Hello,
I created a dst-nat rule to my webserver and noticed it is accessible from every ip address in the world
I want to allow only some ip addresses
I thought i could do this with a src-address-list but it is not working. It is still accessible from any external ip i try
I am familiar with Draytek devices. With draytek you create a nat rule and you have to create a firewall rule also
With Microtik so far as i know you only have to create a dst-nat rule and the port forward is opened to anybody who wants to access it
How can i create a dst-nat for a couple of ip addresses only ?
below is my current nat and firewall configuration
Thanx in advance
Flags: X - disabled, I - invalid, D - dynamic
0 ;;; drop invalid connections
chain=input action=drop connection-state=invalid
1 chain=forward action=drop connection-state=invalid
2 ;;; allow established connections
chain=input action=accept connection-state=established
3 ;;; allow ICMP
chain=input action=accept protocol=icmp
4 ;;; allow local subnet
chain=input action=accept src-address=192.168.0.0/24 in-interface=!WAN
5 ;;; drop enything else
chain=input action=drop in-interface=WAN
Flags: X - disabled, I - invalid, D - dynamic
0 chain=srcnat action=masquerade to-addresses=0.0.0.0 out-interface=WAN
1 chain=dstnat action=dst-nat to-addresses=192.168.0.2 to-ports=3389
protocol=tcp dst-address=my-external-ip in-interface=WAN dst-port=3389
2 chain=dstnat action=dst-nat to-addresses=192.168.0.2 to-ports=80
protocol=tcp dst-address=my-external-ip in-interface=WAN dst-port=80