Asking specifically about connecting via discovery and MAC address? Or just in general?
One could hope that access was restricted coming from the WAN side with a connect list or firewall rule. Also neighbor discovery might be disable on the WAN interface. I'd connect from the LAN side unless there's some reason to do otherwise. -----Original Message----- From: AF <[email protected]> On Behalf Of [email protected] Sent: Friday, July 5, 2019 12:50 PM To: AnimalFarm Microwave Users Group <[email protected]> Subject: Re: [AFMUG] Gonna need some help please. Does it matter which port you connect to? WAN? -----Original Message----- From: David Coudron Sent: Friday, July 5, 2019 11:34 AM To: AnimalFarm Microwave Users Group Subject: Re: [AFMUG] Gonna need some help please. One of the nice things about the Mikrotik is that if you are on the same subnet, you can discover the device without have IP configured correctly. Look in Neighbors tab in the Winbox interface and it should list the device by Mac address if you are on the same subnet. Clicking the Mac address and Connect will allow you to get into the router and get it configured. No need to set a static IP on your computer if you don't want to. Regards, David Coudron [email protected] | Mobile: 612-991-7474 Advantenon, Inc. [email protected] | 3500 Vicksburg Lane N, Suite 315, Plymouth, MN 55447 | www.advantenon.com | Phone: 800-704-4720 | Local: 612-454-1545 -----Original Message----- From: AF <[email protected]> On Behalf Of Ken Hohhof Sent: Friday, July 5, 2019 12:14 PM To: 'AnimalFarm Microwave Users Group' <[email protected]> Subject: Re: [AFMUG] Gonna need some help please. 3 methods - command line, winbox, or webfig. I recommend winbox. It's an executable you can download here: https://mikrotik.com/download You will need the router IP address (default 192.168.88.1 but probably has been changed) and the username/password (default admin and blank password but almost certainly has been changed). -----Original Message----- From: AF <[email protected]> On Behalf Of [email protected] Sent: Friday, July 5, 2019 12:09 PM To: [email protected] Subject: Re: [AFMUG] Gonna need some help please. OK, today is the day I attempt this. Already had the Voip company switch IPs so the phones are down until I make this change. Not sure how to log into the RB2011. I presume the normal default IPs for things like this. My IT son is visiting for the weekend. Once he decides to get up and join the ranks of the living hopefully he will come down to the shop and help me out. I may need assistance, wish me luck. -----Original Message----- From: Adam Moffett Sent: Monday, June 24, 2019 7:46 PM To: [email protected] Subject: Re: [AFMUG] Gonna need some help please. Oh....After re-reading it looks like you're avoiding NAT by putting servers into a public /29. I completely misread what you were looking for. So yeah, by default the RB2011 will have the first Ethernet port set up as the WAN with DHCP, and everything exiting via that port gets masqueraded....so you'll want to change that masquerade rule so it only matches the private IP's. Add the static IP to ether1. Add the static default route by adding a route to destination 0.0.0.0/0 with gateway of 76.76.252.1. Add static DNS servers under IP->DNS Remove the DHCP-client on ether1. Add the /29 to interface bridge-local Under IP->Firewall->NAT, edit the masquerade rule by removing the "out interface" criteria. Add a new criteria for source IP 192.168.88.0/24. Now your DHCP clients get private IP's and NAT, but your servers with static IP's don't. I think that's the bare minimum, and it ought to be dead simple in Winbox. On 6/24/2019 8:34 PM, Chuck McCown wrote: > Thanks > Still need a config for the RB. > > -----Original Message----- From: Adam Moffett > Sent: Monday, June 24, 2019 6:29 PM > To: [email protected] > Subject: Re: [AFMUG] Gonna need some help please. > > It can work behind NAT....I'm doing it. > As I recall, I forwarded ports 5060-5070 and 10,000-15,000. > In Asterisk config I had to > * limit Asterisk to using those ports > * specify the real WAN IP so that gets included in SIP messages > * specify the LAN IP's so Asterisk knows when to use it's NAT hacks > * probably canreinvite=no and nat=yes on SIP peers > > I didn't do anything on the router other than the port forwarding. You > probably don't need 5,000 RTP ports....but you're probably also not > using them for anything else so it's not going to hurt. This isn't > going to be fiddling with your router config much, it's going to be > mostly fiddling with Asterisk. > > Oh, I guess I did add some rules in the Mikrotik to automatically > blacklist IP's that generate too many Auth failure messages on SIP > ports. That keeps the Asterisk logs uncluttered, but isn't strictly > necessary. > > -Adam > > > On 6/24/2019 8:10 PM, Forrest Christian (List Account) wrote: >> What are the symptoms? >> >> Are you getting call setup requests but no audio, etc? >> >> setting nat=yes and canreinvite=no fixes a lot of these, at the >> expense of having to have all of the call audio going through the >> asterisk box. Be aware that this suggestion might be dated since I >> haven't dealt with an astersisk setup for quite some time (mine just >> keeps chugging along wiht little maintenance). >> >> >> On Mon, Jun 24, 2019 at 5:34 PM <[email protected]> wrote: >>> I have an asterisk system speaking to my SIP provider. One end or >>> the other (or both) do not tolerate NAT. We for years we have had a >>> Static for the SIP trunks. And a mix of other statics and DHCP >>> circuits for everything else we do. So coming from the ONT we first >>> hit a switch and then off to Asterisk, other servers and a RB router. >>> >>> I am now switching to a /29 for everything. So the ONT ethernet >>> will first hit a RB2011 iL-IN (assuming it is capable of doing what >>> we need) and then go to our various other servers as well as the Asterisk system. >>> >>> I am not a router guy. I took exactly one Cisco router class >>> probably back in 2003. I may have upgraded one Cisco router once >>> back when you could buy one license but apply it to multiple >>> devices. Not sure if they plugged that hole, I imagine they did. >>> >>> This sounds like it should be trivial. I hope it is trivial. But I >>> would rather have the borg take a look at it before I start to try >>> to download the RB manual and go into my autodidactical mode. Too >>> old for this crap. >>> >>> >>> >>> >>> 76.76.254.48/29 routed to 76.76.252.68 >>> >>> WAN IP: 76.76.252.68 >>> Subnet: 255.255.255.0 >>> Gateway: 76.76.252.1 >>> >>> Routed subnet info: >>> 76.76.254.48/29 >>> subnet mask: 255.255.255.248 >>> available IP's: 76.76.254.49-54 >>> -- >>> AF mailing list >>> [email protected] >>> http://af.afmug.com/mailman/listinfo/af_af.afmug.com >> >> > > -- AF mailing list [email protected] http://af.afmug.com/mailman/listinfo/af_af.afmug.com -- AF mailing list [email protected] http://af.afmug.com/mailman/listinfo/af_af.afmug.com -- AF mailing list [email protected] http://af.afmug.com/mailman/listinfo/af_af.afmug.com -- AF mailing list [email protected] http://af.afmug.com/mailman/listinfo/af_af.afmug.com -- AF mailing list [email protected] http://af.afmug.com/mailman/listinfo/af_af.afmug.com -- AF mailing list [email protected] http://af.afmug.com/mailman/listinfo/af_af.afmug.com
