Community discussions

MikroTik App
  4. RouterOS
  5. Beginner Basics

Filter port forwarding

Locked
 
Cynrik
just joined
Topic Author
Posts: 15
Joined: Thu Apr 28, 2016 2:48 pm

Filter port forwarding

Fri Oct 20, 2017 5:44 pm

Hi,

there are some ports forwared (dst-nat) from Internet to an internal server.
How can i only allow specific ip address ranges to connect to the internal server from Internet?

For example only devices from IP address ranges 90.111.222.0/24 and 90.200.100.0/24 should be able to connect to the internal Web Server on port tcp 80?

Regards
Top
 
MLubbe
newbie
Posts: 32
Joined: Fri Mar 18, 2016 7:40 pm

Re: Filter port forwarding

Sat Oct 21, 2017 3:24 am

Hi Cynrik,

The easiest way to do this is to make use of an Address-List, and then dst-nat the traffic inbound from that address list.

Modify the below script as you require.
Code: Select all
/ip firewall address-list
add address=90.111.222.0/24 list=Allowed
add address=90.200.100.0/24 list=Allowed
/ip firewall nat
add action=dst-nat chain=dstnat comment="Port Forward" src-address-list="Allowed" dst-port=80 in-interface=ether1 protocol=tcp to-addresses=192.168.1.200
Top
 
User avatar
lbachero
newbie
Posts: 38
Joined: Wed Oct 08, 2014 4:39 pm
Location: Dublin
Contact:
Contact lbachero

Re: Filter port forwarding

Sat Oct 21, 2017 7:36 pm

Code: Select all
/ip firewall address-list
add address=90.111.222.0/24 list=Allowed
add address=90.200.100.0/24 list=Allowed
/ip firewall nat
add action=dst-nat chain=dstnat comment="Port Forward" src-address-list="Allowed" dst-port=80 in-interface=ether1 protocol=tcp to-addresses=192.168.1.200

Just remember to change the service port of router! ;)
Code: Select all
 /ip service set port=8080 www
Top
Locked

Who is online

Users browsing this forum: No registered users and 22 guests
  4. RouterOS
  5. Beginner Basics