Updated Tuesday 4th August COVID-19 pandemic August update! We will continue to operate as close to normal as possible!
DuxTel Systems (5)
Interface Cards and Adapters (26)
Mikrotik Systems-> (214)
Mimosa Wireless (13)
RouterBOARD (9)
Router Enclosures (12)
Power Supplies & PoE-> (46)
Antennas and Accessories-> (118)
Mikrotik RouterOS (6)
Assembled Kits (3)
Carrier Wireless (1)
Cable and Misc (14)
Hardware and Mounting (23)
Configuration Library (FREE!) (6)
Quick Find
search products
search articles
New Articles
Case Studies
Product Guides (2)
Mikrotik Configuration (18)
Technical (5)
Community News (9)
Q&A (28)
Product Advisory (8)
Policy and Information (11)
Shipping & Returns
Privacy Notice
Conditions of Use
Contact Us
Access "hidden" mikrotik device by Winbox by Mike Everest

Here's the scenario:

  • Mikrotik Router as a hotspot gateway running on the wireless network (the Gateway).
  • A second device is connected by WDS to the gateway used as a network range extender (the Booster).
  • We can connect to the Gateway using winbox by connecting to the public IP address.
  • How to connect to the Booster with Winbox too?

To acheive this task, we will map connections to the Gateway device on port 8292 to the winbox port (8291) on the Booster. The following steps will assume that the Booster is a simple WDS slave with no IP address assigned to any iterface.

STEP 1: Add an DHCP client address to the Booster device on the hotspot cell.

This can be done easily using winbox, but you can't access with winbox, right? Not a problem. We can use the mac-telnet tool from the Gateway device to add the dhcp client on the Booster:

  1. First log in to the Gateway using winbox
  2. Click on the Telnet menu item, and select the MAC Telnet option, and notice that the IP address field now changes to a drop-down select field
  3. If your Booster device doesn't show up in the list, you can type it in manually, then click Connect
  4. Enter the username and password for the Booster, then execute the following command:
  5. /ip dhcp-client add add-default-route=yes comment="" default-route-distance=0 disabled=no interface=<wds-bridge-interface> use-peer-dns=yes use-peer-ntp=yes
  6. Note that you will need to change the interface <wds-bridge-interface> to suit your configuration. If you are not sure what is the name of the right interface, execute:
  7. /interface wireless print
  8. and look for the value of the wds-default-bridge setting.
  9. Now check that there is an ip address
  10. /ip address print
  11. And make a note of the IP address assigned
  12. Try to ping the Gateway
  13. /ping <gateway IP address>
  14. Change (of course) the <gateway IP address> to the actual address of your gateway device. Note that ping time-out is expected, but pinging the gateway will cause the Booster host to be added to the device list under the Gateway hotspot service.

STEP 2: Make the Booster DHCP lease permanent in the Gateway DHCP Server.

  1. Back on the Winbox session to the Gateway, click on the IP menu item, then select DHCP Server
  2. Select the Leases tab, and then click on the entry containing the IP address observed in point 11 of STEP 1 above

STEP 3: Add a bypass rule in the Gateway hotspot for the Booster device.

  1. Still in the Gateway Winbox session, click on IP and then select Hotspot
  2. Select the Hosts, then double click on the entry containing the Booster device. If it is not there, go back to point 12 in STEP 1 above
  3. When the host entry details panel opens, click the button labelled Make Binding
  4. In the New Hotspot Binding dialog, set the Type to Bypassed, then click OK

STEP 4: Create a destination NAT rule to map incoming port 8292 to the Booster on port 8291.

  1. Now click IP in the menu, and choose Firewall
  2. Select the NAT tab, then click the red '+' icon near the top left
  3. On the General tab, enter:
    • Chain: dstnat
    • Dst. Address: <ip address of the gateway> (i.e. the address you are connecting to with the current winbox session)
    • Protocol: tcp
    • Dst. Port: 8292
  4. On the Action tab, enter:
    • Action: dst-nat
    • Dst. Addresses: <ip address of the booster > (i.e. the address from 11 of STEP 1 above)
    • Dst. Port: 8291
  5. Click OK

STEP 5: Connect to the Booster in Winbox.

Now, if everything is set up right, you can now connect to the remote device using winbox by specifying the IP address of the Gateway, and specifying the port defined in 3 of STEP 4 above, using this notation:

<ip address>:<port>

For example, if you connect to the Gateway device on adress, then you will connect to the Booster using

NOTE: Older versions of the Winbox loader do not support this port specification. Always make sure that you have the latest version downloaded from the Mikrotik web site.

You can repeat these steps multiple times if you have several Booster devices inside your hidden network, by simply changing the destination port each time; 8293, 8294, etc.

Need help with your Mikrotik Configuration projects? As an authorised Mikrotik Consultant, we are available to assist on short term or contract basis. Contact us for more info.





Date Added:
Current Comments: 0
Write Review
Tell a friend
Tell a friend about this article:  
Shopping Cart
0 items
Latest News
about 3 days ago
COVID-19 Pandemic August Update: Despite increased economic restrictions in Victoria, DuxTel operations will contin…
more >>
about 7 days ago
We have good stock levels of Wireless Wire Dish from #mikrotik again - full duplex gigabit links over 1km - come an…
more >>
about 23 days ago
At last! The #MikroTik LoRa gateway comes with AU regulatory compliance channel lock pack for all your LPWAN needs!…
more >>
about 29 days ago
CHECK IT OUT! The first #MikroTik LTE6 router for home/office applications! Available now with AU compliance ;)…
more >>
about 01 month ago
Can't get your hands on Wireless Wire Dish and need 100/100M full duplex up to 1500m? Consider the new LHG-60ad Li…
more >>
about 01 month ago
Newly Certified for AU Compliance is the new Gigabit LTE Chateau from #mikrotik - get one today!…
more >>
about 03 months ago
#wehavehorns - our first consignment of ultrahorns and sector horns since corona ave FINALLY arrived! get ‘em while…
more >>
about 03 months ago
GET CERTIFIED - ONLINE: Our first online training program now open for enrollment! -
more >> https://t.co/k25BpHZXhR
about 03 months ago
Our first ONLINE MikroTik Certification Class is now open for confirmed enrollments! Get your entry level MikroTik…
more >>
about 04 months ago
DuxTel News: Q2 2020 - NEW Online Training - new products - covid-19 response -
more >>
Follow our tweets for all the latest news and updates!
MimosaC5: 5GHz CPE for Mimosa p2mp networks
MimosaC5: 5GHz CPE for Mimosa p2mp networks
PS180-T: Proscend VDSL2 SFP Modem (Telco CPE)
While it took more than a month to arrive, it was worth the ..
5 of 5 Stars!

Copyright © 2020 DuxTel Online Store