Thanks I just ready up INPUT and OUTPUT chain. Let’s ignore the existing rule for now and ignore the security risks, I am just trying to learn new materials:) So for input chain I am trying to access winbox remotely via Example 1234.sn.mynetname.net from two places 1) outside local network 2) within...
Generally you can allow or deny acess to some service (in your case winbox) using in-interface just fine. On the other hand you can not dissect behaviour of a pair of rules without knowing the context (i.e. the rest of firewall rules) which might change the story. BTW, without knowing the context ....
I want be be able to access winbox in following ways: 1) Remotely 2) From within VLAN 10 So I add the following rules to filter /ip firewall filter add action=accept chain=input disabled=no dst-port=8291 in-interface=pppoe-out protocol=tcp /ip firewall filter add action=drop chain=input disabled=no ...
Hi sorry for being unclear. I am just confuse on what the relative direction when it says dst-port. The packet going out from my PC will have dst-port to server. The packet coming in to my PC will have dst-port for my PC. So what direction does mangle rule care about?
From https://wiki.mikrotik.com/wiki/Manual:PCC Policy routing / ip firewall mangle add chain=prerouting dst-address=10.111.0.0/24 action=accept in-interface=LAN add chain=prerouting dst-address=10.112.0.0/24 action=accept in-interface=LAN With policy routing it is possible to force all traffic to th...
Is it destination port to MY PC? Or destination port from my PC to other server? I think it is destination port to Server. But this confuses me. For example this rule /ip firewall mangle add chain=prerouting dst-address=10.111.0.0/24 action=accept in-interface=LAN[ It is trying to match packet that ...
I read probably all the threads about this and still cannot figure out how to redirect. I use hotspot setup, follow many youtube, forum videos and it will not redirect. Many are having problem with not redirecting HTTPS website but I can't even redirect HTTP website. It is probably firewall issue, b...