Community discussions

MUM Europe 2020
 
User avatar
krisan
newbie
Topic Author
Posts: 28
Joined: Wed Aug 04, 2010 11:06 pm

How to access APs on different NATted network

Thu May 10, 2012 3:48 pm

I need someone to help me on how to be able access my APs in 3 different cell site in one location.
I have 3 site running at the moment with different ISP, i am using in each of the site RB493 as the router, and another RB433AH as the AP that connect the clients.
The 1st site LAN ip address is 10.10.40.0/24 and the AP ip address is 10.10.40.253/24
The 2nd site LAN ip address is 10.10.50.0/24 and the AP ip address is 10.10.50.253/24
The 3rd site LAN ip address is 10.10.60.0/24 and the AP ip address is 10.10.60.253/24, this is where i want to manage the other 2 APs. I am able to enter the router because its having public IP address. I am not able to access the APs because they are using local IP address.
Please can someone tell me what i need to do to be able to access that APs?

Thanks to all the MK experts in the forum.
 
User avatar
cbrown
Trainer
Trainer
Posts: 1840
Joined: Thu Oct 14, 2010 8:57 pm
Contact:

Re: How to access APs on different NATted network

Thu May 10, 2012 4:00 pm

You will need to do something along these lines.

http://wiki.mikrotik.com/wiki/PPTP_VPN_ ... tal_Office
C.Brown

cbrown[at]ravenrocknetworks.com
MTCNA - MTCRE - MTCWE - MTCTCE
MTCSE - TRAINER-0179
 
dcwifi
just joined
Posts: 23
Joined: Thu Jan 21, 2010 7:35 am

Re: How to access APs on different NATted network

Thu May 10, 2012 4:11 pm

try this on RB493 at site 1:

ip firewall nat add chain=dstnat protocol=tcp dst-address=publicip dst-port=publicport to-addresses=10.10.40.253 to-ports=22
 
User avatar
krisan
newbie
Topic Author
Posts: 28
Joined: Wed Aug 04, 2010 11:06 pm

Re: How to access APs on different NATted network

Fri May 11, 2012 12:03 pm

Thanks to you.
I will try it and get back to you.
 
User avatar
krisan
newbie
Topic Author
Posts: 28
Joined: Wed Aug 04, 2010 11:06 pm

Re: How to access APs on different NATted network

Tue May 15, 2012 11:26 pm

try this on RB493 at site 1:

ip firewall nat add chain=dstnat protocol=tcp dst-address=publicip dst-port=publicport to-addresses=10.10.40.253 to-ports=22

Please i am a bit confuse with this firewall rule. can u explain it in a simple term?
 
User avatar
cbrown
Trainer
Trainer
Posts: 1840
Joined: Thu Oct 14, 2010 8:57 pm
Contact:

How to access APs on different NATted network

Wed May 16, 2012 2:25 am

It confused me too....
C.Brown

cbrown[at]ravenrocknetworks.com
MTCNA - MTCRE - MTCWE - MTCTCE
MTCSE - TRAINER-0179
 
SurferTim
Forum Guru
Forum Guru
Posts: 4637
Joined: Mon Jan 07, 2008 10:31 pm
Location: Miramar Beach, Florida

Re: How to access APs on different NATted network

Wed May 16, 2012 2:39 am

I access my routers with SSH. If that is what you want to do, then log in to the router with the public ip. I'll presume you connected to 10.10.40.x/24 network router. Once you are logged in, then
/sys
ssh 10.10.40.253
Then you should be logged into 10.10.40.253.

Otherwise, VPN is the most secure of the alternatives.
 
dcwifi
just joined
Posts: 23
Joined: Thu Jan 21, 2010 7:35 am

Re: How to access APs on different NATted network

Wed May 16, 2012 3:06 am

this may help:

http://wiki.mikrotik.com/wiki/Manual:IP/Firewall/NAT

if your 1st site RB493 public IP is 123.123.123.123, and you want to access RB433AH by SSH, then set this on RB493:

ip firewall nat add chain=dstnat protocol=tcp dst-address=123.123.123.123 dst-port=2233 to-addresses=10.10.40.253 to-ports=22

dst-port=2233 could be any number except 22 because RB493 has port 22 open by default.

If you still can't access to the RB433AH, make sure RB433AH has a default route to RB493.

this works for me.
 
dcwifi
just joined
Posts: 23
Joined: Thu Jan 21, 2010 7:35 am

Re: How to access APs on different NATted network

Wed May 16, 2012 3:21 am

try this on RB493 at site 1:

ip firewall nat add chain=dstnat protocol=tcp dst-address=publicip dst-port=publicport to-addresses=10.10.40.253 to-ports=22

Please i am a bit confuse with this firewall rule. can u explain it in a simple term?

In simple term, it's port forwarding.

RB493 check what public port request from it public interface, then forward the request to the LAN to port 22.

Who is online

Users browsing this forum: Google [Bot], mbovenka, mkx and 125 guests