Afternoon, I am fairly new to Mikrotiks but loving them. But can someone help me with a Firewall issue.
I have 2 interfaces, Ether 4 DMZ and Ether 6 Services. I want to....
Only allow certain ports from Ether 4 to Ether 6 (TCP 45,53,88,389,445,464,636,1688,135-137,1025-5000,49152-65535) (UDP 53,88,389,445,123,135-137)
Allow all ports from Ether 6 to Ether 4
I have set the below which works for Ether4 to Ether6 but Ether6 to Ether4 doesn't allow any traffic. I thought with Mikrotiks everything was open until it was closed.
add action=accept chain=forward comment="DMZ Rules" dst-address-list=AD-Services dst-port=45,53,88,389,445,464,636,1688,135-137,1025-5000,49152-65535 in-interface-list=DMZ-Interfaces out-interface=ether6-Services protocol=tcp src-address-list=RDG-DMZ-IPS
add action=accept chain=forward dst-address-list=AD-Services dst-port=53,88,389,445,123,135-137 in-interface-list=DMZ-Interfaces out-interface=ether6-Services protocol=udp src-address-list=RDG-DMZ-IPS
add action=reject chain=forward in-interface-list=DMZ-Interfaces out-interface-list=all reject-with=icmp-network-unreachable
Can anyone offer me the correct direction to go?