Hi,
I’ve setup a router with quick setup and I’d like to allow the WinBox broadcast messages on the WAN interface, so that the router automatically can be found.
I’ve tried to allow inbound UDP traffic to port 5678, but still the router cannot be found in WinBox. What else do I have to do?
Thanks!
Nope, winbox is not meant to be used on the wan interface.
If you need to access winbox from a remote location use vpn, port knocking etc to access the router and then use winbox to config the router
You would have to make an input rule on port 8291 TCP to allow connection to winbox.
The. Enable IP cloud and use the netname to “find/reach” the router.
But it’s generally considered a good idea to use an ACL or port knocking if you wanna do it that way.
But Zerotier works for this…
I guess @OP is trying to get MNDP working on WAN interface. Which is IMO very stupid idea, but @OP might have a valid reason for doing it (e.g. in block of flats, every flat has its own MT router managed by landlord via WAN interface).
Actually it’s something like this. The WAN interfaces of several routers should be connected to a private LAN to create small, separated networks. So the computers in the separated networks cannot reach each other but the routers can be maintained from the “WAN”.
Of course I could just use static IPs to connect from the “WAN”, but an autodetection can have it’s benefits.
In that case it’s not a true WAN because you’re still in a controlled environment.
Under those circumstances it can be understandable and sometimes even needed to allow access to Winbox from WAN.
Just add a rule in firewall before the first input-drop rule to accept the port where you are using Winbox, don’t change anything else.
Your last line of defense for those devices will then be your account and password 
BTW: MNDP was the right keyword 
For this to work you need:
Of course you also need to allow WinBox traffic to TCP 8291, too.