Friends,
We have 2 mikrotik boxes,
Box1-- wan ip 201.75.75.1
Lan ip 172.20.20.254

Box2-- Wan ip 172.20.20.252 (via PPPOE)
Lan ip 11.1.1.1

How can I access the box2 from out side the network via winbox. Thank you

The WAN IP from your 2nd MT BOX, is that a real IP? if it is a real IP then I think you can login to your MT with winbox from any where, if that is not a real IP, actually I don't have anything in my head right now... I'll let you know after I Thought it out my self

By the way is that you in your picture ....huh huh huh never mind.

Peace

First, I would suggest you to change the LAN IP in the BOX 2, because it is a Public IP and it can create you problems if any of your clients wants to open a web site which has IP 11.1.1.2, if you want to access the second MT via winbox you should use dst-nat in order to achieve that.

Regards.

Faton

Or you log-in to the first router and from hier you login with ssh to second.

Forward port 8291 over an ssh tunnel to the outer box( 201.75.75.1)
Then you can use winbox by putting " localhost " in the addressbar of winbox

If your laptop etc is running linux go

ssh -L 8291:IP_OF_INSIDE_BOX:8291 admin@201.75.75.1

log in , leave that running , start up winbox and put

localhost

where you normally put the address in winbox.

Thank you for the replies.
I want to use winbox to access it.

Forward port 8291 over an ssh tunnel to the outer box( 201.75.75.1)
Then you can use winbox by putting " localhost " in the addressbar of winbox

If your laptop etc is running linux go

ssh -L 8291:IP_OF_INSIDE_BOX:8291 admin@201.75.75.1

log in , leave that running , start up winbox and put

localhost

where you normally put the address in winbox.

I am not sure exactly how to do this?
Can you elaborate?

First, I would suggest you to change the LAN IP in the BOX 2, because it is a Public IP and it can create you problems if any of your clients wants to open a web site which has IP 11.1.1.2, if you want to access the second MT via winbox you should use dst-nat in order to achieve that.

Regards.

Faton

Can you post the rule please. Does it go in the box1 or box2
Thanks

Use the PuTTY SSH windows client to do this. http://www.chiark.greenend.org.uk/~sgtatham/putty/
Open PuTTY, enter the destination address (your outside RouterOS ip address), but do NOT click the "Open" button to connect yet.
In the left options tree go to "Connection => SSH => Tunnels", enter "8291" in the "Source port" field. Then type "172.20.20.252:8291" in the "Destination" field. And make sure you click the "Add" button.
Now start your SSH connection (click "Open" in the lower right part of the PuTTY window).

After you have successfully authenticated your SSH session, you can start your WinBox, type in "localhost" in the Connect to: field with the correct username/password of your nat'd machine to log in with WinBox (tunneled via your SSH connection).

Most simple method is to set pptp server on MT which is connected to internet directly.

After you connect to pptp server, your computer becomes member of local network and you may see everything (what is allowed to be seen).

Use the PuTTY SSH windows client to do this. http://www.chiark.greenend.org.uk/~sgtatham/putty/
Open PuTTY, enter the destination address (your outside RouterOS ip address), but do NOT click the "Open" button to connect yet.
In the left options tree go to "Connection => SSH => Tunnels", enter "8291" in the "Source port" field. Then type "172.20.20.252:8291" in the "Destination" field. And make sure you click the "Add" button.
Now start your SSH connection (click "Open" in the lower right part of the PuTTY window).

After you have successfully authenticated your SSH session, you can start your WinBox, type in "localhost" in the Connect to: field with the correct username/password of your nat'd machine to log in with WinBox (tunneled via your SSH connection).

Hi,
this method works very well. Thank you everybody for your help, Thank you Kingcon