Hi everyone,
I don't really understand well the inner workings of NAT, and I'd like to know how to block packets coming from another router, using Mikrotik's firewall.
The setup is as follows:
There's a Huawei router that has a WAN interface connected to a fiber ONT. The WAN interface obtains a public IPv4 address not shared with anyone (it's not using CG-NAT) and a LAN interface has the IP address 192.168.92.1/24. This router is doing NAT and is also redirecting TCP port 6040 to a Windows computer located at 192.168.92.5/24
There's also a Mikrotik HEX router with the default configuration. Ethernet 1 is WAN. Ethernet 2 to 5 form a bridge named LAN (your typical configuration designed by Mikrotik when you reset to defaults). Mikrotik's bridge has the IP address 192.168.92.2/24
I have connected the Huawei LAN interface to Mikrotik's Ethernet 2. The Windows computer is connected to Mikrotik's Ethernet 3. (Please note that Mikrotik's Ethernet 1 is empty, I'm not connecting anything there)
I've manually set the Windows computer to use 192.168.92.2 as the default gateway.
How can I restrict connections to TCP port 6040 in the windows computer to originate only from specific public IP addresses?
I'm not sure where exactly is this processed in the Mikrotik (input, forwarding, output) ??? Remember that the Mikrotik is NOT doing any NAT. The NAT is performed by the Huawei.
I cannot configure the Huawei unfortunately (it's configured by Spain's Movistar) I can only call them by telephone to ask them to open ports, and that's it. I cannot ask them to touch the firewall, or anything else. They will just open ports for me and that's all.
I don't really understand well the inner workings of NAT, and I'd like to know how to block packets coming from another router, using Mikrotik's firewall.
The setup is as follows:
There's a Huawei router that has a WAN interface connected to a fiber ONT. The WAN interface obtains a public IPv4 address not shared with anyone (it's not using CG-NAT) and a LAN interface has the IP address 192.168.92.1/24. This router is doing NAT and is also redirecting TCP port 6040 to a Windows computer located at 192.168.92.5/24
There's also a Mikrotik HEX router with the default configuration. Ethernet 1 is WAN. Ethernet 2 to 5 form a bridge named LAN (your typical configuration designed by Mikrotik when you reset to defaults). Mikrotik's bridge has the IP address 192.168.92.2/24
I have connected the Huawei LAN interface to Mikrotik's Ethernet 2. The Windows computer is connected to Mikrotik's Ethernet 3. (Please note that Mikrotik's Ethernet 1 is empty, I'm not connecting anything there)
I've manually set the Windows computer to use 192.168.92.2 as the default gateway.
How can I restrict connections to TCP port 6040 in the windows computer to originate only from specific public IP addresses?
I'm not sure where exactly is this processed in the Mikrotik (input, forwarding, output) ??? Remember that the Mikrotik is NOT doing any NAT. The NAT is performed by the Huawei.
I cannot configure the Huawei unfortunately (it's configured by Spain's Movistar) I can only call them by telephone to ask them to open ports, and that's it. I cannot ask them to touch the firewall, or anything else. They will just open ports for me and that's all.
Statistics: Posted by Leolo — Tue Jan 30, 2024 6:01 pm