DuxTel Systems (6)
Interface Cards and Adapters (26)
Mikrotik Systems-> (199)
Mimosa Wireless (14)
RouterBOARD (9)
Router Enclosures (11)
Power Supplies & PoE-> (42)
Antennas and Accessories-> (120)
Mikrotik RouterOS (6)
Assembled Kits (3)
Carrier Wireless (1)
Cable and Misc (15)
Hardware and Mounting (30)
Configuration Library (FREE!) (7)
Quick Find
search products
search articles
New Articles
Case Studies
Product Guides (2)
Mikrotik Configuration (18)
Technical (5)
Community News (9)
Q&A (28)
Product Advisory (8)
Policy and Information (9)
Shipping & Returns
Privacy Notice
Conditions of Use
Contact Us
Access "hidden" mikrotik device by Winbox by Mike Everest

Here's the scenario:

  • Mikrotik Router as a hotspot gateway running on the wireless network (the Gateway).
  • A second device is connected by WDS to the gateway used as a network range extender (the Booster).
  • We can connect to the Gateway using winbox by connecting to the public IP address.
  • How to connect to the Booster with Winbox too?

To acheive this task, we will map connections to the Gateway device on port 8292 to the winbox port (8291) on the Booster. The following steps will assume that the Booster is a simple WDS slave with no IP address assigned to any iterface.

STEP 1: Add an DHCP client address to the Booster device on the hotspot cell.

This can be done easily using winbox, but you can't access with winbox, right? Not a problem. We can use the mac-telnet tool from the Gateway device to add the dhcp client on the Booster:

  1. First log in to the Gateway using winbox
  2. Click on the Telnet menu item, and select the MAC Telnet option, and notice that the IP address field now changes to a drop-down select field
  3. If your Booster device doesn't show up in the list, you can type it in manually, then click Connect
  4. Enter the username and password for the Booster, then execute the following command:
  5. /ip dhcp-client add add-default-route=yes comment="" default-route-distance=0 disabled=no interface=<wds-bridge-interface> use-peer-dns=yes use-peer-ntp=yes
  6. Note that you will need to change the interface <wds-bridge-interface> to suit your configuration. If you are not sure what is the name of the right interface, execute:
  7. /interface wireless print
  8. and look for the value of the wds-default-bridge setting.
  9. Now check that there is an ip address
  10. /ip address print
  11. And make a note of the IP address assigned
  12. Try to ping the Gateway
  13. /ping <gateway IP address>
  14. Change (of course) the <gateway IP address> to the actual address of your gateway device. Note that ping time-out is expected, but pinging the gateway will cause the Booster host to be added to the device list under the Gateway hotspot service.

STEP 2: Make the Booster DHCP lease permanent in the Gateway DHCP Server.

  1. Back on the Winbox session to the Gateway, click on the IP menu item, then select DHCP Server
  2. Select the Leases tab, and then click on the entry containing the IP address observed in point 11 of STEP 1 above

STEP 3: Add a bypass rule in the Gateway hotspot for the Booster device.

  1. Still in the Gateway Winbox session, click on IP and then select Hotspot
  2. Select the Hosts, then double click on the entry containing the Booster device. If it is not there, go back to point 12 in STEP 1 above
  3. When the host entry details panel opens, click the button labelled Make Binding
  4. In the New Hotspot Binding dialog, set the Type to Bypassed, then click OK

STEP 4: Create a destination NAT rule to map incoming port 8292 to the Booster on port 8291.

  1. Now click IP in the menu, and choose Firewall
  2. Select the NAT tab, then click the red '+' icon near the top left
  3. On the General tab, enter:
    • Chain: dstnat
    • Dst. Address: <ip address of the gateway> (i.e. the address you are connecting to with the current winbox session)
    • Protocol: tcp
    • Dst. Port: 8292
  4. On the Action tab, enter:
    • Action: dst-nat
    • Dst. Addresses: <ip address of the booster > (i.e. the address from 11 of STEP 1 above)
    • Dst. Port: 8291
  5. Click OK

STEP 5: Connect to the Booster in Winbox.

Now, if everything is set up right, you can now connect to the remote device using winbox by specifying the IP address of the Gateway, and specifying the port defined in 3 of STEP 4 above, using this notation:

<ip address>:<port>

For example, if you connect to the Gateway device on adress, then you will connect to the Booster using

NOTE: Older versions of the Winbox loader do not support this port specification. Always make sure that you have the latest version downloaded from the Mikrotik web site.

You can repeat these steps multiple times if you have several Booster devices inside your hidden network, by simply changing the destination port each time; 8293, 8294, etc.

Need help with your Mikrotik Configuration projects? As an authorised Mikrotik Consultant, we are available to assist on short term or contract basis. Contact us for more info.





Date Added:
Current Comments: 0
Write Review
Tell a friend
Tell a friend about this article:  
Shopping Cart
0 items
Latest News
Follow our tweets for all the latest news and updates!
MimosaB5-Lite: Link Pair of 5GHz 750mbps backhaul radio with 20 dBi antenna
MimosaB5-Lite: Link Pair of 5GHz 750mbps backhaul radio with 20 dBi antenna
RB2011UiAS-2HnD-IN: 2011 RouterBoard with the lot!
I have worked with CISCO and Linux firewalls and routers pro ..
4 of 5 Stars!

Copyright © 2020 DuxTel Online Store