Firewall rules

RouterOS Beginner Basics
12

ok, below is the configuration which is exported from the router…

ISSUES:

  • What I need is to add open a port 80 to web server which I did, BUT I still cannot open the web server from the internet
  • and when I am on the server desktop, I am able to access the internet open the web pages, but it`s too slow and somethimes
    it just times out and I receive the message “The page cannot be displayed”

NOTE, these ip addresses are not the real ones, for example on my
router these ip addresses for LAN and WAN interface are the real official ip addresses:

add address=172.12.34.53/29 interface=WAN network=172.12.34.48
add address=172.12.34.54/32 interface=LAN network=172.12.34.48

Also assume that Web Server uses this ip address 172.12.34.50

sep/06/2013 19:50:52 by RouterOS 6.2

software id = xxxx-xxxx

/interface ethernet
set 0 name=LAN
set 1 name=WAN
/ip hotspot user profile
set [ find default=yes ] idle-timeout=none keepalive-timeout=2m
mac-cookie-timeout=3d
/port
set 0 name=serial0
set 1 name=serial1
/tool user-manager customer
add backup-allowed=yes disabled=no login=admin password=“”
paypal-accept-pending=no paypal-allowed=no paypal-secure-response=no
permissions=owner signup-allowed=no time-zone=-00:00
/ip address
add address=172.12.34.53/29 interface=WAN network=172.12.34.48
add address=172.12.34.54/32 interface=LAN network=172.12.34.48
/ip firewall address-list
add address=47.2x.xx.xx list=my_ip_address
/ip firewall filter
add chain=input comment=“Allow access to router from known network”
src-address-list=my_ip_address
add action=drop chain=input comment=“Disallow weird packets”
connection-state=invalid
add chain=input comment=“Allow LAN access to router and Internet”
connection-state=new in-interface=LAN
add chain=input comment=“Allow connections that originated from LAN”
connection-state=established
add chain=input comment=“Allow connections that originated from LAN”
connection-state=related
add chain=input comment=“Allow ping ICMP from anywhere” protocol=icmp
add action=drop chain=input comment=
“Disallow anything from anywhere on any interface”
add action=drop chain=forward comment=“Disallow weird packets”
connection-state=invalid
add chain=forward comment=“Allow LAN access to router and Internet”
connection-state=new in-interface=LAN
add chain=forward comment=“Allow connections that originated from LAN”
connection-state=established
add chain=forward comment=“Allow connections that originated from LAN”
connection-state=related
add chain=forward comment=“Open port 80 for Web Server”
dst-address=172.12.34.50 dst-port=80 protocol=tcp
add action=drop chain=forward
/ip firewall service-port
set ftp disabled=yes
set tftp disabled=yes
set irc disabled=yes
set h323 disabled=yes
set sip disabled=yes
set pptp disabled=yes
/ip route
add distance=1 gateway=172.12.34.49
/ip service
set telnet disabled=yes
set ftp disabled=yes
set www address=47.2x.xx.xx/32 disabled=yes
set ssh address=47.2x.xx.xx/32
set api disabled=yes
set winbox address=47.2x.xx.xx/32
set api-ssl disabled=yes
/system lcd
set contrast=0 enabled=no port=parallel type=24x4
/system lcd page
set time disabled=yes display-time=5s
set resources disabled=yes display-time=5s
set uptime disabled=yes display-time=5s
set packets disabled=yes display-time=5s
set bits disabled=yes display-time=5s
set version disabled=yes display-time=5s
set identity disabled=yes display-time=5s
set WAN disabled=yes display-time=5s
set LAN disabled=yes display-time=5s
/tool bandwidth-server
set enabled=noThank You all for helping !!!