Page 1 of 1
Firewall\Nat port forward
Posted: Wed May 29, 2019 11:38 am
by SpongeB0B
Hi everyone,
I would like to create a port forwarding (From my external IP (ISP) to my internal network)
I read this page
https://wiki.mikrotik.com/wiki/Manual:I ... figuration
So this bring two questions :
- My Dst adresse is the IP from my ISP who is dynamic, is there any variable that I can put in this field (who contain the current ISP provided IP ?) or any way to do this ?
- what it's the little checkbox in front of the IP
Re: Firewall\Nat port forward
Posted: Wed May 29, 2019 11:46 am
by vilpalu
"what it's the little checkbox in front of the IP"
it means "NOT", so basically you say "not any source"
Re: Firewall\Nat port forward
Posted: Wed May 29, 2019 12:12 pm
by SpongeB0B
Thank you @vilpalu
so 0.0.0.0 by default in ROS many any IP correct ?
But If I let that as □ 0.0.0.0 (unchecked) it mean that all IP incoming dst IP will be accepted. how can I define the current ISP IP ?
Re: Firewall\Nat port forward
Posted: Wed May 29, 2019 5:38 pm
by Sob
Mainly, 172.16.88.67 is not public address. So unless you are sure that ISP gives you one (could be done with NAT 1:1 or something where the real address would be on their router), there will be no port forwarding or any other access from internet to you.
Re: Firewall\Nat port forward
Posted: Wed May 29, 2019 5:53 pm
by anav
On my dstnat (port forwarding rule) I used in-interface-list=WAN (since I have dual wan), if I had a single wan it would have been in-interface=wan.
Note, if you know the limited WANIPs external that need access to your server then you could add them to an address list
and they would be under source-address-list="authorized_server_access"
What is also required is a firewall forward chain rule.
Basically states allow new connections and new-connection-dstnat connections from your wan interface (or wan interface list if dual).