Community discussions

MikroTik App
  4. RouterOS
  5. General

Firewall build on ports to give a specific service

Post Reply
 
User avatar
ramona
just joined
Topic Author
Posts: 23
Joined: Fri Nov 04, 2005 2:13 pm
Location: Africa , pointe noir

Firewall build on ports to give a specific service

Thu Apr 20, 2006 10:51 am

hi
i have a problem and i need help guys to solve it
i have already a pppoe server running and all good except i want my users
to take only this ports : 80 , 1863 , 6667-7000
i tried to configure it in firewall but i dont success :(
if any one can help plz and thanks
Top
 
Gotmoh
newbie
Posts: 38
Joined: Fri Jul 15, 2005 8:56 am

Thu Apr 20, 2006 11:58 am

hi there.

Im not sure. Youre wanna permitt only for those ports and drop everything other? Whase problem? I have similary configuration at my company. Users can only using on selected ports and all other are dropped. I using rules in firewall forward. Have few rules. Just all packets from specific valid ip (takes from ip address lists) accept to destination on selected protocol to destination port. Im leasy and returns packet are permitted on all ports to valid ip. Sorry for bad language but english isnt my native.

D.
Top
 
User avatar
ramona
just joined
Topic Author
Posts: 23
Joined: Fri Nov 04, 2005 2:13 pm
Location: Africa , pointe noir

Thu Apr 20, 2006 12:47 pm

Gotmoh can u provide with your configuration and a backup plz for it
plz send it to my mail lookinsideme@gmail.com and i will be appreciate .
:)
Top
 
savage
Forum Guru
Forum Guru
Posts: 1269
Joined: Mon Oct 18, 2004 12:07 am
Location: Cape Town, South Africa
Contact:
Contact savage

Thu Apr 20, 2006 2:09 pm

It's really simple... Don't see what you could be battling with.
Code: Select all
/ip firewall filter chain=forward src-address=x.x.x.x/x dst-port=80 action=accept
A basic rule like that to allow all your clients to each outbound port you want to allow, then
Code: Select all
/ip firewall filter chain=forward action=reject
To reject any data being forwarded that is not explicitly allowed by your forwarding rules...

Nothing hard about it

--
C
Top
 
Gotmoh
newbie
Posts: 38
Joined: Fri Jul 15, 2005 8:56 am

Thu Apr 20, 2006 3:17 pm

Email sent to you Ramona.
Top
 
User avatar
normis
MikroTik Support
MikroTik Support
Posts: 26982
Joined: Fri May 28, 2004 11:04 am
Location: Riga, Latvia
Contact:
Contact normis

Thu Apr 20, 2006 3:18 pm

better `drop` not `reject`.
Top
 
User avatar
ramona
just joined
Topic Author
Posts: 23
Joined: Fri Nov 04, 2005 2:13 pm
Location: Africa , pointe noir

Thu Apr 20, 2006 7:49 pm

thanks for help guys :lol: :P :D
Top
 
savage
Forum Guru
Forum Guru
Posts: 1269
Joined: Mon Oct 18, 2004 12:07 am
Location: Cape Town, South Africa
Contact:
Contact savage

Thu Apr 20, 2006 8:18 pm

better `drop` not `reject`.
That's really a matter of personal opinion. Drop will cause delays on clients as clients will wait for a timeout. Reject will inform the client the connection is rejected, and a immediate error is given - in exchange for a ICMP message -g-

Router wise yes, Drop is less work and quicker, but to be user friendly, a reject is much more informative.
Top
Post Reply
  4. RouterOS
  5. General