Community discussions

MikroTik App
  4. RouterOS
  5. Beginner Basics

Block port 25 with hotspot

Locked
 
peterke
just joined
Topic Author
Posts: 7
Joined: Sat Aug 25, 2012 5:58 pm

Block port 25 with hotspot

Sat Aug 25, 2012 7:29 pm

Hello,

I've bought recentst a assembled RB493G with RouterOs 5.18 preinstalled. It took some time to configure it, but I've succeeded

Now I want to block port 25 for the hotspot users. I've tried several rules but they are all ignored.

Anyone an idea how to get this working.
Top
 
peterke
just joined
Topic Author
Posts: 7
Joined: Sat Aug 25, 2012 5:58 pm

Re: Block port 25 with hotspot

Mon Aug 27, 2012 11:02 pm

Just found out that the hotspot creates two dynamic nat rules with dst port 25 and jump to chain hs-smtp. These seem to overrule a forward filter i'm using.

If I remove the dynamic rules, it's working. But afther a reboot the rules are back in place.

Any one a solution for this?
Top
 
Feklar
Forum Guru
Forum Guru
Posts: 1724
Joined: Tue Dec 01, 2009 11:46 pm

Re: Block port 25 with hotspot

Mon Aug 27, 2012 11:57 pm

The most basic rule is this. If you want to only block it for a specific interface, you can always specify the appropriate in-interface.
Code: Select all
/ip firewall filter
add chain=forward action=drop dst-port=25 protocol=tcp
Top
 
peterke
just joined
Topic Author
Posts: 7
Joined: Sat Aug 25, 2012 5:58 pm

Re: Block port 25 with hotspot

Tue Aug 28, 2012 4:29 pm

The most basic rule is this. If you want to only block it for a specific interface, you can always specify the appropriate in-interface.
Code: Select all
/ip firewall filter
add chain=forward action=drop dst-port=25 protocol=tcp
I'm trying to blok this port only from my hotspot, when using your rule it's blocking this port also from my normal lan network.
Code: Select all
/ip firewall filter
chain=forward action=drop protocol=tcp src-address=10.5.50.0/24 dst-port=25
Tried to use the above rule, but doesn't work. Only manual removing the two dynamics rules from the hostspot with port 25 will make this work, but these dynamic rules will be active afther a reboot or even sooner.
Top
 
Feklar
Forum Guru
Forum Guru
Posts: 1724
Joined: Tue Dec 01, 2009 11:46 pm

Re: Block port 25 with hotspot

Tue Aug 28, 2012 5:22 pm

What dynamic rules are you referring too specifically? The only ones that are generated for SMTP are in NAT, not in the filter section. If you could provide a more complete diagram of your network we would be able to help a lot more.

You can also narrow down the rule by specifying the in-interface to the interface of your hotspot.
Top
 
peterke
just joined
Topic Author
Posts: 7
Joined: Sat Aug 25, 2012 5:58 pm

Re: Block port 25 with hotspot

Tue Aug 28, 2012 6:12 pm

What dynamic rules are you referring too specifically? The only ones that are generated for SMTP are in NAT, not in the filter section. If you could provide a more complete diagram of your network we would be able to help a lot more.

You can also narrow down the rule by specifying the in-interface to the interface of your hotspot.
Your last tip has done the job!!!!!!!.
Code: Select all
/ip firewal filter
add chain=forward action=drop protocol=tcp in-interface=wlan2 dst-port=25 comment="Block port 25 for hotspot users"
The configuration is very straight forward. Created the config with the Quick setup (ap) and created some rules to protect my local network from the internet. Added a VirtualAp (wlan2) on which I've created a hotspot (with the setup wizard)
Added rules (filter and NAT) to protect my local network from hotspot users.

And with your help added a filter to block port 25 for hotspot users.

Thanks!!!!!
Top
Locked

Who is online

Users browsing this forum: erlinden, Majestic-12 [Bot], michalczysz, sk0003 and 20 guests
  4. RouterOS
  5. Beginner Basics