The WiFi box is configured as an AP, not a router, so it doesn't have any routes. It's just a glorified unmanaged switch with a radio in it. Only the LAN ports are used.
On May 22, 2014, at 10:52 PM, Alexander Neilson <[email protected]> wrote: > Does your wifi ap have a route through the gateway / default route? > > Also does your wifi ap allow management outside the local subnet? > > Unless it has a default gateway it won't know where to send the packets back > to in order to reach you. > > If it doesn't allow management from remote addresses you may need to allow > "remote management" and a remote range to allow to manage. > > In this case dst nat changes the packet destination as you saw but the source > is still your own IP address so it will be outside the subnet and also > "remote" > > Try check those to and if it's still not working let us know. > > Regards > > Alexander > > Alexander Neilson > Neilson Productions Ltd > [email protected] > 021 329 681 > >> On 23/05/2014, at 4:26 pm, Grand Avenue Broadband >> <[email protected]> wrote: >> >> I'm buffaloed by port translation, which is supposedly very simple. >> >> I set all my subscribers up with a NATted LAN at 192.168.10.0/24, the router >> at .1, the DHCP range at .100-.115 or so, and if they have a WiFi router, I >> hardcode it to .2 and configure it as an access point, no NAT. The CPE (SXT >> or other) does all the NAT. >> >> I want to be able to access the setup screen on each household WiFi AP so I >> can handle additional classes of problems without driving out. >> >> I set up NAT as so (10.2.1.251 is the WAN of the CPE I am testing with): >> >> /ip firewall nat >> add action=dst-nat chain=dstnat dst-address=10.2.1.251 dst-port=8080 >> protocol=tcp to-addresses=192.168.10.2 to-ports=80 >> add action=masquerade chain=srcnat out-interface=WLAN to-addresses=0.0.0.0 >> >> When I browse to 10.2.1.251:8080 at the NOC, I see the packet come in the >> WAN, I see it get NATted to 192.168.10.2:80, I see a response come in the >> ether from the WiFi, and then... nothing. Connection stays at SYN, then >> dies. >> >> I know it's not a firewall issue, because I temporarily bypassed the >> firewall with unconditional ACCEPT statements for all chains at the top. >> >> I have no problems setting up a PPTP VPN on the CPE, logging into it, >> becoming a member of the LAN, and accessing the WiFi that way, but it burns >> me that I should be able to make it work the simpler way and I just can't do >> it. >> >> Any ideas? Thanks in advance. >> _______________________________________________ >> Mikrotik mailing list >> [email protected] >> http://mail.butchevans.com/mailman/listinfo/mikrotik >> >> Visit http://blog.butchevans.com/ for tutorials related to Mikrotik RouterOS > -------------- next part -------------- > A non-text attachment was scrubbed... > Name: smime.p7s > Type: application/pkcs7-signature > Size: 6151 bytes > Desc: not available > URL: > <http://mail.butchevans.com/pipermail/mikrotik/attachments/20140523/6fcb051c/attachment.bin> > _______________________________________________ > Mikrotik mailing list > [email protected] > http://mail.butchevans.com/mailman/listinfo/mikrotik > > Visit http://blog.butchevans.com/ for tutorials related to Mikrotik RouterOS _______________________________________________ Mikrotik mailing list [email protected] http://mail.butchevans.com/mailman/listinfo/mikrotik Visit http://blog.butchevans.com/ for tutorials related to Mikrotik RouterOS
