Community discussions

 
belmont
just joined
Topic Author
Posts: 9
Joined: Tue Jul 05, 2016 6:12 pm

port open for specific IP range

Sun Oct 22, 2017 10:26 am

Hi,
is it possible to open a port for only a specific IP range, for example a country ip range?
Use case is.: i want to reach the security cam but dont want that port to be available for the whole world.

I can set the source IP and it works fine. How to get the whole IPs of a country into the source field? I have a list of IP but it doesnt accept it in the source field.
 
MLubbe
newbie
Posts: 32
Joined: Fri Mar 18, 2016 7:40 pm

Re: port open for specific IP range

Sun Oct 22, 2017 12:33 pm

Create address list (IP Firewall Address-list). You can add IP subnets (196.123.123.0/24) and individual addresses. (196.123.123.123)
Add dstnat rule, and use address list as src-address-list
 
pe1chl
Forum Guru
Forum Guru
Posts: 5830
Joined: Mon Jun 08, 2015 12:09 pm

Re: port open for specific IP range

Sun Oct 22, 2017 1:43 pm

There exists no such thing as 'a country IP range' so you will have to manage that a different way.
Of course you can enter the range used by a provider as a subnet notation (e.g. 123.123.0.0/16) in the src.address field.
Or you can leave that out and use the "src.address list" where you enter the name of an address list that you previously
filled with all addresses or subnets you want to allow. Go to the address list tab, enter some address or subnet and a name,
and then enter more addresses if desired with the same name, they will automatically form an address list that you can use.
 
User avatar
k6ccc
Member
Member
Posts: 479
Joined: Fri May 13, 2016 12:01 am
Location: Glendora, CA, USA (near Los Angeles)

Re: port open for specific IP range

Sun Oct 22, 2017 8:49 pm

One other thing you could do is set up a port knock in the router that would allow you to open the port for your camera from whatever IP you were coming from. That way the inbound port is normally dead, until you run the port knock, and then the port opens for some amount of time allowing you to connect to your camera.
RB750Gr3, RB750r2, CRS326-24G-2S (in SwitchOS), CSS326-24G-2S, CSS106-5G-1S, RB260GS
Not sure if I beat them in submission, or they beat me into submission


Jim
 
User avatar
Jotne
Forum Guru
Forum Guru
Posts: 1303
Joined: Sat Dec 24, 2016 11:17 am
Location: jo.overland at gmail.com

Re: port open for specific IP range

Sun Oct 22, 2017 8:56 pm

I would have setup an L2TP IPSEC VPN to your net. Then you can reach the camera in a secure way.
 
How to use Splunk to monitor your MikroTik Router

MikroTik->Splunk
 
 
pe1chl
Forum Guru
Forum Guru
Posts: 5830
Joined: Mon Jun 08, 2015 12:09 pm

Re: port open for specific IP range

Mon Oct 23, 2017 7:55 am

I would have setup an L2TP IPSEC VPN to your net. Then you can reach the camera in a secure way.
Yes, that is a much better solution. It is possible to use it from a phone, for example.

Who is online

Users browsing this forum: MSN [Bot] and 77 guests