Community discussions

MikroTik App
 
milosshd
just joined
Topic Author
Posts: 11
Joined: Thu Sep 15, 2022 7:44 pm

Messed up NAT

Thu Sep 15, 2022 7:49 pm

Hello,

There's MikroTik 750 GL in our office, configured by my ex colleague. I've logged in to web config, and tried to set up port forwarding on port 80 to a particular destination on the intranet. Now, when I went to NAT, clicked add new, setup everything, and clicked OK, it complained "couldn't add new nat rule outgoing interface matching not possible".

After that it appears to have logged me out, and when I tried logging in back again via web interface, error says router is disconnected. I also tried winbox, it says not reachable. Aside from that, I now can't access anything on the internet nor any websites( IIS ) in intranet.

So, is there any way to revert what I did or, given I can't log in anymore, I will need to hard reset router?

Thanks.
 
User avatar
rextended
Forum Guru
Forum Guru
Posts: 11982
Joined: Tue Feb 25, 2014 12:49 pm
Location: Italy
Contact:

Re: Messed up NAT

Thu Sep 15, 2022 9:21 pm

Port 80 is used by webfig, a little knowledge before touching anything is required...

Use winbox, access by MAC address, go on IP / Firewall / NAT and delete last rule at the end.
 
User avatar
anav
Forum Guru
Forum Guru
Posts: 19107
Joined: Sun Feb 18, 2018 11:28 pm
Location: Nova Scotia, Canada
Contact:

Re: Messed up NAT

Thu Sep 15, 2022 9:23 pm

How long since your last MTCNA course?
Monkeying with a new config that you didnt setup is a MINEFIELD.....
The first thing one should do is
a. create a backup file
b. export the config and export a verbose config and export a show sensitive config (for passwords etc.).
 
User avatar
rextended
Forum Guru
Forum Guru
Posts: 11982
Joined: Tue Feb 25, 2014 12:49 pm
Location: Italy
Contact:

Re: Messed up NAT

Thu Sep 15, 2022 9:25 pm

@anav,
in this case common sense is lacking...
webfig is used on a browser,
the browser uses port 80...
what happens if I redirect port 80 elsewhere ???
goodbye webfig...
 
User avatar
anav
Forum Guru
Forum Guru
Posts: 19107
Joined: Sun Feb 18, 2018 11:28 pm
Location: Nova Scotia, Canada
Contact:

Re: Messed up NAT

Thu Sep 15, 2022 9:32 pm

Well now that you put it less delicately than I, yes a bonehead bozo move for sure LOL,
I was trying to say nicely................. what makes you think you are qualified to touch an unknown MT config LOL.
 
milosshd
just joined
Topic Author
Posts: 11
Joined: Thu Sep 15, 2022 7:44 pm

Re: Messed up NAT

Thu Sep 15, 2022 9:49 pm

Yeah, I know all this. I am to be made fun of for trying to set up something I know very little about. I am to be blamed. Can you just help me figure out how to use winbox to connect via mac address?
 
User avatar
rextended
Forum Guru
Forum Guru
Posts: 11982
Joined: Tue Feb 25, 2014 12:49 pm
Location: Italy
Contact:

Re: Messed up NAT

Thu Sep 15, 2022 9:52 pm

Open winbox, click "Neighbors" tab, double click the MAC address of the device, insert corrects username and password.

etc.

But if someone have previously disabled winbox on the past...
 
User avatar
anav
Forum Guru
Forum Guru
Posts: 19107
Joined: Sun Feb 18, 2018 11:28 pm
Location: Nova Scotia, Canada
Contact:

Re: Messed up NAT

Thu Sep 15, 2022 10:05 pm

Yeah, I know all this. I am to be made fun of for trying to set up something I know very little about. I am to be blamed. Can you just help me figure out how to use winbox to connect via mac address?
Of course, we are big on accountability here. Why go mucking about on a work router, when you really dont know anything about it.
If you are part of IT staff then your training should have dictated otherwise,
If this is a small business, where one has to fend for oneself, then instead of losing down time, connectivity and perhaps business, its probably prudent to actually look for professional help.
The forum is great for non-critical and non-time sensitive issues.
https://mikrotik.com/consultants

We can help as best we can, but with it comes directness and truth..........
 
milosshd
just joined
Topic Author
Posts: 11
Joined: Thu Sep 15, 2022 7:44 pm

Re: Messed up NAT

Thu Sep 15, 2022 10:09 pm

Thanks for the tip on MAC address. I managed to get in, but got this notification:
The following default configuration has been installed on your router:

ether1 is renamed to ether1-gateway
DHCP client and masquerade is set on ether1-gateway
ether2 is renamed to ether2-master-local and configured as switch master port for ether3-ether5
IP address 192.168.88.1/24 and DHCP server is set on ether2-master interface
DHCP servers address pool is 192.168.88.10-192.168.88.254

You can click on "Show Script" to see the exact commands that are used to add and remove this default configuration.To remove this default configuration click on "Remove Configuration" or click on "OK" to continue.

NOTE: If you are connected using the above IP and you remove it, you will be disconnected.
Is that a standard notification, or somehow or for some reason these changes have actually been made?

Thanks.
 
milosshd
just joined
Topic Author
Posts: 11
Joined: Thu Sep 15, 2022 7:44 pm

Re: Messed up NAT

Thu Sep 15, 2022 10:10 pm

Ie. why is it showing this? I just logged in, didn't touch anything. Does this mean additional stuff is going to be changed compared to when I first messed up, or is this something I should ignore?
 
User avatar
Znevna
Forum Guru
Forum Guru
Posts: 1347
Joined: Mon Sep 23, 2019 1:04 pm

Re: Messed up NAT

Thu Sep 15, 2022 10:16 pm

"ether2 is renamed to ether2-master-local and configured as switch master port for ether3-ether5"
Bruh, you traveled back in time! Master/Slave switch config is deprecated since a few good years now.
And by that message you (or someone else) managed to reset the device. Or you logged in on another device by mistake.
Are you sure that you know what you're doing?
 
User avatar
own3r1138
Long time Member
Long time Member
Posts: 681
Joined: Sun Feb 14, 2021 12:33 am
Location: Pleiades
Contact:

Re: Messed up NAT

Thu Sep 15, 2022 10:17 pm

The following default configuration has been installed on your router.
Don't ignore any message, use safe mode.
Looks like the first login message.
 
milosshd
just joined
Topic Author
Posts: 11
Joined: Thu Sep 15, 2022 7:44 pm

Re: Messed up NAT

Thu Sep 15, 2022 10:18 pm

So, as I said, I logged in via webconfig, made a mess and haven't been able to login since then. Now, I just started winbox, logged in and I got this message. Didn't do anything except for that.
 
milosshd
just joined
Topic Author
Posts: 11
Joined: Thu Sep 15, 2022 7:44 pm

Re: Messed up NAT

Thu Sep 15, 2022 10:19 pm

Should I click ok, ie continue with that default config, or should I click remove configuration. Will latter restore original config that was there prior to me logging in?
 
User avatar
Znevna
Forum Guru
Forum Guru
Posts: 1347
Joined: Mon Sep 23, 2019 1:04 pm

Re: Messed up NAT

Thu Sep 15, 2022 10:20 pm

Check the config export, from terminal:
/export file=anynameyouwish
and download / analyze that file, if it looks like the default config, then it is what it is.
 
milosshd
just joined
Topic Author
Posts: 11
Joined: Thu Sep 15, 2022 7:44 pm

Re: Messed up NAT

Thu Sep 15, 2022 10:25 pm

Check the config export, from terminal:
/export file=anynameyouwish
and download / analyze that file, if it looks like the default config, then it is what it is.
So, if I click remove configuration, will it still use the old one, or at this point everything is messed up?
 
User avatar
anav
Forum Guru
Forum Guru
Posts: 19107
Joined: Sun Feb 18, 2018 11:28 pm
Location: Nova Scotia, Canada
Contact:

Re: Messed up NAT

Thu Sep 15, 2022 10:28 pm

What version of firmware is showing???
Recommend you should be using long term stable version 6.48.6
https://mikrotik.com/download
 
User avatar
Znevna
Forum Guru
Forum Guru
Posts: 1347
Joined: Mon Sep 23, 2019 1:04 pm

Re: Messed up NAT

Thu Sep 15, 2022 10:31 pm

That message usualy shows up after a device reset, like I've said above, if you accept that config, any (if any) config currently on the device will be replaced with that one showed.
If you select remove, you'll end up with no config.
But from what you're telling us, it's dead anyway.
Look for backups in Files, try to rebuild from there, I don't know.
Or redo the config if you have all the wan/lan details etc.
@anav master/slave was deprecated in 6.41, 22.12.2017. So he's on something even older.
Last edited by Znevna on Thu Sep 15, 2022 10:32 pm, edited 1 time in total.
 
milosshd
just joined
Topic Author
Posts: 11
Joined: Thu Sep 15, 2022 7:44 pm

Re: Messed up NAT

Thu Sep 15, 2022 10:32 pm

What version of firmware is showing???
Recommend you should be using long term stable version 6.48.6
https://mikrotik.com/download
It's v5.9. I will hire someone to fix all this mess but need to make sure tomorrow everything is operational, ie as it was today, so can't really risk with upgrading router now. Can you tell me about this default config? The notification says it's already added, if I understand correctly. What happens if I click remove configuration? Or should I just go with it and try to set it up as it was before?
Thanks.
 
User avatar
Znevna
Forum Guru
Forum Guru
Posts: 1347
Joined: Mon Sep 23, 2019 1:04 pm

Re: Messed up NAT

Thu Sep 15, 2022 10:33 pm

I doubt that anything is operational, and you can't seem to check that.
So please, ask for help.
 
milosshd
just joined
Topic Author
Posts: 11
Joined: Thu Sep 15, 2022 7:44 pm

Re: Messed up NAT

Thu Sep 15, 2022 10:35 pm

I will ask for help for sure, but I need to make sure it's operational in the next 12 hours. Is there anyone you guys know that's willing to hold my hand through trying to make it work as it did before? I am willing to pay for the service, of course.
 
User avatar
rextended
Forum Guru
Forum Guru
Posts: 11982
Joined: Tue Feb 25, 2014 12:49 pm
Location: Italy
Contact:

Re: Messed up NAT

Fri Sep 16, 2022 1:54 am

Check the MAC address on the RouterBOARD, if is the same, or inside the device MAC range, is the same board...

On v6 and v7, if you see that window, the config is ALREADY applied, clicking "remove" remove what is already present.
Probably is the same on v5, long time is passed and I do not remember some details.

That message usually appear when routerboard is resetted to default configuration, can be a bug on 5.9...
(by the way, if the guy from before who ran the network left the routerboard at 5.9, they did well to send it away...)

The only thing that do not work are webfig?
The network still working as usual?

If you solve going directly to IP / Firewall / NAT and removing your last added NAT rule, you done...

For make "the export"

go on new terminal,
do this command:

/export

copy all and paste on new post on forum.
you must be sure that is not present any sensitive inside the export you post.
 
User avatar
anav
Forum Guru
Forum Guru
Posts: 19107
Joined: Sun Feb 18, 2018 11:28 pm
Location: Nova Scotia, Canada
Contact:

Re: Messed up NAT

Fri Sep 16, 2022 2:09 am

Yes, so go to terminal or whatever and type /export

then download to something like notepad++
Then copy and paste here.
Make sure you remove any PUBLIC WANIP information IP or gateway IP.
Also the router serial number should not be included.
 
User avatar
Znevna
Forum Guru
Forum Guru
Posts: 1347
Joined: Mon Sep 23, 2019 1:04 pm

Re: Messed up NAT

Fri Sep 16, 2022 11:23 am

Hope they replaced the unconfigured MikroTik with a TP-Link or something by now.

Who is online

Users browsing this forum: AtisE, Bing [Bot], Google [Bot], rjuho, taravasya and 81 guests