MikroTik

I'm trying to set my Access Point to be viewable remotely.
I'm running MT RouterOS 4.1 connected via PPPoE client to DSL with non-static. I've created a hotspot and am serving DHCP addresses to wireless clients via my Wireless AP connected to the Hotspot router.
I"ve given the AP a static IP inside the Hotspot address pool.
I've done IP binding with the AP address and Hotspot address.
Created a "bypass" type binding.
Id like to access the AP Gui remotely. I"ve created a new Port on AP to forward to outside.
Or I guess I may not even need to add a new port on the AP. I believe I can keep Port 80 and add a new port i.e. 8082 to the public interface?
It seems to be pretty straightforward when AP is not behind a Hotspot. But, I'm a bit confused as to which path to take with the AP static IP behind the Hotspot and make it remotely viewable.
Is this proper procedure to access AP remotely?
Any examples?
Thanks[attachment=1]firewall.JPG[/attachment

I'm not sure about the physical layout of nodes in your network. Can you explain your network topology, and your network configuration.

Internet-------> DSL PPPoE Modem-------> RouterOS4.1with PPPoE client----> interface1 192.168.1.5 interface2 (Hotspot server) 10.10.0.1-------->ethernet cable-------->UBNT Bullet M2HP in AP/Bridged mode static IP 10.10.0.99------->wireless clients.
Hope this is clear.
So, again. Started with binding the AP address to HotSpot server address. Getting the port (80) on AP to say 8082 on the outside is my dilemna. Any need to add AP as an interface?
Thanks

You have two different networks there, make sure that the first server with RouterOS 4.1 knows where to send the packets (i.e. you need a routing table to the 10.10.0.0/xx network).

That's my question.
So how is this done.?
I should be able to figure this out, simply port forwarding but through a Hotspot. What am I missing?

You need to add a route to network 10.10.0.0/xx with your hotspots IP address as gateway.

For example:

/ip route add dst-address=10.10.0.0/24 gateway=192.168.1.5


Your access point also need a default gateway to your hotspot on the other network interface with IP address 10.10.0.xx.

Shouldn't the Hotspot Winbox setup have installed a default route to ether1?
I'm checking it now.

I'm trying to upload a supout.rif file to send to support". Keep getting invalid supout.rif file.
I see that the fix to that is to back everything up do a reset configuration and restore.
Is that really the fix?
Sounds a bit clunky.

Here's Address config.
------------------------------------
admin@MikroTik] /ip address> print
Flags: X - disabled, I - invalid, D - dynamic
# ADDRESS NETWORK BROADCAST INTERFACE
0 ;;; dlink public to modem
192.168.1.5/24 192.168.1.0 192.168.1.255 ether1
1 ;;; intel lan to wireless
10.10.0.1/24 10.10.0.0 10.10.0.255 ether2
2 D 76.212.147.57/32 151.164.184.154 0.0.0.0 pppoe-out1
-------------------------------------------------------------------
does this show what your suggesting I do? concerning adding a route.
--------------------------------------------------------------------
IP Route config.
-----------------------------
[admin@MikroTik] /ip route> print
Flags: X - disabled, A - active, D - dynamic,
C - connect, S - static, r - rip, b - bgp, o - ospf, m - mme,
B - blackhole, U - unreachable, P - prohibit
# DST-ADDRESS PREF-SRC GATEWAY DISTANCE
0 ADS 0.0.0.0/0 151.164.184.154 1
1 ADC 10.10.0.0/24 10.10.0.1 ether2 0
2 ADC 151.164.184.154/32 76.212.147.57 pppoe-out1 0
3 ADC 192.168.1.0/24 192.168.1.5 ether1
-------------------------------------------------------------------
NAT config.
-------------------------------------------------------------------
[admin@MikroTik] /ip firewall nat> print
Flags: X - disabled, I - invalid, D - dynamic
0 X ;;; place hotspot rules here
chain=unused-hs-chain action=passthrough

1 ;;; masquerade hotspot network
chain=srcnat action=masquerade src-address=10.10.0.0/24
-------------------------------------------------------------------

I think I misunderstood you, I thought that you have two MikroTik routers. If that's the case, then you don't need any routes to the 10.10.0.0 network.

Well, I don't see any dstnat rules for inbound traffic to your access point. You need that if you want your AP to be accessible from the Internet.

Whew,
Thanks, think I might be getting closer.
Yes, I jus did a basic Hotspot setup. I do have the AP pointing to the Hotspot server as the gateway and...

Wireless AP
-------------------------------------------
Address: 10.10.0.99
The DNS servers using "open dns service IP's"
Primary DNS: 208.67.222.222
Secondary DNS: 208.67.220.220
Gateway: 10.10.0.1 (hotspot).
-----------------------------------------
Here's the dstnat rule added recently in regards to your last comment.
----------------------------------------------
[admin@MikroTik] /ip firewall nat> print
Flags: X - disabled, I - invalid, D - dynamic
0 X ;;; place hotspot rules here
chain=unused-hs-chain action=passthrough

1 ;;; masquerade hotspot network
chain=srcnat action=masquerade src-address=10.10.0.0/24

2 chain=.... action=accept

3 chain=dstnat action=dst-nat to-addresses=10.10.0.99 to-ports=80
protocol=tcp dst-address=192.168.1.5 dst-port=8081


Do I have that correct?

What's up with rule # 2?
Is that just a glitch? Doesn't do much I believe?

I need to keep the AP behind the Hotspot obviously. I need a wireless device for the users.
But, I'm adding a camera and now a local small ftp server.
You think I can should add another NIC in my RouterOS box and use that to get outside of the Hotspot?. But how would that work with the PPPoE DSL modem?. Can I add PPPoE client to each device behind card, or too much confusion?
Can I do anything virtual and add interface to get from out behind the Hotspot.
Thanks,

Anybody willing to help with this one? THG?
I've tried everything possible, I'm just about to throw in the towel. I can't even get MT to look at the supout.rif file.

I was pretty sure that you wanted to NAT from internet to your access point, but after the last information it seems that you need to reach your AP from another LAN. You don't need to NAT from LAN to LAN.

Your hotspot may block the traffic to your AP, so check your hotspot rules. It also looks like you masquerade LAN to LAN. You should add outgoing interface to rule 18 in the first screenshot (the interface connected to your ISP).

i have same with you, but after I make my AP as bridge mode, and binding (ip hotspot ip-binding add address='your AP ip' server=all type=bypasse
d) it, i can access my AP..

i have same with you, but after I make my AP as bridge mode, and binding (ip hotspot ip-binding add address='your AP ip' server=all type=bypasse
d) it, i can access my AP..

" I make my AP as bridge mode"
how can I do this? TY