Hi,
I have a PC in my LAN, I need to use RDP acces to login to this PC from Internet. So I create a port forwarding, something like:
router_WAN_IP:3389 -> PCs_IP:3389
Then I need block all Internet access on a PC except Forwarded RDP so i tryed a rule
chain=forward action=drop src-address=PCs_IP out-interface=ether1-gateway log=no log-prefix=""
but it also blocking my RDP.
How shell I do it right?
Thanks
Hello,
Try something like this, adapt it regarding your network configuration :
add chain=forward comment=“TEST BLOCK WAN ACCESS” dst-port=3389 in-interface=WAN1 out-interface=bridge-local protocol=tcp
add chain=forward connection-state=established in-interface=bridge-local out-interface=WAN1
add action=drop chain=forward log=yes log-prefix=“DROP NET” out-interface=WAN1 src-address=192.168.88.250
Bests Regards,
How about:
/ip filter
add chain=firward action=accept source-address=PCIP connection-state=established,related
add chain=forward action=drop source-address=PCIP connection-state=new
That should filter out all connections established from that PC, except the established one you
create when connecting from outside using RDP? Of course you still need your port-forwarding
rule to allow that incoming connection somehow..