https://help.mikrotik.com/docs/pages/vi ... eId=328435
I see that you have not fixed the firewall filter. Your existing configuration does not ensure the correct traffic flow. Your firewall rules are crap and not secure at all.
You will also have no security, because "Input chain" and "Forward chain" traffic termination Drop=All are not specified. As an example - if we scan your IP address from the outside, the scanner will show that you have a lot of ports open, which is basically completely wrong. Fix the firewall according to the example I copied for you earlier.
We do not specify vpn ports in the NAT section. Normal vpn will not work for you. See my example. They must be in the ""Input'' chain. In the Forward section we indicate everything needed for "Barracuda" with all ports, etc.
I already copied ready-made firewall rules for you and you have to correct your IP addresses in the address-list.
Example:
/ip firewall address-list
add address=10.10.1.10-10.10.1.199 comment="Local LAN" list=Local-LAN
add address=10.10.1.200 comment="AD server"
add address=10.10.1.201 comment="AD server2"
add address=10.10.1.202 comment="BarracudaIP-SMTP"
add address=10.10.2.0/24 comment="WIFI subnet" list=WIFI-LAN
I see that you have not fixed the firewall filter. Your existing configuration does not ensure the correct traffic flow. Your firewall rules are crap and not secure at all.
You will also have no security, because "Input chain" and "Forward chain" traffic termination Drop=All are not specified. As an example - if we scan your IP address from the outside, the scanner will show that you have a lot of ports open, which is basically completely wrong. Fix the firewall according to the example I copied for you earlier.
We do not specify vpn ports in the NAT section. Normal vpn will not work for you. See my example. They must be in the ""Input'' chain. In the Forward section we indicate everything needed for "Barracuda" with all ports, etc.
I already copied ready-made firewall rules for you and you have to correct your IP addresses in the address-list.
Example:
/ip firewall address-list
add address=10.10.1.10-10.10.1.199 comment="Local LAN" list=Local-LAN
add address=10.10.1.200 comment="AD server"
add address=10.10.1.201 comment="AD server2"
add address=10.10.1.202 comment="BarracudaIP-SMTP"
add address=10.10.2.0/24 comment="WIFI subnet" list=WIFI-LAN
Statistics: Posted by johnson73 — Sun Mar 17, 2024 11:49 am