Hello, is it possible to run www service on mikrotik, but , for example: accessible via LAN on por 80 (accept input in firewall)
But only accept www via WAN on another port… (accept that input port in firewall)
??
Thanks
I just did it.
In my case, we have such of a DMZ.
So, what I did is create a dst-nat rule like that:
/ip firewall nat
add action=dst-nat chain=dstnat comment=DMZ dst-address=$WAN-IP protocol=!tcp to-addresses=$DMZ-IP
add action=dst-nat chain=dstnat comment=DMZ dst-address=$WAN-IP dst-port=!$ALTERNATIVE-WWW-PORT protocol=tcp to-addresses=$DMZ-IP
add action=redirect chain=dstnat dst-address=$WAN-IP dst-port=$ALTERNATIVE-WWW-PORT protocol=tcp to-ports=80
and then create an input firewall rule, that will only work when redirected.
/ip firewall filter
add action=accept chain=input dst-port=80 protocol=tcp
I had already an INPUT rule to accept any from LAN.
So LAN will access mikrotik www service thru 80 and from WAN, only accesible thru $ALTERNATIVE-WWW-PORT