Thread Rating:
  • 0 Vote(s) - 0 Average
  • 1
  • 2
  • 3
  • 4
  • 5
Mikrotik Chateau 5G / Unable to hold N3/N78 bands RG502Q-EA
#41
After a few hours of trying all sorts of configurations, I finally got Winbox working over port forwarding, but with limitations.  From what I can tell, Winbox will only work from a non LAN IP address when the connection comes from a port configured as the default gateway.  Basically this means that the LAN port your LHG is attached to must be configured as the main Internet connection port.  

The problem I've run into is that when I had Winbox working over port forwarding, I had no Internet connection, so have undone the configuration and will try to see if I can get both working simultaneously.

I'm surprised MikroTik Support didn't give you some sort of guide to follow to temporarily give them remote access, especially with the lack of such instructions on their forum.
Reply
#42
Yeah I was expecting him to give me something but all he said was we need remote access and that's it Big Grin , thanks for trying that, hopefully all this might get it fixed
Reply
#43
Here's the steps that I can confirm work for me:
  1. Connect the LHG router's Ethernet cable directly to your PC
  2. On the Winbox logon window, go into the Neighbors tab
  3. Double-click the MAC Address entry, then enter its username/password and Connect
  4. Go into the IP menu -> DHCP Server
  5. Click defconf entry and click the red 'X' to disable it (if not already disabled from earlier)
  6. Go into the Interfaces menu, then into the LTE tab
  7. Click the "LTE APNs" button
  8. Double-click the "3internet" APN entry
  9. Set the "Passthrough Interface" drop-down to "Bridge", then click 'OK'
  10. Disconnect the LHG router Ethernet cable and leave it unplugged for now
  11. Connect your PC to the Chateau 5G
  12. Using Winbox, connect to your Chateau 5G
  13. Go into the Bridge menu
  14. Click the Ethernet port # that you intend attaching the LTH router to, then click the red 'X' to disable it
  15. Connect the LHG router's Ethernet cable to that port #
  16. Go into the Interfaces menu, then into the "Interface List" tab
  17. Click '+' to add a new entry
  18. For the list dropdown, choose 'WAN'
  19. For the Interface dropdown, choose the Ethernet port your LTH router is attached to, then click OK
  20. Go into the IP menu -> DHCP Client
  21. Click '+' to add a new client
  22. In the Interface drop-down, select the Ethernet port your LTH is attached to
  23. Click 'OK'.  You should now see the public IP address from the LHG appear below
  24. Go into IP menu -> Firewall, then into the "Filter Rules" tab
  25. Double-click the "Winbox remote" line (added earlier from post #34)
  26. For the "In Interface" drop-down, select the Ethernet port your LTH is attached to
  27. Click 'OK'
  28. Repeat steps 25-27, but for the "SSH remote" line
  29. Repeat steps 25-27, but for the "Debug remote" line

If all goes well, you should now be able to connect to Winbox remotely such as via the 48 or Eir network.

As your Internet connection will be passing out through the LHG from the Chateau 5G, your Internet speed will be limited by how well the LHG performs, the same as using the LHG directly. 

If you need to temporarily use the Internet via the Chateau's SIM, just unplug the LHG Ethernet cable.  It will automatically route out through the internal modem.  Reattach the cable to route the Internet back through the LHG again. 

To later undo the configuration:
  1. Follow steps 1-9 above, but click the enable button for step 5 and choose "None" for step 9. 
  2. If the LHG's IP address is still 192.168.88.5/24 from earlier, change it back to 192.168.88.1/24 (IP menu -> Addresses)
  3. Connect your PC to the Chateau 5G
  4. Using Winbox, connect to your Chateau 5G
  5. Go into the IP menu -> DHCP Client
  6. Click the DHCP entry added earlier, then click the red '-' to remove it
  7. Go into the Interfaces menu, then into the "Interface List" tab
  8. lick the Ethernet port # that the LTH router was attached to, then click the red '-' to remove it
  9. Go into the Bridge menu
  10. Click the Ethernet port # that the LTH router was attached to, then click the tick button enable it
  11. Go into the IP menu -> Firewall -> Firewalls tab, then disable (or delete) the Winbox/SSH/Debug entries
Reply
#44
Everything is fine all the way up until pass through interface in the apn bit, I don';t get a bridge option , only a ether1 option with mac address drop down after that. I wonder can the LHG6 do it?  Im using the LHG 4 for this. 

Nevermind I just clicked auto (didnt think I could do that) and it shows the IP now ,hopefully it works Big Grin thanks again , still refuses connection via phone though
Reply
#45
I didn't realise the LHG doesn't have a bridge preconfigured. I'm surprised it has "Auto" as the Chateau doesn't have this in the dropdown. Smile In this case, try choosing ether1 and leave the Mac address and Passthr Subnet fields unchanged.

If the DHCP Client menu on the Chateau 5G is showing the public IP address from the LHG, the LHG is configured properly here.

Check also that the public IP address from the LHG appears when you Google "my ip address". If it does not, then go into the Chateau 5G Winbox, go into the IP menu -> DHCP client. Double-click the entry showing the public IP address. In the DHCP tab, check that "Add Default Route" is set to "Yes". In the "Advanced" tab, the "Default Route Distance" field should be "1".
Reply
#46
Finally got a not so useful answer from Three, telling us what we already know. Even though it doesn't account for why the N3 doesn't work.

"So, they've investigated all the info that you've shared with us and their conclusion is that the A22 must have increased sensitivity above average devices available as they wouldn't be expecting you to receive the 5G coverage at your address due to cell range limitations. At the moment the site is optimised as much as possible, you know yourself we're always rolling out new upgrades though so who knows what could change in the future. I'm sorry the answer isn't one you were hoping for I'm sure"
Reply
#47
Got an answer finally, happened to have it unplugged at the time so it didn't work but he said this... seems similar but wants it setup with it routed through the IP he gave. I'm not sure how to do it as he just linked me the wiki.

Hello,

You should connect the Router with R11e-4G modem over ethernet/wifi to the Chateau 5G and then set up port forward on the R11e-4G router:
https://wiki.mikrotik.com/wiki/Manual:IP...forwarding

Make sure to set a route on the Chateau 5G to route the traffic to (xxx.xxx.xxx/24) IP he provided) over the R11e-4G connection.

Regards,
Reply
#48
If you would like to try the original port forwarding method again, first reset the LHG's APN LTE Passthrough back to "none" (Interfaces menu -> LTE tab -> LTE APNs -> 3Internet), then follow the steps back on post 11 to set up port forwarding on the LHG. The port forwarding Wiki just explains the command line alternative to Winbox.

For the IP route, type the following in the Chateau 5G Winbox Terminal:
ip route add dst-address=xxx.xxx.xxx.0/24 gateway=192.168.88.5

Replace xxx.xxx.xxx with the IP they provided.

Technically this should work, although only they can test it as anything outside their IP route will get a connection refused.

That's a pity about Three just putting the n3 issue down to the A22's modem sensitivity.
Reply
#49
That command made the mikrotik site not work on the chateau Big Grin but was still having the same issue.
In the tab in the dhcp client, it shows the chateaus IP instead of the LHG for some reason. swapped to the LHG 6 and same issue, cant get it to ping now. Trying to figure it out so they can finally remote in but been struggling to get it to work.
Reply
#50
With the IP route command and port forwarding they recommended, you would get a 192.168.88.x IP in the DHCP client. Only they would be able to connect via Winbox, so you would get a connection refused due to your phone's public IP not being in their IP route subnet. You could try running that above "ip route" command, but with the public IP your phone shows when you Google "my ip address" on your phone followed by '/32', e.g.:
ip route add dst-address=xxx.xxx.xxx.xxx/32 gateway=192.168.88.5

I didn't realise it would break the MikroTik site. I wonder if their website's IP addresses (159.148.147.196 and 159.148.147.239) are in that IP route subnet. In this case, you would need to make the following change on the LHG Winbox, which should re-enable access to the website:
  1. Attach the LHG to your PC, then connect to it with Winbox
  2. Go into the IP menu -> DHCP Server.
  3. Go into the Network tab.
  4. Double-click the 192.168.88.0/24"entry.
  5. Change the Gateway field to: 192.168.88.5
  6. Change the DNS Servers field to: 192.168.88.5
  7. Click 'OK', then re-attach the LHG to the Chateau.
Reply
#51
Thanks for that, I got a reply back . gave them a supout of both devices so this is what he said. Does this mean I need a public IP on chateau too?

Hello,

You do not need to use passtrough for this. You are setting up port forward on the LHG. If you set up passtrough, then the IP address is bridged to the chateau and the firewall logic set up on lhg is not in use.

All you need to do is connect the LHG to the chateau ether port. You can also just add the (/ip firewall filter add place-before=0 action=accept chain=input src-address=xxx.xxx.xxx.x/24) on the LHG and give me the login details and I can configure the rest

On chateau open firewall access for our network:
/ip firewall filter add place-before=0 action=accept chain=input src-address=xxx.xxx.xxx.x/24

Add a route to on the chateau to route the xxx.xxx.xxx.x/24 traffic back trough the LHG:
/ip route add dst-address=xxx.xxx.xxx.x/24 gateway=192.168.88.5

These rules can all be removed on the chateau:
10 ;;; winbox remote

chain=input action=accept protocol=tcp in-interface=ether5

dst-port=8291 log=no log-prefix=""

11 ;;; ssh remote

chain=input action=accept protocol=tcp in-interface=ether5 dst-port=22

log=no log-prefix=""

12 ;;; debug remote

chain=input action=accept protocol=tcp in-interface=ether5

dst-port=9000 log=no log-prefix=""

Regards,
Reply
#52
It's just the LHG they need the public IP address on.

Going by what they said, your LHG appears still appears to have LTE passthrough enabled, which needs to be removed. I.e. In the LHG Winbox, go into the Interfaces menu -> LTE tab, click the "LTE APNs" button, double-click the "3internet" entry, change the "Passthrough interface" drop-down to 'None'.

Then run the "/ip firewall filter..." command he mentioned on both the LHG and Chateau.

As that "/ip firewall filter" gives their IP subnet full access, he mention those winbox/ssh/debug remote firewall rules can be removed from the Chateau.
Reply


Forum Jump:


Users browsing this thread: 1 Guest(s)