I would like to be able to access router 2 from the outside the same way I can access router 1. What ports, and on which routers, do I need to forward?
Here is one way to do this. For Router1, set it up like so. Note that ip address 188.8.131.52
, is your work from home
IP. Remove it if you want to allow from all. As shown, you can connect, using Winbox, on port 8291 from ip address 184.108.40.206 on port 8291 to access Router 1. For Router 2, you'll use port 9000.
/ip firewall filter
add chain=input action=accept connection-state=established,related comment="Accept established related"
add chain=input action=accept in-interface=bridge-LAN comment="Allow LAN access to router and Internet"
add chain=input action=accept dst-port=8291 protocol=tcp src-address=220.127.116.11 comment="Router1 Access"
add chain=input action=drop comment="Drop all other input"
add chain=forward action=accept connection-state=established,related comment="Accept established related"
add chain=forward action=accept connection-state=new in-interface=bridge-LAN comment="Allow LAN access to router and Internet"
add chain=forward action=accept connection-nat-state=dstnat in-interface=ether-WAN comment="Accept Port forwards"
add chain=forward action=drop comment="Drop all other forward"
/ip firewall nat
add chain=srcnat action=masquerade out-interface=ether-WAN comment="Default masq"
add chain=dstnat action=dst-nat in-interface=ether-WAN protocol=tcp src-address=18.104.22.168 to-addresses=10.0.1.1 dst-port=9000 to-ports=8291 comment="Router2 Access"
set winbox address=192.168.1.0/24,22.214.171.124/32
Router 2 will allow Winbox from these two networks. Naturally, you'll change Router 2's firewall to allow Router 1 to connect to it. Use Router 1's setup as an example.
set winbox address=10.0.1.0/24,192.168.1.0/24