Community discussions

MUM Europe 2020
 
stewie01
newbie
Topic Author
Posts: 25
Joined: Sat Jun 08, 2013 7:25 pm

Remote Winbox Access

Mon Sep 15, 2014 4:19 pm

Have a question about remote winbox access. We provide Internet services through a Fiber and Wireless Network, the owners are part of a collective of local Country Governments so they don't resell services, just manage the network.

We have a RB2011LS that handles traffic for all of our customers, most of the Wireless CPE's are MikroTik, some are Ubiquiti. I can SSH into a customers MikroTik CPE from our MikroTik core router, but I'm curious, is there any way to get Winbox GUI access?

Thanks
 
jessequijano
newbie
Posts: 28
Joined: Sat Nov 13, 2010 10:14 pm

Re: Remote Winbox Access

Mon Sep 15, 2014 4:45 pm

i have a tik behind a tik at each of my vpn client sites.

from my office its easy i just use the ip address but i wanted to connect from outside the network specifically not winbox but the API to use tiktool on my iphone. I setup DST-NAT
     chain=dstnat 
     action=dst-nat 
     to-addresses=192.168.4.99
     to-ports=8291 
     protocol=tcp 
     in-interface=e1-WAN
     dst-port=99 
In this example RouterOS is seeing traffic trying to enter the WAN interface (from outside the network in my case) on port 99 and sending it to 192.168.4.99 on the traditional 8291 winbox port.

All i have to do is save this router in my winbox with this specific port; if i replace the router i don't need to be messing around with changing the default ports for the service when im in a hurry.

I have also seen people who know "The Dude" and this issue is trivial for them because they can "see" the device behind the router if using the software properly.

reply back if you need more help
 
User avatar
donjames
Frequent Visitor
Frequent Visitor
Posts: 87
Joined: Fri Mar 14, 2008 7:07 pm
Location: Henderson, Texas
Contact:

Re: Remote Winbox Access

Mon Sep 29, 2014 9:09 pm

Have a question about remote winbox access. We provide Internet services through a Fiber and Wireless Network, the owners are part of a collective of local Country Governments so they don't resell services, just manage the network.

We have a RB2011LS that handles traffic for all of our customers, most of the Wireless CPE's are MikroTik, some are Ubiquiti. I can SSH into a customers MikroTik CPE from our MikroTik core router, but I'm curious, is there any way to get Winbox GUI access?

Thanks
Hi
Stewie01,

Change the Winbox access port in the customer's router to 8292:
/ip service set winbox address=0.0.0.0/0 port=8292
Forward port 8292 on your RB2011LS:
/ip firewall filter
add chain=input dst-port=8292 in-interface=ether1 protocol=tcp
You will have to change "ether1" to whatever you call your in-interface.
Next, make a NAT rule:
add action=dst-nat chain=dstnat dst-port=8292 in-interface=ether1 protocol=tcp to-addresses=192.168.1.2 to-ports=8292
You will have to change "ether1" to whatever you call your in-interface. Change the to-address to the address of your customer's router.

Please let me know if this works.

Sincerely,

Don James
 
Teno
just joined
Posts: 5
Joined: Mon Oct 26, 2015 11:07 pm

Re: Remote Winbox Access

Thu Dec 31, 2015 6:18 pm

Hello,

Why I have to change the port of the WinBox service?

Can I leave in the default port?

Thanks nd happy new year!

Who is online

Users browsing this forum: No registered users and 13 guests