Hello,
Initially I created the rule pictured as chain=virus. As far as I can tell all the other chain=virus rules are working correctly with the action=jump chain=virus rule. When we discovered the rule was not stopping incoming tcp port 63000 traffic I changed it from chain to forward and made it rule #0 so it is the first rule processed. The ethr1 port I am torching in the screen cap is WAN port, connected to the Internet via a public IP address. We see lots of traffic to destination port 63000 and on the LAN side of the router we are seeing the traffic to port 63000 is being forwarded.
The screen cap shows data coming into the router from the Internet going to port 63000 and the firewall rule shows no packets / bytes have triggered the rule. This had been running for several minutes before I took the screen cap, there had been many many port 63000 packets showing up on Torch.
So what am I doing wrong here ?
Thanks
-
-
spammyduck
newbie
- Posts: 42
- Joined:
Firewall rule not stopping tcp port 63000
You do not have the required permissions to view the files attached to this post.
Re: Firewall rule not stopping tcp port 63000
Hi,
Picture shows packets with destination x.x.181.1 if this is your router's public IP, you should change chain from forward to input
Picture shows packets with destination x.x.181.1 if this is your router's public IP, you should change chain from forward to input
-
-
spammyduck
newbie
- Posts: 42
- Joined:
Re: Firewall rule not stopping tcp port 63000
No the 181.1 address, while a public IP, is on the local side of our router out of Port 3.
Port 1 is our Internet connection it is a /29
Port 2 is a 180.0/24
Port 3 is a 181.0/24
Port 5 is a Mikrotik PPPoE server with IP's 182.0 to 183.255
Port 7 is a local 10.10 management network.
With that rule as it is in the screen cap we are seeing tcp Port 63000 coming in Ethr1 and going out to addresses behind port 2, port 3 and port 5 .
Thanks
Port 1 is our Internet connection it is a /29
Port 2 is a 180.0/24
Port 3 is a 181.0/24
Port 5 is a Mikrotik PPPoE server with IP's 182.0 to 183.255
Port 7 is a local 10.10 management network.
With that rule as it is in the screen cap we are seeing tcp Port 63000 coming in Ethr1 and going out to addresses behind port 2, port 3 and port 5 .
Thanks
Re: Firewall rule not stopping tcp port 63000
Just a silly observation - you're assuming TCP, but the torch does not show any protocol - you don't have the protocol checkbox activated above......
So unless this screenshot had it turned off and you saw TCP in some other session, the problem could be that the traffic is UDP and not TCP. . . .
dobule check that.
So unless this screenshot had it turned off and you saw TCP in some other session, the problem could be that the traffic is UDP and not TCP. . . .
dobule check that.
Re: Firewall rule not stopping tcp port 63000
I am having the same problem, are not all in Port stop in mikrotik
Because of I tried to block more programs have a (free call) but I can't Through port of program
Because of I tried to block more programs have a (free call) but I can't Through port of program
-
-
DigitalBlueBiz
Trainer
- Posts: 33
- Joined:
- Location: Brno, Czech Republic, Europe
- Contact:
Re: Firewall rule not stopping tcp port 63000
Hi,
can you post the output of
command?
Seems to me the an issue with firewall rule definition but I cannot judge it from the information you provided.
can you post the output of
Code: Select all
/ip firewall export hide-sensitiveSeems to me the an issue with firewall rule definition but I cannot judge it from the information you provided.