Hi!
Today I couldn’t acces my MikroTik 2011 series at home from work. At home I’ve installed stable updates, nothing changed. Reset to defaults either.
I definitely have external ip working, I can dsnat ssh to this computer with linux in mikrotik network and connect from 3g internet on phone.
And local acces fully functional, ssh, web and winbox from virtual machine with windows.
Sorry for my English.
Last connection was several weeks ago, I don’t use it often.
Last time I’d setup IPv6 thanks to this forum. But now it has all defaults except ISP connection.
Any suggestions? All services accesessible from lan and nothing from internet, but i cant DSTNAT any port to NATed PC.
Nmap shows host up, but no open ports.
Default config after “Reset configuration”. I’ll get config after work, can’t access it now because of the topic problem .
And DSTNAT works, like I mentioned. I tried to dstnat port 22 from external ip to local - doesn’t work.
I would be VERY careful about making command ports available via the internet. At the very least use non-standard ports. Then add another layer of security or two above that.
As long as your access control policies are in place you should be fine. and example would be to only allow access to a service from a specific set of “safe” addresses. To do this create an address list then add an input and forward rule at the top of your firewall list to allow all “safe” IP addresses.
I believe that would be another layer of security that I mentioned. In my case, the remote access methods use non-standard ports, a multi-step port knock to even open the ports, and complex usernames and passwords. Only secure connections are allowed (no http, ftp, or telnet from the internet for example). From specific IPs on my local LAN, it’s a little less stringent.
.