Hey
I want to know how to block all websites except one.
And I want to leave any outgoing port Open.
Thanks
You can setup ip web proxy and allow only the website you wanna pass there and deny all other sites.
Only http traffic wil be denied.
Enable dst-nat for your nat
/ip firewall nat
add action=redirect chain=dstnat dst-port=80 in-interface=****** protocol=tcp
!to-addresses to-ports=8080
/ip proxy
set enabled=yes
/ip proxy access
add dst-host=www.hostyouwannaallow.*
add action=deny dst-host=*
I didn’t get it actually. I just bought my Mikrotik.
so I eneable dst-nat then i press firewall/nat
add action=redirect chain=dstnat dst-port=80 in-interface=****** protocol=tcp
!to-addresses to-ports=8080 ( what does the stars mean ? and what is the ! ? )
and finally
add dst-host=www.hostyouwannaallow.*
add action=deny dst-host=*
What should I replace the star with ?
thank you
I didn’t get it actually. I just bought my Mikrotik.
so I eneable dst-nat then i press firewall/nat
add action=redirect chain=dstnat dst-port=80 in-interface=****** protocol=tcp
!to-addresses to-ports=8080 ( what does the stars mean ? and what is the ! ? )
and finally
add dst-host=www.hostyouwannaallow.*
add action=deny dst-host=*
What should I replace the star with ?
…
in the dst-nat in-interface you chose your in-interface. for example ether1 or your in-interface. the \ sign means that the command continues on the next line.
/ip proxy access
add dst-host=www.hostyouwannaallow.com
add action=deny dst-host=*
in the deny dst-host=* you leave that * as it’s a wildcard.
mikrotik routerboard 750
im using this methods but all sites are blocked including hotmail.com
dst-host=www.hotmail.com action=allow
and the last rule will be
action=deny (in the access list.
/ip proxy access)
the second method:
/ip proxy
add action=deny dst-host=!*funlb.net src-address=192.168.0.0/24
is there any method that work 100% ?(to open 1 site only )
i see you have opened another thread ??
The way it works is this :
You put this as first line in the firewalling when the in-interface is the interface where your packers arive .. if wireless put wlan there if your pc of pc’s are connceted to ether1 you put ether1 there !
/ip firewall nat
add action=redirect chain=dstnat dst-port=80 in-interface=****** protocol=tcp
!to-addresses to-ports=8080
/ip proxy
set enabled=yes
/ip proxy access
add action=allow dst-host=www.hotmail.com
add action=deny dst-host=*
To do it in the gui =
ip → firewall → nat → +sign
GENERAL
chain: dstnat
protocol: 6 tcp
dst.port 80
in.interface = put your input interface here !
ACTION
action : redirect
to ports: 8080
Press ok.
Drag this rule to the first place.
Then go to ip → web proxy
GENERAL
enable it
port : 8080
press button ACCESS
-
DST host : www.hotmail.com
action : allow
OK -
DST host: *
action : deny
Sorry about that. It won’t happen again.
I tried it all step by step and didn’t work.
Please can you connect to my Pc by team-viewer ?
I would really appreciate it.
332 307 427
7484
332 307 427
pass:7651
Still the same…recconect
reenable the connection tracker in ip firewall .. please
I did already.
So? I reboot it.
Problem solved it was due to old RouterOS version .
thanks alot.
Well supported and helped alot.
After we blocked all websites using port 80 and 443 for https sites.
I have a remote tool that using the port 80 for outgoing connection, Will I be able to you use it ??
If not ? any solution ? or I should simply use another port and which one ?
Do you still need a solution?
why making thread complicated thread starter want to allow one site not redirect to all webs @ specific web, so just only masqurade with dst address of website.
I has been follow your guide but still not working, or maybe I has make it wrong, so if possible can you send me the document or video training to my email: bounnareim@gmail.com
Thank and Regards,
Bounnareim;
