Community discussions

MikroTik App
 
millenium7
Long time Member
Long time Member
Topic Author
Posts: 538
Joined: Wed Mar 16, 2016 6:12 am

Suggestion: Quick access/port forward wizard

Fri Oct 28, 2022 5:08 am

Something we do quite often is accessing internal devices such as a switch, access point, VoIP phone etc
We often don't manage a customers internal network - hence we don't have remote access agents etc. But we do manage quite a few devices such as the above, as well as their main router

If we manage a lot of devices - dozens/hundreds - then I'll setup a management VPN and use netmap to map a full routable subnet. However for smaller customers that might have half a dozen phones, it would be a massive time saver and really handy if there was some sort of quick port forwarding wizard.
In my mind the way i'm thinking it could work is a right-click option in DHCP Server->Leases (as well as in the IP scan tool list, incase the router is not the DHCP server) that says "Quick remote access" and a little dialog box pops up with the following
-> Internal IP (the IP of the device, auto filled by using right click on the entry, and allowing multiple entries)
-> External IP/Interface (also have tickbox to use 'Cloud IP')
-> External port range
-> Timeout value
-> Allowed source address / address-list
-> Access method (drop down menu with HTTP/HTTPS/Telnet/SSH - this just auto fills the destination port number, or let you type the port manually)

And this goes ahead and creates a dynamic NAT rule for each internal IP address, and those rules get automatically deleted after the timeout say (i.e. 1 hour) or the router reboots

So i.e. I want to access a dozen IP phones, IP addresses are 192.168.10.x. I just have to open DHCP-Server->Leases, filter by MAC address, select all dozen and right click -> Quick Remote Access
Internal IP ->192.168.10.5;192.168.10.8;192.168.10.17;etc;etc (auto filled by the selection)
External IP->1.2.3.4 (auto detected, if possible)
External Port Range->20001-20012 (chosen as nothing in this range was specified in NAT rules)
Timeout Value->01:00:00
Allowed Source Address List: 'TrustedMgmt'
Access Method->HTTPS

Click on OK and I get a text box summary with selectable URL's to click on or copy/paste
https://1.2.3.4:20001 - (192.168.10.5:443)
https://1.2.3.4:20002 - (192.168.10.8:443)
https://1.2.3.4:20003 - (192.168.10.17:443)
etc

I could do this remotely in the field in a minute or 2 at most on my phone. A lot faster and easier than doing it manually and then having to remove those rules later

Who is online

Users browsing this forum: Ahrefs [Bot] and 65 guests