Community discussions

MikroTik App
  4. RouterOS
  5. General

How can I access remotely MT behind a modem?

Post Reply
 
ramirez
Member Candidate
Member Candidate
Topic Author
Posts: 157
Joined: Sun May 12, 2013 9:48 pm

How can I access remotely MT behind a modem?

Mon Aug 12, 2024 12:15 pm

I am trying to set up port forwarding on a MT to be able to access it remotely and have failed to do so .

I have set up a firewall rule and a dst-nat rule from port 8899 to port 8291 but like mentioned the port is not open.

I have also configured the modem to port forward 8899 => 8899 to 192.168.1.152 (MT's local address)

Can someone please offer advice ?

P.S. ISP modem is on Dynamic address
Code: Select all
/ip firewall filter
add action=accept chain=input dst-port=8899 in-interface=ether1 protocol=tcp
add action=accept chain=input dst-port=500,1701,4500 in-interface=ether1 \
    protocol=udp src-address=0.0.0.0/0
add action=accept chain=input in-interface=ether1 protocol=ipsec-esp
add action=accept chain=input comment="accept established,related,untracked" \
    connection-state=established,related,untracked
add action=drop chain=input comment="drop invalid" connection-state=invalid
add action=accept chain=input comment="accept ICMP" protocol=icmp
add action=accept chain=forward comment=\
    "accept established,related, untracked" connection-state=\
    established,related,untracked
add action=drop chain=forward comment="drop invalid" connection-state=invalid
add action=accept chain=forward comment="accept in ipsec policy" \
    ipsec-policy=in,ipsec
add action=accept chain=forward comment="accept out ipsec policy" \
    ipsec-policy=out,ipsec
/ip firewall nat
add action=masquerade chain=srcnat
add action=dst-nat chain=dstnat dst-port=8899 in-interface=ether1 protocol=\
    tcp to-addresses=192.168.1.152 to-ports=8291
Top
 
erlinden
Forum Guru
Forum Guru
Posts: 2681
Joined: Wed Jun 12, 2013 1:59 pm
Location: Netherlands

Re: How can I access remotely MT behind a modem?

Mon Aug 12, 2024 1:12 pm

I would prefer through VPN over making a service available publically.
Is your MT behind NAT, or does it have a publically available IP address?
Who removed all filter rules that are part of the default?
Top
 
User avatar
rextended
Forum Guru
Forum Guru
Posts: 12580
Joined: Tue Feb 25, 2014 12:49 pm
Location: Italy
Contact:
Contact rextended

Re: How can I access remotely MT behind a modem?

Mon Aug 12, 2024 1:14 pm

input ≠ forward
Top
 
ramirez
Member Candidate
Member Candidate
Topic Author
Posts: 157
Joined: Sun May 12, 2013 9:48 pm

Re: How can I access remotely MT behind a modem?

Mon Aug 12, 2024 1:33 pm

I would prefer through VPN over making a service available publically.
Is your MT behind NAT, or does it have a publically available IP address?
Who removed all filter rules that are part of the default?
Indeed a vpn is preferable but for know I am looking to explore this option as well. Yes it is behind NAT and does not have a public IP address. This is an old MT so I wouldn't know...after I try the changes I will restore default rules.
Top
 
ramirez
Member Candidate
Member Candidate
Topic Author
Posts: 157
Joined: Sun May 12, 2013 9:48 pm

Re: How can I access remotely MT behind a modem?

Mon Aug 12, 2024 2:23 pm

input ≠ forward
Changed it to forward but still the port remains closed...
Top
 
erlinden
Forum Guru
Forum Guru
Posts: 2681
Joined: Wed Jun 12, 2013 1:59 pm
Location: Netherlands

Re: How can I access remotely MT behind a modem?

Mon Aug 12, 2024 2:33 pm

Yes it is behind NAT and does not have a public IP address.
Did you do port forwarding on the NAT device as well?
Top
 
ramirez
Member Candidate
Member Candidate
Topic Author
Posts: 157
Joined: Sun May 12, 2013 9:48 pm

Re: How can I access remotely MT behind a modem?

Mon Aug 12, 2024 2:46 pm

Yes it is behind NAT and does not have a public IP address.
Did you do port forwarding on the NAT device as well?
Yes !
You do not have the required permissions to view the files attached to this post.
Top
 
erlinden
Forum Guru
Forum Guru
Posts: 2681
Joined: Wed Jun 12, 2013 1:59 pm
Location: Netherlands

Re: How can I access remotely MT behind a modem?

Mon Aug 12, 2024 2:48 pm

Can you change this rule, where the to port is the default Winbox port?

And change this rule in the firewall as well:
Code: Select all
/ip firewall filter
add action=accept chain=input dst-port=8291 in-interface=ether1 protocol=tcp
Top
 
ramirez
Member Candidate
Member Candidate
Topic Author
Posts: 157
Joined: Sun May 12, 2013 9:48 pm

Re: How can I access remotely MT behind a modem?

Mon Aug 12, 2024 3:00 pm

Can you change this rule, where the to port is the default Winbox port?

And change this rule in the firewall as well:
Code: Select all
/ip firewall filter
add action=accept chain=input dst-port=8291 in-interface=ether1 protocol=tcp
Ok I changed both to 8291 and both ports remain closed as before but now I see packets coming on that filter rule .
Top
 
ramirez
Member Candidate
Member Candidate
Topic Author
Posts: 157
Joined: Sun May 12, 2013 9:48 pm

Re: How can I access remotely MT behind a modem?

Tue Aug 13, 2024 10:13 am

Ok so I was able to open port 42225 (could have been any other) and redirect it to 8291 and I want your thoughts if this is something I wasn't understanding towards my modem (see attached screen shot).

I was under the impression that I had to specify the source port as well, in this example 42225 and the destination port (also 42225) . No matter what combinations 42225 => 42225 / 42225 => 8291 etc. the port remained closed . Then I said what the heck and decided to leave the source port as any and define only the destination port and ...voila port is open now ! So what is I am not understanding about my modem's settings ?
You do not have the required permissions to view the files attached to this post.
Top
 
User avatar
abbio90
Member
Member
Posts: 443
Joined: Fri Aug 27, 2021 9:16 pm
Location: Oristano
Contact:
Contact abbio90

Re: How can I access remotely MT behind a modem?

Tue Aug 13, 2024 12:25 pm

also evaluate back to home.
https://help.mikrotik.com/docs/display/ROS/Back+To+Home
Top
 
tdw
Forum Guru
Forum Guru
Posts: 2043
Joined: Sat May 05, 2018 11:55 am

Re: How can I access remotely MT behind a modem?

Tue Aug 13, 2024 12:45 pm

The source port is picked by the remote client initiating the connection, typically anything greater than 1023 but not fixed.
Top
 
ramirez
Member Candidate
Member Candidate
Topic Author
Posts: 157
Joined: Sun May 12, 2013 9:48 pm

Re: How can I access remotely MT behind a modem?

Tue Aug 13, 2024 2:21 pm

also evaluate back to home.
https://help.mikrotik.com/docs/display/ROS/Back+To+Home
Hmmm didn't know about that ! Very interesting! Thank you !
Top
 
ramirez
Member Candidate
Member Candidate
Topic Author
Posts: 157
Joined: Sun May 12, 2013 9:48 pm

Re: How can I access remotely MT behind a modem?

Tue Aug 13, 2024 2:26 pm

The source port is picked by the remote client initiating the connection, typically anything greater than 1023 but not fixed.
Ok thank you ! The way I was understanding it was (in the event no MT router is involved) if you have a camera for example and you want to use a known port to access it from WAN, to enter as source port one of your preference and then as destination port the "known" one (something like dst-nat MT does).
Top
Post Reply

Who is online

Users browsing this forum: johnson73, vic666, wispmikrotik and 94 guests
  4. RouterOS
  5. General