![]() Step 5: Click on the + button to create a new rule. Step 4: Head over to the NAT tab in the Firewall window. Step 3: In the newly opened submenu, click on Firewall. Step 2: Click on IP from the left side panel. Hi, i tried from different address and still nothing. Best bet though is just hook another router up to to the wan cable and see if it actually works, if it does, then resetting will probably also work. Step 1: Log in to your own MikroTik server with admin privileges. I think it's a bad idea, but there seem to be some 6.47 exploits. It's possible that it will, just unlikely that you'll get that lucky. (3) Check IP SERVICES, this is where people can limit access to WINBOX itself and one should check that they have not blocked usage by the device required. I've seen some forum post where the first part can be solved by just connecting 2 cables and then assign different IP for each interface.Īs you may notice, I'm really raw in networking and routing, so any GUI/Winbox instruction is appreciated, but CLI commands would be just fine. It will probably not connect after you reset it. (2) Where you setup USERS, you may have narrowed down the entry there preventing your smartphone to be allowed as a user. The device that gives me the WAN link only has 1 "out" port, so there is no way to put 2 cables from the "modem" to the Mikrotik, right now there is 1 cable going from the modem to the Mikrotik device. Any PC from 192.168.85.X trying to access should use WAN IP2 to browse and navigate to that website (while all the rest of the traffic goes through WAN IP1).Establish SSH connection to root192.168.1.1. Please report all issues with RouterOS beta / rc pre-release versions. Finally, leaving all options unchecked, click the ‘Reset Configuration’ button. You can add a DST-NAT rule to open that port up. To do so, login to the Mikrotik device using Winbox or Webfig (the web interface), click ‘System’ on the right side pane, then click ‘Reset configuration’ from the drop-down. Otherwise your firewall is probably blocking the port from the WAN. ![]() Then connect to the VPN from your phone and then connect to your router. Connect ethernet cable from your PC with turned on DHCP client to port 2, 3 or 4. Most secure thing would to set up a VPN on your tik. Yes the Mikrotik is connected to brodband internet (optical), im useing the Mikrotik as the primary router. ![]() Wait for beep (if available on your RouterBoard). If you have a Live IP then just configuire that on ur WAN Interface otherwise if you are using some DSL connection then contact ur ISP to configure Port address translation on DSL modem. Any PC from 192.168.85.X should use WAN IP1 and use internet with it. Unplug power, plug ethernet cable from DHCP / TFTP server to WAN port, plug power cord back in.What I'm trying to achieve is to add a second WAN ip to the router, and route traffic to a specific server to use that IP. So far I've configured the network to use one of those public IP and use it for 2 subnets (192.168.85.X and 192.168.5.X) wich are isolated from each other and both can access internet. We have a Mikrotik RB 750GL and I cant connect to it via Winbox or Http. I have a network with static IP and some public IP (248 mask). Click on the Action tab and make sure Action is set to accept. From WinBox: Click on IP, then Firewall, then Filter Rules. You can see that Mangle Rule marks connection ( int_to_444)which are addressed from local subnet to 1.1.1.1:444 and last of Nat Rule is masquerade this connection-mark.After 20 pages of SO results about Mikrotik and some more google results, I'm come here, down on my knees to request some enlightment. By default, Mikrotik will not allow a connection from WinBox over the WAN. The simple use of src-nat and dst-nat must be supported by connection-mark, then you can masquerade traffic from local ips to your specfic local ip with some network service.Īdd address=1.1.1.1/24 disabled=no interface=ether1-gateway network=1.1.1.0Īdd address=10.0.0.1/24 disabled=no interface=ether2-master-local > ip firewall mangle exportĪdd action=mark-connection chain=prerouting disabled=no dst-address=1.1.1.1 dst-port=444 new-connection-mark=int_to_444 passthrough=no protocol=tcp > ip firewall nat exportĪdd action=dst-nat chain=dstnat disabled=no dst-address=1.1.1.1 dst-port=444 protocol=tcp to-addresses=10.0.0.2 to-ports=80Īdd action=masquerade chain=srcnat disabled=no out-interface=ether1-gatewayĪdd action=masquerade chain=srcnat connection-mark=int_to_444 disabled=no Your question does not give the full picture of the situation,
0 Comments
Leave a Reply. |