Community discussions

MikroTik App
  4. RouterOS
  5. General

firewall and NAT - filter udp

Post Reply
 
maximt
Frequent Visitor
Frequent Visitor
Topic Author
Posts: 71
Joined: Tue Jul 20, 2010 6:29 am

firewall and NAT - filter udp

Tue Jun 10, 2014 8:58 am

i have router with NAT.
i need filter udp except allowed ports like dns.
i have added to filter->forward chain to "allow my port" rules and "drop all" rule at chain' end.
seems to works fine but whats is it?
Code: Select all
out:ipip, proto UDP, 
10.0.0.6:58366->1.2.3.4:13958, [b]NAT[/b] 
(10.0.0.6:58366->192.168.1.1:58366)->1.2.3.4:13958, prio 0->8, len 48
my rule drop NATing packets?
how to drop udp before NATing, NAT->prerouting will right?
Top
 
nmeastman
just joined
Posts: 10
Joined: Wed Jun 04, 2014 2:12 am

Re: firewall and NAT - filter udp

Thu Jun 12, 2014 7:22 pm

forward processes all packets that go through the router (including NAT).
input processes packets destined for the router specifically.

If you are only trying to limit access to the router's UDP ports, it's best to change your chains to input. That way it's not worrying about any traffic going through the router and only focusing on the ones that are meant for it to handle.

Quick note: MAC Winbox runs on UDP 20561 and Discovery runs on UDP 5678.
Top
Post Reply
  4. RouterOS
  5. General