Community discussions

MikroTik App
 
User avatar
xaviernuma
newbie
Topic Author
Posts: 43
Joined: Tue Feb 16, 2016 11:27 am
Location: France

DST NAT to WAN

Fri May 28, 2021 4:36 pm

Hi,

I am somewhere on the Internet, I connect to my CCR (WAN IP: xxx.xxx.xxx.xxx) via Winbox.
I would like to create a NAT on my CCR in order to access the configuration page of the modem which receives Internet, accessible on the WAN side of the CCR at the address 192.168.100.1.
2021-05-28 15_29_16-Window.png
 chain=dstnat action=dst-nat to-addresses=192.168.100.1 to-ports=80 protocol=tcp dst-port=80 log=no log-prefix="" 


But that doesn't work, usually NAT redirects to a machine on the LAN side, and not on the WAN side ... How could I do this?

Thanks for help
You do not have the required permissions to view the files attached to this post.
 
User avatar
anav
Forum Guru
Forum Guru
Posts: 18958
Joined: Sun Feb 18, 2018 11:28 pm
Location: Nova Scotia, Canada
Contact:

Re: DST NAT to WAN

Fri May 28, 2021 4:47 pm

Nope, will not provide any configuration to your router that is not on VPN.
And advise you to stop what you are doing with regard to winbox until you access via VPN.
 
User avatar
xaviernuma
newbie
Topic Author
Posts: 43
Joined: Tue Feb 16, 2016 11:27 am
Location: France

Re: DST NAT to WAN

Fri May 28, 2021 6:11 pm

Ok, thank you for your reply.

I use now PPTP Server, and I am connected on my CCR.
How can I connect to modem configuration (192.168.100.1) from a remote client PPTP ?

Thank you
 
User avatar
Hominidae
Member
Member
Posts: 309
Joined: Thu Oct 19, 2017 12:50 am

Re: DST NAT to WAN

Fri May 28, 2021 6:50 pm

...most likely a routing / firewall input chain "issue".
Your transfer net / client net of your pptp connection is not part of the interface list allowed for the input chain in your firewall.
 
User avatar
anav
Forum Guru
Forum Guru
Posts: 18958
Joined: Sun Feb 18, 2018 11:28 pm
Location: Nova Scotia, Canada
Contact:

Re: DST NAT to WAN

Fri May 28, 2021 7:00 pm

As noted you have to make sure where your traffic is located./dumped on the router has access via the input chain to the router itself for managment purposes.
This still does not provide necessarily access to the modem.

How would you get access to the modem if you were on the LAN???
 
sindy
Forum Guru
Forum Guru
Posts: 10205
Joined: Mon Dec 04, 2017 9:19 pm

Re: DST NAT to WAN

Sat May 29, 2021 5:50 pm

Regarding the dst-nat rule: it must work, but you'll likely need a src-nat one as well, or a route on the modem, so that the modem knew where to send the response.

Regarding the VPN: PPTP provides ridiculously weak encryption and doesn't reliably pass through NAT as it is based on GRE, which is hard to handle for NATs (won't annoy you with details unless you ask). L2TP/IPsec is equally simple (or equally complex) to set up and provides much better encryption; it can also cause trouble together with NAT but these can be worked around. IKEv2 has no problems with NAT but it is more complex to set up.

To get a more precise advice regarding remote access to the modem, post the export of the configuration of the CCR.

Who is online

Users browsing this forum: Bing [Bot], DanMos79 and 48 guests