MikroTik

I have a problem with connecting with winbox on routerboard 4xx and 1xx with routerboard OS 3.5 and higher. Same problem i have with connecting on routerboard 532 and 600, when is installed ROS 3.2, 3.3, 3.5 and 3.7 or higher when is routerboard situated in private network and remote control is provided with destination nat on winbox port.

For example: 1.1.1.1:62003 is dstnat on 192.168.2.3 on port 60003. This is private address of routerboard 433 with routerOS 3.9. Winbox port is set to 60003 for my better orientation in ip address and port

If I have install ROS 3.4 (but I must install this from older version, and this is possible only at some routerboard, which is distributed with older version, if I install 3.4 from newer version using downgrade, problem is same and winbox isnt able to connect), then is able to login using winbox tool. But if I upgrade to any higher version of ROS, is unable to login using winbox tool and I have to use telnet.

And routerboard 433 is distributed with RouterOS 3.6 ...

Have you any ideas or solution of that problem?

Thanks you very much, Gringo, Czech republic

1) Make sure that you have correct destination NAT rule.

2) Check that you have changed Winbox port on 'ip service' for 60003.

3) You need to use the latest Winbox version 2.2.13.

The same configuration works fine for me with 3.9 version and the latest Winbox.

1) Make sure that you have correct destination NAT rule.

2) Check that you have changed Winbox port on 'ip service' for 60003.

3) You need to use the latest Winbox version 2.2.13.

The same configuration works fine for me with 3.9 version and the latest Winbox.

Thank for your answer, but every your suggestions i checked about one hundred times and still nothing.

Show me your NAT rule and specify from where you are connecting to the router.

Show me your NAT rule and specify from where you are connecting to the router.

I am sure, that my NAT rule is OK, because on the other routeros, where is mikrotik situated and is in needed version that NAT rule is ok and winbox connection is function. My mistake in NAT settings is out. Probably there is a mistake or system error of producer this system.

1.1.1.1:62003 is DST-NAT at 192.168.2.3:60003, winbox port is set on port 60003, version of mikrotik is 3.9
(1.1.1.1 is my public IP)

Anoher idea,
how can I set SNAT DNAT rules, that mikrotik on private address 192.168.2.3 be accessible when I connect on public address 1.1.1.2

Thank for your answer

Post ip firewall nat print

src-nat rules configuration is reversed dst-nat rule configuration. src-nat rule is required, if you want to set that private host should always sent traffic trough specific IP address [it is required when direct communication is required between host in private network and public host].

this is my dstnat rule ...

chain=dstnat dst-address=1.1.1.1 protocol=tcp dst-port=62003
action=dst-nat to-addresses=192.168.2.3 to-ports=60003

problem isnt in dstnat rule, but sure anywhere else ...