Community discussions

MikroTik App
 
phrozenpenguin
newbie
Topic Author
Posts: 49
Joined: Wed Nov 23, 2011 4:13 am

Accessing modem status page via ether1 - also WAN interface.

Thu Dec 01, 2011 7:36 am

I'm pretty new to Mikrotik but all looking very powerful so far. My test setup is an ADSL modem > RB751U on ether1 utilising a PPPoE connection to connect to the ADSL. The ADSL modem has a status page (192.168.1.1) that I would like to access - it also acts as a DHCP server, and the RB751U gets an IP on ether1 (192.168.1.10). This is the same physical connection the PPPoE link to my internet goes out on.

How do I view my modem status page whilst still being on the internet? I have tried a couple of things but not got anywhere. Many thanks for any assistance - I can post terminal outputs if required - just let me know what commands.
 
User avatar
sadeghrafie
Long time Member
Long time Member
Posts: 514
Joined: Sat Nov 14, 2009 11:28 am
Location: Bushehr, IRAN

Re: Accessing modem status page via ether1 - also WAN interf

Thu Dec 01, 2011 8:49 am

Fewi says
Specific answers require specific questions. When in doubt, post the output of "/ip address print detail", "/ip route print detail", "/interface print detail", "/ip firewall export", and an accurate network diagram.
 
phrozenpenguin
newbie
Topic Author
Posts: 49
Joined: Wed Nov 23, 2011 4:13 am

Re: Accessing modem status page via ether1 - also WAN interf

Thu Dec 01, 2011 8:58 am

Here is the requested information; I hope it helps:
> ip address print detail
Flags: X - disabled, I - invalid, D - dynamic 
 0   ;;; default configuration
     address=192.168.88.1/24 network=192.168.88.0 interface=bridge-local 
     actual-interface=bridge-local 

 1 D address=192.168.1.10/24 network=192.168.1.0 interface=ether1-gateway 
     actual-interface=ether1-gateway 

 2 D address=111.xx.xxx.xxx/32 network=111.xx.xx.xx interface=pppoe-out1 
     actual-interface=pppoe-out1 

 3 D address=192.168.88.1/32 network=192.168.88.21 interface=<pptp-test> 
     actual-interface=<pptp-test> 
/ip route print detail
Flags: X - disabled, A - active, D - dynamic, 
C - connect, S - static, r - rip, b - bgp, o - ospf, m - mme, 
B - blackhole, U - unreachable, P - prohibit 
 0 ADS  dst-address=0.0.0.0/0 gateway=111.xx.xx.xx 
        gateway-status=111.xx.xx.xx reachable pppoe-out1 distance=1 scope=30 
        target-scope=10 

 1 ADC  dst-address=111.xx.xx.xx/32 pref-src=111.xx.xx.xx gateway=pppoe-out1 
        gateway-status=pppoe-out1 reachable distance=0 scope=10 

 2 ADC  dst-address=192.168.1.0/24 pref-src=192.168.1.10 gateway=ether1-gateway 
        gateway-status=ether1-gateway reachable distance=0 scope=10 

 3 ADC  dst-address=192.168.88.0/24 pref-src=192.168.88.1 gateway=bridge-local 
        gateway-status=bridge-local reachable distance=0 scope=10 
 
/interface print detail
Flags: D - dynamic, X - disabled, R - running, S - slave 
 0  R  name="wlan1" type="wlan" mtu=1500 l2mtu=2290 

 1  R  name="ether1-gateway" type="ether" mtu=1500 l2mtu=1600 max-l2mtu=4076 

 2  R  name="ether2-master-local" type="ether" mtu=1500 l2mtu=1598 max-l2mtu=2028 

 3     name="ether3-slave-local" type="ether" mtu=1500 l2mtu=1598 max-l2mtu=2028 

 4     name="ether4-slave-local" type="ether" mtu=1500 l2mtu=1598 max-l2mtu=2028 

 5  R  name="ether5-slave-local" type="ether" mtu=1500 l2mtu=1598 max-l2mtu=2028 

 6  R  name="bridge-local" type="bridge" mtu=1500 l2mtu=1598 

 7  R  name="pppoe-out1" type="pppoe-out" mtu=1480 

 8 DR  name="<pptp-testing>" type="pptp-in" mtu=1460 
/ip firewall connection tracking
set enabled=yes generic-timeout=10m icmp-timeout=10s tcp-close-timeout=10s \
    tcp-close-wait-timeout=10s tcp-established-timeout=1d tcp-fin-wait-timeout=\
    10s tcp-last-ack-timeout=10s tcp-syn-received-timeout=5s \
    tcp-syn-sent-timeout=5s tcp-syncookie=no tcp-time-wait-timeout=10s \
    udp-stream-timeout=3m udp-timeout=10s
/ip firewall filter
add action=accept chain=output comment=PPTP_GRE disabled=no protocol=gre
add action=accept chain=input comment=PPTP_GRE disabled=no protocol=gre
add action=accept chain=input comment="default configuration - PPTP" disabled=\
    no dst-port=1723 in-interface=pppoe-out1 protocol=tcp
add action=accept chain=input comment="default configuration" disabled=no \
    protocol=icmp
add action=accept chain=input comment="default configuration" connection-state=\
    established disabled=no
add action=accept chain=input comment="default configuration" connection-state=\
    related disabled=no
add action=drop chain=input comment="default configuration" disabled=no \
    in-interface=pppoe-out1
/ip firewall nat
add action=masquerade chain=srcnat comment="default configuration" disabled=no \
    out-interface=pppoe-out1
/ip firewall service-port
set ftp disabled=no ports=21
set tftp disabled=no ports=69
set irc disabled=no ports=6667
set h323 disabled=no
set sip disabled=no ports=5060,5061,50600 sip-direct-media=yes
set pptp disabled=no
Crude Network Diagram

ADSL --[telephone]-- MODEM ----[cat5]----Mikrotik-----LAN (+ Wifi)
Last edited by phrozenpenguin on Thu Feb 09, 2012 10:10 am, edited 2 times in total.
 
User avatar
sadeghrafie
Long time Member
Long time Member
Posts: 514
Joined: Sat Nov 14, 2009 11:28 am
Location: Bushehr, IRAN

Re: Accessing modem status page via ether1 - also WAN interf

Thu Dec 01, 2011 9:05 am

And the Routes?
also try to disable
add action=drop chain=input comment="default configuration" disabled=no \
    in-interface=pppoe-out1
 
phrozenpenguin
newbie
Topic Author
Posts: 49
Joined: Wed Nov 23, 2011 4:13 am

Re: Accessing modem status page via ether1 - also WAN interf

Thu Dec 01, 2011 9:31 am

I have updated the code blocks above; apologies for the error. I disabled the suggested action but still no access to 192.168.1.1.
I am assuming I will have to setup an explicit direction, but am not sure how.
Thanks for the assistance.
 
User avatar
sadeghrafie
Long time Member
Long time Member
Posts: 514
Joined: Sat Nov 14, 2009 11:28 am
Location: Bushehr, IRAN

Re: Accessing modem status page via ether1 - also WAN interf

Fri Dec 02, 2011 10:17 am

Do you try to access the modem from your PC? Can you ping the modem from ping tool in mikrotik?
If yes (able to ping in mikrotik) you must add new NAT rule or change the existing rule. because you said the Mikrotik got IP from the Modem DHCP, It means the modem doesn't have the MT as default gateway.
So the new NAT rule:
add action=masquerade chain=srcnat  disabled=no out-interface=ether1-gateway
 
phrozenpenguin
newbie
Topic Author
Posts: 49
Joined: Wed Nov 23, 2011 4:13 am

Re: Accessing modem status page via ether1 - also WAN interf

Sun Dec 04, 2011 12:17 am

Many thanks. That worked, and now I will do some reading to fully understand SRC-NAT.
 
RedBull
just joined
Posts: 19
Joined: Sun Nov 18, 2007 10:09 am

Re: Accessing modem status page via ether1 - also WAN interf

Mon Mar 05, 2012 10:10 am

I've tried the steps above, but getting no joy, I am able to ping the modem from the Tools->Ping option.

/ip address print detail
Flags: X - disabled, I - invalid, D - dynamic 
0 ;;; default configuration
address=192.168.1.50/24 network=192.168.1.0 
interface=ether2-master-local actual-interface=ether2-master-local
1 D address=41.xxx.xxx.xxx/32 network=xxx.xxx.xxx.xxx interface=pppoe-out1 
actual-interface=pppoe-out1 
/ip route print detail
Flags: X - disabled, A - active, D - dynamic, 
C - connect, S - static, r - rip, b - bgp, o - ospf, m - mme, 
B - blackhole, U - unreachable, P - prohibit 
0 ADS dst-address=0.0.0.0/0 gateway=xxx.xxx.xxx.xxx
gateway-status=xxx.xxx.xxx.xxx reachable pppoe-out1 distance=1 scope=30 
target-scope=10 
1 ADC dst-address=xxx.xxx.xxx.xxx/32 pref-src=xxx.xxx.xxx.xxx gateway=pppoe-out1 
gateway-status=pppoe-out1 reachable distance=0 scope=10 
2 ADC dst-address=192.168.1.0/24 pref-src=192.168.1.50 
gateway=ether2-master-local 
gateway-status=ether2-master-local reachable distance=0 scope=10
/interface print detail
Flags: D - dynamic, X - disabled, R - running, S - slave 
0 R name="ether1-gateway" type="ether" mtu=1500 l2mtu=1598 max-l2mtu=4074 
1 R name="ether2-master-local" type="ether" mtu=1500 l2mtu=1598 
max-l2mtu=4074 
2 name="ether3-slave-local" type="ether" mtu=1500 l2mtu=1598 
max-l2mtu=4074 
3 R name="ether4-slave-local" type="ether" mtu=1500 l2mtu=1598 
max-l2mtu=4074 
4 name="ether5-slave-local" type="ether" mtu=1500 l2mtu=1598 
max-l2mtu=4074 
5 R name="pppoe-out1" type="pppoe-out" mtu=1480
/ip firewall export
# mar/05/2012 09:56:57 by RouterOS 5.6
# software id = ZDRB-BFRV
#
/ip firewall connection tracking
set enabled=yes generic-timeout=10m icmp-timeout=10s tcp-close-timeout=10s \
tcp-close-wait-timeout=10s tcp-established-timeout=1d tcp-fin-wait-timeout=\
10s tcp-last-ack-timeout=10s tcp-syn-received-timeout=5s \
tcp-syn-sent-timeout=5s tcp-syncookie=no tcp-time-wait-timeout=10s \
udp-stream-timeout=3m udp-timeout=10s
/ip firewall filter
add action=accept chain=input comment="default configuration" disabled=no \
protocol=icmp
add action=accept chain=input comment="default configuration" connection-state=\
established disabled=no
add action=accept chain=input comment="default configuration" connection-state=\
related disabled=no
add action=drop chain=input comment="default configuration" disabled=yes \
in-interface=ether1-gateway
add action=masquerade chain=srcnat disabled=no src-address=192.168.1.0/24
add action=masquerade chain=srcnat disabled=no out-interface=ether1-gateway
/ip firewall service-port
set ftp disabled=no ports=21
set tftp disabled=no ports=69
set irc disabled=no ports=6667
set h323 disabled=no
set sip disabled=no ports=5060,5061 sip-direct-media=yes
set pptp disabled=no
 
User avatar
nickshore
Long time Member
Long time Member
Posts: 522
Joined: Thu Mar 03, 2005 4:14 pm
Location: Suffolk, UK.
Contact:

Re: Accessing modem status page via ether1 - also WAN interf

Mon Mar 05, 2012 2:45 pm

you need a rule which srcnats for your connection to the modem only

so remove add action=masquerade chain=srcnat disabled=no src-address=192.168.1.0/24

and add

add action=src-nat chain=srcnat comment="NAT access to adsl modem" disabled=no dst-address=192.168.1.1 out-interface=ether1-gateway to-addresses=192.168.1.10

before the main masquerade rule.

Nick.
 
RedBull
just joined
Posts: 19
Joined: Sun Nov 18, 2007 10:09 am

Re: Accessing modem status page via ether1 - also WAN interf

Thu Mar 08, 2012 12:39 pm

Resolved, my steps:

1. Assign IP to the ether1-gateway interface in the same range as the ADSL modem, but different to the LAN (this is the step I missed)
2. Create a Masquerade NAT rule for the ether1-gateway interface.

Who is online

Users browsing this forum: wiktorbgu and 20 guests