Syed Jahanzaib – Personal Blog to Share Knowledge !

December 18, 2015

Howto access DSL modem panel via Mikrotik with PCC in place

Filed under: Mikrotik Related — Tags: , — Syed Jahanzaib / Pinochio~:) @ 11:29 AM

bridge

 

If you have PCC configured in the Mikrotik , then access to modem page may not work. You may need to bypass / exempt them from the PCC rule-set in order to make it accessible. Following is short guide on this subject.

 

# Scenario:

Mikrotik WAN Interface IP = 192.168.2.10
[configured in Mikrotik, connected with the Modem LAN Interface]

Modem LAN IP Interface IP = 192.168.2.1
[configured in Modem, connected with the Mikrotik WAN interface]
[as showed in the image below]

# Step – 1

First configure IP address in the modem LAN so it can be accessed by Mikrotik.

As showed in the image below …

1- lan

Once it is configured and modem IP is reachable from Mikrotik itself, continue below …

# Step – 2 / How to access DSL Modem with PCC in place!

Open terminal, and issue following commands, Just make sure to change the ip 192.168.2.1 to match your modem ip. You can add IP range, or create multiple address list with same name if you multiple modems. Also make sure to move these rules above any other rule.

/ip firewall address-list
add address=192.168.2.1 list=bypassed_from_pcc

# Move these rules on TOP in mangle section, before any other rule
/ip firewall mangle
add action=accept chain=prerouting comment="ACCEPT TRAFFIC FOR PCC Exempted HOSTS like Modem or Sharing server attached with the mikrotik" dst-address-list=bypassed_from_pcc

# Move these rules on TOP in nat section, before any other rule
/ip firewall nat
add action=masquerade chain=srcnat comment="Allow access TO bypassed_from_pcc hosts" dst-address-list=bypassed_from_pcc

Now from client end, PING the modem , & then access the modem page from any browser using 192.168.2.1

# Allow access to Modem Page from the Internet for remote management using port forwarding [Old Reference]

Addrules in Mikrotik NAT section, and move them on TOP

/ip firewall nat
add action=masquerade chain=srcnat comment="Masquerade request going to access DSL Panel/zaib" dst-address=192.168.2.1
add action=dst-nat chain=dstnat comment="Route vdsl modem panel request from internet to local modem - dst-port 1234 to port 80 of modem/zaib" dst-port=1234 in-interface=pppoe-out1 protocol=tcp to-addresses=192.168.2.1 to-ports=80

Now you can access modem panel from the internet by

http://your_wan_ip_or_host:1234
#or from LAN
http://your_modem_local_ip

Note: You can create ACL to restrict access from / to or ports.

Regard’s
Syed Jahanzaib

5 Comments »

  1. What is this ip 192.168.20.10 in the Masquerade rule ?

    Like

    Comment by booyzen — December 20, 2015 @ 6:10 PM

    Reply

    • post updated. 2.10 is the ip address configured in mikrotik wan interface (connected with dsl modem)

      Like

      Comment by Syed Jahanzaib / Pinochio~:) — December 21, 2015 @ 7:21 PM

      Reply

      • Sir……we can’t understand dsl modem page is not open
        on this method….plz update post
        how to configured this ip “192.168.2.10” in MT wan interface?
        ALLAH aap ko JAZA E KHAIR dey…..!

        Like

        Comment by Salman — December 21, 2015 @ 11:43 PM

  2. Sir……its not working
    in which ip of vdsl modem in nat rule
    ALLAH aap ko JAZA E KAIR dey

    Like

    Comment by Salman — December 20, 2015 @ 10:04 PM

    Reply

  3. Nice article, mate! Would appreciate an article on how to configure the bridged modem and mikrotik router to allow the modem to send logs to internal (LAN) syslog server (if that is possible). Cheers!

    Like

    Comment by Cos — January 21, 2016 @ 8:20 PM

    Reply

RSS feed for comments on this post. TrackBack URI

Leave a comment