I know I can easily just do NAT rule, but in my opinion it just creates unnecessary clutter:
Code: Select all
/ip firewall nat add
action=dst-nat
chain=dstnat
comment="Direct CACTI_SERVER to SNMP"
dst-port=1234
protocol=udp
src-address= CACTI_IP
to-addresses=INTERNAL_ROUTER_IP
to-ports=161
/ip firewall filter add
action=accept
chain=input
comment="Allow SNMP from DSTNAT"
connection-nat-state=dstnat
dst-port=161
log-prefix=SNMP
protocol=udp