Hi there,
When trying to access my Mikrotik from the WAN using winbox default port 8291 I only can access when enabling the input chain rule allowing all (any any)
when I try to narrow down and disable the any any rule expecting that first rule allowing only tcp connections on port 8291(winbox) takes over, I can see in connections tab a syn sent instead of a established connection, It’s like 3 way handshake cannot be completed. Any idea why is this happening?
Please find below FW rules and NAT
/ip firewall filter
add action=accept chain=input comment=“Connection Winbox from WAN” dst-port=8291 log=yes log-prefix=“Conexion remota winbox 4G” protocol=tcp src-address=public IP X.X:X:X
add action=accept chain=input comment=“Connection Winbox from LAN” dst-port=8291 log-prefix=“Conexi\F3n_LAN” protocol=tcp src-address=192.168.2.0/24
add action=accept chain=input comment=“PPTP port 1723 tcp” disabled=yes dst-port=1723 log=yes log-prefix=VPN-INPUT-1723 protocol=tcp
add action=accept chain=input comment=“ANY ANY” disabled=yes log-prefix=ACCEPT-ALL-INPUT
add action=drop chain=input log-prefix=DROP-INPUT
add action=accept chain=forward comment=“ALL CAN PASS” log=yes log-prefix=FORWARD-ACCEPT-ALL
/ip firewall nat
add action=masquerade chain=srcnat
thanks in advanced for your help