[Mikrotik] src-nat fail?

Fri, 24 Jan 2014 16:44:50 -0800 

Can someone point out what I did wrong? Long week and I am tired.

I only want to allow access to a switch sitting on the lan side of the
Mikrotik from defined networks (via wan interface of MT on port 8443) .
Right now anyone can get to it.

/ip firewall filter
add action=accept chain=input comment="default configuration" disabled=no
protocol=icmp
add action=accept chain=input comment="default configuration"
connection-state=established disabled=no
add action=accept chain=input comment="default configuration"
connection-state=related disabled=no
add action=accept chain=input comment="Allow Management from MNS"
disabled=no dst-port=161 protocol=udp src-address=\
    10.94.64.16/29
add action=accept chain=input disabled=no dst-port=22,80,443,8291
protocol=tcp src-address=10.94.64.16/29
add action=accept chain=input disabled=no dst-port=22,80,443,8291
protocol=tcp src-address=68.106.72.0/26
add action=accept chain=input disabled=no dst-port=22,80,443,8291
protocol=tcp src-address=68.106.76.203
add action=accept chain=input disabled=no dst-port=22,80,443,8291
protocol=tcp src-address=68.167.154.0/24
add action=accept chain=input disabled=no dst-port=22,80,443,8291,8443
protocol=tcp src-address=162.93.0.0/16
add action=accept chain=input disabled=no dst-port=22,80,443,8291,8443
protocol=tcp src-address=216.231.198.0/24
add action=accept chain=input disabled=no dst-port=22,80,443,8291
protocol=tcp src-address=216.231.207.0/24
add action=accept chain=input comment=\
    "Used for VoIP Phone TS with Access Line VoIP provider. Must Be
DISABLED at ALL times unless TS." disabled=yes dst-port=\
    80,443 protocol=tcp
add action=drop chain=input comment="default configuration" disabled=no
in-interface=ether1-gateway-static
/ip firewall nat
add action=accept chain=srcnat disabled=no
dst-address=10.94.64.16/29src-address=
192.168.225.0/24
add action=dst-nat chain=dstnat comment=\
    "Used for VoIP Phone TS with Access Line VoIP provider. Must Be
DISABLED at ALL times unless TS." disabled=yes dst-port=\
    80,443 protocol=tcp src-port="" to-addresses=192.168.115.252
to-ports=443
add action=dst-nat chain=dstnat comment="Netgear GS110TP switch access"
disabled=no dst-port=8443 protocol=tcp to-addresses=\
    192.168.225.2 to-ports=80
add action=masquerade chain=srcnat comment="default configuration"
disabled=no out-interface=ether1-gateway-static src-address=\
    192.168.225.0/24 to-addresses=0.0.0.0

Thanks,


*Jerry Roy*
-------------- next part --------------
An HTML attachment was scrubbed...
URL: 
<http://mail.butchevans.com/pipermail/mikrotik/attachments/20140124/a2d2421c/attachment.html>
_______________________________________________
Mikrotik mailing list
[email protected]
http://mail.butchevans.com/mailman/listinfo/mikrotik

Visit http://blog.butchevans.com/ for tutorials related to Mikrotik RouterOS

Reply via email to