Community discussions

MikroTik App
  4. RouterOS
  5. Beginner Basics

firewall and proxy

Locked
 
plisken
Forum Guru
Forum Guru
Topic Author
Posts: 2509
Joined: Sun May 15, 2011 12:24 am
Location: Belgium
Contact:
Contact plisken

firewall and proxy

Sun Jul 03, 2011 5:09 pm

How do I block ports, and websites
I have a 750 rb
Ether 1 = isp
ether 2 = lan 192.168.1.0/24
standard gateway 192.168.0.1

settings

ip address print detail
Flags: X - disabled, I - invalid, D - dynamic
0 D address=192.168.0.3/24 network=192.168.0.0 interface=ether1
actual-interface=ether1

1 address=192.168.1.10/24 network=192.168.1.0 interface=ether2
actual-interface=ether2
[admin@MikroTik] > ip route print detail
Flags: X - disabled, A - active, D - dynamic,
C - connect, S - static, r - rip, b - bgp, o - ospf, m - mme,
B - blackhole, U - unreachable, P - prohibit
0 ADS dst-address=0.0.0.0/0 gateway=192.168.0.1
gateway-status=192.168.0.1 reachable ether1 distance=0 scope=30
target-scope=10 vrf-interface=ether1

1 ADC dst-address=192.168.0.0/24 pref-src=192.168.0.3 gateway=ether1
gateway-status=ether1 reachable distance=0 scope=10

2 ADC dst-address=192.168.1.0/24 pref-src=192.168.1.10 gateway=ether2
gateway-status=ether2 reachable distance=0 scope=10
[admin@MikroTik] > interface print
Flags: D - dynamic, X - disabled, R - running, S - slave
# NAME TYPE MTU L2MTU MAX-L2MTU
0 R ether1 ether 1500 1526
1 R ether2 ether 1500 1524 1524
2 ether3 ether 1500 1524 1524
3 ether4 ether 1500 1524 1524
4 ether5 ether 1500 1524 1524
[admin@MikroTik] > ip firewall export
# jan/02/1970 06:40:54 by RouterOS 5.5
# software id = 5BDA-Q24F
#
/ip firewall connection tracking
set enabled=yes generic-timeout=10m icmp-timeout=10s tcp-close-timeout=10s \
tcp-close-wait-timeout=10s tcp-established-timeout=1d tcp-fin-wait-timeout=\
10s tcp-last-ack-timeout=10s tcp-syn-received-timeout=5s \
tcp-syn-sent-timeout=5s tcp-syncookie=no tcp-time-wait-timeout=10s \
udp-stream-timeout=3m udp-timeout=10s
/ip firewall nat
add action=masquerade chain=srcnat disabled=no out-interface=ether1
/ip firewall service-port
set ftp disabled=no ports=21
set tftp disabled=no ports=69
set irc disabled=no ports=6667
set h323 disabled=no
set sip disabled=no ports=5060,5061
set pptp disabled=no
[admin@MikroTik] >
Top
 
yogii
Member Candidate
Member Candidate
Posts: 148
Joined: Wed Jun 16, 2010 5:38 am
Location: Batam, Indonesia

Re: firewall and proxy

Sun Jul 03, 2011 6:20 pm

hello, set a filewall filter rule to block port, website or anything what you want (Mikrotik make it easy :wink: ). for the example,
Code: Select all
add chain=forward action=drop content=www.google.com src-port=80
every packet in and out, the router will check if the content http://www.google.com and source port 80 will drop.
Top
 
plisken
Forum Guru
Forum Guru
Topic Author
Posts: 2509
Joined: Sun May 15, 2011 12:24 am
Location: Belgium
Contact:
Contact plisken

Re: firewall and proxy

Sun Jul 03, 2011 8:05 pm

Ok thanks for your quick respond.
I'ts works, i"m learn again.
Thanks
Top
Locked

Who is online

Users browsing this forum: rplant and 67 guests
  4. RouterOS
  5. Beginner Basics