- I'm not on CGNAT
- MyWANIP list points to the Mikrotik domain in ip/cloud
- UPnPdevices list is 192.168.1.70-192.168.1.79 (which is a list of static DHCP ip addresses that point to consoles
Code: Select all
[admin@MikroTik] /ip/upnp> print
enabled: yes
allow-disable-external-interface: no
show-dummy-rule: yes
[admin@MikroTik] /ip/upnp/interfaces> print
Columns: INTERFACE, TYPE
# INTERFACE TYPE
0 ether1 external
1 bridge internal
[admin@MikroTik] /ip/firewall> filter print
Flags: X - disabled, I - invalid; D - dynamic
0 D ;;; special dummy rule to show fasttrack counters
chain=forward action=passthrough
1 ;;; defconf: accept established,related,untracked
chain=input action=accept connection-state=established,related,untracked
2 ;;; defconf: drop invalid
chain=input action=drop connection-state=invalid log=no log-prefix=""
3 ;;; defconf: accept ICMP
chain=input action=accept protocol=icmp log=no log-prefix=""
4 ;;; defconf: accept to local loopback (for CAPsMAN)
chain=input action=accept dst-address=127.0.0.1
5 ;;; defconf: drop all not coming from LAN
chain=input action=drop in-interface-list=!LAN log=no log-prefix=""
6 ;;; UPnP Devices (1900)
chain=input action=drop protocol=udp src-address-list=!UPnPdevices dst-port=1900 log=no log-prefix=""
7 ;;; UPnP Devices (2828)
chain=input action=drop protocol=tcp src-address-list=!UPnPdevices dst-port=2828 log=no log-prefix=""
8 ;;; defconf: accept in ipsec policy
chain=forward action=accept ipsec-policy=in,ipsec
9 ;;; defconf: accept out ipsec policy
chain=forward action=accept ipsec-policy=out,ipsec
10 ;;; defconf: fasttrack
chain=forward action=fasttrack-connection hw-offload=yes connection-state=established,related log=no log-prefix=""
11 ;;; defconf: accept established,related, untracked
chain=forward action=accept connection-state=established,related,untracked
12 ;;; defconf: drop invalid
chain=forward action=drop connection-state=invalid log=no log-prefix=""
13 ;;; defconf: drop all from WAN not DSTNATed
chain=forward action=drop connection-state=new connection-nat-state=!dstnat in-interface-list=WAN log=no log-prefix=""
[admin@MikroTik] /ip/firewall> nat print
Flags: X - disabled, I - invalid; D - dynamic
0 ;;; defconf: masquerade
chain=srcnat action=masquerade out-interface-list=WAN log=no log-prefix="" ipsec-policy=out,none
1 ;;; Hairpin NAT
chain=srcnat action=masquerade src-address=192.168.1.0/24 dst-address=192.168.1.0/24 out-interface-list=LAN log=no log-prefix=""
2 ;;; Caddy
chain=dstnat action=dst-nat to-addresses=192.168.1.50 to-ports=50443 protocol=tcp dst-address-list=MyWANIP dst-port=443 log=no log-prefix=""
3 ;;; Plex
chain=dstnat action=dst-nat to-addresses=192.168.1.50 to-ports=32400 protocol=tcp in-interface-list=WAN dst-port=42300 log=no log-prefix=""
4 ;;; Wireguard UDP
chain=dstnat action=dst-nat to-addresses=192.168.1.50 to-ports=51820 protocol=udp dst-address-list=MyWANIP dst-port=443 log=no log-prefix=""
5 ;;; Mumble TCP
chain=dstnat action=dst-nat to-addresses=192.168.1.50 protocol=tcp dst-address-list=MyWANIP dst-port=64738 log=no log-prefix=""
6 ;;; Mumble UDP
chain=dstnat action=dst-nat to-addresses=192.168.1.50 protocol=udp dst-address-list=MyWANIP dst-port=64738 log=no log-prefix=""
7 ;;; Syncthing TCP
chain=dstnat action=dst-nat to-addresses=192.168.1.51 protocol=tcp dst-address-list=MyWANIP dst-port=22000 log=no log-prefix=""
8 ;;; Syncthing UDP
chain=dstnat action=dst-nat to-addresses=192.168.1.51 protocol=udp dst-address-list=MyWANIP dst-port=22000 log=no log-prefix=""
9 ;;; SFTP
chain=dstnat action=dst-nat to-addresses=192.168.1.51 protocol=tcp dst-address-list=MyWANIP dst-port=60222 log=no log-prefix=""