MikroTik

Community discussions
https://forum.mikrotik.com/

firewall and NAT - filter udp

https://forum.mikrotik.com/viewtopic.php?t=85892

Page 1 of 1

firewall and NAT - filter udp

Posted: Tue Jun 10, 2014 8:58 am
by maximt
i have router with NAT.
i need filter udp except allowed ports like dns.
i have added to filter->forward chain to "allow my port" rules and "drop all" rule at chain' end.
seems to works fine but whats is it?
Code: Select all
out:ipip, proto UDP, 
10.0.0.6:58366->1.2.3.4:13958, [b]NAT[/b] 
(10.0.0.6:58366->192.168.1.1:58366)->1.2.3.4:13958, prio 0->8, len 48
my rule drop NATing packets?
how to drop udp before NATing, NAT->prerouting will right?

Re: firewall and NAT - filter udp

Posted: Thu Jun 12, 2014 7:22 pm
by nmeastman
forward processes all packets that go through the router (including NAT).
input processes packets destined for the router specifically.

If you are only trying to limit access to the router's UDP ports, it's best to change your chains to input. That way it's not worrying about any traffic going through the router and only focusing on the ones that are meant for it to handle.

Quick note: MAC Winbox runs on UDP 20561 and Discovery runs on UDP 5678.
All times are UTC+02:00
Page 1 of 1
Powered by phpBB® Forum Software © phpBB Limited
https://www.phpbb.com/