internet >>> IP Public >>> Mikrotik >>> Webserver
202.1.xx.xx 202.1.10.xx 202.1.9.xx
202.1.xx.xx
how to do what the settings please help, I am new in mikrotik ??
/ip firewall nat chain=dst-nat dst-address=publicipaddress action=dst-nat to-address=internalIpAddress
You can specify ports also thus limiting exposure. So if it is just a web server direct port 80 to the script by adding
protocol=tcp dst-port=80
Be sure to add the public ip to the WAN interface.
For outgoing traffic you need to NAT
/ip firewall nat chain=src-nat src-address=internalIPAddress action=src-nat to-addresses=publicIPAddress
Rick
hello rick, thanks for the response that is given. I am currently experiencing a complicated problem. we could see from my attachment.
I need suggestion for dedicated server configuration and mikrotik RB, because my server flooding and DDOS attacks by others every minute. and i used centos for my webserver include cpanel inside
thank you for your help
Romi
if you are under DDOS firewalling will not help you
you can survive DDOS if
- you have more bandwidth than attackers
- you can handle more pps than attackers
- your server can answer to all request
a way to mitigate DDOS against http services can be to use reverse proxying
like haproxy which can blacklist high threshold attempts to port 80 from specific IP
Thierry