I recently started implementing Mikrotik RouterOS devices on my client deployments.
My goal is to be able to remotely administer client router with Winbox and telnet.
My first client location, I am having trouble getting remote management to work. I have a DSL circuit with a static address. The modem is set into Transparent Bridge mode. Modem connects to Mikrotik RB2011 via onboard switch port
I can ping the static address off-site of client premise.
I created a firewall rule, see below;
[admin@MikroTik] > ip firewall filter export
# jan/03/1970 01:24:59 by RouterOS 6.18
# software id = T1SI-5IY6
#
/ip firewall filter
add chain=input dst-address=192.168.88.1 dst-port=8291 protocol=tcp src-address=0.0.0.0/0 src-port=8291
add chain=input dst-address=192.168.88.1 dst-port=23 protocol=tcp src-address=0.0.0.0/0 src-port=23
add chain=input comment="default configuration" protocol=icmp
add chain=input comment="default configuration" connection-state=established
add chain=input comment="default configuration" connection-state=related
add action=drop chain=input comment="default configuration" in-interface=ether1-gateway
add chain=forward comment="default configuration" connection-state=established
add chain=forward comment="default configuration" connection-state=related
add action=drop chain=forward comment="default configuration" connection-state=invalid
[admin@MikroTik] >
------------------------------------
Here is the output of nat
/ip firewall nat export>[admin@MikroTik] > ip firewall nat export
# jan/03/1970 01:25:27 by RouterOS 6.18
# software id = T1SI-5IY6
#
/ip firewall nat
add action=masquerade chain=srcnat comment="default configuration" out-interface=ether1-gateway
------------------------------------------------------------------
When testing offsite of client premise with Winbox, it times out.
My questions. It will be a few weeks before I can get back onsite to reconfig.
1. Does the firewall routes look appropriate? I dont need to specify interface do I?
2. Even though the DSL modem is in transparent-bridge mode, do I still need to port forward to Mikrotik?