Community discussions

 
jordiak
just joined
Topic Author
Posts: 1
Joined: Thu Aug 08, 2019 7:41 pm

Winbox remotely acccess conection only syn sent but not established

Thu Aug 29, 2019 2:12 pm

Hi there,
When trying to access my Mikrotik from the WAN using winbox default port 8291 I only can access when enabling the input chain rule allowing all (any any)
when I try to narrow down and disable the any any rule expecting that first rule allowing only tcp connections on port 8291(winbox) takes over, I can see in connections tab a syn sent instead of a established connection, It's like 3 way handshake cannot be completed. Any idea why is this happening?
Please find below FW rules and NAT


/ip firewall filter
add action=accept chain=input comment="Connection Winbox from WAN" dst-port=8291 log=yes log-prefix="Conexion remota winbox 4G" protocol=tcp src-address=public IP X.X:X:X
add action=accept chain=input comment="Connection Winbox from LAN" dst-port=8291 log-prefix="Conexi\F3n_LAN" protocol=tcp src-address=192.168.2.0/24
add action=accept chain=input comment="PPTP port 1723 tcp" disabled=yes dst-port=1723 log=yes log-prefix=VPN-INPUT-1723 protocol=tcp
add action=accept chain=input comment="ANY ANY" disabled=yes log-prefix=ACCEPT-ALL-INPUT
add action=drop chain=input log-prefix=DROP-INPUT
add action=accept chain=forward comment="ALL CAN PASS" log=yes log-prefix=FORWARD-ACCEPT-ALL
/ip firewall nat
add action=masquerade chain=srcnat

thanks in advanced for your help
 
Sob
Forum Guru
Forum Guru
Posts: 4549
Joined: Mon Apr 20, 2009 9:11 pm

Re: Winbox remotely acccess conection only syn sent but not established

Thu Aug 29, 2019 6:00 pm

WinBox shouldn't need anything more. It works for me with just tcp/8291 open. But you can add log=yes to last drop rule and see what happens there.
People who quote full posts should be spanked with ethernet cable. Some exceptions for multi-topic threads may apply.

Who is online

Users browsing this forum: No registered users and 18 guests