Community discussions

MUM Europe 2020
 
ghostku
just joined
Topic Author
Posts: 1
Joined: Tue Feb 10, 2015 2:39 pm

How to block Internet on a machine except port forwarding

Tue Feb 10, 2015 2:51 pm

Hi,
I have a PC in my LAN, I need to use RDP acces to login to this PC from Internet. So I create a port forwarding, something like:
router_WAN_IP:3389 -> PCs_IP:3389 
Then I need block all Internet access on a PC except Forwarded RDP so i tryed a rule
chain=forward action=drop src-address=PCs_IP  out-interface=ether1-gateway log=no log-prefix="" 
but it also blocking my RDP.
How shell I do it right?
Thanks
 
evince
Member
Member
Posts: 308
Joined: Thu Jul 05, 2012 12:11 pm
Location: Weiswampach - Luxemburg
Contact:

Re: How to block Internet on a machine except port forwarding

Tue Feb 10, 2015 4:24 pm

Hello,

Try something like this, adapt it regarding your network configuration :

add chain=forward comment="TEST BLOCK WAN ACCESS" dst-port=3389 in-interface=WAN1 out-interface=bridge-local protocol=tcp
add chain=forward connection-state=established in-interface=bridge-local out-interface=WAN1
add action=drop chain=forward log=yes log-prefix="DROP NET" out-interface=WAN1 src-address=192.168.88.250

Bests Regards,
 
sejtam
Frequent Visitor
Frequent Visitor
Posts: 66
Joined: Sun Dec 14, 2014 4:23 pm

Re: How to block Internet on a machine except port forwarding

Tue Feb 10, 2015 4:57 pm

How about:


/ip filter
add chain=firward action=accept source-address=PCIP connection-state=established,related
add chain=forward action=drop source-address=PCIP connection-state=new

That should filter out all connections established from that PC, except the established one you
create when connecting from outside using RDP? Of course you still need your port-forwarding
rule to allow that incoming connection somehow..

Who is online

Users browsing this forum: No registered users and 35 guests