-
-
denzkie1191
just joined
- Posts: 7
- Joined:
Port forwarding
Good Day! I'm Just a newbie in mikrotik, i bought a hap ax2 few weeks ago and i used it to test my local web sever, i already configured the ports to be open in mikrotik which is 3306 under the server ip of 192.168.0.100, however if i'm going to connect the mikrotik on my firewall appliances which is the sangfor ngaf, the ports are closed, i already called the sangfor support and he initially tried to configured the port forwarding but the result is not good and the port is still closed, he said that it might be the configuration from the mikrotik caused the problem, and that is why i'm here and i don't know what configuration do i need to do in sangfor so that the port 3306 coming from the mikrotik LAN dhcp where my server ip belongs will be open, pls refer to the existing topology below. thank you in advance..
You do not have the required permissions to view the files attached to this post.
Re: Port forwarding
/export file=anynameyouwish ( minus router serial number, any public WANIP information, keys etc.)
Re: Local Server Firewall
<moderator-hat>
@denzkie1191, please don't post essentially the same thing in multiple forums. I merged my reply to the other thread into this one, below, then deleted the other one. I chose this one only because it has other replies.
</moderator-hat>
Excepting the dstnat port forward rule, the default ones, and none else, in all likelihood.
You write that as if the second statement necessarily and inevitably follows from the first, but that is almost certainly not the case.
If the .100 machine is hosting both a "web application" and a MySQL server listening on port 3306, there is nothing outside that host that needs to access the database, in which case the best practice is to tell MySQL to bind to localhost only and then connect to it from the web app via IP 127.0.0.1.
None of this is MikroTik-specific, and until you demonstrate that a remote host machine needs direct access to the database server, you're way off topic here. Follow the standard database security advice.
Even better, if your application will always be able to run on a single host, switch from client-server DBMSes to SQLite or similar so that you don't need open ports even on localhost.
The first step is discarding the idea that all problems of remote access are to be solved by opening ports. This is frighteningly wrong-headed.
@denzkie1191, please don't post essentially the same thing in multiple forums. I merged my reply to the other thread into this one, below, then deleted the other one. I chose this one only because it has other replies.
</moderator-hat>
I just want to ask what what firewall rules should i implemented in my current setup
Excepting the dstnat port forward rule, the default ones, and none else, in all likelihood.
i want to locally host my web application which is requiring to open the port 3306
You write that as if the second statement necessarily and inevitably follows from the first, but that is almost certainly not the case.
If the .100 machine is hosting both a "web application" and a MySQL server listening on port 3306, there is nothing outside that host that needs to access the database, in which case the best practice is to tell MySQL to bind to localhost only and then connect to it from the web app via IP 127.0.0.1.
None of this is MikroTik-specific, and until you demonstrate that a remote host machine needs direct access to the database server, you're way off topic here. Follow the standard database security advice.
Even better, if your application will always be able to run on a single host, switch from client-server DBMSes to SQLite or similar so that you don't need open ports even on localhost.
how can i protect my network from outside attacks or intrussion
The first step is discarding the idea that all problems of remote access are to be solved by opening ports. This is frighteningly wrong-headed.
Re: Port forwarding [SOLVED]
He's asking you to post a copy of your router's configuration file.can you pls elaborate sir?
Do an internet search for “mikrotik export configuration”. An example:
https://academy.socialwifi.com/hardware ... tik-device
The config file is just text so you can edit it to remove anything you don’t want made public, then copy and paste the text here.
Re: Port forwarding
To think most people here questioned my need for a sandbox training forum for new posters............... most people are morons.
Glad to help once you post your config.
In general for a complex setup and question, a network diagram is a good idea - but not usually for simple port forward.
Also often worthwhile is a discussion of the WAN situation
how many
are they public/private
are they static/dynamic
Then lastly the requirements - your attempt to communicate what is needed without discussing the configuration at all, and would consist of:"
a. identifying all user(s)/device(s) including internal and external users and dont forget the admin
b. all traffic flows they need to execute.
Glad to help once you post your config.
In general for a complex setup and question, a network diagram is a good idea - but not usually for simple port forward.
Also often worthwhile is a discussion of the WAN situation
how many
are they public/private
are they static/dynamic
Then lastly the requirements - your attempt to communicate what is needed without discussing the configuration at all, and would consist of:"
a. identifying all user(s)/device(s) including internal and external users and dont forget the admin
b. all traffic flows they need to execute.
-
-
denzkie1191
just joined
- Posts: 7
- Joined:
Re: Port forwarding
ok sir i get it..He's asking you to post a copy of your router's configuration file.can you pls elaborate sir?
Do an internet search for “mikrotik export configuration”. An example:
https://academy.socialwifi.com/hardware ... tik-device
The config file is just text so you can edit it to remove anything you don’t want made public, then copy and paste the text here.
-
-
denzkie1191
just joined
- Posts: 7
- Joined:
Re: Local Server Firewall
<moderator-hat>
@denzkie1191, please don't post essentially the same thing in multiple forums. I merged my reply to the other thread into this one, below, then deleted the other one. I chose this one only because it has other replies.
</moderator-hat>
I just want to ask what what firewall rules should i implemented in my current setup
Excepting the dstnat port forward rule, the default ones, and none else, in all likelihood.
i want to locally host my web application which is requiring to open the port 3306
You write that as if the second statement necessarily and inevitably follows from the first, but that is almost certainly not the case.
If the .100 machine is hosting both a "web application" and a MySQL server listening on port 3306, there is nothing outside that host that needs to access the database, in which case the best practice is to tell MySQL to bind to localhost only and then connect to it from the web app via IP 127.0.0.1.
None of this is MikroTik-specific, and until you demonstrate that a remote host machine needs direct access to the database server, you're way off topic here. Follow the standard database security advice.
Even better, if your application will always be able to run on a single host, switch from client-server DBMSes to SQLite or similar so that you don't need open ports even on localhost.
how can i protect my network from outside attacks or intrussion
The first step is discarding the idea that all problems of remote access are to be solved by opening ports. This is frighteningly wrong-headed.
Thank you for your advices sir, i'll keep that in mind, god bless!
Who is online
Users browsing this forum: No registered users and 17 guests