Ok. So it probably can't get back to you. Maybe need to source NAT your packets.
Regards Alexander Alexander Neilson Neilson Productions Ltd [email protected] 021 329 681 > On 23/05/2014, at 6:53 pm, Grand Avenue Broadband <[email protected]> > wrote: > > The WiFi box is configured as an AP, not a router, so it doesn't have any > routes. It's just a glorified unmanaged switch with a radio in it. Only the > LAN ports are used. > >> On May 22, 2014, at 10:52 PM, Alexander Neilson <[email protected]> >> wrote: >> >> Does your wifi ap have a route through the gateway / default route? >> >> Also does your wifi ap allow management outside the local subnet? >> >> Unless it has a default gateway it won't know where to send the packets back >> to in order to reach you. >> >> If it doesn't allow management from remote addresses you may need to allow >> "remote management" and a remote range to allow to manage. >> >> In this case dst nat changes the packet destination as you saw but the >> source is still your own IP address so it will be outside the subnet and >> also "remote" >> >> Try check those to and if it's still not working let us know. >> >> Regards >> >> Alexander >> >> Alexander Neilson >> Neilson Productions Ltd >> [email protected] >> 021 329 681 >> >>> On 23/05/2014, at 4:26 pm, Grand Avenue Broadband >>> <[email protected]> wrote: >>> >>> I'm buffaloed by port translation, which is supposedly very simple. >>> >>> I set all my subscribers up with a NATted LAN at 192.168.10.0/24, the >>> router at .1, the DHCP range at .100-.115 or so, and if they have a WiFi >>> router, I hardcode it to .2 and configure it as an access point, no NAT. >>> The CPE (SXT or other) does all the NAT. >>> >>> I want to be able to access the setup screen on each household WiFi AP so I >>> can handle additional classes of problems without driving out. >>> >>> I set up NAT as so (10.2.1.251 is the WAN of the CPE I am testing with): >>> >>> /ip firewall nat >>> add action=dst-nat chain=dstnat dst-address=10.2.1.251 dst-port=8080 >>> protocol=tcp to-addresses=192.168.10.2 to-ports=80 >>> add action=masquerade chain=srcnat out-interface=WLAN to-addresses=0.0.0.0 >>> >>> When I browse to 10.2.1.251:8080 at the NOC, I see the packet come in the >>> WAN, I see it get NATted to 192.168.10.2:80, I see a response come in the >>> ether from the WiFi, and then... nothing. Connection stays at SYN, then >>> dies. >>> >>> I know it's not a firewall issue, because I temporarily bypassed the >>> firewall with unconditional ACCEPT statements for all chains at the top. >>> >>> I have no problems setting up a PPTP VPN on the CPE, logging into it, >>> becoming a member of the LAN, and accessing the WiFi that way, but it burns >>> me that I should be able to make it work the simpler way and I just can't >>> do it. >>> >>> Any ideas? Thanks in advance. >>> _______________________________________________ >>> Mikrotik mailing list >>> [email protected] >>> http://mail.butchevans.com/mailman/listinfo/mikrotik >>> >>> Visit http://blog.butchevans.com/ for tutorials related to Mikrotik RouterOS >> -------------- next part -------------- >> A non-text attachment was scrubbed... >> Name: smime.p7s >> Type: application/pkcs7-signature >> Size: 6151 bytes >> Desc: not available >> URL: >> <http://mail.butchevans.com/pipermail/mikrotik/attachments/20140523/6fcb051c/attachment.bin> >> _______________________________________________ >> Mikrotik mailing list >> [email protected] >> http://mail.butchevans.com/mailman/listinfo/mikrotik >> >> Visit http://blog.butchevans.com/ for tutorials related to Mikrotik RouterOS > > _______________________________________________ > Mikrotik mailing list > [email protected] > http://mail.butchevans.com/mailman/listinfo/mikrotik > > Visit http://blog.butchevans.com/ for tutorials related to Mikrotik RouterOS -------------- next part -------------- A non-text attachment was scrubbed... Name: smime.p7s Type: application/pkcs7-signature Size: 6151 bytes Desc: not available URL: <http://mail.butchevans.com/pipermail/mikrotik/attachments/20140523/337f768c/attachment.bin> _______________________________________________ Mikrotik mailing list [email protected] http://mail.butchevans.com/mailman/listinfo/mikrotik Visit http://blog.butchevans.com/ for tutorials related to Mikrotik RouterOS
