hAP-AC2 -> Filter mikrotik in:(unknown 1) out:(unknown 0) to TCP to port 80

huntah · September 30, 2019, 8:01pm

Hi,

I have a strange problem…
In Firewall filter I am dropping everything not comming from LAN as a las rule in Input chain.
Now I get multiple times a minute this log:

Filter:input:in:(unknown 1) out:(unknown 0) , proto TCP (SYN), MyPublicIP:43242-> MyPublicIP:80, len 60

I have IP - Service - www disabled

I know this are somekind of local/loopbackup

Running on Router:

Multiple L2TP Clients
PPPoE client for internet (public IP)
IKEv2 Server (RSA)
Certificate Auth with certificates (can it be CRL from Certificates?!)
Capsman

I have disabled every VPN tunel, recreated PPPoE client..
I have now Idear how to troubleshoot what service is trying to initiate connection to port 80 (http)

Thanx for pointers!

Running hAP-AC2 with ROS 6.44.5

huntah · October 2, 2019, 12:59pm

After step-by-step config redo I have found out it is the System-Certificate CRL as suspected..

@Mikrotik or someonelse: How exactly does this CRL work I have specified my Public IP address…Should allow HTTP from MyPubIP to MyPubIP port 80 ? What happens if webfig is also on port 80…what happens in case of non-standard port for webfig or is disabled?

A little more info on Wiki page for System Certificates would be greatly appriciated…
https://wiki.mikrotik.com/wiki/Manual:System/Certificates

There is no description of the property or how it works..