Page 1 of 1

RouterOS firewall not working with netcat?

Posted: Thu Sep 17, 2015 5:44 pm
by el berto
Hi guys, I'm trying to use netcat on Linux OS to check if a server is correctly working.

I have RB750:
- eth1 =
- eth2 =

default gateway =
test server =
Ubuntu PC = (connected on eth2)

I placed masquerade rule on output traffic on eth1 to make Ubuntu PC running.
I can correctly access to server.

I try to test netcat with TCP protocol on port 80 (http interface on my server):
 nc -zv -w5 80 &> /dev/null && echo "online" || echo "offline"
result: "online"

I place firewall rule on my routerOS:

Now my netcat output is "offline".

Now I try to test my UDP server:
 nc -zvu -w5 5330 &> /dev/null && echo "online" || echo "offline"
I got output message "online".

I set firewall to block UDP traffic (I want simulate my server offline):

I correctly see packet counter of drop rule increasing, using wireshark I don't see any incoming traffic on server, but netcat says: "online".

Any ideas?

Re: RouterOS firewall not working with netcat?

Posted: Fri Sep 18, 2015 12:04 am
by Sob
You want:


That's what router should produce for offline server. If you just drop the packet, nothing is sent back to client. The problem is that if you had silent udp server, which just accepts the packet and does not send any reply, the result would be exactly the same - nothing sent back to client. And it's hard to tell the different between first case nothing and second case nothing. ;)