Community discussions

MikroTik App
  4. RouterOS
  5. General

Enable Internal Access to IP from External Source

Post Reply
 
hotspotsolutions
Member Candidate
Member Candidate
Topic Author
Posts: 119
Joined: Thu Dec 16, 2004 1:48 pm

Enable Internal Access to IP from External Source

Wed Jul 06, 2005 10:14 am

HI Guys,

I am sure this is a stupid question but, basically I want to allow web access externally to me Access point located on my internal network, via port 88 or whatever.

Currently my confiq is:
3 x Interfaces:
1 x ADSL pppoe-client Interface (ADSL connected to 192.168.0. Interface_
2 x Ethernet Interfaces (192.168.1. & 192.168.0.)

I want to access 192.168.1.254:80 on my hotspot subnet, from the web via port 88, or 8080 or whatever.

I have been banging my head trying to get this to work, although I havent slept for a few days and I think its just cause I am tired.

Any help is appreciated.
Top
 
User avatar
timatics
Frequent Visitor
Frequent Visitor
Posts: 50
Joined: Mon Jan 17, 2005 11:50 pm
Location: Ames, Ia

Thu Jul 07, 2005 12:53 am

use the hotspot bypass or ip-binding
Top
 
hotspotsolutions
Member Candidate
Member Candidate
Topic Author
Posts: 119
Joined: Thu Dec 16, 2004 1:48 pm

Sun Jul 10, 2005 9:03 am

I cant find any information on either of the methods you have specified, can you point me in the right direction?
Top
 
User avatar
Roman
Frequent Visitor
Frequent Visitor
Posts: 81
Joined: Wed Oct 06, 2004 11:24 am

Re: Enable Internal Access to IP from External Source

Mon Jul 11, 2005 1:27 pm

I want to access 192.168.1.254:80 on my hotspot subnet, from the web via port 88, or 8080 or whatever.
how about dst-nat? action=dst-nat and chain=dstnat
http://www.mikrotik.com/docs/ros/2.9/ip/nat
Top
 
hotspotsolutions
Member Candidate
Member Candidate
Topic Author
Posts: 119
Joined: Thu Dec 16, 2004 1:48 pm

Tue Jul 12, 2005 2:39 am

I have tried that, I would have thought that would work as well bu tI cant seem to get it to work. I am sure thats it, but I am just not doing it right.
Top
 
User avatar
bjohns
Member Candidate
Member Candidate
Posts: 271
Joined: Sat May 29, 2004 4:11 am
Location: Sippy Downs, Australia
Contact:
Contact bjohns

Tue Jul 12, 2005 3:57 am

I'm guessing you are using the universal client and enabled-address methods for your hotspot clients. You need to specify a static hotspot user and universal client for the device:
Code: Select all
/ ip firewall dst-nat
add dst-address=:8000 protocol=tcp \
action=nat to-dst-address=10.1.1.250 \
to-dst-port=80 comment="DNAT 8000 to internal client device 80"

/ ip firewall mangle
add src-address=10.1.1.250/32 mark-flow=hs-auth \
action=passthrough comment="Allow internal client device out"

/ ip hotspot user 
add name="AP" password="" address=10.1.1.250 \ mac-address=00:00:00:00:00:01 \
profile=default comment="" disabled=no

/ ip hotspot universal access 
add mac-address=00:00:00:00:00:01 \
address=10.1.1.250 to-address=10.1.1.250 \
interface=hotspot comment="" disabled=no
This works for me, probably some bits in there that aren't required tho
Top
Post Reply
  4. RouterOS
  5. General