open firewall port

kneuzgi · March 17, 2014, 2:50pm

Hi

I’m a newbie with the routerOS software.

I’d like to open upd port 500 and 4500 for an internal ip addresse (e.g. 192.168.88.113)
Traffic should go in both direction! means internal to external and external to internal

How can I do that via Webinterface?
What do I have to enter where?

Thank you very much

ronybaalbaky · March 17, 2014, 4:03pm

please explain more , do you want to do port forwarding you mean ?

kneuzgi · March 18, 2014, 11:35am

I’d like to open the two udp ports (500 and 4500) so that traffic can be allowed.
Allow traffic from internal to external over UDP Port and also from external to internal

Rudios · March 18, 2014, 11:45am

It depends on your config but I assume you are using a ‘default’ SOHO config.
If so you are NAT-ting from your local LAN to the outside.
Only thing you need to do is create a NAT rule and a firewall filter allowance rule for each port
/ip firewall nat
add chain=dstnat action=dst-nat in-interface= protocol=udp dst-port=500 to-address=192.168.88.113 to-address=500
add chain=dstnat action=dst-nat in-interface= protocol=udp dst-port=4500 to-address=192.168.88.113 to-address=4500If you have a static WAN ip, you could add dst-address= to each line
/ip firewall filter
add chain=forward action=accept protocol=udp dst-address=192.168.88.113 dst-address=500 in-interface=
add chain=forward action=accept protocol=udp dst-address=192.168.88.113 dst-address=4500 in-interface=

kneuzgi · March 20, 2014, 3:40pm

If put in this:

/ip firewall nat
add chain=dstnat action=dst-nat in-interface=ether1-gateway protocol=udp dst-port=500 to-address=192.168.88.113 to-address=500
add chain=dstnat action=dst-nat in-interface=ether1-gateway protocol=udp dst-port=4500 to-address=192.168.88.113 to-address=4500

then i’m getting following error/message:

add chain=dstnat action=dst-nat in-interface=ether1-gateway protocol=udp dst-port=500 to-address=192.168.88.113 to-address=500
expected end of command (line 1 column 113)
add chain=dstnat action=dst-nat in-interface=ether1-gateway protocol=udp dst-port=4500 to-address=192.168.88.113 to-address=4500
expected end of command (line 1 column 114)

Rudios · March 20, 2014, 10:29pm

My mistake. I wrote to-address twice. The second one in each line should be to-ports. Possibly it also could be to-adresses. I’m writing out of my head and not tested the commands for typo’s