Community discussions

MikroTik App
 
sfaqih
newbie
Topic Author
Posts: 26
Joined: Tue Aug 06, 2019 12:13 pm

allow access to specific IP address

Thu Nov 24, 2022 12:05 pm

Hello Guys,

I'm doing a stream from my laptop with the link "http://19.0.0.180:8088/livelan" to my network but it seems that I need to enable all users in the network to access this laptop so they can view the stream.

what steps should I do in Mikrotik to all full access to this laptop with IP and port above?

Note: currently when I try to access it via any user in the network, message "connection was reset" is appearing.
Thanks in advance
 
sfaqih
newbie
Topic Author
Posts: 26
Joined: Tue Aug 06, 2019 12:13 pm

Re: allow access to specific IP address

Thu Nov 24, 2022 12:16 pm

Noting that my network users are having different IP range based on different VLANs so I need them all to access the stream link
 
User avatar
anav
Forum Guru
Forum Guru
Posts: 18958
Joined: Sun Feb 18, 2018 11:28 pm
Location: Nova Scotia, Canada
Contact:

Re: allow access to specific IP address

Thu Nov 24, 2022 12:51 pm

 
sfaqih
newbie
Topic Author
Posts: 26
Joined: Tue Aug 06, 2019 12:13 pm

Re: allow access to specific IP address

Thu Nov 24, 2022 2:36 pm

Thanks so much for the guidance,

here is the Mikrotik config and a snapshot explaining the summary of the configuration in Mikrotik.
You do not have the required permissions to view the files attached to this post.
 
User avatar
anav
Forum Guru
Forum Guru
Posts: 18958
Joined: Sun Feb 18, 2018 11:28 pm
Location: Nova Scotia, Canada
Contact:

Re: allow access to specific IP address

Thu Nov 24, 2022 11:24 pm

To be frank, the config is a bit over my head. I will say that I think you should be clearer/cleaner in approach and it would be more readable.

ONE BRIDGE
ASSIGN ALL VLANS TO BRIDGE
THEN ASSIGN VLANS to ether ports and WLAN, on /interface bridge ports ( access and hybrid ports with pvid) and /interface bridge vlans for tagging and untagging of ports per vlan-ids.

Way to complex for me to figure out otherwise as you have a big jumble of disorganization (or at least thats what it appears to look like )
 
sfaqih
newbie
Topic Author
Posts: 26
Joined: Tue Aug 06, 2019 12:13 pm

Re: allow access to specific IP address

Sat Nov 26, 2022 7:46 pm

Hi Anav,

the network is working fine :)

I'm not sure what is wrong but you can advice me for re-arrange things.

Anyway, my request is simple:

- I have a laptop with IP address 19.0.0.180 connected to port #9 in the router 2011 which is doing streaming to network users.
- network users are located either on the bridge with a range 19.0.0.x or located under different vlans with a range 10.10.x.x e.g. (10.10.10.x OR 10.10.11.x OR 10.10.26.x.x ...etc)

Hence, I need the users on those two ranges to access that laptop with the static ip address 19.0.0.180

maybe you can help with some hints on how to make it accesable

Thanks a lot
 
User avatar
anav
Forum Guru
Forum Guru
Posts: 18958
Joined: Sun Feb 18, 2018 11:28 pm
Location: Nova Scotia, Canada
Contact:

Re: allow access to specific IP address

Sat Nov 26, 2022 10:07 pm

Typically access via L3 is done via forward chain firewall rules.

allow user address to reach user address
allow subnet A to reach subnet B
allow src-address-list to reach source-address list

and everything in between, imagine many vlans and a shared printer (192.168.10.55) on vlan10
add chain=forward action=accept in-interface-list=LAN out-interface=vlan10 dst-address= 192.168.10.55
 
sfaqih
newbie
Topic Author
Posts: 26
Joined: Tue Aug 06, 2019 12:13 pm

Re: allow access to specific IP address

Mon Nov 28, 2022 12:17 pm

I did everything possible to allow access to this pc but unfortunately, the page is timed out. I have no idea why?

e.g.
add chain=forward action=accept in-interface-list=all vlans out-interface=ether9 dst-address=200.200.200.220
add chain=forward action=accept in-interface-list=bridge1 out-interface=ether9 dst-address=200.200.200.220
add chain=forward action=accept in-interface-list=all ethernet out-interface=ether9 dst-address=200.200.200.220

also I did the same in the opposite direction with no success!

Note: I replaced the IP of the pc/laptop from 19.0.0.180 to 200.200.200.220

Also tried the following:

/ip hotspot walled-garden add dst-host=http://200.200.200.220/livelan
/ip hotspot walled-garden ip add dst-address=200.200.200.220 action=accept
/ip firewall nat add chain=pre-hotspot dst-address=200.200.200.220 action=accept (this action is stoping the hotspot from working) so I remove it

also I check the following:

/ip dhcp-server network
add address=200.200.200.0/24 gateway=200.200.200.1 netmask=24

/ip dns static
add address=200.200.200.220 name=a.com ttl=5m (to assign it as DNS)


/ip firewall mangle
add action=fasttrack-connection chain=prerouting src-address=200.200.200.220

/ip firewall nat
add action=masquerade chain=srcnat comment="masquerade hotspot network" \


all steps above were not successful
 
User avatar
anav
Forum Guru
Forum Guru
Posts: 18958
Joined: Sun Feb 18, 2018 11:28 pm
Location: Nova Scotia, Canada
Contact:

Re: allow access to specific IP address

Mon Nov 28, 2022 2:30 pm

just try the dst-addresss without using out-interface=ether9
 
sfaqih
newbie
Topic Author
Posts: 26
Joined: Tue Aug 06, 2019 12:13 pm

Re: allow access to specific IP address

Mon Nov 28, 2022 3:02 pm

I did as shown in the snapshot of IP-Firewall also I attached all snapshots on how I did the streaming which was tested successfully between two laptops in small lan network
Is there away to make this IP address of the laptop a white list in Mikrotik? I'm afraid that still there some config needed for hls streaming.

even though the port 443 and port 80 are all allowed.
You do not have the required permissions to view the files attached to this post.
 
sfaqih
newbie
Topic Author
Posts: 26
Joined: Tue Aug 06, 2019 12:13 pm

Re: allow access to specific IP address  [SOLVED]

Tue Dec 20, 2022 2:20 pm

The stream works fine with the setting below:
You do not have the required permissions to view the files attached to this post.

Who is online

Users browsing this forum: devnull0 and 44 guests