; sp-private-LAN
     192.168.1.1/24     192.168.1.0     bridge-local                                                                                      
 3 D 91.xxx.x.xxx/32    88.xxx.xx.xxx   PPTP_A1_DSL

ros code

[usr@RB951] > ip route print
Flags: X - disabled, A - active, D - dynamic, C - connect, S - static, r - rip, b - bgp, o - ospf, m - mm$
B - blackhole, U - unreachable, P - prohibit
 #      DST-ADDRESS        PREF-SRC        GATEWAY            DISTANCE
 0 ADS  0.0.0.0/0                          88.117.95.254             1
 1 ADC  10.0.0.0/24        10.0.0.140      ether1-gateway            0
 2   S  10.0.0.0/24                        ether1-gateway            1
 3 ADC  88.xxx.xx.xxx/32   91.xxx.x.xxx    PPTP_A1_DSL               0
 4 ADC  192.168.1.0/24     192.168.1.1     bridge-local              0
 5 ADC  192.168.88.0/24    192.168.88.1    bridge-local              0

ros code

[usr@RB951] > ip firewall nat print 
Flags: X - disabled, I - invalid, D - dynamic 
 0    ;;; default configuration
      chain=srcnat action=masquerade src-address=192.168.1.0/24 out-interface=PPTP_A1_DSL log=no log-prefix="" 

### and some port forwarding stuff here which all are working fine...


Setup B:
DSL -> ComTrend Vi3223u (bridge mode) -> (ether1)RB951(bridge_local) -> LAN
PPPoE Session on RB951 for internet access working fine and NAT and routing are working also fine (even L2TP+IPsec VPN)

adresses and routes are mostly the same and set correctly

on both setups i can reach the designated modem via ping from each RB951 but i CANNOT access the webinterface of the modems neither can i even ping them behind the Tik(s)
please, if anyone could help... i guess i'm forgetting or missing something....
---
raiffeisen data center infrastructure and security
...stay curious
 
User avatar
spippan
Member Candidate
Member Candidate
Posts: 100
Joined: Wed Nov 12, 2014 1:00 pm

Re: Access to modem behind Mikrotik router

Wed Nov 12, 2014 5:22 pm

found a solution!! :lol:

bit weird but working stable and fast

to keep it short:
modem = 10.0.0.138 (bridge mode)
tik eth1 = 10.0.0.140 (<-- the gateway interface)
tik bridge_local = 192.168.1.0/24 (<-- LAN, obviously^^)

now i never was able to access the webinterface of the BRIDGED modem (for e.g. DSL stats,etc.) via http://10.0.0.138

ros code

> ip address print 
Flags: X - disabled, I - invalid, D - dynamic 
 #   ADDRESS            NETWORK         INTERFACE                                                                                                                     
 0   ;;; default configuration
     192.168.88.1/24    192.168.88.0    bridge-local                                                                                                                  
 1   10.0.0.140/24      10.0.0.0        ether1-gateway                                                                                                                
 2   ;;; sp-private-LAN
     192.168.1.1/24     192.168.1.0     bridge-local
found a workaround:
i just added the following to IP > Firewall > NAT

ros code

add action=masquerade chain=srcnat dst-address=10.0.0.0/24 out-interface=ether1-gateway
add action=dst-nat chain=dstnat dst-port=8138 protocol=tcp src-address=192.168.1.0/24 to-addresses=10.0.0.138 to-ports=80
if you don't add "src-address=192.168.1.0/24" to the NAT rule, you could even access the modem interface from the internet -> [WAN IP address]:138 (for that example)

and YES i needed BOTH NAT entries (tried to access with only the MASQUARADE -> no success -> needed the port forward though)


so now i'm able to access the bridged modem via http://192.168.1.1:8138
(first i used port 138 but i want to be sure to not mess with NetBIOS services :D )

hope this could help!
---
raiffeisen data center infrastructure and security
...stay curious

Who is online

Users browsing this forum: No registered users and 50 guests