Firewall

IgorianT · August 19, 2013, 9:10am

Hello,
Mikrotik RB2011-UAS-RM RouterOS v5.25
I have trying to setup this device.
When 12 and 13 rules active, HTTP traffic goes to internet, rule 13 for initialize TCP connection and rule 12 for established connections.
When i disable 12 rule HTTP traffic falls, all new connections paused in syn stage.
In my mind rule 13 allow all HTTP taffic (TCP handshake and TCP data transfer) ???

somes IP Firewall Filter rules
12 ;;; Allow Established connections
chain=forward action=accept connection-state=established
13 ;;; Allow HTTP for TCP
chain=forward action=accept protocol=tcp dst-port=80
IP Firewall NAT rules
0 ;;; default configuration
chain=srcnat action=masquerade to-addresses=0.0.0.0 out-interface=eth1
Sorry for my english.

efaden · August 19, 2013, 11:18am

13 only allows outbound. Without 12 you drop return packets. The alternative would be to make another forward rule where the source port is 80. Basically the reverse of 13.

Sent from my SCH-I545 using Tapatalk 2

IgorianT · August 19, 2013, 1:07pm

Efaden, thank you very much for help.

efaden · August 19, 2013, 2:01pm

Also note, that without rule 12 it is equivalent to turning off connection tracking.

By that I mean that if you disabled connection tracking you would have to add the inverse of 13 also… to allow data backwards from the internet (src-port 80) to your lan…