Firewall rules bypassed after enabling Web Proxy

ScottReed · September 24, 2009, 7:59pm

Am running RouterOS 4.0 beta4.

I have two L7 Protocols defined and two Firewall Filter Rules to go along. Both have been working fine.

Today I enabled Web Proxy to begin blocking traffic to certain sites based on DNS names. I setup a new NAT rule to redirect packets through the proxy and I noticed that my firewall rules, including the L7 rules, are no longer inspecting packets. As soon as I disable the redirection to the proxy the rules begin working fine.

What am I doing wrong?

Thanks,
Scott

fewi · September 24, 2009, 8:46pm

Your rules that stopped working are most likely filtering in the ‘forward’ chain. Because of the redirect to the proxy, the proxy is now the entity that requests traffic from the net and forwards it back to the customer (and vice versa). The proxy resides on the device itself, so it works with the ‘output’ and ‘input’ chains.

ScottReed · September 24, 2009, 9:42pm

Fewi -

Thanks. Moving the rules into the “Input” chain has worked. I am again processing my L7 rules.

Scott