Outbound Port Blocked

dcg · July 25, 2016, 12:26am

I’m having trouble with one single port being blocked. The setup is as follows:

Internet Router with 5 static IPs
|
MikrTik Firewall
|
Server running Apache SSL

When I have the second rule below enabled, SSL from outside to the server works fine but I cannot access any external site on 443 from the server itself. All the other ports appear to be open. Disabling the rule allows 443 outbound to be accessed with no issues.

Under IP/Firewall/NAT:
Action Chain Protocol Dst port OutInt
masq srcnat ether1-gateway
dst-nat dstnat 6 (tcp) 443

Thanks for any hints!

k6ccc · July 25, 2016, 2:51pm

Since you did not include all the details of your rules, I’m having to fill in the blanks. It would appear that your dst-nat is applied to traffic on all interfaces. So when you are on your LAN and attempt to get to some server on the internet on port 443, the dst-nat is sending it back to your own server. Change your port 443 dst-nat to only apply to traffic inbound from the internet.