Community discussions

 
Rey68
newbie
Topic Author
Posts: 29
Joined: Mon Mar 31, 2014 12:52 pm

Ipcloud two Mikrotik

Sun Dec 16, 2018 3:23 pm

Hello:
I have two mikrotik, one like wan and wifi, and another as a repeater of the wifi (using wlan).
The first I can access remotely through xxxxx.sn.mynetname.net.
But the second one does not, I understand that it is behind NAT, as indicated by IPcloud in the second.
Try making a NAT rule to the ip of the second router 192.168.1.30 and calling xxxxx.sn.mynetname.net. with a port.
But it does not work.
How should I do it?
 
User avatar
sebastia
Forum Guru
Forum Guru
Posts: 1790
Joined: Tue Oct 12, 2010 3:23 am
Location: Antwerp, BE

Re: Ipcloud two Mikrotik

Sun Dec 16, 2018 4:06 pm

Hi

You should take care of following
* make dst-nat rule to port-forward traffic from first MT to "repeater"
* ensure that this forwarded traffic is allowed in first MT (with default config should be ok, as there all dst-nat-ed traffic is allowed)
* allow the incoming connection on the "repeater" MT
 
Rey68
newbie
Topic Author
Posts: 29
Joined: Mon Mar 31, 2014 12:52 pm

Re: Ipcloud two Mikrotik

Sun Dec 16, 2018 7:30 pm

I have this rule in mikrotik 1 (wan).

action=dst-nat chain=dstnat dst-port=8292 in-interface=ether1 protocol=tcp \
to-addresses=192.168.1.30.

¿is correct?

allow the incoming connection on the "repeater" MT.
I do not understand this. The second mikrotik have acces to internet
 
User avatar
sebastia
Forum Guru
Forum Guru
Posts: 1790
Joined: Tue Oct 12, 2010 3:23 am
Location: Antwerp, BE

Re: Ipcloud two Mikrotik

Mon Dec 17, 2018 11:07 pm

"action=dst-nat chain=dstnat dst-port=8292 in-interface=ether1 protocol=tcp to-addresses=192.168.1.30"
* that's the port forward

* have you check the firewall filter table and forward chain?

* and lastly does the target device (192.168.1.30) allows connection on the 8292 port in filter input?
 
Rey68
newbie
Topic Author
Posts: 29
Joined: Mon Mar 31, 2014 12:52 pm

Re: Ipcloud two Mikrotik

Thu Jan 24, 2019 4:45 pm

Solved!.
I change in second mikrotik port Winbox in Ip service, xxxx.
I create nat in 1º Mikrotik to ip with port in second mikrotik winbox
In winbox enter with xxxxx.netname.net:xxxx
 
erlinden
Member Candidate
Member Candidate
Posts: 173
Joined: Wed Jun 12, 2013 1:59 pm

Re: Ipcloud two Mikrotik

Thu Jan 24, 2019 4:49 pm

Why not do it properly and run a VPN service? Are you aware that there was (and still is depending on the version of RouterOS you are running) a huge security issue?
 
Rey68
newbie
Topic Author
Posts: 29
Joined: Mon Mar 31, 2014 12:52 pm

Re: Ipcloud two Mikrotik

Thu Jan 24, 2019 5:05 pm

Is there a security problem with winbox?
So using Ipcloud is not a good idea?
 
User avatar
AlainCasault
Trainer
Trainer
Posts: 624
Joined: Fri Apr 30, 2010 3:25 pm
Location: Laval, QC, Canada
Contact:

Re: Ipcloud two Mikrotik

Thu Jan 24, 2019 5:25 pm

It's more a question of having an open port to exploit, two in your case.

And with a VPN, you can have proper routing and all your tools will work as if at home (or at the office).
___________________________
Alain Casault, Eng.
If I helped you, let me know!
 
anav
Forum Guru
Forum Guru
Posts: 3114
Joined: Sun Feb 18, 2018 11:28 pm
Location: Nova Scotia, Canada

Re: Ipcloud two Mikrotik

Thu Jan 24, 2019 5:30 pm

Concur, if you want to remotely access winbox on either unit, using an open port approach is cwazee stupid.
One method used, is called port knocking however the VPN connection approach is superior.
I'd rather manage rats than software. Follow my advice at your own risk! (Sob & mkx forced me to write that!)
 
Rey68
newbie
Topic Author
Posts: 29
Joined: Mon Mar 31, 2014 12:52 pm

Re: Ipcloud two Mikrotik

Thu Jan 24, 2019 6:08 pm

I understand, I will create a vpn service

Who is online

Users browsing this forum: No registered users and 120 guests