Hello,
I cannot prevent access from outside to a machine that is on the network.
From my smartphone I always have access (4G).
Is there something I don’t understand here?
Then I just wanted to give access to this machine but from a specific range ip.
add action=drop chain=input comment=“NO SERVER ACCESS” dst-address=
192.168.2.113 in-interface=ether1 log=yes log-prefix=NAS-DROP port=
53200,22 protocol=tcp
Thanks to those who can help me.
If i am not mistaken “chain=input” ist wrong !
If you set it to “chain=foward” it will work
I also try, and again at the moment. But the router does not intercept and allows the connection to pass to the server.
Usually it isn’t possible to access Clients behind a Router over the Internet …
Except if you NAT and Open your firewall !
Do you have a Synology or Qnap with Online account ?!
I have a Synology with the security rules and the blacklist mode. But I no longer support the 15,000 messages per day which indicates that the NAS is blocking people. So I want to block by the router any attempt to access the NAS to silence the notifications and especially that they forget me.
I have the impression that my firewall does not stop anything at all, if I do the test on a home automation server, it also lets pass.
I think we need a diagramm of your Network
And the config / Export of the Mikrotik-Device
Quickly delete the EMAIL part of your export !!!
or completly … you have a lot of sensitive Info’s in your export
Done
ok i just tested with the highest rule on the home automation server and it is blocked. But not the synology. He answers whatever happens.
humm, the home automation server is well intercepted by smartphone applications, but by the web (chrome) it always passes. I’m going crazy.
ok, all the tests show that the firewall rule is working. But only from the applications (smartphone) that request the connection.
If I use Chrome to access its services, the router lets through without any problem. It’s still a clear progression;)
So…
Are you sure your NAS ist .113 and not .133?
Yes the nas is .113
.133 this is the Unifi Controler (no gateway on)
I found this on your Export :
add action=dst-nat chain=dstnat comment=NAS dst-port=53200 in-interface=ether1 protocol=tcp to-addresses=192.168.2.133 to-ports=53200
I just blocked but I still have access. It is indeed something that was useless. But it always goes 
but, overall I realize that the smartphone applications that request access, are blocked! and chrome always passes, isn’t that a protocol problem? I find nothing
I checked your Config and couldn’t find anything accepting and/or fowarding WAN to LAN on port 22 and 53200.
You will have to Track Traffic to identify the Problem.
If you don’t want to use Wireshark and CO..
Go in Winbox under /ip firewall connections
Start a conection to your NAS via LTE and look what appends !
Do you have VPN active ?
No, the VPN on my smartphone is on demand.
I am using OpenVPN connect.
As well as the VPN directly with the router, but it is not activated on the smartphone.
All this is why I ask for help because it is incomprehensible to me.
Everything works fine with me, but when I wanted to restrict a machine, it indicates that something is not working.
I will resume this madness tomorrow, I am exhausted from this day on a simple Block.
Thank you for the help and if you can help me I won’t refuse tomorrow;)