MikroTik

Community discussions
https://forum.mikrotik.com/

why is that ? about firewall

https://forum.mikrotik.com/viewtopic.php?t=13173

Page 1 of 1

why is that ? about firewall

Posted: Wed Jan 10, 2007 3:29 pm
by sioux
hi all
suppose that i have clear router configuration and pinging for example google.com from host which is behind router I get this:
Code: Select all
Badanie google.com [72.14.207.99] z użyciem 32 bajtów danych:

Odpowiedź z 72.14.207.99: bajtów=32 czas=161ms TTL=242
Odpowiedź z 72.14.207.99: bajtów=32 czas=142ms TTL=242
and when I add this rule to firewall configuration
Code: Select all
ip firewall filter add chan=forward dst-port=80 action=drop
I don't recives echo-replays!?

why? what dst-port=80 has to icmp protocol??

when I add protocol=tcp to rule above everything is ok.

Posted: Wed Jan 10, 2007 3:32 pm
by normis
you HAVE TO add protocol, or the port setting won't take effect, and will block google altogether :)

Posted: Wed Jan 10, 2007 3:53 pm
by sioux
you HAVE TO add protocol, or the port setting won't take effect, and will block google altogether :)
so you are saying that my rule

add chain=forward dst-port=80 adtion=drop

is actually

add chan=forward action=drop

?? :shock:

Posted: Wed Jan 10, 2007 4:05 pm
by sergejs
Anytime when you specify port destination/source protocol is required, otherwise rule does not work correctly.

google problem

Posted: Sat Jan 13, 2007 1:08 am
by alone
you need to add the protocol tcp or whatever you need

add chain forward protocol (TCP ) dst port (80) action=accept
All times are UTC+02:00
Page 1 of 1
Powered by phpBB® Forum Software © phpBB Limited
https://www.phpbb.com/