helping plzzzzzzzz :(

bassembotros · Sat Nov 19, 2011 7:13 pm

i have two servers connecting to each other .....
the first server is using the PCC way to merging two adsl lines (it connected to internet )
the second server is to give internet to users by using hotspot ( it connected to the 1st server )
i can make a remote access to my first server through internet (by using the bridge mode in router and PPPoE )
but i can't make it to the second server
the qusetion here is ... how to make a remote access to the second server ?

sadeghrafie · Sat Nov 19, 2011 7:35 pm

If you want to handle your problem, we need more info about your network.

Specific answers require specific questions. When in doubt, post the output of "/ip address print detail", "/ip route print detail", "/interface print detail", "/ip firewall export", and an accurate network diagram.

Don't forgot about Network diagram. Put the detail on it.

bassembotros · Tue Nov 22, 2011 12:43 pm

If you want to handle your problem, we need more info about your network.
Specific answers require specific questions. When in doubt, post the output of "/ip address print detail", "/ip route print detail", "/interface print detail", "/ip firewall export", and an accurate network diagram.
Don't forgot about Network diagram. Put the detail on it.

okay let's start
this is a digram for my network

The 1st server ( for merging)
1- interfaces

2- IP address and routes

3- Firewall Mangle

4- Firewall Nat

so i can access the merging server remotely by writting my real ip in the winbox

The 2nd server ( for hot spot )
1- Interfaces

2- IP address

but i can't access the Hotspot server
what's the solution ??

bassembotros · Mon Nov 28, 2011 3:40 am

If you want to handle your problem, we need more info about your network.
Specific answers require specific questions. When in doubt, post the output of "/ip address print detail", "/ip route print detail", "/interface print detail", "/ip firewall export", and an accurate network diagram.
Don't forgot about Network diagram. Put the detail on it.

please reply

sadeghrafie · Wed Nov 30, 2011 6:06 pm

If you want to access to the second Router via your single Public IP(real):

1) Setup a PPTP server on first router. >> http://wiki.mikrotik.com/wiki/Manual:Interface/PPTP>
2) Connect to the first server via PPTP(VPN connection) using Public IP.
3) Put the private IP of second router (10.5.50.2) in winbox IP address Space.

Or
If you don't want to use VPN connection, You can connect to first router with Winbox and the second with Webfig.
Just add a NAT rule in firewall of first Router which NAT incoming traffic to port 80 of the second router

ip firewall nat add chain=dstnat dst-address="Your Public IP" dst-port=80 action=dst-nat to-addresses=10.5.50.2 to-ports=80

bassembotros · Wed Nov 30, 2011 7:14 pm

If you want to access to the second Router via your single Public IP(real):

1) Setup a PPTP server on first router. >> http://wiki.mikrotik.com/wiki/Manual:Interface/PPTP>
2) Connect to the first server via PPTP(VPN connection) using Public IP.
3) Put the private IP of second router (10.5.50.2) in winbox IP address Space.

Or
If you don't want to use VPN connection, You can connect to first router with Winbox and the second with Webfig.
Just add a NAT rule in firewall of first Router which NAT incoming traffic to port 80 of the second router
Code: Select all
ip firewall nat add chain=dstnat dst-address="Your Public IP" dst-port=80 action=dst-nat to-addresses=10.5.50.2 to-ports=80

thanks sadeghrafie very much i will try those methods
but i'm very sorry to ask you another question

This is the Digram

The 1st server connecting with two lines (ADSL lines ) each one is (4MB)

*Interfaces

*IP address and Routes

*Firewall Mangle (for merging )

*Firewall Nat

i have a question here why is the ISP1 (Tx & Rx ) is always higher than ISP2 (Tx & Rx)

so this may be can't give the speed with 800KB/s
...i always get a speed 400 kB/s no more

please reply

sadeghrafie · Thu Dec 01, 2011 8:37 am

The pictures is not saying enough. try to post the codes

post the output of "/ip address print detail", "/ip route print detail", "/interface print detail", "/ip firewall export"

Are you familiar with them in terminal? and put them in "

"

bassembotros · Thu Dec 01, 2011 2:30 pm

The pictures is not saying enough. try to post the codes
post the output of "/ip address print detail", "/ip route print detail", "/interface print detail", "/ip firewall export"
Are you familiar with them in terminal? and put them in "
Code: Select all
"

This is my Network Digram

consist of two servers :
the first one to merging lines
the second one for hotspot

The 1st server connecting with two lines (ADSL lines ) each one is (4MB)

*Interfaces

*IP address and Routes

*Firewall Mangle (for merging )

*Firewall Nat

i have a question here( in the interface IMAGE) why is the ISP1 (Tx & Rx ) is always higher than ISP2 (Tx & Rx)

where ISP1 Tx Packets (130) ,and ISP2 Tx Packets (11)
so this may be can't give the speed with 800KB/s
...i always get a speed 400 kB/s no more when i download with IDM

bassembotros · Fri Dec 02, 2011 11:51 pm

sadeghrafie please reply

sadeghrafie · Sat Dec 03, 2011 6:33 pm

sadeghrafie please reply

I don't have any idea about these pictures!!!!!!!

bassembotros · Sat Dec 03, 2011 7:42 pm

are the picture not clear........ by the way thanx for you concern

Muhammad · Sat Dec 03, 2011 8:42 pm

are the picture not clear........ by the way thanx for you concern

if you post hare your configuration, then we can help you, but in this pictures we cant see your configurations

bassembotros · Mon Dec 05, 2011 1:38 am

what kind of configuration do you want to know ??
the picture clear every thing

Muhammad · Mon Dec 05, 2011 6:39 am

what kind of configuration do you want to know ??
the picture clear every thing

Man, no need picture, if you want to show your firewall configuration then just type in terminal (ip firewall nat print) and copy that text and past hare, then we can understand what you want
and print your firewall-filter and mangle also only text not pictures

bassembotros · Tue Dec 06, 2011 1:34 am

firewall filter

chain=unused-hs-chain action=passthrough

firewall nat
0 X ;;; place hotspot rules here
chain=unused-hs-chain action=passthrough

1 chain=srcnat action=masquerade out-interface=pppoe-out1

2 chain=srcnat action=masquerade out-interface=ISP2

3 ;;; masquerade hotspot network
chain=srcnat action=masquerade src-address=10.5.50.0/24

firewall mangle

0 chain=prerouting action=accept dst-address=192.168.1.0/24 hotspot=auth
in-interface=LAN

1 chain=prerouting action=accept dst-address=192.168.2.0/24 hotspot=auth
in-interface=LAN

2 chain=prerouting action=mark-connection new-connection-mark=ISP1_conn
passthrough=yes hotspot=auth in-interface=ISP1 connection-mark=no-mark

3 chain=prerouting action=mark-connection new-connection-mark=ISP2_conn
passthrough=yes hotspot=auth in-interface=ISP2 connection-mark=no-mark

4 chain=prerouting action=mark-connection new-connection-mark=ISP1_conn
passthrough=yes dst-address-type=!local hotspot=auth in-interface=LAN
connection-mark=no-mark per-connection-classifier=both-addresses:2/0

5 chain=prerouting action=mark-connection new-connection-mark=ISP2_conn
passthrough=yes dst-address-type=!local hotspot=auth in-interface=LAN
connection-mark=no-mark per-connection-classifier=both-addresses:2/1

6 chain=prerouting action=mark-routing new-routing-mark=to_ISP1
passthrough=yes hotspot=auth in-interface=LAN connection-mark=ISP1_conn

bassembotros · Wed Jan 18, 2012 10:50 am

If you want to access to the second Router via your single Public IP(real):

1) Setup a PPTP server on first router. >> http://wiki.mikrotik.com/wiki/Manual:Interface/PPTP>
2) Connect to the first server via PPTP(VPN connection) using Public IP.
3) Put the private IP of second router (10.5.50.2) in winbox IP address Space.

Or
If you don't want to use VPN connection, You can connect to first router with Winbox and the second with Webfig.
Just add a NAT rule in firewall of first Router which NAT incoming traffic to port 80 of the second router
Code: Select all
ip firewall nat add chain=dstnat dst-address="Your Public IP" dst-port=80 action=dst-nat to-addresses=10.5.50.2 to-ports=80

dear sadeghrafie
when i make the second choice and apply this rule (router

ip firewall nat add chain=dstnat dst-address="Your Public IP" dst-port=80 action=dst-nat to-addresses=10.5.50.2 to-ports=80

)
this message appear to me (failure: to-ports valid only for tcp/udp)
and so i use the protocol 6 (tcp)
but when i want to use the webfig it gives me a gateway failer so that i can't access the second server

(
can you explain to me how to access by the first way you explain
or can you modify this code you write
thanx

Caci99 · Wed Jan 18, 2012 12:25 pm

ip firewall nat add chain=dstnat dst-address="Your Public IP" dst-port=8080 action=dst-nat to-addresses=10.5.50.2 to-ports=80

Keep in mind not to use port 80 in dst-port, since the first router is already servicing it's own web service
on that port.

bassembotros · Thu Jan 19, 2012 12:02 pm

Code: Select all
ip firewall nat add chain=dstnat dst-address="Your Public IP" dst-port=8080 action=dst-nat to-addresses=10.5.50.2 to-ports=80
Keep in mind not to use port 80 in dst-port, since the first router is already servicing it's own web service
on that port.

dear caci99
thanx for your reply
but when i used that code it gives to me failure: to-ports valid only for tcp/udp

so should i have the tcp or udp and if i should to use this>> why you didn't use it in the code ??

bassembotros · Thu Jan 19, 2012 12:06 pm

when i use also tcp protocol it gives to me the access to my first sever not the second what's the solution ???

Caci99 · Thu Jan 19, 2012 4:10 pm

You should use the tcp protocol
If it is your first router answering it means that you are probably serving webservice
on port 8080. You can check that going to IP->Services and there you should find on what
port the webservice is running. Also, check it out on the second router.

bassembotros · Fri Jan 20, 2012 1:22 pm

You should use the tcp protocol
If it is your first router answering it means that you are probably serving webservice
on port 8080. You can check that going to IP->Services and there you should find on what
port the webservice is running. Also, check it out on the second router.

i think port 8080 isn't a correct asnwer
because i have a RB connecting to 2 routers
the gateway of the first router is 192.168.1.1
the gateway of the second router is 192.168.2.1

so when i use the code

ip firewall nat add chain=dstnat dst-address=" Public IP" dst-port=8080 action=dst-nat to-addresses=192.168.2.1 to-ports=80

i accessed the first router not the second

but when i used that code

ip firewall nat add chain=dstnat dst-address=" Public IP" dst-port=80 action=dst-nat to-addresses=192.168.2.1 to-ports=80

i accessed the second router

so i think it's port 80 not port 8080

helping plzzzzzzzz :(

helping plzzzzzzzz :(

Re: helping plzzzzzzzz :(

Re: helping plzzzzzzzz :(

Re: helping plzzzzzzzz :(

Re: helping plzzzzzzzz :(

Re: helping plzzzzzzzz :(

Re: helping plzzzzzzzz :(

Re: helping plzzzzzzzz :(

Re: helping plzzzzzzzz :(

Re: helping plzzzzzzzz :(

Re: helping plzzzzzzzz :(

Re: helping plzzzzzzzz :(

Re: helping plzzzzzzzz :(

Re: helping plzzzzzzzz :(

Re: helping plzzzzzzzz :(

Re: helping plzzzzzzzz :(

Re: helping plzzzzzzzz :(

Re: helping plzzzzzzzz :(

Re: helping plzzzzzzzz :(

Re: helping plzzzzzzzz :(

Re: helping plzzzzzzzz :(