Community discussions

 
Skylink2012
just joined
Topic Author
Posts: 3
Joined: Fri Nov 23, 2012 7:07 pm

colocation server "webserver" behind mikrotik

Sun Nov 25, 2012 6:47 pm

internet >>> IP Public >>> Mikrotik >>> Webserver
202.1.xx.xx 202.1.10.xx 202.1.9.xx
202.1.xx.xx

how to do what the settings please help, I am new in mikrotik ??
 
User avatar
sjwrick
Frequent Visitor
Frequent Visitor
Posts: 77
Joined: Tue Jul 25, 2006 10:12 pm

colocation server "webserver" behind mikrotik

Mon Nov 26, 2012 8:52 am

/ip firewall nat chain=dst-nat dst-address=publicipaddress action=dst-nat to-address=internalIpAddress

You can specify ports also thus limiting exposure. So if it is just a web server direct port 80 to the script by adding

protocol=tcp dst-port=80

Be sure to add the public ip to the WAN interface.

For outgoing traffic you need to NAT

/ip firewall nat chain=src-nat src-address=internalIPAddress action=src-nat to-addresses=publicIPAddress

Rick
 
Skylink2012
just joined
Topic Author
Posts: 3
Joined: Fri Nov 23, 2012 7:07 pm

Re: colocation server

Wed Dec 12, 2012 8:56 pm

hello rick, thanks for the response that is given. I am currently experiencing a complicated problem. we could see from my attachment.

I need suggestion for dedicated server configuration and mikrotik RB, because my server flooding and DDOS attacks by others every minute. and i used centos for my webserver include cpanel inside

thank you for your help

Romi
/ip firewall nat chain=dst-nat dst-address=publicipaddress action=dst-nat to-address=internalIpAddress

You can specify ports also thus limiting exposure. So if it is just a web server direct port 80 to the script by adding

protocol=tcp dst-port=80

Be sure to add the public ip to the WAN interface.

For outgoing traffic you need to NAT

/ip firewall nat chain=src-nat src-address=internalIPAddress action=src-nat to-addresses=publicIPAddress

Rick
You do not have the required permissions to view the files attached to this post.
 
User avatar
wulfgard
Frequent Visitor
Frequent Visitor
Posts: 86
Joined: Wed Oct 17, 2012 1:06 pm
Location: France
Contact:

Re: colocation server "webserver" behind mikrotik

Wed Dec 12, 2012 9:01 pm

if you are under DDOS firewalling will not help you
you can survive DDOS if

1) you have more bandwidth than attackers
2) you can handle more pps than attackers
3) your server can answer to all request

a way to mitigate DDOS against http services can be to use reverse proxying
like haproxy which can blacklist high threshold attempts to port 80 from specific IP

Thierry
System and Network Engineer
Mikrotik Trainer - MTCNA MTCRE
Official French Mikrotik Distributor

Who is online

Users browsing this forum: No registered users and 34 guests