MikroTik

Community discussions
https://forum.mikrotik.com/

open firewall port

https://forum.mikrotik.com/viewtopic.php?t=83033

Page 1 of 1

open firewall port

Posted: Mon Mar 17, 2014 4:50 pm
by kneuzgi
Hi

I'm a newbie with the routerOS software.

I'd like to open upd port 500 and 4500 for an internal ip addresse (e.g. 192.168.88.113)
Traffic should go in both direction! means internal to external and external to internal

How can I do that via Webinterface?
What do I have to enter where?


Thank you very much

Re: open firewall port

Posted: Mon Mar 17, 2014 6:03 pm
by ronybaalbaky
please explain more , do you want to do port forwarding you mean ?

Re: open firewall port

Posted: Tue Mar 18, 2014 1:35 pm
by kneuzgi
I'd like to open the two udp ports (500 and 4500) so that traffic can be allowed.
Allow traffic from internal to external over UDP Port and also from external to internal

Re: open firewall port

Posted: Tue Mar 18, 2014 1:45 pm
by Rudios
It depends on your config but I assume you are using a 'default' SOHO config.
If so you are NAT-ting from your local LAN to the outside.
Only thing you need to do is create a NAT rule and a firewall filter allowance rule for each port

ros code

/ip firewall nat
add chain=dstnat action=dst-nat in-interface=<your WAN interface> protocol=udp dst-port=500 to-address=192.168.88.113 to-address=500
add chain=dstnat action=dst-nat in-interface=<your WAN interface> protocol=udp dst-port=4500 to-address=192.168.88.113 to-address=4500
If you have a static WAN ip, you could add dst-address=<your WAN IP> to each line

ros code

/ip firewall filter
add chain=forward action=accept protocol=udp dst-address=192.168.88.113 dst-address=500 in-interface=<your WAN interface>
add chain=forward action=accept protocol=udp dst-address=192.168.88.113 dst-address=4500 in-interface=<your WAN interface>

Re: open firewall port

Posted: Thu Mar 20, 2014 5:40 pm
by kneuzgi
If put in this:

/ip firewall nat
add chain=dstnat action=dst-nat in-interface=ether1-gateway protocol=udp dst-port=500 to-address=192.168.88.113 to-address=500
add chain=dstnat action=dst-nat in-interface=ether1-gateway protocol=udp dst-port=4500 to-address=192.168.88.113 to-address=4500


then i'm getting following error/message:

add chain=dstnat action=dst-nat in-interface=ether1-gateway protocol=udp dst-port=500 to-address=192.168.88.113 to-address=500
expected end of command (line 1 column 113)
add chain=dstnat action=dst-nat in-interface=ether1-gateway protocol=udp dst-port=4500 to-address=192.168.88.113 to-address=4500
expected end of command (line 1 column 114)

Re: open firewall port

Posted: Fri Mar 21, 2014 12:29 am
by Rudios
My mistake. I wrote to-address twice. The second one in each line should be to-ports. Possibly it also could be to-adresses. I'm writing out of my head and not tested the commands for typo's
All times are UTC+03:00
Page 1 of 1
Powered by phpBB® Forum Software © phpBB Limited
https://www.phpbb.com/