Community discussions

MikroTik App
  4. RouterOS
  5. General

problem in firewall rules

Post Reply
 
moradivahid
just joined
Topic Author
Posts: 5
Joined: Mon Jan 05, 2015 5:20 pm

problem in firewall rules

Wed Jan 06, 2016 8:46 am

hi guys
i have problem in mikrotik firewall
are my rules correct ?

/ip firewall filter
aadd chain=forward comment=Web Accept disabled=no dst-port=443,80 protocol=tcp
add chain=forward comment="DNS Accept" disabled=no dst-port=53 protocol=udp
add chain=forward comment="ICMP Accept" disabled=no protocol=icmp
add action=drop chain=forward comment="Drop All" disabled=no


i did that but it doesn't work and i cant access to web
Top
 
User avatar
simenskaa
just joined
Posts: 11
Joined: Thu Nov 12, 2015 1:54 pm

Re: problem in firewall rules

Wed Jan 06, 2016 10:02 am

You have to masquerade your network.
Code: Select all
ip firewall nat add chain=srcnat action=masquerade
Top
 
User avatar
macgaiver
Forum Guru
Forum Guru
Posts: 1770
Joined: Wed May 18, 2005 5:57 pm
Location: Sol III, Sol system, Sector 001, Alpha Quadrant

Re: problem in firewall rules

Wed Jan 06, 2016 10:04 am

You have to masquerade your network.
Code: Select all
ip firewall nat add chain=srcnat action=masquerade
WRONG!! never, NEVER forget out-interface on NAT rule, it is such an annoying mistake.
Code: Select all
ip firewall nat add chain=srcnat action=masquerade out-interface=<public_interface>
Top
 
User avatar
simenskaa
just joined
Posts: 11
Joined: Thu Nov 12, 2015 1:54 pm

Re: problem in firewall rules

Wed Jan 06, 2016 10:32 am

You have to masquerade your network.
Code: Select all
ip firewall nat add chain=srcnat action=masquerade
WRONG!! never, NEVER forget out-interface on NAT rule, it is such an annoying mistake.
Code: Select all
ip firewall nat add chain=srcnat action=masquerade out-interface=<public_interface>
Ah, sorry. I see now that i forgot it. Thanks for correcting.
Top
 
moradivahid
just joined
Topic Author
Posts: 5
Joined: Mon Jan 05, 2015 5:20 pm

Re: problem in firewall rules

Wed Jan 06, 2016 10:37 am

I did
but it doesn't work
Top
 
User avatar
macgaiver
Forum Guru
Forum Guru
Posts: 1770
Joined: Wed May 18, 2005 5:57 pm
Location: Sol III, Sol system, Sector 001, Alpha Quadrant

Re: problem in firewall rules

Wed Jan 06, 2016 10:39 am

new terminal

/export

replace last 2 numbers in IPs with xxx.xxx, blank out all passwords, and paste it all here.
Top
 
moradivahid
just joined
Topic Author
Posts: 5
Joined: Mon Jan 05, 2015 5:20 pm

Re: problem in firewall rules

Wed Jan 06, 2016 11:29 am

Thanks
I just have problem about these rules
Did you test that rules in mikrotik new version ?
whan i test in version 5.26 its ok but in 6.33 no
Top
 
User avatar
bholler
Trainer
Trainer
Posts: 95
Joined: Wed Feb 09, 2005 10:22 pm
Location: Nigeria
Contact:
Contact bholler

Re: problem in firewall rules

Wed Jan 06, 2016 12:28 pm

/ip firewall filter
add action=drop chain=Connection-State comment="Drop Invalid Connection" connection-state=invalid
add chain=Connection-State comment="Allow Established Connection" connection-state=established
add chain=Connection-State comment="Allow Related Connection" connection-state=related

Ensure they are above all the rules you have created.

Regards
Top
 
User avatar
macgaiver
Forum Guru
Forum Guru
Posts: 1770
Joined: Wed May 18, 2005 5:57 pm
Location: Sol III, Sol system, Sector 001, Alpha Quadrant

Re: problem in firewall rules

Wed Jan 06, 2016 12:49 pm

Thanks
I just have problem about these rules
Did you test that rules in mikrotik new version ?
whan i test in version 5.26 its ok but in 6.33 no

easiest way is to reset the router and get the newest version of default configuration.
/system reset-configuration
you will even have Fasttrack enabled by default.
Top
Post Reply
  4. RouterOS
  5. General