Community discussions

MikroTik App
 
MicrotikUser
newbie
Topic Author
Posts: 29
Joined: Tue Aug 21, 2018 12:42 am

VNC Port Forward

Mon Dec 24, 2018 11:52 pm

Hello, I'm writing this form post because i cant seem to make port forwarding work. I want to allow WAN connections to communicate with a Windows box on the LAN. For VNC, and possibly RDP. I'm aware this is not a good idea, and that's exactly why i want to do it...wink wink nudge nudge.
 
User avatar
sebastia
Forum Guru
Forum Guru
Posts: 1782
Joined: Tue Oct 12, 2010 3:23 am
Location: Antwerp, BE

Re: VNC Port Forward  [SOLVED]

Tue Dec 25, 2018 4:06 am

Hi

This shouldn't be to hard: if you're running (close to) default config, just define a dst-nat rule in NAT table, dst-nat chain. In the filter table, forward chain there should be a rule to allow all "new & dstnat" connection.

If that filter rule is not there add it or add one specific for your case.
 
User avatar
pcunite
Forum Guru
Forum Guru
Posts: 1345
Joined: Sat May 25, 2013 5:13 am
Location: USA

Re: VNC Port Forward

Tue Dec 25, 2018 6:54 am

You'll need to define in-interface.

/ip firewall filter
add chain=input action=accept connection-state=established,related comment="Accept established related"
add chain=input action=accept in-interface=bridge-LAN comment="Allow LAN access to router and Internet"
add chain=input action=drop comment="Drop all other input"

add chain=forward action=accept connection-state=established,related comment="Accept established related"
add chain=forward action=accept connection-state=new in-interface=bridge-LAN comment="Allow LAN access to router and Internet"
add chain=forward action=accept connection-nat-state=dstnat in-interface=ether-WAN comment="Allow Port forwards"
add chain=forward action=drop comment="Drop all other forward"

/ip firewall nat
add chain=srcnat action=masquerade out-interface=ether-WAN comment="Default masq"
add chain=dstnat action=dst-nat in-interface=ether-WAN protocol=tcp to-addresses=1.2.3.4 dst-port=123 to-ports=123 comment="Sample Port Forward"

Who is online

Users browsing this forum: 0xAA55, baragoon and 37 guests