Who should? Can you allow a couple or are you trying to block a few? Josh Luthman Office: 937-552-2340 Direct: 937-552-2343 1100 Wayne St Suite 1337 Troy, OH 45373 On Jan 24, 2014 7:43 PM, "Jerry Roy" <[email protected]> wrote:
> Can someone point out what I did wrong? Long week and I am tired. > > I only want to allow access to a switch sitting on the lan side of the > Mikrotik from defined networks (via wan interface of MT on port 8443) . > Right now anyone can get to it. > > /ip firewall filter > add action=accept chain=input comment="default configuration" disabled=no > protocol=icmp > add action=accept chain=input comment="default configuration" > connection-state=established disabled=no > add action=accept chain=input comment="default configuration" > connection-state=related disabled=no > add action=accept chain=input comment="Allow Management from MNS" > disabled=no dst-port=161 protocol=udp src-address=\ > 10.94.64.16/29 > add action=accept chain=input disabled=no dst-port=22,80,443,8291 > protocol=tcp src-address=10.94.64.16/29 > add action=accept chain=input disabled=no dst-port=22,80,443,8291 > protocol=tcp src-address=68.106.72.0/26 > add action=accept chain=input disabled=no dst-port=22,80,443,8291 > protocol=tcp src-address=68.106.76.203 > add action=accept chain=input disabled=no dst-port=22,80,443,8291 > protocol=tcp src-address=68.167.154.0/24 > add action=accept chain=input disabled=no dst-port=22,80,443,8291,8443 > protocol=tcp src-address=162.93.0.0/16 > add action=accept chain=input disabled=no dst-port=22,80,443,8291,8443 > protocol=tcp src-address=216.231.198.0/24 > add action=accept chain=input disabled=no dst-port=22,80,443,8291 > protocol=tcp src-address=216.231.207.0/24 > add action=accept chain=input comment=\ > "Used for VoIP Phone TS with Access Line VoIP provider. Must Be > DISABLED at ALL times unless TS." disabled=yes dst-port=\ > 80,443 protocol=tcp > add action=drop chain=input comment="default configuration" disabled=no > in-interface=ether1-gateway-static > /ip firewall nat > add action=accept chain=srcnat disabled=no > dst-address=10.94.64.16/29src-address= > 192.168.225.0/24 > add action=dst-nat chain=dstnat comment=\ > "Used for VoIP Phone TS with Access Line VoIP provider. Must Be > DISABLED at ALL times unless TS." disabled=yes dst-port=\ > 80,443 protocol=tcp src-port="" to-addresses=192.168.115.252 > to-ports=443 > add action=dst-nat chain=dstnat comment="Netgear GS110TP switch access" > disabled=no dst-port=8443 protocol=tcp to-addresses=\ > 192.168.225.2 to-ports=80 > add action=masquerade chain=srcnat comment="default configuration" > disabled=no out-interface=ether1-gateway-static src-address=\ > 192.168.225.0/24 to-addresses=0.0.0.0 > > Thanks, > > > *Jerry Roy* > -------------- next part -------------- > An HTML attachment was scrubbed... > URL: < > http://mail.butchevans.com/pipermail/mikrotik/attachments/20140124/a2d2421c/attachment.html > > > _______________________________________________ > Mikrotik mailing list > [email protected] > http://mail.butchevans.com/mailman/listinfo/mikrotik > > Visit http://blog.butchevans.com/ for tutorials related to Mikrotik > RouterOS > -------------- next part -------------- An HTML attachment was scrubbed... URL: <http://mail.butchevans.com/pipermail/mikrotik/attachments/20140124/dc641ffa/attachment.html> _______________________________________________ Mikrotik mailing list [email protected] http://mail.butchevans.com/mailman/listinfo/mikrotik Visit http://blog.butchevans.com/ for tutorials related to Mikrotik RouterOS
