Hi
I design a network which consist of some PC under NAT and firewall. All PCs hide under NAT but some times one of PCs need to have p2p communication with another PC in another similar network. but for security i don’t want to have static port forward in NAT.
How can i programmatically control port forwarding in Mikrotik RouterOS?
I want to use this solution in enterprise product, and prefer to not using UPNP because of authentication lack. Can i do it any way?
You can use port knocking. Search for it.
thanks a lot
but i want to control port forwarding from inside of network( something like UPNP).
I think UPNP will not help to open both firewalls. I would create a tunnel between the networks. Then make drop rule on transition from tunnel into each network to block the newly opening communication into network from tunnel by default. Before accept related and established, of course.
Then I would place (before drop rule mentioned above) potential allowing rules to pass new opening communication. And these rules can be enabled under port knocking conditions or by a script, depending on the way how you want to detect or decide about it (you did not described it).
Each side of network is mine. I think the registrar server in middle of this way can help handshaking of communication. whats you opinion?
Well. My opinion is that if I am connecting my networks together I do it because I need to access them without any excessive obstacles.