Is Filter Rules needed after Filter Nat??

P

Pan Propan2015-08-14 15:21:26

Mikrotik

Pan Propan, 2015-08-14 15:21:26

In ip->nat I made forwarding from the external network
dstnat
protocol-tcp
dst. port - 3030
action - netmap
to adress - 192.168.10.30
to ports - 8080
Everything works as it should, do I need to add additional filters in Rules for security reasons??

Reply

Answer the question

In order to leave comments, you need to log in

3 answer(s)

R

Ruslan Fedoseev, 2015-08-14
@martin74ua

there are no filters in nat. There are redirection rules
www.opennet.ru/docs/RUS/iptables - read how iptables works. Although the old version - the principles remain the same
Well, mikrotik in this place is just a wrapper over iptables;)

A

akelsey, 2015-08-14
@akelsey

The general practice is not to use filtering in the NAT chain, but Mikrotik allows this.
In your case, everyone is allowed to connect to the port, you either restrict it in NAT or in Filter Rules - do filtering in the Forward chain, because Input is filtering traffic to the router, use Forward to filter NAT.

B

bukass, 2015-08-14
@bukass

If you made forwarding in prerouting, it will not get into the filter. No need.