Hello,
I’ve set up port forwarding for my printer (print from server to mikrotik to printer). I’ve set up port forwarding NAT, port:xxxx, in-interface(internet) to address (printer local address and port) and FIter rules: forward (port) accept. I works OK. But I need to close it from only one WAN address. I can print from every PC, when i set up wan address and port. I need to print only from server. Any advices?
Thank you.
J.
add src-address=ip.of.the.server to the action=accept rule in chain=forward.
Thank you. You mean add src wan address to filter that exists and turn off in-interface source?
It does not really matter whether you keep in-interface in the list of conditions of the rule or remove it, as it is unlikely that the packets from the server would come in via any other interface. But I don’t know what you mean by “src wan address”. The packet comes in from the server (i.e. its src-address is the IP address of the server) to the IP address of the WAN interface (i.e. its dst-address is the IP address of the WAN interface) and you then dst-nat it, so you replace the original dst-address by a new one from one of your LAN subnets. So the filter rule can see the original src-address (of the sending server) and the translated dst-address (the private one of the printer).
So if the IP address of the server is 1.2.3.4 and the WAN IP address is 5.6.7.8, the condition added to the filter rule must be src-address=1.2.3.4.