Multiple WAN IP's & Port Forward

jamesredvers · September 1, 2016, 9:10am

Hi,

Just CCR1036-12G-4S running 6.34.3 for a client with a 1Gb WAN connection. It is in and working fine in terms of throughput etc.

Where I am stuck is that we have 5 useable public IP addresses. I have added 2 of them to the SFP1 port and setup a port forward for 3389 traffic. When connecting externally I can connect to their TS farm from either public IP address. I now want to only allow access from 1 specific public IP but cannot get this to work. I have created a dstnat rule as mentioned above which works for ALL public IP addresses currently.

All help welcomed

Cheers,

Stuart.

voxmaster · September 2, 2016, 11:09am

Try to use dst-address= instead of in-interface=

/ip firewall nat add action=dst-nat chain=dstnat comment=RDP dst-address=[YOUR-PREFERRED-PUBLIC-IP] dst-port=3389 protocol=tcp to-addresses=[Internal-IP] to-ports=3389
/ip firewall nat add action=dst-nat chain=dstnat comment=RDP dst-address=[YOUR-PREFERRED-PUBLIC-IP] dst-port=3389 protocol=udp to-addresses=[Internal-IP] to-ports=3389

Rudios · September 2, 2016, 1:49pm

Or even combine both in-interface AND dst-address.