Page 1 of 1

open a range of ports... Like all of them.

Posted: Thu Mar 06, 2014 7:46 pm
by dotvalue
Yes I do know this is insecure, but I would like to know how to do it. I have a specific usage case where I have a bunch of PLCs and I am not sure what ports they communicate on. And yes it is a huge variety, enough that I dont want to manage port configurations. What is the best way to do this with the firewall filter rules?

Re: open a range of ports... Like all of them.

Posted: Fri Mar 07, 2014 8:11 pm
by shane3673
If you leave you firewall filters blank it will allow everything through.
You can also make a filter rule that is blank and action set to allow.
You can also create a filter rule that the action is set to allow, and when setting it up mark TCP or UDP (whichever you want or create 2 rule to do both) then in DST Port do a range like so depending on your needs 0-40000.
If you are doing this in NAT so you want to Port Forward all ports to one device you create a rule using the chain dst-nat mark the incoming interface as you WAN interface leave everything else blank and on action select dst-nat, to address to whatever the Ip of the device your port forwarding to

Re: open a range of ports... Like all of them.

Posted: Tue Mar 11, 2014 3:36 am
by nerdtron
I'm not sure if this is what you wanted, but are you talking about DMZ?
http://forum.mikrotik.com/viewtopic.php?f=14&t=38916

Re: open a range of ports... Like all of them.

Posted: Tue Mar 11, 2014 9:40 am
by normis
There is conflicting terminology here.

Are you looking to forward ports (to allow connections to internal network device), or open ports (to allow connections to your router)?

Re: open a range of ports... Like all of them.

Posted: Tue Mar 11, 2014 2:38 pm
by dotvalue
First guy who responded understood what I wanted to do, it worked. Thanks guys!

Re: open a range of ports... Like all of them.

Posted: Tue Mar 11, 2014 6:24 pm
by Lakis
in ip firewall nat> add this two rules

0 chain=dstnat action=dst-nat to-addresses=192.168.88.100(unit or pc ip that u want to forward all ports) protocol=tcp in-interface=WAN

1 chain=srcnat action=masquerade

this should open-redirect all ports

After adding these rules it’s probable that u cannot open Mikrotik unit Web because port 80 is also redirected