I am having trouble remotely accessing our routerboard. The unit is setup as a transparent bridge, and the IP assigned to the bridge can only be accessed if you are physically connected to the routerboard, or connected to the same switch the routerboard is attached too. I setup the firewall rules to allow access from the internal subnet range of the bridge interface, as well as access from a specific IP block on our network, outside of the network. The unit is acting as a bridge, so there is not NAT, or any routing taking place.
I think it is a simple firewall rule, but I cant figure it out.
Also, is there a way to setup a rule to only allow access from specific host, and not an entire subnet?
I removed all the firewall rules I had in place, excpet a P2P drop rule. I only need access from one IP address, and I tried the command you posted, but I do not have the option to setup a “filter” after the /ip firewall command.
Jesse
/ ip firewall
set input name=“input” policy=accept comment=“”
set forward name=“forward” policy=accept comment=“”
set output name=“output” policy=accept comment=“”
/ ip firewall rule forward
add p2p=all-p2p action=drop log=yes comment=“” disabled=no
/ ip firewall rule input
add connection-state=invalid action=drop comment=“” disabled=no
/ ip firewall service-port
set ftp ports=21 disabled=no
set pptp disabled=yes
set gre disabled=yes
set h323 disabled=yes
set mms disabled=no
set irc ports=6667 disabled=no
set quake3 disabled=no
set tftp ports=69 disabled=no
/ ip firewall connection tracking
set enabled=yes tcp-syn-sent-timeout=2m tcp-syn-received-timeout=1m
tcp-established-timeout=5d tcp-fin-wait-timeout=2m
tcp-close-wait-timeout=1m tcp-last-ack-timeout=30s
tcp-time-wait-timeout=2m tcp-close-timeout=10s udp-timeout=30s
udp-stream-timeout=3m icmp-timeout=30s generic-timeout=10m
I do not know how to do this. I am not sure what the deal is.. All I did was follow the instructions for setting up a transparent bridge, and dropping all P2P traffic.