Page 1 of 1
Ip Firewall
Posted: Mon Jan 07, 2008 8:33 pm
by alternativi
hello, i have made a web server and in Nat Firewall i have redirect ip client to this ip web server, but what is the different of the Protocol..for example what happen when i chose
1(icmp),2 igmp,6(tcp),17 udp etc..etc, dont forget something, im wanna redirect this client, and stop the internet working, No MSN , No Web Browser, Notething..
Thank YOU
Re: Ip Firewall
Posted: Mon Jan 07, 2008 10:39 pm
by SurferTim
Greetings from Miramar Beach, Florida!
Port 80 tcp is the port/protocol to stop/redirect for internet access. And port 25 tcp if you want to stop outbound email (spammers).
Re: Ip Firewall
Posted: Wed Jan 09, 2008 7:30 pm
by alternativi
ok man i understand you, but i mean in ip firewall i have selected Protocol 6 (tcp), and in Action the port is 0-65535
so what is different of tcp, icmp, udp..
Re: Ip Firewall
Posted: Thu Jan 10, 2008 2:20 am
by butche
hello, i have made a web server and in Nat Firewall i have redirect ip client to this ip web server, but what is the different of the Protocol..for example what happen when i chose
1(icmp),2 igmp,6(tcp),17 udp etc..etc, dont forget something, im wanna redirect this client, and stop the internet working, No MSN , No Web Browser, Notething..
I don't understand what you are wanting to do. If you want to redirect a customer's web requests to another host, you can do (for example):
/ip firewall nat
add chain=dstnat src-address=x.x.x.x protocol=tcp dst-port=80 action=dst-nat to-addresses=y.y.y.y to-ports=80
In this example, any web requests from x.x.x.x will be sent to y.y.y.y.
If you are looking for a tutorial on how to do firewall, then I'd recommend attending a training class that covers firewalling (such as mine for example). Perhaps you can look at something like
http://www.learntcpip.com/ for further understanding of what tcp vs udp vs icmp and so forth are all about. Perhaps I'm just not understanding your question.
Re: Ip Firewall
Posted: Thu Jan 10, 2008 4:55 pm
by alternativi
it helped to me.. thank you verymuch
Re: Ip Firewall
Posted: Mon Jan 14, 2008 8:56 am
by yudigadget
/ip firewall nat
add chain=dstnat src-address=x.x.x.x protocol=tcp dst-port=80 action=dst-nat to-addresses=y.y.y.y to-ports=80
I test your advice, but why doesn't work:
[admin@MikroTik] > ip firewall nat print
Flags: X - disabled, I - invalid, D - dynamic
0 chain=dstnat src-address=172.16.100.199 protocol=tcp dst-port=80 action=dst-nat
to-addresses=172.16.100.202 to-ports=80
I can open the website from the PC with IP address 172.16.100.199, but when i open google, it just got "The connection has timed out", so not redirect to 172.16.100.202
Re: Ip Firewall
Posted: Mon Jan 14, 2008 9:50 am
by butche
/ip firewall nat
add chain=dstnat src-address=x.x.x.x protocol=tcp dst-port=80 action=dst-nat to-addresses=y.y.y.y to-ports=80
I test your advice, but why doesn't work:
[admin@MikroTik] > ip firewall nat print
Flags: X - disabled, I - invalid, D - dynamic
0 chain=dstnat src-address=172.16.100.199 protocol=tcp dst-port=80 action=dst-nat
to-addresses=172.16.100.202 to-ports=80
I can open the website from the PC with IP address 172.16.100.199, but when i open google, it just got "The connection has timed out", so not redirect to 172.16.100.202
Ok, this is a different reason and setup. Mikrotik (and any linux router for that matter) cannot do a dst-nat where a packet enters and leaves on the same interface. You will need to set up a web server that exists on another interface on the router.
Re: Ip Firewall
Posted: Mon Jan 14, 2008 3:00 pm
by yancho
Someting like
add chain=srcnat action=src-nat src-address=172.16.100.0/24 dst-address=172.16.100.202 protocol=tcp to-addresses=gateway.ip to-ports=0-65535
should help.
Re: Ip Firewall
Posted: Mon Jan 14, 2008 6:13 pm
by alternativi
my friend i have set up a Web server Linux..and i have a real Ip addres and i have redirect to me it works well...