Community discussions

MikroTik App
 
timo38
just joined
Topic Author
Posts: 9
Joined: Tue Mar 03, 2015 6:13 am

Access lan devices from private wan addr of RB750

Wed Mar 04, 2015 5:21 am

I have just got a RB750 and it is setup pretty much with default setting. Ether1(wan 192.168.1.3) connected to a tplink adsl modem/router. A pc (192.168.1.2) is also connected to the tplink.
Ether 2 of the 750 is connected to a gigaset IP phone (192.1.88.251) and a laptop (192.1.88.252) connected to ether3.
I know this is double natting voip but it all works ok .
The trouble is when I try to use the 192.168.1.2 pc to check the gigaset GUI 192.168.88.251 it times out. I can ping ok but not connect.
Have tried static route ,dst nat ,firewall rules (disabled the drop rule) added an accept rule but all without success and I am looking for a few pointers to how to achieve going backwards through nat (wan to lan ) without a prior connection from the lan out.
This is not a setup I will end up with but I am trying various setups as a way of learning the router commands.So far I have had pppoe setup and working but am stuck in achieving this especially as it seems, and probably is, very simple.
 
User avatar
leoservices
Trainer
Trainer
Posts: 169
Joined: Fri Jan 13, 2012 2:20 am
Location: Belo Horizonte - MG - Brazil
Contact:

Re: Access lan devices from private wan addr of RB750

Fri Mar 06, 2015 2:20 am

On Router TPLINK need to have a static route to the network 192.168.88.0/24
 
timo38
just joined
Topic Author
Posts: 9
Joined: Tue Mar 03, 2015 6:13 am

Re: Access lan devices from private wan addr of RB750

Fri Mar 06, 2015 7:07 am

Thanks but that by itself doesn't work and just times out. I think that I need a port forwarding rule to make use of dstnat to get to the 192.168.88.0 network but the ones I tried didn't work either.
 
User avatar
shadowskippie
Member Candidate
Member Candidate
Posts: 213
Joined: Tue Dec 21, 2010 6:20 pm

Re: Access lan devices from private wan addr of RB750

Fri Mar 06, 2015 7:41 am

unless i'm not understanding what you are saying you'll need to port forward on the Mtik to that the 192.168.1.x subnet can talk past the nat to the 192.168.88.x subnet
 
timo38
just joined
Topic Author
Posts: 9
Joined: Tue Mar 03, 2015 6:13 am

Re: Access lan devices from private wan addr of RB750

Fri Mar 06, 2015 11:43 am

unless i'm not understanding what you are saying you'll need to port forward on the Mtik to that the 192.168.1.x subnet can talk past the nat to the 192.168.88.x subnet
Thanks for your response but I have had no joy with this. I tried to PF networks as you posted then tried with specific device ips where my pc is 192.168.1.2.

chain=dstnat action=dst-nat to-addresses=192.168.88.199 to-ports=80
protocol=tcp src-address=192.168.1.2 log=no log-prefix=""

I then hooked wireshark on my 192.168.1.0 network and on the mikrotik using mirror port and target. I can see a whole series of identical TCP [syn]s being sent from the PC to 192.168.88.199 as the first leg in trying to establish a gui connection but no sign of a response and nothing showing on wireshark on the 192.168.88.0 ether 2 side. voip is till registering and able to make calls ok.
Something is blocking access from my wan to lan from getting through the 750. Tried without port 80 and without TCP. Captured the TCP handshake ok when opening the gui from the 192.168.88.0 side. Moved the rule to the top but nothing is coming through. I am rapidly running out of things to try. Firewall filter rules are all default ones.
 
timo38
just joined
Topic Author
Posts: 9
Joined: Tue Mar 03, 2015 6:13 am

Re: Access lan devices from private wan addr of RB750

Wed Mar 11, 2015 12:03 pm

Problem solved. The gigaset has some security feature which will only allow the GUI to be open by a request coming from its own network. All my requests were coming from a pc in the 192.168.1.0/24 network using dst-nat and were failing. Added a src-nat rule to change the incoming request to replace the src address of 192.168.1.2 with 192.168.88.1 ( ether 2 addr) and the GUI opened in my 192.168.1.2 PC. Thanks for the help especially shadowskippie who put me on the right track.

Who is online

Users browsing this forum: helpme, jaclaz and 19 guests