Guys, this was killing me to understand properly so help me to avoid jumping from the bridge…
One of my coleagues asked me to “just open ports” on our mtik 750…in firewall.
I did it with this:
/ip firewall filter add action=accept chain=forward src-address=192.168.10.0/24 protocol=tcp dst-port=80,443
So, my main question here is…dont laugh, ok? If i do dst NAT, its for users from OUTSIDE to connect to forwarded ports, like servers etc…but if i do this throug firewall, its for user INSIDE to get out throught these ports i opened?
Can i do it with NAT or no? If yes, where is the difference?
Tnx in advance guys!
So you need to forward ports - it is done in the Ip firewall nat
Example:
/ip firewall nat
add action=dst-nat chain=dstnat in-interface=public dst-port=3389,5900,5800 protocol=tcp to-addresses=192.168.1.1
This rule will redirect all Remote desktop and VNC connections from internet to local host 192.168.1.1
NAT in RouterOS is bidirectional - If you have dst-nat rule for some specific connection, returning packets will be automatically returned to original state, so you do not need to worry about that.
If connection is initialized from the inside it will not trigger this dst-nat rule, so your local clients are safe
Tnx for reply mate!
I just wondering in which way this go. I understand the whole port forwarding thing, but i just want to understand the direction of data flow in this case. DST NAT-outside to inside ports,Firewall chains-inside to that specific ports(80 and 443) in my case. Am i right?
It depends on you setting in-interface or not. If you set in-interface=public, then it will only be done in that way.