Community discussions

MikroTik App
 
sevo
just joined
Topic Author
Posts: 5
Joined: Sat Apr 02, 2022 1:30 pm

issue opening a port to my miner

Wed Jun 29, 2022 2:16 pm

Hi all, so as it states in the topic header I have issue opening a port to my miner. My setup is very simple.
I have a MT router Hex RB750r3 (Router#1) which is the main router that serves the internet from the ISP. The ISP lan cable is connected to ether1, the DHCP server is on that router, firewall is here as well.
I have another MT hap ac2 (Router#2) that serves the wi-fi at home.Ether1 is connected to router#1 via lan cable.
Miner is connected via 2.4G wifi, for now I do not have cable access. The problem is I need to open port 44158. I tried doing it on the main router from the mobile app, it used to worked before but for devices connected via a lan cable to the same Router#2. But now it does not work. I have a static IP address, I have control over my network, just don't have enough knowledge to make it work as I wish. I just want to turn my Hap Ac 2 into a simple switch, that only connects devices and forwards everything to the main router. Any help would be greatly appreciated. Thanks in advance.
Please see below the configurations of Both routers.

Router#1 - the main
# jun/29/2022 13:52:43 by RouterOS 7.3.1
# software id = 2Y0D-P7Z5
#
# model = RB750Gr3
/interface bridge
add admin-mac=C4:AD:34:16:16:E9 auto-mac=no comment=defconf name=bridge
/interface ethernet
set [ find default-name=ether1 ] mac-address=F0:76:1C:1A:5B:17
/interface wireguard
add listen-port=13231 mtu=1420 name=wireguard1
/interface list
add comment=defconf name=WAN
add comment=defconf name=LAN
/interface lte apn
set [ find default=yes ] ip-type=ipv4 use-network-apn=no
/interface wireless security-profiles
set [ find default=yes ] supplicant-identity=MikroTik
/ip ipsec proposal
set [ find default=yes ] disabled=yes enc-algorithms=3des
/ip pool
add name=dhcp ranges=192.168.88.30-192.168.88.80
add name=vpn-pool ranges=192.168.8.10-192.168.8.12
/ip dhcp-server
add address-pool=dhcp interface=bridge name="Router DHCP Server"
/port
set 0 name=serial0
/ppp profile
add dns-server=192.168.8.250 local-address=192.168.8.250 name=vpn-profile \
    remote-address=vpn-pool use-encryption=yes
/routing table
add fib name=""
/user group
set full policy="local,telnet,ssh,ftp,reboot,read,write,policy,test,winbox,pas\
    sword,web,sniff,sensitive,api,romon,dude,rest-api"
/interface bridge port
add bridge=bridge comment=defconf ingress-filtering=no interface=ether2
add bridge=bridge comment=defconf ingress-filtering=no interface=ether3
add bridge=bridge comment=defconf ingress-filtering=no interface=ether4
add bridge=bridge comment=defconf ingress-filtering=no interface=ether5
/ip neighbor discovery-settings
set discover-interface-list=all
/ipv6 settings
set disable-ipv6=yes max-neighbor-entries=8192
/interface detect-internet
set detect-interface-list=all
/interface l2tp-server server
set authentication=mschap1,mschap2 default-profile=*1
/interface list member
add comment=defconf interface=bridge list=LAN
add comment=defconf interface=ether1 list=WAN
/interface ovpn-server server
set auth=sha1 certificate=server-certificate cipher=aes128,aes192,aes256 \
    default-profile=vpn-profile require-client-certificate=yes
/interface wireguard peers
add allowed-address=192.168.9.4/32 comment=Phone interface=wireguard1 \
    public-key=""
add allowed-address=192.168.9.5/32 comment=MacBookAir interface=wireguard1 \
    public-key=""
add allowed-address=\
    192.168.9.2/32,192.168.88.0/24,192.168.1.0/24,192.168.9.0/24 comment=\
    " Openwrt VPN" endpoint-address=hopto.org endpoint-port=51820 \
    interface=wireguard1 persistent-keepalive=25s public-key=\
    ""
/ip address
add address=192.168.88.1/24 comment="Bridge IP LAN" interface=bridge network=\
    192.168.88.0
add address=76.70.100.200/24 comment="Public IP on Ether1" interface=ether1 \
    network=76.70.100.0
add address=192.168.9.2/24 comment="Wireguard IP" interface=wireguard1 \
    network=192.168.9.0
/ip cloud
set update-time=no
/ip dhcp-client
add comment=defconf disabled=yes interface=ether1
/ip dhcp-server lease
add address=192.168.88.48 comment="NUC wifi" mac-address=34:13:E8:20:B3:D6 \
    server="Router DHCP Server"
add address=192.168.88.49 comment="NUC cable" mac-address=B8:AE:ED:72:9B:7F \
    server="Router DHCP Server"
add address=192.168.88.43 comment="Raspberry pi 4" mac-address=\
    DC:A6:32:8B:BC:94 server="Router DHCP Server"
add address=192.168.88.52 client-id=1:b8:27:eb:c1:4a:f6 mac-address=\
    B8:27:EB:C1:4A:F6 server="Router DHCP Server"
add address=192.168.88.42 client-id=1:34:6f:24:f8:f7:f3 mac-address=\
    34:6F:24:F8:F7:F3 server="Router DHCP Server"
/ip dhcp-server network
add address=192.168.88.0/24 comment="Home DHCP Server from MT Router" \
    dns-server=192.168.88.49 gateway=192.168.88.1 ntp-server=162.159.200.123
/ip dns
set allow-remote-requests=yes servers=192.168.88.49
/ip dns static
add address=192.168.88.1 disabled=yes name=router.lan
add address=192.168.88.49 name="Home DNS"
/ip firewall filter
add action=accept chain=input disabled=yes dst-port=44158 protocol=tcp \
    src-port=44158
add action=accept chain=input comment="Allow OpenVPN" disabled=yes dst-port=\
    1194 protocol=tcp
add action=accept chain=input comment=\
    "defconf: accept established,related,untracked" connection-state=\
    established,related,untracked
add action=accept chain=input comment="Wireguard VPN NUC" dst-port=13231 \
    in-interface-list=WAN protocol=udp
add action=accept chain=input comment="Wireguard VPN" dst-address=\
    192.168.88.0/24 src-address=192.168.9.0/24
add action=accept chain=input comment="Wireguard VPN" disabled=yes \
    dst-address=192.168.9.0/24 in-interface=wireguard1 src-address=\
    192.168.1.0/24
add action=accept chain=input disabled=yes dst-address=192.168.1.0/24 \
    in-interface=wireguard1 src-address=192.168.9.0/24
add action=accept chain=input disabled=yes port=1701,500,4500 protocol=udp
add action=accept chain=forward comment=" Wireguard" disabled=yes \
    dst-address=192.168.1.0/24 src-address=192.168.88.0
add action=accept chain=forward disabled=yes dst-address=192.168.88.0/24 \
    src-address=192.168.1.0/24
add action=accept chain=forward disabled=yes dst-address=192.168.88.0/24 \
    in-interface=wireguard1 out-interface=wireguard1 src-address=\
    192.168.9.0/24
add action=accept chain=forward disabled=yes dst-address=192.168.1.0/24 \
    src-address=192.168.9.0/24
add action=accept chain=forward disabled=yes dst-address=192.168.9.0/24 \
    src-address=192.168.1.0/24
add action=accept chain=input comment="defconf: accept ICMP" protocol=icmp
add action=accept chain=forward comment="defconf: accept in ipsec policy" \
    ipsec-policy=in,ipsec
add action=accept chain=forward comment="defconf: accept out ipsec policy" \
    ipsec-policy=out,ipsec
add action=fasttrack-connection chain=forward comment="defconf: fasttrack" \
    connection-state=established,related hw-offload=yes
add action=accept chain=forward comment=\
    "defconf: accept established,related, untracked" connection-state=\
    established,related,untracked
add action=drop chain=input comment="defconf: drop invalid" connection-state=\
    invalid
add action=drop chain=forward comment="defconf: drop invalid" \
    connection-state=invalid
add action=drop chain=forward comment=\
    "defconf:  drop all from WAN not DSTNATed" connection-nat-state=!dstnat \
    connection-state=new in-interface-list=WAN
add action=drop chain=input comment="defconf: drop all not coming from LAN" \
    in-interface-list=!LAN
/ip firewall nat
add action=masquerade chain=srcnat comment="defconf: masquerade" \
    ipsec-policy=out,none out-interface-list=WAN
add action=dst-nat chain=dstnat comment="Bobcat Miner TCP" dst-port=44158 \
    protocol=tcp to-addresses=192.168.88.42 to-ports=44158
add action=dst-nat chain=dstnat comment="Bobcat Miner UDP" dst-port=44158 \
    protocol=udp to-addresses=192.168.88.42 to-ports=44158
add action=dst-nat chain=dstnat comment=Wireguard dst-port=52994 \
    in-interface=ether1 protocol=udp to-addresses=192.168.88.49 to-ports=\
    52994
add action=redirect chain=dstnat disabled=yes dst-port=53 protocol=tcp \
    src-port="" to-ports=53
add action=redirect chain=dstnat disabled=yes dst-port=53 protocol=udp \
    to-ports=53
/ip firewall service-port
set ftp disabled=yes
set tftp disabled=yes
set irc disabled=yes
set h323 disabled=yes
set sip disabled=yes
set pptp disabled=yes
set udplite disabled=yes
set dccp disabled=yes
set sctp disabled=yes
/ip ipsec policy
set 0 disabled=yes dst-address=0.0.0.0/0 src-address=0.0.0.0/0
/ip route
add disabled=no dst-address=0.0.0.0/0 gateway=76.70.100.1
add disabled=no distance=1 dst-address=192.168.1.0/24 gateway=wireguard1 \
    pref-src="" routing-table=main scope=30 suppress-hw-offload=no \
    target-scope=10
add disabled=yes distance=1 dst-address=192.168.88.0/24 gateway=wireguard1 \
    pref-src=0.0.0.0 routing-table=main scope=30 suppress-hw-offload=no \
    target-scope=10
/ip service
set telnet disabled=yes
set ftp disabled=yes
set ssh port=22
/ppp secret
add name=s profile=vpn-profile
/system clock
set time-zone-name=Europe/
/system identity
set name=MikroTikRouter
/system ntp client
set enabled=yes
/system ntp client servers
add address=pool.ntp.org
/tool graphing interface
add
/tool graphing queue
add
/tool graphing resource
add
/tool mac-server
set allowed-interface-list=LAN
/tool mac-server mac-winbox
set allowed-interface-list=LAN
/tool sniffer
set filter-interface=wireguard1
And the Hap Ac Router 2:
 jun/29/2022 13:53:50 by RouterOS 7.3.1
# software id = QYSJ-V1LN
#
# model = RBD52G-5HacD2HnD
/interface bridge
add admin-mac=C4:AD:34:03:C4:39 auto-mac=no comment=defconf name=bridge
/interface wireless
set [ find default-name=wlan1 ] antenna-gain=0 band=2ghz-b/g/n country=\
    "united states" disabled=no distance=indoors frequency-mode=superchannel \
    installation=indoor mode=ap-bridge name=2.4G ssid=dd-2.4G \
    station-roaming=enabled wireless-protocol=802.11
set [ find default-name=wlan2 ] antenna-gain=0 band=5ghz-onlyac \
    channel-width=20/40mhz-XX country="united states" disabled=no distance=\
    indoors frequency=5500 frequency-mode=superchannel installation=indoor \
    mode=ap-bridge name=5G ssid=dd-5G station-roaming=enabled \
    wireless-protocol=802.11 wps-mode=disabled
/interface list
add comment=defconf name=WAN
add comment=defconf name=LAN
/interface lte apn
set [ find default=yes ] ip-type=ipv4 use-network-apn=no
/interface wireless security-profiles
set [ find default=yes ] authentication-types=wpa-psk,wpa2-psk mode=\
    dynamic-keys supplicant-identity=MikroTik

/routing bgp template
set default disabled=no output.network=bgp-networks
/routing table
add fib name=""
/system logging action
add disk-file-name=log name=file target=disk
/user group
set full policy="local,telnet,ssh,ftp,reboot,read,write,policy,test,winbox,pas\
    sword,web,sniff,sensitive,api,romon,dude,rest-api"
/interface bridge port
add bridge=bridge comment=defconf ingress-filtering=no interface=ether2
add bridge=bridge comment=defconf ingress-filtering=no interface=ether3
add bridge=bridge comment=defconf ingress-filtering=no interface=ether4
add bridge=bridge comment=defconf ingress-filtering=no interface=ether5
add bridge=bridge comment=defconf ingress-filtering=no interface=2.4G
add bridge=bridge comment=defconf ingress-filtering=no interface=5G
add bridge=bridge ingress-filtering=no interface=ether1
/ip firewall connection tracking
set enabled=yes
/ip neighbor discovery-settings
set discover-interface-list=!dynamic
/ip settings
set max-neighbor-entries=8192
/ipv6 settings
set disable-ipv6=yes max-neighbor-entries=8192
/interface detect-internet
set detect-interface-list=all
/interface list member
add comment=defconf interface=ether1 list=LAN
add interface=ether2 list=LAN
add interface=ether3 list=LAN
add interface=ether4 list=LAN
add interface=ether5 list=LAN
add interface=5G list=LAN
add interface=2.4G list=LAN
/interface ovpn-server server
set auth=sha1,md5
/interface wireless access-list

/ip address
add address=192.168.88.2/24 comment=defconf interface=bridge network=\
    192.168.88.0
/ip cloud
set update-time=no
/ip dhcp-client
add comment=defconf disabled=yes interface=bridge
/ip dhcp-server
add address-pool=*1 disabled=yes interface=ether2 name=defconf
/ip dhcp-server network
add address=192.168.88.0/24 comment=defconf dns-server=192.168.88.49 gateway=\
    192.168.88.1 netmask=24
/ip dns
set allow-remote-requests=yes servers=192.168.88.49
/ip dns static
add address=192.168.88.1 comment=defconf name=router.lan
/ip firewall filter
add action=accept chain=forward comment="defconf: accept in ipsec policy" \
    disabled=yes ipsec-policy=in,ipsec
add action=accept chain=forward comment="defconf: accept out ipsec policy" \
    disabled=yes ipsec-policy=out,ipsec
add action=fasttrack-connection chain=forward comment="defconf: fasttrack" \
    connection-state=established,related hw-offload=yes
add action=accept chain=forward comment=\
    "defconf: accept established,related, untracked" connection-state=\
    established,related,untracked
add action=drop chain=forward comment="defconf: drop invalid" \
    connection-state=invalid disabled=yes
/ip firewall nat
add action=masquerade chain=srcnat comment="defconf: masquerade" disabled=yes \
    ipsec-policy=out,none out-interface-list=WAN
add action=redirect chain=dstnat dst-port=53 protocol=tcp to-ports=53
add action=redirect chain=dstnat dst-port=53 protocol=udp to-ports=53
add action=dst-nat chain=dstnat comment="bobcat " disabled=yes protocol=tcp \
    to-addresses=192.168.88.42 to-ports=44158
add action=dst-nat chain=dstnat comment="bobcat " disabled=yes dst-port=44158 \
    in-interface-list=WAN protocol=tcp to-addresses=192.168.88.42 to-ports=\
    44158

/ip route
add disabled=no dst-address=0.0.0.0/0 gateway=192.168.88.1
/system clock
set time-zone-name=Europe/
/system identity
set name=MikroTikWiFi
/system logging
set 0 action=disk
set 1 action=disk
set 2 action=disk
set 3 action=disk
add action=file
/system ntp client
set enabled=yes
/system ntp client servers
add address=pool.ntp.org

Simple Diagram

Image

Who is online

Users browsing this forum: Ellaham and 48 guests