You’re right, Bill. The filter rules I mentioned are not necessary. I was thinking of the NAT masquerade rule.
From: Af [mailto:af-boun...@afmug.com] On Behalf Of Bill Prince Sent: Wednesday, April 01, 2015 11:01 AM To: af@afmug.com Subject: Re: [AFMUG] accessing router behind canopy NAT If you delete all the rules, then there are no rules. It will accept anything from anywhere & forward them as well. bp <part15sbs{at}gmail{dot}com> On 4/1/2015 10:59 AM, Michael Gawlowski wrote: If you deleted all of your firewall rules then the MT won’t pass any traffic. You still have the 4 accept rules (2 forward and 2 input) in there right? Mike From: Af [mailto:af-boun...@afmug.com] On Behalf Of Kurt Fankhauser Sent: Tuesday, March 31, 2015 11:39 AM To: af@afmug.com<mailto:af@afmug.com> Subject: Re: [AFMUG] accessing router behind canopy NAT no havn't tried different port numbers Kurt Fankhauser Wavelinc Communications P.O. Box 126 Bucyrus, OH 44820 http://www.wavelinc.com<http://www.wavelinc.com/> tel. 419-562-6405 fax. 419-617-0110 On Tue, Mar 31, 2015 at 1:50 PM, Josh Luthman <j...@imaginenetworksllc.com<mailto:j...@imaginenetworksllc.com>> wrote: If it's DMZed I can't imagine why you wouldn't be able to talk to it, have you tried different port numbers on the MT? Josh Luthman Office: 937-552-2340<tel:937-552-2340> Direct: 937-552-2343<tel:937-552-2343> 1100 Wayne St Suite 1337 Troy, OH 45373 On Tue, Mar 31, 2015 at 1:33 PM, Kurt Fankhauser <li...@wavelinc.com<mailto:li...@wavelinc.com>> wrote: I disabled all the firewall rules so nothing should be blocking. Kurt Fankhauser Wavelinc Communications P.O. Box 126 Bucyrus, OH 44820 http://www.wavelinc.com<http://www.wavelinc.com/> tel. 419-562-6405<tel:419-562-6405> fax. 419-617-0110<tel:419-617-0110> On Tue, Mar 31, 2015 at 1:03 PM, Josh Luthman <j...@imaginenetworksllc.com<mailto:j...@imaginenetworksllc.com>> wrote: Uhm... No interfaces at all? Do you have the default config on there blocking it? Josh Luthman Office: 937-552-2340<tel:937-552-2340> Direct: 937-552-2343<tel:937-552-2343> 1100 Wayne St Suite 1337 Troy, OH 45373 On Mar 31, 2015 12:42 PM, "Kurt Fankhauser" <li...@wavelinc.com<mailto:li...@wavelinc.com>> wrote: Which way Josh? With the NAT doing the DMZ trick? I dunno it just doesn't work for some reason. Kurt Fankhauser Wavelinc Communications P.O. Box 126 Bucyrus, OH 44820 http://www.wavelinc.com<http://www.wavelinc.com/> tel. 419-562-6405<tel:419-562-6405> fax. 419-617-0110<tel:419-617-0110> On Tue, Mar 31, 2015 at 12:39 PM, Josh Luthman <j...@imaginenetworksllc.com<mailto:j...@imaginenetworksllc.com>> wrote: Why can't you access MT routers that way? Josh Luthman Office: 937-552-2340<tel:937-552-2340> Direct: 937-552-2343<tel:937-552-2343> 1100 Wayne St Suite 1337 Troy, OH 45373 On Tue, Mar 31, 2015 at 12:36 PM, Kurt Fankhauser <li...@wavelinc.com<mailto:li...@wavelinc.com>> wrote: If you manage the customer router (such as a Mikrotik) do you generally run the SM in NAT or bridged mode? I have been doing NAT on the Canopy SM's with the DMZ trick to the first IP address but when doing that I can't access the Mikrotik routers that way. Kind of wanted to keep the NAT in place because it stops the customer from hooking stuff up wrong and making a mess... But I could do bridged mode on those CPE's.... Kurt Fankhauser Wavelinc Communications P.O. Box 126 Bucyrus, OH 44820 http://www.wavelinc.com<http://www.wavelinc.com/> tel. 419-562-6405<tel:419-562-6405> fax. 419-617-0110<tel:419-617-0110>