Community discussions

 
tabate47
Member
Member
Topic Author
Posts: 435
Joined: Wed Mar 13, 2013 5:23 am
Location: Los Angeles

Router behind Router

Tue Oct 03, 2017 5:36 pm

We have a setup like this:

Building 1 has internet service and a mikrotik router.

Building 2 is connected via a unifi nanobeam ac. There is a mikrotik router and the network is totally separate. The two buildings have nothing in common except they share an internet connection.

The issue we are having is we cannot use the mikrotik dns name in building 2. Even though it's on the router in building 2, it points to the public IP on building 1.

We want to open a few ports for cctv, etc. What is the best way to be able to access building 2 in this scenario?

Thanks.
 
tabate47
Member
Member
Topic Author
Posts: 435
Joined: Wed Mar 13, 2013 5:23 am
Location: Los Angeles

Re: Router behind Router

Wed Oct 04, 2017 12:53 am

any help is appreciated.
 
User avatar
pcunite
Forum Veteran
Forum Veteran
Posts: 945
Joined: Sat May 25, 2013 5:13 am
Location: USA

Re: Router behind Router

Wed Oct 04, 2017 3:10 am

We like graphs, we like diagrams.
 
tabate47
Member
Member
Topic Author
Posts: 435
Joined: Wed Mar 13, 2013 5:23 am
Location: Los Angeles

Re: Router behind Router

Wed Oct 04, 2017 3:14 am

ok, I'll try to draw something up. I figured because it's so basic you wouldn't need a diagram.
 
Paternot
Long time Member
Long time Member
Posts: 578
Joined: Thu Jun 02, 2016 4:01 am
Location: Niterói / Brazil

Re: Router behind Router

Wed Oct 04, 2017 3:39 am

Port forward. Use port forward, from internet facing mikrotik to the host You want to expose to the internet.

Or to the second router, if You cannot route without NAT between buildings. In this case You would have two NAT, one behind the other. Not pretty, but...
 
tabate47
Member
Member
Topic Author
Posts: 435
Joined: Wed Mar 13, 2013 5:23 am
Location: Los Angeles

Re: Router behind Router

Wed Oct 04, 2017 5:10 am

Would I set up a vpn the same way? Am I able to have a vpn on both routers?

The ultimate goal is to make the second router as if it had its own connection to its own isp.
 
Paternot
Long time Member
Long time Member
Posts: 578
Joined: Thu Jun 02, 2016 4:01 am
Location: Niterói / Brazil

Re: Router behind Router

Wed Oct 04, 2017 2:04 pm

Some VPNs are easier than others with NAT. OpenVpn is the easier one, with NAT. Just forward one port, and you are set. But it doesn't have hardware acceleration.

IPsec is quite problematic with NAT - but has hardware acceleration.

Not sure what you mean by "like each router had its own ISP".
 
tabate47
Member
Member
Topic Author
Posts: 435
Joined: Wed Mar 13, 2013 5:23 am
Location: Los Angeles

Re: Router behind Router

Wed Oct 04, 2017 8:21 pm

Here is the setup:

router 1:

wan: public ip address from isp
lan: 192.168.1.1

router 2:

wan: ip address from router 1 192.168.1.100
lan: 10.0.1.1

I would like to be able to access router 2 from the outside the same way I can access router 1. What ports, and on which routers, do I need to forward?

Thanks
 
User avatar
pcunite
Forum Veteran
Forum Veteran
Posts: 945
Joined: Sat May 25, 2013 5:13 am
Location: USA

Re: Router behind Router

Wed Oct 04, 2017 8:59 pm

I would like to be able to access router 2 from the outside the same way I can access router 1. What ports, and on which routers, do I need to forward?
Here is one way to do this. For Router1, set it up like so. Note that ip address 1.2.3.4, is your work from home IP. Remove it if you want to allow from all. As shown, you can connect, using Winbox, on port 8291 from ip address 1.2.3.4 on port 8291 to access Router 1. For Router 2, you'll use port 9000.
/ip firewall filter
add chain=input action=accept connection-state=established,related comment="Accept established related"
add chain=input action=accept in-interface=bridge-LAN comment="Allow LAN access to router and Internet"
add chain=input action=accept dst-port=8291 protocol=tcp src-address=1.2.3.4 comment="Router1 Access"
add chain=input action=drop comment="Drop all other input"
add chain=forward action=accept connection-state=established,related comment="Accept established related"
add chain=forward action=accept connection-state=new in-interface=bridge-LAN comment="Allow LAN access to router and Internet"
add chain=forward action=accept connection-nat-state=dstnat in-interface=ether-WAN comment="Accept Port forwards"
add chain=forward action=drop comment="Drop all other forward"

/ip firewall nat
add chain=srcnat action=masquerade out-interface=ether-WAN comment="Default masq"
add chain=dstnat action=dst-nat    in-interface=ether-WAN  protocol=tcp src-address=1.2.3.4 to-addresses=10.0.1.1 dst-port=9000 to-ports=8291 comment="Router2 Access"

/ip service
set winbox address=192.168.1.0/24,1.2.3.4/32
Router 2 will allow Winbox from these two networks. Naturally, you'll change Router 2's firewall to allow Router 1 to connect to it. Use Router 1's setup as an example.
/ip service
set winbox address=10.0.1.0/24,192.168.1.0/24
 
tabate47
Member
Member
Topic Author
Posts: 435
Joined: Wed Mar 13, 2013 5:23 am
Location: Los Angeles

Re: Router behind Router

Wed Oct 04, 2017 9:08 pm

Thanks I'll give it a try.

If I want to access a camera system for example, on router 2, on port 81, can this be done?

Is there a way to open up everything for router 2 in one shot so I don't have to keep forwarding ports? Kind of like a "DMZ" for router 2?
 
User avatar
Shefartech
newbie
Posts: 25
Joined: Sat Oct 20, 2018 9:21 am

Re: Router behind Router

Fri Aug 16, 2019 4:22 pm

Were you able to solve the problems of accessing the camera?
I believe we have similar networks.
I want to be able to access the wireless AP's that are connected via a POE switch on Router 2
 
User avatar
Shefartech
newbie
Posts: 25
Joined: Sat Oct 20, 2018 9:21 am

Re: Router behind Router

Fri Aug 16, 2019 4:23 pm

The AP's have port 443

Who is online

Users browsing this forum: Bing [Bot] and 85 guests