Port mapping I think ...

bozeak · March 29, 2010, 11:36am

Hi!
I have RB433AH, great stuff! I use it to give a internet to the 70 stations lan.
Sometimes i have to disconect some users from the net and just give them the lan access, that’s simply! In ARP List i just click disable and that’s all, now I have to give them access to the 25 and 110 ports for mailing - I don’t know how.
How should I do this?!

SurferTim · March 29, 2010, 11:49am

I would not use the ARP list. I think “/ip firewall filter” would work better for you. I used 192.168.0.0/24 as the localnet in this example:

/ip firewall filter
add chain=forward action=accept dst-port=25 protocol=tcp src-address=192.168.0.0/24
add chain=forward action=accept dst-port=110 protocol=tcp src-address=192.168.0.0/24
add chain=forward action=drop src-address=192.168.0.0/24

The “action=drop” must be after the other two rules. Only inbound/outbound email gets through.

BTW, welcome to the MikroTik forum!

ADD: This is only if you use an ip address for the email servers. If you use a domain name, then you need to allow port 53 tcp and udp also (DNS).

bozeak · March 29, 2010, 1:00pm

Please look at my export from ROS:

/ip firewall filter
add action=accept chain=input comment="Added by webbox" disabled=no protocol=\
    icmp
add action=accept chain=input comment="Added by webbox" connection-state=\
    established disabled=no in-interface=ether1
add action=accept chain=input comment="Added by webbox" connection-state=\
    related disabled=no in-interface=ether1
add action=accept chain=forward comment="" disabled=no dst-port=110 protocol=\
    tcp
add action=accept chain=forward comment="" disabled=no dst-port=25 protocol=\
    tcp
add action=drop chain=input comment="Added by webbox" disabled=no \
    in-interface=ether1
add action=jump chain=forward comment="Added by webbox" connection-type="" \
    disabled=no jump-target=customer
add action=accept chain=customer comment="Added by webbox" connection-state=\
    established disabled=no
add action=accept chain=customer comment="Added by webbox" connection-state=\
    related disabled=no
add action=drop chain=customer comment="Added by webbox" disabled=no
add action=drop chain=forward comment="" disabled=no p2p=all-p2p src-address=\
    !192.168.1.2-192.168.1.14