hi guys
i have problem in mikrotik firewall
are my rules correct ?
/ip firewall filter
aadd chain=forward comment=Web Accept disabled=no dst-port=443,80 protocol=tcp
add chain=forward comment=“DNS Accept” disabled=no dst-port=53 protocol=udp
add chain=forward comment=“ICMP Accept” disabled=no protocol=icmp
add action=drop chain=forward comment=“Drop All” disabled=no
i did that but it doesn’t work and i cant access to web
You have to masquerade your network.
ip firewall nat add chain=srcnat action=masquerade
WRONG!! never, NEVER forget out-interface on NAT rule, it is such an annoying mistake.
ip firewall nat add chain=srcnat action=masquerade out-interface=<public_interface>
Ah, sorry. I see now that i forgot it. Thanks for correcting.
I did
but it doesn’t work
new terminal
/export
replace last 2 numbers in IPs with xxx.xxx, blank out all passwords, and paste it all here.
Thanks
I just have problem about these rules
Did you test that rules in mikrotik new version ?
whan i test in version 5.26 its ok but in 6.33 no
/ip firewall filter
add action=drop chain=Connection-State comment=“Drop Invalid Connection” connection-state=invalid
add chain=Connection-State comment=“Allow Established Connection” connection-state=established
add chain=Connection-State comment=“Allow Related Connection” connection-state=related
Ensure they are above all the rules you have created.
Regards
easiest way is to reset the router and get the newest version of default configuration.
/system reset-configuration
you will even have Fasttrack enabled by default.