Categories

JavaScriptPHPHTMLCssPythonWordPressWeb developmentLinuxMySQLAndroidWindowsJavaC++ / C#LayoutReactUbuntuYiiDjangoProgramming1C-BitrixLaravelSystem administrationTelegramJSONDebianPostgreSQLIOSGoogleHtaccessWindows ServerGitMacOSGoogle ChromeCMSWooСommerceBootstrapNginxSQLUnityAPI
Make a leaderReport
S
S
Semyon Sviridov2016-04-22 18:03:25
Mikrotik
Semyon Sviridov, 2016-04-22 18:03:25

How to forward Mikrotik ports for remote desktop connection?

Good afternoon.
The task is to access a remote desktop on a client machine that is behind two Mikrotik routers.
One of them acts as an l2tp server, the second is a client.
What was done:
1. a client-server tunnel connection was configured
2. a route to the local network was registered behind the 2nd client microtic
3. ports were forwarded on 2 routers 3389 and 3390 for rdp.
The remote machine "win10 Client" successfully pings from the "MacOS Client". When trying to connect remotely - an error about the impossibility of connecting to a remote computer, because it is not connected to the Internet.
I see that some packets leave and fall into the created forwarding rules on both mikrotiks. I think that the problem is that the path in one direction works, but in the opposite direction it does not. Below is a diagram and a list of rules created. Thanks in advance.
98413ec99b904093bc08ae269e628a18.pngForwarding on the server
chain=dstnat action=netmap to-addresses=192.168.7.250 protocol=tcp
dst-address=192.168.88.9 port=3389-3390 log=no log-prefix=""
Route on the server
dst-address=192.168.88.9 /32 gateway=192.168.7.250
gateway-status=192.168.7.250 reachable distance=1 scope=30
target-scope=10
Forwarding on l2tp client
chain=dstnat action=netmap to-addresses=192.168.88.9 protocol=tcp
dst-address=192.168.7.250 port=3389-3390 log=no log-prefix=""

Reply
Answer the question

Answer the question

In order to leave comments, you need to log in

2 answer(s)
Report
K
Kirill Vasiliev, 2016-04-23
@pincher2006

Since you have the same networks in the destinations, this cannot be done without changing the address.
you will need to replace the whole network with same and netmap
where same is src-nat for the network (not for IP but for the whole network)
and netmap is dst-nat for the network (not for IP but for the whole network)
it will look like this
the client knocks on 192.168.89.NNN/24 - where NNN is the last octet of your
client's server address, the address is replaced by the address 192.168.90.NNN/24 - where NNN is the last octet of your client's address,
respectively, the server is accessing the network 192.168.90.0/24 and the client is 192.168 .89.0/24
was going to write an article on this topic on Habr

Report
A
alegzz, 2016-04-22
@alegzz

1. The route on the server is useless, hosts on the same network do not go through the gateway
2. Is masquerading enabled?
3.probros on the curve server, see n1

Similar questions
I
Igor2016-09-18 22:44:33
Radio broadcasting (radiation) after turning off the wi-fi interface of MikroTik? 1Reply
N
nuuser2016-09-20 21:58:49
Internet reservation on two Mikrotik, IPSEC tunnel. How? 0Reply
N
NEZZ02016-09-23 19:25:28
How to set up a microtik router by spf connection? 2Reply
C
CyberSlav90002020-11-20 17:46:42
Are there specific links to setting up an NTP server for a mikrotik hap lite router? 2Reply
R
ruskella2016-09-25 12:54:37
How to forward a port in MikroTiK using multiple providers? 3Reply

Didn't find what you were looking for?

Ask your question

Ask a Question

731 491 924 answers to any question