Syed Jahanzaib Personal Blog to Share Knowledge !

December 18, 2015

Howto access DSL modem panel via Mikrotik with PCC in place

Filed under: Mikrotik Related — Tags: , — Syed Jahanzaib / Pinochio~:) @ 11:29 AM



If you have PCC configured in the Mikrotik , then access to modem page may not work. You may need to bypass / exempt them from the PCC rule-set in order to make it accessible. Following is short guide on this subject.


# Scenario:

Mikrotik WAN Interface IP =
[configured in Mikrotik, connected with the Modem LAN Interface]

Modem LAN IP Interface IP =
[configured in Modem, connected with the Mikrotik WAN interface]
[as showed in the image below]

# Step – 1

First configure IP address in the modem LAN so it can be accessed by Mikrotik.

As showed in the image below …

1- lan

Once it is configured and modem IP is reachable from Mikrotik itself, continue below …

# Step – 2 / How to access DSL Modem with PCC in place!

Open terminal, and issue following commands, Just make sure to change the ip to match your modem ip. You can add IP range, or create multiple address list with same name if you multiple modems. Also make sure to move these rules above any other rule.

/ip firewall address-list
add address= list=bypassed_from_pcc

# Move these rules on TOP in mangle section, before any other rule
/ip firewall mangle
add action=accept chain=prerouting comment="ACCEPT TRAFFIC FOR PCC Exempted HOSTS like Modem or Sharing server attached with the mikrotik" dst-address-list=bypassed_from_pcc

# Move these rules on TOP in nat section, before any other rule
/ip firewall nat
add action=masquerade chain=srcnat comment="Allow access TO bypassed_from_pcc hosts" dst-address-list=bypassed_from_pcc

Now from client end, PING the modem , & then access the modem page from any browser using

# Allow access to Modem Page from the Internet for remote management using port forwarding [Old Reference]

Addrules in Mikrotik NAT section, and move them on TOP

/ip firewall nat
add action=masquerade chain=srcnat comment="Masquerade request going to access DSL Panel/zaib" dst-address=
add action=dst-nat chain=dstnat comment="Route vdsl modem panel request from internet to local modem - dst-port 1234 to port 80 of modem/zaib" dst-port=1234 in-interface=pppoe-out1 protocol=tcp to-addresses= to-ports=80

Now you can access modem panel from the internet by

#or from LAN

Note: You can create ACL to restrict access from / to or ports.

Syed Jahanzaib

%d bloggers like this: