We have a router that serves:
- external customers with public IP addresses
- internal networks with public IP addresses
- and internal private networks.
I just became involved with this router and discovered that smtp is being abused from external sources by simply bouncing them on the router and making the router seem like it's running an open-relay (and this abuse is not being done through a socks proxy)
I searched around this forum and found a temporary solution at: autodetect and temporary block smtp out ... MTP_output
Analyzing the address lists helped provide insight into what is happening, and understandably the router's own WAN address is in the list.
Now, I am just going through the basics of securing the router and preventing input traffic from the internet, without affecting traffic destined for the downstream public networks that pass through this traffic. I have seen great advice of filter rules at the following places ... but just seeking confirmation that they will work in my scenario:
For example, in https://wiki.mikrotik.com/wiki/Tips_and ... c_internet, I am concerned that this rule will drop traffic going to downstream public networks since it's dependent on dst-nat (which is only applicable on internal private networks). Is this assumption correct?
There are also great suggestions here: https://wiki.mikrotik.com/wiki/Manual:S ... r#Firewall
Basically, I want to drop packets on the input chain that are not intended for:
- downstream public networks (won't be nat'ed)
- internal private networks (will be nat'ed)
Will appreciate any suggestions