Apparently the specific UPnP rule for dstnat as shown above is not required.
#Whs asset upnp not working plus#
I will now have to formulate a different rule for my workstations to access Winbox and SSH plus I will need to understand the implications which are not clear to me at this time.
So I added the NAS to the allowed_to_router list and sure enough UPnP stated to work for that device. Perhaps I should use another rule for Winbox Access for my workstations - do you have a - Thank You. I have a rule that I believed would allow the 3 devices to access UPnP as followsīut that rule does not seem to have any effect. ip firewall nat add action=masquerade chain=srcnat out-interface=ether1Ĭan anyone give me some idea as to why UPnP is not working for me?Īre addresses of those devices in "allowed_to_router" list? If not, their attempts to contact UPnP service get dropped.Īllowed_to_router list is for rule that allows my workstations I use from different locations so that I can access Winbox to mange the Router. ip firewall filter add action=drop chain=forward comment="FORWARD Drop all" ip firewall filter add action=accept chain=forward comment="FORWARD Allow UPnP devices" connection-nat-state=dstnat in-interface=ether1 log-prefix=UPnP src-address-list=UPnPdevices ip firewall filter add action=accept chain=forward comment="FORWARD ALLOW Linux station access to printers" dst-address-list=Printers src-address=192.168.40.50 ip firewall filter add action=accept chain=forward comment="FORWARD Allow Access for AP's" src-address-list=access_points ip firewall filter add action=accept chain=forward comment="FORWARD VLANs to WAN" in-interface-list=VLANs out-interface=ether1 ip firewall filter add action=drop chain=forward comment="FORWARD Drop incoming packets that are not NATted" connection-nat-state=!dstnat connection-state=new in-interface=ether1 log=yes log-prefix=!NAT ip firewall filter add action=drop chain=forward comment="FORWARD Drop incoming from internet which is not public IP" in-interface=ether1 log=yes log-prefix=!public src-address-list=not_in_internet ip firewall filter add action=drop chain=forward comment="FORWARD Drop invalid" connection-state=invalid log-prefix=invalid ip firewall filter add action=accept chain=forward comment="FORWARD Accept Established, Related" connection-state=established,related ip firewall filter add action=fasttrack-connection chain=forward comment="FORWARD Accept FastTrack Established, Related" connection-state=established,related ip firewall filter add action=accept chain=forward comment="FORWARD Accept out IPsec policy" ipsec-policy=out,ipsec ip firewall filter add action=accept chain=forward comment="FORWARD Accept in IPsec policy" ipsec-policy=in,ipsec ip firewall filter add action=drop chain=input comment="INPUT DROP ALL" ip firewall filter add action=accept chain=input comment="INPUT ICMP" protocol=icmp ip firewall filter add action=accept chain=input comment="INPUT Allow to Router from address list" src-address-list=allowed_to_router ip firewall filter add action=accept chain=input in-interface=ether1 protocol=ipsec-ah ip firewall filter add action=accept chain=input in-interface=ether1 protocol=ipsec-esp ip firewall filter add action=accept chain=input dst-port=4500 in-interface=ether1 log=yes log-prefix=who_is_this protocol=udp ip firewall filter add action=accept chain=input dst-port=500 in-interface=ether1 protocol=udp ip firewall filter add action=drop chain=input comment="INPUT DROP Rogue VPN Hosts" in-interface=ether1 log=yes log-prefix=rogue_vpn_hosts src-address-list=rogue_vpn_hosts ip firewall filter add action=add-src-to-address-list address-list="Port Scanners" address-list-timeout=2d chain=input comment="INPUT Telnet Port Scans" dst-port=23 in-interface=ether1 protocol=tcp ip firewall filter add action=drop chain=input comment="INPUT Drop Invalid" connection-state=invalid log-prefix="invalid connection" Code: Select all /ip firewall filter add action=accept chain=input comment="INPUT Established, Related" connection-state=established,related,untracked
0 kommentar(er)
