Community discussions

MikroTik App
 
N2E
just joined
Topic Author
Posts: 2
Joined: Tue May 16, 2023 2:45 pm

Connect SSH and winbox with Loopback IP

Tue May 16, 2023 3:46 pm

Hello,

I try to connect from a server (in my backbone) on my CPE Hex via its loopback IP with SSH and Winbox, but I have a timeout error.
Is it possible to configure a Mikrotik CPE with its loopback IP ?
I have no problem reaching it via ICMP and SNMP.


CPE configuration :

/interface bridge
add name=Loopback protocol-mode=none

/interface list
add comment=defconf name=WAN
add comment=defconf name=LAN

/snmp community
set [ find default=yes ] addresses=0.0.0.0/0 name=xxxxxxx


/interface bridge port
add bridge=bridge comment=defconf interface=ether2
add bridge=bridge comment=defconf interface=ether3
add bridge=bridge comment=defconf interface=ether4
add bridge=bridge comment=defconf interface=ether5

/interface list member
add comment=defconf interface=bridge list=LAN
add comment=defconf interface=ether1 list=WAN
add interface=Loopback list=WAN

/ip address
add address=192.168.31.1/30 comment=defconf interface=bridge network=192.168.31.0
add address=185.x.x.x/30 interface=ether1 network=x.x.x.x
add address=10.252.0.215 interface=Loopback network=10.252.0.215


/ip firewall filter
add action=accept chain=input comment="defconf: accept established,related,untracked" connection-state=established,related,untracked
add action=drop chain=input comment="defconf: drop invalid" connection-state=invalid disabled=yes
add action=accept chain=input comment="defconf: accept ICMP" protocol=icmp
add action=accept chain=input comment="defconf: accept to local loopback (for CAPsMAN)" dst-address=127.0.0.1
add action=drop chain=input comment="defconf: drop all not coming from LAN" disabled=yes in-interface-list=!LAN
add action=accept chain=forward comment="defconf: accept in ipsec policy" ipsec-policy=in,ipsec
add action=accept chain=forward comment="defconf: accept out ipsec policy" ipsec-policy=out,ipsec
add action=fasttrack-connection chain=forward comment="defconf: fasttrack" connection-state=established,related
add action=accept chain=forward comment="defconf: accept established,related, untracked" connection-state=established,related,untracked
add action=drop chain=forward comment="defconf: drop invalid" connection-state=invalid disabled=yes
add action=drop chain=forward comment="defconf: drop all from WAN not DSTNATed" connection-nat-state=!dstnat connection-state=new disabled=yes in-interface-list=WAN


/ip firewall nat
add action=masquerade chain=srcnat comment="defconf: masquerade" ipsec-policy=out,none out-interface-list=WAN

/ip route
add distance=1 gateway=185.x.x.y

/ip service
set telnet disabled=yes
set ssh address=0.0.0.0/0
set winbox address=0.0.0.0/0

/snmp
set enabled=yes location="xxx" trap-generators=interfaces trap-target=0.0.0.0 trap-version=2

/system identity
set name=CPE-xxxx--xxx-AI-01




Looking forward ti reading you.

Regards,
N2E
 
User avatar
anav
Forum Guru
Forum Guru
Posts: 18958
Joined: Sun Feb 18, 2018 11:28 pm
Location: Nova Scotia, Canada
Contact:

Re: Connect SSH and winbox with Loopback IP  [SOLVED]

Tue May 16, 2023 5:14 pm

Not sure, but try this (ADD):

/ip firewall nat
add action=masquerade chain=srcnat dst-address=192.168.31.0/24 src-address=192.168.31.0/24
add action=masquerade chain=srcnat comment="defconf: masquerade" ipsec-policy=out,none out-interface-list=WAN


If still no joy then additionally REPLACE,
from:
add action=drop chain=forward comment="defconf: drop all from WAN not DSTNATed" connection-nat-state=!dstnat connection-state=new disabled=yes in-interface-list=WAN
TO:
add action=accept chain=forward comment="internet traffic" in-interface-list=LAN out-interface-list=WAN
add action=accept chain=forward comment="allow port forwarding" connection-nat-state=dstnat
add action=drop chain=forward comment="drop all else"
 
User avatar
anav
Forum Guru
Forum Guru
Posts: 18958
Joined: Sun Feb 18, 2018 11:28 pm
Location: Nova Scotia, Canada
Contact:

Re: Connect SSH and winbox with Loopback IP

Tue May 16, 2023 5:16 pm

To reach winbox and ssh by IP address dont forget to add Ip-address:Port#[/b]
 
N2E
just joined
Topic Author
Posts: 2
Joined: Tue May 16, 2023 2:45 pm

Re: Connect SSH and winbox with Loopback IP

Wed May 17, 2023 12:37 pm

Hello Anav,

it's working for me, thanks :)

Who is online

Users browsing this forum: BinaryTB and 69 guests