Hi.
I recently set up RouterOS for the first time. I’m trying to diagnose a strange issue.
Ports 80 and 443 seem to be blocked on LAN->WAN traffic. This traffic shows as SYN_SENT.
I tried accessing a web server on another port. That worked. ICMP works. Forwarded ports work (WAN->LAN).
I can’t find anything in the firewall that says to me that this outgoing traffic should be blocked.
Any ideas on what I can do to help diagnose this?
– EDIT –
I found the problem.
without evidence, its all opinion.
/export file=anynameyouwish ( minus router serial number, any public WANIP information )
Thanks for the reply. I will get the config and try to remove sensitive information..
I added the config to my first post.
What’s the purpose of saving to a file? Can I download that?
Here is the problem but I don’t understand it at all:
From a computer (192.168.80.134), I try to access port 80 TCP on an address:
$ telnet 8.8.8.8 80
And I can see this happening on the router side:
bridge 2.953 2 <- <snip> 192.168.80.134:60305 8.8.8.8:80 (http) ip:tcp 66 3
bridge 2.953 3 -> <snip> 192.168.80.134:60305 192.168.80.2:80 (http) ip:tcp 66 3
Somehow the destination address changes from the correct one to this second router on the network.
How can I tell what is rewriting this? I don’t see anything in the firewall that would be relevant.
I found the problem. The tutorial I followed for port forwarding didn’t add a source (input) interface for the rules.
My port forwarding rules were forwarding everything :0
I would strongly recommend that Mikrotik add a command for port-forwarding and ideally, a “quick” command in Winbox to do the same.
This is one of the most common operations in networking and the interface here is very complex. This is supposedly a consumer router but 99.999% of consumers would never be able to figure this out.
The default rules from MT already add such a rule in the forward chain.
I agree 100% that its common and thus why I suggested that Mikrotik add Zerotrust cloudflare tunnel as an options package for all devices. 