Community discussions

 
ramin110
just joined
Topic Author
Posts: 2
Joined: Sun Oct 09, 2011 8:06 pm

Block winbox throughout public IP and only access from VPN

Sun Aug 04, 2019 5:31 pm

hi,
I want to Block winbox throughout public IP and only access from VPN connection like pptp.
I already set a firewall rule to block all IP and only access dedicated IP. but in this situation when I change my dedicated IP I have to change the firewall rule via console to access winbox again.
I set a VPN user with a password but when I set the src. address to my virtual IP firewall not recognizing the NAT IP and instead of this seeing my internet IP and blocking the IP access to winbox.
I used the mangle and raw with prerouting but nothing changed. the Firewall Rules always seeing the IP first and blocking it.
thanks.
 
ros44
newbie
Posts: 37
Joined: Sun Feb 25, 2018 2:05 am
Location: Sofia, Bulgaria

Re: Block winbox throughout public IP and only access from VPN

Sun Aug 04, 2019 9:22 pm

First, you may want to change the winbox port to a custom port number.

Second, if you update your router to the latest stable version and then reset the configuration and configure it again, you will end up having the default firewall rules configured out of the box. These rules provide sufficient security for beginners. Having these rules as a base and also using PPTP VPN, what you need to do is add one single rule in the filter section of the firewall allowing you access to the winbox port only from "all ppp" interfaces. No need to mess with raw and mangle rules at all.

Be aware that PPTP is considered outdated and insecure. Read more about firewall rules.
Every moment something magical is happening!

Who is online

Users browsing this forum: No registered users and 40 guests