How to set up a firewall on mikrotik?

S

Stepan2014-05-10 14:54:47

Mikrotik

Stepan, 2014-05-10 14:54:47

/ip firewall nat
add action=masquerade chain=srcnat comment="default configuration" out-interface=ether1-gateway to-addresses=0.0.0.0
add action=netmap chain=dstnat comment=cam1 dst-port=82 protocol=tcp to-addresses=192.168.1.11 to-ports=88
add action=netmap chain=dstnat comment=Cam2 dst-port=83 protocol=tcp to-addresses=192.168.1.12 to-ports=88
add action=netmap chain=dstnat comment=Fibaro dst-port=85 protocol=tcp to-addresses=192.168.1.5 to-ports=80
add action=netmap chain=dstnat comment=dvrmobile dst-port=34599 protocol=tcp to-addresses=192.168.1.175 to-ports=34599
add action=netmap chain=dstnat comment=dvrmobile dst-port=34599 protocol=udp to-addresses=192.168.1.175 to-ports=34599
add action=netmap chain=dstnat comment=dvrmobile dst-port=34567 protocol=tcp to-addresses=192.168.1.175 to-ports=34567
add action=netmap chain=dstnat comment=dvrmobile dst-port=34567 protocol=udp to-addresses=192.168.1.175 to-ports=34567
add action=netmap chain=dstnat comment=dvrmobile dst-port=82 protocol=udp to-addresses=192.168.1.11 to-ports=88
add action=netmap chain=dstnat comment=dvrmobile dst-port=83 protocol=udp to-addresses=192.168.1.12 to-ports=88
add action=netmap chain=dstnat comment=ipcamera dst-port=90 protocol=tcp to-addresses=192.168.1.10 to-ports=82
add action=netmap chain=dstnat comment=cam1 dst-port=80 protocol=udp to-addresses=192.168.1.5 to-ports=80
add action=netmap chain=dstnat comment=dvr dst-port=81 protocol=tcp to-addresses=192.168.1.175 to-ports=81
add action=netmap chain=dstnat comment=dvr dst-port=554 protocol=tcp to-addresses=192.168.1.175 to-ports=554
add action=netmap chain=dstnat comment=dvr dst-port=554 protocol=udp to-addresses=192.168.1.175 to-ports=554
add action=netmap chain=dstnat comment=openwrt dst-port=86 protocol=tcp to-addresses=192.168.1.6 to-ports=80

1. How to make it possible to connect to devices while being in the local network as from an external one?
That is, we threw the 85th port out of the way, we need external_ip: 85 to forward to our device.
2. A strange situation when I put any device on the 80th port.
When you try to open any site, the admin panel of the device opens on port 80. That is, all outgoing traffic on port 80 is forwarded.
3. Raised the VPN server. I'm forwarding the connection to LAN, but I don't see any local devices.
Help me rebuild the config. Thank you in advance.

Reply

Answer the question

In order to leave comments, you need to log in

1 answer(s)

C

Cool Admin, 2014-06-05
@ifaustrue

1. most likely it will work askew, so that it works as you want, there are two options:
a) do a DNS hook, and for the local network give the address of the server right away (if possible), for example mail.youdomain.ru inside the network should resolve to the internal address .
b) make a DMZ and put the server outside through Mikrotik in the right way.
2. Outside, of course, it’s better not to shine Mikrotik, therefore, in the IP - Services settings, set only the local pool of addresses wiki.mikrotik.com/wiki/Manual:IP/Services
3. The point is most likely in the routes, you need to profile the traffic through the torch tool where the packet is lost (at the entrance to the tick, on the rules, or on the return from the client). In general, if anything - write, I will help.