Page 1 of 1
helping plzzzzzzzz :(
Posted: Sat Nov 19, 2011 7:13 pm
by bassembotros
i have two servers connecting to each other .....
the first server is using the PCC way to merging two adsl lines (it connected to internet )
the second server is to give internet to users by using hotspot ( it connected to the 1st server )
i can make a remote access to my first server through internet (by using the bridge mode in router and PPPoE )
but i can't make it to the second server
the qusetion here is ... how to make a remote access to the second server ?
Re: helping plzzzzzzzz :(
Posted: Sat Nov 19, 2011 7:35 pm
by sadeghrafie
If you want to handle your problem, we need more info about your network.
Specific answers require specific questions. When in doubt, post the output of "/ip address print detail", "/ip route print detail", "/interface print detail", "/ip firewall export", and an accurate network diagram.
Don't forgot about Network diagram. Put the detail on it.
Re: helping plzzzzzzzz :(
Posted: Tue Nov 22, 2011 12:43 pm
by bassembotros
If you want to handle your problem, we need more info about your network.
Specific answers require specific questions. When in doubt, post the output of "/ip address print detail", "/ip route print detail", "/interface print detail", "/ip firewall export", and an accurate network diagram.
Don't forgot about Network diagram. Put the detail on it.
okay let's start
this is a digram for my network
The 1st server ( for merging)
1- interfaces
2- IP address and routes
3- Firewall Mangle
4- Firewall Nat
so i can access the merging server remotely by writting my real ip in the winbox
The 2nd server ( for hot spot )
1- Interfaces
2- IP address
but i can't access the Hotspot server
what's the solution ??
Re: helping plzzzzzzzz :(
Posted: Mon Nov 28, 2011 3:40 am
by bassembotros
If you want to handle your problem, we need more info about your network.
Specific answers require specific questions. When in doubt, post the output of "/ip address print detail", "/ip route print detail", "/interface print detail", "/ip firewall export", and an accurate network diagram.
Don't forgot about Network diagram. Put the detail on it.
please reply
Re: helping plzzzzzzzz :(
Posted: Wed Nov 30, 2011 6:06 pm
by sadeghrafie
If you want to access to the second Router via your single Public IP(real):
1) Setup a PPTP server on first router. >>
http://wiki.mikrotik.com/wiki/Manual:Interface/PPTP>
2) Connect to the first server via PPTP(VPN connection) using Public IP.
3) Put the private IP of second router (10.5.50.2) in winbox IP address Space.
Or
If you don't want to use VPN connection, You can connect to first router with
Winbox and the second with
Webfig.
Just add a NAT rule in firewall of first Router which NAT incoming traffic to port 80 of the second router
ip firewall nat add chain=dstnat dst-address="Your Public IP" dst-port=80 action=dst-nat to-addresses=10.5.50.2 to-ports=80
Re: helping plzzzzzzzz :(
Posted: Wed Nov 30, 2011 7:14 pm
by bassembotros
If you want to access to the second Router via your single Public IP(real):
1) Setup a PPTP server on first router. >>
http://wiki.mikrotik.com/wiki/Manual:Interface/PPTP>
2) Connect to the first server via PPTP(VPN connection) using Public IP.
3) Put the private IP of second router (10.5.50.2) in winbox IP address Space.
Or
If you don't want to use VPN connection, You can connect to first router with
Winbox and the second with
Webfig.
Just add a NAT rule in firewall of first Router which NAT incoming traffic to port 80 of the second router
ip firewall nat add chain=dstnat dst-address="Your Public IP" dst-port=80 action=dst-nat to-addresses=10.5.50.2 to-ports=80
thanks sadeghrafie very much i will try those methods
but i'm very sorry to ask you another question
This is the Digram
The 1st server connecting with two lines (ADSL lines ) each one is (4MB)
*Interfaces
*IP address and Routes
*Firewall Mangle (for merging )
*Firewall Nat
i have a question here why is the ISP1 (Tx & Rx ) is always higher than ISP2 (Tx & Rx)
so this may be can't give the speed with 800KB/s
...i always get a speed 400 kB/s no more
please reply
Re: helping plzzzzzzzz :(
Posted: Thu Dec 01, 2011 8:37 am
by sadeghrafie
The pictures is not saying enough. try to post the codes
post the output of "/ip address print detail", "/ip route print detail", "/interface print detail", "/ip firewall export"
Are you familiar with them in terminal? and put them in "
"
Re: helping plzzzzzzzz :(
Posted: Thu Dec 01, 2011 2:30 pm
by bassembotros
The pictures is not saying enough. try to post the codes
post the output of "/ip address print detail", "/ip route print detail", "/interface print detail", "/ip firewall export"
Are you familiar with them in terminal? and put them in "
"
This is my Network Digram
consist of two servers :
the first one to merging lines
the second one for hotspot
The 1st server connecting with two lines (ADSL lines ) each one is (4MB)
*Interfaces
*IP address and Routes
*Firewall Mangle (for merging )
*Firewall Nat
i have a question here( in the interface IMAGE) why is the ISP1 (Tx & Rx ) is always higher than ISP2 (Tx & Rx)
where ISP1 Tx Packets (
130) ,and ISP2 Tx Packets (
11)
so this may be can't give the speed with 800KB/s
...i always get a speed 400 kB/s no more when i download with IDM
Re: helping plzzzzzzzz :(
Posted: Fri Dec 02, 2011 11:51 pm
by bassembotros
sadeghrafie please reply
Re: helping plzzzzzzzz :(
Posted: Sat Dec 03, 2011 6:33 pm
by sadeghrafie
sadeghrafie please reply
I don't have any idea about these pictures!!!!!!!
Re: helping plzzzzzzzz :(
Posted: Sat Dec 03, 2011 7:42 pm
by bassembotros
are the picture not clear........ by the way thanx for you concern
Re: helping plzzzzzzzz :(
Posted: Sat Dec 03, 2011 8:42 pm
by Muhammad
are the picture not clear........ by the way thanx for you concern
if you post hare your configuration, then we can help you, but in this pictures we cant see your configurations
Re: helping plzzzzzzzz :(
Posted: Mon Dec 05, 2011 1:38 am
by bassembotros
what kind of configuration do you want to know ??
the picture clear every thing
Re: helping plzzzzzzzz :(
Posted: Mon Dec 05, 2011 6:39 am
by Muhammad
what kind of configuration do you want to know ??
the picture clear every thing
Man, no need picture, if you want to show your firewall configuration then just type in terminal (ip firewall nat print) and copy that text and past hare, then we can understand what you want
and print your firewall-filter and mangle also only text not pictures
Re: helping plzzzzzzzz :(
Posted: Tue Dec 06, 2011 1:34 am
by bassembotros
firewall filter
chain=unused-hs-chain action=passthrough
firewall nat
0 X ;;; place hotspot rules here
chain=unused-hs-chain action=passthrough
1 chain=srcnat action=masquerade out-interface=pppoe-out1
2 chain=srcnat action=masquerade out-interface=ISP2
3 ;;; masquerade hotspot network
chain=srcnat action=masquerade src-address=10.5.50.0/24
firewall mangle
0 chain=prerouting action=accept dst-address=192.168.1.0/24 hotspot=auth
in-interface=LAN
1 chain=prerouting action=accept dst-address=192.168.2.0/24 hotspot=auth
in-interface=LAN
2 chain=prerouting action=mark-connection new-connection-mark=ISP1_conn
passthrough=yes hotspot=auth in-interface=ISP1 connection-mark=no-mark
3 chain=prerouting action=mark-connection new-connection-mark=ISP2_conn
passthrough=yes hotspot=auth in-interface=ISP2 connection-mark=no-mark
4 chain=prerouting action=mark-connection new-connection-mark=ISP1_conn
passthrough=yes dst-address-type=!local hotspot=auth in-interface=LAN
connection-mark=no-mark per-connection-classifier=both-addresses:2/0
5 chain=prerouting action=mark-connection new-connection-mark=ISP2_conn
passthrough=yes dst-address-type=!local hotspot=auth in-interface=LAN
connection-mark=no-mark per-connection-classifier=both-addresses:2/1
6 chain=prerouting action=mark-routing new-routing-mark=to_ISP1
passthrough=yes hotspot=auth in-interface=LAN connection-mark=ISP1_conn
Re: helping plzzzzzzzz :(
Posted: Wed Jan 18, 2012 10:50 am
by bassembotros
If you want to access to the second Router via your single Public IP(real):
1) Setup a PPTP server on first router. >>
http://wiki.mikrotik.com/wiki/Manual:Interface/PPTP>
2) Connect to the first server via PPTP(VPN connection) using Public IP.
3) Put the private IP of second router (10.5.50.2) in winbox IP address Space.
Or
If you don't want to use VPN connection, You can connect to first router with
Winbox and the second with
Webfig.
Just add a NAT rule in firewall of first Router which NAT incoming traffic to port 80 of the second router
ip firewall nat add chain=dstnat dst-address="Your Public IP" dst-port=80 action=dst-nat to-addresses=10.5.50.2 to-ports=80
dear sadeghrafie
when i make the second choice and apply this rule (router
ip firewall nat add chain=dstnat dst-address="Your Public IP" dst-port=80 action=dst-nat to-addresses=10.5.50.2 to-ports=80
)
this message appear to me (failure: to-ports valid only for tcp/udp)
and so i use the protocol 6 (tcp)
but when i want to use the webfig it gives me a gateway failer so that i can't access the second server
(
can you explain to me how to access by the first way you explain
or can you modify this code you write
thanx
Re: helping plzzzzzzzz :(
Posted: Wed Jan 18, 2012 12:25 pm
by Caci99
ip firewall nat add chain=dstnat dst-address="Your Public IP" dst-port=8080 action=dst-nat to-addresses=10.5.50.2 to-ports=80
Keep in mind not to use port 80 in dst-port, since the first router is already servicing it's own web service
on that port.
Re: helping plzzzzzzzz :(
Posted: Thu Jan 19, 2012 12:02 pm
by bassembotros
ip firewall nat add chain=dstnat dst-address="Your Public IP" dst-port=8080 action=dst-nat to-addresses=10.5.50.2 to-ports=80
Keep in mind not to use port 80 in dst-port, since the first router is already servicing it's own web service
on that port.
dear caci99
thanx for your reply
but when i used that code it gives to me
failure: to-ports valid only for tcp/udp
so should i have the tcp or udp and if i should to use this>> why you didn't use it in the code ??
Re: helping plzzzzzzzz :(
Posted: Thu Jan 19, 2012 12:06 pm
by bassembotros
when i use also tcp protocol it gives to me the access to my first sever not the second what's the solution ???
Re: helping plzzzzzzzz :(
Posted: Thu Jan 19, 2012 4:10 pm
by Caci99
You should use the tcp protocol
If it is your first router answering it means that you are probably serving webservice
on port 8080. You can check that going to IP->Services and there you should find on what
port the webservice is running. Also, check it out on the second router.
Re: helping plzzzzzzzz :(
Posted: Fri Jan 20, 2012 1:22 pm
by bassembotros
You should use the tcp protocol
If it is your first router answering it means that you are probably serving webservice
on port 8080. You can check that going to IP->Services and there you should find on what
port the webservice is running. Also, check it out on the second router.
i think port 8080 isn't a correct asnwer
because i have a RB connecting to 2 routers
the gateway of the first router is 192.168.1.1
the gateway of the second router is 192.168.2.1
so when i use the code
ip firewall nat add chain=dstnat dst-address=" Public IP" dst-port=8080 action=dst-nat to-addresses=192.168.2.1 to-ports=80
i accessed the first router not the second
but when i used that code
ip firewall nat add chain=dstnat dst-address=" Public IP" dst-port=80 action=dst-nat to-addresses=192.168.2.1 to-ports=80
i accessed the second router
so i think it's port 80 not port 8080