Community discussions

MikroTik App
  4. RouterOS
  5. General

Firewall->Filter Rules Dst-Address is being ignored

Post Reply
 
Kliwer
just joined
Topic Author
Posts: 23
Joined: Thu Feb 06, 2014 11:08 pm

Firewall->Filter Rules Dst-Address is being ignored

Thu May 01, 2014 6:58 pm

Hello. I have a rule:
Code: Select all
0 X chain=forward action=add-src-to-address-list protocol=tcp 
     dst-address=192.168.120.250 src-address-list=test address-list=test2 address-list-timeout=1h 
     dst-port=80
By my understanding it should work like this:
When there is traffic to address 192.168.120.250 on port 80 add src-address to address list named test2.
Is my reasoning wrong? Currently it always adds src-address to this address list even when there is absolutely no traffic to 192.168.120.250.
Top
 
User avatar
Egate
Long time Member
Long time Member
Posts: 554
Joined: Thu May 15, 2008 10:43 am
Location: South Africa

Re: Firewall->Filter Rules Dst-Address is being ignored

Fri May 02, 2014 12:11 am

Yes. :-)
Traffic to address 192.168.120.250 on port 80 from src-address-list=test add src-address to address list named test2.
Top
 
Kliwer
just joined
Topic Author
Posts: 23
Joined: Thu Feb 06, 2014 11:08 pm

Re: Firewall->Filter Rules Dst-Address is being ignored

Fri May 02, 2014 12:31 am

That's what I want to achieve but it is not working.
Top
 
User avatar
leoservices
Trainer
Trainer
Posts: 169
Joined: Fri Jan 13, 2012 2:20 am
Location: Belo Horizonte - MG - Brazil
Contact:
Contact leoservices

Re: Firewall->Filter Rules Dst-Address is being ignored

Fri May 02, 2014 12:56 am

what version ?
use bridge?
Top
 
CelticComms
Forum Guru
Forum Guru
Posts: 1765
Joined: Wed May 02, 2012 5:48 am

Re: Firewall->Filter Rules Dst-Address is being ignored

Fri May 02, 2014 1:03 am

Use Torch in the relevant interface and check that there is really no such traffic.
Top
 
Kliwer
just joined
Topic Author
Posts: 23
Joined: Thu Feb 06, 2014 11:08 pm

Re: Firewall->Filter Rules Dst-Address is being ignored

Fri May 02, 2014 8:44 am

RouterOS 5.26 but I also checked with 6.7(on another MT)
WAN is PPPoE client on ether1. On this MT there are PPPoE Server and MetaROUTER with web server. 192.168.120.250 is an address of MetaROUTER.
PPPoE Server is running on BRIDGE which consists of wlan1 and vif1.
I used torch on pppoe interface of the client and there was no traffic to 120.250.

Edit:
I checked with torch on pppoe interface of MetaRouter and here there is traffic from that ip. In torch for client pppoe it shows as an address for the destination because of dst-nat. Is there a way to limit this rule just for webpages?
Top
Post Reply

Who is online

Users browsing this forum: Amazon [Bot], gigabyte091, majestic, rootbodnar and 202 guests
  4. RouterOS
  5. General