Bug in 2.9 firewall?

andrewluck · February 19, 2005, 4:31pm

I’m having some problems with my firewall rules after upgrading to 2.9 beta 13.

I’m dst-natting

2 ;;; Static translation for incoming SSH connections
chain=dstnat in-interface=Internet protocol=tcp dst-port=22
action=dst-nat to-addresses=192.168.1.2 to-ports=22

The the forward chain has a jump to a chain that defines allowed incoming traffic

6 ;;; Protect Internal network
chain=forward out-interface=Internal action=jump
jump-target=Littlebeck-Network

This chain then has a rule allowing traffic to dst-port 22

9 chain=Littlebeck-Network protocol=tcp dst-port=22 action=accept

The problem is that this rule does not catch the SSH traffic but if I put a rule underneath

13 chain=Littlebeck-Network protocol=tcp action=accept

then this does catch and pass the incoming SSH traffic as well as any other tcp traffic.

Andrew

normis · February 22, 2005, 8:20am

please send supout.rif to support@mikrotik.com - in this case it would be best if you sent us a supout.rif from 2.8 (when it still works) and then one from 2.9 when it doesn’t work.

andrewluck · February 22, 2005, 7:36pm

I’ve just looked at this again and it is now working. I’ve been doing a lot of work tidying things up so it’s possible that it was some sort of condition induced by the upgrade process that has now cleared. Either that, or I’ve cracked and imagined the whole thing :roll:

I’ll need to downgrade to 2.8 and re-run the upgrade to see if I get the same condition again.

Regards

Andrew

andrewluck · February 22, 2005, 8:20pm

OK. I’ve reproduced the problem so I’ll mail the sup-out files.

Regards

Andrew