I have mikrotik 2.9.4
and I have problem with messenger and email dont connect
help me...
What efren wanted to say
What Efren wanted to say (He's english is a little worst than mine --- LOL)
We have a 2.9.4 MT box, our setup is very simple, one Public interface, one local interface, a simple ip pool, a dhcp server, and a hotspot with nat.
The issue is:
Hotspot users log in as usual, browse the internet without a problem except when they reach a https site like email services from hotmail.com or yahoo.com, also MSN messenger does not connect, also pop3 and smtp does not work, seems like being firewalled.
In firewall there is NO defined rules except from the Dynamic ones made by the hotspot itself.
Web-proxy is not enabled in the box.
Any ideas? What are we doing wrong?
Best
Jorge Boardman
We have a 2.9.4 MT box, our setup is very simple, one Public interface, one local interface, a simple ip pool, a dhcp server, and a hotspot with nat.
The issue is:
Hotspot users log in as usual, browse the internet without a problem except when they reach a https site like email services from hotmail.com or yahoo.com, also MSN messenger does not connect, also pop3 and smtp does not work, seems like being firewalled.
In firewall there is NO defined rules except from the Dynamic ones made by the hotspot itself.
Web-proxy is not enabled in the box.
Any ideas? What are we doing wrong?
Best
Jorge Boardman
no rules on firewall
MTU = 1500
http://forum.mikrotik.com/viewtopic.php ... ight=#9690
I had this with msn, dont know about other things.
I had this with msn, dont know about other things.
Solution for this.
The final end for this disscusion was: The hotspot did not correctlly (or not at all, i dont remember) created the masquerade srcnat rule in the firewall, that was the problem.
Thks for all the help.
Thks for all the help.
Hi guys, I´m newbie on this matter.
I´ve tryied to put a mangle, and I´ve received a following error message:
/ip firewall mangle
/.. add chain=prerouting protocol=tcp tcp_flags=syn action=change_mss NEW TCP MSS= 1360
and received an error like this:
tcp mss clamping is not possibly on prerouting and input chains
what I´m doing wrong?
could you help me pls?
I´ve tryied to put a mangle, and I´ve received a following error message:
/ip firewall mangle
/.. add chain=prerouting protocol=tcp tcp_flags=syn action=change_mss NEW TCP MSS= 1360
and received an error like this:
tcp mss clamping is not possibly on prerouting and input chains
what I´m doing wrong?
could you help me pls?
-
-
wildbill442
Forum Guru
- Posts: 1055
- Joined:
- Location: Sacramento, CA
Make sure you define the FORWARD chain for this rule. It won't work in the pre-routing chain on 2.9.xHi guys, I´m newbie on this matter.
I´ve tryied to put a mangle, and I´ve received a following error message:
/ip firewall mangle
/.. add chain=prerouting protocol=tcp tcp_flags=syn action=change_mss NEW TCP MSS= 1360
and received an error like this:
tcp mss clamping is not possibly on prerouting and input chains
what I´m doing wrong?
could you help me pls?
Try this:
Code: Select all
/ ip firewall mangle
add chain=forward protocol=tcp tcp-flags=syn action=change-mss new-mss=1360 comment="" disabled=nowillbill, we are better, thanks for the comment, by now the error message is diferent, the contact list is not available.
I belive that the problem is in oder part of my config.
[fvazquez@MikroTik] ip firewall filter> pr
Flags: X - disabled, I - invalid, D - dynamic
0 ;;; Dropear Conexiones Inv lidas
chain=input connection-state=invalid action=drop
1 ;;; Permitir Conexiones Establecidas
chain=input connection-state=established action=accept
2 ;;; Permitir UDP
chain=input protocol=udp action=accept
3 ;;; Permitir ICMP
chain=input protocol=icmp action=accept
4 ;;; Direcciones de Acceso Remoto
chain=input src-address=192.168.0.0/24 action=accept
5 chain=input src-address=192.168.1.0/24 action=accept
6 chain=input src-address=10.1.0.0/24 action=accept
7 chain=input src-address=201.216.201.177 action=accept
8 ;;; Negar todo otro acceso al Equipo
chain=input action=drop
9 ;;; Drop Invalid Conections
10 ;;; Allow Already Established Connections
chain=forward connection-state=established action=accept
11 ;;; Permitir FTP
chain=forward protocol=tcp src-port=20-21 action=accept
12 chain=forward protocol=tcp dst-port=20-21 action=accept
13 ;;; Allow Related Connections
chain=forward connection-state=related action=accept
14 ;;; Block IP Address called "BOGONS"
chain=forward src-address=0.0.0.0/8 action=drop
15 chain=forward dst-address=0.0.0.0/8 action=drop
16 chain=forward src-address=127.0.0.0/8 action=drop
17 chain=forward dst-address=127.0.0.0/8 action=drop
18 chain=forward src-address=224.0.0.0/3 action=drop
19 chain=forward dst-address=224.0.0.0/3 action=drop
20 ;;; Make Jumps to new chains
chain=forward protocol=tcp action=jump jump-target=tcp
21 chain=forward protocol=udp action=jump jump-target=udp
22 chain=forward protocol=icmp action=jump jump-target=icmp
23 ;;; Deny TFTP
chain=udp protocol=udp dst-port=69 action=drop
24 ;;; Deny RPC Portmapper
chain=tcp protocol=tcp dst-port=111 action=drop
25 chain=tcp protocol=tcp dst-port=135 action=drop
26 ;;; Deny NBT
chain=tcp protocol=tcp dst-port=137-139 action=drop
27 ;;; Deny CIFS
chain=tcp protocol=tcp dst-port=445 action=drop
28 ;;; Deny NFS
chain=tcp protocol=tcp dst-port=2049 action=drop
29 ;;; Deny Netbus
chain=tcp protocol=tcp dst-port=12345-12346 action=drop
30 chain=tcp protocol=tcp dst-port=20034 action=drop
31 ;;; Deny Back Orffice
chain=tcp protocol=tcp dst-port=3133 action=drop
32 ;;; Deny DHCP
chain=tcp protocol=tcp dst-port=67-68 action=drop
33 ;;; Deny RPC Portmapper
chain=udp protocol=udp dst-port=111 action=drop
34 chain=udp protocol=udp dst-port=135 action=drop
35 ;;; Deny NBT
chain=udp protocol=udp dst-port=137-139 action=drop
36 ;;; Deny NFS
chain=udp protocol=udp dst-port=2049 action=drop
37 ;;; Deny Back Orffice
chain=udp protocol=udp dst-port=3133 action=drop
38 ;;; Drop Invalid Connections
chain=icmp protocol=icmp icmp-options=0:0 action=drop
39 ;;; Allow Established Connections
chain=icmp protocol=icmp icmp-options=3:0 action=accept
40 ;;; Allow echo Request
chain=icmp protocol=icmp icmp-options=8:0 action=accept
41 ;;; Allow Time Exceed
chain=icmp protocol=icmp icmp-options=11:0 action=accept
42 ;;; Allow parameter bad
chain=icmp protocol=icmp icmp-options=12:0 action=accept
43 ;;; Allow Source Quench
chain=icmp protocol=icmp icmp-options=4:0 action=accept
44 ;;; Deny all other types
chain=icmp action=drop
=============================================
Nat Rules:
[fvazquez@MikroTik] ip firewall nat> pri
Flags: X - disabled, I - invalid, D - dynamic
0 chain=srcnat src-address=10.1.0.0/24 action=masquerade
1 chain=srcnat src-address=192.168.0.0/24 action=masquerade
2 ;;; Redireccionamiento de Proxy
chain=dstnat protocol=tcp dst-port=80 action=redirect to-ports=8080
===============================================
Some rare work:
Meesenger Not connect
FTP Client: connect but do not receive the content of the directories
WEb Surfing Port 80 - Works Fine
Web Surfing Port 443 - Do not recieve active pages like Home Banking
===============================================
I know that all of this situations are stupid for a trained person, but for me are very dificult to resolve, and all help will be higly apreciatted.
Thanks a lot for your help.
Rgs,
Fernando
I belive that the problem is in oder part of my config.
[fvazquez@MikroTik] ip firewall filter> pr
Flags: X - disabled, I - invalid, D - dynamic
0 ;;; Dropear Conexiones Inv lidas
chain=input connection-state=invalid action=drop
1 ;;; Permitir Conexiones Establecidas
chain=input connection-state=established action=accept
2 ;;; Permitir UDP
chain=input protocol=udp action=accept
3 ;;; Permitir ICMP
chain=input protocol=icmp action=accept
4 ;;; Direcciones de Acceso Remoto
chain=input src-address=192.168.0.0/24 action=accept
5 chain=input src-address=192.168.1.0/24 action=accept
6 chain=input src-address=10.1.0.0/24 action=accept
7 chain=input src-address=201.216.201.177 action=accept
8 ;;; Negar todo otro acceso al Equipo
chain=input action=drop
9 ;;; Drop Invalid Conections
10 ;;; Allow Already Established Connections
chain=forward connection-state=established action=accept
11 ;;; Permitir FTP
chain=forward protocol=tcp src-port=20-21 action=accept
12 chain=forward protocol=tcp dst-port=20-21 action=accept
13 ;;; Allow Related Connections
chain=forward connection-state=related action=accept
14 ;;; Block IP Address called "BOGONS"
chain=forward src-address=0.0.0.0/8 action=drop
15 chain=forward dst-address=0.0.0.0/8 action=drop
16 chain=forward src-address=127.0.0.0/8 action=drop
17 chain=forward dst-address=127.0.0.0/8 action=drop
18 chain=forward src-address=224.0.0.0/3 action=drop
19 chain=forward dst-address=224.0.0.0/3 action=drop
20 ;;; Make Jumps to new chains
chain=forward protocol=tcp action=jump jump-target=tcp
21 chain=forward protocol=udp action=jump jump-target=udp
22 chain=forward protocol=icmp action=jump jump-target=icmp
23 ;;; Deny TFTP
chain=udp protocol=udp dst-port=69 action=drop
24 ;;; Deny RPC Portmapper
chain=tcp protocol=tcp dst-port=111 action=drop
25 chain=tcp protocol=tcp dst-port=135 action=drop
26 ;;; Deny NBT
chain=tcp protocol=tcp dst-port=137-139 action=drop
27 ;;; Deny CIFS
chain=tcp protocol=tcp dst-port=445 action=drop
28 ;;; Deny NFS
chain=tcp protocol=tcp dst-port=2049 action=drop
29 ;;; Deny Netbus
chain=tcp protocol=tcp dst-port=12345-12346 action=drop
30 chain=tcp protocol=tcp dst-port=20034 action=drop
31 ;;; Deny Back Orffice
chain=tcp protocol=tcp dst-port=3133 action=drop
32 ;;; Deny DHCP
chain=tcp protocol=tcp dst-port=67-68 action=drop
33 ;;; Deny RPC Portmapper
chain=udp protocol=udp dst-port=111 action=drop
34 chain=udp protocol=udp dst-port=135 action=drop
35 ;;; Deny NBT
chain=udp protocol=udp dst-port=137-139 action=drop
36 ;;; Deny NFS
chain=udp protocol=udp dst-port=2049 action=drop
37 ;;; Deny Back Orffice
chain=udp protocol=udp dst-port=3133 action=drop
38 ;;; Drop Invalid Connections
chain=icmp protocol=icmp icmp-options=0:0 action=drop
39 ;;; Allow Established Connections
chain=icmp protocol=icmp icmp-options=3:0 action=accept
40 ;;; Allow echo Request
chain=icmp protocol=icmp icmp-options=8:0 action=accept
41 ;;; Allow Time Exceed
chain=icmp protocol=icmp icmp-options=11:0 action=accept
42 ;;; Allow parameter bad
chain=icmp protocol=icmp icmp-options=12:0 action=accept
43 ;;; Allow Source Quench
chain=icmp protocol=icmp icmp-options=4:0 action=accept
44 ;;; Deny all other types
chain=icmp action=drop
=============================================
Nat Rules:
[fvazquez@MikroTik] ip firewall nat> pri
Flags: X - disabled, I - invalid, D - dynamic
0 chain=srcnat src-address=10.1.0.0/24 action=masquerade
1 chain=srcnat src-address=192.168.0.0/24 action=masquerade
2 ;;; Redireccionamiento de Proxy
chain=dstnat protocol=tcp dst-port=80 action=redirect to-ports=8080
===============================================
Some rare work:
Meesenger Not connect
FTP Client: connect but do not receive the content of the directories
WEb Surfing Port 80 - Works Fine
Web Surfing Port 443 - Do not recieve active pages like Home Banking
===============================================
I know that all of this situations are stupid for a trained person, but for me are very dificult to resolve, and all help will be higly apreciatted.
Thanks a lot for your help.
Rgs,
Fernando
Who is online
Users browsing this forum: No registered users and 9 guests